Nexus npm private registry configuration - npm

I am using Nexus Repository ManagerOSS 3.0.2-0, I have successfully created npm hosted repository, but when I click on the link it always says 400 bad request.
And also through command line am not able to perform npm adduser pointing to this registry .
Any idea what am doing wrong?

The link in the UI is non functional, it's there to copy for use in setting up tooling, the 400 is expected behavior at this point in time.
As for npm adduser, I believe this should work. Make sure to have the npm Bearer Token Realm enabled.
You can read more about enabling it here: https://books.sonatype.com/nexus-book/reference3/npm.html#_authentication_using_realm_and_login

Related

Setting Nexus auth token from the commandline

I figured this would be a problem that has been solved a million times over, but I just can't find the solution. I wish to setup my Java Maven project to install Angular dependencies from my private Nexus server. I use the frontend-maven-plugin to install a new npm every time, so the configuration must be available for that npm for it to work.
I know I can add the following to my .npmrc file and it works:
registry = http://nexus.global.dns/repository/npm-all/
_authToken = NpmToken.xxx
always-auth = true
The problem I have with this solution is that the auth token gets checked into git and that I have to remove it every time I work outside of my network, where I do not have access to the nexus server. This happens for example when I am developing something for the frontend away from home as my nexus server is not on the cloud. So I wish for nexus to be used only by my jenkins pipelines which will use the frontend-maven-plugin.
I figured I would set the registry the commandline way but that is proving to be a challenge. In my frontend-maven-plugin I have set up executions that run the following lines:
npm set registry http://nexus.global.dns/repository/npm-all/
npm //nexus.global.dns/:_authToken=${NEXUS_NPM_AUTH_TOKEN}
npm install --no-package-lock
This returns a 401 error as it is not able to authenticate: Unable to authenticate, need: BASIC realm="Sonatype Nexus Repository Manager"
My next attempt was to remove the explicit mention of the repository I want to use from Nexus, because maybe it can figure out which one it should use:
npm set registry http://nexus.global.dns
npm //nexus.global.dns/:_authToken=${NEXUS_NPM_AUTH_TOKEN}
npm install --no-package-lock
Authentication now seemingly works, but it is trying to pull the dependencies from http://nexus.global.dns as expected. I get the following error: 404 Not Found - GET http://nexus.global.dns/#angular-builders%2fjest
If I navigate to http://nexus.global.dns/repository/npm-all/#angular-builders%2fjest instead I do get the dependency's package.json as a response.
Clearly the registry should be http://nexus.global.dns/repository/npm-all/ but I can't get authentication to work with the command line. I have also tried:
npm //nexus.global.dns/repository/npm-all/:_authToken=${NEXUS_NPM_AUTH_TOKEN}
but this does not work either. How do I set the auth token for my Nexus private server through the command line?

registry.npmjs.com cannot be reached

It's first time I'm trying to use Actions in GitHub to load a package on npm.
My workflow gets error because of:
npm ERR! code E404
npm ERR! 404 Not Found - PUT https://registry.npmjs.org/github-custom-module - Not found
npm ERR! 404
I noticed that also trying to reach out by browse bar https://registry.npmjs.com/ or http://registry.npmjs.com/ and it responds something like:
{"db_name":"registry","engine":"couch_bt_engine","doc_count":2594600,"doc_del_count":334,"update_seq":12737068,"purge_seq":0,"compact_running":false,"sizes":{"active":52390186030,"external":150891609029,"file":52550172912},"disk_size":52550172912,"data_size":52390186030,"other":{"data_size":150891609029},"instance_start_time":"1640854262658073","disk_format_version":7,"committed_update_seq":12737068,"compacted_seq":12733464,"uuid":"d8db915449574fe1dbb729e34426a075"}
just wondering if someone got in trouble for the same reason and eventually how to fix it!
Thank you very much!
Since your npm package is in a private repo, your Github action may not have access to it. There are two approaches to solving this ->
The easy way
You can use a read only access token in the dependency list in the package.json file to install the packages. This will require changing the code base but it trivializes the CI part. Bear in mind that if the token expires or is deleted your builds will start failing.
The not so easy way
The other way is to again create an access token for the npm registry and then
adding it to the Github Secrets instead. So lets say we store it in
NPM_TOKEN then in your action file you could simply add this to the env
steps:
- run: |
npm install
- env:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
You also need to create a .npmrc file in the root of your project with a single line using the env variable to set the auth token.
//registry.npmjs.org/:_authToken=${NPM_TOKEN}
The npm cli will replace the value from the environment in so your secrets are safe !

Verdaccio: how to publish to custom server from Github Actions with proper credentials?

