bun
bun copied to clipboard
oven-sh
Support reading from .npmrc
What is the problem this feature will solve?
npm is configured by a .npmrc, but currently, bun seems to require the configuration to be duplicated to a bunfig.toml file.
What is the feature you are proposing to solve the problem?
For bun install to support reading from the .npmrc file.
What alternatives have you considered?
No response
Waiting to this feature to try bun on my current project. Is there any workarounds?
@Jarred-Sumner do you have any plan about reading .npmrc file. It's most important thing if bun is working as a package manager
+1 for me. Particularly, I need support for registry= and @group:registry=. Without 'em, I can't really use it.
Incidentally, I duplicated my config in bunfig.toml (can't share; private registries), but got a segfault on bun install.
As a @Trendyol (https://github.com/trendyol) We would like to use bun in PoC but It doesn't work with private registry 😢
Same problem here. I just installed bun for one of two speed-up PoCs at my day-job. The project depends on a private repository though.
@sayjeyhi There is a tweet by one of the creators showing steps to include a private registry and it worked!
https://twitter.com/jarredsumner/status/1555832429276827648?s=20&t=coxDA6eH02_3REEZBRwr-A
@drabelo That doesn't work for me (bun 0.4 & private nexus repository). Is there a way to find out that bun even sees the ~/.bunfig.toml? On my side it still tries to find all the packages at registry.npmjs.org
However if I override each individual private package like this:
[install.scopes]
"<my-private-package-name>" = { url = "https://<my-private-repo-url>/:_authToken=<my-private-repo-auth-token>" }
"<my-private-package-name2>" = { url = "https://<my-private-repo-url>/:_authToken=<my-private-repo-auth-token>" }
"<my-private-package-name3>" = ...
It seem to be working fine. Thanks, @drabelo ! It's inconvenient but ok for tinkering.
Supporting the global ~/.npmrc file (in addition to locals) would be really helpful for those who have a long history of private/client projects. While the workaround exists (🙏) it'd be a lot easier to not have to slice up & duplicate the registry urls for each project
Preventing my organisation from experimenting with bun. Would appreciate this.
Preventing my organisation from experimenting with bun. Would appreciate this.
@drabelo 's solution works and has the added benefit of being safer than local .npmrc files
https://twitter.com/jarredsumner/status/1555832429276827648?s=20&t=coxDA6eH02_3REEZBRwr-A
Does somebody has any idea how install.scopes section should look for azure devops artifact feed? I tried each possible solution i was think of, and i always end up with 403 for get of the artifact.
Running into the same issue as you @ciprianglg at the same time it looks like. The URL in the error logs when doing bun install is actually for the tar compressed file for the package. In ADO registry case this is hosted in blob storage in Azure. The URL has a SAS key (so I can't share it here), but curiously when I click the link I actually am able to download the file in a browser (just ctrl-clicking the link output in the error logs by bun). So the URL looks correct, not sure why Bun gets 403 but my browser gets a 200
Btw I also use the install.scopes workaround, and since bun ends up with a link containing a SAS key I think the credentials there are correct in my case
@martinothamar the same behavior on my side, if i click the link i can download it.
The error message looks like this one to me, if that helps: https://github.com/oven-sh/bun/blob/bun-v0.5.9/src/install/install.zig#L3858
I'm on version v0.5.9
@martinothamar have you managed to get Bun working with Azure Artifacts?
No, this was a PoC for me so didnt have much time to debug unfortunately
Anyone was able to figure it out? Looks like bun sometimes completely ignores the bunfig. Moreover if I use @company it sometimes tries to use the registry from the install.scopes, if I use the actual company name -- it always goes to the default registry.
