I have a custom .npmrc file as follows
#foo:registry=https://gitlab.com/api/v4/packages/npm/
// This works and it returns the latest dist tag from the registry as configured in .npmrc
npm view --json #foo/my-package dist-tags
// This fails with a 404
npm access ls-collaborators #foo/my-package
// npm ERR! 404 Not Found - GET https://registry.npmjs.org/-/package/%40foo%2Fmy-package/collaborators?format=cli - Package not found
Some more context:
I am trying to publish an npm package to a private package registry on gitlab using the np module. These commands seem to be executing as part of one of its steps for user authentication.
What am I missing?
Make sure "private": true is in your package.json file. I was running into a similar problem as you, and adding this fixed it for me.
Related
It's first time I'm trying to use Actions in GitHub to load a package on npm.
My workflow gets error because of:
npm ERR! code E404
npm ERR! 404 Not Found - PUT https://registry.npmjs.org/github-custom-module - Not found
npm ERR! 404
I noticed that also trying to reach out by browse bar https://registry.npmjs.com/ or http://registry.npmjs.com/ and it responds something like:
{"db_name":"registry","engine":"couch_bt_engine","doc_count":2594600,"doc_del_count":334,"update_seq":12737068,"purge_seq":0,"compact_running":false,"sizes":{"active":52390186030,"external":150891609029,"file":52550172912},"disk_size":52550172912,"data_size":52390186030,"other":{"data_size":150891609029},"instance_start_time":"1640854262658073","disk_format_version":7,"committed_update_seq":12737068,"compacted_seq":12733464,"uuid":"d8db915449574fe1dbb729e34426a075"}
just wondering if someone got in trouble for the same reason and eventually how to fix it!
Thank you very much!
Since your npm package is in a private repo, your Github action may not have access to it. There are two approaches to solving this ->
The easy way
You can use a read only access token in the dependency list in the package.json file to install the packages. This will require changing the code base but it trivializes the CI part. Bear in mind that if the token expires or is deleted your builds will start failing.
The not so easy way
The other way is to again create an access token for the npm registry and then
adding it to the Github Secrets instead. So lets say we store it in
NPM_TOKEN then in your action file you could simply add this to the env
steps:
- run: |
npm install
- env:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
You also need to create a .npmrc file in the root of your project with a single line using the env variable to set the auth token.
//registry.npmjs.org/:_authToken=${NPM_TOKEN}
The npm cli will replace the value from the environment in so your secrets are safe !
I published several npm packages to a private npm registry hosted in GCP and I can see all versions in the registry. Yet I can't download the package since the install command throws an E404.
NPM throws a generic 404 Error when trying to download the page:
npm ERR! code E404
npm ERR! 404 Not Found - GET https://europe-north1-npm.pkg.dev/[Project]/#[scope]/[packagename]/-/#[scope]/[packagename]-0.1.0.tgz
npm ERR! 404
npm ERR! 404 '#[scope]/[packagename]#https://europe-north1-npm.pkg.dev/[Project]/#[scope]/[packagename]/-/#[scope]/[packagename]-0.1.0.tgz' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
Opening the url that is tring to resolve returns this error:
{"error":"Permission \"artifactregistry.repositories.downloadArtifacts\" denied on resource \"projects/[Project]/locations/europe-north1/repositories/#[scope]\" (or it may not exist)"}
{"error":"Unmatched scope name: \"\" != \"#[scope]\""}
Additonally, I checked and my account does in fact have to downloadArtifacts role.
I can't figure out why it's unable to resolve the URL since with the same config I'm able to both publish and even run npm view the package.
I've tried creating brand new packages, specifying a version, resetting the auth token and yet for some reason I'm still unable to download packages.
If it helps, my current .npmrc file looks like this:
registry:https://registry.npmjs.org/=true
#[scope]:registry=https://europe-north1-npm.pkg.dev/[project]/[repo name]/
//europe-north1-npm.pkg.dev/[project]/[repo name]/:_authToken=[gcp auth token]
//europe-north1-npm.pkg.dev/[project]/[repo name]/:always-auth=true
//registry.npmjs.org/:_authToken=[npm auth token]
Turns out this was not a GCP specific issue, but a Yarn Berry issue when publishing to GCP.
The tarballURL that is being generated uses a truncated registry URL which is why i was getting a 404 when trying to install the package.
A fix for this was proposed here.
https://github.com/yarnpkg/berry/pull/3513
I had an error similar to this one.
I did the entire repository creation process and created a new project to test the package.
When I tried npm install my-package I got a 404 error.
After some tests I discovered that I need the .npmrc file also in the project that will consume the package. It may seem kind of obvious to some people but I didn't know.
Add the returned configuration settings to the .npmrc configuration file in your Node.js projects. This file is usually in the same directory as package.json.
Make sure that you include these settings in Node.js projects for packages that you publish as well as projects that will install dependencies from your npm repository.
Set up authentication for npm
I have a (test) npm package named #myScope/test which I want to publish into a private gitlab registry within a gitlab project whose address is
https://gitlab.<something>/myId/test-npm-registry/
with ID 9630
First, I'm a bit confused with npm login and .npmrc. If I understand correctly, answers given to npm login end-up as a couple of lines into .npmrc, is that right?
