Related
I tested with Azure Packages private NPM server and now want to revert back to using the standard NPM registry but when I do it complains. I have tried everything I can think of and it is blocking me from doing any work now. I'd really appreciate any help.
The error
npm ERR! code E401
npm ERR! Unable to authenticate, your authentication token seems to be invalid.
npm ERR! To correct this please trying logging in again with:
npm ERR! npm login
If I check the log it is still, somehow, trying to find packages from Azure rather than the npm registry.
The Azure URL specified below doesnt exist in any .npmrc file or package-lock file I can find!
To be clear here I want to use the default NPM registry not Azure. e.g.
32 silly fetch manifest #types/angular#https://pkgs.dev.azure.com/***/***/_packaging/***.Common.UI/npm/registry/#types/angular/-/angular-1.6.45.tgz
Steps I have taken
Deleted my local .npmrc file
Deleted .npmrc file from my user profile
Cleared NPM cache
Cleared local node_modules folder
npm config set registry https://registry.npmjs.org/
npm config set registry https://registry.npmjs.com/
Reinstalled node.js
In each case, running npm install still gives me the same error.
Please help!
.npmrc containing private repo credentials
I had similar error. It turned out that I've saved some credentials for private repo on .npmrc file at the root of my home folder.
So when I did npm install on my project, I get package-lock.json file contents appended with the private repo url. So this was the source of the error when deploying the project.
What I did was to temporarily remove the .npmrc, delete package-lock.json, delete node_modules and re-run npm install.
In my case the private repo details was not relevant for the project(so deleting .npmrc was not an issue)
Check your package.json for the node version you should be using and make sure that you are using a compatible version with nvm or something. This has been consistently the reason I have seen this error lately on my own machine.
In my case , I just deleted the package-lock.json file and tried running npm install.
The error disappeared and all packages in node-modules were created.
This happened because in the previous package-lock.json file the resolved field had an address that was not for public access.
But my new package-lock.json resolved field looks like this:
"node_modules/#hapi/hoek": {
"version": "9.3.0",
"resolved": "https://registry.npmjs.org/#hapi/hoek/-/hoek-9.3.0.tgz",
"integrity": "sha512-/c6rf4UJlmHlC9b5BaNvzAcFv7HZ2QHaV0D4/HNlBdvFnvQq8RI4kYdhyPCl7Xj+oWvTWQ8ujhqS53LIgAe6KQ=="
}.
Tried all the methods but Nothing worked for me. This steps solved my issue.
Delete the .npmrc file in your Users folder.
C:\Users\[your user name]
2.Run this command in your project folder that has an .npmrc file in it:
npx vsts-npm-auth -config .npmrc
The credentials in the .npmrc file have an expiration time. You need to regenerate these credentials.
Had similar issue, Deleting the .npmrc and then doing npm login again solved my issue, it was located in the project directory
Above #kotana Sie worked for me. But there is no explanation so I would like to add that.
the errors mean that your access key to the private Azure DevOps npm repository has expired and npm can’t login to the repository using it.
To refresh the keys just run to acquire new:
vsts-npm-auth -config .npmrc
There is a known issue with sometimes that doesn't work and just says the keys “are already up to date” or “can’t get an authentication token…”:. To solve it delete the C:\Users\<YourAccountName>\.npmrc manually and repeat the process.
I upgraded node version to 12.16.2 and npm version to 6.14.4. After that I am not able to run npm install, as I'm getting this error
code E401
npm ERR! Unable to authenticate, need: BASIC realm="Sonatype Nexus Repository Manager"
I even tried deleting node_modules and package-lock.json and running npm install again, but doesn't change anything.
I had similar issue. I resolved it by adding _auth into my ~/.npmrc. See the doc how to encode your nexus credential. I added the encoded credential using npm config set _auth xxx.
You wont be able to see the value using npm config list or npm config get _auth.
