Context
My .npmrc file seems to be correctly read (checked with npm config ls -l both from command line and from Maven build).
the machine on which npm is run cannot connect directly to the net, it can only connect to a Nexus npm registry url. Therefore, proxy properties proxy and https-proxy are not set.
As access to Nexus is restricted, I have generated an access token from within Nexus.
Nexus security tokens are made from a username and a password which both contain characters such as / which usually have to be "url encoded"
as expected, with this configuration, when running npm install detects no proxy.
Nexus npm registry proxy seems to be correctly set (I can both access json files and download tgz files using a web browser after having connected using the token generated)
If I set registry to http://registry.npmjs.org/ and comment _auth, email, always-auth, strict-ssl properties, and add proxy and https-proxy configuration, npm install works as expected (but I won't be able to do it on target environment)
Content of .npmrc file
; Nexus proxy registry pointing to http://registry.npmjs.org/
registry = https://<host>/nexus/content/repositories/npmjs-registry/
; base64 encoded authentication token
_auth = <see question below>
; required by Nexus
email = <valid email>
; force auth to be used for GET requests
always-auth = true
; we don't want to put certificates in .npmrc
strict-ssl = false
loglevel = silly
Question
How should I generate the _auth property properly in order to have npm install work as expected?
I tried so far
base64Encode(<username>:<password>)
results in npm info retry will retry, error on last attempt: Error: socket hang up
base64Encode(urlencode(<username>:<password>))
results in npm info retry will retry, error on last attempt: Error: This request requires auth credentials. Run `npm login` and repeat the request.
base64Encode(urlencode(<username>):urlencode(<password>))
results in npm info retry will retry, error on last attempt: Error: socket hang up
When getting the socket hang up error I have the following stack trace:
http request GET https://<host>/nexus/content/repositories/npmjs-registry/fsevents
sill fetchPackageMetaData Error: socket hang up
sill fetchPackageMetaData at TLSSocket.onHangUp (_tls_wrap.js:1035:19)
sill fetchPackageMetaData at TLSSocket.g (events.js:260:16)
sill fetchPackageMetaData at emitNone (events.js:72:20)
sill fetchPackageMetaData at TLSSocket.emit (events.js:166:7)
sill fetchPackageMetaData at endReadableNT (_stream_readable.js:905:12)
sill fetchPackageMetaData at doNTCallback2 (node.js:441:9)
sill fetchPackageMetaData at process._tickCallback (node.js:355:17)
sill fetchPackageMetaData error for fsevents#^1.0.0 { [Error: socket hang up] code: 'ECONNRESET' }
WARN install Couldn't install optional dependency: socket hang up
verb install Error: socket hang up
verb install at TLSSocket.onHangUp (_tls_wrap.js:1035:19)
verb install at TLSSocket.g (events.js:260:16)
verb install at emitNone (events.js:72:20)
verb install at TLSSocket.emit (events.js:166:7)
verb install at endReadableNT (_stream_readable.js:905:12)
verb install at doNTCallback2 (node.js:441:9)
verb install at process._tickCallback (node.js:355:17)
When getting the This request requires auth credentials error I have the following stack trace:
npm sill fetchPackageMetaData Error: This request requires auth credentials. Run `npm login` and repeat the request.
npm sill fetchPackageMetaData at CachingRegistryClient.authify (<root>\ui\target\node\node_modules\npm\node_modules\npm-registry-client\lib\authify.js:17:14)
npm sill fetchPackageMetaData at CachingRegistryClient.makeRequest (<root>\ui\target\node\node_modules\npm\node_modules\npm-registry-client\lib\request.js:103:17)
npm sill fetchPackageMetaData at <root>\ui\target\node\node_modules\npm\node_modules\npm-registry-client\lib\request.js:66:17
npm sill fetchPackageMetaData at RetryOperation._fn (<root>\ui\target\node\node_modules\npm\node_modules\npm-registry-client\lib\attempt.js:18:5)
npm sill fetchPackageMetaData at null._onTimeout (<root>\ui\target\node\node_modules\npm\node_modules\retry\lib\retry_operation.js:49:10)
npm sill fetchPackageMetaData at Timer.listOnTimeout (timers.js:92:15)
npm sill fetchPackageMetaData error for fsevents#^1.0.0 [Error: This request requires auth credentials. Run `npm login` and repeat the request.]