So essentially, to instruct npm about authenticating to a registry, one can either:
manually edit .npmrc
use npm config set
use npm login
Based on what I read on the gitlab help, I've inserted the following lines into my .npmrc:
#myScope:registry=https://gitlab.<something>/api/v4/projects/9630/packages/npm/
'//gitlab.<something>/api/v4/projects/9630/packages/npm/:_authToken'="${GITLAB_AUTH_TOKEN}"
Note: I had to use the project ID, having issues with the url format.
I have also added the following bit into the package.json :
publishConfig":{
"#myScope:registry": "https://gitlab.<something>/api/v4/projects/9630/packages/npm/"
}
Finally, I've created a token in gitlab, with "api, read_api, read_registry, write_registry" rights and I have assigned the token to the GITLAB_AUTH_TOKEN variable:
GITLAB_AUTH_TOKEN="xk4L7xxvzHuykyKawxQZ"
When I do npm publish I'm getting the following message :
npm ERR! code E401
npm ERR! 401 Unauthorized - PUT https://gitlab.<something>/api/v4/projects/9630/packages/npm/#myScope%2ftest-npm-registry
npm ERR! A complete log of this run can be found in:
The logs doesn't help, nor does the verbose mode. Also, I'm not getting if I have to perform an explicit npm login or if the configuration in the .npmrc (with the token) should do the trick. I actually cannot do npm login because the username has an # character in it and npm refuses it.
Any ideas ?
I have created a private npm registry using gitlab
I have the following .npmrc file, which is the same .npmrc file that I used to publish with no issues. I've replaced all company values with placeholders.
#myorg:registry=https://gitlab.com/api/v4/packages/npm/
//gitlab.com/api/v4/packages/npm/:_authToken=[[MY_TOKEN_HERE]]
//gitlab.com/api/v4/projects/12345678/packages/npm/:_authToken=[[MY_TOKEN_HERE]]
When I go to install I get the following error message
npm install #myorg/my-package-name-here
npm ERR! code E404
npm ERR! 404 Not Found - GET https://registry.npmjs.org/#myorg/my-package-name-here - Not found
npm ERR! 404
npm ERR! 404 '#myorg/my-package-name-here#latest' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
npm ERR! A complete log of this run can be found in:
This to me looks like it's not picking up the .npmrc file as the registry is different.
I have checked and the file is definately .npmrc and not a different extension etc.
Anyone have any ideas?
EDIT
I've done some investigation and it does look like my .npmrc file is being used, however the registry
'https://gitlab.com/api/v4/packages/npm/#myorg/my-package-name-here'
is being redirected to
'https://registry.npmjs.org/#myorg/my-package-name-here'
which is why it will be showing up as this...
It does not explain to me why it can't be found though using the auth token etc that I used to publish?
I've figured it out...
Everything is fine other than #myorg does not match my gitlab org name.
e.g. the gitlab url is something like this:
https://gitlab.com/my-company/...
instead it needs to match the github url, so in the above example
#my-company
After switching this it all kicked into life and I am able to get the npm package.
It is not necessarily true (as stated in the accepted answer) that the scope name "needs to match the github [sic] url" (believe github is meant to be GitLab).
Using GitLab, it is possible to have a scope name that does not match the root of your GitLab URL.
The difference is how the registry is configured in the project's (or user's) .npmrc.
From GitLab:
When you use the instance-level endpoint, only the packages with names in the format of #scope/package-name are available. For example, if your project is https://gitlab.example.com/my-org/engineering-group/team-amazing/analytics, the root namespace is my-org. When you publish a package, it must have my-org as the scope.
The registry config for an instance-level endpoint looks like this:
#scope:registry=https://gitlab.com/api/v4/packages/npm/
...however, if your scope name does not match the root of GitLab URL, you will need a project-level endpoint configuration:
#scope:registry=https://gitlab.com/api/v4/projects/<your_project_id>/packages/npm/.
https://docs.gitlab.com/ee/user/packages/npm_registry/index.html
My cents to help someone.
When you create a repository to handle with Package Registry, then you've created in a group or in your own user. It's very important to observe where you created it. Probably your registry repository url is something like this:
https://your.gitlab.com/{name_of_group_or_name_of_user}/[{optional_subgroup}/]{repository_registry_name}
Now, let's say you've a package in the url:
https://your.gitlab.com/my-group/my-package
And the url registry is:
https://your.gitlab.com/main/registry
The #scope of your my-package needs being #main/my-package, and not #my-group/my-package. If you define wrong #scope here, it gives you 404.
my-package:
{
"name": "#main/my-package",
...
}
The #scope is the first segment of the url of your registry repository path.
We have a private NPM registry to which we are publishing our packages to, and have a publishConfig section in our projects package.json file which juts contains our registry url which gets picked up by our npm publish commands:
"publishConfig": {
"registry": "xxxxxx"
}
I would like to have this registry url read out from am .nprmc file rather than the package.json.
I have tried doing this, but when using npm publish I get:
400 - Repository with ID='xxx' is Read Only, but action was 'create'!
I figured this may be because I hadnt added my user details to my npmrc, which I have now done, but the problem still remains.
Is it possible for npm publish to use the details from an npmrc specifically?
Just add the following to your .npmrc
registry=YOUR_REGISTRY