In my case, the problem was I've entered another registry address in same Nexus for npm login command.
npm login --registry=http://nexus_url:port/repository/wrong_address
My problem was solved by logging into correct address:
npm login --registry=http://nexus_url:port/repository/correct_address
what worked for me is :
I deleted the .npmrc file under C/users/ folder.
and ran npx vsts-npm-auth -config .npmrc command to create a new file in the users folder
Deleted the .npmrc file under C/users/ folder
npm set registry=http....
npm set _auth=(login:pass in base64):
I found a way out. With this new npm version they are enforcing authentication to access certain packages. We realised we don't need to use authentication for any of the packages we were downloading, hence the auth code we had was unnecessary. So we just removed it and it all worked.
vsts-npm-auth -config .npmrc -F
Is the only solution I found;
Edit: make sure to run npm install -g vsts-npm-auth before
You can remove package-lock.json .. it works with me
I'm run set's command from the post and add in nexus "Active realms" profile "npm Bearer Token Realm". Links: https://help.sonatype.com/repomanager3/system-configuration/access-control/realms
My problem was solved.
I encountered this error when running an npm install that was pulling some dependencies from a non-public registry located on a self-hosted Azure DevOps (AzDo) server.
I had a .npmrc file in the project, and a .npmrc file in my user profile dir with an AzDo personal access token (PAT) that had allowed access previously. The AzDo UI reported my token as still being valid.
PS C:\src\app> npm install
npm ERR! code E401
npm ERR! Unable to authenticate, need: Basic realm="{INTERNAL_REGISTRY_URL}", Negotiate, NTLM
In my case, the solution was to regenerate the AzDo PAT and update the .npmrc found in my user profile directory.
What worked for me was running npm login, then entering my Username, Password, and Email to log in to the registry defined in .npmrc. I then proceeded with npm installing the packages I needed and it worked.
Had the same issue while doing npm i for a private npm registry. Solved it by removing the _authToken parameter from some lines in my .npmrc file in my user's root directory:
Before:
//registry.npm.example.com/:_authToken=NpmToken.XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXX
//npm.artifacts.example.io/:_authToken=NpmToken.XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXX
update-notifier=false
registry=https://npm.artifacts.example.io/
After:
//registry.npm.example.com/
//npm.artifacts.example.io/
update-notifier=false
registry=https://npm.artifacts.example.io/
In my case the Nexus Authentication and project I am using requires Node version: 12.8.1.
I was using node version: 16.13.2
I use NVM to install 12.8.1 with nvm install 12.8.1
Then nvm use 12.8.1
This will now work on my machine and environment.
if the .npmrc file config like this
//registry.npm.example.com/:_auth="base64(username:psw)"
try this
//registry.npm.example.com/:_authToken="base64(username:psw)"
In my case, npmjs expected a Base64 encoded Personal Access Token in the .npmrc file, and I had forgotten to Base64 encode it before pasting it into the user .npmrc file.
You can try downgrading the current node version, 16, to 14.20.0.
My steps to fix this issue.
Earlier I had configured NODE_HOME under "Environment variable".
I removed it.
Only configured the path.
Created a new folder in the "C" drive and pasted the node files.
(System variable)Path = "C:\Node\node-v14.20.0-win-x64"
I had same issue as I had configured my auth through the .npmrc file by adding the below details to it:
_auth=xxx
always-auth=true
email=example#mail.com
The error was:
npm ERR! code E401
npm ERR! Unable to authenticate, need: BASIC realm="Sonatype Nexus Repository Manager"
then got resolved after removing underscore (_) from auth in the .npmrc file:
auth=xxx
always-auth=true
email=example#mail.com
I am having authentication problem when publishing to my private npm registry hosted on my private Nexus.
My Nexus setup is I have npm-proxy, npm-registry (hosted npm with allowRepublish=false), npm-snapshots (hosted npm with allowRepublish=true) and npm-public (group with all other three repositories).
Since I am developing a library, I am using my snapshot repository, so I can redeploy same version constantly (something like snapshot in maven world).
