I am having authentication problem when publishing to my private npm registry hosted on my private Nexus.
My Nexus setup is I have npm-proxy, npm-registry (hosted npm with allowRepublish=false), npm-snapshots (hosted npm with allowRepublish=true) and npm-public (group with all other three repositories).
Since I am developing a library, I am using my snapshot repository, so I can redeploy same version constantly (something like snapshot in maven world).
In my library project I have set this option in package.json
"publishConfig": {
"registry": "https://my.nexus.com/repository/npm-snapshots/"
}
Next, I created .npmrc file with following content:
registry=https://my.nexus.com/repository/npm-public/
_auth=RVhBTVBMRQ==
And with this setup I can publish project with no problem. However, what bothers me, is that I have my password (which is just base64 encoded) stored in file, that should be commited, but I can't commit it, due to credentials in it.
I have tried to instead login to npm registry and removed the auth line from .npmrc
npm adduser --registry=https://my.nexus.com/repository/npm-snapshots --always-auth
I got response Logged in as myusername on https://my.nexus.com/repository/npm-snapshots.
However, when I try to run npm publish I get:
npm ERR! code E401
npm ERR! Unable to authenticate, need: BASIC realm="Sonatype Nexus Repository Manager"
npm verb exit [ 1, true ]
npm timing npm Completed in 6867ms
npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\XXXX\AppData\Roaming\npm-cache\_logs\2019-07-30T19_31_01_598Z-debug.log
Now in my other project (which is using this library), I simply created .npmrc file with content registry=https://nexus.mjamsek.com/repository/npm-public/ and run command npm adduser --registry=https://my.nexus.com/repository/npm-public --always-auth and I was able to download the published package.
However, the publish still won't work and I don't know why.
EDIT 31.7.2019: On my list of active realms I also have npm Bearer Token Realm
When you do npm login or npm adduser the NPM client creates an authentication token that will be used in future request to the registry. Default NXRM configuration allows only Local Authenticating Realm which doesn't recognise NPM's token. Please make sure you have npm Bearer Token Realm active.
You need a trailing slash on the end of the registry URL passed into npm adduser, otherwise npm will chop off the last segment of the URL, and it won't work.
_auth= replaced with output of btoa('username:userpassword') and it worked for me.
I did use this btoa from chrome as below.
I encountered this problem today, my solution was to delete all registry entry from my npmrc file:
registry=https://my.nexus.com/repository/npm-snapshots/
Idealy delete anything superfluous, back it up before-hand, in my case my file contained only:
strict-ssl=false
Then you can
npm login --registry=https://my.nexus.com/repository/npm-public/ again.
If that's not working, you also bypass npm login with curl, look at this life saving post.
Make sure the _auth token is correct. In my case I changed my system credentials and forgot to generate new _auth token. I was getting the exact same error i.e.
"npm ERR! code E401
npm ERR! Unable to authenticate, need: BASIC realm="Sonatype Nexus Repository Manager"
once i fixed it, the issue was resolved.
For those who are looking for the command to generate _auth. It is:
btoa('username:userpassword')
I had same problem, my solution was to delete my global .npmrc file, and after login npm login.
I had ended with three versions of node on my machine. It turned out that the ones i installed later had their own local .npmrc files in the node_modules folders. They didn't use the global .npmrc even after i removed the local one so i had to copy it.
I was struggling about this problem last two days, finally the solution was to delete .npmrc file from root (user) directory.
When npm tried to login, it used the creds inside this file and ignore your pass login.
I've had a similar issue. I also have our credentials stored in an npmrc file in my user directory. When set up with node16/npm7, I would receive the error
npm ERR! code ENEEDAUTH
npm ERR! need auth This command requires you to be logged in.
npm ERR! need auth You need to authorize this machine using `npm adduser`
If I use nvm to downgrade to node12/npm6, it works. I'd prefer a working solution without downgrading, but for now it lets me move on.
UPDATE:
We finally figured it out (a while ago, but I forgot about this answer). In our .npmrc files in our user directories, we needed to add/change our authorization config entry.
Before:
_auth={base64 encoded username:password}
After:
//{path to private repository}:_auth={base64 encoded username:password}
Just enable anonymous access in the nexus dashboard, it will pull from your private registry.
Related
I tested with Azure Packages private NPM server and now want to revert back to using the standard NPM registry but when I do it complains. I have tried everything I can think of and it is blocking me from doing any work now. I'd really appreciate any help.
The error
npm ERR! code E401
npm ERR! Unable to authenticate, your authentication token seems to be invalid.
npm ERR! To correct this please trying logging in again with:
npm ERR! npm login
If I check the log it is still, somehow, trying to find packages from Azure rather than the npm registry.
The Azure URL specified below doesnt exist in any .npmrc file or package-lock file I can find!
To be clear here I want to use the default NPM registry not Azure. e.g.
32 silly fetch manifest #types/angular#https://pkgs.dev.azure.com/***/***/_packaging/***.Common.UI/npm/registry/#types/angular/-/angular-1.6.45.tgz
Steps I have taken
Deleted my local .npmrc file
Deleted .npmrc file from my user profile
Cleared NPM cache
Cleared local node_modules folder
npm config set registry https://registry.npmjs.org/
npm config set registry https://registry.npmjs.com/
Reinstalled node.js
In each case, running npm install still gives me the same error.
Please help!
.npmrc containing private repo credentials
I had similar error. It turned out that I've saved some credentials for private repo on .npmrc file at the root of my home folder.
So when I did npm install on my project, I get package-lock.json file contents appended with the private repo url. So this was the source of the error when deploying the project.
What I did was to temporarily remove the .npmrc, delete package-lock.json, delete node_modules and re-run npm install.
In my case the private repo details was not relevant for the project(so deleting .npmrc was not an issue)
Check your package.json for the node version you should be using and make sure that you are using a compatible version with nvm or something. This has been consistently the reason I have seen this error lately on my own machine.
In my case , I just deleted the package-lock.json file and tried running npm install.
The error disappeared and all packages in node-modules were created.
This happened because in the previous package-lock.json file the resolved field had an address that was not for public access.
But my new package-lock.json resolved field looks like this:
"node_modules/#hapi/hoek": {
"version": "9.3.0",
"resolved": "https://registry.npmjs.org/#hapi/hoek/-/hoek-9.3.0.tgz",
"integrity": "sha512-/c6rf4UJlmHlC9b5BaNvzAcFv7HZ2QHaV0D4/HNlBdvFnvQq8RI4kYdhyPCl7Xj+oWvTWQ8ujhqS53LIgAe6KQ=="
}.
Tried all the methods but Nothing worked for me. This steps solved my issue.
Delete the .npmrc file in your Users folder.
C:\Users\[your user name]
2.Run this command in your project folder that has an .npmrc file in it:
npx vsts-npm-auth -config .npmrc
The credentials in the .npmrc file have an expiration time. You need to regenerate these credentials.
Had similar issue, Deleting the .npmrc and then doing npm login again solved my issue, it was located in the project directory
Above #kotana Sie worked for me. But there is no explanation so I would like to add that.
the errors mean that your access key to the private Azure DevOps npm repository has expired and npm can’t login to the repository using it.
To refresh the keys just run to acquire new:
vsts-npm-auth -config .npmrc
There is a known issue with sometimes that doesn't work and just says the keys “are already up to date” or “can’t get an authentication token…”:. To solve it delete the C:\Users\<YourAccountName>\.npmrc manually and repeat the process.
I upgraded node version to 12.16.2 and npm version to 6.14.4. After that I am not able to run npm install, as I'm getting this error
code E401
npm ERR! Unable to authenticate, need: BASIC realm="Sonatype Nexus Repository Manager"
I even tried deleting node_modules and package-lock.json and running npm install again, but doesn't change anything.
I had similar issue. I resolved it by adding _auth into my ~/.npmrc. See the doc how to encode your nexus credential. I added the encoded credential using npm config set _auth xxx.
You wont be able to see the value using npm config list or npm config get _auth.
In my case, the problem was I've entered another registry address in same Nexus for npm login command.
npm login --registry=http://nexus_url:port/repository/wrong_address
My problem was solved by logging into correct address:
npm login --registry=http://nexus_url:port/repository/correct_address
what worked for me is :
I deleted the .npmrc file under C/users/ folder.
and ran npx vsts-npm-auth -config .npmrc command to create a new file in the users folder
Deleted the .npmrc file under C/users/ folder
npm set registry=http....
npm set _auth=(login:pass in base64):
I found a way out. With this new npm version they are enforcing authentication to access certain packages. We realised we don't need to use authentication for any of the packages we were downloading, hence the auth code we had was unnecessary. So we just removed it and it all worked.
vsts-npm-auth -config .npmrc -F
Is the only solution I found;
Edit: make sure to run npm install -g vsts-npm-auth before
You can remove package-lock.json .. it works with me
I'm run set's command from the post and add in nexus "Active realms" profile "npm Bearer Token Realm". Links: https://help.sonatype.com/repomanager3/system-configuration/access-control/realms
My problem was solved.
I encountered this error when running an npm install that was pulling some dependencies from a non-public registry located on a self-hosted Azure DevOps (AzDo) server.
I had a .npmrc file in the project, and a .npmrc file in my user profile dir with an AzDo personal access token (PAT) that had allowed access previously. The AzDo UI reported my token as still being valid.
PS C:\src\app> npm install
npm ERR! code E401
npm ERR! Unable to authenticate, need: Basic realm="{INTERNAL_REGISTRY_URL}", Negotiate, NTLM
In my case, the solution was to regenerate the AzDo PAT and update the .npmrc found in my user profile directory.
What worked for me was running npm login, then entering my Username, Password, and Email to log in to the registry defined in .npmrc. I then proceeded with npm installing the packages I needed and it worked.
Had the same issue while doing npm i for a private npm registry. Solved it by removing the _authToken parameter from some lines in my .npmrc file in my user's root directory:
Before:
//registry.npm.example.com/:_authToken=NpmToken.XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXX
//npm.artifacts.example.io/:_authToken=NpmToken.XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXX
update-notifier=false
registry=https://npm.artifacts.example.io/
After:
//registry.npm.example.com/
//npm.artifacts.example.io/
update-notifier=false
registry=https://npm.artifacts.example.io/
In my case the Nexus Authentication and project I am using requires Node version: 12.8.1.
I was using node version: 16.13.2
I use NVM to install 12.8.1 with nvm install 12.8.1
Then nvm use 12.8.1
This will now work on my machine and environment.
if the .npmrc file config like this
//registry.npm.example.com/:_auth="base64(username:psw)"
try this
//registry.npm.example.com/:_authToken="base64(username:psw)"
In my case, npmjs expected a Base64 encoded Personal Access Token in the .npmrc file, and I had forgotten to Base64 encode it before pasting it into the user .npmrc file.
You can try downgrading the current node version, 16, to 14.20.0.
My steps to fix this issue.
Earlier I had configured NODE_HOME under "Environment variable".
I removed it.
Only configured the path.
Created a new folder in the "C" drive and pasted the node files.
(System variable)Path = "C:\Node\node-v14.20.0-win-x64"
I had same issue as I had configured my auth through the .npmrc file by adding the below details to it:
_auth=xxx
always-auth=true
email=example#mail.com
The error was:
npm ERR! code E401
npm ERR! Unable to authenticate, need: BASIC realm="Sonatype Nexus Repository Manager"
then got resolved after removing underscore (_) from auth in the .npmrc file:
auth=xxx
always-auth=true
email=example#mail.com
I think NPM is struggling with security a bit today, when I run npm install on a local project, I get:
'npm WARN notice Due to a recent security incident, all user tokens
have been invalidated. Please see
https://status.npmjs.org/incidents/dn7c1fgrr7ng for more details. To
generate a new token, visit https://www.npmjs.com/settings/~/tokens or
run "npm login"
I signed in again with npm login, but I get the same error. Does anyone know of a workaround?
