Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Yarn seems to do use the right registry token (GitHub npm private registry) #8015

Closed
williamdes opened this issue Mar 25, 2020 · 3 comments
Closed

Yarn seems to do use the right registry token (GitHub npm private registry) #8015

williamdes opened this issue Mar 25, 2020 · 3 comments

Comments

@williamdes
Copy link

williamdes commented Mar 25, 2020
edited
Loading

Bug description

HTTP 401 when downloading a private tarball

Command

yarn add @privateorg/privatepackage

What is the current behavior?
Error: https://npm.pkg.github.com/download/@privateorg/privatepackage/3.1.4/713973e7902bbf38bb50617629ca99de1d59cb64a8ced8881382abe2f507a8eb: Request failed "401 Unauthorized"

What is the expected behavior?
Download the package.

Steps to Reproduce

  1. Have .npmrc
?? I do not remember the contents
  1. Have .yarnrc
"always-auth" "true"
"email" "[email protected]"
"username" "abc-user"
"@wdesportes:registry" "https://npm.pkg.github.com"
"//npm.pkg.github.com/:_authToken" "xxxxxxxxxxxxxxxxxxxx"
"//npm.pkg.github.com/:_header:Authorization" "token xxxxxxxxxxxxxxxxxxxx"

Environment

  • Node Version: 13.1.0
  • Yarn v1 Version: 1.22.4
  • OS and version: who cares (Ubuntu 19.10)

I found some track here #6756

Some debug showed me:

//registry.npmjs.org/ _authToken  aaa-bbb-ccc-ddd-xxx
authToken  aaa-bbb-ccc-ddd-xxx
verbose 7.698672751 Performing "GET" request to "https://npm.pkg.github.com/download/@privateorg/privatepackage/3.1.4/713973e7902bbf38bb50617629ca99de1d59cb64a8ced8881382abe2f507a8eb".
{
  'User-Agent': 'yarn/1.22.4 npm/? node/v13.1.0 linux x64',
  Accept: 'application/vnd.npm.install-v1+json; q=1.0, application/json; q=0.8, */*',
  'Accept-Encoding': 'gzip',
  Authorization: 'token xxxxxxxxxxxxxxxxx',
  authorization: 'Bearer aaa-bbb-ccc-ddd-xxx'
}

You can clearly see that yarn does not give a f* that I did force the token header and by some strange reason adds my npm registry token

TLDR Delete the .npmrc file did solve the issue
Maybe there was a conflict
@williamdes
Copy link
Author

Is is resolved for now, closing.

@williamdes williamdes reopened this Mar 25, 2020
@williamdes
Copy link
Author

williamdes commented Mar 25, 2020
edited
Loading

Okay, so npm logout is required to make this work.

Can a fix be made or should I open a PR ?

@williamdes
Copy link
Author

@arcanis :)

williamdes added a commit to wdesportes/test-publish-npm that referenced this issue Mar 27, 2020
@williamdes
Add auth header for GitHub package fetch
1f7cd14 
Ref: yarnpkg/yarn#8015
williamdes added a commit to wdesportes/test-publish-npm that referenced this issue Mar 27, 2020
@williamdes
Add auth header for GitHub package fetch
a9ba8d4 
Ref: yarnpkg/yarn#8015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@williamdes