Bluemix node buildpack and modules in private repos - npm

My node.js app uses a number of private shared modules hosted in git repos. I use git URLs like below in the dependencies block in package.json:
"xxx-accountMgr": "git+ssh://git#github.xxx.ibm.com:xxx/lib-account-mgr.git",
when "cf push" this errors during npm install on ssh:
npm ERR! git clone --template=/home/vcap/.npm/_git-remotes/_templates --mirror ssh://git#github.xxx.ibm.com/ipaas/lib-account-mgr.git /home/vcap/.npm/_git-remotes/ssh-git-github-xxx-ibm-com-xxx-lib-account-mgr-git-bf65c10c: ssh: Could not resolve hostname github.xxx.ibm.com: Name or service not known
i expected this as I haven't configured the ssh key in bluemix. is that possible? if not, what's the alternative to install modules from a private repo in bluemix?

If you are downloading a private module hosted on Git, you should be able to use https protocol (with creds) to access it.
There is a trick that could help avoid this issue if that is not an option for you:
1) Package private modules with your application (in node_modules)
2) Move the private modules to devDependencies in package.json, rather than dependencies, so that your local dev workflow is unaffected.
npm install will install dependencies and devDependencies. By
default, Bluemix will only install dependencies
Step 2 is necessary because even if you package the private node_modules with your application, staging for your application will fail because npm still tries to access your private repo to validate the dependency.
Also, if you had a .cfignore file ignoring the entire node_modules directory, that would have to be changed to ignore only the public modules.

If the private repo requires Github authentication to access the shared mdoules, Bluemix won't be able to access them. You can use a command such as git clone https://github.com/repo/etc but that will require the files to be accessible without authentication.
An alternative could be to manual install the files in your repo prior to using cf push so they are available. This is not a great solution but it will solve the problem in the short term.

The problem here is that Bluemix cannot reach back into the corporate network which is apparently where your github repo lives.
It has nothing to do with authentication, although what the others say here is accurate for publically accessible git repositories

This is a workaround what works for me is to use npmjs private modules. On one hand it will work and on the other hand it is really easy to manange versions, and reuse code. Of course you'll need to make some minor changes, but is totally worth it.
Upgrade your npmjs account to use private modules: https://www.npmjs.com/private-modules
On your computer log in to npmjs:
npm login
Publish your modules
Copy your npmrc file to your project:
cp ~/.npmrc /path/to/your/project
npm install your_module --save
Enjoy!
Be aware that if you ever change your password the token inside .npmrc will be revocated.
The token is not derived from your password password, but changing
your password will invalidate all tokens. The token will be valid
until the password is changed. You can also invalidate a single token
by logging out on a machine that is logged in with that token.
Source: https://docs.npmjs.com/private-modules/ci-server-config#checking-in-your-npmrc

You can also use cfnpm module (https://www.npmjs.com/package/cfnpm) it is designed to deal with private package in cliud foundry

Related

Setting Nexus auth token from the commandline

I figured this would be a problem that has been solved a million times over, but I just can't find the solution. I wish to setup my Java Maven project to install Angular dependencies from my private Nexus server. I use the frontend-maven-plugin to install a new npm every time, so the configuration must be available for that npm for it to work.
I know I can add the following to my .npmrc file and it works:
registry = http://nexus.global.dns/repository/npm-all/
_authToken = NpmToken.xxx
always-auth = true
The problem I have with this solution is that the auth token gets checked into git and that I have to remove it every time I work outside of my network, where I do not have access to the nexus server. This happens for example when I am developing something for the frontend away from home as my nexus server is not on the cloud. So I wish for nexus to be used only by my jenkins pipelines which will use the frontend-maven-plugin.
I figured I would set the registry the commandline way but that is proving to be a challenge. In my frontend-maven-plugin I have set up executions that run the following lines:
npm set registry http://nexus.global.dns/repository/npm-all/
npm //nexus.global.dns/:_authToken=${NEXUS_NPM_AUTH_TOKEN}
npm install --no-package-lock
This returns a 401 error as it is not able to authenticate: Unable to authenticate, need: BASIC realm="Sonatype Nexus Repository Manager"
My next attempt was to remove the explicit mention of the repository I want to use from Nexus, because maybe it can figure out which one it should use:
npm set registry http://nexus.global.dns
npm //nexus.global.dns/:_authToken=${NEXUS_NPM_AUTH_TOKEN}
npm install --no-package-lock
Authentication now seemingly works, but it is trying to pull the dependencies from http://nexus.global.dns as expected. I get the following error: 404 Not Found - GET http://nexus.global.dns/#angular-builders%2fjest
If I navigate to http://nexus.global.dns/repository/npm-all/#angular-builders%2fjest instead I do get the dependency's package.json as a response.
Clearly the registry should be http://nexus.global.dns/repository/npm-all/ but I can't get authentication to work with the command line. I have also tried:
npm //nexus.global.dns/repository/npm-all/:_authToken=${NEXUS_NPM_AUTH_TOKEN}
but this does not work either. How do I set the auth token for my Nexus private server through the command line?

