bun icon indicating copy to clipboard operation
bun copied to clipboard

Published 20 hours ago verified publisher icon oven-sh

Private registry documentation clarification

Open hbthegreat opened this issue 1 year ago • 21 comments

What is the type of issue?

Documentation is missing, Documentation is incorrect

What is the issue?

Private registries coming from Gitlab private repos (and potentially other places) utilise npm config set and put multiple lines in the .npmrc file. Not sure if this should be a feature request or a documentation request.

I am trying to figure out how to translate those into the bunfig.toml format as not sure where to place individual lines starting with //gitlab

Working npmrc

@company:registry=https://gitlab.com/api/v4/projects/<id>/packages/npm/
//gitlab.com/api/v4/projects/<id>/packages/npm/:_authToken=<access token>
//gitlab.com/api/v4/projects/<id>/packages/npm/:always-auth=true

Not working bunfig.toml

[install.scopes]
"@company" = { url = "https://gitlab.com/api/v4/projects/<id>/packages/npm/" }
//gitlab.com/api/v4/projects/<id>/packages/npm/:_authToken=<access token>
//gitlab.com/api/v4/projects/<id>/packages/npm/:always-auth=true

Thanks in advance

Where did you find it?

https://bun.sh/docs/install/registries

hbthegreat avatar Sep 09 '23 05:09 hbthegreat

+1 I'm also having trouble figuring this out as I attempt to transition an app to Bun at my day job to see how it fares. Besides that, I'm not sure if options like strict-ssl are supported.

smnbnd avatar Sep 09 '23 06:09 smnbnd

Shouldn't it be

[install.scopes]
"@company" = { token = "<access token>", url = "https://gitlab.com/api/v4/projects/<id>/packages/npm/" }

?

And btw

  1. I don't think // comments are allowed in TOML? They should be # comments
  2. The token in your .npmrc maybe base64'd. Decode them in your bunfig.toml

Frederick888 avatar Sep 10 '23 22:09 Frederick888

These aren't comments. They are actually used in npmrc.

I did try the way you have mentioned however @Frederick888 and the main issue is not being able to have multiple things assigned to that "@company" part.

hbthegreat avatar Sep 11 '23 03:09 hbthegreat

These aren't comments. They are actually used in npmrc.

I did try the way you have mentioned however @Frederick888 and the main issue is not being able to have multiple things assigned to that "@company" part.

You mentioned in the description yourself you had // lines in bunfig.toml:

Not working bunfig.toml

[install.scopes]
"@company" = { url = "https://gitlab.com/api/v4/projects/<id>/packages/npm/" }
//gitlab.com/api/v4/projects/<id>/packages/npm/:_authToken=<access token>
//gitlab.com/api/v4/projects/<id>/packages/npm/:always-auth=true

Frederick888 avatar Sep 11 '23 03:09 Frederick888

Yes they were included in the bunfig as an example of what I believe is a currently unsupported use case. I understand that beginning lines with // is unsupported in toml and wondering how we can include those extra lines of mapping. Apologies for being unclear.

hbthegreat avatar Sep 11 '23 03:09 hbthegreat

Same problem with Codeartifact on AWS, even when always-auth=true is not required, cf. https://github.com/oven-sh/bun/discussions/4913

beeb avatar Sep 11 '23 11:09 beeb

registry =

_auth =

email =

always-auth = true

strict-ssl = false

@fortawesome:registry=https://npm.fontawesome.com/ //npm.fontawesome.com/:_authToken=

how would i convert the above to bunfig.toml

choopk avatar Sep 11 '23 14:09 choopk

Global Registry

[install] registry = "https://{email}:{token}@https://{org}/repository/npm-group/" always-auth = true strict-ssl = false

Scoped Registries

[install.scopes] fortawesome = { url = "https://npm.fontawesome.com/", token = "" }

choopk avatar Sep 12 '23 15:09 choopk

@choopk is that token you have referenced the same one as :_authToken= from the fontawesome line in your other comment?

hbthegreat avatar Sep 13 '23 01:09 hbthegreat

@choopk is that token you have referenced the same one as :_authToken= from the fontawesome line in your other comment?

the _auth goes to registry = "https://{email}:{token}@https://{org}/repository/npm-group/"

_authToken goes to fortawesome = { url = "https://npm.fontawesome.com/", token = "" }

however the initial installation took forever and never completed and failed.

choopk avatar Sep 13 '23 01:09 choopk

Thanks for clarifying. I ended up getting it to work for gitlab registries by rotating my key and making sure it had all required permissions.

Now have set it up identically to what @Frederick888 mentioned above and didn't have to add anything else for always-auth.

hbthegreat avatar Sep 13 '23 01:09 hbthegreat

The docs should definitely clarify that the PAT is not base64 encoded in the password field

zachbryant avatar Sep 13 '23 11:09 zachbryant

Took a longggg time to get this working with multiple registries (GitHub private, and npm public), but eventually got there.

Because GitHub doesn't forward a MISS to npm

If adding a scoped registry, you have to redeclare the default registry!

[install]
registry = "https://registry.npmjs.org" # redeclare default!

[install.scopes]
"@acme" = { token = "$ACME_TOKEN", url = "https://npm.pkg.github.com/" }
#                     ^ loads from .env file(s)
# add any other scoped registries (with their own access tokens)

lukeed avatar Sep 15 '23 20:09 lukeed

Took a longggg time to get this working with multiple registries (GitHub private, and npm public), but eventually got there.

Because GitHub doesn't forward a MISS to npm

If adding a scoped registry, you have to redeclare the default registry!

