corepack icon indicating copy to clipboard operation
corepack copied to clipboard
verified publisher icon nodejs

`Internal Error: Server answered with HTTP 403`: hardcoded registries?

Open lmmarsano opened this issue 4 years ago • 1 comments

Getting a 403 error

$ nodenv global 17.1.0
$ npm ls -g --depth 0
/home/LOM0227/stow/nodenv/.nodenv/versions/17.1.0/lib
├── [email protected]
└── [email protected]

$ corepack enable
$ pnpm
Internal Error: Server answered with HTTP 403
    at ClientRequest.<anonymous> (/home/LOM0227/stow/nodenv/.nodenv/versions/17.1.0/lib/node_modules/corepack/dist/corepack.js:3933:31)
    at Object.onceWrapper (node:events:510:26)
    at ClientRequest.emit (node:events:390:28)
    at HTTPParser.parserOnIncomingClient [as onIncoming] (node:_http_client:623:27)
    at HTTPParser.parserOnHeadersComplete (node:_http_common:128:17)
    at TLSSocket.socketOnData (node:_http_client:487:22)
    at TLSSocket.emit (node:events:390:28)
    at addChunk (node:internal/streams/readable:324:12)
    at readableAddChunk (node:internal/streams/readable:297:9)
    at TLSSocket.Readable.push (node:internal/streams/readable:234:10)

I suspect these hardcoded registries have something to do with that.

https://github.com/nodejs/corepack/blob/49ea6a2c7de269ceb2fbf61df3fc09146a8abcf4/sources/corepackUtils.ts#L18 https://github.com/nodejs/corepack/blob/49ea6a2c7de269ceb2fbf61df3fc09146a8abcf4/sources/corepackUtils.ts#L34

This doesn't work for environments that block the public registry and require a private registry like artifactory, eg,

$ npm config list
; "user" config from /home/LOM0227/.npmrc

//[redacted].jfrog.io/artifactory/api/npm/emf-npm-virtual/:_password = (protected) 
//[redacted].jfrog.io/artifactory/api/npm/emf-npm-virtual/:username = "lmarsano@[redacted].com" 
always-auth = true 
email = "LMarsano@[redacted].com" 
registry = "https://[redacted].jfrog.io/artifactory/api/npm/emf-npm-virtual/"

Maybe lookup registry from config files?

lmmarsano avatar Nov 18 '21 01:11 lmmarsano

Indeed, having some way to configure that would be nice. I don't think however reading the .npmrc would be the best option; it's an npm-specific file, and I'm not fond of piggybacking on third-party configuration files.

At the moment the main way to configure Corepack is through environment variables (such as COREPACK_ENABLE_NETWORK), which lets you configure Corepack via your typical .bashrc / etc files - a good first iteration would be to update the lines you referenced to support an additional environment variable (say, COREPACK_NPM_REGISTRY?) rather than hardcode the registry.

Would you be interested in making such a PR?

arcanis avatar Nov 18 '21 10:11 arcanis

@arcanis I'd love to tackle this for my use case, but I also need to support authentication options and want to discuss how you see that working.

Is the right option to implement npm-registry-fetch and then expose the applicable configuration using environment variables?

micsco avatar Sep 24 '22 13:09 micsco

Added a PR in #186, this will fix for npm and pnpm use cases, but not for yarn as yarn versions >2.0 don't use the npm registry; instead yarn uses a custom registry.

micsco avatar Sep 24 '22 17:09 micsco