What I want to achieve:
I want to create private/local npm package repository using couchdb. It should allow me and other users to first, set registry
-npm set registry http://localhost:5984/registry and then to be able to make npm login and npm adduser or at least to login with predefined user.
Problem:
I'm not able to make npm login or npm adduser so that user is registered and allowed to publish/install packages. If I create the user in the _users database and give him permission to a registry database, npm login / npm adduser will fail with 401 Unauthorized - PUT http://localhost:5984/registry/-/user/org.couchdb.user:npm - unauthorized , same will happen if I dont create user first and try to create one with npm adduser.
What am I missing? How can I make that npm login / npm adduser work with my couchdb registry database?
NOTE: I am aware of some other solutions like verdaccio, but I do not want to use it.
What I managed to do:
I created couchdb with private-registry database, it is accessible via browser or simple curl requests. It works if I make my own _auth encoding. Basically this:
echo -n "username:password" | base64. And then update my .npmrc file with something like this:
//localhost:5984/registry/:_auth="dGVzdDp0ZXN0". After that I can normally publish/install packages to/from my local registry. But this is not solution I like because it requires some extra manual steps to update .npmrc.
versions:
npm: 9.5.0
couchdb:latest, 3, 3.3, 3.3.1
Related
I am trying to create an authenticated token with npm login to use in my ci/cd environment. I read in this article that in order to get past the ENEEDAUTH error I need to log in to npm with the access token and use the auth token generated from that in ci so that publishing to npm will work. However, authentication fails when attempting to use the generated access token for the password in npm login/adduser
I created the access token, ran npm login and got a 401 response, invalid password. I've typed, pasted and then tried using the npm-cli-login package to make sure the credentials were passed correctly. Is it not possible to log in with the access token as the password?
I've also tried deleting the package-lock.json (mentioned in other stackoverflow questions about similar problems)
I'm using:
node v18.13 lts
npm v8.19.2
My notebook uses MacOS, and already set up http(s) proxy inside the Network Preferences, but always failed to install any packages when running npm install in the terminal, it popped up the error 407 Proxy Authentication Required.
So I installed the cntlm and applied the correct configuration.
Below is the test and it seems pass (return HTTP Code 200):
cntlm -c /usr/local/etc/cntlm.conf -I -M http://registry.npmjs.org/vue
Password:
Config profile 1/4... OK (HTTP code: 200)
----------------------------[ Profile 0 ]------
Auth NTLMv2
PassNTLMv2 28B089518C6573274C6B9D83D0XXXXXX
When I ran npm i vue-cli -g, cntlm did receive the request as below:
cntlm -c /usr/local/etc/cntlm.conf -f
Oct 15 15:12:29 cntlm[17646] <Info>: Cntlm ready, staying in the foreground
Oct 15 15:12:38 cntlm[17646] <Info>: Using proxy company-proxy:80
Oct 15 15:12:38 cntlm[17646] <Debug>: 127.0.0.1 GET http://registry.npmjs.org/nexe
But nodejs threw out below exceptions:
npm i vue-cli -g
npm ERR! code E407
npm ERR! 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied. ): vue-cli#latest
npm ERR! A complete log of this run can be found in:
npm ERR! /Users/****/.npm/_logs/2018-10-15T23_13_47_019Z-debug.log
It confused me: because the test is PASS, but why the cntlm still failed to connect to npmjs.org?
Finally find out the solution:
don't use plain text password ( add one # at the beginning of the Password line, like change Password XXX to #Password XXX)
use PassLM, PassNT, PassNTLMv2 instead (it seems hash values will prevent from auth handshake mechanism again, which should mean you are on behalf of the applications with logged in Windows user account).
The default cntlm configuration file already introduces the steps how to generate them.
My steps are as below:
execute cntlm -H -d your_domain -u your_username
then it prompts password, fill in your password then hit Enter:
The output will be like below:
Password:
PassLM F5314AF8A2DB16BDB7EE9FA6CFC5BC9A
PassNT 4EC02E0D65F8F0C1A9386C69CB6A2555
PassNTLMv2 28B089518C6573274C6B9D83D0EB8651
paste above hash values to the relevant fields in the configuration file.
save then restart cntlm, it works.
