Yarn tries to authenticate against registry.yarnpkg.com instead of private registry during publish

[betalb]

Do you want to request a feature or report a bug?
bug

What is the current behavior?
We have scoped package that should be published to private npm registry, served by internally hosted Nexus (http://nexus.dev/repository/npm-releases)

When we try to publish them, log indicates that yarn is trying to authenticate against registry.yarnpkg.com instead of our hosted Nexus registry

verbose 2.439 Performing "PUT" request to "https://registry.yarnpkg.com/-/user/org.couchdb.user:deployer"
verbose 19.8 Request "https://registry.yarnpkg.com/-/user/org.couchdb.user:ddfgdfg" finished with status code 401.
verbose 19.805 Error: Incorrect username or password.

But there is something that I mentioned when was experimenting with this feature and providing random user names

verbose 14.576 Performing "PUT" request to "https://registry.yarnpkg.com/-/user/org.couchdb.user:ddfgdfg0".
verbose 15.617 Request "https://registry.yarnpkg.com/-/user/org.couchdb.user:ddfgdfg0" finished with status code 201.

In case of 201 status yarn will try next repo and in my case it was nexus repository

Next time you try the same randomly generated username (in my case ddfgdfg0) registry.yarnpkg.com will return 401

If the current behavior is a bug, please provide the steps to reproduce.

• yarn login --registry=http://nexus.dev/repository/npm-releases --scope=@company-scope
• create dummy package with name @company-scope/example-package
• yarn publish --verbose

Steps with random username

• yarn logout
• yarn config set "@company-scope:registry" http://nexus.dev/repository/npm-releases
• yarn publish --verbose
• enter random username & email & password

What is the expected behavior?
Yarn should get correct registry url for package scope and perform communication only with this repo

Please mention your node.js, yarn and operating system version.
Yarn version: 0.27.1
Node version: 7.10.0
Platform: win32 x64

[bestander]

related #3765?

[bestander]

@betalb, can you confirm if this is a regression from current stable (0.24.6)?

[betalb]

@bestander Looks like #3765 is about yarn install while this issue is about yarn publish of scoped packages, initially I found it on 0.24.6, so personally I don't think that this bug blocks RC promotion to stable

[bestander]

Thanks, @betalb.

[arcanis]

Hi @betalb! Can you confirm this is still a problem on the latest Yarn release?

[betalb]

@arcanis Yes, it is still reproducible winth yarn 0.27.5 & 0.28.4

The same behaviour that I described above

The only change seems to be that when using random name it tries to perform self-registration (I've received email from npm registry) and registry replies with 201 status and then nexus registry is tried

[BYK]

@betalb would you mind trying this with the latest nightlies?

[betalb]

@BYK checked with nightly 1.0.0-20170815.1354, behaviour is the same

[arcanis]

I think I understand what happened - --registry is simply not a valid option for yarn login. I'll work on this, but in the meantime @betalb can you please try to add the following line in your ~/.yarnrc file?

registry "http://nexus.dev/repository/npm-releases"

[betalb]

@arcanis This is strange, after running login with registry switch, I got following record in .yarnrc

"@company-scope:registry" "http://nexus.dev/repository/npm-releases/"

And it looks like the issue is only with scoped packages when non-scoped registry record is missing in .yarnrc, I've tried to repeat the steps from original report, just removed --scope argument, and now publish looks fine.

It seems that yarn is using non-scoped record from .yarnrc and when it is absent -- registry.yarnpkg.com for every publish

[BYK]

This should be fixed on master. Also, we now have the --registry option so closing.