Yarn: .npmrc with private registry ignored?
Do you want to request a feature or report a bug?
Bug
What is the current behavior?
Right now, when I run yarn install I get a 403 Forbidden error from Artifactory as soon Yarn tries to fetch an @acme scoped package, but my local .npmrc defines valid credentials.
The weird thing is that if I run a Docker container that basically does:
FROM centos
RUN yum install yarn
ARG NODE_VERSION=8.5.0
RUN curl -sL https://nodejs.org/dist/v${NODE_VERSION}/node-v${NODE_VERSION}-linux-x64.tar.gz | tar xz --strip-components 1 -C /usr/local
WORKDIR /app
COPY app .
COPY .npmrc .
RUN yarn install --pure-lockfile --non-interactive
it works just fine.
If the current behavior is a bug, please provide the steps to reproduce.
.npmrc:
@acme:registry=https://acme.jfrog.io/acme/api/npm/npm/
//acme.jfrog.io/acme/api/npm/npm/:_password=XXXXXXXXX
//acme.jfrog.io/acme/api/npm/npm/:username=automated.read
//acme.jfrog.io/acme/api/npm/npm/:[email protected]
//acme.jfrog.io/acme/api/npm/npm/:always-auth=true
What is the expected behavior?
The installation should work.
Please mention your node.js, yarn and operating system version.
❯ node -v
v8.9.4
❯ yarn -v
1.5.1
❯ sw_vers -productVersion
10.13.3
FezVrasta
All 2 comments
It looks like that if instead of _password I use _auth it works better, but it returns 404 errors on other scoped packages outside of @acme. I had to change it to look like this to work properly.
````
registry=https://registry.npmjs.org/
@acme:registry=https://acme.jfrog.io/acme/api/npm/npm/
//acme.jfrog.io/acme/api/npm/npm/:_auth=YYYYYYYYYYYYYYYYYYYYYYYYYY
//acme.jfrog.io/acme/api/npm/npm/:username=automated.read
//acme.jfrog.io/acme/api/npm/npm/:[email protected]
//acme.jfrog.io/acme/api/npm/npm/:always-auth=true
````
I don't think this is expected because:
- Shouldn't
_passwordwork as well? - Shouldn't the global
.npmrcbe used along with the local one?
FezVrasta
on 27 Mar 2018
It looks like that if instead of
_passwordI use_authit works better, but it returns 404 errors on other scoped packages outside of@acme. I had to change it to look like this to work properly.registry=https://registry.npmjs.org/ @acme:registry=https://acme.jfrog.io/acme/api/npm/npm/ //acme.jfrog.io/acme/api/npm/npm/:_auth=YYYYYYYYYYYYYYYYYYYYYYYYYY //acme.jfrog.io/acme/api/npm/npm/:username=automated.read //acme.jfrog.io/acme/api/npm/npm/:[email protected] //acme.jfrog.io/acme/api/npm/npm/:always-auth=trueI don't think this is expected because:
- Shouldn't
_passwordwork as well?- Shouldn't the global
.npmrcbe used along with the local one?
This comment above solved my issue of NPM install failing randomly with @scoped packages when you have private registry set. I had spend days struggling to solve it.
The idea is to not let NPM use your private nexus credentials with https://registry.npmjs.org/ request.
vinodloha
on 7 Jun 2019
Related issues
FLGMwt
·
3Comments
baptistelebail
·
3Comments
NonPolynomial
·
3Comments
torifat
·
3Comments
victornoel
·
3Comments
Most helpful comment
It looks like that if instead of
_passwordI use_authit works better, but it returns 404 errors on other scoped packages outside of@acme. I had to change it to look like this to work properly.````
registry=https://registry.npmjs.org/
@acme:registry=https://acme.jfrog.io/acme/api/npm/npm/
//acme.jfrog.io/acme/api/npm/npm/:_auth=YYYYYYYYYYYYYYYYYYYYYYYYYY
//acme.jfrog.io/acme/api/npm/npm/:username=automated.read
//acme.jfrog.io/acme/api/npm/npm/:[email protected]
//acme.jfrog.io/acme/api/npm/npm/:always-auth=true
````
I don't think this is expected because:
_passwordwork as well?.npmrcbe used along with the local one?