I ve setup the nexus oss 3 and it looks cool. All my projects are installed by using yarn because of the --pure-lockfile option.
Steps to reproduce the issue:
1. Setup nexus oss 3 with a private npm registry (as in documentation)
2. Disable anonymous access from nexus oss 3 admin panel
3. On a linux server with alpine try to yarn install --pure-lockfile (you must have a package that is hosted on the private repo in package.json)
4. Does not work, return 401 error
I tried everything but i could not manage to make yarn to login to get those packages.
If i use npm install, it works.
Can someone tell me how to make yarn work nexus oss3 using the setup from above?
If npm install is working, then you must have login credentials and repository correctly defined.
Open terminal and run npm login, give your username and password for nexus account. This will create a file ~/.npmrc. Open this file nano ~/.npmrc, output look like
//<repository>:_authToken=NpmToken.<token>
A dummy example:
//test.server.com/repository/npm-group/:_authToken=NpmToken.123456-12345-12345-tok-en0onum
Go to the project directory cd <project_dir>, create a new file .yarnrc, open it nano .yarnrc. Insert the following line, save and exit (Ctrl+O, Ctrl+X) it.
registry "<repository>"
Create another file .npmrc in the same directory <project_dir>. Open, add the following line, save and exsit.
registry=<repository>
always-auth=true
//<repository>:_authToken=NpmToken.<token>
Delete the .npmrc at home directory rm ~/.npmrc.
Now you can download node_modules with yarn or yarn install.
I had same issue with nexus 3 and use this configuration on my .npmrc file:
registry=https://your.nexus.com/repository/some-npm/
always-auth=true
/* basic-auth-token: your user:password in base64 */
_auth=<basic-auth-token>
Hope this help you!
The fact that your requests returns 401 (Unauthorized) means that you should supply credentials when connecting to Nexus.
It is far from being a nice solution but I got it working using
yarn set registry https://user:pwd#your.nexus.host/nexus3/repository/npmjs/
I use yarn 1.4.0 (release candidate). It should also work on 1.3.2, but I cannot test that because 1.3.2 has issues with HTTPS_PROXY env vars.
Related
I figured this would be a problem that has been solved a million times over, but I just can't find the solution. I wish to setup my Java Maven project to install Angular dependencies from my private Nexus server. I use the frontend-maven-plugin to install a new npm every time, so the configuration must be available for that npm for it to work.
I know I can add the following to my .npmrc file and it works:
registry = http://nexus.global.dns/repository/npm-all/
_authToken = NpmToken.xxx
always-auth = true
The problem I have with this solution is that the auth token gets checked into git and that I have to remove it every time I work outside of my network, where I do not have access to the nexus server. This happens for example when I am developing something for the frontend away from home as my nexus server is not on the cloud. So I wish for nexus to be used only by my jenkins pipelines which will use the frontend-maven-plugin.
I figured I would set the registry the commandline way but that is proving to be a challenge. In my frontend-maven-plugin I have set up executions that run the following lines:
npm set registry http://nexus.global.dns/repository/npm-all/
npm //nexus.global.dns/:_authToken=${NEXUS_NPM_AUTH_TOKEN}
npm install --no-package-lock
This returns a 401 error as it is not able to authenticate: Unable to authenticate, need: BASIC realm="Sonatype Nexus Repository Manager"
My next attempt was to remove the explicit mention of the repository I want to use from Nexus, because maybe it can figure out which one it should use:
npm set registry http://nexus.global.dns
npm //nexus.global.dns/:_authToken=${NEXUS_NPM_AUTH_TOKEN}
npm install --no-package-lock
Authentication now seemingly works, but it is trying to pull the dependencies from http://nexus.global.dns as expected. I get the following error: 404 Not Found - GET http://nexus.global.dns/#angular-builders%2fjest
If I navigate to http://nexus.global.dns/repository/npm-all/#angular-builders%2fjest instead I do get the dependency's package.json as a response.
Clearly the registry should be http://nexus.global.dns/repository/npm-all/ but I can't get authentication to work with the command line. I have also tried:
npm //nexus.global.dns/repository/npm-all/:_authToken=${NEXUS_NPM_AUTH_TOKEN}
but this does not work either. How do I set the auth token for my Nexus private server through the command line?
I'm having an issue with installing an NPM package from GCP.
I was able to upload the package to the artifact registry of GCP by doing the following steps:
Login to my google account (gcloud auth application-default login)
Run
gcloud artifacts print-settings npm \ --project=[my-project]\ --repository=[my-repo] \ --location=us-east1 \ --scope=#[my-scope]
Pasting the output of the previous step in the .npmrc file located in the root of the project.
Refreshing the access token to GCP (npx google-artifactregistry-auth ./.npmrc)
Run yarn publish
My .npmrc file looks like this:
#[my-scope]:registry=https://us-east1-npm.pkg.dev/[my-project]/[my-repo]/
//us-east1-npm.pkg.dev/[my-project]/[my-repo]/:_authToken="[auth-token]"
//us-east1-npm.pkg.dev/[my-project]/[my-repo]/:always-auth=true
However, when I try to install the package on another project by:
Executing steps 1-4 mentioned above
Run yarn add #[my-scope]/[my-package]
I get an 404 error.
Looks like yarn is looking for the package in the default registry:
error An unexpected error occurred: "https://registry.yarnpkg.com/#[my-scope]/#[my-pacakge]/-/#[my-scope]/[my-package]-0.0.1.tgz: Request failed \"404 Not Found\"".
I simply followed the steps mentioned in the installation instructions in GCP but somehow it's not working.
I encountered a similar issue in this post: Can't install a scoped package I published to a npm registry in GCP but this not the exact error I get.
I would appreciate any help regarding this issue.
Thanks in advance!
I just had this problem for a couple of days and the solution is simple, DO NOT USE YARN when publishing. That's it.
I don't know which part of yarn causes this but basically it ignores .npmrc resulting in the tarball to point to the wrong repository, you can check it if you run yarn info. So when publishing to GCP artifact registry one should use npm publish instead.
In both setting up authentication for npm and Managing Node.js packages, Obtaining an access token section the command used is
npx google-artifactregistry-auth
In the same section there is a note that explains how to add flags if you need to change the path of the .npmrc file.
Note: If you need to store your repository settings and credentials in .npmrc files other than the defaults, you can run the credential helper with additional flags.
--repo-config is the .npmrc file with your repository settings. If you don't specify this flag, the default location is the current directory.
--credential-config is the path to the .npmrc file where you want to write the access token. The default is your user .npmrc file.
Instead of:
npx google-artifactregistry-auth ./.npmrc
It could be written as
npx google-artifactregistry-auth --repo-config=pathto/.npmrc --credential-config=pathto/.npmrc
If you are not sure where your file is you can run npm config ls -l | grep config as explained here
Also check you are specifying the correct .npmrc path if it is different than the default registry as shown in Configuring npm and confirm you are trying to install a package from the Node.js package repository with the correct scope, package, tag or version to be completely explicit.
I would like to install repos to a parent repo and specify by branch name.
I have tried the following:
npm install username/repo#branchName --save
npm install username/repo#branchName --save
npm install username/repo#tag --save
npm install username/repo#tag --save
I'm getting an error that says:
Could not install from {theRepoWithBranch} as it does not contain a package.json file.
The repo definitely contains a package.json file.
I'm wondering if this is a permissions issue given I'm using an enterprise npm registry.
npm/npm issue 19788 does mention:
Currently, npm does not support installation of modules from git services hosted on private domain names.
That includes both Github for Enterprise on custom domains as well as instances of gitlab, gitea, gogs, bitbucket and many others, basically anything hosted on a custom domain name.
With the comment:
So, obviously you reference installing via an http(s):// URL directly, but just as an fyi, our GitLab Enterprise instance allows us to install using a slightly different format.
We have 2FA enabled, so it requires SSH to be used.
From the docs.
npm install <git-host>:<git-user>/<repo-name>
npm install <git repo url>
We were able to actually install our repos like this:
npm install git+ssh://git#gitlab.mydomain.com:user/repo.git
So this is more a URL format combined with permission issue.
Regarding the branch, as seen here, your syntax is correct.
