Publish an NPM package to GitLab package registry - gitlab

The bounty expires in 6 days. Answers to this question are eligible for a +200 reputation bounty.
Code-Apprentice wants to draw more attention to this question.
I followed the instructions in the GitLab docs to publish my project as a package to the project's registry. Here is my .gitlab-ci.yml file:
image: node:18
stages:
- publish
publish:
stage: publish
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
script:
- echo "//${CI_SERVER_HOST}/api/v4/projects/${CI_PROJECT_ID}/packages/npm/:_authToken=${CI_JOB_TOKEN}">.npmrc
- npm publish
When I run this pipeline, it gives the following error:
npm ERR! code ENEEDAUTH
npm ERR! need auth This command requires you to be logged in to https://registry.npmjs.org/
npm ERR! need auth You need to authorize this machine using `npm adduser`
npm ERR! A complete log of this run can be found in:
npm ERR! /root/.npm/_logs/2023-02-16T19_08_00_397Z-debug-0.log
Why does it say I need to authenticate with registry.npmjs.org? I am trying to publish to my GitLab package registry, not to NPM. More importantly, how do I correctly authenticate with GitLab and publish my NPM package to the project's registry?
More Details
I tried adding this line at the top of my script block:
- echo "registry=https://${CI_SERVER_HOST}/api/v4/projects/${CI_PROJECT_ID}/packages/npm/">.npmrc
This gives the following error:
npm notice Publishing to https://gitlab.com/api/v4/projects/<project-id>/packages/npm/ with tag latest and default access
npm ERR! code E403
npm ERR! 403 403 Forbidden - PUT https://gitlab.com/api/v4/projects/<project-id>/packages/npm/npm-publish-gitlab
npm ERR! 403 In most cases, you or one of your dependencies are requesting
npm ERR! 403 a package version that is forbidden by your security policy, or
npm ERR! 403 on a server you do not have access to.
npm ERR! A complete log of this run can be found in:
npm ERR! /root/.npm/_logs/2023-02-16T19_26_48_321Z-debug-0.log
If I also change image: node:18 to image: node:14, it works. So something appears to have changed since nodejs 14 that breaks the gitlab pipeline implementation. Any ideas what it might be?

It looks like you're missing a definition to publish your package to the internal registry.
This can be done in the package.json (although I don't think there's a convenient way of using environment variables there):
"publishConfig": {
"registry":"http://my-internal-registry.local"
}
or directly in the .npmrc:
registry=https://${CI_SERVER_HOST}/api/v4/projects/${CI_PROJECT_ID}/packages/npm/
this can also be limited to a specific scope:
#myscope:registry=https://${CI_SERVER_HOST}/api/v4/projects/${CI_PROJECT_ID}/packages/npm/

Related

npm publish to registry.npmjs.org fails in GitLab CI

I tried to publish in registry.npmjs.org/ with gitlab ci, but instead of publish, i get an error
I tried what this page says https://webbureaucrat.gitlab.io/posts/continuously-deploying-an-npm-package-with-gitlab-ci-cd/
with this gitlab-ci.yml file
image: node:latest
stages:
- deploy
deploy:
stage: deploy
script:
- echo "//registry.npmjs.org/:_authToken=${NPMJS_TOKEN}" > .npmrc
- npm publish
But I get the next error
npm notice
npm ERR! code ENEEDAUTH
npm ERR! need auth This command requires you to be logged in to https://registry.npmjs.org/
npm ERR! need auth You need to authorize this machine using `npm adduser`
npm ERR! A complete log of this run can be found in:\
I tried to change by this but I have the same output
- npm config set //registry.npmjs.org/:_authToken ${NPMJS_TOKEN}
I thought I would fixed something when i did this because the error message changes
- npm config set //registry.npmjs.org/:_authToken ${NPMJS_TOKEN}
npm notice
npm notice Publishing to https://registry.npmjs.org/
npm ERR! code E404
npm ERR! 404 Not Found - PUT https://registry.npmjs.org/xxxx - Not found
npm ERR! 404
npm ERR! 404 'xxxx#1.0.0' is not in this registry.
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
npm ERR! A complete log of this run can be found in:
But I couldn't go any further than here, the funny thing is if i go to this link https://registry.npmjs.org/xxxx after i published local, this results something by HTTP get by browser, but still show the same message, even if I increase the version
The only way i can have same error doing a local publish was doing npm publish after i delete the package, i had to change the package name to publish again (this doesn't work in gitlab)

