Reading package authenticates successfully, but downloading tarball fails with 401 Unauthorized, even when authenticated.
See original GitHub issueDescribe the bug
I’m facing a similar issue to #1508. Initial requests via npm install
or yarn install
authenticate successfully to my verdaccio registry instance, but when a tarball begins to be downloaded, the user is reported as null
and the process fails, returning error: authorization required to access package <name>
. Here is a log from Verdaccio of an example of the error:
http --> 304, req: 'GET https://registry.npmjs.org/scss-bundle' (streaming)
http --> 304, req: 'GET https://registry.npmjs.org/scss-bundle', bytes: 0/0
http <-- 200, user: foo(103.233.22.16 via 172.17.0.1), req: 'GET /scss-bundle', bytes: 0/23509
http --> 304, req: 'GET https://registry.npmjs.org/@fortawesome%2Ffontawesome-svg-core' (streaming)
http --> 304, req: 'GET https://registry.npmjs.org/@fortawesome%2Ffontawesome-svg-core', bytes: 0/0
http <-- 200, user: foo(103.233.22.16 via 172.17.0.1), req: 'GET /@fortawesome/fontawesome-svg-core', bytes: 0/37012
http --> 304, req: 'GET https://registry.npmjs.org/@fortawesome%2Ffree-solid-svg-icons' (streaming)
http --> 304, req: 'GET https://registry.npmjs.org/@fortawesome%2Ffree-solid-svg-icons', bytes: 0/0
...
http <-- 200, user: foo(103.233.22.16 via 172.17.0.1), req: 'GET /globs', bytes: 0/3222
http <-- 401, user: null(103.233.22.16 via 172.17.0.1), req: 'GET /@types/archy/-/archy-0.0.31.tgz', error: authorization required to access package @types/archy
http --> 304, req: 'GET https://registry.npmjs.org/lodash.debounce' (streaming)
http --> 304, req: 'GET https://registry.npmjs.org/lodash.debounce', bytes: 0/0
http <-- 200, user: foo(103.233.22.16 via 172.17.0.1), req: 'GET /lodash.debounce', bytes: 0/3512
http <-- 401, user: null(103.233.22.16 via 172.17.0.1), req: 'GET /globs/-/globs-0.1.4.tgz', error: authorization required to access package globs
...
http <-- 200, user: foo(103.233.22.16 via 172.17.0.1), req: 'GET /@types/debug', bytes: 0/8652
http <-- 200, user: foo(103.233.22.16 via 172.17.0.1), req: 'GET /@types/fs-extra', bytes: 0/13122
http <-- 401, user: null(103.233.22.16 via 172.17.0.1), req: 'GET /lodash.debounce/-/lodash.debounce-4.0.8.tgz', error: authorization required to access package lodash.debounce
http <-- 200, user: foo(103.233.22.16 via 172.17.0.1), req: 'GET /pretty-bytes', bytes: 0/7403
http <-- 200, user: foo(103.233.22.16 via 172.17.0.1), req: 'GET /chokidar', bytes: 0/30222
...
http <-- 200, user: foo(103.233.22.16 via 172.17.0.1), req: 'GET /sass', bytes: 0/55808
http <-- 401, user: null(103.233.22.16 via 172.17.0.1), req: 'GET /archy/-/archy-1.0.0.tgz', error: authorization required to access package archy
...
You can see how the authorised user is listed as flicking between “foo” and “null” if a tgz request is made.
To Reproduce
Steps to reproduce the behavior:
- Login to verdaccio registry with
npm login
, enter username, password, and email. - Run
npm install
oryarn install
. - NPM & Yarn fail with their respective ‘Authorization failed’ errors.
Expected behavior
Installation completes successfully.
Docker || Kubernetes (please complete the following information):
- Docker verdaccio tag verdaccio:latest
- Docker commands
V_PATH=~/verdaccio; docker run --rm -d --name verdaccio -p 4873:4873 -v $V_PATH/conf:/verdaccio/conf -v npmstorage:/verdaccio/storage -v $V_PATH/plugins:/verdaccio/plugins verdaccio/verdaccio
- Docker Version Docker version 19.03.1, build 74b1e89
Configuration File (cat ~/.config/verdaccio/config.yaml)
web:
enable: true
title: Verdaccio
logo: logo.png
storage: ./../storage
auth:
htpasswd:
file: ./htpasswd
uplinks:
npmjs:
url: https://registry.npmjs.org/
packages:
'@*/*':
access: $authenticated
publish: $authenticated
proxy: npmjs
'**':
access: $authenticated
publish: $authenticated
proxy: npmjs
logs:
- { type: stdout, format: pretty, level: http }
Environment information
Server
- Verdaccio 4.3.3 in Docker container with env described above.
Client
- macOS 10.15 Catalina
- npm 6.11.3
- yarn 1.19.1
Issue Analytics
- State:
- Created 4 years ago
- Comments:7 (2 by maintainers)
Top Results From Across the Web
401 Error: 5 Ways to Troubleshoot and Fix It - Hostinger
Check authentication credentials – make sure you've entered the valid username and password. If the issue persists, try resetting the password.
Read more >NPM install resulting in 401 Unauthorized for private repo
By removing this line, the npm installation works fine and no longer throws an authentication error. Share.
Read more >401 Unauthorised during pipeline NPM Build task when ...
I have been trying to get my pipeline to connect to an external npm registry (azure artifacts) using a service connection but repeatedly...
Read more >401 Unauthorized Error: What It Is and How to Fix It
The client sent its authentication credentials to the server, but the server rejected the credentials. The client failed to provide any ...
Read more >How to Fix a 401 Unauthorized Error? - GeeksforGeeks
Clear Browser Cookie : In some situations, the cookies may not work smoothly leading to improper server authentication. Thus, by clearing the ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Had the same problem - fixed it with always-auth.
hi @lukeify
means that
yarn
is not sending thetoken
or_authToken
. All request are independent each other, thus if you see anull
means the request isanonymous
and according your config should be rejected with401
. I’d try with other tools asnpm
usingnpm install -ddd
to see more in detail, I think yarn hasverbose
mode as well.