NPM install fails with private repo - node.js

npm login.
I enter username, password and e-mail --> I'm succesfully logged in.
I make change to a package.
I run npm publish and the (org) package gets published and I can browse it (when I'm logged in) at NPM website.
5. But when I try to install the same package like: npm install #my_handle/package_name I get the error: 404. Not found: #my_handle/package_name#latest
When I run a: npm config edit it contains the following:
//registry.npmjs.org/:_authToken=my_token
#my_handle=https://registry.npmjs.org/
#my_handle:registry=https://registry.npmjs.org/
always-auth=true
When I login to NPM, click Settings and the try to run the package via the green link ">_try on RunKit" --> It is also saying that the package is missing!? What? I have now clicked the "report" button...thus I don't get was is happening?

Solved!
The issue was - that I found an old ".npmrc" file in the root of the directory I tried to run the npm install from (and it contained an invalid AUTH token). Because I logged into the console and publish worked out fine...I didn't realize this issue before many hours later...

Related

E401 - Unable to authenticate, your authentication token seems to be invalid

I tested with Azure Packages private NPM server and now want to revert back to using the standard NPM registry but when I do it complains. I have tried everything I can think of and it is blocking me from doing any work now. I'd really appreciate any help.
The error
npm ERR! code E401
npm ERR! Unable to authenticate, your authentication token seems to be invalid.
npm ERR! To correct this please trying logging in again with:
npm ERR! npm login
If I check the log it is still, somehow, trying to find packages from Azure rather than the npm registry.
The Azure URL specified below doesnt exist in any .npmrc file or package-lock file I can find!
To be clear here I want to use the default NPM registry not Azure. e.g.
32 silly fetch manifest #types/angular#https://pkgs.dev.azure.com/***/***/_packaging/***.Common.UI/npm/registry/#types/angular/-/angular-1.6.45.tgz
Steps I have taken
Deleted my local .npmrc file
Deleted .npmrc file from my user profile
Cleared NPM cache
Cleared local node_modules folder
npm config set registry https://registry.npmjs.org/
npm config set registry https://registry.npmjs.com/
Reinstalled node.js
In each case, running npm install still gives me the same error.
Please help!
.npmrc containing private repo credentials
I had similar error. It turned out that I've saved some credentials for private repo on .npmrc file at the root of my home folder.
So when I did npm install on my project, I get package-lock.json file contents appended with the private repo url. So this was the source of the error when deploying the project.
What I did was to temporarily remove the .npmrc, delete package-lock.json, delete node_modules and re-run npm install.
In my case the private repo details was not relevant for the project(so deleting .npmrc was not an issue)
Check your package.json for the node version you should be using and make sure that you are using a compatible version with nvm or something. This has been consistently the reason I have seen this error lately on my own machine.
In my case , I just deleted the package-lock.json file and tried running npm install.
The error disappeared and all packages in node-modules were created.
This happened because in the previous package-lock.json file the resolved field had an address that was not for public access.
But my new package-lock.json resolved field looks like this:
"node_modules/#hapi/hoek": {
"version": "9.3.0",
"resolved": "https://registry.npmjs.org/#hapi/hoek/-/hoek-9.3.0.tgz",
"integrity": "sha512-/c6rf4UJlmHlC9b5BaNvzAcFv7HZ2QHaV0D4/HNlBdvFnvQq8RI4kYdhyPCl7Xj+oWvTWQ8ujhqS53LIgAe6KQ=="
}.
Tried all the methods but Nothing worked for me. This steps solved my issue.
Delete the .npmrc file in your Users folder.
C:\Users\[your user name]
2.Run this command in your project folder that has an .npmrc file in it:
npx vsts-npm-auth -config .npmrc
The credentials in the .npmrc file have an expiration time. You need to regenerate these credentials.
Had similar issue, Deleting the .npmrc and then doing npm login again solved my issue, it was located in the project directory
Above #kotana Sie worked for me. But there is no explanation so I would like to add that.
the errors mean that your access key to the private Azure DevOps npm repository has expired and npm can’t login to the repository using it.
To refresh the keys just run to acquire new:
vsts-npm-auth -config .npmrc
There is a known issue with sometimes that doesn't work and just says the keys “are already up to date” or “can’t get an authentication token…”:. To solve it delete the C:\Users\<YourAccountName>\.npmrc manually and repeat the process.

