Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] npm update does not work with scoped private packages #3004

Open
livthomas opened this issue Mar 31, 2021 · 2 comments
Open

[BUG] npm update does not work with scoped private packages #3004

livthomas opened this issue Mar 31, 2021 · 2 comments
Labels
Bug thing that needs fixing Priority 2 secondary priority issue Release 7.x work is associated with a specific npm 7 release

Comments

@livthomas
Copy link

I'm trying to update a scoped private package using the following command:

npm update @snappykraken/ui-elements

But nothing happens. I can see the following lines in the debug output (--dd):

npm http fetch GET 404 https://registry.npmjs.org/@snappykraken%2fui-elements 2473ms
npm http fetch GET 404 https://registry.npmjs.org/@snappykraken%2fui-elements 1048ms

I guess it should use https://www.npmjs.com/package/@snappykraken/ui-elements instead of https://registry.npmjs.org/@snappykraken%2fui-elements.

Current Behavior:

The latest version of a library doesn't get into node_modules and it is also not changed in package-lock.json.

Expected Behavior:

Both node_modules folder and package-lock.json file should get updated.

Steps To Reproduce:

  1. Install a scoped package with npm install
  2. Wait until a new version is released (or do it yourself with your own library)
  3. Try to update this package with npm update

Environment:

OS: Manjaro Linux (kernel 5.10.23)
Node: v15.11.0
npm: 7.7.5
@livthomas livthomas added Bug thing that needs fixing Needs Triage needs review for next steps Release 7.x work is associated with a specific npm 7 release labels Mar 31, 2021
@livthomas livthomas changed the title [BUG] npm update does not work with scoped packages [BUG] npm update does not work with scoped private packages Mar 31, 2021
@livthomas
Copy link
Author

I noticed that other scoped packages were downloaded without any problems:

npm http fetch GET 200 https://registry.npmjs.org/@segment%2flocalstorage-retry 16ms (from cache)

So I tried to set NPM_TOKEN environment variable to npm update command and it worked because I have the following line in .npmrc file:

//registry.npmjs.org/:_authToken=${NPM_TOKEN}

But why do I need to do this? Shouldn't npm update prompt me to log in if it is unable to download a private package?

@visglz visglz mentioned this issue Apr 1, 2021
Closed
@nlf
Copy link
Contributor

nlf commented Apr 7, 2021

it's requesting the correct url, that package does not exist or requires authentication.

your .npmrc file is telling us that your auth token is stored in the environment variable NPM_TOKEN, if that environment variable is not set then we have no auth token to send and the request will fail. as you've found, by exporting the token as the correct environment variable, the auth will be sent appropriately.

this is an unfortunate change in behavior as npm 6 would throw an error informing you it was unable to replace the environment variable, while npm 7 fails silently and sends no authentication. that's something we should definitely fix.

@nlf nlf added Priority 2 secondary priority issue and removed Needs Triage needs review for next steps labels Apr 7, 2021
@cmawhorter cmawhorter mentioned this issue Feb 23, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug thing that needs fixing Priority 2 secondary priority issue Release 7.x work is associated with a specific npm 7 release
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nlf @livthomas