Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Yarn can not use private registries #2541

Closed
noherczeg opened this issue Jan 24, 2017 · 15 comments
Closed

Yarn can not use private registries #2541

noherczeg opened this issue Jan 24, 2017 · 15 comments
Labels

Comments

@noherczeg
Copy link

Do you want to request a feature or report a bug?
Bug

What is the current behavior?
Yarn fails to install dependencies from private registry. NPM-Cli works though. Tokens (in an up-to-date format) are in place in $HOME/.npmrc.

If the current behavior is a bug, please provide the steps to reproduce.
Set up .npmrc in project root:

registry=https://OUR_REGISTRY/repository/npm

Run: yarn --verbose

verbose Request "https://OUR_REGISTRY/repository/npm/angular-bootstrap-scrolling-tabs" finished with status code 401.
verbose Performing "GET" request to "https://OUR_REGISTRY/repository/npm/angular-messages".
verbose Error: Couldn't find package "angular-bootstrap-scrolling-tabs" on the "npm" registry.
    at MessageError (/usr/share/yarn/lib/errors.js:8:5)
    at /usr/share/yarn/lib/resolvers/registries/npm-resolver.js:207:15
    at next (native)
    at step (/usr/share/yarn/node_modules/babel-runtime/helpers/asyncToGenerator.js:17:30)
    at /usr/share/yarn/node_modules/babel-runtime/helpers/asyncToGenerator.js:28:13
    at process._tickCallback (internal/process/next_tick.js:103:7)
error Couldn't find package "angular-bootstrap-scrolling-tabs" on the "npm" registry.
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.

What is the expected behavior?
Installation of dependencies to succeed.

Please mention your node.js, yarn and operating system version.

  • Fedora25
  • NodeJS v6.9.2
  • Yarn v0.19.1
@noherczeg noherczeg changed the title Bug Yarn can not use private registries Yarn can not use private registries Jan 24, 2017
@cdaringe
Copy link

i use artifactory and I also get 401s installing new packages. if the packages already exist on the registry, however, it seems to work pretty reliably! agreed, works fine with npm. i'd love to give people a working thing™ to test against, but am new to the yarn and artifactory scene

@noherczeg
Copy link
Author

My example is with Nexus3 by the way.

@noherczeg
Copy link
Author

I also tried;

yarn login --registry https://OUR_REGISTRY/repository/npm/ --verbose
yarn login v0.19.1
info npm username: MY_USERNAME
info npm username: MY_EMAIL
Done in 0.04s.

It's strange that it logs out info npm username twice. Calling yarn after this also results in install not working though.

@bcruddy
Copy link

bcruddy commented Feb 8, 2017

I deleted my previous comment - my setup was almost identical to OPs using fury.io. I logged out of npm (npm logout), ran yarn, and boom all my packages were found. No idea how or why though.

@noherczeg
Copy link
Author

@bcruddy How could yarn run successfully if you weren't even logged in your repo? That can not be possible.

@bcruddy
Copy link

bcruddy commented Feb 10, 2017

fury.io puts the token in the registry url so there's no need to be logged in to anything. So yeah.. pretty sure it's possible. I'm wondering if having an auth token in my $HOME/.npmrc was breaking things (yarn possibly sending fury.io the token, fury.io says no that's the wrong token even though you sent us the correct one too).

@rbarilani
Copy link

Same problem here. We are using nexus and yarn can't install private package correctly. In my case it refuse to install dependencies of the package that I want to install passing through the private registry.

I have an .npmrc in my project folder that looks like:

registry=***/repository/npmjs/

I am omitting the address for privacy reasons.

Trying to install a package published on our nexus private registry:

yarn add @mc/ng-bundle --verbose

This is the output:

yarn add v0.20.3
info No lockfile found.
verbose Performing "GET" request to "https://yarnpkg.com/latest-version".
[1/4] 🔍  Resolving packages...
verbose Performing "GET" request to "***/repository/npmjs/@mc%2fng-bundle".
verbose Request "***/repository/npmjs/@mc%2fng-bundle" finished with status code 200.
verbose Performing "GET" request to "***/repository/npmjs/angular".
verbose Performing "GET" request to "***/repository/npmjs/angular-animate".
verbose Performing "GET" request to "***/repository/npmjs/angular-aria".
verbose Performing "GET" request to "***/repository/npmjs/angular-cookies".
verbose Performing "GET" request to "***/repository/npmjs/angular-messages".
verbose Performing "GET" request to "***/repository/npmjs/angular-resource".
verbose Performing "GET" request to "***/repository/npmjs/angular-sanitize".
verbose Performing "GET" request to "***/repository/npmjs/angular-touch".
verbose Performing "GET" request to "***/repository/npmjs/angular-ui-router".
verbose Performing "GET" request to "***/repository/npmjs/angulartics".
verbose Performing "GET" request to "***/repository/npmjs/angulartics-google-analytics".
verbose Performing "GET" request to "***/repository/npmjs/dress-code".
verbose Performing "GET" request to "***/repository/npmjs/humps".
verbose Performing "GET" request to "***/repository/npmjs/lodash".
verbose Request "***/repository/npmjs/angular" finished with status code 401.
verbose Performing "GET" request to "***/repository/npmjs/oclazyload".
verbose Error: Couldn't find package "angular" on the "npm" registry.
    at MessageError (/usr/local/Cellar/yarn/0.20.3/libexec/lib/node_modules/yarn/lib/errors.js:8:5)
    at /usr/local/Cellar/yarn/0.20.3/libexec/lib/node_modules/yarn/lib/resolvers/registries/npm-resolver.js:209:15
    at next (native)
    at step (/usr/local/Cellar/yarn/0.20.3/libexec/lib/node_modules/yarn/node_modules/babel-runtime/helpers/asyncToGenerator.js:17:30)
    at /usr/local/Cellar/yarn/0.20.3/libexec/lib/node_modules/yarn/node_modules/babel-runtime/helpers/asyncToGenerator.js:28:13
    at process._tickCallback (internal/process/next_tick.js:103:7)
error Couldn't find package "angular" on the "npm" registry.