I have a working verdaccio server hosted on a google cloud server. I am able manually publish to it, but am struggling to create a GitHub Action to publish to it when I push to master branch.
I have a script that works perfectly when publishing to npmjs public repo. Here is the relevant part that works for npmjs.org
- name: Publish to npm
if: steps.semantic.outputs.new_release_published == 'true'
run: |
yarn install
git checkout upm
npm publish
env:
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
Now, for my own server, I have included the following addition in package.json:
"publishConfig": {
"registry": "http://my.ip.0.0:port"
},
And then in the repositories secrets, I have created an NPM_TOKEN secret with my user's token copied from my computer's .npmrc file after logging in.
I'm getting the following error from the Github Actions result:
npm ERR! code E401
npm ERR! Unable to authenticate, your authentication token seems to be invalid.
npm ERR! To correct this please trying logging in again with:
npm ERR! npm login
So I'm clearly not authenticating properly.
I tried (on the server's cli) using npm token create but it gave me an unauthorized error, and I tried the same on my computer locally after logging in too, and got the same error.
How can I authenticate my Github Actions publish to my custom Verdaccio server? I'm pretty new to this whole CI business, so I suspect I'm missing something quite basic. I suspect I'm doing it wrong using NPM_TOKEN, but it worked fine to publish to npmjs.org public repo.
Again, I can manually publish using npm publish from the terminal on my Mac (after logging into custom server with npm login), so I know that the server is set up properly.
After much googling, I found a solution from this tutorial https://remysharp.com/2015/10/26/using-travis-with-private-npm-deps
It's not written for GitHub Actions but the same procedure worked.
First, you need to login to your private server from your computer. In your home folder look at the .npmrc file (turn on show hidden files).
add this line to the yaml action file:
echo "//YOURREGISTRYADDRESS/:_authToken=\${NODE_AUTH_TOKEN}" > .npmrc
Note that it should actually be NODE_AUTH_TOKEN, NOT your actual token.
The part in the quotes should mostly match the entry in your .npmrc file (without the token).
So now it looks like this
- name: Publish to npm
if: steps.semantic.outputs.new_release_published == 'true'
run: |
yarn install
git checkout upm
echo "//YOURREGISTRYADDRESS/:_authToken=\${NODE_AUTH_TOKEN}" > .npmrc
npm publish
env:
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
Then in the Settings -> Secrets part of your GitHub repo, add a secret called NPM_TOKEN and paste in the auth token value from the .npmrc. It's a long series of letters and numbers.
Now this script should properly log in. Apparently the issue is that the default Verdaccio authorization plugin expects it to be used interactively. This line basically creates an .npmrc file on the fly and populates it with the correct info, as if you've already logged in interactively. The file isn't actually created though, and disappears after running, which is a nice touch. It also is pretty secure since it stores the token in the secrets part of the repo. The link above does a better job explaining it, so check it out!

ERROr: **npm ERR! Unexpected token < in JSON at position 0 while parsing near '<!DOCTYPE HTML PUBLI...'**

Image I am cloning the sitecore Habitat project to my local machine.
After cloning while running npm install, I am getting this error. I tired in all possible ways from the stack overflow answers, but did not succeed with answers still its showing errors, if anyone known about this please let me know.
ERROr: **npm ERR! Unexpected token < in JSON at position 0 while parsing near '<!DOCTYPE HTML PUBLI...'**
Just delete
package-lock.json file
It works for me.
I getting error like:
I found this solution in another question and worked for me after I set the registry like this:
npm set registry https://registry.npmjs.org/
Setting npm Registery worked for me
npm set registry https://registry.npmjs.org/
This error means there is a proxy in the middle which is denying you access to the Internet.
The error comes from the HTML page that is rendered from the proxy.
You need to check with your network administration to either allow the connection through (an exception), or you have to configure the variable HTTP_PROXY in your environment, which is like this:
http://username:password#proxy.server.com:port
Having tested npm install in several repos with the same error I ran npm cache clean --force and tried again. This is not as severe a solution as deleting all traces of node and reinstalling from the ground up.
I use an npm registry hosted at work for internal npm packages so couldn't change the registry source.
yes , its happned due to proxy setting, if this problem occurs, please check your proxy setting, in my case npm was getting blocked, You need to check with your network administration to either allow the connection through (an exception), or you have to configure the variable HTTP_PROXY in your environment
You need to check all required npm config setup like:
https-proxy=https://username:password#accessdomain:port/
proxy=http://username:password#accessdomain:port
registry=https://registry.npmjs.org/
//If required also add
msbuild_path=C:\Program Files\Microsoft Visual Studio\2022\Community\Msbuild\Current\Bin\MSBuild.exe
I was getting the same issue. I had un-installed NodeJs and deleted folders npm and npm-cache from Users\username\Appdata\Roaming folder and installed it.
Then set config registry by using command terminal as.
npm config set registry https://registry.npmjs.org/
To give an actual description of the problem and solution:
This happens when the URL set as your npm registry is incorrect (or as others have mentioned, a proxy has got in the way). Either way, you end up trying to download a package from an endpoint displaying HTML, which npm fails to parse as JSON (as one would expect).
You can view the URL for your npm config with
npm config get registry, and set it with npm config set registry https://my.registry.com/ (or https://registry.npmjs.org/ for the public registry)
I tried everything mentioned here. Nothing worked. Then I moved jsonwebtoken dependency to the bottom of package.json ( Below my registy specific dependencies ).
Then it worked!
Spent 6 hours in fixing this. I feel so small now.

401 on npm whoami when copying _authToken in .npmrc

As stated to provide npm authentication for deployment, I tried copying my .npmrc file containing the //registry.npmjs.org/:_authToken=00000000-0000-0000-0000-000000000000 line.
However, when I try npm whoami I get a 401, and npm install on my private modules also doesn't work.
I tried running npm login after on the same machine and everything worked. Then I changed the _authToken back to the original one that was failing, rather than the newly created one. It still worked after doing this. So clearly there is something going on with auth more than just the token. Does NPM keep track of authorized IPs or something else I'm unaware of? I'm trying to setup my deployment to be able to access my private repos.