-
-
Notifications
You must be signed in to change notification settings - Fork 942
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Send auth token if one exists for registry (#167, #105) #161
Conversation
I think this one might solve #105, but not 100% sure because I still can't make out exactly how |
This looks interesting. Can anyone familiar with private npm registries vouch for this? @abhishekisnot |
I'd love to merge this now, but I'd really like to clarify the |
We use few private packages which need auth. If this is merged I can probably contribute towards testing this feature. |
It seems like there is a bug in relation to scoped modules and creation of symlinks - are you aware of this @rstacruz? This PR works fine if there is a single scoped module, but often (always?) fails if there is multiple scoped modules within the same scope. Should I try to reproduce this issue, or is this a known issue? |
Any ideas? |
Is this issue resolved? thanks in advance! |
@jrnail23, it should work the same way as the regular npm cli. Try to log in via https://docs.npmjs.com/cli/adduser and then install some of your private packages. The scoped packages issue described above was fixed as well |
This is not working for me. I am getting a module not found message. This is my
|
I think there has been a regression lately - I've experienced the same issue. Don't have time to investigate right now, but maybe @zkochan knows what has changed since this was merged? |
I am sorry guys. I might have broken it because it was not covered with tests and we have rewritten pnpm to use npm-registry-client. The good news are that now we test pnpm using sinopia and we can cover this with tests I think. So I'll create an issue for that and if it is broken we'll fix it |
I am not sure when I'll be able to look into it (probably tomorrow or maybe tonight). But if someone wants to fix it ASAP the code that needs to be revisited is here and check how authorization works on npm-registry-client |
@vjpr I just published a fix. Install the latest pnpm and private packages should work |
TL;DR: This adds the auth token for requests to registries that npm already knows about. In other words, do an
npm adduser
first, then use pnpm as you normally would.Hi!
We're using a private Sinopia registry where I work, which requires authentication. Right now, pnpm can't be used in projects where we have a mixture of "external" and "internal" dependencies, because it doesn't send any auth info (which results in the registry sending a 403).
I've made a simple module that extracts the auth token set in
.npmrc
(if one exists) and added that as a dependency. I couldn't quite make out the official client signs requests and in which casesalways-auth
is used. For our internal registry, I have not setalways-auth
, yet it still authenticates GET-requests. So for now, I'm just always sending the auth token, if it exists.I also didn't want to send the auth token if the client isn't communicating over HTTPS, since that would be pretty insecure. Not sure if there should be some sort of setting for being able to send it even over HTTP - feedback is welcome.