An unexpected error occurred: Request failed \"404 Not Found\"".

[DannyBrown-xx]

Do you want to request a feature or report a bug?
Bug

What is the current behavior?
I have a package which only depends on modules from the npmjs repository. They are predominantly public repositories, however 5 of them are private repositories scoped using an @ symbol. Again, these are hosted on npmjs.

Up until some time today all of them would download an install without issue. However, something has changed and now one of them fails to install with the following error:

error An unexpected error occurred: "http://registry.npmjs.org/@pepperhq/hmac-http-authentication/-/hmac-http-authentication-0.1.2.tgz: Request failed \"404 Not Found\"".

As I stated previously, the other private repositories (all within the same @ scope) download and install as intended. This leads me to think this isn't an authentication issue.

My .npmrc which is in the root of my project and contains my _authToken looks like this:

//registry.npmjs.org/:_authToken=TOKEN_HERE

I have already completed the following activities:

1. Logging in using npm login again to get a fresh accessToken
2. Ensuring the package name is correct (I copied it from the npm website just to be sure)
3. Running rm -rf node_modules && rm yarn.lock && yarn cache clean
4. Removing the offending package from my package.json and attempting to re yarn add it
5. Attempting to run the equivalent npm install --save command. This worked.

If the current behavior is a bug, please provide the steps to reproduce.
As I am unsure of the cause I am unsure how to reproduce. Am willing to discuss further on Discord or in comments on this Issue.

What is the expected behavior?
I expect Yarn to install all of my private repositories from npmjs

Please mention your node.js, yarn and operating system version.
Taken from yarn-error.log

Yarn version: 
  0.20.3

Node version: 
  6.9.5

Platform: 
  darwin x64

[DannyBrown-xx]

As an aside, the package clearly does exist and yarn is clearly accessing the package in some way because the url contains the version number it is attempting to retrieve.

[DannyBrown-xx]

Having ran some more tests, I've found that the same package fails to install from other repositories that require it when using Yarn. However, it works fine when using npm.

This leads me to think it isn't my repository specific config. Could it be something to do with the name of the package tripping Yarn up, or the url encoding or something?

Clutching at straws here, but hopefully this might bump someone in the right direction

[DannyBrown-xx]

I fixed this: I simply re-published the offending package with a new version number.

I have no idea why that fixed it.

I will leave this here in case it aids debugging.

[bjrnt]

I'm experiencing the same issue. This seems to happen randomly and is often resolved by simply retrying the build.

[rogchap]

We're also experiencing the exact same issue.
Some private modules work some do not; all the same @scope.

[hilkeheremans]

We just experienced the same issue. Some more context here in the hopes that it might help

• We were running yarn in our CI (Drone), which runs in ephemeral Docker containers [Alpine Linux]
• The issue occurred in only ONE of our services building, whereas nothing went wrong with the other services, even though they have the exact same dependency tree (!)
• a manual install on my Mac for the same repo yielded no issues at all (!)
• the issue was limited to a single private package

As mentioned above as workaround, publishing a new version of the package resolved the issue.

Unfortunately, I was unable to obtain a detailed yarn-error.log as the containers are destroyed immediately after a failed build. If anyone else has this issue, could you try it again with a verbose install and throw the log in here?

[rosskevin]

I am seeing the same issue. I'm using a docker image in circleci 2.0 and having some unrelated issues that I'm debugging locally (compilation difference on cci vs local).

• when I yarn on the host OSX machine, everything works.
• when I yarn on the container (Ubuntu), I get the error.
• when I yarn on the ^^container (Ubuntu) running on circleci 2.0 infrastructure, it works.

I have setup .npmrc etc. It's really a head-scratcher that it doesn't work for me on a locally running container.

