Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Cannot login or publish

See original GitHub issue

I’m new to publishing packages, but I cannot publish anything to Verdaccio. I’m using Verdaccio 4.3.3 and it won’t let me npm login at the command-prompt or publish anything, e.g. this “Hello, world” project fails (as well as my main project):

Microsoft Windows [Version 10.0.17763.737]                    
(c) 2018 Microsoft Corporation. All rights reserved.          

D:\work\gml\serenity\0.2\src>cd \junk                         
D:\junk>md z                
D:\junk>cd z                
D:\junk\z>npm init -y       
Wrote to D:\junk\z\package.json:                              

{                           
  "name": "z",              
  "version": "1.0.0",       
  "description": "",        
  "main": "index.js",       
  "scripts": {              
    "test": "echo \"Error: no test specified\" && exit 1"     
  },                        
  "keywords": [],           
  "author": "Danny Pike <danny.pike@gmail.com>",              
  "license": "MIT"          
}                           

D:\junk\z>echo console.log("Hello, World") >index.js          
D:\junk\z>node index.js           
Hello, World                      

D:\junk\z>npm publish --registry http://localhost:4873        
npm notice                        
npm notice package: z@1.0.0       
npm notice === Tarball Contents ===                           
npm notice 248B package.json      
npm notice 30B  index.js          
npm notice === Tarball Details ===
npm notice name:          z       
npm notice version:       1.0.0   
npm notice package size:  331 B   
npm notice unpacked size: 278 B   
npm notice shasum:        45cdcaeac2929e9cf69ebcfcc002388c6200e4ed                              
npm notice integrity:     sha512-myYcnqnOn9gJf[...]JN4KiJYn60LpQ==                              
npm notice total files:   2       
npm notice                        
npm ERR! code E401                
npm ERR! Unable to authenticate, your authentication token seems to be invalid.                 
npm ERR! To correct this please trying logging in again with: 
npm ERR!     npm login            

npm ERR! A complete log of this run can be found in:          
npm ERR!     D:\Users\Dan\AppData\Roaming\npm-cache\_logs\2019-10-17T17_01_42_043Z-debug.log    

D:\junk\z>

Verdaccio is running in a Windows Command prompt (not Docker) and seems happy to supply and cache packages to “npm install”, but the publish command fails.

This is the output in the Verdaccio Command Prompt:

 http <-- 401, user: null(127.0.0.1), req: 'PUT /z', error: authorization required to publish package z
 http <-- 401, user: null(127.0.0.1), req: 'PUT /z', error: authorization required to publish package z

Here’s my .npmrc:

registry=http://localhost:4873/
init.author.email=danny.pike@gmail.com
init.author.name=Danny Pike
init.license=MIT
node_gyp=D:\Program Files\nodejs\node_modules\node-gyp\bin\node-gyp.js

I’ve tried adding dummy tokens:

//localhost:4873/:_authToken="fooBar"
//127.0.0.1:4873/:_authToken="fooBar"

but that makes no difference

Here’s the output from verdaccio --info:

Environment Info:

  System:
    OS: Windows 10
    CPU: (8) x64 Intel(R) Core(TM) i7-6700T CPU @ 2.80GHz
  Binaries:
    Node: 12.6.0 - D:\Program Files\nodejs\node.EXE
    npm: 6.9.0 - D:\Program Files\nodejs\npm.CMD
  Browsers:
    Edge: 44.17763.1.0

Here’s the ~/.config/verdaccio/config.yaml file:

#
# This is the default config file. It allows all users to do anything,
# so don't use it on production systems.
#
# Look here for more config file examples:
# https://github.com/verdaccio/verdaccio/tree/master/conf
#

# path to a directory with all packages
storage: ./storage

auth:
  htpasswd:
    file: ./htpasswd
    # Maximum amount of users allowed to register, defaults to "+inf".
    # You can set this to -1 to disable registration.
    #max_users: 1000

# a list of other known repositories we can talk to
uplinks:
  npmjs:
    url: https://registry.npmjs.org/

packages:
  '@*/*':
    # scoped packages
    access: $all
    publish: $authenticated
    proxy: npmjs

  '**':
    # allow all users (including non-authenticated users) to read and
    # publish all packages
    #
    # you can specify usernames/groupnames (depending on your auth plugin)
    # and three keywords: "$all", "$anonymous", "$authenticated"
    access: $all