npm WARN install Couldn't install optional dependency: This request requires auth credentials. Run `npm login` and repeat the request.
npm verb install Error: This request requires auth credentials. Run `npm login` and repeat the request.
npm verb install at CachingRegistryClient.authify (<root>\ui\target\node\node_modules\npm\node_modules\npm-registry-client\lib\authify.js:17:14)
npm verb install at CachingRegistryClient.makeRequest (<root>\ui\target\node\node_modules\npm\node_modules\npm-registry-client\lib\request.js:103:17)
npm verb install at <root>\ui\target\node\node_modules\npm\node_modules\npm-registry-client\lib\request.js:66:17
npm verb install at RetryOperation._fn (<root>\ui\target\node\node_modules\npm\node_modules\npm-registry-client\lib\attempt.js:18:5)
npm verb install at null._onTimeout (<root>\ui\target\node\node_modules\npm\node_modules\retry\lib\retry_operation.js:49:10)
npm verb install at Timer.listOnTimeout (timers.js:92:15)
Sources: https://help.sonatype.com/repomanager3/nexus-repository-administration/formats/npm-registry/npm-security
& https://help.sonatype.com/repomanager3/nexus-repository-administration/formats/npm-registry/publishing-npm-packages
Configure registry (its important doing this before configuring the authentication in step 2, because the authentication settings will be based on the registry):
npm config set registry="http://localhost:8081/repository/npm-internal/"
Configure authentication using a line like the following example:
npm config set _auth="$(echo -n 'username:password' | base64)"
Check the current configuration using the following:
npm config ls
Publish your npm package:
npm publish --registry http://localhost:8081/repository/npm-internal/
If you have authorization token you should not use username:password.
I suggest you:
Generate token
Delete your ~/.npmrc or rename it.
Make sure your env settings like $NPM_CONFIG_* are unset.
Verify that email and other settings are unset by using: npm config list
Log into the npm using: npm login --registry=https://nexus.whatever.registry/respository/npm-whatever-group/
Once you are logged - you are logged. The npm should generate a token for it in your ~/.npmrc. It will look like:
//nexus.whatever.registry/respository/npm-whatever-group/:_authToken=NpmToken.YOUR-LOVELY-TOKEN-IN-HEX
You can use that token in your project, CI pipeline, and other ones. Make sure in your project .npmrc there is:
//nexus.whatever.registry/respository/npm-whatever-group/:_authToken=NpmToken.YOUR-LOVELY-TOKEN-IN-HEX
email = <EMAIL_USED_FOR_TOKEN_GENERATION>
always-auth = true
registry = https://nexus.whatever.registry/respository/npm-whatever-group/
If you have problems with authentication/certs:
add env variable (also to your CI/CD pipline)
$NODE_EXTRA_CA_CERTS to point to /home/wherever/is/your/cert.pem
For CI/CD pipelines (like gitlabs or jenikins):
consider replacing actual values from your .npmrc project file with ${RELEVANT_ENV_VARIABLES}. This way you will make them less visible and always self-updating on change of pipline.
Hope this help.
After having looked at registry-client code I found the answer, here it is. I post it as it may help other people:
base64Encode(<username>:<password>)
By the way, there is an URL encoding, but it's authify.js that takes care of it.
The "socket hang up" problem I'm facing is due to the fact that if a proxy is set in Windows configuration, when launching npm from CLI (and not from a Maven build) all ```.npmrc`` proxy settings seem to be ignored while native proxy exclusions (for corporate urls) are ignored by npm. I'll open a ticket to report this weird behavior.
Before you run npm login, please follow the instructions below :
1) Create an ~/.npmrc file with the following contents:
registry=https://example.com/repository/npm-group/
email=username#example.com
always-auth=true
//example.com/repository/npm-group/:_authToken=
2) run `npm login`
# npm login
Username: firstname.lastname
Password:
Email: (this IS public) firstname.lastname#example.com
Logged in as firstname,lastname on https://example.com/repository/npm-group/.