npm error E401: Unable to authenticate, need: BASIC realm="Sonatype Nexus Repository Manager"

I upgraded node version to 12.16.2 and npm version to 6.14.4. After that I am not able to run npm install, as I'm getting this error
code E401
npm ERR! Unable to authenticate, need: BASIC realm="Sonatype Nexus Repository Manager"
I even tried deleting node_modules and package-lock.json and running npm install again, but doesn't change anything.
I had similar issue. I resolved it by adding _auth into my ~/.npmrc. See the doc how to encode your nexus credential. I added the encoded credential using npm config set _auth xxx.
You wont be able to see the value using npm config list or npm config get _auth.
In my case, the problem was I've entered another registry address in same Nexus for npm login command.
npm login --registry=http://nexus_url:port/repository/wrong_address
My problem was solved by logging into correct address:
npm login --registry=http://nexus_url:port/repository/correct_address
what worked for me is :
I deleted the .npmrc file under C/users/ folder.
and ran npx vsts-npm-auth -config .npmrc command to create a new file in the users folder
Deleted the .npmrc file under C/users/ folder
npm set registry=http....
npm set _auth=(login:pass in base64):
I found a way out. With this new npm version they are enforcing authentication to access certain packages. We realised we don't need to use authentication for any of the packages we were downloading, hence the auth code we had was unnecessary. So we just removed it and it all worked.
vsts-npm-auth -config .npmrc -F
Is the only solution I found;
Edit: make sure to run npm install -g vsts-npm-auth before
You can remove package-lock.json .. it works with me
I'm run set's command from the post and add in nexus "Active realms" profile "npm Bearer Token Realm". Links: https://help.sonatype.com/repomanager3/system-configuration/access-control/realms
My problem was solved.
I encountered this error when running an npm install that was pulling some dependencies from a non-public registry located on a self-hosted Azure DevOps (AzDo) server.
I had a .npmrc file in the project, and a .npmrc file in my user profile dir with an AzDo personal access token (PAT) that had allowed access previously. The AzDo UI reported my token as still being valid.
PS C:\src\app> npm install
npm ERR! code E401
npm ERR! Unable to authenticate, need: Basic realm="{INTERNAL_REGISTRY_URL}", Negotiate, NTLM
In my case, the solution was to regenerate the AzDo PAT and update the .npmrc found in my user profile directory.
What worked for me was running npm login, then entering my Username, Password, and Email to log in to the registry defined in .npmrc. I then proceeded with npm installing the packages I needed and it worked.
Had the same issue while doing npm i for a private npm registry. Solved it by removing the _authToken parameter from some lines in my .npmrc file in my user's root directory:
Before:
//registry.npm.example.com/:_authToken=NpmToken.XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXX
//npm.artifacts.example.io/:_authToken=NpmToken.XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXX
update-notifier=false
registry=https://npm.artifacts.example.io/
After:
//registry.npm.example.com/
//npm.artifacts.example.io/
update-notifier=false
registry=https://npm.artifacts.example.io/
In my case the Nexus Authentication and project I am using requires Node version: 12.8.1.
I was using node version: 16.13.2
I use NVM to install 12.8.1 with nvm install 12.8.1
Then nvm use 12.8.1
This will now work on my machine and environment.
if the .npmrc file config like this
//registry.npm.example.com/:_auth="base64(username:psw)"
try this
//registry.npm.example.com/:_authToken="base64(username:psw)"
In my case, npmjs expected a Base64 encoded Personal Access Token in the .npmrc file, and I had forgotten to Base64 encode it before pasting it into the user .npmrc file.
You can try downgrading the current node version, 16, to 14.20.0.
My steps to fix this issue.
Earlier I had configured NODE_HOME under "Environment variable".
I removed it.
Only configured the path.
Created a new folder in the "C" drive and pasted the node files.
(System variable)Path = "C:\Node\node-v14.20.0-win-x64"
I had same issue as I had configured my auth through the .npmrc file by adding the below details to it:
_auth=xxx
always-auth=true
email=example#mail.com
The error was:
npm ERR! code E401
npm ERR! Unable to authenticate, need: BASIC realm="Sonatype Nexus Repository Manager"
then got resolved after removing underscore (_) from auth in the .npmrc file:
auth=xxx
always-auth=true
email=example#mail.com

