Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Reading package authenticates successfully, but downloading tarball fails with 401 Unauthorized, even when authenticated.

See original GitHub issue

Describe the bug

I’m facing a similar issue to #1508. Initial requests via npm install or yarn install authenticate successfully to my verdaccio registry instance, but when a tarball begins to be downloaded, the user is reported as null and the process fails, returning error: authorization required to access package <name>. Here is a log from Verdaccio of an example of the error:

 http --> 304, req: 'GET https://registry.npmjs.org/scss-bundle' (streaming)
 http --> 304, req: 'GET https://registry.npmjs.org/scss-bundle', bytes: 0/0
 http <-- 200, user: foo(103.233.22.16 via 172.17.0.1), req: 'GET /scss-bundle', bytes: 0/23509
 http --> 304, req: 'GET https://registry.npmjs.org/@fortawesome%2Ffontawesome-svg-core' (streaming)
 http --> 304, req: 'GET https://registry.npmjs.org/@fortawesome%2Ffontawesome-svg-core', bytes: 0/0
 http <-- 200, user: foo(103.233.22.16 via 172.17.0.1), req: 'GET /@fortawesome/fontawesome-svg-core', bytes: 0/37012
 http --> 304, req: 'GET https://registry.npmjs.org/@fortawesome%2Ffree-solid-svg-icons' (streaming)
 http --> 304, req: 'GET https://registry.npmjs.org/@fortawesome%2Ffree-solid-svg-icons', bytes: 0/0
...
 http <-- 200, user: foo(103.233.22.16 via 172.17.0.1), req: 'GET /globs', bytes: 0/3222
 http <-- 401, user: null(103.233.22.16 via 172.17.0.1), req: 'GET /@types/archy/-/archy-0.0.31.tgz', error: authorization required to access package @types/archy
 http --> 304, req: 'GET https://registry.npmjs.org/lodash.debounce' (streaming)
 http --> 304, req: 'GET https://registry.npmjs.org/lodash.debounce', bytes: 0/0
 http <-- 200, user: foo(103.233.22.16 via 172.17.0.1), req: 'GET /lodash.debounce', bytes: 0/3512
 http <-- 401, user: null(103.233.22.16 via 172.17.0.1), req: 'GET /globs/-/globs-0.1.4.tgz', error: authorization required to access package globs
...
 http <-- 200, user: foo(103.233.22.16 via 172.17.0.1), req: 'GET /@types/debug', bytes: 0/8652
 http <-- 200, user: foo(103.233.22.16 via 172.17.0.1), req: 'GET /@types/fs-extra', bytes: 0/13122
 http <-- 401, user: null(103.233.22.16 via 172.17.0.1), req: 'GET /lodash.debounce/-/lodash.debounce-4.0.8.tgz', error: authorization required to access package lodash.debounce
 http <-- 200, user: foo(103.233.22.16 via 172.17.0.1), req: 'GET /pretty-bytes', bytes: 0/7403
 http <-- 200, user: foo(103.233.22.16 via 172.17.0.1), req: 'GET /chokidar', bytes: 0/30222
...
 http <-- 200, user: foo(103.233.22.16 via 172.17.0.1), req: 'GET /sass', bytes: 0/55808
 http <-- 401, user: null(103.233.22.16 via 172.17.0.1), req: 'GET /archy/-/archy-1.0.0.tgz', error: authorization required to access package archy
...

You can see how the authorised user is listed as flicking between “foo” and “null” if a tgz request is made.

To Reproduce

Steps to reproduce the behavior:

  1. Login to verdaccio registry with npm login, enter username, password, and email.
  2. Run npm install or yarn install.
  3. NPM & Yarn fail with their respective ‘Authorization failed’ errors.

Expected behavior

Installation completes successfully.

Docker || Kubernetes (please complete the following information):

  • Docker verdaccio tag verdaccio:latest
  • Docker commands V_PATH=~/verdaccio; docker run --rm -d --name verdaccio -p 4873:4873 -v $V_PATH/conf:/verdaccio/conf -v npmstorage:/verdaccio/storage -v $V_PATH/plugins:/verdaccio/plugins verdaccio/verdaccio
  • Docker Version Docker version 19.03.1, build 74b1e89

Configuration File (cat ~/.config/verdaccio/config.yaml)

web:
  enable: true
  title: Verdaccio
  logo: logo.png
storage: ./../storage

auth:
  htpasswd:
    file: ./htpasswd

uplinks:
  npmjs:
    url: https://registry.npmjs.org/
packages:
  '@*/*':
    access: $authenticated
    publish: $authenticated
    proxy: npmjs
  '**':
    access: $authenticated
    publish: $authenticated
    proxy: npmjs
logs:
    -  { type: stdout, format: pretty, level: http }

Environment information

Server

  • Verdaccio 4.3.3 in Docker container with env described above.

Client

  • macOS 10.15 Catalina
  • npm 6.11.3
  • yarn 1.19.1

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:7 (2 by maintainers)

github_iconTop GitHub Comments

1reaction
jeffrsoncommented, Jan 17, 2020

Had the same problem - fixed it with always-auth.

1reaction
juanpicadocommented, Oct 16, 2019

hi @lukeify

http <-- 401, user: null(

means that yarn is not sending the token or _authToken. All request are independent each other, thus if you see a null means the request is anonymous and according your config should be rejected with 401. I’d try with other tools as npm using npm install -ddd to see more in detail, I think yarn has verbose mode as well.

Read more comments on GitHub >

github_iconTop Results From Across the Web

401 Error: 5 Ways to Troubleshoot and Fix It - Hostinger
Check authentication credentials – make sure you've entered the valid username and password. If the issue persists, try resetting the password.
Read more >
NPM install resulting in 401 Unauthorized for private repo
By removing this line, the npm installation works fine and no longer throws an authentication error. Share.
Read more >
401 Unauthorised during pipeline NPM Build task when ...
I have been trying to get my pipeline to connect to an external npm registry (azure artifacts) using a service connection but repeatedly...
Read more >
401 Unauthorized Error: What It Is and How to Fix It
The client sent its authentication credentials to the server, but the server rejected the credentials. The client failed to provide any ...
Read more >
How to Fix a 401 Unauthorized Error? - GeeksforGeeks
Clear Browser Cookie : In some situations, the cookies may not work smoothly leading to improper server authentication. Thus, by clearing the ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

url_prefix changed behaviour with 4.2.2

Next page

Intermittent 404 errors to client due to upstream DNS lookup failure (getaddrinfo EAI_AGAIN)