Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

vsts-npm-auth returns wrong Basic Realm (visualstudio.com instead of azure.com)

See original GitHub issue

(Didn’t know in which repo to create this issue so I chose this one)

Required Information

Entering this information will route you directly to the right team and expedite traction.

Question, Bug, or Feature?
Type: bug

Enter Task Name: vsts-npm-auth

Environment

Azure DevOps npm v6.12.0 vsts-npm-auth v0.37.0 node v11.10.0 Windows 1903

Issue Description

npm install returns the error: Unable to authenticate, need: Basic realm="https://pkgsprodsu3weu.app.pkgs.visualstudio.com/" while our package URL is https://pkgs.dev.azure.com/[xxx]/_packaging/[xxx]/npm/registry/.

This does only happen on some projects; not all. We’ve migrated all .npmrc in the projects and the user’s .npmrc to the dev.azure.com realm a couple of months ago.

vsts-npm-auth was run on all projects .npmrc and works for most projects. Forcing credential updates doesn’t resolve it either, whether applied to the project’s .npmrc or user’s .npmrc.

vsts-npm-auth -C C:\Users\[xxx]\.npmrc -F                  
vsts-npm-auth v0.37.0.0
-----------------------
Getting new credentials for source:https://pkgs.dev.azure.com/[xxx]/_packaging/[xxx]/npm/registry/, scope:vso.packaging_write vso.drop_write

Troubleshooting

I’ve tried clearing all NPM caches and node_modules, updating NPM & vsts-npm-auth, regenerating the credentials, removing package-lock.json. But nothing works unfortunately. Updating the credentials returns the correct URL:

PS C:\Users\[xxx]\AppData\Roaming\npm> vsts-npm-auth -C C:\Users\[xxx]\.npmrc

vsts-npm-auth v0.37.0.0
-----------------------
Already have credentials for https://pkgs.dev.azure.com/[xxx]/_packaging/[xxx]/npm/registry/.
PS C:\Users\[xxx]\AppData\Roaming\npm> vsts-npm-auth -C C:\Projects\[xxx]\.npmrc

vsts-npm-auth v0.37.0.0
-----------------------
Already have credentials for https://pkgs.dev.azure.com/[xxx]/_packaging/[xxx]/npm/registry/.

Error logs

0 info it worked if it ends with ok
1 verbose cli [ 'C:\\Program Files\\nodejs\\node.exe',
1 verbose cli   'C:\\Users\\[xxx]\\AppData\\Roaming\\npm\\node_modules\\npm\\bin\\npm-cli.js',
1 verbose cli   'i' ]
2 info using npm@6.12.0
3 info using node@v11.10.0
4 verbose npm-session bc10c5eb62b72e40
5 silly install runPreinstallTopLevelLifecycles

[..]

38 silly pacote range manifest for @angular/cli@^8.3.9 fetched in 3036ms
39 http fetch GET 401 https://pkgs.dev.azure.com/[xxx]/_packaging/@[xxx]/npm/registry/@[xxx]%2fcore 100ms
40 silly fetchPackageMetaData error for @[xxx]/core@^0.1.1 Unable to authenticate, need: Basic realm="https://pkgsprodsu3weu.app.pkgs.visualstudio.com/"
41 http fetch GET 401 https://pkgs.dev.azure.com/[xxx]/_packaging/@[xxx]/npm/registry/@[xxx]%2fstyle 27ms
42 silly fetchPackageMetaData error for @[xxx]/style@^0.9.0 Unable to authenticate, need: Basic realm="https://pkgsprodsu3weu.app.pkgs.visualstudio.com/"
43 http fetch GET 200 https://registry.npmjs.org/@ngx-translate%2fcore 416ms
44 silly pacote range manifest for @ngx-translate/core@^11.0.1 fetched in 420ms

[..]