[install]
registry = "https://registry.npmjs.org" # redeclare default!

[install.scopes]
"@acme" = { token = "$ACME_TOKEN", url = "https://npm.pkg.github.com/" }
#                     ^ loads from .env file(s)
# add any other scoped registries (with their own access tokens)

Your solution unfortunately didn't work for Font Awesome. Here's what my .bunfig.toml looks like:

[install]
registry = "https://registry.npmjs.org"

[install.scopes]
"@fortawesome" = { token = "$FONTAWESOME_NPM_AUTH_TOKEN", url = "https://npm.fontawesome.com/" }

tyteen4a03 avatar Oct 02 '23 10:10 tyteen4a03

fortawesome

Is that a typo?

No, Font Awesome's prefix is indeed @fortawesome.

tyteen4a03 avatar Oct 02 '23 11:10 tyteen4a03

Is there a way do this without needing to store tokens/passwords in bunfig.toml so it can be committed? NPM lets you do this and then you authenticate separately with npm adduser --scope=@org --registry=https://org-registry-url

josephearl avatar Oct 03 '23 20:10 josephearl

Is there a way do this without needing to store tokens/passwords in bunfig.toml so it can be committed? NPM lets you do this and then you authenticate separately with npm adduser --scope=@org --registry=https://org-registry-url

Bun will read environment variables from the .env files so you can use a variable name inside bunfig.toml (see examples above)

beeb avatar Oct 04 '23 05:10 beeb

I have had the same issue and combining everything here and bun docs resolved my issues to some extend but the final catch was for private repositories it was throwing initially 404 and then with some changes 403s.

here is my .npmrc

@mycompany:registry = https://mycompany-repos.com/api/team-a
//mycompany.com/someotherstuff/:strict-ssl=false
//mycompany.com/someotherstuff/:always-auth=false
//mycompany.com/someotherstuff/:username=userA
//mycompany.com/someotherstuff/:pass=APassword

@fortawesome:registry=https://npm.fontawesome.com/
//npm.fontawesome.com/:_authToken:SomeTokenGoesHere

and this is similar stuff converted into bunfig.toml

[install]
# set default registry as a string (this is required as of today)
registry = "https://registry.npmjs.org"


[install.scopes]
"@mycompany" = { url = "https://mycompany-repos.com/api/team-a", strict-ssl = false, always-auth=false, username="userA", pass = "APassword" }
"@fortawesome" = { url = "https://npm.fontawesome.com/", token = "SomeTokenGoesHere"}

and at this point of was getting 403s. The reason was that a missing / after team-a. By adding a / at the end of the https://mycompany-repos.com/api/team-a/ bun was able to catch up and install all deps.

hematy61 avatar Nov 07 '23 07:11 hematy61

Not sure if exactly related but I had been trying to add/update my bunfig.toml file and running bun i --no-cache but it wouldn't pick up the config changes. I had to delete bun.lockb before it picked things back up, for anyone coming into this.

nourhelmi avatar Apr 29 '24 13:04 nourhelmi

Took a longggg time to get this working with multiple registries (GitHub private, and npm public), but eventually got there.

Because GitHub doesn't forward a MISS to npm

If adding a scoped registry, you have to redeclare the default registry!

[install]
registry = "https://registry.npmjs.org" # redeclare default!

[install.scopes]
"@acme" = { token = "$ACME_TOKEN", url = "https://npm.pkg.github.com/" }
#                     ^ loads from .env file(s)
# add any other scoped registries (with their own access tokens)

None of these configs work for @fortawesome/fontawesome. I was having high hopes for bun but this is too simple to ignore. I am discounting it now as a possible alternative to npm install. Also had issues with bundle splitting when building. The only thing left that might be viable is bun test.

hussain-nz avatar May 07 '24 06:05 hussain-nz

None of these configs work for @fortawesome/fontawesome. I was having high hopes for bun but this is too simple to ignore. I am discounting it now as a possible alternative to npm install. Also had issues with bundle splitting when building. The only thing left that might be viable is bun test.

I finally fixed it, there were a couple of gotchas:

  • If you are using a local config (i.e. not global), then it needs to be bunfig.toml and NOT starting with a dot like this: .bunfig.toml, it looks like the one that starts with a dot is for the global config (outside your source code location that you are running bun install from). After this my "404" errors for fortawesome/fontawesome turned into "401" errors. See next point :)
  • The second thing was that you need to check your token's casing, I visited fontawesome website and got the token straight from there, it was all in upper case. Using the upper case one finally fixed the 401 error. My final bunfig.toml:
[install]
# set default registry as a string (this is required as of today)
registry = "https://registry.npmjs.org"


[install.scopes]
"@fortawesome" = { token = "UPPERCASE-123-123-123-ABC123ABC", url = "https://npm.fontawesome.com/" }

hussain-nz avatar May 10 '24 06:05 hussain-nz

I would appreciate some help as I can't me it work. My organisation have several packages on a hosted Sonatype Nexus Repository and no matter how i set the scope, bun always search our packages on registry.npmjs.org where they're obviously missing.

[install]
registry = "https://registry.npmjs.org"

[install.scopes]
"@private" = { url = "https://my.org.com/repository/org-private-npm-group/", token = "string-token" }

Am i doing it a wrong way? I tried it on canary as well, with the same results and i'm on windows.

Update: so the problem is related that our packages doesn't belong to any scopes. they just lies inside our private repository like "package-1.0.1" and "lister-1.0.0" and not like "@private/package-1.0.1"

Is there a workaround for this?

Envo avatar Jun 10 '24 14:06 Envo