I'm using Verdaccio to host a private NPM registry on a machine that doesn't have access to the internet. So far, I've successfully published thousands of packages to the registry. However, when trying to publish hoist-non-react-statics-3.3.2-latest.tgz, I get the following error: "This command requires you to be logged in. You need to authorize this machine using 'npm adduser'." The thing is, I have added myself as a user (which is why I've been able to publish so many packages already), and I've confirmed that I'm logged in via npm whoami. I've also done an npm logout and an npm login. I've also tried turning off user authentication in Verdaccio (https://verdaccio.org/docs/authentication/). Unfortunately, nothing I've tried is letting me publish this package to the registry. Any ideas?
After digging into node/lib/node_modules/npm/lib/publish.js, I realized the registry it's trying to use when checking that I'm authenticated was the public NPM registry, not my self-hosted registry. The solution was to remove these lines of code from hoist-non-react-statics's package.json file before publishing it: https://github.com/mridgway/hoist-non-react-statics/blob/master/package.json#L49-L51.
Related
I figured this would be a problem that has been solved a million times over, but I just can't find the solution. I wish to setup my Java Maven project to install Angular dependencies from my private Nexus server. I use the frontend-maven-plugin to install a new npm every time, so the configuration must be available for that npm for it to work.
I know I can add the following to my .npmrc file and it works:
registry = http://nexus.global.dns/repository/npm-all/
_authToken = NpmToken.xxx
always-auth = true
The problem I have with this solution is that the auth token gets checked into git and that I have to remove it every time I work outside of my network, where I do not have access to the nexus server. This happens for example when I am developing something for the frontend away from home as my nexus server is not on the cloud. So I wish for nexus to be used only by my jenkins pipelines which will use the frontend-maven-plugin.
I figured I would set the registry the commandline way but that is proving to be a challenge. In my frontend-maven-plugin I have set up executions that run the following lines:
npm set registry http://nexus.global.dns/repository/npm-all/
npm //nexus.global.dns/:_authToken=${NEXUS_NPM_AUTH_TOKEN}
npm install --no-package-lock
This returns a 401 error as it is not able to authenticate: Unable to authenticate, need: BASIC realm="Sonatype Nexus Repository Manager"
My next attempt was to remove the explicit mention of the repository I want to use from Nexus, because maybe it can figure out which one it should use:
npm set registry http://nexus.global.dns
npm //nexus.global.dns/:_authToken=${NEXUS_NPM_AUTH_TOKEN}
npm install --no-package-lock
Authentication now seemingly works, but it is trying to pull the dependencies from http://nexus.global.dns as expected. I get the following error: 404 Not Found - GET http://nexus.global.dns/#angular-builders%2fjest
If I navigate to http://nexus.global.dns/repository/npm-all/#angular-builders%2fjest instead I do get the dependency's package.json as a response.
Clearly the registry should be http://nexus.global.dns/repository/npm-all/ but I can't get authentication to work with the command line. I have also tried:
npm //nexus.global.dns/repository/npm-all/:_authToken=${NEXUS_NPM_AUTH_TOKEN}
but this does not work either. How do I set the auth token for my Nexus private server through the command line?
I have a working verdaccio server hosted on a google cloud server. I am able manually publish to it, but am struggling to create a GitHub Action to publish to it when I push to master branch.
I have a script that works perfectly when publishing to npmjs public repo. Here is the relevant part that works for npmjs.org
- name: Publish to npm
if: steps.semantic.outputs.new_release_published == 'true'
run: |
yarn install
git checkout upm
npm publish
env:
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
Now, for my own server, I have included the following addition in package.json:
"publishConfig": {
"registry": "http://my.ip.0.0:port"
},
And then in the repositories secrets, I have created an NPM_TOKEN secret with my user's token copied from my computer's .npmrc file after logging in.
I'm getting the following error from the Github Actions result:
npm ERR! code E401
npm ERR! Unable to authenticate, your authentication token seems to be invalid.
npm ERR! To correct this please trying logging in again with:
npm ERR! npm login
So I'm clearly not authenticating properly.
I tried (on the server's cli) using npm token create but it gave me an unauthorized error, and I tried the same on my computer locally after logging in too, and got the same error.