So it seems that is actually performing the first request correctly but then fails for subsequent requests.
With npm all good.

@haishengwu-okta
Copy link

for my case, I solved it by reorder entries in npmrc. particularly

cafile=/path/to/my-org.pem
strict-ssl=true
@my-org:registry=URL-x
registry=URL-y

@omniscient
Copy link

omniscient commented Mar 8, 2017

In the hope that this is going to help someone, here's what I did to get yarn working with our private repo (an instance of proget) and our git monorepo. This is the only way I found where you can use yarn as a "drop-in" replacement as it is intended to be used.

First of all you install yarn globally by doing:

npm install yarn -g

As of version 0.21.3, from what I could tell, Yarn doesn't support the "Encoded" version of the .npmrc file so don't even bother with it. If your .npmrc has something like this:

//your.privaterepo.net/npm/:_password="abcderfxxxxx="
//your.privaterepo.net/npm/:username=youruser
//your.privaterepo.net/npm/:[email protected]
//your.privaterepo.net/npm/:always-auth=true
registry=https://your.privaterepo.net/npm/npm
always-auth=true

it won't work. You have to simply open your .npmrc file with a text editor and replace all the text with a basic auth URL like this:

registry=https://yournugetusername:[email protected]/npm/npm

Beware of your global .npmrc vs local project .npmrc in your git repo. In the case of a monorepo, it's possible that you have a .npmrc file for each package under the packages folder. This is going to impact the ability for yarn to use your global npm settings. If you keep them, you have to make the same mods in all .npmrc through your project.

So once you make all these changes, you basically replace "npm install" by "yarn":

yarn

In a monorepo situation where you use lerna, there is an open issue related to parallel execution with yarn. You simply can't run yarn in parallel right now. Normally you would simply do:

lerna exec -- yarn

but that is going to fail because of this open ticket: #Issue 683 At the moment, you have to disable erna parallel execution by doing this command:

lerna exec --concurrency=1 -- yarn

If you still run into some issues just type:

yarn --verbose

You will see the yarn log in your console and should figure out the problem easily. For example, without the settings above I was seeing error 401 (not authenticated) exceptions in the log which triggered me to refocus my research...

@marian-r
Copy link

Just to let you know Yarn seems to work fine with Sinopia as it just proxies packages from npm registry when they are missing in Sinopia.

@bestander
Copy link
Member

It should be fixed now

@Arnaud-Nauwynck
Copy link

It seems to me that whatever is written in .npmrc or .yarnc registry key, the real http request sent is always using the default https://registry.yarnpkg.com/ prefixed url.
This work fine except when you are behind a corporate firewal, and you absolutely need to used corporate registry (I use Nexus3)...
(Another workaround is to use http-proxy options with your user/password, but this is not ok to put my password on a shared jenkins server for building)

I found that in source code : https://github.com/yarnpkg/yarn/blob/master/src/registries/npm-registry.js

request(pathname: string, opts?: RegistryRequestOptions = {}, packageName: ?string): Promise<*> { const registry = this.getRegistry(packageName || pathname); const requestUrl = url.resolve(registry, pathname); // <== does not work..
An example of values is
pathname="https://registry.yarnpkg.com/@angular/core/-/core-4.0.0.tgz"
registry="https://mynexus-npm.mycompany/nexus/repository/npm-group/"
I get requestUrl = pathname instead of
requestUrl ="https://mynexus-npm.mycompany/nexus/repository/npm-group/@angular/core/-/core-4.0.0.tgz"

The url.resolve() does not replace the url with the base registry url. Instead, I patched it like this:
request(pathname: string, opts?: RegistryRequestOptions = {}, packageName: ?string): Promise<*> { const registry = this.getRegistry(packageName || pathname); // PATCH!! const requestBaseUrl = url.resolve(registry, pathname); // does not work... const requestUrl = requestBaseUrl.replace('https://registry.yarnpkg.com/', registry);

and it works fine!

@bestander
Copy link
Member

bestander commented May 30, 2017 via email

@Arnaud-Nauwynck
Copy link

I made a pull request #3528
My fix was "simple", but I don't know all the impacts in your yarn.lock file.
I just wanted to fix my corporate firewall problem!
Thank you for offering me to "lead the fix", but I am not the right person for leading it.

@bestander
Copy link
Member

bestander commented May 30, 2017 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

9 participants