yarn publish not respecting publishConfig in package.json for scoped packages

Created on 25 Jan 2018 · 4Comments · Source: yarnpkg/yarn

Do you want to request a feature or report a bug?

Bug

What is the current behavior?
When attempting to publish a scoped package for the first time, even with the following in package.json:

{
  "publishConfig": {
    "access": "public"
  }
}

yarn publish still fails with "You must sign up for private packages".

Note this only happens on the initial publish; once the package has been created, subsequent publish works as expected.

If the current behavior is a bug, please provide the steps to reproduce.

Create an arbitrary scoped package with the above publicConfig settings in package.json, and try yarn publish

What is the expected behavior?

Successfully publish the package with public access. (Using npm works as expected)

Please mention your node.js, yarn and operating system version.

yarn-error.log

  Arguments: 
  /Users/evan/.nvm/versions/node/v8.9.1/bin/node /usr/local/Cellar/yarn/1.3.2/libexec/bin/yarn.js publish

PATH: 
  ./node_modules/.bin:/Users/evan/.nvm/versions/node/v8.9.1/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Applications/VMware Fusion.app/Contents/Public

Yarn version: 
  1.3.2

Node version: 
  8.9.1

Platform: 
  darwin x64

npm manifest: 
  {
    "name": "@vue/publish-test",
    "version": "1.0.0",
    "description": "",
    "main": "index.js",
    "author": "Evan You",
    "license": "MIT",
    "publishConfig": {
      "access": "public"
    }
  }

yarn manifest: 
  No manifest

Lockfile: 
  No lockfile

Trace: 
  Error: https://registry.yarnpkg.com/@vue%2fpublish-test: You must sign up for private packages
      at Request.params.callback [as _callback] (/usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:62098:18)
      at Request.self.callback (/usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:123085:22)
      at emitTwo (events.js:126:13)
      at Request.emit (events.js:214:7)
      at Request.<anonymous> (/usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:124068:10)
      at emitOne (events.js:116:13)
      at Request.emit (events.js:211:7)
      at IncomingMessage.<anonymous> (/usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:123988:12)
      at Object.onceWrapper (events.js:313:30)
      at emitNone (events.js:111:20)

cat-bug cat-compatibility triaged

Source

yyx990803

👍3

Most helpful comment

@arcanis @rally25rs

publishConfig accepts not only access but also some other configs

Any config values can be overridden, but of course only "tag", "registry" and "access" probably matter for the purposes of publishing.
document

It seems like your fix just covers access case. At least tag and registry should also be covered.

{
    "publishConfig": {
        "access": "public",
        "registry": "https://registry.npmjs.org/"
      }
}

tommytroylin on 31 Jan 2018

👍3

All 4 comments

Confirmed. I got this today in Yarn v1.4.0 too trying to lerna publish a yarn workspace with private scoped packages. I'm not entirely sure how that flag works at the npm registry api level, but I'll see if I can find time to dig into it next week (and assigned to myself).

rally25rs on 26 Jan 2018

👍2

@arcanis @rally25rs

publishConfig accepts not only access but also some other configs

Any config values can be overridden, but of course only "tag", "registry" and "access" probably matter for the purposes of publishing.
document

It seems like your fix just covers access case. At least tag and registry should also be covered.

{
    "publishConfig": {
        "access": "public",
        "registry": "https://registry.npmjs.org/"
      }
}

tommytroylin on 31 Jan 2018

👍3

I also ran into this while trying to publish scoped packages with lerna to a private npm server (verdaccio). Not sure if yarn respects the settings in the package.json publishConfig in general? If not that should probably be fixed according to the comment above by @tommytroylin