How can I authenticate my Github Actions publish to my custom Verdaccio server? I'm pretty new to this whole CI business, so I suspect I'm missing something quite basic. I suspect I'm doing it wrong using NPM_TOKEN, but it worked fine to publish to npmjs.org public repo.
Again, I can manually publish using npm publish from the terminal on my Mac (after logging into custom server with npm login), so I know that the server is set up properly.
After much googling, I found a solution from this tutorial https://remysharp.com/2015/10/26/using-travis-with-private-npm-deps
It's not written for GitHub Actions but the same procedure worked.
First, you need to login to your private server from your computer. In your home folder look at the .npmrc file (turn on show hidden files).
add this line to the yaml action file:
echo "//YOURREGISTRYADDRESS/:_authToken=\${NODE_AUTH_TOKEN}" > .npmrc
Note that it should actually be NODE_AUTH_TOKEN, NOT your actual token.
The part in the quotes should mostly match the entry in your .npmrc file (without the token).
So now it looks like this
- name: Publish to npm
if: steps.semantic.outputs.new_release_published == 'true'
run: |
yarn install
git checkout upm
echo "//YOURREGISTRYADDRESS/:_authToken=\${NODE_AUTH_TOKEN}" > .npmrc
npm publish
env:
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
Then in the Settings -> Secrets part of your GitHub repo, add a secret called NPM_TOKEN and paste in the auth token value from the .npmrc. It's a long series of letters and numbers.
Now this script should properly log in. Apparently the issue is that the default Verdaccio authorization plugin expects it to be used interactively. This line basically creates an .npmrc file on the fly and populates it with the correct info, as if you've already logged in interactively. The file isn't actually created though, and disappears after running, which is a nice touch. It also is pretty secure since it stores the token in the secrets part of the repo. The link above does a better job explaining it, so check it out!
I am trying to use a npm package from a private repository hosted in a different Azure DevOps organisation. I am getting the following error on npm install step:
npm ERR! code E401
npm ERR! Unable to authenticate, need: Bearer authorization_uri=https://login.windows.net/2dfb2f0b-4d21-4268-9559-72926144c918, Basic realm="https://pkgsprodcus1.pkgs.visualstudio.com/", TFS-Federated
My project .npmrc file looks like this:
#{scope}:registry=https://pkgs.dev.azure.com/{ORG}/{PROJECT}/_packaging/{FEED}/npm/registry/
always-auth=true
strict-ssl=false
I have followed the documentation on setting up the PAT token with Packaging Read & Write permission
I have tried connecting by setting up a service connection which did not work.
I have also tried to by adding the credentials to the project .npmrc file and that does not work either.
.npmrc file with creds:
#{scope}:registry=https://pkgs.dev.azure.com/{ORG}/{PROJECT}/_packaging/{FEED}/npm/registry/
always-auth=true
strict-ssl=false
//pkgs.dev.azure.com/{ORG}/{PROJECT}/_packaging/{FEED}/npm/registry/:username=ANYTHING-BUT-EMPTY
//pkgs.dev.azure.com/{ORG}/{PROJECT}/_packaging/{FEED}/npm/registry/:_password=BASE64-ENCODED-PAT
//pkgs.dev.azure.com/{ORG}/{PROJECT}/_packaging/{FEED}/npm/registry/:email={EMAIL}
/pkgs.dev.azure.com/{ORG}/{PROJECT}/_packaging/{FEED}/npm/registry/:always-auth=true
I have regenerated the PAT numerous times with different scopes but none worked. (I am generating the PAT from User Settings -> Security in Azure DevOps)
I am able to connect to the feed from my local machine using the vsts-npm-auth package.
Azure DevOps pipeline - authentication failure when trying to connect to private npm registry
According to the document Set up your client's npmrc, we need set the .npmrc containing the credentials in $home for Linux or Mac systems or $env.HOME for win systems in development machine instead of setting it in your the project .npmrc file.
On your development machine, you will also have a .npmrc in $home for
Linux or Mac systems or $env.HOME for win systems. This .npmrc should
contain credentials for all of the registries that you need to connect
to. The NPM client will look at your project's .npmrc, discover the
registry, and fetch matching credentials from $home/.npmrc or
$env.HOME/.npmrc. Credential acquisition will be discussed in the next
section.
