The bounty expires in 6 days. Answers to this question are eligible for a +200 reputation bounty.
Code-Apprentice wants to draw more attention to this question.
I followed the instructions in the GitLab docs to publish my project as a package to the project's registry. Here is my .gitlab-ci.yml file:
image: node:18
stages:
- publish
publish:
stage: publish
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
script:
- echo "//${CI_SERVER_HOST}/api/v4/projects/${CI_PROJECT_ID}/packages/npm/:_authToken=${CI_JOB_TOKEN}">.npmrc
- npm publish
When I run this pipeline, it gives the following error:
npm ERR! code ENEEDAUTH
npm ERR! need auth This command requires you to be logged in to https://registry.npmjs.org/
npm ERR! need auth You need to authorize this machine using `npm adduser`
npm ERR! A complete log of this run can be found in:
npm ERR! /root/.npm/_logs/2023-02-16T19_08_00_397Z-debug-0.log
Why does it say I need to authenticate with registry.npmjs.org? I am trying to publish to my GitLab package registry, not to NPM. More importantly, how do I correctly authenticate with GitLab and publish my NPM package to the project's registry?
More Details
I tried adding this line at the top of my script block:
- echo "registry=https://${CI_SERVER_HOST}/api/v4/projects/${CI_PROJECT_ID}/packages/npm/">.npmrc
This gives the following error:
npm notice Publishing to https://gitlab.com/api/v4/projects/<project-id>/packages/npm/ with tag latest and default access
npm ERR! code E403
npm ERR! 403 403 Forbidden - PUT https://gitlab.com/api/v4/projects/<project-id>/packages/npm/npm-publish-gitlab
npm ERR! 403 In most cases, you or one of your dependencies are requesting
npm ERR! 403 a package version that is forbidden by your security policy, or
npm ERR! 403 on a server you do not have access to.
npm ERR! A complete log of this run can be found in:
npm ERR! /root/.npm/_logs/2023-02-16T19_26_48_321Z-debug-0.log
If I also change image: node:18 to image: node:14, it works. So something appears to have changed since nodejs 14 that breaks the gitlab pipeline implementation. Any ideas what it might be?
It looks like you're missing a definition to publish your package to the internal registry.
This can be done in the package.json (although I don't think there's a convenient way of using environment variables there):
"publishConfig": {
"registry":"http://my-internal-registry.local"
}
or directly in the .npmrc:
registry=https://${CI_SERVER_HOST}/api/v4/projects/${CI_PROJECT_ID}/packages/npm/
this can also be limited to a specific scope:
#myscope:registry=https://${CI_SERVER_HOST}/api/v4/projects/${CI_PROJECT_ID}/packages/npm/
I have a GitHub account where I have projects and components. One of my projects includes a separate NPM component from the same GitHub account.
I am working on Windows with git. I have connected GitHub via SSH and I can git pull / push etc. I have also created a non-expiring personal access token in GitHub and added to local.
My .npmrc contains:
//npm.pkg.github.com/:_authToken=ghp_MY_TOKEN
#org-name:registry=https://npm.pkg.github.com/
When I run npm install I end up with:
npm ERR! code E401
npm ERR! 401 Unauthorized - GET https://npm.pkg.github.com/#org-name%2fpackage-name - Your request could not be authenticated by the GitHub Packages service. Please ensure your access token is valid and has the appropriate scopes configured.
npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\myuser\AppData\Roaming\npm-cache\_logs\2021-11-06T23_35_02_955Z-debug.log
What have I missed?
I'm trying to publish a package to the github package registry from Travis CI. Everything seems to work fine (build and tests succeed), but when it tries to publish, I'm getting a 401 error. I've added my github personal access token as a secure env var in the travis config, and I'm manually overriding the root .npmrc with an npmrc that includes the github registry and the access token, but I'm still getting permission issues. How am I supposed to grant lerna/npm permission to publish a github package?
Here is my .travis.yml
env:
global:
secure: "my encrypted GH_TOKEN value (github personal access token with package registry permissions)"
language: node_js
node_js:
- "12"
cache:
directories:
- "node_modules"
before_install:
- echo "#my-org:registry=https://npm.pkg.github.com/:_authToken=\${GH_TOKEN}" > .npmrc
install:
- npm ci
- npm run bootstrap
script:
- npm run test
- npm run build
deploy:
provider: script
script: "npm run publish"
skip_cleanup: true
on:
node: "12"
tags: true
When the travis deploy runs, it errors with this:
> lerna publish from-git --yes --npm-tag beta
WARN deprecated --npm-tag has been renamed --dist-tag
lerna notice cli v3.20.2
lerna info ci enabled
Found 1 package to publish:
- #my-org/example-pkg => 1.0.2-beta.8
lerna info auto-confirmed
lerna info publish Publishing packages to npm...
lerna notice Skipping all user and access validation due to third-party registry
lerna notice Make sure you're authenticated properly ¯\_(ツ)_/¯
lerna WARN ENOLICENSE Package #my-org/example-pkg is missing a license.
lerna WARN ENOLICENSE One way to fix this is to add a LICENSE.md file to the root of this repository.
lerna WARN ENOLICENSE See https://choosealicense.com for additional guidance.
lerna WARN lifecycle Skipping root "prepublish" because it has already been called
lerna http fetch PUT 401 https://npm.pkg.github.com/:_authToken=[secure]/#my-org%2fexample-pkg 153ms
lerna ERR! E401 Unable to authenticate, need: Basic realm="GitHub Package Registry"
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! ts-utilities#1.0.0 publish: `lerna publish from-git --yes --npm-tag beta`
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the ts-utilities#1.0.0 publish script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
npm ERR! A complete log of this run can be found in:
npm ERR! /home/travis/.npm/_logs/2020-02-25T19_46_08_862Z-debug.log
Script failed with status 1
failed to deploy
What am I doing wrong here?