2285 silly pacote range manifest for @ngx-translate/http-loader@^4.0.0 fetched in 11ms
2286 silly resolveWithNewModule @ngx-translate/http-loader@4.0.0 checking installable status
2287 silly pacote range manifest for core-js@^3.3.2 fetched in 17ms
2288 silly resolveWithNewModule core-js@3.3.4 checking installable status
2289 silly pacote range manifest for rxjs@~6.4.0 fetched in 18ms
2290 silly resolveWithNewModule rxjs@6.4.0 checking installable status
2291 silly pacote range manifest for tippy.js@^4.3.5 fetched in 14ms
2292 silly resolveWithNewModule tippy.js@4.3.5 checking installable status
2293 silly pacote range manifest for tslib@^1.10.0 fetched in 15ms
2294 silly resolveWithNewModule tslib@1.10.0 checking installable status
2295 silly pacote range manifest for zone.js@~0.9.1 fetched in 14ms
2296 silly resolveWithNewModule zone.js@0.9.1 checking installable status
2297 http fetch GET 401 https://pkgs.dev.azure.com/[xxx]/_packaging/@[xxx]/npm/registry/@[xxx]%2fstyle 97ms
2298 http fetch GET 401 https://pkgs.dev.azure.com/[xxx]/_packaging/@[xxx]/npm/registry/@[xxx]%2fcore 98ms
2299 silly fetchPackageMetaData error for @[xxx]/style@^0.9.0 Unable to authenticate, need: Basic realm="https://pkgsprodsu3weu.app.pkgs.visualstudio.com/"
2300 silly fetchPackageMetaData error for @[xxx]/core@^0.1.1 Unable to authenticate, need: Basic realm="https://pkgsprodsu3weu.app.pkgs.visualstudio.com/"
2301 timing stage:rollbackFailedOptional Completed in 1ms
2302 timing stage:runTopLevelLifecycles Completed in 23371ms
2303 silly saveTree is-ph-meter@0.0.0
2303 silly saveTree +-- @angular/animations@8.2.12
2303 silly saveTree | `-- tslib@1.10.0
2303 silly saveTree +-- @angular/common@8.2.12
2303 silly saveTree +-- @angular/compiler@8.2.12
2303 silly saveTree +-- @angular/core@8.2.12
2303 silly saveTree +-- @angular/forms@8.2.12
2303 silly saveTree +-- @angular/platform-browser-dynamic@8.2.12
2303 silly saveTree +-- @angular/platform-browser@8.2.12
2303 silly saveTree +-- @angular/router@8.2.12
2303 silly saveTree +-- @aspnet/signalr@1.1.4
2303 silly saveTree +-- @fortawesome/fontawesome-pro@5.11.2
2303 silly saveTree +-- @ngx-translate/core@11.0.1
2303 silly saveTree +-- @ngx-translate/http-loader@4.0.0
2303 silly saveTree +-- chart.js@2.9.1
2303 silly saveTree +-- core-js@3.3.4
2303 silly saveTree +-- rxjs@6.4.0
2303 silly saveTree +-- tippy.js@4.3.5
2303 silly saveTree +-- tslib@1.10.0
2303 silly saveTree `-- zone.js@0.9.1
2304 verbose stack Error: Unable to authenticate, need: Basic realm="https://pkgsprodsu3weu.app.pkgs.visualstudio.com/"
2304 verbose stack     at res.buffer.catch.then.body (C:\Users\[xxx]\AppData\Roaming\npm\node_modules\npm\node_modules\npm-registry-fetch\check-response.js:94:17)
2304 verbose stack     at processTicksAndRejections (internal/process/next_tick.js:81:5)
2305 verbose statusCode 401
2306 verbose pkgid @[xxx]/style@^0.9.0
2307 verbose cwd C:\my\project
2308 verbose Windows_NT 10.0.18362
2309 verbose argv "C:\\Program Files\\nodejs\\node.exe" "C:\\Users\\[xxx]\\AppData\\Roaming\\npm\\node_modules\\npm\\bin\\npm-cli.js" "i"
2310 verbose node v11.10.0
2311 verbose npm  v6.12.0
2312 error code E401
2313 error Unable to authenticate, need: Basic realm="https://pkgsprodsu3weu.app.pkgs.visualstudio.com/"
2314 verbose exit [ 1, true ]

Issue Analytics

State:
Created 4 years ago
Reactions:3
Comments:11 (1 by maintainers)

Top GitHub Comments

45reactions

JamesHoughcommented, Nov 22, 2020

I had the same error message as the OP.

The only way that I could get it to work was to force the generation of a new token using the -f flag. I didn’t delete any files or change the registry at all before running. If you are only downloading packages from your private npm on Azure DevOps, then the token can be read-only, you don’t need a full access token. Read-only worked for me.

I used these switches to force a new read-only token to be generated on my account. This was the only way I could get the login dialog to appear so that I could provide the correct account to use with my company repo (not my personal login account).

vsts-npm-auth -config .npmrc -r -f -v normal

4reactions

shuebner20commented, Oct 25, 2021

I also experienced this problem with vsts-npm-auth v0.41.0.0. Even if I specify -T/-TargetConfig and -f as stated in several posts here, the existing .npmrc file in the project folder (which is also shell’s current working folder) will not be updated at any time.

A fairly easy workaround was the following command:

vsts-npm-auth -config .npmrc -f -T .npmrc2

This will create a new file (.npmrc2) - just open it and copy the contents to the corresponding auth section in your existing .npmrc. There is no need to transform the PAT in any way (like base64 encoding).