Use the same password you use to login to example.com
I don't know about Nexus, but we use artifactory as an npm repo, and there I can create my auth token by calling base64encode(username:encryptedPassword) with encryptedPassword being the one I get from my personal artifactory profile.
Maybe this helps.
I just wrote a wrapper that stores the credentials in your systems keychain and provides them on the fly. Check out: https://github.com/Xiphe/npm_keychain_auth
Related
I published several npm packages to a private npm registry hosted in GCP and I can see all versions in the registry. Yet I can't download the package since the install command throws an E404.
NPM throws a generic 404 Error when trying to download the page:
npm ERR! code E404
npm ERR! 404 Not Found - GET https://europe-north1-npm.pkg.dev/[Project]/#[scope]/[packagename]/-/#[scope]/[packagename]-0.1.0.tgz
npm ERR! 404
npm ERR! 404 '#[scope]/[packagename]#https://europe-north1-npm.pkg.dev/[Project]/#[scope]/[packagename]/-/#[scope]/[packagename]-0.1.0.tgz' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
Opening the url that is tring to resolve returns this error:
{"error":"Permission \"artifactregistry.repositories.downloadArtifacts\" denied on resource \"projects/[Project]/locations/europe-north1/repositories/#[scope]\" (or it may not exist)"}
{"error":"Unmatched scope name: \"\" != \"#[scope]\""}
Additonally, I checked and my account does in fact have to downloadArtifacts role.
I can't figure out why it's unable to resolve the URL since with the same config I'm able to both publish and even run npm view the package.
I've tried creating brand new packages, specifying a version, resetting the auth token and yet for some reason I'm still unable to download packages.
If it helps, my current .npmrc file looks like this:
registry:https://registry.npmjs.org/=true
#[scope]:registry=https://europe-north1-npm.pkg.dev/[project]/[repo name]/
//europe-north1-npm.pkg.dev/[project]/[repo name]/:_authToken=[gcp auth token]
//europe-north1-npm.pkg.dev/[project]/[repo name]/:always-auth=true
//registry.npmjs.org/:_authToken=[npm auth token]
Turns out this was not a GCP specific issue, but a Yarn Berry issue when publishing to GCP.
The tarballURL that is being generated uses a truncated registry URL which is why i was getting a 404 when trying to install the package.
A fix for this was proposed here.
https://github.com/yarnpkg/berry/pull/3513
I had an error similar to this one.
I did the entire repository creation process and created a new project to test the package.
When I tried npm install my-package I got a 404 error.
After some tests I discovered that I need the .npmrc file also in the project that will consume the package. It may seem kind of obvious to some people but I didn't know.
Add the returned configuration settings to the .npmrc configuration file in your Node.js projects. This file is usually in the same directory as package.json.
Make sure that you include these settings in Node.js projects for packages that you publish as well as projects that will install dependencies from your npm repository.
Set up authentication for npm
I have a (test) npm package named #myScope/test which I want to publish into a private gitlab registry within a gitlab project whose address is
https://gitlab.<something>/myId/test-npm-registry/
with ID 9630
First, I'm a bit confused with npm login and .npmrc. If I understand correctly, answers given to npm login end-up as a couple of lines into .npmrc, is that right?
So essentially, to instruct npm about authenticating to a registry, one can either:
manually edit .npmrc
use npm config set
use npm login
Based on what I read on the gitlab help, I've inserted the following lines into my .npmrc:
#myScope:registry=https://gitlab.<something>/api/v4/projects/9630/packages/npm/
'//gitlab.<something>/api/v4/projects/9630/packages/npm/:_authToken'="${GITLAB_AUTH_TOKEN}"
Note: I had to use the project ID, having issues with the url format.
I have also added the following bit into the package.json :
publishConfig":{
"#myScope:registry": "https://gitlab.<something>/api/v4/projects/9630/packages/npm/"
}
Finally, I've created a token in gitlab, with "api, read_api, read_registry, write_registry" rights and I have assigned the token to the GITLAB_AUTH_TOKEN variable:
GITLAB_AUTH_TOKEN="xk4L7xxvzHuykyKawxQZ"
When I do npm publish I'm getting the following message :
npm ERR! code E401
npm ERR! 401 Unauthorized - PUT https://gitlab.<something>/api/v4/projects/9630/packages/npm/#myScope%2ftest-npm-registry
npm ERR! A complete log of this run can be found in:
The logs doesn't help, nor does the verbose mode. Also, I'm not getting if I have to perform an explicit npm login or if the configuration in the .npmrc (with the token) should do the trick. I actually cannot do npm login because the username has an # character in it and npm refuses it.
