-
Notifications
You must be signed in to change notification settings - Fork 3k
NPM Install yields 404s for packages with @ symbols #19254
Comments
Having the same problem on macOS, since today morning. Worked fine yesterday. The same problem happens with yarn also, so it seems like a registry issue. |
In npm logs I found that pacote package returns 404 for those packages. For example, this url works fine when opened in browser, but pacote still returns 404. Looks like this is caused because of authorization header. If this header is removed, 200 OK is returned and installation works. |
Any idea how to remove the header during installation? Or what’s causing it? |
No idea what's causing it. I manually edited source code of npm/yarn to not include authorization header on my machine. |
well... still seems like a bug but i have an auth token set in my .npmrc file that i use when pushing to a private registry. If i remove that token everything seems to work ok. So odd that this is only a problem for npm 5 and dependencies starting with |
seeing this with npm 5.3.0 as well. only happens with scoped modules. I am also putting a token in the .npmrc |
Could one of you share a (redacted) copy of your
So you can see that I have both a real registry token and a registry token for another registry (our staging environment). |
I just commented out the token line in mine as it wasn’t needed
… On Dec 17, 2017, at 7:18 PM, Rebecca Turner ***@***.***> wrote:
Could one of you share a (redacted) copy of your .npmrc's w/ the tokens? Like, mine looks like this:
unsafe-perm=true
***@***.***
browser=
init-author-name=Rebecca Turner
***@***.***
init-author-url=http://re-becca.org/
sign-git-tag=true
send-metrics=true
//registry.npm.red/:_authToken=REDACTED
//registry.npmjs.org/:_authToken=REDACTED
So you can see that I have both a real registry token and a registry token for another registry (our staging environment).
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
@iarna I figured out that my token was expired. what I haven't figured out yet is why, when I'm logged in, I can't use the |
@BenjaminVerble If the |
thanks @iarna . that explains the confusion |
Is this a duplicate of #17966? This is murdering us that publish to private repos but still require the ever increasing number of scoped packages (i.e. babel). |
This is definitely a dupe of #17966 . I'm surprised this hasn't been resolved yet considering the increasing number of scoped packages and the number of people that need to use private repos. I wouldn't mind taking a stab at fixing the url module in NodeJS (see this comment for details on this), but I'm interested to hear what everyone feels the right solution to this issue is. I personally think this is a registry bug, not a NodeJS bug. If an auth header is passed, it should be ignored if auth isn't required. I'm pretty sure that's code directly in registry.npmjs.org too, not in npm/registry. And if that's the case, we are at the whims of npmjs developers to resolve. What does everyone else think? If the consensus points toward fixing the url module, I'll have a go at it. |
@imdevin567 I agree that if auth header is passed and is not required, it should be ignored. Maybe node shouldn't treat every URL with @ as if it requires authentication, but in my opinion, this is a bug in npm registry. |
The code referenced at https://github.com/nodejs/node/blob/v8.2.1/lib/url.js#L828 calls the variable "authInHost". Now, the "@" in the request here is not in the host name, is it ? According to an example somewhere, the URL looks like this: So, the "@" is after the host, in the path. Now, it might be that the code in the url module of NodeJS is faulty and the |
I tried setting an invalid _auth in my .npmrc and our internal npm registry ( which is Artifactory, not npm Entreprise ) did not return an error when attempting to install a package with a scoped name. I went ahead and opened https://github.com/npm/registry/issues/272. Their README says ( emphasis mine ):
So, I thought it was justified to open an issue there. Let's see what they say. |
Please update your npm registry and try, It worked for me |
This is still happening to me in Ubuntu. I had trying to update everything but still does not work.
We can't set the registry to |
anybody has a workaround for this? |
I had the same issues with scoped packages and private registry. As specified in this comment i removed the |
Any update on this issue? We're seeing intermittently across developer and build machines node -v 8.11.2 .npmrc fille is already set up as per @manojvignesh comment above, also have tried @vipinps13 suggestion. |
People at my company are also seeing a regular 404. We have a private npme instance and any scoped package 404's unless we are on npm^4. |
I'm opening this issue because:
What's going wrong?
Installing any dependency that starts with
@
fails with a 404 but any dependency that does not start with@
seems fine.How can the CLI team reproduce the problem?
install node LTS (node 8.9.1, npm 5.5.1)
https://gist.github.com/randyaa/1de32dbc4c432469f9e4dc6f5c17b776
supporting information:
npm -v
prints:5.5.1
node -v
prints:v8.9.1
npm config get registry
prints:https://registry.npmjs.org/
The text was updated successfully, but these errors were encountered: