package.json scripts run with yarn run fail to auth with npm

[mcous]

Do you want to request a feature or report a bug?
bug

What is the current behavior?
package.json scripts run with yarn run fail to auth with npm

If the current behavior is a bug, please provide the steps to reproduce.

https://gist.github.com/mcous/0c62847401ed2dc5e230f38746f0c267

0. Ensure you have a valid authToken in .npmrc
1. Create a package.json script "who": "npm whoami"
2. npm run who will work
3. yarn run who will fail with ENEEDAUTH
   • Workaround: yarn config set registry https://registry.npmjs.org
   • Related to yarn does not honor authentication settings in .npmrc #4451?

What is the expected behavior?

package.json scripts should not fail to auth with npm if .npmrc is set up correctly

Please mention your node.js, yarn and operating system version.

• macOS 10.12.6
• node v8.11.0
• npm v5.8.0
• yarn v1.6.0

[jamsinclair]

I believe Yarn doesn't use your local npm directly. It creates an auth token which it passes to its own npm instance to auth itself for commands. E.g. yarn publish. I believe it does run same npm, however it rewrites config when running lifecycle scripts which affects npm.

(Someone from yarn team feel free to explain more correctly 😅 )

If you need to run npm commands in yarn scripts that require auth, try logging in! 😄
Run yarn login on cli, you'll be prompted for your npm username & email.

[mcous]

@jamsinclair I just tried this out, and it worked! That being said, I'm a little confused as to why. If I run a yarn script that calls the npm "executable" directly, why does anything about my ~/.yarnrc (it's my understanding that running yarn login simply writes my npm username and email to that file) have anything to do with how the npm executable functions as a child process?

In my instance, I ran into this because I publish from CI. Running yarn login before running scripts on CI is not an option. In my case I just use npm run instead.

[jamsinclair]

Great question! I'm just as unsure. I encountered this problem as well on CI for one of my projects.

Hopefully a Yarn team member can chime in whether this is a bug or intentional behaviour 🤞

[itaisteinherz]

This is still an issue for people (see sindresorhus/np#416), and so it would be great if someone could look into this.

[jichu4n]

Ran into this issue as well - when using yarn run to execute a script that in turn invokes npm install, npm is unable to install a private package.

I found another workaround is to add npm_config_registry=https://registry.npmjs.org to the script command in package.json. For example:

{
    "scripts": {
        "who": "npm_config_registry=https://registry.npmjs.org npm whoami"
    }
}

[sysofwan]

+1 seeing the same issue. I am trying to invoke publish script from package.json which in turn calls Yarn to publish package to a private registry. Workaround does not really help in this case.

[austinbutler]

Workaround from another issue: #4475 (comment)

[merceyz]

Closing as in v2 we completely stopped reading .npmrc files.

https://yarnpkg.com/getting-started/migration