Why can't I publish this specific package to a private NPM registry hosted by Verdaccio?

I'm using Verdaccio to host a private NPM registry on a machine that doesn't have access to the internet. So far, I've successfully published thousands of packages to the registry. However, when trying to publish hoist-non-react-statics-3.3.2-latest.tgz, I get the following error: "This command requires you to be logged in. You need to authorize this machine using 'npm adduser'." The thing is, I have added myself as a user (which is why I've been able to publish so many packages already), and I've confirmed that I'm logged in via npm whoami. I've also done an npm logout and an npm login. I've also tried turning off user authentication in Verdaccio (https://verdaccio.org/docs/authentication/). Unfortunately, nothing I've tried is letting me publish this package to the registry. Any ideas?
After digging into node/lib/node_modules/npm/lib/publish.js, I realized the registry it's trying to use when checking that I'm authenticated was the public NPM registry, not my self-hosted registry. The solution was to remove these lines of code from hoist-non-react-statics's package.json file before publishing it: https://github.com/mridgway/hoist-non-react-statics/blob/master/package.json#L49-L51.

How to nicely include a private NPM dependency in a lerna workspace project?

To preface, the project is using lerna with yarn workspaces and we are pulling in an internal NPM package from our private npm registry (not hosted with npm).
I currently understand how .yarnrc and .npmrc files can authenticate to private registries but our current project has settings already changed in these files. A developer could add credentials in these files but then they cannot commit the file to github.
I was hoping to find a solution where a developer on the project can add the private registry credentials in a .env file and then auth with said credentials somehow in a hook before lerna runs "install"
My main goal was to make it easy to work with the project and not rely on having each developer run 'npm login' or some other commands besides just including the correct credentials in their .env file. This also makes it easy for CI/deployment pipelines.
Are there any specific lifecycle hooks that can run before install in a lerna package?

Installing private npm packages with an authentication key

I'm using Artifactory to pull npm packages. One of the packages that I use is stored privately and in order to access it the publisher gave me an authentication token.
I was asked to add //registry.npmjs.org/:_authToken=<private_token> to .npmrc, however my environment use Artifactory as a proxy for the public npm registry. How can I configure an authentication token geared specifically for the package?
You can use virtual repo concept of artifactory. You can upload the custom packages into your local repo and a common repo that will get the packages from the npm

How to use yarn with private npm registry in Sonatyoe Nexus OSS?

I ve setup the nexus oss 3 and it looks cool. All my projects are installed by using yarn because of the --pure-lockfile option.
Steps to reproduce the issue:
1. Setup nexus oss 3 with a private npm registry (as in documentation)
2. Disable anonymous access from nexus oss 3 admin panel
3. On a linux server with alpine try to yarn install --pure-lockfile (you must have a package that is hosted on the private repo in package.json)
4. Does not work, return 401 error
I tried everything but i could not manage to make yarn to login to get those packages.
If i use npm install, it works.
Can someone tell me how to make yarn work nexus oss3 using the setup from above?
If npm install is working, then you must have login credentials and repository correctly defined.
Open terminal and run npm login, give your username and password for nexus account. This will create a file ~/.npmrc. Open this file nano ~/.npmrc, output look like
//<repository>:_authToken=NpmToken.<token>
A dummy example:
//test.server.com/repository/npm-group/:_authToken=NpmToken.123456-12345-12345-tok-en0onum
Go to the project directory cd <project_dir>, create a new file .yarnrc, open it nano .yarnrc. Insert the following line, save and exit (Ctrl+O, Ctrl+X) it.
registry "<repository>"
Create another file .npmrc in the same directory <project_dir>. Open, add the following line, save and exsit.
registry=<repository>
always-auth=true
//<repository>:_authToken=NpmToken.<token>
Delete the .npmrc at home directory rm ~/.npmrc.
Now you can download node_modules with yarn or yarn install.
I had same issue with nexus 3 and use this configuration on my .npmrc file:
registry=https://your.nexus.com/repository/some-npm/
always-auth=true
/* basic-auth-token: your user:password in base64 */
_auth=<basic-auth-token>
Hope this help you!
The fact that your requests returns 401 (Unauthorized) means that you should supply credentials when connecting to Nexus.
It is far from being a nice solution but I got it working using
yarn set registry https://user:pwd#your.nexus.host/nexus3/repository/npmjs/
I use yarn 1.4.0 (release candidate). It should also work on 1.3.2, but I cannot test that because 1.3.2 has issues with HTTPS_PROXY env vars.