In my library project I have set this option in package.json
"publishConfig": {
"registry": "https://my.nexus.com/repository/npm-snapshots/"
}
Next, I created .npmrc file with following content:
registry=https://my.nexus.com/repository/npm-public/
_auth=RVhBTVBMRQ==
And with this setup I can publish project with no problem. However, what bothers me, is that I have my password (which is just base64 encoded) stored in file, that should be commited, but I can't commit it, due to credentials in it.
I have tried to instead login to npm registry and removed the auth line from .npmrc
npm adduser --registry=https://my.nexus.com/repository/npm-snapshots --always-auth
I got response Logged in as myusername on https://my.nexus.com/repository/npm-snapshots.
However, when I try to run npm publish I get:
npm ERR! code E401
npm ERR! Unable to authenticate, need: BASIC realm="Sonatype Nexus Repository Manager"
npm verb exit [ 1, true ]
npm timing npm Completed in 6867ms
npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\XXXX\AppData\Roaming\npm-cache\_logs\2019-07-30T19_31_01_598Z-debug.log
Now in my other project (which is using this library), I simply created .npmrc file with content registry=https://nexus.mjamsek.com/repository/npm-public/ and run command npm adduser --registry=https://my.nexus.com/repository/npm-public --always-auth and I was able to download the published package.
However, the publish still won't work and I don't know why.
EDIT 31.7.2019: On my list of active realms I also have npm Bearer Token Realm
When you do npm login or npm adduser the NPM client creates an authentication token that will be used in future request to the registry. Default NXRM configuration allows only Local Authenticating Realm which doesn't recognise NPM's token. Please make sure you have npm Bearer Token Realm active.
You need a trailing slash on the end of the registry URL passed into npm adduser, otherwise npm will chop off the last segment of the URL, and it won't work.
_auth= replaced with output of btoa('username:userpassword') and it worked for me.
I did use this btoa from chrome as below.
I encountered this problem today, my solution was to delete all registry entry from my npmrc file:
registry=https://my.nexus.com/repository/npm-snapshots/
Idealy delete anything superfluous, back it up before-hand, in my case my file contained only:
strict-ssl=false
Then you can
npm login --registry=https://my.nexus.com/repository/npm-public/ again.
If that's not working, you also bypass npm login with curl, look at this life saving post.
Make sure the _auth token is correct. In my case I changed my system credentials and forgot to generate new _auth token. I was getting the exact same error i.e.
"npm ERR! code E401
npm ERR! Unable to authenticate, need: BASIC realm="Sonatype Nexus Repository Manager"
once i fixed it, the issue was resolved.
For those who are looking for the command to generate _auth. It is:
btoa('username:userpassword')
I had same problem, my solution was to delete my global .npmrc file, and after login npm login.
I had ended with three versions of node on my machine. It turned out that the ones i installed later had their own local .npmrc files in the node_modules folders. They didn't use the global .npmrc even after i removed the local one so i had to copy it.
I was struggling about this problem last two days, finally the solution was to delete .npmrc file from root (user) directory.
When npm tried to login, it used the creds inside this file and ignore your pass login.
I've had a similar issue. I also have our credentials stored in an npmrc file in my user directory. When set up with node16/npm7, I would receive the error
npm ERR! code ENEEDAUTH
npm ERR! need auth This command requires you to be logged in.
npm ERR! need auth You need to authorize this machine using `npm adduser`
If I use nvm to downgrade to node12/npm6, it works. I'd prefer a working solution without downgrading, but for now it lets me move on.
UPDATE:
We finally figured it out (a while ago, but I forgot about this answer). In our .npmrc files in our user directories, we needed to add/change our authorization config entry.
Before:
_auth={base64 encoded username:password}
After:
//{path to private repository}:_auth={base64 encoded username:password}
Just enable anonymous access in the nexus dashboard, it will pull from your private registry.
I am learning to the npm package manager, but I am stuck to understand security tokens ( using this documentation ).
As we already know: when we login to any website, a session is created.
So I understand that the tokens are sessions. But after deleting the token, the npm login session is still active, which means token plays different role than the sessions in npm.
