Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
npm Automation tokens not supported
See original GitHub issueAffected Packages
@changesets/cli@2.18.1
Problem
changeset publish attempts to use the npm profile get --json command to work out if 2fa is enabled etc.
When using an Automation level npm token, this throws a 403 error as these tokens literally only have access to read or publish, and I think npm whoami too.:
13:11:02 echo //registry.npmjs.org/:_authToken=**** > .npmrc &&
13:11:02 npm profile get --json
13:11:02 '
13:11:03 [] / profile:
[] / profile:
[] - profile:
[] - profile:
[] - profile:
[] \ profile:
[] \ profile:
npm ERR! code E403
13:11:03 npm ERR! 403 403 Forbidden - GET https://registry.npmjs.org/-/npm/v1/user
13:11:03 npm ERR! 403 In most cases, you or one of your dependencies are requesting
13:11:03 npm ERR! 403 a package version that is forbidden by your security policy, or
13:11:03 npm ERR! 403 on a server you do not have access to.
13:11:03 {
13:11:03 "error": {
13:11:03 "code": "E403",
13:11:03 "summary": "403 Forbidden - GET https://registry.npmjs.org/-/npm/v1/user",
13:11:03 "detail": "In most cases, you or one of your dependencies are requesting\na package version that is forbidden by your security policy, or\non a server you do not have access to."
13:11:03 }
13:11:03 }
13:11:03
13:11:03 npm ERR! A complete log of this run can be found in:
13:11:03 npm ERR! /root/.npm/_logs/2021-12-13T13_11_03_532Z-debug.log
13:11:03
[Pipeline] }
I had to work backwards to find this command as you actually only get this little error message:
13:06:31 1 file changed, 1 insertion(+), 1 deletion(-)
13:06:32 78🦋 info npm info @******/*****
13:06:33 error parsing json:
13:06:33 SyntaxError: Unexpected end of JSON input
13:06:33 at JSON.parse (<anonymous>)
13:06:33 at jsonParse (/usr/src/app/node_modules/@changesets/cli/dist/cli.cjs.dev.js:601:17)
13:06:33 at getTokenIsRequired (/usr/src/app/node_modules/@changesets/cli/dist/cli.cjs.dev.js:651:14)
13:06:33 at processTicksAndRejections (node:internal/process/task_queues:96:5)
A workaround is to simply set the GITHUB_ACTIONS environment variable which prevents these checks from being made.
Obviously this isn’t ideal.
Proposed solution
Document the workaround somewhere, or add a cli option to publish to skip the npm profile checks.
Issue Analytics
- State:
- Created 2 years ago
- Comments:8 (5 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I’ve created a PR to address this: https://github.com/changesets/changesets/pull/710
I’m using npm8+ for my builds. Odd that I’m not getting the correct logs when
jsonParseerrors 🤔.I tried
CI=trueand can confirm that it works absolutely fine 🎉 Thanks for this.