Verbose didn't provide me with any information that I can spot:

root@2adc7c09ff9a:~/af/spec/dummy# yarn --pure-lockfile --ignore-optional
yarn install v0.21.3
[1/4] Resolving packages...
[2/4] Fetching packages...
error An unexpected error occurred: "https://registry.yarnpkg.com/@alienfast/build/-/build-2.0.38.tgz: Request failed \"404 Not Found\"".
info If you think this is a bug, please open a bug report with the information provided in "/root/af/spec/dummy/yarn-error.log".
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.
root@2adc7c09ff9a:~/af/spec/dummy# yarn --pure-lockfile --ignore-optional --verbose
yarn install v0.21.3
verbose 0.178 current time: 2017-03-01T20:22:52.715Z
[1/4] Resolving packages...
[2/4] Fetching packages...
verbose 0.798 Performing "GET" request to "https://registry.yarnpkg.com/@alienfast/build/-/build-2.0.38.tgz".
verbose 0.861 Performing "GET" request to "https://registry.yarnpkg.com/@alienfast/ui/-/ui-1.0.34.tgz".
verbose 0.894 Performing "GET" request to "https://registry.yarnpkg.com/react-relay/-/react-relay-0.10.0.tgz".
verbose 0.895 Performing "GET" request to "https://registry.yarnpkg.com/react-dom/-/react-dom-15.4.2.tgz".
verbose 0.919 Performing "GET" request to "https://registry.yarnpkg.com/eslint/-/eslint-3.15.0.tgz".
verbose 0.941 Performing "GET" request to "https://registry.yarnpkg.com/flow-bin/-/flow-bin-0.39.0.tgz".
verbose 0.951 Performing "GET" request to "https://registry.yarnpkg.com/@alienfast/material-ui/-/material-ui-0.16.87.tgz".
verbose 0.966 Performing "GET" request to "https://registry.yarnpkg.com/@alienfast/react-formal/-/react-formal-0.24.7.tgz".
verbose 1.003 Performing "GET" request to "https://registry.yarnpkg.com/babel-runtime/-/babel-runtime-6.23.0.tgz".
verbose 1.103 Performing "GET" request to "https://registry.yarnpkg.com/graphql/-/graphql-0.9.1.tgz".
verbose 1.178 Performing "GET" request to "https://registry.yarnpkg.com/lodash/-/lodash-4.17.4.tgz".
verbose 1.206 Performing "GET" request to "https://registry.yarnpkg.com/material-ui/-/material-ui-0.16.7.tgz".
verbose 1.249 Performing "GET" request to "https://registry.yarnpkg.com/react-i18next/-/react-i18next-2.2.0.tgz".
verbose 1.261 Performing "GET" request to "https://registry.yarnpkg.com/react-relay-network-layer/-/react-relay-network-layer-1.4.0.tgz".
verbose 1.272 Performing "GET" request to "https://registry.yarnpkg.com/react-router/-/react-router-3.0.2.tgz".
verbose 1.696 Performing "GET" request to "https://registry.yarnpkg.com/react-router-relay/-/react-router-relay-0.13.5.tgz".
verbose 1.764 Performing "GET" request to "https://registry.yarnpkg.com/react-sizeme/-/react-sizeme-2.2.0.tgz".
verbose 2.063 Performing "GET" request to "https://registry.yarnpkg.com/recompose/-/recompose-0.22.0.tgz".
verbose 2.144 Error: https://registry.yarnpkg.com/@alienfast/build/-/build-2.0.38.tgz: Request failed "404 Not Found"
    at Request.handleRequestError (/root/.yarn/lib/fetchers/tarball-fetcher.js:231:20)
    at emitOne (events.js:96:13)
    at Request.emit (events.js:189:7)
    at Request.onRequestResponse (/root/.yarn/node_modules/request/request.js:986:10)
    at emitOne (events.js:96:13)
    at ClientRequest.emit (events.js:189:7)
    at HTTPParser.parserOnIncomingClient (_http_client.js:522:21)
    at HTTPParser.parserOnHeadersComplete (_http_common.js:99:23)
    at TLSSocket.socketOnData (_http_client.js:411:20)
    at emitOne (events.js:96:13)
    at TLSSocket.emit (events.js:189:7)
error An unexpected error occurred: "https://registry.yarnpkg.com/@alienfast/build/-/build-2.0.38.tgz: Request failed \"404 Not Found\"".
info If you think this is a bug, please open a bug report with the information provided in "/root/af/spec/dummy/yarn-error.log".
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.

