Versions
Do you want to request a feature or report a bug?
Bug - or - missing feature
What is the current behavior?
yarn add PRIVATE_PACKAGE does not work - I'm never authenticated
(this happens with a freshly set-up ~/.yarnrc with not pre existing ~/.npmrc)
If the current behavior is a bug, please provide the steps to reproduce.
- Get a private npm repository (I used artifactory)
- Make full access bound to a specific user (note: read only needs user as well - no anonymous!)
- Setup the registry in yarn:
yarn config set registry https://my_cool_artifactory/api/npm/cool_npm_repository
- Publish a sample package (this works nicely)
- Attempt to get that package using
yarn add PRIVATE_PACKAGE
What is the expected behavior?
I suppose I should get the package.
After I set up the repository and a 4xx error is returned, I expect a CLI query asking for my username, email and password (drop the username and email when those are already entered in ~/.yarnrc)
More descriptive stuff
Okay, we have an artifactory server which serves as both, a proxy and a private repository container.
There is no anonymous access to the server so even read access is bound to a proper log in.
I started from scratch with no pre existing .npmrc.
I created my ~/.yarnrc by doing this:
yarn config set registry https://my_artifactory/and/its/repo
yarn config set always-auth true
yarn config set strict-ssl true
yarn config set cafile /path/to/root/cert
After this set up I invoked yarn login and entered my username and email.
Publishing a package is no problem since I'm asked for my password here.
The workflow for the publishing seems to be
- Query for version
- Query for password
- create a token with HTTP PUT to artifactory
- use? this token to publish my package
- Delete the token from artifactory with HTTP DELETE
After this, I'm left as I started - without a token since it was deleted (and it was probably in the RAM anyway).
When I then invoke yarn add to add my private package, I'm not queried for my password which results is a 403 (Forbidden). Yarn doesn't evaluate this issue and merely reports it back to me.
I didn't find a way to set a proper auth token. I played a bit with postman and was able to create a valid token for myself but not sure how I'd use it after this (maybe there is a hidden CLI flag?).
This seems to be the wrong way anyway. Manually grabbing a token to make the package manager work sounds counter intuitive to me.
Looking into other threads didn't help either. Most "solutions" seem to be work arounds.
The only solution that seemed to work was to put my plain credentials into the ~/.npmrc and work with that. But that only worked for a direct private package with no private packages as dependencies there. I suppose the credentials are stripped from the URL after the first iteration
This also happened another day while testing with a second ~/.npmrc
I guess I'll try to add the token I created with postman in the ~/.npmrc manner and add it like //MY_REGISTRY:TOKEN
Anyway, I hope this is any helpful and maybe someone can help me out.
Cheers
Edit: Adding the token to the ~/.yarnrc Didn't help either.
Versions
[email protected][email protected]Linux (arch) x86_64Do you want to request a feature or report a bug?
Bug- or -missing featureWhat is the current behavior?
yarn add PRIVATE_PACKAGEdoes not work - I'm never authenticated(this happens with a freshly set-up
~/.yarnrcwith not pre existing~/.npmrc)If the current behavior is a bug, please provide the steps to reproduce.
yarn config set registry https://my_cool_artifactory/api/npm/cool_npm_repositoryyarn add PRIVATE_PACKAGEWhat is the expected behavior?
I suppose I should get the package.
After I set up the repository and a 4xx error is returned, I expect a CLI query asking for my username, email and password (drop the username and email when those are already entered in
~/.yarnrc)More descriptive stuff
Okay, we have an artifactory server which serves as both, a proxy and a private repository container.
There is no anonymous access to the server so even read access is bound to a proper log in.
I started from scratch with no pre existing .npmrc.
I created my
~/.yarnrcby doing this:yarn config set registry https://my_artifactory/and/its/repoyarn config set always-auth trueyarn config set strict-ssl trueyarn config set cafile /path/to/root/certAfter this set up I invoked
yarn loginand entered my username and email.Publishing a package is no problem since I'm asked for my password here.
The workflow for the publishing seems to be
After this, I'm left as I started - without a token since it was deleted (and it was probably in the RAM anyway).
When I then invoke
yarn addto add my private package, I'm not queried for my password which results is a 403 (Forbidden). Yarn doesn't evaluate this issue and merely reports it back to me.I didn't find a way to set a proper auth token. I played a bit with postman and was able to create a valid token for myself but not sure how I'd use it after this (maybe there is a hidden CLI flag?).
This seems to be the wrong way anyway. Manually grabbing a token to make the package manager work sounds counter intuitive to me.
Looking into other threads didn't help either. Most "solutions" seem to be work arounds.
The only solution that seemed to work was to put my plain credentials into the
~/.npmrcand work with that. But that only worked for a direct private package with no private packages as dependencies there. I suppose the credentials are stripped from the URL after the first iterationThis also happened another day while testing with a second
~/.npmrcI guess I'll try to add the token I created with postman in the
~/.npmrcmanner and add it like //MY_REGISTRY:TOKENAnyway, I hope this is any helpful and maybe someone can help me out.
Cheers
Edit: Adding the token to the
~/.yarnrcDidn't help either.