verdaccio: npm install not working in npm 6.9.0 when authentication changes

Describe the bug npm install is not working for npm v6.9.0 when the access is change from $all to particular users in config.yaml

To Reproduce Steps to reproduce the behavior:

  1. In server: Go to ‘config.yaml’

  2. In server: Under packages section grant the ‘access’ to one/many users (space separated) instead of $all. Something like

packages:
'@*/*':
# scoped packages
access: xxx yyy
publish: xxx
unpublish: xxx
proxy: npmjs
  1. In server: Optionally enable logs with
logs:
# - { type: stdout, format: pretty, level: info, path: verdaccio.log}
- {type: file, path: verdaccio.log, level: info}

  1. In client: Login with username xxx or yyy. Login is successful

  2. In client: run npm install

  3. You will see

npm WARN @scope/package-name@0.1.7 No repository field.

npm ERR! code E401
npm ERR! Unable to authenticate, your authentication token seems to
be invalid.
npm ERR! To correct this please trying logging in again with:
npm ERR!     npm login

npm ERR! A complete log of this run can be found in:
npm ERR!     C:\Users\User\AppData\Roaming\npm-cache\_logs\2019-07-09T14_38_41_734Z-debug.log

Expected behavior It should work and the package should be downloaded into node_modules as there is no problem if npm version is v3.10.10 (verified)

Update I have set this up(verdaccio) in my local machine running npm v6.9.0 and I tried running npm install in different machine in the same LAN. It works with both npm 3.10.10 and 6.9.0. May be this happens only in server which is running centos7(could be the reason) or verdaccio in external network (possibilities are there) . Hope this helps!

2019-07-09T14_38_41_734Z-debug.log

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 19 (9 by maintainers)

Most upvoted comments

This issue got fixed by adding always-auth=true in .npmrc file. To do so run npm config set always-auth=true from cmd.

Thanks @juanpicado and @DanielRuf for your time and support.

+6
sathishchandran97 on Jul 16, 2019

Oh … 😃 Thanks for the feedback. Interesting.

+1
juanpicado on Jul 16, 2019

Both the pictures are taken from same log file by enabling

logs:
- {type: file, path: verdaccio.log, level: info

The one to the left in both the pictures is created when a machine which uses npm v6.9.0 runs npm install and to the right is created when a machine uses npm v3.10.10 runs npm install. Both these machines (clients) use the same user name ‘atom’ to download the package

+1
sathishchandran97 on Jul 11, 2019

Perhaps you can tell me what’s the source of each log, some context, I’m a bit confused.

There are additional fields ‘pacote-req-type’ and ‘pacote-pkg-id’ are added in npm v6.9.0. Does verdaccio do this or it is by npm ??

npmjs

There are additional fields ‘npm-in-ci’ and ‘npm-scope’ in npm v6.9.0. Again the same question as above

npmjs

In the final object the user suddenly becomes ‘null’ and status becomes ‘401’ in npm v6.9.0. Again the same question as above.

I’m not sure where I have to look here, which user?

+1
juanpicado on Jul 11, 2019

I’d rather ask them here https://npm.community/ , the issue might be in their side or our side, but if yarn works, the most of the time has been in their side.

ok. thanks @juanpicado for your time. would follow up and let you know 😃

+1
sathishchandran97 on Jul 11, 2019

Could you format it please? I think some context is missing.

yeah did it

+1
sathishchandran97 on Jul 9, 2019
Read more comments on GitHub
← verdaccio: npm ERR! fetch failed http://verdaccioIP/babylon/-/babylon-7.0.0-beta.0-ranges.tgz
verdaccio: NPM pulls corrupted packages from Verdaccio instance (its back) →