Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Yarn 2 registry and auth are ignored by Lerna

See original GitHub issue

I am using monorepo setup based on Yarn 2 (with plug’n’play).

It is possible to set authentication with following in .yarnrc.yml:

npmPublishRegistry: https://example.com
npmAuthIdent: foo:bar

lerna.json is as follows:

{
  "version": "1.0.0",
  "npmClient": "yarn",
  "useWorkspaces": true
}

Expected Behavior

Running lerna publish should just work.

In my case I run package.json script by yarn like so yarn publish:release where package.json has this:

{
  "scripts": {
    "publish:release": "lerna publish"
  }
}

Current Behavior

Error is produced:

lerna http fetch PUT 401 https://example.com/packagename 97ms
lerna ERR! E401 Unable to authenticate, need: BASIC realm="XXX"

Workaround

Put auth and registry directly into command:

yarn publish:release --registry=XXX --legacyAuth=XXX

Which then will forward args to Lerna.

Possible solution

Call Yarn’s publish method that should be aware of auth: https://yarnpkg.com/cli/npm/publish

Your Environment

Executable	Version
`lerna --version`	3.20.2
`npm --version`	6.11.2
`yarn --version`	2.0.0-rc.29
`node --version`	12.15.0

Issue Analytics

State:
Created 4 years ago
Reactions:17
Comments:5 (1 by maintainers)

Top GitHub Comments

1reaction

KoltesDigitalcommented, Aug 19, 2021

OP’s current behavior includes the registry set in .yarnrc.yml, therefore Lerna somehow takes it into account.

I’m working on a monorepo and I’m using npmScopes. .yarnrc.yml looks like:

nodeLinker: node-modules
npmScopes:
  xyz:
    npmAlwaysAuth: true
    npmAuthToken: "${AUTH_TOKEN}"
    npmRegistryServer: "https://xyz"
yarnPath: .yarn/releases/yarn-berry.cjs

When publishing a package within @xyz scope, output is:

lerna info publish Publishing packages to npm...
lerna info Verifying npm credentials
lerna http fetch GET 401 https://registry.npmjs.org/-/npm/v1/user 287ms
401 Unauthorized - GET https://registry.npmjs.org/-/npm/v1/user
lerna ERR! EWHOAMI Authentication error. Use `npm whoami` to troubleshoot.

Note that it uses default registry, so it doesn’t seem to care about scope overrides.

Update: just tested with top-level npmPublishRegistry, isn’t taken into account neither.

0reactions

ChoSeoHwancommented, Oct 10, 2022

OP’s current behavior includes the registry set in .yarnrc.yml, therefore Lerna somehow takes it into account.

I’m working on a monorepo and I’m using npmScopes. .yarnrc.yml looks like:
nodeLinker: node-modules
npmScopes:
  xyz:
    npmAlwaysAuth: true
    npmAuthToken: "${AUTH_TOKEN}"
    npmRegistryServer: "https://xyz"
yarnPath: .yarn/releases/yarn-berry.cjs
When publishing a package within @xyz scope, output is:
lerna info publish Publishing packages to npm...
lerna info Verifying npm credentials
lerna http fetch GET 401 https://registry.npmjs.org/-/npm/v1/user 287ms
401 Unauthorized - GET https://registry.npmjs.org/-/npm/v1/user
lerna ERR! EWHOAMI Authentication error. Use `npm whoami` to troubleshoot.
Note that it uses default registry, so it doesn’t seem to care about scope overrides.

Update: just tested with top-level npmPublishRegistry, isn’t taken into account neither.