Npm publish required me to be logged in when I am logged in

Hi i got problems with deploying my npm package. First of all I deployed it manually by type npm publish everything worked, package was published. But I wanted it to be published every time i push changes on main. So I add that commands to my github actions CI config
- name: Run build
run: yarn build
- name: Publish to npm
run: npm publish
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
And it publishing that package on github packages but not on npm. I tried to publish it manually but i got that error npm
$ npm publish
npm ERR! code ENEEDAUTH
npm ERR! need auth This command requires you to be logged in.
npm ERR! need auth You need to authorize this machine using `npm adduser`
npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\makow\AppData\Local\npm-cache\_logs\2021-11-02T14_22_20_432Z-debug.log
Your GITHUB_TOKEN is your token for GitHub, not npm. The solution is to get an npm token valid for publication, add it as a GitHub secret, and make it available to your GitHub Actions workflow.
Given your layout, it looks like you are trying to use release-please but you are using your GitHub token rather than an npm token. Follow the instructions in the npm docs to create a token and add it as a secret in your repo. Then update your workflow to access that secret. (You'll still need the GitHub token too to publish to GitHub and probably to do other things.)

Installing npm private package gives back 404/405 - "is not in the npm registry"

npm ERR! code E404
npm ERR! 404 Not Found - GET http://registry.npmjs.org/#office%2fintegration-sdk - Not found
npm ERR! 404
npm ERR! 404 '#office/integration-sdk#*' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
We have private bitbucket repo, with package code, that we want to make npm private package out of it.
I've managed to publish it thru CLI with npm publish, and with the bitbucket pipeline.
And it can be installed fine, as long as i am logged in with npm login.
But we want to be able to install it without logging to npm(when deployed etc..), and i thought NPM_TOKEN is there for those reasons.
I've tried buncha stuff in .npmrc file, mostly like:
#office:registry=https://registry.npmjs.org/:_authToken=<'read/publish token from npm'>
Steps:
npm publish
check npm - package looks good, updated, etc..
run install command - npm i #office/integration-sdk
Fails with either 404(most of the time), and with 405 Method not Allowed when i have #office:registry=https://registry.npmjs.org/#office.
One thing that might be causing this.. We only have user account on npm i guess, it is Pro account with private packages thing. But we didn't create organization. Could that be a problem, i mean it can be published, and installed when logged in, and also public packages can be installed just fine when not logged in.

Cannot publish to github package registry from travis: 401 unauthorized despite including github personal access token