    # allow all known users to publish packages
    # (anyone can register by default, remember?)
    publish: $authenticated

    # if package is not available locally, proxy requests to 'npmjs' registry
    proxy: npmjs

# To use `npm audit` uncomment the following section
middlewares:
  audit:
    enabled: true

# log settings
logs:
  - {type: stdout, format: pretty, level: http}
  #- {type: file, path: verdaccio.log, level: info}

Finally, this is the log file from ~/npm-cache/_logs/2019-10-17T17_01_42_043Z-debug.log:

0 info it worked if it ends with ok
1 verbose cli [
1 verbose cli   'D:\\Program Files\\nodejs\\node.exe',
1 verbose cli   'D:\\Program Files\\nodejs\\node_modules\\npm\\bin\\npm-cli.js',
1 verbose cli   'publish',
1 verbose cli   '--registry',
1 verbose cli   'http://localhost:4873'
1 verbose cli ]
2 info using npm@6.9.0
3 info using node@v12.6.0
4 verbose npm-session b7a6555f54657be2
5 verbose publish [ '.' ]
6 info lifecycle z@1.0.0~prepublish: z@1.0.0
7 info lifecycle z@1.0.0~prepare: z@1.0.0
8 info lifecycle z@1.0.0~prepublishOnly: z@1.0.0
9 info lifecycle z@1.0.0~prepack: z@1.0.0
10 info lifecycle z@1.0.0~postpack: z@1.0.0
11 notice
12 notice package: z@1.0.0
13 notice === Tarball Contents ===
14 notice 248B package.json
14 notice 30B  index.js
15 notice === Tarball Details ===
16 notice name:          z
16 notice version:       1.0.0
16 notice package size:  331 B
16 notice unpacked size: 278 B
16 notice shasum:        45cdcaeac2929e9cf69ebcfcc002388c6200e4ed
16 notice integrity:     sha512-myYcnqnOn9gJf[...]JN4KiJYn60LpQ==
16 notice total files:   2
17 notice
18 http fetch PUT 401 http://localhost:4873/z 52ms
19 verbose stack Error: Unable to authenticate, need: Basic, Bearer
19 verbose stack     at D:\Users\Dan\AppData\Roaming\nvm\v12.6.0\node_modules\npm\node_modules\npm-registry-fetch\check-response.js:94:17
19 verbose stack     at processTicksAndRejections (internal/process/task_queues.js:85:5)
20 verbose statusCode 401
21 verbose pkgid z@1.0.0
22 verbose cwd D:\junk\z
23 verbose Windows_NT 10.0.17763
24 verbose argv "D:\\Program Files\\nodejs\\node.exe" "D:\\Program Files\\nodejs\\node_modules\\npm\\bin\\npm-cli.js" "publish" "--registry" "http://localhost:4873"
25 verbose node v12.6.0
26 verbose npm  v6.9.0
27 error code E401
28 error Unable to authenticate, your authentication token seems to be invalid.
29 error To correct this please trying logging in again with:
29 error     npm login
30 verbose exit [ 1, true ]

The only thing in there that looks suspicious to me is the comment that says “need: Basic, Bearer”. Have I missed something in the config?

Issue Analytics

State:
Created 4 years ago
Comments:5 (1 by maintainers)

Top GitHub Comments

2reactions

ivanvaccaricommented, Nov 12, 2019

I had the same problems and after a lot of investigations and code digging i just found out that it was a problem with unexpected chars in the htpasswd file.

I was editing it with windows notepad who add ‘\r\n’ as newline, but the htpasswd parser split only by ‘\n’ so there was an extra ‘\r’ at the end of the line. Since the line was composed as ‘user:pwd’, the extra ‘\r’ was interpreted as an extra char of the password and this was breaking the login.

Solved simply by adding an extra field in the htpasswd line so the ‘\r’ don’t ends up in the password field:

username:ENCR_PWD:manually added

a dos2unix will also do the trick without adding an extra field.

0reactions

lock[bot]commented, Feb 11, 2020

🤖This thread has been automatically locked 🔒 since there has not been any recent activity after it was closed. We lock tickets after 90 days with the idea to encourage you to open a ticket with new fresh data and to provide you better feedback 🤝and better visibility 👀. If you consider, you can attach this ticket 📨 to the new one as a reference for better context. Thanks for being a part of the Verdaccio community! 💘