==EDIT
Ok, spent a bit more time looking through logs/versions. I have a gcp artifact registry, defining it as follows in the config
[install.scopes]
"@COMPANY_NAME" = {url = "https://us-central1-npm.pkg.dev/COMPANY_NAME/fw-npm", token = $TOKEN }
then do the rm -rf ~/.bun/ && rm rm bun.lockb
And trying to install
TOKEN=SECRET install --verbose
bun install v0.6.0 (7f25aa9e)
Enqueue package manifest for download: @COMPANY_NAME/mobile-common
🔍 Resolving [1/1] Request: GET /COMPANY_NAME/fw-npm/@COMPANY_NAME/mobile-common
Authorization: Bearer SECRET
npm-auth-type: legacy
Accept: application/vnd.npm.install-v1+json; q=1.0, application/json; q=0.8, */*
Connection: keep-alive
User-Agent: Bun/0.6.0
Host: us-central1-npm.pkg.dev
Accept-Encoding: gzip, deflate
Request: GET /COMPANY_NAME/fw-npm/@COMPANY_NAME/mobile-common
Authorization: Bearer SECRET
npm-auth-type: legacy
Accept: application/vnd.npm.install-v1+json; q=1.0, application/json; q=0.8, */*
Connection: keep-alive
User-Agent: Bun/0.6.0
Host: us-central1-npm.pkg.dev
Accept-Encoding: gzip, deflate
Response: < 200 OK
< Content-Type: application/json; charset=utf-8
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-Xss-Protection: 0
< Date: Sat, 13 May 2023 02:26:52 GMT
< Transfer-Encoding: chunked
< Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
[346.99ms]
Downloaded @COMPANY_NAME/mobile-common versions
- "@COMPANY_NAME/mobile-common": "1.0.0-df23950" - @COMPANY_NAME/[email protected]
🔍 @COMPANY_NAME/mobile-common [3/3]
GET https://registry.yarnpkg.com/@COMPANY_NAME/mobile-common/-/@COMPANY_NAME/mobile-common-1.0.0-df23950.tgz - 404
-- BEGIN SHA512/256(`${alphabetize(name)}@${order(version)}`) --
@COMPANY_NAME/[email protected]
-- END HASH--
Saving 1 trees
Saving 1 hoisted_dependencies
Saving 1 resolutions
Saving 1 dependencies
Saving 0 extern_strings
Saving 162 string_bytes
So it looks like even tho bun downloaded the package, it still tries to resolve it through the default registry and fails. In fact, w/o clearing the has the same thing happens. Am I doing something wrong? Tried older versions to no avail
ok, nvm, totally my fault: yarn publish for some reason botches tarball location and even tho it publishes to the private registry, it puts yarnpkg into manifest. Publishing with npm works.
workaround
.bunfig.toml in $HOME or bunfig.toml in project root
with
[install]
registry = "https://yourPrivateRegistry.io"
see https://bun.sh/docs/runtime/configuration#private-scopes-and-registries https://bun.sh/docs/install/registries
There are a solution for azure arctifacts ? It still not working 😢
+1, also blocker here
bun install v1.0.0 (822a00c4)
🔍 @fortawesome/pro-duotone-svg-icons [134/387]
error: package "@fortawesome/pro-duotone-svg-icons" not found registry.npmjs.org/@fortawesome/pro-duotone-svg-icons 404
🔍 @fortawesome/pro-light-svg-icons [160/425]
error: package "@fortawesome/pro-light-svg-icons" not found registry.npmjs.org/@fortawesome/pro-light-svg-icons 404
🔍 @bit-dev/utils.environment-discovery [1334/1854]
error: package "@bit-dev/utils.environment-discovery" not found registry.npmjs.org/@bit-dev/utils.environment-discovery 404
🔍 @fortawesome/pro-solid-svg-icons [1885/2396]
error: package "@fortawesome/pro-solid-svg-icons" not found registry.npmjs.org/@fortawesome/pro-solid-svg-icons 404
🔍 @fortawesome/pro-thin-svg-icons [1985/2481]
error: package "@fortawesome/pro-thin-svg-icons" not found registry.npmjs.org/@fortawesome/pro-thin-svg-icons 404
error: package "@mui/x-tree-view" with tag "https://pkg.csb.dev/mui/mui-x/commit/1f23b33d/@mui/x-tree-view" not found, but package exists