Then: said documentation is saying that the tokens can also be used to use the packages outside the npm from the current login session. Can anyone please tell me in more simple examples what tokens are in npm and how they are useful?
How it says: the tokens can also be used to use the packages outside the npm from the current login session.
Example 1: If you have a project with CI, the environment where you will execute your jobs, will not be logged into npm registry, so if you are working with private packages, you will not be able to download those packages. (when your job execute npm install, you will get 403 error for private packages). Commonly, you will need to set an env variable with your npm token, like NPM_TOKEN="your npm token"
Example 2: Other example could be when you create a docker container, your docker images will not have a session for npm, so if you run npm i inside your docker container, you will no be able to download the private packages.
With authentication tokens, you will be able to access to your private packages without using npm login.
Here is my problem. We have a private NPM registry which only works in VPN. I would like to have a fallback registry https://registry.npmjs.org so that when I am out of VPN it works seamlessly.
P.S. Currently I am using npmrc which does a good job in switching between .npmrc files as a workaround
You can have multiple registries for scoped packages in your .npmrc file. For example:
#polymer:registry=<url register A>
registry=http://localhost:4873/
Packages under #polymer scope will be received from https://registry.npmjs.org, but the rest will be received from your local NPM.
On version 4.4.1, if you can change package name, use:
npm config set #myco:registry http://reg.example.com
Where #myco is your package scope.
You can install package in this way:
npm install #myco/my-package
For more info: https://docs.npmjs.com/misc/scope
I believe the top-voted answer might be outdated. As of June 2021, there is a much easier way to do this using npmrc.
Refer to npm Docs.
1. Install npmrc
To install npmrc, on the command line, run
npm i npmrc -g
2. Create your first npm profile
After installing npmrc, you can create a profile to access your custom (maybe company's) registry.
To create an npm Enterprise profile, on the command line, run npmrc -c name-of-profile.
For example, to create a profile called "work", run the following command:
npmrc -c work
To set an npm Enterprise registry for the profile, run the following command, replacing your-company-registry with the name of your company's npm Enterprise registry:
npm config set registry https://registry.your-company-registry.npme.io/
3. Create a profile for the public npm registry
After you have created your npm Enterprise profile, you can create a second profile for a different registry, such as the public npm registry.
To create a profile for the public registry, on the command line, run npmrc -c name-of-profile. For example, to create a profile called "open-source", run npmrc -c open-source.
To set the public registry for your open source profile, run the following command:
npm config set registry https://registry.npmjs.org/
4. Switch profiles with npmrc
To switch profiles, on the command line, run the following command, replacing profile-name with the name of your profile:
npmrc profile-name
Not the best way but If you are using mac or linux even in windows you can set alias for different registries.
##############NPM ALIASES######################
alias npm-default='npm config set registry https://registry.npmjs.org'
alias npm-sinopia='npm config set registry http://localhost:4873/'
For anyone looking also for a solution for authentication, I would add on the scoped packages solution that you can have multiple lines in your .npmrc file:
//internal-npm.example.com:8080/:_authToken=xxxxxxxxxxxxxxx
//registry.npmjs.org/:_authToken=yyyyyyyyyy
Each line represents a different NPM registry
Since it has been a couple years and it doesn't seem possible to do this (using npm alone), a solution to this problem is to use the Nexus Repository Manager (from Sonatype). Nexus supports multiple repositories, lets you order them, and also proxies/caches to improve speed.
A free version and pro/paid version exist. The feature that supports this is described at:
https://help.sonatype.com/repomanager3/node-packaged-modules-and-npm-registries
The relevant information is duplicated below so if/when the above URL/link stops working the information is still here.
A repository group is the recommended way to expose all your npm registries repositories from the repository manager to your users, without needing any further client side configuration. A repository group allows you to expose the aggregated content of multiple proxy and hosted repositories with one URL to npm and other tools.
It lets you create private npm registries
A private npm registry can be used to upload your own packages as well as third-party packages.