root@2adc7c09ff9a:~/af/spec/dummy# cat ~/.npmrc
registry=https://registry.npmjs.org/
//registry.npmjs.org/:_authToken=${NPM_TOKEN}

root@2adc7c09ff9a:~/af/spec/dummy# echo $NPM_TOKEN
xxxxx-xxxx-xxxx-xxxx-xxxxxxxx

[flipace]

Same here, it works locally on OSX but not on the CircleCI container (circleci 1.0).

I tried to yarn cache clean - afterwards a different package failed installation.

It happens with yarn 0.18.1 as well as 0.21.3 - so maybe something changed in the yarnpkg registry configuration? Or, since I think everyone in the comments here is using CircleCI in the problem-scenario, it's an issue with CircleCI configuration?

[rogchap]

So, we think we've managed to solve the problem; would be keen to see if it works for others:
We had to make a slight change to .npmrc which makes little sense why this works:

registry=http://registry.npmjs.org/
//registry.npmjs.org/:_authToken=${NPM_TOKEN}
@ourscope:registry=https://registry.npmjs.org/

Thing to note is that we required both normal registry AND one for our private scoped registry. Just make sure you change @ourscope with your own.

Let me know if this helps anyone.

[flipace]

@rogchap i just tried your solution but still see the same problem as before :(

we have a hyphen in our scope name, maybe that could be the culprit?

registry=http://registry.npmjs.org/
//registry.npmjs.org/:_authToken=${NPM_TOKEN}
@our-scope:registry=https://registry.npmjs.org/

[rosskevin]

@rogchap this workaround didn't have any effect on our situation.

root@f41305331cb8:~/af/spec/dummy# cat ~/.npmrc
registry=https://registry.npmjs.org/
//registry.npmjs.org/:_authToken=${NPM_TOKEN}
@alienfast:registry=https://registry.npmjs.org/

[rosskevin]

Confirmed it fails with 0.20.4 and 0.21.3. Given that this has also been working for me without a problem, I'm curious if something has changed on the server side to cause this. This certainly now seems like a bug.

[rosskevin]

• I just deployed new versions of the 'offending' scoped modules and it made no difference, same error.
• I ran npm install and have no problems fetching the modules in the problem environment

[rogchap]

So, not fixed for me...again.

I had another private module give me the 404 message, even though it seems to resolve the correct version (must be reading something correctly somewhere), and seems to try and download the same tar url as NPM.

This time I REMOVED the registries (except the auth one) in .npmrc to get it to work!

There is no consistency at all, randomly "playing" with .npmrc seems to temporarily work.

I'm trying to promote Yarn, but every engineer in our company (rightly) says that Yarn is "not stable", "un usable", "not reliable", "doesn't work with private modules", "fails on the CI server" etc etc.

I wonder if the Private NPM registry is doing something "funky" with the user-agent!?? <- Wild guess.

[hilkeheremans]

In order to better understand this we may need some input from core contributors. @bestander, any insights?

[bestander]

We don't use private packages much so this feature has less eyes on.
Afaik most of the issues were fixed by the community.
This is a great opportunity to try to fix it.
I don't think npm registry would do something with the response based on UA, most likely the token is not passed at all for some reason.

[flipace]

Okay, so I forked yarn and fiddled around a bit. It seems like it loses the token before it fetches the tarball or rather after the first request is sent...

