Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Automatic authentification on private npm repository no longer works #2935

Closed
yvon-dblg opened this issue Mar 24, 2021 · 5 comments
Closed

[BUG] Automatic authentification on private npm repository no longer works #2935

yvon-dblg opened this issue Mar 24, 2021 · 5 comments
Labels
Bug thing that needs fixing Priority 0 will get attention right away Release 7.x work is associated with a specific npm 7 release

Comments

@yvon-dblg
Copy link

Current Behavior:

We use a private nexus repository with an .npmrc file on each project.

Our .npmrc looks like (URL changed for this bug report):

registry=https://our-url.example.com/repository/npm/
_auth=${NEXUS_TOKEN_ENV_VAR}

Since the npm v7.7.0 release we have the following error when we do an npm install in our projects:

npm ERR! code E401
npm ERR! Unable to authenticate, need: BASIC realm="Sonatype Nexus Repository Manager"

This configuration always worked previously (npm v6 & npm < v7.7.0)

Note: doing a npm adduser allow us to install our package in our dev local env.
It create a $HOME/.npmrc file with what's seems to be an undocumented format.

But this is not usable when doing automatic build with Jenkins / docker, since it prompt user for information.

Expected Behavior:

npm install works as expected.

Steps To Reproduce:

Configure a private repository with basics HTTP auth, and use it with a specific .npmrc in the project, like explain above.

Environment:

OS: Ubuntu 20.04

{
  npm: '7.7.0',
  node: '14.15.4',
  v8: '8.4.371.19-node.17',
  uv: '1.40.0',
  zlib: '1.2.11',
  brotli: '1.0.9',
  ares: '1.16.1',
  modules: '83',
  nghttp2: '1.41.0',
  napi: '7',
  llhttp: '2.1.3',
  openssl: '1.1.1i',
  cldr: '37.0',
  icu: '67.1',
  tz: '2020a',
  unicode: '13.0'
}
@yvon-dblg yvon-dblg added Bug thing that needs fixing Needs Triage needs review for next steps Release 7.x work is associated with a specific npm 7 release labels Mar 24, 2021
@Gerrit-K
Copy link

I can confirm this. We have a very similar approach to access internally hosted packages (i.e. a .npmrc with the custom registry tracked in VCS and the token injected via NPM_CONFIG__auth). Since yesterday, all of our pipelines (which install npm@7) fail. As a workaround, we now pin to [email protected] ...

@mo-mdebashi
Copy link

We also have a similar problem on our pipeline on aws. using [email protected] is working for now, but would be great if we can continue to use the latest

@NGTOne
Copy link

NGTOne commented Mar 24, 2021

Can also confirm. Our build pipeline periodically uses the latest NPM, and 7.7.0 broke it with this error.

@ruyadorno ruyadorno added Priority 0 will get attention right away and removed Needs Triage needs review for next steps labels Mar 24, 2021
@wraithgar wraithgar mentioned this issue Mar 24, 2021
Merged
@wraithgar
Copy link
Member

This should be fixed in v7.7.3

@yvon-dblg
Copy link
Author

Yes it's fixed for me.
Thank you.

@yvon-dblg yvon-dblg mentioned this issue Apr 23, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug thing that needs fixing Priority 0 will get attention right away Release 7.x work is associated with a specific npm 7 release
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@wraithgar @ruyadorno @NGTOne @Gerrit-K @yvon-dblg @mo-mdebashi