I'm trying to publish a package to the github package registry from Travis CI. Everything seems to work fine (build and tests succeed), but when it tries to publish, I'm getting a 401 error. I've added my github personal access token as a secure env var in the travis config, and I'm manually overriding the root .npmrc with an npmrc that includes the github registry and the access token, but I'm still getting permission issues. How am I supposed to grant lerna/npm permission to publish a github package?
Here is my .travis.yml
env:
global:
secure: "my encrypted GH_TOKEN value (github personal access token with package registry permissions)"
language: node_js
node_js:
- "12"
cache:
directories:
- "node_modules"
before_install:
- echo "#my-org:registry=https://npm.pkg.github.com/:_authToken=\${GH_TOKEN}" > .npmrc
install:
- npm ci
- npm run bootstrap
script:
- npm run test
- npm run build
deploy:
provider: script
script: "npm run publish"
skip_cleanup: true
on:
node: "12"
tags: true
When the travis deploy runs, it errors with this:
> lerna publish from-git --yes --npm-tag beta
WARN deprecated --npm-tag has been renamed --dist-tag
lerna notice cli v3.20.2
lerna info ci enabled
Found 1 package to publish:
- #my-org/example-pkg => 1.0.2-beta.8
lerna info auto-confirmed
lerna info publish Publishing packages to npm...
lerna notice Skipping all user and access validation due to third-party registry
lerna notice Make sure you're authenticated properly ¯\_(ツ)_/¯
lerna WARN ENOLICENSE Package #my-org/example-pkg is missing a license.
lerna WARN ENOLICENSE One way to fix this is to add a LICENSE.md file to the root of this repository.
lerna WARN ENOLICENSE See https://choosealicense.com for additional guidance.
lerna WARN lifecycle Skipping root "prepublish" because it has already been called
lerna http fetch PUT 401 https://npm.pkg.github.com/:_authToken=[secure]/#my-org%2fexample-pkg 153ms
lerna ERR! E401 Unable to authenticate, need: Basic realm="GitHub Package Registry"
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! ts-utilities#1.0.0 publish: `lerna publish from-git --yes --npm-tag beta`
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the ts-utilities#1.0.0 publish script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
npm ERR! A complete log of this run can be found in:
npm ERR! /home/travis/.npm/_logs/2020-02-25T19_46_08_862Z-debug.log
Script failed with status 1
failed to deploy
What am I doing wrong here?
The issue ended up being I needed two lines in my .npmrc file. One to associate org #my-org with the github package registry: And one to provide an auth token for the github package registry. So the whole .npmrc looks like this:
#my-org:registry=https://npm.pkg.github.com/
//npm.pkg.github.com/:_authToken=${GITHUB_TOKEN}
Then I was able to just set the GITHUB_TOKEN environmental variable to my github personal access token (with package read permissions) and then I was able to run npm install #my-org/example-pkg.

data['dist-tags'][npm.tag] - Cannot read property 'latest' of undefined

github: https://github.com/Sly777/React-UI-Debugger
travis CI: https://travis-ci.org/Sly777/React-UI-Debugger
semantic-release: ^6.3.2
basically i'm trying to publish package as first release to public by using semantic-release & travis CI but it doesn't work. I'm getting these errors below.
it's giving error on travis CI
/home/travis/build/Sly777/React-UI-Debugger/node_modules/#semantic-release/last-release-npm/dist/index.js:29
var version = data['dist-tags'][npm.tag];
^
TypeError: Cannot read property 'latest' of undefined
after i got this error, i tried to run npm dist-tag ls on local but that time i got error like this
npm ERR! dist-tag ls Couldn't get dist-tag data for react-ui-debugger
npm ERR! Darwin 16.3.0
npm ERR! argv "/Users/xxxx/.nvm/versions/node/v6.9.1/bin/node" "/Users/xxxx/.nvm/versions/node/v6.9.1/bin/npm" "dist-tag" "ls"
npm ERR! node v6.9.1
npm ERR! npm v3.10.8
npm ERR! code E403
npm ERR! Registry returned 403 for GET on https://registry.npmjs.org/-/package/react-ui-debugger/dist-tags
npm ERR!
package.json
{
"name": "react-ui-debugger",
"version": "0.0.0-development"
}
Also i pushed latest tag on github.
What's your opinion? What do you suggest?
After tried many times, I found the solution for this (actually, it's not entirely solution). For your first release of your package, you need to release your package without using "semantic-release". With "semantic-release", I don't know why (i didn't get any answer from their team) but it's not working for the first release.
There might already be a package in the npm registry with the same name. The repo, with which I encountered the same issue, that you reported was already claimed once by someone else and it is currently unpublished.
To check this, simply open this link your browser:
https://registry.npmjs.org/<your package name>
(be sure to type your package name with lowecase letters all the way)
I have also added this info to your github issue page: https://github.com/semantic-release/semantic-release/issues/352
My suggestion is either create a new repo with a different name, or do a manual publish to claim the registry entry as yours.

Resources