yarn workspace has problem with private npm registry - npm

I'm trying yarn workspaces with modules that have private dependencies - so that there's a line like this specified in .npmrc:
//npm.pkg.github.com/:_authToken=this-is-some-fake-token
Token is obviously different. So when I run yarn from inside that module it grabs private modules just fine, however when I try to run it from the workspaces root, it fails with the error that it cannot find given private module on npm registry (but of course it can't - it probably shouldn't even be looking there):
error Couldn't find package "#namespace/module#1.1.4" required by "one-of-workspaces#0.0.1" on the "npm" registry.
Obviously in this case yarn doesn't respect .npmrc that I've dropped in the workspaces root, but why? Or it is not even supposed to? And doesn't support private registries in workspaces mode?

Yarn will respect .npmrc from your home directory (not 100% sure about monorepo root).
What you are for sure missing in your .npmrc is the line that mentions that #namespace packages should be picked from GPR:
//npm.pkg.github.com/:_authToken=this-is-some-fake-token
#namespace:registry=https://npm.pkg.github.com/

Related

NPM global install still creating a node_modules directory

In Ubuntu, I have a directory with my code /code which has my packages.json and such. My NPM prefix is /usr via npm prefix -g. I am trying to install packages globally so as to not create a node_modules directory in /code, but really as long as node_modules is not in /code, that will also work.
While in /code, I run npm install -g. I see a .staging directory created under my global prefix (eg, /usr/lib/node_modules/.staging) but then NPM takes another step and begins creating a /code/node_modules directory.
If I instead just run npm install -g <package> it correctly ends up in /usr/lib/node_modules/<package>. But I do not want to have to run npm install -g <package> for every package I need.
Why is NPM doing that and how can I make it stop doing that? At the very least, I would like the node_modules directory to NOT be in my /code directory (this is due to some environment constraints I can't change).
Globally installed packages are (almost always) not going to be used by your code. That's not how node or npm (conventionally) works. There isn't a shared global node_modules that programs all look in. (OK, there kinda is, but you don't want to use it if you can avoid it. Read on.) Having a local node_modules helps you avoid dependency hell. Global modules are for CLI tools that end up in your PATH and things like that.
You don't explain why you don't want a local node_modules for your project, so I will mention that if it is simply because it somehow bothers you, then please please please just get over it. You will be vastly happier. Type npm install and move on.
That said, for legacy reasons, your code in /code will look in /node_modules if there is no /code/node_modules. This is true for CommonJS modules that use require(). If you are using ESM modules via import, you may need to read the docs.
So, if you are using CommonJS/require(), you could have a directory structure like /project-name/code. You could have your index.js or whatever other code in the code subdirectory, while your package.json could be in project-name. Run npm install from /project-name and it will create a node_modules directory there rather than in the code subdirectory, and your Node.js files in code will find those modules.
If you don't like that, then for other options, you can review the relevant docs. At the time of this writing, those options include a NODE_PATH environment variable, $HOME/.node_modules, $HOME/.node_libraries, and $PREFIX/lib/node. However it all comes with this caveat that I implore you to abide by if you can:
It is strongly encouraged to place dependencies in the local node_modules folder. These will be loaded faster, and more reliably.

Yarn lock file resource source changed from registry.yarnpkg.com to registry.npmjs.org

I recently npm installed a package into my Ruby on Rails application. The installation changed my yarn.lock file. Specifically, the "resolved" field for all my resources have changed from yarnpkg.com to npmjs.org.
From this:
d3-dsv#1:
version "..."
resolved "https://registry.yarnpkg.com/d3-dsv/-/d3-dsv-1.0.8.tgz#..."
integrity ...
To this:
"d3-dsv#1":
"integrity" "..."
"resolved" "https://registry.npmjs.org/d3-dsv/-/d3-dsv-1.1.1.tgz"
"version" "..."
Is there a problem with these changes in this yark.lock file? Should I have done some yarn alternate to npm installing?
You can fix this issue by re-running yarn again.
To accomplish this, follow the steps below.
Remove the registry.npmjs.org section in your yarn.lock file.
Run the yarn command again.
$ yarn
This should rewrite the yarn.lock to change the registry from npm to Yarn.
The steps above should rewrite the yarn.lock file, and change the registry and text from npm to Yarn.
If you are using only public packages in your application then this will not cause many problems. You can go about your business as it is.Although there might be some complications when you authenticate for any of them at any point.
If you are using any private repositories, you have to re-register your packages with yarn and add credentials to them.
The following steps will help you.
Setup a private repo on npmjs.org and add a scope and your package (Lets name it boo)
Create a new project locally and upload it to the npm registry (let's call it blimp)
So when they are updated it will be #boo/blimp
Add the package to your new applications package.json by installing yarn add #boo/blimp
Remove the node_modules (rm -rf node_modules)
Try yarn install if there is an error in the lock file try re-creating one as follows
sed -ie 's,registry.yarnpkg.com/#boo,registry.npmjs.org/#boo,' yarn.lock
7. If that omits an issue like Request failed or something in that alley, try following
yarn config set registry https://registry.npmjs.org
At this point, you have tried lots of options. If this is still an issue in your system then you might have to move to `npm` package management. Follow the [yarn][2] repository for more updates.
Similar issues
yarn.lock should not include base registry
Support protocol-relative registry
Support for registry URLs without trailing slash
I suspect this happened to me because I installed something with npm install instead of yarn. I recognized my mistake, npm uninstalled the package, then yarn added the package, but then every entry in yarn.lock was changed to use npmjs.org instead of yarnpkg.com.
I did not commit the changes to source control, and the problem disappeared after I...
Deleted package-lock.json
Reverted the change to package.json in source control (i.e. removed the new package)
Reverted all changes to yarn.lock in source control
yarn added the package again
I am unsure if using npm install followed by yarn add is really what triggered the problem. Can anyone confirm?

