Fix request authentication for scoped private registry tarballs

Yarn correctly sends authorization headers when resolving metadata, but when it's time to download the tarballs, it calls registry.request with a full tarball url. This causes the getRegistry() function to incorrectly return the DEFAULT_REGISTRY url which means the authorization headers are no longer sent. The response in this case is a JSON error object instead of a tarball file. Untaring fails with "invalid tar file"
yarnpkg · Nov 3, 2016 · 35924ad · 35924ad
1 parent 96fbeea
commit 35924ad
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/src/registries/npm-registry.js b/src/registries/npm-registry.js
@@ -139,7 +139,12 @@ export default class NpmRegistry extends Registry {
   }
 
   getRegistry(packageName: string): string {
-    // Try scoped registry, and default registry
+    // Try extracting registry from the url, then scoped registry, and default registry
+    if (packageName.match(/^https?:/)) {
+      const parts = url.parse(packageName);
+      return parts.protocol + '//' + parts.host + '/';
+    }
+
     for (const scope of [this.getScope(packageName), '']) {
       const registry = this.getScopedOption(scope, 'registry')
                     || this.registries.yarn.getScopedOption(scope, 'registry');