I have a GitLab domain, project and repo. This project is accessible via a group I am apart of.
I would like for this to be downloaded via npm install in the following ways:
Local computer
GitLab CI job
Inside of a Docker container
I'm guessing the easiest way of doing this is to just make it public. Is there a way to fix this so it is secure. I can imagine that it must be done with keys.
In my package.json under dependencies I currently have this, but it gives a 401 error of course:
"my-module": "my-domain.com:my-project/my-repo#my-branch",
I do not want hardcoded tokens in the package.json file, if it can be avoided.
You can use SSH keys to access your repository. Add ssh keys to GitLab server and define url to your repsitory in following form:
git+ssh://git#git.mydomain.com:Username/Repository#{branch|tag}
or
git+ssh://git#git.mydomain.com/Username/Repository#{branch|tag}
In your package.json it will be something like this "my-module": "git+ssh://git#my-domain.com:my-project/my-repo#my-branch"
If your ssh key is password protected, then npm will ask for password.
When using npm behind corporate proxy we have need to have following configurations in .npmrc file in user home directory.
proxy = http://<username>:<pass>#<proxy_host>:<proxy_port>/
registry = http://registry.npmjs.org/
https-proxy = http://<username>:<pass>#<proxy_host>:<proxy_port>/
While this works fine, there is a need to hardcode password in the .npmrc file. Also corporate password change policy mandates to change password after a certain period of time.
Is there a way/configuration to prompt user for password instead of having it in .npmrc file. May be like the way it works for git clone where it asks for password while cloning if repository is password protected.
You can install the sync-prompt module:
npm install sync-prompt
and modify the npm-registry-client/index.js slightly.
See this article for details and code that you need to add:
https://mikesharp.wordpress.com/2014/04/16/getting-npm-to-prompt-for-username-and-password-pochack/
I am trying to install bower
npm install -g bower
but am getting an authentication error from our proxy
...
npm http 407 http://registry.npmjs.org/bower
...
Error Code: 407 Proxy Authentication Required.
...
I am trying to get npm working behind a corprate proxy. I think our proxy is a little weird because the only way I was able to get maven downloading packages was to add wagon-http-lightweight.jar as a maven extension.
http://maven.apache.org/wagon/wagon-providers/wagon-http-lightweight/
I have tried all the regular things as described here:
Is there a way to make npm install (the command) to work behind proxy?
(I don't need to supply authentication details in my maven proxy settings).
npm config set registry http://registry.npmjs.org/
npm config set proxy http://myusername:mypassword#proxy.us.somecompany:8080
npm config set https-proxy http://myusername:mypassword#proxy.us.somecompany:8080
npm config set strict-ssl false
What else can I try?
Can try this....working for me.
Open IE (Chrome did not work for me).
Hit the URL http://registry.npmjs.org
it will download json output if successful.
Now go back to command prompt and try npm install.
I was able to get this working by installing a local proxy:
NPM behind NTLM proxy
Use fiddler http://www.telerik.com/fiddler
Install and run and that's it, everything will run as it is supposed to. I spent half a day cracking my head on this
Edit: I honestly have no idea if it was fiddler or something else I tried that fixed it (it is mostly the latter) but you should try setting registry, http-proxy, proxy and strict-ssl
When authentication is required for the HTTP proxy:
Fiddler can be configured to authenticate with the corporate HTTP proxy using NTLM or other protocols. Leave the existing auto authenticate options/rules defaults in place. Instead, go to this setting from the menu bar:
Tools > Telerik Fiddler Options > Connections tab
Click on the Allow remote computers to connect checkbox. You will see a dialog explaining the consequences of enabling this option. Restart Fiddler and update the .npmrc file as shown above. Whenever you need npm to access the registry site just run Fiddler. This setting won't affect the way Fiddler runs for other captures.
I have the same issue.
The root cause is my password contains a special character '#', when I npm set config proxy, the character become '#' in .npmrc file, so I change my password to remove the special character and it's working fine.
If your password does not contains special characters, just use syntax command below, it will work.
npm config set strict-ssl=false
npm config set proxy http://<username>:<password>#<proxy-server-url>:<port>
npm config set https-proxy http://<username>:<password>#<proxy-server-url>:<port>
Thanks,