So far we could build our node projects with default registry in .npmrc (registry = https://registry.npmjs.org/). We want to start publishing our internal libraries in local npm repository - we use Nexus 3. I created proxy repo directing to https://registry.npmjs.org/ (https://nexus.local/repository/npm-registry/). When we change registry in .npmrc for that proxy repo, building the same projects ends with errors like:
npm WARN tarball tarball data for wildcard#https://nexus.local/repository/npm-registry/wildcard/-/wildcard-2.0.0.tgz (sha512-JcKqAHLPxcdb9KM49dufGXn2x3ssnfjbcaQdLlfZsL9rH9wgDQjUtDxbo8NE0F6SFvydeu1VhZe7hZuHsB2/pw==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for minimist#https://nexus.local/repository/npm-registry/minimist/-/minimist-1.2.6.tgz (sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==) seems to be corrupted. Trying again.
npm ERR! code EINTEGRITY
npm ERR! sha512-JcKqAHLPxcdb9KM49dufGXn2x3ssnfjbcaQdLlfZsL9rH9wgDQjUtDxbo8NE0F6SFvydeu1VhZe7hZuHsB2/pw== integrity checksum failed when using sha512: wanted sha512-JcKqAHLPxcdb9KM49dufGXn2x3ssnfjbcaQdLlfZsL9rH9wgDQjUtDxbo8NE0F6SFvydeu1VhZe7hZuHsB2/pw== but got sha512-l5E0KJ9dH5bNZ9CxPNtF5KiMPlhF4eQZv7S2+Ko1HbeKTgRr9sMd8oe88VGS14dLESGihS27fqbDXq9d919xcw==. (33280 bytes)
Checking details about wildcard#2.0.0 package using both .npmrc configurations return the same result (especially the same sha512 value):
[jenkins#jenkins-agent-02 tmp.build]$ ~/tools/jenkins.plugins.nodejs.tools.NodeJSInstallation/NodeJS_18.6.0/bin/node ~/tools/jenkins.plugins.nodejs.tools.NodeJSInstallation/NodeJS_18.6.0/bin/npm view wildcard#2.0.0
wildcard#2.0.0 | MIT | deps: none | versions: 10
Wildcard matching tools
https://github.com/DamonOehlman/wildcard#readme
keywords: string, wildcard
dist
.tarball: https://registry.npmjs.org/wildcard/-/wildcard-2.0.0.tgz
.shasum: a77d20e5200c6faaac979e4b3aadc7b3dd7f8fec
.integrity: sha512-JcKqAHLPxcdb9KM49dufGXn2x3ssnfjbcaQdLlfZsL9rH9wgDQjUtDxbo8NE0F6SFvydeu1VhZe7hZuHsB2/pw==
.unpackedSize: 21.7 kB
maintainers:
- damonoehlman <damon.oehlman#sidelab.com>
dist-tags:
latest: 2.0.0
published over a year ago by damonoehlman <damon.oehlman#gmail.com>
I checked sha512 after downloading that package through our Nexus (https://nexus.local/repository/npm-registry/wildcard/-/wildcard-2.0.0.tgz) using command shasum -b -a 512 wildcard-2.0.0.tgz | awk '{ print $1 }' | xxd -r -p | base64 and it returns l5E0KJ9dH5bNZ9CxPNtF5KiMPlhF4eQZv7S2+Ko1HbeKTgRr9sMd8oe88VGS14dLESGihS27fqbDXq9d919xcw==. I have no idea why that sha512 was changed during downloading package through local Nexus.
I tried to invalidate cache in Nexus proxy repo configuration. Also checked some options in configuration view.
Problem was caused by Apache proxy configuration. Option AddEncoding must not include .tgz value.
Related
How to set an .npmrc file to tell npm install to download all the dependencies from https://registry.npmjs.org but only a specific one from a corporate Artifactory under https://artifactory.corporation.io/artifactory/npm/ that needs authentication using ?
We can configure https://registry.npmjs.org as a remote repository(test-npm-remote) in Artifactory. If you have any packages which were developed locally can be deployed to the local(test-npm-local) repository. We can create a virtual repository that consists of local and remote repositories and pull the npm artifacts using the virtual repository(test-npm). You can find more details in the below link.
https://jfrog.com/screencast/setting-up-an-npm-registry-with-jfrog-artifactory-in-less-than-one-minute/
npm config set registry http://art.local/artifactory/api/npm/test-npm/
npm login
<enter credentials>
Sample NPM client configuration for your reference.
$ cat ~/.npmrc
email=test#test.com
always-auth=true
registry=http://art.local/artifactory/api/npm/test-npm/
//art.local/artifactory/api/npm/test-npm/:username=testuser
//art.local/artifactory/api/npm/test-npm/:_password=XXXXXXX
To install a package: npm install <PACKAGE_NAME>
I have a package in a private registry. I know it is there as I can pull it into some projects, but I can't pull it into one. I have the correct .npmrc one directory up but am still getting a 404 error.
Is there a way to check all registries that npm would use on install?
You can show the registry of a specific package with the npm view command.
