publish failed by authorization coz different npm-registry-fetch version
See original GitHub issueWhat am I facing
In a word: I use lerna
to publish packages, but failed by authorization.
Root Cause
Here are dependencies:
lerna@^4.0.0
┗━━ @lerna/publish@^4.0.0
┣━━npm-registry-fetch@^9.0.0
┗━━@lerna/npm-publish@^4.0.0
┗━━libnpmpublish@^4.0.0
┗━━npm-registry-fetch@^10.0.0
lerna
publishes package chain: @lerna/publish
-> @lerna/npm-publish
-> libnpmpublish
In fact, yarn installed libnpmpublish@4.0.1
coz ^4.0.0
, it make sense.
So I have two version npm-registry-fetch
,
@lerna/publish
build opts
via npm-registry-fetch@^9.0.0
and
libnpmpublish@4.0.1
get auth
failed from opts
via npm-registry-fetch@^10.0.0
Finally, I got error:
lerna ERR! E401 Unable to authenticate, need: BASIC realm="Sonatype Nexus Repository Manager"
Workaround
add this to package.json
{
"resolutions": {
"libnpmpublish": "4.0.0"
},
}
I have reported this to libnpmpublish
. #21
On lerna
side, do we consider upgrade npm-registry-fetch
to 10.0.0?
Issue Analytics
- State:
- Created 2 years ago
- Reactions:5
- Comments:6 (3 by maintainers)
Top Results From Across the Web
[BUG] NPM v7 private registry authentication 401 (v6 works)
While trying to install packages from GitHub package repository, I get 401 error when using npm v7 (tried with 7.3 and 7.4.2) while...
Read more >Authentication error on publishing to private NPM repository ...
When you do npm login or npm adduser the NPM client creates an authentication token that will be used in future request to...
Read more >NPM registry publish fails after update to 13.7.0 (and 13.7.1)
After updating Gitlab to 13.7.0, CI pipelines that publish javascript packages to our Gitlab instance project regitry fails with Not auth.
Read more >NPM Error "failed to fetch from registry" when Installing Module
When using NPM to install a module for a project, you may encounter a frustrating error like this: $ npm install express --save...
Read more >npm-publish - npm Docs
This can be overridden by specifying a different default registry or using a ... The publish will fail if the package name and...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
This issue was very helpful in tracking down the problem in our codebase, which relies on NXRM 2. Just wanted to share another workaround that does not depend on Yarn resolutions:
Our .npmrc contained a line that uses
_auth
, which appears to be ignored bynpm-registry-fetch
. This function only reads auth fields from lines that follow the format (see function here):So if your full Nexus npm URL was http://localhost:8081/nexus/content/repositories/npm-internal/
Your npmrc should contain a line that looks something like:
@dptoot Yes, upgraded
npm-registry-fetch
with major version, but publishedlibnpmpublish
as patch version. (0_0)