yarn add v0.23.0-0
verbose 0.227 current time: 2017-03-06T20:25:18.877Z
info No lockfile found.
[1/4] Resolving packages...
⠁ { authorization: 'Bearer MY_TOKEN_IS_HERE' } <<<<<----- here it uses my token for the request
verbose 0.409 Performing "GET" request to "https://registry.npmjs.org/@ovos-media%2flib-director".
verbose 1.306 Request "https://registry.npmjs.org/@ovos-media%2flib-director" finished with status code 200.
{} <--- token is gone
verbose 1.316 Performing "GET" request to "https://registry.npmjs.org/bluebird".
{} <--- token is gone
verbose 1.318 Performing "GET" request to "https://registry.npmjs.org/jwt-decode".
verbose 1.531 Request "https://registry.npmjs.org/bluebird" finished with status code 200.
verbose 1.572 Request "https://registry.npmjs.org/jwt-decode" finished with status code 200.
[2/4] Fetching packages...
https: /@ovos-media/lib-director/-/lib-director-0.4.1.tgz https://registry.yarnpkg.com/@ovos-media/lib-director/-/lib-director-0.4.1.tgz
{} <--- token is gone
verbose 1.597 Performing "GET" request to "https://registry.yarnpkg.com/@ovos-media/lib-director/-/lib-director-0.4.1.tgz".
verbose 2.663 Error: https://registry.yarnpkg.com/@ovos-media/lib-director/-/lib-director-0.4.1.tgz: Request failed "404 Not Found"
    at Request.res (/home/ubuntu/yarn/lib/fetchers/tarball-fetcher.js:232:20)
    at emitOne (events.js:90:13)
    at Request.emit (events.js:182:7)
    at Request.onRequestResponse (/home/ubuntu/yarn/node_modules/request/request.js:986:10)
    at emitOne (events.js:90:13)
    at ClientRequest.emit (events.js:182:7)
    at HTTPParser.parserOnIncomingClient (_http_client.js:469:21)
    at HTTPParser.parserOnHeadersComplete (_http_common.js:103:23)
    at TLSSocket.socketOnData (_http_client.js:359:20)
    at emitOne (events.js:90:13)
error An unexpected error occurred: "https://registry.yarnpkg.com/@ovos-media/lib-director/-/lib-director-0.4.1.tgz: Request failed \"404 Not Found\"".

When I explicitly set the authorization header in the npm-registry.js before the request is sent, everything works fine. So there seems to be some bug in yarn and not on the server side.

EDIT:

Okay, so after further inspection, this problem occurs because the check whether the authorization header should be set returns false in npm-registry.js -> https://github.com/yarnpkg/yarn/pull/2598/files#diff-b053bee294c216269844e5874039b6caR62
And this, in turn, happens because it compares the yarnpkg registry proxy with the npmjs registry.

https://registry.yarnpkg.com/@ovos-media/lib-director/-/lib-director-0.4.1.tgz https://registry.npmjs.org/

[flipace]

Okay, so i figured out how to fix this issue for us without a change to yarns source code.
It's basically what @rogchap posted but (in our case) in the other direction:

registry=https://registry.npmjs.org/
@ovos-media:registry=https://registry.yarnpkg.com/
//registry.npmjs.org/:_authToken=your-auth-token

OR alternatively completely getting rid of registry:

//registry.npmjs.org/:_authToken=your-auth-token

This seems to work because then yarn does not use different registries for the package in question to fetch info and tarballs. However, I'm unsure as to why yarn mixes these two and I think that maybe the check for the auth token could be changed/improved somehow.

[bestander]

What is the next step?
Document the workaround or make changes to Yarn?

[pleunv]

I've been trying out every possible combination for the past few hours and I think it's safe to say that there is no reliable workaround for this issue. @flipace any idea if this is something that can be fixed easily? Both of your methods do not work for me :(.

[pleunv]

Actually, scratch that, it does. Removing the registry assignments and only keeping the line with the auth-token seems to do the trick. Damn typos. Thanks @flipace!

[flipace]

@bestander i'll try to come up with a PR in the next few days, the behavior of yarn in this case is not the way it should be. Thanks @pleunv for confirming that the workaround works for you too!

[willrstern]

The workaround does not work for me unfortunately 😿

[flipace]

@willrstern could you post your .npmrc maybe?

[willrstern]

Ah, removing .yarnrc worked for me. Contents were:

# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1


registry "https://registry.npmjs.org/"
email <email>
lastUpdateCheck 1489181224804
username <username>

note, the npmjs.org registry was something I had added when troubleshooting why it wasn't working, so it wasn't the offending config.

