-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] npm pack fails for scoped package from private registry when it's not in the cache #2918
Comments
I just tested this against npm version 6.14.11 and it worked as expected. This issue appears in all the 7.x releases, so the workaround for now is to avoid npm 7. |
I can confirm the problem also with npm 7.7.6 and our internal artifactory (it doesn't occur with npm 6).
The problem is a missing authorization header. Most probably the root cause is the same as in #1960 where it has been fixed already by @nlf for Here are the headers for
And here for
Note the missing "authorization: Basic xxxxx" at For completeness, here is the npmrc:
For privacy reasons I redacted passwords, server URLs etc. There are more issues like this for npmv7 which might be related to this: |
@nlf Thanks for the quick fix! Is there any chance we can get the fix soon in a release? As far as I understand libnpmpack needs to be released first, right? |
Hello, I have same issue. npm@6.14.13 ✔️ npm@7.18.1 ❌ npm@8.1.0 : ❌ is a fix planned ? |
Closing due to age. If this is still a problem please feel free to reopen this issue, or create a new issue w/ steps to reproduce. |
This probleme is still present in 8.5.5 : To reproduce, on private repo, create package with scope like "@foo/bar" in version 1.0.0. On a server that has never installed this package, try using the command "npm pack @foo/bar@1.0.0" A 404 error occurs. However, if you do "npm i @foo/bar@1.0.0" it works without error. Then delete the node_modules directory, test the "npm pack @foo/bar@1.0.0" command again, it will work without error. Before npm version 7, the command "npm pack @foo/bar@1.0.0" works directly, there is no need to do a "npm i" before (unnecessary) |
Current Behavior:
Running
npm pack @myregistry/some-package
returns E404 when that package has not previously been installed withnpm install
.The private registry requires an authToken, and regular installation and publish functions are working as expected.
Expected Behavior:
Package should be downloaded and an archive file created.
Steps To Reproduce:
Use a private npm registry (github, gitlab, etc) that requires token authorization.
If the package has been previously installed, clean the cache:
npm cache clean --force
Run the pack command:
npm pack @myregistry/some-package
Example output:
Sanitized log:
2021-03-23T02_35_37_201Z-debug.log
However, if you install the package:
npm install @myregistry/some-package
running the same pack command again will have the expected behaviour:
npm pack @myregistry/some-package
Example output
Environment:
The text was updated successfully, but these errors were encountered: