berry: [Bug] YN0041: Invalid authentication after logging in with `yarn npm login`

  • I’d be willing to implement a fix

Describe the bug

I attempted to publish my package via yarn npm login and yarn npm publish, but yarn failed with an unexpected error

To Reproduce

Using yarn from sources in this repo: https://github.com/justjake/quickjs-emscripten

  1. Clone https://github.com/justjake/quickjs-emscripten
  2. Try to yarn npm login
  3. Try to yarn npm publish

Screenshots

If applicable, add screenshots to help explain your problem. image

Environment if relevant (please complete the following information):

  • OS: macOS 10.14.6 (18G103)
  • Node version: v10.21.0
  • Yarn version: 2.1.1-git.20200720.906e9472

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Reactions: 3
  • Comments: 25 (9 by maintainers)

Most upvoted comments

I think I have discovered something that can push this forward.

In your GLOBAL .yarnrc.yml, you will have your tokens stored. That was my situation:

npmRegistries:
  "https://npm.pkg.github.com":
    npmAuthToken: SOME_GITHUB_TOKEN_HERE
  "https://registry.yarnpkg.com":
    npmAuthToken: NPM_PUBLISH_TOKEN_HERE

npmScopes:
  acmeinc:
    npmAuthToken: ACMEINC_GITHUB_TOKEN_HERE

it looks like npmRegistries["https://npm.pkg.github.com"].npmAuthToken took priority over npmScopes.acmeinc.npmAuthToken.

  • Removing npmRegistries["https://npm.pkg.github.com"].npmAuthToken did not resolve the issue.
  • Copying npmScopes.acmeinc.npmAuthToken value to npmRegistries["https://npm.pkg.github.com"].npmAuthToken resolved the issue.

I’m still not sure, however, why is that and how to resolve this without manually fiddling with configs.

+12
wojtekmaj on Jan 17, 2022

I’m getting reports from multiple colleagues working in multiple projects that they are unable to log in using yarn npm login, using Yarn 2.4 and 3.0.

The only workaround that seems to be working is adding this in your command line configuration file (.bashrc or .zshrc, depending on your setup):

export YARN_NPM_AUTH_TOKEN=your_github_personal_access_token

but that works only if you need one auth token.

How can I help you resolving this, and how can I help my colleagues?

+12
wojtekmaj on Aug 5, 2021

I just had quite a hard time with the authentication part with Yarn 3.1.0, but I found the solution to it and hope I can save someone else from the struggles I’ve been having:

Problem: My requirements were to publish one repository @organization/test1 into the GitHub NPM registry. But I was not able to install this package from another repository lying within the same organization, because I defined my .yarnrc.yml wrongly. Therefore, I received 404 errors and 401 errors when trying to install it.

Solution: Here’s what worked for me regarding the .yarnrc.yml file:

npmRegistryServer: "https://registry.yarnpkg.com"

npmScopes:
  <Your scope (case sensitive!)>:
    npmAlwaysAuth: true (optional I think)
    npmAuthToken: <Your Personal Access Token>
    npmRegistryServer: <URL to where your package is hosted, in our case it was https://npm.pkg.github.com>
+7
rosanzheng on Jan 24, 2022

I am also having the same issue. I was also able to successfully login. Even after successful login, I see the below error. I use jfrog, out private repository

UnhandledPromiseRejectionWarning: Error: rxjs@npm:6.6.2: Invalid authentication (as an anonymous user)

+6
zakzak1978 on Aug 20, 2021

Is there an official solution to this issue? I think this issue should be reopen. I’m still struggling with yarn npm login --scope myorg and yarn npm --scope myorg. It doesn’t work by default without manually modifying the global .yarnrc.yml file in my home folder

+4
danielpza on May 19, 2023

Due to the lack of feedback i’ll close this under the assumption that what is actually happening is that you’re trying to publish an already existing version, which V2.3 will show better error messages for thanks to https://github.com/yarnpkg/berry/pull/1809

+2
merceyz on Sep 24, 2020

I have same issue =(

yarn npm login successfully logged in, but yarn npm publish is Invalid authentication (as undefined)

Here my .yarnrc.yml

nodeLinker: node-modules

plugins:
  - path: .yarn/plugins/@yarnpkg/plugin-workspace-tools.cjs
    spec: "@yarnpkg/plugin-workspace-tools"
  - path: .yarn/plugins/@yarnpkg/plugin-version.cjs
    spec: "@yarnpkg/plugin-version"

yarnPath: .yarn/releases/yarn-2.2.0.cjs

npmRegistryServer: "https://jfrog.space307.tech/api/npm/space307-frontend-local/"

npmPublishRegistry: "https://jfrog.space307.tech/api/npm/space307-frontend-local/"
+2
inomdzhon on Aug 29, 2020

One solution I found, that solved it for me was to use the following .yarnrc.yml file and then run yarn npm login -s myPrivatePackageNameWithoutTheAt to login.

npmScopes:
  myPrivatePackageNameWithoutTheAt:
    npmAlwaysAuth: true

Using yarn 3.2.1

+1
vleandersson on Jul 19, 2022

Anyway log by yarn is very uninformative – Invalid authentication (as undefined) say me nothing about real issue =(

Yep, @paul-soporan investigated a bit and it seems that any 403 (which is what the server answers) are reported as Invalid authentication - plus a missing option in one of the calls that caused the as undefined. We’ll fix both issues!

+1
arcanis on Sep 3, 2020
Read more comments on GitHub
← berry: [Bug] "YN0028: The lockfile would have been created by this install, which is explicitly forbidden", but `yarn.lock` exists and is not modified when running `yarn install` locally
berry: The nearest package directory doesn't seem to be part of the project →