I have a problem with setting my currently-publicly-published npm package. What I want is to set its public status to restricted or private.
it should be npm access restricted <npm-package>, but I'll get this:
npm ERR! code E503
npm ERR! 503 Service Unavailable - POST https://registry.npmjs.com/-/package//access - Service Unavailable
Does anyone notice, what's wrong here?
Appreciate it!
Thanks to my sharp sight and AKX for pointing out, that a paid subscription is needed in order to make packages private.
Related
What I Want to Do
I have published my private npm package onto Artifact Registry, and the diagram below is what I'm trying to do.
Basically I want to use the private package from both project-staging and project-production. So my package.json looks something like:
"dependencies": {
"#<scope>/private_package": "^1.0.0",
},
What I Did
Giving Permission to Cloud Build Service Account
I gave artifactregistry.reader permission to both <project-staging_id>#cloudbuild.gserviceaccount.com and <project-production_id>#cloudbuild.gserviceaccount.com under IAM menu in project-common.
.npmrc Preparation
cd path/to/project_directory
gcloud artifacts print-settings npm \
--project=project-common \
--repository=private_package \
--location=<location> \
--scope=#<scope>
vim .npmrc
# => add the output of above gcloud command
npx google-artifactregistry-auth .npmrc
deploy
gcloud config configurations activate project-staging
gcloud functions deploy <function_name> --gen2 --region=<region> --trigger-http --runtime=nodejs16 --entry-point=<entry_point>
This gives me the following error.
ERROR: (gcloud.functions.deploy) OperationError: code=3, message=Build failed with status: FAILURE and message: npm ERR! code E403
npm ERR! 403 403 Forbidden - GET https://<URL>.tgz - Permission "artifactregistry.repositories.downloadArtifacts" denied on resource "<resource_name>" (or it may not exist)
I don't know why I'm getting this even though
<project-staging_id>#cloudbuild.gserviceaccount.com has artifactregistry.reader permission.
Is there anything else I should do?
Normally the role roles/artifactregistry.reader is sufficient to download packages from the repo on project_common.
If project_staging and project_production have the roles/artifactregistry.reader on project_common it should work.
The roles/artifactregistry.reader role contains the following permissions :
artifactregistry.repositories.list
artifactregistry.repositories.get
artifactregistry.repositories.downloadArtifacts
artifactregistry.files.list
artifactregistry.files.get
artifactregistry.packages.list
artifactregistry.packages.listTagBindings
artifactregistry.repositories.listEffectiveTags
artifactregistry.packages.list
artifactregistry.tags.list
artifactregistry.tags.get
artifactregistry.versions.list
artifactregistry.versions.get
artifactregistry.locations.list
artifactregistry.locations.get
Please check again your configuration and the identity that performs the failed action.
This was because I had added .npmrc to .gcloudignore. Removing .npmrc from .gcloudignore made it work. Silly mistake.
I'm going to try Automate and protect your Cloud Function as a next step, but for now my problem has been solved :)
So I'm fairly new to Near protocol. I created a near app using
npx create-near-app#latest
hello-near was the default name of the near app and folder so i just pressed enter.
npm install -g near-cli
cd hello-near
npm run build:contract
So, everything above ran smoothly. But when I went to deploy it using the command
near dev-deploy build/hello-near.wasm
And gives this output.
Starting deployment. Account id: dev-1660902746796-39871857513719, node: https://rpc.testnet.near.org, helper: https://helper.testnet.near.org, file: contract/build/hello_near.wasm
Transaction Id F7FWUEbKFqoWs9yNvk156bdmzWhHfnJ9exhWNHPREMAb
To see the transaction in the transaction explorer, please open this url in your browser
https://explorer.testnet.near.org/transactions/F7FWUEbKFqoWs9yNvk156bdmzWhHfnJ9exhWNHPREMAb
Done deploying to dev-1660902746796-39871857513719
The transaction has succeeded. But right after this, it throws a long error :https://pastebin.com/5vZpN1HD
in short, it says ECONNREFUSED 0.0.0.0:443
The problem was with my DNS. segment.io was not getting connected because I had adguardDNS. I changed my DNS to 8.8.8.8 / 8.8.4.4 and that solved the Issue and authentication was successful.
Something weird is going on when I try to publish my package on npm without login by auth token.
I've set the export NPM_TOKEN="..." variable inside my ~/.bash_profile and ~/.bash_aliases files.