Any ideas ?
I've created a private NPM repository on Bintray. I've added the necessary authentication credentials to ~/.npmrc by running
curl -u BINTRAY_USER:BINTRAY_API_TOKEN
https://api.bintray.com/npm/my-company/npm/auth/scope/my-company > ~/.npmrc
I've successfully deployed version 1.0.0 of a package named foo to this NPM repo, and have added it as a dependency to another project's `package.json
"dependencies": {
"#my-company/foo": "1.0.0"
}
But when I run npm install in this project, I get a 404 error
npm ERR! code E401
npm ERR! 401 Unauthorized: #my-company/foo#1.0.0
I can see that version 1.0.0 of foo has deployed when I login to the Bintray app, so why is resolution failing?
401 Unauthorized error usually occurs when wrong user id or credentials use.
it could be cache issue anyhow you can try run npm cache clean first and then re-run npm install or you can try with npm install -verbose which will show more information.
For the reference, the following .npmrc file works:
#my-company:registry=api.bintray.com/npm/my-company/npm
//api.bintray.com/npm/my-company/npm/:_authToken=BINTRAY_API_TOKEN
//api.bintray.com/npm/my-companyl/npm/:username=my.username
//api.bintray.com/npm/my-company/npm/:email=my#email.com
//api.bintray.com/npm/my-company/npm/:always-auth=true
Of the several 405 related Questions posted here, none apply to my issue.
Here is the command I issued from Windows 7 on my Desktop PC:
npm install express
Here is the Error message:
npm ERR! code E405
npm ERR! 405 Method Not Allowed: express#latest
npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\mr9832\AppData\Roaming\npm-cache\_logs\2018-02-21T20_36_09_581Z-debug.log
Here is the verbose Error Log mentioned above
C:\Users\mr9832\AppData\Roaming\npm-cache_logs\2018-02-21T20_36_09_581Z-debug.log
How can I fix it?
This answer is probably a little bit too late, but I had the same problem. I fixed it by putting following settings in the npm config (located in %USERDATA%/.npmrc):
strict-ssl=false
registry=http://registry.npmjs.org
It requests the packages over plain http instead of the secure https.
Use these commands:
npm config set proxy http://username:password#host:port
npm config set https-proxy http://username:password#host:port
Or you may edit the ~/.npmrc file:
proxy=http://username:password#host:port
https-proxy=http://username:password#host:port
https_proxy=http://username:password#host:port
I had the same problem, turns out the proxy and/or https-proxy config pointed to the wrong proxy server.
The following commands set the proxy to the correct address:
npm config set https-proxy http://127.0.0.1:3128
npm config set proxy http://127.0.0.1:3128
I have installed npm on windows and tried to use it with the company Nexus.
To do that I created the ~/.npmrc
registry = https://mycompany/nexus/content/groups/npm-all/
Then, I set up npm and tried to download a library, but npm throws an error:
C:\git-repos\my-npm_module>npm --loglevel info install grunt
npm info it worked if it ends with ok
npm info using npm#2.15.9
npm info using node#v4.5.0
npm WARN package.json self-service-portal#1.0.0 No README data
npm info addNameTag [ 'grunt', 'latest' ]
npm info attempt registry request try #1 at 09:39:42
npm http request GET https://mycompany/nexus/content/groups/npm-all/grunt
npm info retry will retry, error on last attempt: Error: unable to get local issuer certificate
npm info attempt registry request try #2 at 09:39:52
npm http request GET https://mycompany/nexus/content/groups/npm-all/grunt
npm info retry will retry, error on last attempt: Error: unable to get local issuer certificate
How to use npm behing an SSL Nexus registry?
The solution to my problem was to add the strict-ssl false parameter and ca to empty in .npmrc file
registry = https://mycompany/nexus/content/groups/npm-all/
ca=
strict-ssl=false