I get same warning even after the new login:
I get that if the package name is incorrect, on top of the 404 error.
If you need to be logged in just log back in.
If you don't need to be logged in just check that you have the correct package name.
In my case react-native-create-app didn't exist.. After adding the correct name: create-react-native-app it worked.
Make sure you have your npmrc file set up ok.
https://docs.npmjs.com/files/npmrc
Steps to follow:
Run npm login
Enter your
Username
Password
Email address
Note: if you don't have this credentials, you have to sign up at https://www.npmjs.com/signup
Run npm install bootstrap --save
This should work.
After performing npm login try to reopen CLI you are using in order to run npm commands. It worked for me
I have the following line in my dependencies in package.json:
"log": "https://git.mydomain.com/myproject/myrepo/repository/archive.tar.gz?ref=0.1.0",
I get the following:
km#Karls-MBP ~/dev/vertica (km/ref) $ npm install
npm ERR! code E401
npm ERR! 404 401 Unauthorized: log#https://git.mydomain.com/myproject/myrepo/repository/archive.tar.gz?ref=0.5.0
npm ERR! A complete log of this run can be found in:
npm ERR! /Users/km/.npm/_logs/2018-02-16T08_49_38_669Y-debug.log
I don't know if the issue is GitLab (where the repo exists) or NPM.
Node v8.9.4
NPM v5.6.0
Remove .npmrc from the Home Directory, it should be able to work. I did the same and it works for me.
My user directory .npmrc file had a stale authtoken as below.
//registry.npmjs.org/:_authToken=3615fa68-123a-4d72-b99a-772b5b1edc48
By removing this line, the npm installation works fine and no longer throws an authentication error.
You need to add user to npm registery
>> npm whoami [ it will return not authorized ]
To add new user follow below steps :-
>> npm adduser (then enter your name and complex password and your email)
>> npm whoami (return your registered name)
I got the same error but the reason in my case was different than the above answers:
I discovered that the package-lock.json had some of the packages resolved to a private url instead of the typical public npm urls, so deleting the npm lock file and running npm install again solved it
But if this is the case, you need to check with the team still why this private url resolution happened instead of the normal one
I got this when I used --prefer-offline
- npm ci --cache .npm --prefer-offline --unsafe-perm --no-optional
Removing that option fixed it.
In my case I have to change the content of .npmrc file to package-lock=false.
Now it works fine!
removing the .npmrc from the root directory worked for me
removing the .npmrc from the root directory worked perfectly for me as well
I noticed this error for a public github repo. Removed the entry always-auth = true and was able to proceed.
Ok so I finally managed to get a private npm registry using Sinopia. But I cannot publish anything to it.
TL;DR: Sinopia does not support npm adduser, but has its own user
management. Also npm needs a valid user created before npm publish
through npm adduser, which fails because the internal Sinopia server
throws an error at the unsupported command....
How does one use Sinopia as a private registry with proper users and passwords
create a global user in npmjs.org, and then another with the same password in Sinopia?
Or is there an easier way to tell npm to just use a fixed user/pass.
Or even better prompt me somehow for username and password?
something else?
Synopsis:
Sinopia does not depend on Couch.DB and will hapilly fetch packages it does not already have from a master (default is the global npmjs.org).
Sinopia starts perfectly and is configured to listen on all interfaces. It works wonders in serving packages to
npm install
I even configured ~/.npmrc to always point to the internal registry.
All projects' package.json file is set to
....
"publishConfig" : {
"registry" : "http://internal-npm:4873"
},
....