Also, I've set an npm config set '//registry.npmjs.org/:_authToken' "${NPM_TOKEN}" command from my CLI.
Despite on this, every time I wanna publish my package I receive an error:
npm ERR! 401 Unauthorized - PUT https://registry.npmjs.org/ics - You must be logged in to publish packages.
Perhaps someone knows how to publish packages via npm auth tokens? Well, if I made a login via username & password all is going well. Btw I don't need to be logged in case I want to publish some package via auth token right? It's how most of CI/CD works nowadays.
NPM Token is valid. Generated in "Read & Publish" mode and set locally just several minutes ago.
Thanks in advance.
I would like to fetch private npm from private repository using scopes.
I have set the .npmrc as such.
registry=https://registry.npmjs.org/
#myco:registry=https://nexus.myco.com/nexus/repository/
I have set the .yarnrc as such.
registry "https://registry.npmjs.org/"
"#myco:registry" "https://nexus.myco.com/nexus/repository/"
But when I do:
yarn --verbose add #myco/some-private-npm
It throws this error:
verbose 0.708 Performing "GET" request to "https://nexus.myco.com/nexus/repository/#myco%2fsome-private-npm".
verbose 0.792 Request "https://nexus.myco.com/nexus/repository/#myco%2fsome-private-npm" finished with status code 404.
When I do:
yarn --verbose add #myco:some-private-npm
It goes to this 400 url (Nexus: Invalid repository path):
verbose 0.957 Request "https://nexus.myco.com/nexus/repository/#myco:some-private-npm" finished with status code 400.
The actual npm is located at:
https://nexus.myco.com/nexus/repository/myco/some-private-npm
How do I make sure the url fetched does not have "#" and "%2f" is a "/"?
Thanks!
Per this github issue for yarn, try adding similar config to your .yarnrc:
registry "https://registry.npmjs.org/"
"#myco:registry" "https://nexus.myco.com/nexus/repository/"
Failing that, I recommend perusing the linked issue and trying the solutions provided.
I run into exact the same issue some time ago.
check at NPM if your repository team access level is read/write.
On my side the team i was in had only read access level. Switching solved the issue.
Another possible scenario is that the slash encoding isn't really the problem. You simply do not have access to that specific repository.
That would explain the 404, since if you don't have access, for security reasons, it's as if it doesn't exist, you don't get a 401.
I found this page when also trying to run npm publish of a .tgz file in Github Actions, and getting the following (replaced scope and package):
npm ERR! 404 Not Found - PUT https://registry.npmjs.org/#SCOPE%2fPACKAGE - Not found
npm ERR! 404
npm ERR! 404 '#SCOPE/PACKAGE#0.0.5' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
This package IS published so I thought the %2f was causing the issue. I was using NPM_TOKEN as an environment variable as well, as per npmjs documentation.
Solution:
- name: Setup Node.js environment
uses: actions/setup-node#v2.1.2
with:
node-version: '12'
registry-url: 'https://registry.npmjs.org'
- name: Publish to npmjs
run: |
npm install
npm run pack
npm publish <package tgz> --access public
env:
NPM_TOKEN: ${{ secrets.NPM_APIKEY }}
NODE_AUTH_TOKEN: ${{ secrets.NPM_APIKEY }}
via Github Documentation.
NOTE: I'm not sure NPM_TOKEN is still required here.
Make sure .yarnrc actually contains
registry "https://registry.npmjs.org/"
and not
registry "registry.npmjs.org"
That'll give the same error.
I want to create a private project in private group and want to include it as dependency in a private project created in the same group in gitlab. What is the procedure for it? I tried generating ssh and linked it. I tried including dependncy like this
"dependency_name" : "git+ssh://git#domain:groupname/repo.git".
I end up with error which says package.json is not found and later I tried creating private repo with outside group (with my user) and tried this
"dependency_name" : "git+ssh://git#domain:username/repo.git"
Error:
! ssh: connect to host domain.com port 22: Operation timed out
npm ERR! fatal: Could not read from remote repository.
npm ERR!
npm ERR! Please make sure you have the correct access rights
npm ERR! and the repository exists.
npm ERR!
npm ERR! exited with error code: 128
End of the day I want to dependency and project to be private. Can anyone help me on this?
As confirmed by the OP:
the URL is git+ssh://git#domain/username/repo
the issue is a permission one on the server side: the user had to be authorized to access that particular repo on the SSH port (it can be sometimes a client-side firewall issue too).