And:
if I prepend git+ on the HTTPS URL it works (I run gitea which accepts basic auth)
See also npm/hosted-git-info PR 30
I want to do something like this:
Create an npm package. Basically, a common code which I want to use for all of my projects. Which I created.
But now What I want is, Every time I commit something in git for this project, Jenkins should build it with updated alpha/beta version and should publish to my own artifactory.
Your Jenkins job can be configured to be triggered by a webhook, which would take care of the first part (every time I commit). Depending on which Git server you're using you can find a lot of tutorials how to do that:
For GitHub
For GitLab
For Gogs
please note this is just a random selection of tutorials how to set up the webhook triggers to work with Git servers and by no means an exhaustive list
To publish your package to JFrog Artifactory you can either use the Jenkins Artifactory Plugin, or use the NPM command line. If you want to use the npm command line, you'll need to authenticate first:
# setting the default registry to Artifactory
npm config set registry http://<ARTIFACTORY_SERVER_DOMAIN>:8081/artifactory/api/npm/npm-repo/
# log in
npm login
alternatively you can get a .npmrc file directly from Artifactory using:
curl -u admin:<CREDENTIAL> http://<ARTIFACTORY_SERVER_DOMAIN>:8081/artifactory/api/npm/auth
After that, there are two ways you can push your package to Artifactory:
Edit your package.json file and add a publishConfig section to a local repository: "publishConfig":{"registry":"http://localhost:8081/artifactory/api/npm/npm-repo/"}
Provide a local repository to the npm publish command: npm publish --registry http://localhost:8081/artifactory/api/npm/npm-repo/
For a company project, I'd like to set up a private npm registry using Artifactory or Nexus, so packages can be shared with everyone without publishing them on https://registry.npmjs.org/
In maven I would set up a release and a snapshot repo. For resolving I would put them in a group alongside a proxy of maven central.
How does a setup for npm look like? npm's semver is able to differentiate release and prerelease, but I assume that routing them to different registries could be quite a difficult task.
On the other hand one might want to be able to have control over what gets pushed to the "release registry", implementing permissions accordingly. For this you would have to use a "prerelease" and a "release" registy.
according this link. How to set up a free private npm registry… for Windows
you can use the Verdaccio.follow this:
Download the ‘Current’ version of NodeJS .
Install Python. Open Powershell as an Admin and run
npm i -g --production windows-build-tools
then Run
npm i -g node-gyp.
Get the Python.exe file path.
Verify where Python was installed, typically it is stored in the following folder
C:\Users\user-name.windows-build-tools\python27
copy the path + \python.exe.
Add a new Environment Variable.
open the File Explorer and right-click on Computer and select Properties.
Select Advanced system settings and then select Environment Variables.
If PYTHON is not listed under System Variables select New.
Add PYTHON as the variable name and the saved path from Step 3 as the variable value -> Select OK.
Installing / Configure Verdaccio
Open up a command prompt and run npm i -g verdaccio.
Verify the install for Verdaccio was successful.
Open up a new command prompt and run verdaccio You should see the following output.
Open up your favorite browser to localhost:4873
more info:
www.verdaccio.org/docs/en/installation
www.npmjs.com/package/verdaccio
I hope is useful.
If I understood you correctly you would like to have the ability to have a "release" and "snapshot" repository for NPM same as you have now for Maven.
If this is indeed the case then what you can do in Artifactory is to set 2 repositories, one for the "prerelease" and another one for the "release" and aggregate both under one virtual NPM repository. As you mentioned you can have a different set of permissions for each repository and therefore control who can deploy/resolve dependencies and also have the ability to move artifacts from one another.
Hope that answers your question.
In terms of how to do this in Nexus Repository if you really need to, I'd suggest setting up:
npm-release (npm hosted)
npm-prerelease (npm hosted)
npm-all (npm group)
Make the group include both members (so you can install using one URL), and then in your build script or whatever you are using to publish into Nexus Repository, just use the --registry flag to specify which repository you want to publish in to, something akin to this for a "release":
npm publish --registry http://localhost:8081/repository/npm-release/
And this for a "prerelease":
npm publish --registry http://localhost:8081/repository/npm-prerelease/
Here are the npm docs for Nexus Repository 3.x if you need some more help: https://books.sonatype.com/nexus-book/reference3/npm.html