We have a private NPM registry to which we are publishing our packages to, and have a publishConfig section in our projects package.json file which juts contains our registry url which gets picked up by our npm publish commands:
"publishConfig": {
"registry": "xxxxxx"
}
I would like to have this registry url read out from am .nprmc file rather than the package.json.
I have tried doing this, but when using npm publish I get:
400 - Repository with ID='xxx' is Read Only, but action was 'create'!
I figured this may be because I hadnt added my user details to my npmrc, which I have now done, but the problem still remains.
Is it possible for npm publish to use the details from an npmrc specifically?
Just add the following to your .npmrc
registry=YOUR_REGISTRY
Related
In a project which I work with there is private project library which is available for me directly - https://gitlab.some-project/some-utils
In package.json it is requested like
"dependencies": {
"#some-project/some-utils": "0.1.42",
...
}
This project wasn't uploaded to npm. I created .npmrc file and put there:
#8some-project:registry=https://gitlab.some-project.com/some-utils
But when I try to "run yarn #some-project/some-utils" I get:
error Received malformed response from registry for "#some-project/some-utils". The registry may be down.
What I am doing wrongly? How to install this library to another project?
I just raised npm version and it works now
I have a working verdaccio server hosted on a google cloud server. I am able manually publish to it, but am struggling to create a GitHub Action to publish to it when I push to master branch.
I have a script that works perfectly when publishing to npmjs public repo. Here is the relevant part that works for npmjs.org
- name: Publish to npm
if: steps.semantic.outputs.new_release_published == 'true'
run: |
yarn install
git checkout upm
npm publish
env:
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
Now, for my own server, I have included the following addition in package.json:
"publishConfig": {
"registry": "http://my.ip.0.0:port"
},
And then in the repositories secrets, I have created an NPM_TOKEN secret with my user's token copied from my computer's .npmrc file after logging in.
I'm getting the following error from the Github Actions result:
npm ERR! code E401
npm ERR! Unable to authenticate, your authentication token seems to be invalid.
npm ERR! To correct this please trying logging in again with:
npm ERR! npm login
So I'm clearly not authenticating properly.
I tried (on the server's cli) using npm token create but it gave me an unauthorized error, and I tried the same on my computer locally after logging in too, and got the same error.
How can I authenticate my Github Actions publish to my custom Verdaccio server? I'm pretty new to this whole CI business, so I suspect I'm missing something quite basic. I suspect I'm doing it wrong using NPM_TOKEN, but it worked fine to publish to npmjs.org public repo.
Again, I can manually publish using npm publish from the terminal on my Mac (after logging into custom server with npm login), so I know that the server is set up properly.
After much googling, I found a solution from this tutorial https://remysharp.com/2015/10/26/using-travis-with-private-npm-deps
It's not written for GitHub Actions but the same procedure worked.
First, you need to login to your private server from your computer. In your home folder look at the .npmrc file (turn on show hidden files).
add this line to the yaml action file:
echo "//YOURREGISTRYADDRESS/:_authToken=\${NODE_AUTH_TOKEN}" > .npmrc
Note that it should actually be NODE_AUTH_TOKEN, NOT your actual token.
The part in the quotes should mostly match the entry in your .npmrc file (without the token).
So now it looks like this
- name: Publish to npm
if: steps.semantic.outputs.new_release_published == 'true'
run: |
yarn install
git checkout upm
echo "//YOURREGISTRYADDRESS/:_authToken=\${NODE_AUTH_TOKEN}" > .npmrc
npm publish
env:
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
Then in the Settings -> Secrets part of your GitHub repo, add a secret called NPM_TOKEN and paste in the auth token value from the .npmrc. It's a long series of letters and numbers.
Now this script should properly log in. Apparently the issue is that the default Verdaccio authorization plugin expects it to be used interactively. This line basically creates an .npmrc file on the fly and populates it with the correct info, as if you've already logged in interactively. The file isn't actually created though, and disappears after running, which is a nice touch. It also is pretty secure since it stores the token in the secrets part of the repo. The link above does a better job explaining it, so check it out!
I have a custom .npmrc file as follows
#foo:registry=https://gitlab.com/api/v4/packages/npm/
// This works and it returns the latest dist tag from the registry as configured in .npmrc
npm view --json #foo/my-package dist-tags
// This fails with a 404
npm access ls-collaborators #foo/my-package
// npm ERR! 404 Not Found - GET https://registry.npmjs.org/-/package/%40foo%2Fmy-package/collaborators?format=cli - Package not found
Some more context:
I am trying to publish an npm package to a private package registry on gitlab using the np module. These commands seem to be executing as part of one of its steps for user authentication.
What am I missing?
Make sure "private": true is in your package.json file. I was running into a similar problem as you, and adding this fixed it for me.
I published a package via Github's package manager, and it seemed to work. It appears on the repo's web page and on my profile page. When I run
npm install #franklinharvey/time-remaining#1.0.0
locally it works, but when I try it in a new environment such as Replit or CodeSandbox it does not appear. It also does not appear on npmjs.com
Here are some config files
.npmrc
registry=https://npm.pkg.github.com/franklinharvey
.yarnrc
"#franklinharvey:time-remaining" "https://npm.pkg.github.com"
package.json (partial)
"name": "#franklinharvey/time-remaining",
"publishConfig": {
"registry": "https://npm.pkg.github.com"
},
"repository": {
"url": "git#github.com:franklinharvey/time-remaining.git"
}
.npmignore
.gitignore
src/
*.log
*.tsbuildinfo
package-lock.json
yarn.lock
coverage
node_modules
Our company also publishes its npm packages via github. Your post gave me an idea, and it fixed the issue on our end.
In a nutshell, I think you need both a fuller .npmrc where you're trying to download the package and not succeeding (containing the registry info as below); as well as to do an npm login if your package is private.
My .npmrc:
#my-company-s-npm-account:registry=https://npm.pkg.github.com/
//npm.pkg.github.com/:_authToken=[GITHUB_AUTH_TOKEN_HERE_WITHOUT_BRACKETS]
registry=https://registry.npmjs.org/
Hope this fixes your issue.
If you can't add an .npmrc or do an npm login where you're trying to install it, and your package is private, I'm not sure how to help.
I have a problem with pulling scoped packages from artifactory remote repository
I have watched item : [Installing scoped npm packages from Artifactory
my virtual repository name is swm-virtual-npm
I did a :
npm config set registry http://server:8080/artifactory/swm-virtual-npm
npm install #angular/core
and it fails. when I do it with gulp package it works.
I have added the org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH = true flag.
the data the request.log gives me is :
20170329113552|12|REQUEST|10.82.72.231|anonymous|GET|/swm-virtual-npm/#angular%2fcore|HTTP/1.1|302|0 20170329113552|0|REQUEST|10.82.72.231|anonymous|GET|/ui/nativeBrowser|HTTP/1.1|406|0 20170329113552|1|REQUEST|10.82.72.231|anonymous|GET|/swm-virtual-npm/#angular%2fcore/|HTTP/1.1|406|0
The problem is quite simple, you are missing the required api/npm in the URL. It should be:
npm config set registry http://server:8080/artifactory/api/npm/swm-virtual-npm
Your ~/.npmrc should look something like this:
registry=http://server:8080/artifactory/api/npm/swm-virtual-npm
_auth = ......
always-auth = true
You may want to delete all the content in your NPM remote repository caches (if there are any in what I assume is a virtual NPM repository). It is likely your attempts to access it without api/npm may have corrupted the cache.