Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[Bug] Yarn 2 Response code 404 (not found) when installing from jfrog

See original GitHub issue

Describe the bug

During yarn install the following error appears

➤ YN0000: ┌ Resolution step
➤ YN0001: │ HTTPError: @acme/sdk@npm:1.18.2: Response code 404 (Not Found)
    at EventEmitter.l.on (/Users/dimitriskyriazopoulos/Development/ui/.yarn/releases/yarn-sources.js:24:328280)
    at process._tickCallback (internal/process/next_tick.js:68:7)
➤ YN0000: └ Completed in 2.48s
➤ YN0000: Failed with errors in 2.48s

To Reproduce

Create a Jfrog account Navigate to library workspace Set proper config credentials to .npmrc and point repository to jfrog Use Yarn 1 to publish the package Create another project with dependency the package published earlier Switch to Yarn 2 Delete any yarn.lock if exists Make a yarn install

Environment if relevant (please complete the following information):

  • OS: OSX
  • Node version 10.16.3
  • Yarn version tested both 2.0.0-rc.29 & 2.0.0-rc.29.git.20200305.31ef68ca

Additional context

Some of company’s in-house packages are being published and served by JFrog. The credentials and repository info are being found to .npmrc in the following fashion:

.npmrc

registry=https://acme.jfrog.io/acme/api/npm/npm/
_auth = ${ARTIFACTORY_AUTH}
email = ${ARTIFACTORY_USERNAME}
always-auth = true

Having a dependency on package.json that is being served from JFrog’s artifactory (private repository)

package.json

"dependencies": {
    "@acme/sdk": "1.18.2",
}

Other approaches tried Checking the documentation noticed some configuration options that could be set to .yarnrc.yml

Then I executed the following commands

yarn config set npmAlwaysAuth true
yarn config set npmRegistryServer https://acme.jfrog.io/acme/api/npm/npm/
yarn config set npmAuthToken $ARTIFACTORY_AUTH

The error message was:

➤ YN0000: ┌ Resolution step
➤ YN0041: │ webpack-cli@npm:3.3.0: Invalid authentication (as an unknown user)
➤ YN0000: └ Completed in 1.66s
➤ YN0000: Failed with errors in 1.66s

The same happened when removed npmAuthToken and executed

yarn config set npmAuthIdent $ARTIFACTORY_USERNAME:$ARTIFACTORY_AUTH

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Reactions:4
  • Comments:25 (5 by maintainers)

github_iconTop GitHub Comments

10reactions
deinicommented, Mar 11, 2020

I had some time today to set up a free-trial with Artifactory and was able to reproduce what you guys are seeing. However, I was able to both publish and install from it. There are a couple of scenarios here and I’ll try to address them all.

First, we need to clarify that all authentication configs must go in your repo’s .yarnrc.yml or your global one (~/.yarnrc.yml). Yarn v2 doesn’t read anything from .npmrc.

Starting with @DimitrK’s scenario, Artifactory as a proxy (no per-scope config): From the original issue description, I see that you tried doing

yarn config set npmAlwaysAuth true
yarn config set npmRegistryServer https://acme.jfrog.io/acme/api/npm/npm
yarn config set npmAuthToken $ARTIFACTORY_AUTH

This was really close! The issue here is that $ARTIFACTORY_AUTH is the basic auth and not the npmAuthToken. What you can do is:

yarn config set npmAlwaysAuth true
yarn config set npmRegistryServer https://acme.jfrog.io/acme/api/npm/npm
yarn npm login

This will ask for your username and password which will be exchanged for an npmAuthToken

Your repo’s .yarnrc.yml will end up with the following config

npmAlwaysAuth: true
npmRegistryServer: "https://acme.jfrog.io/acme/api/npm/npm"

Then on your global config ~/.yarnrc.yml you can see the npmAuthToken is now set

npmRegistries:
  "https://acme.jfrog.io/acme/api/npm/npm":
    npmAuthToken: <TOKEN>

@Tirke’s scenario, Scoped packages:

As @piqueme mentioned already the missing email might be the issue since JFrog states clearly in docs the following: “Your email address (npm publish will not work if your email is not specified in .npmrc)”

This is probably the issue since like you guys already figured out, we are not sending the email. However, this section of the Artifactory docs is under the “Basic Auth” strategy (npmAuthIdent) which we strongly discourage.

We have a yarn npm login --scope <scope> however the scope has to be defined. The easiest way to do this is to manually add the scope to your .yarnrc.yml.

npmScopes:
  acme:
    npmRegistryServer: https://acme.jfrog.io/acme/api/npm/npm
    npmPublishRegistry: https://acme.jfrog.io/acme/api/npm/npm

Then you can do: yarn npm login --scope acme

Which will ask for login/password, exchange it for an npmAuthToken and store it in ~/.yarnrc.yml.

Let me know if you guys have any more questions.

CC: @piqueme

3reactions
paleikacommented, Jun 22, 2021

We managed to add the jfrog package dependency using this yarn v2 config example. Quote symbols are used in the server address but are not needed for the identification

nodeLinker: node-modules
npmAlwaysAuth: true
npmAuthIdent: bmFkZXpo<...>XNDbm1DdTRuUHU=   //this is email:api-key from jfrog encoded in base64 format
npmRegistryServer: "https://jfrog.company.server/artifactory/api/npm/npm/"
yarnPath: .yarn/releases/yarn-berry.cjs
Read more comments on GitHub >

github_iconTop Results From Across the Web

Why am I getting 404 for some npm packages? - JFrog
However, when working with the npm public registry, HEAD requests will sometimes trigger a 404 error response even though the requested package exists....
Read more >
yarn install throw error request failed \"404 Not found"
I found a solution yarn config set registry https://registry.npmjs.org rm yarn.lock yarn.
Read more >
npm packages in the Package Registry - GitLab Docs
npm install returns npm ERR! 403 Forbidden. If you get this error, ensure that: The Package Registry is enabled in your project settings....
Read more >
SAP BTP Trial. SAP BAS start error. Some extensions were ...
FW ERROR: The @sap-cds/cds-editor failed to install because Unable to calculate tarball URL for @sap-cds/cds-editor@21.5.2 npm package. yarn ...
Read more >
Surviving the npm ERR! 404 with private packages
But my colleague is getting the following error on his Linux Debian 10 machine: ... 404 Note that you can also install from...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

yarn npm login is not compatible with verdaccio

Next page

[Bug] yarn pnpify fails with space character in path