berry: [Bug] Yarn 2 Response code 404 (not found) when installing from jfrog
Describe the bug
During yarn install the following error appears
➤ YN0000: ┌ Resolution step
➤ YN0001: │ HTTPError: @acme/sdk@npm:1.18.2: Response code 404 (Not Found)
at EventEmitter.l.on (/Users/dimitriskyriazopoulos/Development/ui/.yarn/releases/yarn-sources.js:24:328280)
at process._tickCallback (internal/process/next_tick.js:68:7)
➤ YN0000: └ Completed in 2.48s
➤ YN0000: Failed with errors in 2.48s
To Reproduce
Create a Jfrog account
Navigate to library workspace
Set proper config credentials to .npmrc and point repository to jfrog
Use Yarn 1 to publish the package
Create another project with dependency the package published earlier
Switch to Yarn 2
Delete any yarn.lock if exists
Make a yarn install
Environment if relevant (please complete the following information):
- OS: OSX
- Node version 10.16.3
- Yarn version tested both 2.0.0-rc.29 & 2.0.0-rc.29.git.20200305.31ef68ca
Additional context
Some of company’s in-house packages are being published and served by JFrog. The credentials and repository info are being found to .npmrc in the following fashion:
.npmrc
registry=https://acme.jfrog.io/acme/api/npm/npm/
_auth = ${ARTIFACTORY_AUTH}
email = ${ARTIFACTORY_USERNAME}
always-auth = true
Having a dependency on package.json that is being served from JFrog’s artifactory (private repository)
package.json
"dependencies": {
"@acme/sdk": "1.18.2",
}
Other approaches tried
Checking the documentation noticed some configuration options that could be set to .yarnrc.yml
Then I executed the following commands
yarn config set npmAlwaysAuth true
yarn config set npmRegistryServer https://acme.jfrog.io/acme/api/npm/npm/
yarn config set npmAuthToken $ARTIFACTORY_AUTH
The error message was:
➤ YN0000: ┌ Resolution step
➤ YN0041: │ webpack-cli@npm:3.3.0: Invalid authentication (as an unknown user)
➤ YN0000: └ Completed in 1.66s
➤ YN0000: Failed with errors in 1.66s
The same happened when removed npmAuthToken and executed
yarn config set npmAuthIdent $ARTIFACTORY_USERNAME:$ARTIFACTORY_AUTH
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Reactions: 6
- Comments: 26 (5 by maintainers)
I had some time today to set up a free-trial with Artifactory and was able to reproduce what you guys are seeing. However, I was able to both publish and install from it. There are a couple of scenarios here and I’ll try to address them all.
First, we need to clarify that all authentication configs must go in your repo’s
.yarnrc.ymlor your global one (~/.yarnrc.yml). Yarn v2 doesn’t read anything from.npmrc.Starting with @DimitrK’s scenario, Artifactory as a proxy (no per-scope config): From the original issue description, I see that you tried doing
This was really close! The issue here is that
$ARTIFACTORY_AUTHis the basic auth and not thenpmAuthToken. What you can do is:This will ask for your username and password which will be exchanged for an
npmAuthTokenYour repo’s
.yarnrc.ymlwill end up with the following configThen on your global config
~/.yarnrc.ymlyou can see thenpmAuthTokenis now set@Tirke’s scenario, Scoped packages:
This is probably the issue since like you guys already figured out, we are not sending the email. However, this section of the Artifactory docs is under the “Basic Auth” strategy (
npmAuthIdent) which we strongly discourage.We have a
yarn npm login --scope <scope>however the scope has to be defined. The easiest way to do this is to manually add the scope to your.yarnrc.yml.Then you can do:
yarn npm login --scope acmeWhich will ask for login/password, exchange it for an
npmAuthTokenand store it in~/.yarnrc.yml.Let me know if you guys have any more questions.
CC: @piqueme
Thanks @deini .
Although
yarn npm loginworks for users who have simple login credentials, it won’t work for business users with SAML SSO integrations to JFrog.In such case you are being connected with the SSO provider when navigating through browser and your login is transparent. No passwords are issued and there is no access in setting a password within JFrog user profile.
A possible solution would be to add a browser login on
yarn npm loginspawned from CLI similar to what Heroku CLI does.I will also open a ticket on them in order to get some feedback on that. I feel this limitation will stop many companies which are using JFrog + SSO switching to Yarn 2
We managed to add the jfrog package dependency using this yarn v2 config example. Quote symbols are used in the server address but are not needed for the identification
@deini good news, it seems that API_KEY can be actually used as a password on its entirely. So doing
yarn npm loginand entering email as username and API_KEY as password works like a charm.I also had to remove any
node_modulesfolder for this yarn install to run properly although that should be irrelevant.Thanks for your support on this.
Hi, none of these solutions work for me, using jfrog and latest yarn stable version. I get 404 for our package
@deini Thanks so much for the detailed response! I was stuck on trying to use the “Basic Auth” strategy - you’re right that if I switch to using tokens everything works out. This is a bit of change, but I guess it’s not too interrupting for the security.