The issue ended up being I needed two lines in my .npmrc file. One to associate org #my-org with the github package registry: And one to provide an auth token for the github package registry. So the whole .npmrc looks like this:
#my-org:registry=https://npm.pkg.github.com/
//npm.pkg.github.com/:_authToken=${GITHUB_TOKEN}
Then I was able to just set the GITHUB_TOKEN environmental variable to my github personal access token (with package read permissions) and then I was able to run npm install #my-org/example-pkg.
I just created a new package.
I'm now trying to publish it to NPM for the first time like this:
ole#MKI:~/Sandbox/pli$ npm publish --access public
npm ERR! publish Failed PUT 404
npm ERR! Linux 3.13.0-93-generic
npm ERR! argv "/home/ole/.nvm/versions/v6.4.0/bin/node" "/home/ole/.nvm/versions/v6.4.0/bin/npm" "publish" "--access" "public"
npm ERR! node v6.4.0
npm ERR! npm v3.10.3
npm ERR! code E404
npm ERR! 404 Not found : #supericium/pli
npm ERR! 404
npm ERR! 404 '#supericium/pli' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
npm ERR! Please include the following file with any support request:
npm ERR! /home/ole/Sandbox/pli/npm-debug.log
I tried updating both NodeJS and NPM to make sure that I have the latest version, which are:
ole#MKI:~/Sandbox/pli$ node --version
v6.4.0
ole#MKI:~/Sandbox/pli$ npm --version
3.10.3
Thoughts?
You need to have registered "supericium" (npm adduser) as a username at the registry and be logged in (npm login) to publish under that scope.
https://docs.npmjs.com/getting-started/publishing-npm-packages
https://docs.npmjs.com/getting-started/scoped-packages
It's solved by npm login in my case, the error message is misleading
Came across this same error, and my issue was that the package was somehow set to "Read" access only. So I have to go to the NPM and update the package to "Read/Write" access:
1.
2.
Nothing worked for me, except logging in again:
npm login
Hope this helps me or someone else in the future!
You could also get this error when you change your password to NPM but you do not logout/login via your CLI. Using npm logout and then npm login worked for me.
in my case I had to verify the email address. even when npm whoami was telling me I was logged in fine.
In my case, I got this message because the token that I was using had been revoked. I fixed it by:
Generating a new access token in my npm account.
Modifying the line: export NPM_TOKEN="<token>" in my .zshrc (or .bashrc) file
Entering source ~/.zshrc in the terminal.
I just logged in to npm by using npm adduser command and it worked fine.
In my case, I was missing the repository field in the package.json of my new package that I was trying to publish.
"repository": "git://github.com/your-org/your-repo-name.git"
https://docs.npmjs.com/files/package.json#repository
This error appeared for me in two cases:
When I wasn't logged in. You can check whether you are logged in or not by npm whoami, then if not logged in npm login.
When I didn't have right to publish to the repository. In this case make sure you are added to the organization which owns the repo.
in my case i noticed that my npm account username in npm website is different than my npm normal user name. When i try to publish in console by login with normal username gave me this error.
publish Failed PUT 404 npm ERR! code E404 npm ERR! 404 User not found
But after login to console with account name it has published successfully
Once you successfully publish the package you may experience when you try to npm install:
npm ERR! code E404
npm ERR! 404 Not Found: #xxx/yyy#latest
or something similar, regardless if you npm publish was successful. In this case make sure your {main: 'file.js'} in packages.json is there.
Ideally, you can call it index.js if you wish to leech directly from the package so you don't get things like import * from '#xxx/yyy/file'.
In my case, I believe I enabled 2FA on npmjs.com so the publish token used in CD didn't work (should have thrown 401, but got 404).
Generating a new automation token on npmjs.com and updating the secret on my CD (GitHub actions) solved it.
I encountered the same problem but I successfully resolved it by uninstalling the LTS version, then installing Current version along with yarn.
Just adding my two cents to the possible solutions
I was getting this error in a CI workflow, so no interactive login or things related.
Existing packages were working correctly, but adding a new one wasn't, I was getting a 404. I realized that it should be something related to the new package itself, not the CI environment, and it was.
The new package was missing two fields on its package.json, the repository and publishConfig fields.
Adding these two fields, it worked correctly (note that repository field is used in its expanded form, with the directory property)
"repository": {
"type": "git",
"url": "ssh://git#github.com/__user__/__repo-name__.git",
"directory": "packages/__new-package-name__"
},
"publishConfig": {
"registry": "https://npm.pkg.github.com/"
}
For me the fix seemed to be making a new "team" in the organisation and assigning myself and my package to this.
My guess is that my NPM organisation requires users to have 2FA on and two users assigned to the 'developers' group didn't have this on.
In my case i accidentally typed https://registry.npmjs.org instead of https://registry.npmjs.com (.org vs .com)
In my case the problem was completely different.
I had to replace:
npm publish FOLDERNAME
with simply:
cd FOLDERNAME && npm publish
In my case I also had to manually specify the path of .npmrc using the --userconfig parameter:
cd myapp && npm publish -ddd --userconfig ../.npmrc
In my case, I had a typo when passing the otp param:
// Wrong:
npm publish --access public --opt 123456
// Correct:
npm publish --access public --otp 123456
I have a project specific npmrc which I added to the root of my project with the following settings
registry=<internal registry>
_auth = <auth token>
email = <email id>
I then run
npm publish
but I still get the following error.
+ npm publish
npm ERR! need auth auth and email required for publishing
npm ERR! need auth You need to authorize this machine using `npm adduser`
I am not sure why this is happening. My guess is that it isn't reading my project specific npmrc.