Authentication error on publishing to private NPM repository on Nexus

I am having authentication problem when publishing to my private npm registry hosted on my private Nexus.
My Nexus setup is I have npm-proxy, npm-registry (hosted npm with allowRepublish=false), npm-snapshots (hosted npm with allowRepublish=true) and npm-public (group with all other three repositories).
Since I am developing a library, I am using my snapshot repository, so I can redeploy same version constantly (something like snapshot in maven world).
In my library project I have set this option in package.json
"publishConfig": {
"registry": "https://my.nexus.com/repository/npm-snapshots/"
}
Next, I created .npmrc file with following content:
registry=https://my.nexus.com/repository/npm-public/
_auth=RVhBTVBMRQ==
And with this setup I can publish project with no problem. However, what bothers me, is that I have my password (which is just base64 encoded) stored in file, that should be commited, but I can't commit it, due to credentials in it.
I have tried to instead login to npm registry and removed the auth line from .npmrc
npm adduser --registry=https://my.nexus.com/repository/npm-snapshots --always-auth
I got response Logged in as myusername on https://my.nexus.com/repository/npm-snapshots.
However, when I try to run npm publish I get:
npm ERR! code E401
npm ERR! Unable to authenticate, need: BASIC realm="Sonatype Nexus Repository Manager"
npm verb exit [ 1, true ]
npm timing npm Completed in 6867ms
npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\XXXX\AppData\Roaming\npm-cache\_logs\2019-07-30T19_31_01_598Z-debug.log
Now in my other project (which is using this library), I simply created .npmrc file with content registry=https://nexus.mjamsek.com/repository/npm-public/ and run command npm adduser --registry=https://my.nexus.com/repository/npm-public --always-auth and I was able to download the published package.
However, the publish still won't work and I don't know why.
EDIT 31.7.2019: On my list of active realms I also have npm Bearer Token Realm
When you do npm login or npm adduser the NPM client creates an authentication token that will be used in future request to the registry. Default NXRM configuration allows only Local Authenticating Realm which doesn't recognise NPM's token. Please make sure you have npm Bearer Token Realm active.
You need a trailing slash on the end of the registry URL passed into npm adduser, otherwise npm will chop off the last segment of the URL, and it won't work.
_auth= replaced with output of btoa('username:userpassword') and it worked for me.
I did use this btoa from chrome as below.
I encountered this problem today, my solution was to delete all registry entry from my npmrc file:
registry=https://my.nexus.com/repository/npm-snapshots/
Idealy delete anything superfluous, back it up before-hand, in my case my file contained only:
strict-ssl=false
Then you can
npm login --registry=https://my.nexus.com/repository/npm-public/ again.
If that's not working, you also bypass npm login with curl, look at this life saving post.
Make sure the _auth token is correct. In my case I changed my system credentials and forgot to generate new _auth token. I was getting the exact same error i.e.
"npm ERR! code E401
npm ERR! Unable to authenticate, need: BASIC realm="Sonatype Nexus Repository Manager"
once i fixed it, the issue was resolved.
For those who are looking for the command to generate _auth. It is:
btoa('username:userpassword')
I had same problem, my solution was to delete my global .npmrc file, and after login npm login.
I had ended with three versions of node on my machine. It turned out that the ones i installed later had their own local .npmrc files in the node_modules folders. They didn't use the global .npmrc even after i removed the local one so i had to copy it.
I was struggling about this problem last two days, finally the solution was to delete .npmrc file from root (user) directory.
When npm tried to login, it used the creds inside this file and ignore your pass login.
I've had a similar issue. I also have our credentials stored in an npmrc file in my user directory. When set up with node16/npm7, I would receive the error
npm ERR! code ENEEDAUTH
npm ERR! need auth This command requires you to be logged in.
npm ERR! need auth You need to authorize this machine using `npm adduser`
If I use nvm to downgrade to node12/npm6, it works. I'd prefer a working solution without downgrading, but for now it lets me move on.
UPDATE:
We finally figured it out (a while ago, but I forgot about this answer). In our .npmrc files in our user directories, we needed to add/change our authorization config entry.
Before:
_auth={base64 encoded username:password}
After:
//{path to private repository}:_auth={base64 encoded username:password}
Just enable anonymous access in the nexus dashboard, it will pull from your private registry.