And
To reduce duplicate downloads and improve download speeds for your developers and CI servers, you should proxy the registry hosted at https://registry.npmjs.org. By default npm accesses this registry directly. You can also proxy any other registries you require.
So a quick bulleted list of things you do to get this working is:
Install Nexus
Create a local/private repo (or point to your private repo on another server)
Create a GROUP that lists your private repo, and the public repo.
Configure your $HOME/.npmrc file to point to the "GROUP" just created.
Publish your private npm packages to the local repo.
Users now can run a one time setup.
npm config set registry https://nexus/content/groups/GROUP
Then users can install both public or private packages via npm install.
npm install my-private-package
npm install lodash any-other-public-package
And both your public and private packages can be installed via a simple npm install command. Nexus finds the package searching each repo configured in the group and returns the results. So npm still thinks there is just one registry but behind the curtain there are multiple repos being used.
IMPORTANT NOTE: When you publish your components, you'll need to specify the npm publish --registry https://nexus/content/repositories/private-repo my-private-package command so your package is published to the correct repo.
You can use multiple repositories syntax for the registry entry in your .npmrc file:
registry=http://serverA.url/repository-uri/
//serverB.url/repository-uri/
//serverC.url/repository-uri/:_authToken=00000000-0000-0000-0000-0000000000000
//registry.npmjs.org/
That would make your npm look for packages in different servers.
Some steps you can try. (its how we do it at my workplace)
Create a registry group with two (or more) repository source address. One would be your internal private and the other a proxy to npmjs giving priority to the internal one.
Make this group your registry in the .npmrc file. This way npm will always try to get it from the internal one, if not found get it from the proxy
Hope that helps.
I encounter the same problem when my company set up its own registry, so I heavily rework on proxy-registry into proxy-multi-registries to solve this problem. Hope it will also helps you.
As of 13 April 2020 there is no such functionality unless you are able to use different scopes, but you may use the postinstall script as a workaround. It is always executed, well, after each npm install:
Say you have your .npmrc configured to install #foo-org/foo-pack-private from your private github repo, but the #foo-org/foo-pack-public public package is on npm (under the same scope: foo-org).
Your postinstall might look like this:
"scripts": {
...
"postinstall": "mv .npmrc .npmrcc && npm i #foo-org/foo-pack --dry-run && mv .npmrcc .npmrc".
}
Don't forget to remove #foo-pack/foo-org from the dependencies array to make sure npm install does not try and get it from github and to add the --dry-run flag that makes sure package.json and package-lock.json stay unchanged after npm install.
My approach was to make a slight command line variant that adds the registry switch.
I created these files in the nodejs folder where the npm executable is found:
npm-.cmd:
#ECHO OFF
npm --registry https://registry.npmjs.org %*
npm-:
#!/bin/sh
"npm" --registry https://registry.npmjs.org "$#"
Now, if I want to do an operation against the normal npm registry (while I am not connected to the VPN), I just type npm- where I would usually type npm.
To test this command and see the registry for a package, use this example:
npm- view lodash
PS. I am in windows and have tested this in Bash, CMD, and Powershell. I also
I use Strongloop's cli tools for that; see https://strongloop.com/strongblog/switch-between-configure-public-and-private-npm-registry/ for more information
Switching between repositories is as easy as : slc registry use <name>
I had the same issue and I've tried many solutions that didn't work, now i encountered that by using different scoops for my npm private packages, in that way in can use multiple registries with same .npmrc file like that :
.npmrc : (You can put as many packages you want)
#scop1:registry=https://gitlab.example.com/api/v4/projects/<project1_id>/packages/npm/
#scop2:registry=https://gitlab.example.com/api/v4/projects/<project2_id>/packages/npm/
//gitlab.example.com/api/v4/projects/<project1_id>/packages/npm/:_authToken=${GITLAB_TOKEN}
//gitlab.example.com/api/v4/projects/<project2_id>/packages/npm/:_authToken=${GITLAB_TOKEN}
No, NPM does not support multiple registry except for scoped one.
Refer to: https://docs.npmjs.com/cli/v7/using-npm/scope