Also I managed to add custom users in sinopia by manipulating the config.yaml with the help of js-yaml
crypto.createHash('sha1').update('theBigPassword').digest('hex')
Now I am stuck at
npm --registry=http://internal-npm:4873 --ca=null publish
After a long wait I get:
npm ERR! need auth auth and email required for publishing
npm ERR! need auth You need to authorize this machine using `npm adduser`
npm ERR! System Linux 3.11.0-18-generic
npm ERR! command "/usr/bin/nodejs" "/usr/bin/npm" "--registry=http://internal-npm:4873" "--ca=null" "publish"
npm ERR! cwd /home/ciprian/workspace/netop-npm
npm ERR! node -v v0.10.15
npm ERR! npm -v 1.2.18
npm ERR! code ENEEDAUTH
npm ERR!
npm ERR! Additional logging details can be found in:
npm ERR! /home/ciprian/workspace/netop-npm/npm-debug.log
npm ERR! not ok code 0
The business end of the log file tells me that the user is not optional
86 error need auth auth and email required for publishing
86 error need auth You need to authorize this machine using `npm adduser`
87 error System Linux 3.11.0-18-generic
88 error command "/usr/bin/nodejs" "/usr/bin/npm" "--registry=http://internal-npm:4873" "--ca=null" "publish"
89 error cwd /home/ciprian/workspace/netop-npm
90 error node -v v0.10.15
91 error npm -v 1.2.18
92 error code ENEEDAUTH
93 verbose exit [ 1, true ]
Now, the chicken and egg issue is that Sinopia does not support npm adduser, but has its own user management like I mentioned above. Also npm needs a valid user created through npm adduser, which fails because the internal Sinopia server throws an error at the unsupported command.
First of all, it is not "chicken and egg" problem.
"npm adduser" does two things:
it creates a new user on the remote server, or verifies that it exists
it adds _auth to your .npmrc
Sinopia will complain if user doesn't exist, but if it does, it'll happily report success.
So, what you have to do is this:
add user/pass to config.yaml (see josh's answer) and restart sinopia server
run npm adduser --registry http://internal-npm:4873/
Yes, "adduser" command is confusing, because it won't actually add a new user. It'll just verify that user exists in config.
If you want, you can use "npm login" command. It is less confusing even though it does exactly the same thing. :)
Second of all, add this to your package.json:
"publishConfig": {
"registry": "http://internal-npm:4873/"
}
This way npm won't publish it to the public registry anymore, even if it's a default one.
And lastly, you can't use two registries (npmjs and your private one) at the same time with the same npmrc. It's even less secure than you think.
It's okay in most cases, but if you have to use both of them (for example, you maintain public and private packages at the same time), use yapm instead of npm and write something like this to your .npmrc:
[registries."https://registry.npmjs.org/"]
_auth = (your auth string for public registry)
[registries."http://internal-npm:4873/"]
_auth = (your auth string for private registry)
always-auth = true
It'll prevent exposing your passwords to public registry in all cases.
The Sinopia README tells you exactly what to do.
Adding a new user
There is no utility to add a new user but you can at least use node on the command-line to generate a password. You will need to edit the config and add the user manually.
Start node and enter the following code replacing 'newpass' with the password you want to get the hash for.
$ node
> crypto.createHash('sha1').update('newpass').digest('hex')
'6c55803d6f1d7a177a0db3eb4b343b0d50f9c111'
> [CTRL-D]
Insert the new user into your config.yaml file.
You then run npm adduser to login. (adduser is the command used for both account creation and login; sinopia does not support the creation part.)
Option 1 works, but I'm not really happy with it. So I'll keep on searching
YES, if I add a valid npmjs.org user, then swith the repo:
npm config set registry http://internal-npm:4873/
The publish command will work if the same user/pass exists in Sinopia
npm publish --registry=http://internal-npm:4873/
The downside is that if someone forgets to explicitly set the private registry, the publish will 100% work on the global npmjs.org, which would be a disaster.
As of version 0.13, Sinopia does support the creation of a new user through
npm adduser --registry example.com:port
For more details see: HOW TO CREATE A NEW SINOPIA USER
Me help contributor of sinopia :)
See here:
https://github.com/rlidwka/sinopia/issues/230#issuecomment-91825660