npm publish / npm install - auth token invalidation

I think NPM is struggling with security a bit today, when I run npm install on a local project, I get:
'npm WARN notice Due to a recent security incident, all user tokens
have been invalidated. Please see
https://status.npmjs.org/incidents/dn7c1fgrr7ng for more details. To
generate a new token, visit https://www.npmjs.com/settings/~/tokens or
run "npm login"
I signed in again with npm login, but I get the same error. Does anyone know of a workaround?
I get same warning even after the new login:
I get that if the package name is incorrect, on top of the 404 error.
If you need to be logged in just log back in.
If you don't need to be logged in just check that you have the correct package name.
In my case react-native-create-app didn't exist.. After adding the correct name: create-react-native-app it worked.
Make sure you have your npmrc file set up ok.
https://docs.npmjs.com/files/npmrc
Steps to follow:
Run npm login
Enter your
Username
Password
Email address
Note: if you don't have this credentials, you have to sign up at https://www.npmjs.com/signup
Run npm install bootstrap --save
This should work.
After performing npm login try to reopen CLI you are using in order to run npm commands. It worked for me

"npm publish" not working in Team City

I am trying to use Team City CI to run tests and publish the NPM package to local sinopia repository. I had setup sinopia repository on a server and i can successfully publish npm packages to that repository with npm publish command from my local machine.
But when i try to automate this in Team City , i am getting authentication error as shown below.
Team City Build steps are :
1. npm install
2. npm test
3. npm set #scoped:registry http://{host}:{port}
npm publish
1, 2 steps are running fine. But throwing above error on 3rd step. It definitely has to do with authenticating the Team City server with Sinopia server. Both are installed in different machines.
Is there any way i can pass auth token to sinopia before publishing a package.
NOTE : I can publish NPM packages to Octopus Deploy library and deploy those packages into server automatically.
I solved it as explained below, not sure if there is any better way.
I logged into my DEV Server and from the command prompt i ran the below commands.
npm adduser
typed <username> This must be admin user
typed <password>
typed <email>
User created succesfully. Then
npm config edit
npm configuration will open in notepad. You will see `auth` token there.
You will see something like _authToken=f04c81af-781d-4fc3-a811-4db226950b55.
Then onwards Team city didn't complain about authentication.
NOTE : You have to do this on Team City Agent machine.
Hope this helps.
npm publish --registry //domain.com/repository/:_authToken=${CI_NPM_TOKEN}
or for Nexus
npm publish --registry //domain.com/repository/some-npm-repositury/:_authToken=NpmToken.${CI_NPM_TOKEN}

Resources