And:
You should have a project specific .npmrc containing only your feed's
registry information that you discovered from the "Connect to Feed"
dialog. There should be no credentials in this file and the file
itself is usually adjacent to your project's package.json.
Besides, if you want use the hosted agent, you could use the npm Authenticate task to certification.
Hope this helps.
In my case, I needed to add an explicit npmAuthenticate step to log-in to the private NPM registry using the pipeline's credentials before the step in which npm install / yarn install was called, like so:
- task: npmAuthenticate#0
inputs:
workingFile: "$(Build.SourcesDirectory)/path/to/my/.npmrc"
As stated to provide npm authentication for deployment, I tried copying my .npmrc file containing the //registry.npmjs.org/:_authToken=00000000-0000-0000-0000-000000000000 line.
However, when I try npm whoami I get a 401, and npm install on my private modules also doesn't work.
I tried running npm login after on the same machine and everything worked. Then I changed the _authToken back to the original one that was failing, rather than the newly created one. It still worked after doing this. So clearly there is something going on with auth more than just the token. Does NPM keep track of authorized IPs or something else I'm unaware of? I'm trying to setup my deployment to be able to access my private repos.
My node.js app uses a number of private shared modules hosted in git repos. I use git URLs like below in the dependencies block in package.json:
"xxx-accountMgr": "git+ssh://git#github.xxx.ibm.com:xxx/lib-account-mgr.git",
when "cf push" this errors during npm install on ssh:
npm ERR! git clone --template=/home/vcap/.npm/_git-remotes/_templates --mirror ssh://git#github.xxx.ibm.com/ipaas/lib-account-mgr.git /home/vcap/.npm/_git-remotes/ssh-git-github-xxx-ibm-com-xxx-lib-account-mgr-git-bf65c10c: ssh: Could not resolve hostname github.xxx.ibm.com: Name or service not known
i expected this as I haven't configured the ssh key in bluemix. is that possible? if not, what's the alternative to install modules from a private repo in bluemix?
If you are downloading a private module hosted on Git, you should be able to use https protocol (with creds) to access it.
There is a trick that could help avoid this issue if that is not an option for you:
1) Package private modules with your application (in node_modules)
2) Move the private modules to devDependencies in package.json, rather than dependencies, so that your local dev workflow is unaffected.
npm install will install dependencies and devDependencies. By
default, Bluemix will only install dependencies
Step 2 is necessary because even if you package the private node_modules with your application, staging for your application will fail because npm still tries to access your private repo to validate the dependency.
Also, if you had a .cfignore file ignoring the entire node_modules directory, that would have to be changed to ignore only the public modules.
If the private repo requires Github authentication to access the shared mdoules, Bluemix won't be able to access them. You can use a command such as git clone https://github.com/repo/etc but that will require the files to be accessible without authentication.
An alternative could be to manual install the files in your repo prior to using cf push so they are available. This is not a great solution but it will solve the problem in the short term.
The problem here is that Bluemix cannot reach back into the corporate network which is apparently where your github repo lives.
It has nothing to do with authentication, although what the others say here is accurate for publically accessible git repositories
This is a workaround what works for me is to use npmjs private modules. On one hand it will work and on the other hand it is really easy to manange versions, and reuse code. Of course you'll need to make some minor changes, but is totally worth it.
Upgrade your npmjs account to use private modules: https://www.npmjs.com/private-modules
On your computer log in to npmjs:
npm login
Publish your modules
Copy your npmrc file to your project:
cp ~/.npmrc /path/to/your/project
npm install your_module --save
Enjoy!
Be aware that if you ever change your password the token inside .npmrc will be revocated.
The token is not derived from your password password, but changing
your password will invalidate all tokens. The token will be valid
until the password is changed. You can also invalidate a single token
by logging out on a machine that is logged in with that token.
Source: https://docs.npmjs.com/private-modules/ci-server-config#checking-in-your-npmrc
You can also use cfnpm module (https://www.npmjs.com/package/cfnpm) it is designed to deal with private package in cliud foundry