cli icon indicating copy to clipboard operation
cli copied to clipboard

Published 20 hours ago verified publisher icon npm

[BUG] Unable to download tarball of private packages

Open pedrofrancescon opened this issue 2 years ago • 8 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

This issue exists in the latest npm version

  • [x] I am using the latest npm

Current Behavior

I'm unable to use the npm pack command to download the the tarball of npm packages I have published on my private GitLab package registry:

npm ERR! code E404
npm ERR! 404 Not Found - GET https://gitlab.<...>/api/v4/projects/87/packages/npm/@<...>/-/@<...>-2.1.1.tgz
npm ERR! 404 
npm ERR! 404  'https://gitlab.<...>/api/v4/projects/87/packages/npm/@<...>/-/@<...>-2.1.1.tgz' is not in this registry.
npm ERR! 404 This package name is not valid, because 
npm ERR! 404  1. name can only contain URL-friendly characters
npm ERR! 404 
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/<...>/.npm/_logs/2022-07-19T19_07_44_458Z-debug-0.log

When I first do a npm install -g before, it downloads the package on cache, using the credentials I set on the .npmrc file, and then the npm pack command works as expected afterwards.

Expected Behavior

Directly download the tarball of private packages using npm pack, considering the credentials set on .npmrc file, without the need of executing the npm install -g command before to save it on cache.

Environment

  • npm: 8.14.0
  • Node.js: v16.14.0
  • OS Name: Kubuntu 22.04

pedrofrancescon avatar Jul 19 '22 19:07 pedrofrancescon

What exactly are you typing? You removed the "steps to reproduce" so we don't have any actual reproducible steps.

wraithgar avatar Aug 15 '22 14:08 wraithgar

I have some scoped packages on my GitLab's npm package registry, so for example if I type npm pack @protocols/node-focas it gives me the error above. No issues for other packages (i.e. node-red-contrib-focas) that were published on the standard npm registry and depend on those private packages, that is, the command npm pack node-red-contrib-focas works normally and downloads the tarball as expected.

pedrofrancescon avatar Aug 15 '22 16:08 pedrofrancescon

does npm install @protocols/node-focas work?

ETA: Is npm configured to authenticate to that tarball url? It looks like gitlab has docs for this https://docs.gitlab.com/ee/user/packages/npm_registry/

The 404 seems to indicate this is a configuration/auth issue with gitlab.

wraithgar avatar Aug 15 '22 16:08 wraithgar

Yes npm install @protocols/node-focas works normally. My .npmrc file has all the required information to authenticate and resolve to my GitLab repo.

pedrofrancescon avatar Aug 15 '22 17:08 pedrofrancescon

I know it doesn't make any sense what I'm about to ask but could you try without the @ in the scope?

gtirloni avatar Aug 26 '22 17:08 gtirloni

That would attempt to install https://github.com/protocols/node-focas from git (which currently doesn't exist) and not the scoped package.

wraithgar avatar Aug 29 '22 14:08 wraithgar

Yes I've already tried that, right at first, and it indeed points to another (invalid) package. Also doesn't work.

pedrofrancescon avatar Aug 30 '22 18:08 pedrofrancescon

I can confirm this doesn't work. It seems like npm pack doesn't respect the registry authentication settings

hendrikheil avatar Sep 05 '22 14:09 hendrikheil