npm install always uses artifactory registry and ignores .npmrc file

My .npmrc file previously contained registry=https://company.jfrog.io so upon npm install this registry was used. Now I want to use the public registry for my personal project, but even though I delete the .npmrc file and even create one at the root of my project containing the public registry, this custom registry is always used to install dependencies!
When i run npm config ls -l it displays registry = "https://registry.npmjs.com/" . But when i remove the lockfile and npm install, it still uses the artifactory registry!
How can I just use the public npm registry?
If you change from one registry to an other you need to make sure, that you do following things:
Check the current registry with npm config list command. The command should be called from the root directory of the project, as a local .npmrc can overwrite the registry settings. If the listed registry entry is not ok, please update the global and/or the local .npmrc file.
Delete node_modules in your project.
Remove package-lock.json in your project.
Clean the npm cache by deleting the npm-cache folder manually. On Windows it is by default on %appdata%\npm-cache location. As an alternative npm cache clean --force command could also work, but if you want to be sure, do the manual delete.
In your case most probably the last step is missing, the cleaning of the npm cache. If the npm cache is not cleaned, npm install gets the already downloaded packages from the cache and writes their registry url into the newly generated package-lock.json. And as the cached packages are still from https://company.jfrog.io, the urls in the generated package-lock.json will still point to https://company.jfrog.io.

How to nicely include a private NPM dependency in a lerna workspace project?

To preface, the project is using lerna with yarn workspaces and we are pulling in an internal NPM package from our private npm registry (not hosted with npm).
I currently understand how .yarnrc and .npmrc files can authenticate to private registries but our current project has settings already changed in these files. A developer could add credentials in these files but then they cannot commit the file to github.
I was hoping to find a solution where a developer on the project can add the private registry credentials in a .env file and then auth with said credentials somehow in a hook before lerna runs "install"
My main goal was to make it easy to work with the project and not rely on having each developer run 'npm login' or some other commands besides just including the correct credentials in their .env file. This also makes it easy for CI/deployment pipelines.
Are there any specific lifecycle hooks that can run before install in a lerna package?

bower install command issuing EHTTP error

I am struggling with installing bower on my system - although there are a few bower install issue scenarios on here, none are a very good match.
In my scenario, I have an externally acquired folder full of source code for a complex software package - the .bowerrc file is located here, as well as a bower.json. As is the default, my .npmrc file is located C:\Users\USER.
I have appended code strict-ssl=false and registry=http://registry.npmjs.org/ into .npmjs, and left the npm cache and config specs in the user directory. I've also left my PATH user variable as C:\Users\USER\AppData\Roaming\npm.
I have so far run three commands successfully:
npm install -g ember-cli
npm install -g bower
npm install
The created files from these commands seem to get dumped into C:\Users\USER\AppData\Roaming\npm\node_modules, and then the final command below is only giving me an EHTTP error.
bower install
I can only think that this issue is only occurring because of the location of the various dependencies. I've been playing around a bit - the last thing I tried was changing the Path user variable so that it instead points to the folder directory with .bowerrc, but the npm installation then has trouble referencing .npmrc. I'd appreciate any ideas, because I might only be chasing my own tail here.
UPDATE
I think I was wasting my time messing about with directory locations. The problem seems to be that there is a legacy proxy inside the .bowerrc file.. now I just need to work out how to get rid of the proxy setting!