I'm trying to install some packages from Azure Artifacts Feed which was set up by my organization. I still need other external packages in https://registry.npmjs.org/. Although they have configured NPM as upstream source for feed, my 'Reader' permission doesn't allow me to add new packages. So I can only use NPM scopes to install private packages from a scope registry and public package from official registry. But I cannot install private packages simply with scope name.
I've config my user's .npmrc, get authentication using "vsts-npm-auth". It looks like this now:
# $HOME\.npmrc
proxy=http://my-enterprise-proxy.com
noproxy[]=blah-blah-blah
strict-ssl=false
registry=https://registry.npmjs.org/
#feed-scope:registry:=https://pkgs.dev.azure.com/[ORGANIZATION_NAME]/_packaging/[FEED_NAME]/npm/registry/
always-auth=true
//pkgs.dev.azure.com/<ORGANIZATION_NAME>/_packaging/<FEED_NAME>/npm/registry/:username=[ENTER_ANY_VALUE_BUT_NOT_AN_EMPTY_STRING]
//pkgs.dev.azure.com/<ORGANIZATION_NAME>/_packaging/<FEED_NAME>/npm/registry/:_password=[BASE64_ENCODED_PERSONAL_ACCESS_TOKEN]
//pkgs.dev.azure.com/<ORGANIZATION_NAME>/_packaging/<FEED_NAME>/npm/registry/:email=npm requires email to be set but doesn't use the value
Now I try to execute:
npm install #feed-scope/package-needed
And I get:
npm ERR! code E404
npm ERR! 404 Not Found - GET pkgs.dev.azure.com/<ORGANIZATION_NAME>/_packaging/<FEED_NAME>/npm/registry/#my-scope%2fpackage-needed - The package '#my-scope/package-needed' was not found in feed '[FEED_NAME]'
npm ERR! 404
npm ERR! 404 '#my-scope/package-needed#*' is not in this registry.
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
I've explored my org's feed, there is only a package named "package-needed". I doubt that the scope name I add to command just what the problem is. But I don't know how can I remove it.
PS: Please ignore those placeholders.
Unfortunately, that's not going to work. The scope is part of an npm package's name. You should work with the owners of your feed to get you the Collaborator role, which is the same as the Reader role plus the ability to use packages from upstreams which have not yet been saved to your feed. This is distinct from the Contributor role which also adds the ability to publish packages directly to the feed.
Related
I have built an Azure chatbot that works fine in Bot Emulator locally but fails when I upload it to Azure. I get the following error:
npm ERR! code EOVERRIDE
npm ERR! Override for axios#^1.2.0 conflicts with direct dependency
I'm not entirely sure what this means. Does anyone know how to get around this?
I have tried to update the Axios package in both package-lock and package json files and nothing has worked
This error is due to the impact of packages in npm library related to axios package. We need to override the package manually using the below code block.
npm install axios-method-override
import axiosMethodOverride from 'axios-method-override';
axiosMethodOverride(axios);
const instance = axios.create();
axiosMethodOverride(instance);
we need to use override patch of HTTP, PUT, DELETE in this implementation.
It's not clear from the documentation what a Verdaccio proxy is.
If I set up a proxy for #acme/foo and someone targets Verdaccio trying to publish #acme/foo how do I configure the behavior and what is the default? There are three obvious possibilities but none of them are covered in the docs,
The publish is reject
The publish is proxied.
The publish is done locally, and further requests are not proxied.
I would prefer the third option but when I try to publish to a package that is proxied I get this in npm,
npm ERR! code EPUBLISHCONFLICT
npm ERR! publish fail Cannot publish over existing version.
npm ERR! publish fail Update the 'version' field in package.json and try again.
npm ERR! publish fail
npm ERR! publish fail To automatically increment version numbers, see:
npm ERR! publish fail npm help version
npm ERR! A complete log of this run can be found in:
npm ERR! /home/ecarroll/.npm/_logs/2021-11-11T18_45_39_813Z-debug.log
The publish happens locally but only after the local Verdaccio server reaches out to the remote server and validates that there is no conflicting version.
When you are trying to publish a package#version and you have uplinks defined (by default is npmjs) it will:
Ask to the defined uplink (in case you have the proxy: npmjs in your package access`) and download the manifest if exist, if does not will just don't persist anything (jump to step 3)
Will verify if in that manifest (in case step 1 is positive) if the version already exist.
If exist, will return 409 http status (http conflict) <-- what npmjs will display is EPUBLISHCONFLICT if not, will publish the package.
Here more info: https://verdaccio.org/docs/best#override-public-packages
In a nutshell, if the package access section has proxy it will always double check with the uplink and won't allow you have duplications.
This is taken from Juan Picado on GitHub from a discussion that I opened up
Imagine an Azure DevOps feed (MyFeed) of npm packages with two views: Local and Release. This feed has an upstream source https://registry.npmjs.org/. Two packages (#scope/a and #scope/b) are already published and they are in Local view. Both of them directly depend on prop-types package from npmjs:
"dependencies": {
"prop-types": "^15.7.2"
},
"peerDependencies": {
"react": "^16.12.0",
...
}
Packages "a" and "b" are installed, builded (Storybook, i.e.) and deployed to some test environment for review. During installation of the packages their dependency prop-types is saved from upstream to the Local view of the feed.
Let's assume that package A passes review and is promoted to #Release view. Then I try to install it into the main project, which is connected to MyFeed#Release. But installation fails, because prop-types is still in Local view:
$ npm i #scope/a
npm ERR! code E404
npm ERR! 404 Not Found - GET https://*/*/_packaging/MyFeed%40Release/npm/registry/prop-types - NotFound
npm ERR! 404
npm ERR! 404 'prop-types#^15.7.2' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404 It was specified as a dependency of '#scope/a'
The only way to start using package "a" is to promote all it's dependencies to the same view (package "b" still installs correctly after that). But shouldn't it be done automatically? Or is there a workaround to use unpromoted (Local) upstream packages? There are could be plenty of dependencies from public packages from npmjs, which can hardly be managed manually.
Maybe I should create another feed, connected to npmjs and use it "in front" of MyFeed, like so:
npmjs <- MyUpstreamFeed (with Local view only) <- MyFeed (not directly connected to npmjs).
I was publishing the npm module and I got an error
I verified my package name does not exist in the npm registry
403 Forbidden - PUT https://registry.npmjs.org/package - Package name too similar to existing packages; try renaming your package to '#name/package' and publishing with 'npm publish --access=public' instead
I wanted to know what factors npm filter the package and verify the names
Trying to do npm install for a package fails when any of the dependencies have a scoped public package e.g. #babel/generator with a 401 Unauthorized
or something like
error Couldn't find package "#babel/generator" on the "npm" registry.
In my case,
I tried an npm logout which might have cleared/reset local storage/session
info related to my npm login.
After that I am able to download/install publicly scoped packages normally.
Credit to Wes Bos here: https://twitter.com/wesbos/status/1067822624561143809
Logging into npm with npm login resolved this for me.