yarn
yarn copied to clipboard
yarnpkg
Yarn not observing _password and username .yarnrc parameters for custom registry
Do you want to request a feature or report a bug? bug
What is the current behavior?
We are using a private Artifactory repo, configured using two levels of .npmrc files that I am trying to move to Yarn. I have censored the data below, if more information is needed then let me know.
In the project folder I have a .yarnrc file which contains the following
registry "https://<artifactory-url>/artifactory/api/npm/<repo-name>"
In my user folder I have another .yarnrc file which contains the following
"//<artifactory-url>/artifactory/api/npm/:_password" <password>
"//<artifactory-url>/artifactory/api/npm/:username" xeno
"//<artifactory-url>/artifactory/api/npm/:email" [email protected]
"//<artifactory-url>/artifactory/api/npm/:always-auth" true
When running yarn install I get an error message. The yarn-error.log shows the following
Trace:
Error: https://<artifactory-url>/artifactory/api/npm/<repo-name>/<package-name>: not_found
at Request.params.callback [as _callback] (D:\DevTools\nvm\v6.3.1\node_modules\yarn\lib\util\request-manager.js:294:18)
This is occurring because the package is in a non-public Artifactory repository that require user credentials to access. Public packages can be installed correctly and correctly use the Artifactory URL.
Please mention your node.js, yarn and operating system version.
Yarn version:
0.16.1
Node version:
6.3.1
Platform:
win32 x64
I don't know that Yarn should respect those parameters. I don't know why you'd want to store credentials in a file, that's not secure at all
@thejameskyle There is currently no other way to store the credentials for Artifactory. The options (as far as I can find) are this or encoding username and password in the registry URL.
Is there another way?
We could prompt you for credentials if Artifactory does something standard
Unfortunatly it does not, it simply returns the same "not_found" JSON that it returns when something just doesn't exist.
{"error": "not_found", "reason": "document not found"}
@xenobytezero Usually Artifactory returns not found errors if the user has no access/the url is wrong. We are using yarn with Artifactory 4.12 quite happily.
TL;DR: After writing my Artifactory installation instruction below, i saw that <repo-name> is missing from your urls in the .yarnrc
If you plan on publishing private packages, just do the following:
- Setup a local npm repository. Let's say
npm-companywith the layoutnpm-default - Setup a remote npm repository for
https://registry.npmjs.orgwith the layoutnpm-default - Setup a virtual repository
npmwhich includeshttps://registry.npmjs.organdnpm-company. Layoutnpm-registryand selectnpm-companyas a default deployment repository. - Give user rights :)
- Execute curl command:
$ curl -u username https://artifactory.company.example/api/npm/npm/
# Returns:
@npm:registry=https://artifactory.example.org/api/npm/npm/
//artifactory.example.org/api/npm/npm/:_password=XXXXXXXXXXXXXXXXXX
//artifactory.example.org/api/npm/npm/:username=YOUR-USERNAME
//artifactory.example.org/api/npm/npm/:[email protected]
//artifactory.example.org/api/npm/npm/:always-auth=true
- Copy the contents result into
.npmrcand add registry line:
# set default registry
registry=https://artifactory.example.org/api/npm/npm/
#Returned values from curl command above
@npm:registry=https://artifactory.example.org/api/npm/npm/
//artifactory.example.org/api/npm/npm/:_password=XXXXXXXXXXXXXXXXXX=
//artifactory.example.org/api/npm/npm/:username=YOUR-USERNAME
//artifactory.example.org/api/npm/npm/:[email protected]
//artifactory.example.org/api/npm/npm/:always-auth=true
This will allow you to publish your private packages to npm-company while mirroring https://registry.npmjs.org on install commands.
@happyyangyuan I saw that they added "authHeader" hook on their plugins api. So you can customize the behavior of accessing private registry