[willrstern]

@flipace .npmrc was all manner of the workarounds above including the token-only line.

[levino]

None of these workarounds worked for me.

Actually it works if I put this in my docker file:

RUN echo -e "registry=https://registry.npmjs.org/\n//registry.npmjs.org/:_authToken=\${NPM_AUTH_TOKEN}\nsatoshipay:registry=https://registry.npmjs.org/" > /usr/src/app/.npmrc
RUN yarn

The scope in question for me is @satoshipay

[wayneseymour]

Co-worker and I had this issue...after installing node v7.7.4, and re-logging into npm via npm login, everything worked.

[jurekbarth]

@levino Can you run yarn config list and have a look if yarn is picking up the .npmrc file? In #521 @BohdanTkachenko solved the issue similarly. At least this also works for me :)

[grundiss]

Wow. Turned out my problem wasn't part of this issue, but more like a part of more global thing: floatdrop/pinkie#18

[kirillgroshkov]

Shit, now we started getting this problem too. Private scoped package. Random reproduction - sometimes works (with some versions), sometimes it doesn't.

[stewx]

Seeing this error on our project. It is bizarre, since I don't get a 404 when hitting the URL manually:

Trace:
  Error: https://codeload.github.com/types/npm-v8flags/tar.gz/de224ae1cd5fd7dbb4e7158a6cc7a29e5315930d: Request failed "404 Not Found"
      at Request.handleRequestError (C:\Users\stewx\AppData\Roaming\nvm\v6.10.0\node_modules\yarn\lib\fetchers\tarball-fetcher.js:203:20)
      at emitOne (events.js:96:13)
      at Request.emit (events.js:188:7)
      at Request.onRequestResponse (C:\Users\stewx\AppData\Roaming\nvm\v6.10.0\node_modules\yarn\node_modules\request\request.js:1068:10)
      at emitOne (events.js:96:13)
      at ClientRequest.emit (events.js:188:7)
      at HTTPParser.parserOnIncomingClient (_http_client.js:474:21)
      at HTTPParser.parserOnHeadersComplete (_http_common.js:99:23)
      at TLSSocket.socketOnData (_http_client.js:363:20)
      at emitOne (events.js:96:13)

[GeoffreyPlitt]

We have solved all errors like these by switching our URLs a little. Avoid tar/gz and use tarball, i.e.:

"package_name":"https://github.com/somebody/package_name/tarball/master"

[huw]

If your package is hosted privately on npmjs.org, removing the line @scope:registry=https://registry.npmjs.org/ from .npmrc worked for us — presumably this is due to issues with yarnpkg being a CDN for npmjs.org

[fbartho]

I'm exhibiting this today
error An unexpected error occurred: “https://registry.yarnpkg.com/@types/webpack/-/webpack-3.8.10.tgz: Request failed \“404 Not Found\“”.
Not a private repo :(

[yharaskrik]

+1 for me. Started experiencing it today as well. Trying in install webpack on our CI.

[simPod]

Same here lol. Tried latest

error An unexpected error occurred: "https://registry.yarnpkg.com/@types/webpack/-/webpack-4.1.1.tgz: Request failed \"404 Not Found\"".

[simPod]

It is being discussed here #5530

[FezVrasta]

In my case I had a local .npmrc that defined a private registry for a specific scope, all I had to add was registry=https://registry.npmjs.org/ at the top of the file. Resulting in:

# .npmrc
registry=https://registry.npmjs.org/

@acme:registry=https://acme.jfrog.io/acme/api/npm/npm/
//acme.jfrog.io/acme/api/npm/npm/:_auth=YYYYYYYYYYYYYYYYYYYYYYYYYY
//acme.jfrog.io/acme/api/npm/npm/:username=username
//acme.jfrog.io/acme/api/npm/npm/:[email protected]
//acme.jfrog.io/acme/api/npm/npm/:always-auth=true

[beck]

Working with CircleCI also had 404 with yarn install.

removing yarn.lock

This worked for me. Digging some more, discovered there were bad urls in the yarn lock.