> npm view angular
angular#1.7.5 | MIT | deps: none | versions: 136
HTML enhanced for web apps
http://angularjs.org
keywords: angular, framework, browser, client-side
dist
.tarball: https://registry.npmjs.org/angular/-/angular-1.7.5.tgz
.shasum: d1c1c01c6f5dc835638f3f9aa51012857bdac49e
.integrity: sha512-760183yxtGzni740IBTieNuWLtPNAoMqvmC0Z62UoU0I3nqk+VJuO3JbQAXOyvo3Oy/ZsdNQwrSTh/B0OQZjNw==
.unpackedSize: 2.1 MB
maintainers:
- angular <devops+npm#angular.io>
- angularcore <angular-core+npm#google.com>
- petebd <pete#bacondarwin.com>
dist-tags:
latest: 1.7.5 old: 1.2.32 previous_1_4: 1.4.14 previous_1_5: 1.5.11
published 4 weeks ago by petebd <pete#bacondarwin.com>
When you use npm config get registry you will see the default registry.
> npm config get registry
https://registry.npmjs.org/
With npm config list you can see custom configurations. When you have registered a registry for different scopes you will see them here
#polymer:registry=<url register A>
I ve setup the nexus oss 3 and it looks cool. All my projects are installed by using yarn because of the --pure-lockfile option.
Steps to reproduce the issue:
1. Setup nexus oss 3 with a private npm registry (as in documentation)
2. Disable anonymous access from nexus oss 3 admin panel
3. On a linux server with alpine try to yarn install --pure-lockfile (you must have a package that is hosted on the private repo in package.json)
4. Does not work, return 401 error
I tried everything but i could not manage to make yarn to login to get those packages.
If i use npm install, it works.
Can someone tell me how to make yarn work nexus oss3 using the setup from above?
If npm install is working, then you must have login credentials and repository correctly defined.
Open terminal and run npm login, give your username and password for nexus account. This will create a file ~/.npmrc. Open this file nano ~/.npmrc, output look like
//<repository>:_authToken=NpmToken.<token>
A dummy example:
//test.server.com/repository/npm-group/:_authToken=NpmToken.123456-12345-12345-tok-en0onum
Go to the project directory cd <project_dir>, create a new file .yarnrc, open it nano .yarnrc. Insert the following line, save and exit (Ctrl+O, Ctrl+X) it.
registry "<repository>"
Create another file .npmrc in the same directory <project_dir>. Open, add the following line, save and exsit.
registry=<repository>
always-auth=true
//<repository>:_authToken=NpmToken.<token>
Delete the .npmrc at home directory rm ~/.npmrc.
Now you can download node_modules with yarn or yarn install.
I had same issue with nexus 3 and use this configuration on my .npmrc file:
registry=https://your.nexus.com/repository/some-npm/
always-auth=true
/* basic-auth-token: your user:password in base64 */
_auth=<basic-auth-token>
Hope this help you!
The fact that your requests returns 401 (Unauthorized) means that you should supply credentials when connecting to Nexus.
It is far from being a nice solution but I got it working using
yarn set registry https://user:pwd#your.nexus.host/nexus3/repository/npmjs/
I use yarn 1.4.0 (release candidate). It should also work on 1.3.2, but I cannot test that because 1.3.2 has issues with HTTPS_PROXY env vars.
We use artifactory for npm, bower etc for our projects. now we want to use new feature TypeScript type definitions to fetch the npm package as #types/jasmine (NPM organization/scope) through artifactory but when we try to access it we get http 400
$ npm install -g protractor
npm http 400 http://artifactory/artifactory/api/npm/npm-virtual/#types%2fjasmine
we are able to access the link directly on npm public repo but. it doesn't work through artifactory. is it still not supported . is there a workaround or fix.
From the Artifactory user guide:
Npm 'slash' character encoding
By default, the npm client encodes slash characters ('/') to their ASCII representation ("%2f") before communicating with the npm registry. If you are running Tomcat as your HTTP container (the default for Artifactory), this generates an "HTTP 400" error since Tomcat does not allow encoded slashes by default. To avoid this error when using npm scope packages, you can override this default behavior by defining the following property in the catalina.properties file of your Tomcat:
org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true
Is there some URL from which I can download a given package from npm (as a tarball or something)? I need the exact files that were originally uploaded to npm.
Using npm install gets a different, generated package.json for example. I want the exact original set of files that was published.
You can use npm view to get the URL to the registry's tarball (in this example for the module level):
$ npm view level dist.tarball
And to download tarball, you can use npm pack:
$ npm pack level
Just run the command
npm view [package name] dist.tarball
It will return a tar url.
Running npm pack PACKAGE_NAME will download a tarball of any package on npm.
To extract it, just run tar -xzf DOWNLOADED_FILE.tgz
Example:
npm pack react
then extract:
tar -xzf react-16.6.3.tgz
If you need to get the tarball without having npm installed, you can fetch the package information using curl and use jq to get the right information from the JSON:
curl https://registry.npmjs.org/PACKAGE-NAME/ \
| jq '.versions[."dist-tags".latest].dist.tarball'
This is for instance useful if you're building a Docker container that requires one npm package, and don't want to install npm just for that.
Yes, you can npm install <git remote URL> to download the full repository into node_modules. This will be directly from the repository's host, rather than via npm, though. See the npm install docs for more information.