lerna: Regression: 3.4.0 fails to publish to private registry
Expected Behavior
Prior to this commit our publish would be sucessful when passing both verifyRegistry and verifyAccess as false in our base Lerna config (that we consume by using the extend feature).
Current Behavior
lerna publish fails due to the error: 401 Unauthorized - GET https://registry.yarnpkg.com/-/whoami
Possible Solution
From my perspective all of the new features surrounding registry verification etc. has been nothing but anti-value since upgrading to Lerna 3, as all of our packages are published to an internal Artifactory registry. I think that the presence of a custom registry in the yarn config should disable all of these checks, or at least there should be a flag to do so.
Steps to Reproduce (for bugs)
Not sure how to provide a reproducer
<!-- Please paste your `lerna.json` here -->
lerna-debug.log
<!-- If you have a `lerna-debug.log` available, please paste it here -->
<!-- Otherwise, feel free to delete this <details> block -->
Context
I’m filing this on behalf of one of my co-workers, I’ll update with more details as I have them
Your Environment
| Executable | Version |
|---|---|
lerna --version |
VERSION |
npm --version |
VERSION |
yarn --version |
VERSION |
node --version |
VERSION |
| OS | Version |
|---|---|
| NAME | VERSION |
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Reactions: 30
- Comments: 29 (4 by maintainers)
Commits related to this issue
- Specify npm registry See https://github.com/lerna/lerna/issues/1685 — committed to tkrotoff/react-form-with-constraints by tkrotoff 6 years ago
- Specify npm registry See https://github.com/lerna/lerna/issues/1685 — committed to tkrotoff/react-form-with-constraints by tkrotoff 6 years ago
- chore: downgrade Lerna to 3.3.2 3.4 doesn't seem to support jfrog/artifactory - https://github.com/lerna/lerna/issues/1685 — committed to quid/refraction by deleted user 6 years ago
- chore: downgrade Lerna to 3.3.2 3.4 doesn't seem to support jfrog/artifactory - https://github.com/lerna/lerna/issues/1685 — committed to quid/refraction by deleted user 6 years ago
- chore: downgrade Lerna to 3.3.2 3.4 doesn't seem to support jfrog/artifactory - https://github.com/lerna/lerna/issues/1685 — committed to quid/refraction by deleted user 6 years ago
- chore: downgrade Lerna to 3.3.2 3.4 doesn't seem to support jfrog/artifactory - https://github.com/lerna/lerna/issues/1685 — committed to quid/refraction by deleted user 6 years ago
We have started to see this too with our publishConfig in all packages (and repo root) pointing to a private artifactory registry (*.jfrog.io) (without yarn involved - we use npm):
For my publish workflow I would expect no requests to be made to yarn OR npm’s registry since I’m not publishing there
@evocateur Thanks for the workaround. However to be clear, at least with artifactory, the issue was not with the 3rd-party implementation of the registry API, the issue was that learna always ran the whois command against the npmjs registry, even when publishing to a scope controlled by another registry.
This is like the third issue today that is being caused by Yarn’s incompatible registry proxy. I’m half tempted to detect their proxy and just overrule it with the public npm registry, it’s the same damned thing (except for how broken Yarn’s proxy is).
I would have hoped Artifactory could get their shit together enough to implement such a basic authentication endpoint. But then they love to have multiple endpoints between install and publish, so ¯\_(ツ)_/¯
Hi, Any news on this issue?
We use a private Nexus with Lerna v3.4.3 (but I also tried 3.5.1) and we tried the above fixes, but nothing worked for us, still getting this error.
I have the same problem when I try to publish in private registry (artifactory) with v3.4.3, finally I back to v2.11.0, but I lost the commitizen functionality, is there some workaround for this?
thx!
EDIT: My workaround, I use the resolution of yarn to force v3.4.1 of published script:
with this version work fine, with 3.4.3 broke the publish functionality on private registry
@HsuTing For #1697, the issue isn’t hitting the endpoints for artifactory; it is that lerna will not read the registry field in my .npmrc. @evocateur If there is a configuration step causing this disconnect I would be happy to discuss it and open a PR for documentation around third party registry integration.
Hi I use a private Nexus with lerna v3.4.3 and although I am getting
404fromwhoamirequest I still can successfully publish using this flag--no-verify-accessExample
Here are docs: https://github.com/lerna/lerna/tree/master/commands/publish#--no-verify-access
Of course you have to have the right metadata in .npmrc file.
Cheers
+1 this bug is occurring in Azure DevOps pipelines.