The yarn lock was using registry.yarnpkg.com that would 404'd on CircleCI (no clue why it worked locally).

The resulting config that did the trick:

- run: echo "//registry.npmjs.org/:_authToken=$NPM_AUTH_TOKEN" > ~/.npmrc
- run: yarn config set registry https://registry.npmjs.org/
- run: yarn

[psyanite]

Thanks all, I too have resolved this issue by deleting yarn.lock.

[jayantbh]

For me, the failing command was yarn add gatsby-plugin-react-helmet react-helmet.

I was able to run a yarn upgrade (tried out of curiosity), and then the above command worked. Not sure why that is, but I'd be grateful if someone had an explanation.

[zeroidentidad]

maybe npm is needed due to dependency is not available on yarn repositories

[victororlyk]

have the same issue with yarn + CI + material

yarn install v1.22.4
[1/4] Resolving packages...
[2/4] Fetching packages...
error An unexpected error occurred: "https://registry.yarnpkg.com/@material-ui/core/-/core-4.11.0.tgz: Request failed \"404 Not Found\"".
info If you think this is a bug, please open a bug report with the information provided in "/builds/springs-apps/flopanda/flopanda-front-end/yarn-error.log".
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.

[winterdelta]

For me it was a yarn upgrade and a yarn build that solved or at least approached my problem. I was able to deploy successfully straight after or following these two commands.

[ckissane]

This is even worse with yarn 2 because the npmrc workaround seems to no longer work

[javierrojas10]

yarn upgrade did the trick for me. Thanks @winterdelta !

[FeelHippo]

was facing the same issue, fixed it with yarn config set registry https://registry.npmjs.org + yarn cache clean + yarn install

my .npmrc (repository) looks like this:

@example:registry=https://registry.yarnpkg.com/ //registry.npmjs.org/:_authToken=${TOKEN}

Moreover, I noticed that yarn config list was showing an _authToken in the info npm config that did not match the one I intended to use (different NPM account). So in /C/Users/PC/.npmrc I replaced the default token with the correct one and it worked

[theankurkedia]

After a long search, I found that my project had its own .npmrc file. Deleting it worked for me.

[DR-FREKE]

if using yarn and this error comes up, what worked for me was deleting the yarn.error file, yarn.lock file and the node_modules directory; then run "yarn" to reinstall the modules and then try to reinstall the package again

[vilian]

The issue popped up for me using yarn v1.22.15 . Concluding the issue is likely with yarn and having no issues with npm i, just trying a random downgrade to yarn v1.22.14 fixed the issue for me.

[badalsaibo]

We had a gitlab private package registry, and was constantly getting this error.
npm i @placeholder/package-name works fine, but yarn add @placeholder/package-name was giving 404 errors.

I tried all possible solutions listed on this thread. At last, there was a section in gitlab on troubleshooting yarn installation [1].
It said,

try adding this to your .npmrc file (and replace <your_token> with your personal access token or deploy token):

//gitlab.example.com/api/v4/projects/:_authToken=<your_token>

Our previous .npmrc looked like this

save-exact=true
unsafe-perm=true
@placeholder:registry=https://gitlab.com/api/v4/packages/npm/
//gitlab.com/api/v4/packages/npm/:_authToken=${PLACEHOLDER_TOKEN}

With the above new line addition, it looked like this,

save-exact=true
unsafe-perm=true
@placeholder:registry=https://gitlab.com/api/v4/packages/npm/
//gitlab.com/api/v4/packages/npm/:_authToken=${PLACEHOLDER_TOKEN}
//gitlab.com/api/v4/projects/:_authToken=${PLACEHOLDER_TOKEN}

With that addition, yarn add @placeholder/package-name worked fine. 😇

---

[1] https://docs.gitlab.com/ee/user/packages/npm_registry/#error-running-yarn-with-the-package-registry-for-npm-registry

[jamesryan-dev]

yarn cache clean
rm -rf node_modules yarn.lock
yarn

My nextjs app deployed on vercel after this

Thanks all!