I'd naively assumed that .npmrc lines with double slash ('//') indicate a comment, but that's clearly not the case, because when I delete them, I'm unable to publish to my local registry.
Example:
registry=https://npm.myregistry.io/
//email=me#mydomain.com
//npm.myregistry.io/:_authToken="Pgwb34F123EQdHqE7OoZA=="
If I remove the above // lines, publish results in
npm ERR! code ENEEDAUTH
npm ERR! need auth auth required for publishing
npm ERR! need auth You need to authorize this machine using `npm adduser`
I can't find any reference to this syntax in npmrc documentation or the ini module parser documentation. I'm assuming it has something to do with synthesized properties?
// has no special meaning in .npmrc or any other .ini file.
The ini syntax is key = value. So in this case the key is //npm.myregistry.io/:_authToken.
This is a Protocol-relative URL, meaning an URL that will take the protocol automatically from the current page (you can actually type //google.com in the browser, and it should take you to https://google.com)
Note that this may not necessarily be the URL used by npm for authentication. It's just a format chosen by the developers to hold the authToken (or other values) in the same string with the registry URL.
Related
In order to use private npm registry I am trying to setup credentials and ca certs in project's .npmrc file .
like following:
ca[]=<ROOT_CA> # NOTE this needs to string in double quotes, with newlines replaced be \n
ca[]=<INTERMEDIATE_CA> # NOTE this needs to string in double quotes, with newlines replaced be \n
And it works absolutely fine.
But when I move these values to system environment (Mac OS .zshrc) & try to read like following :
ca[]="${NPM_REG_ROOT_CERT}"
ca[]="${NPM_REG_INTERMEDIATE_CERT}"
It gives me error like following
npm ERR! code UNABLE_TO_VERIFY_LEAF_SIGNATURE
npm ERR! errno UNABLE_TO_VERIFY_LEAF_SIGNATURE
npm ERR! request <complete path to dependency> failed, reason: unable to verify the first certificate
I have ensured the env values are available & everything works fine (other login credentials are also coming from environment only).
These CA certs are having issue while loading from system environment !
If I disable strict-ssl things work. It means other credentials are loading correctly from system environment .
Am I missing something here ?
Could it be related to format of CA cert string stored in system environment. I am setting it as base64 string having newline replaced with \n.
Please help.
Something weird is going on when I try to publish my package on npm without login by auth token.
I've set the export NPM_TOKEN="..." variable inside my ~/.bash_profile and ~/.bash_aliases files.
Also, I've set an npm config set '//registry.npmjs.org/:_authToken' "${NPM_TOKEN}" command from my CLI.
Despite on this, every time I wanna publish my package I receive an error:
npm ERR! 401 Unauthorized - PUT https://registry.npmjs.org/ics - You must be logged in to publish packages.
Perhaps someone knows how to publish packages via npm auth tokens? Well, if I made a login via username & password all is going well. Btw I don't need to be logged in case I want to publish some package via auth token right? It's how most of CI/CD works nowadays.
NPM Token is valid. Generated in "Read & Publish" mode and set locally just several minutes ago.
Thanks in advance.
I am wondering how to configure the .npmrc file so that I can have a default registry and a different scoped registry with authentication.
I am using Nexus for the private repository and I am not sure how to set authentication for the scoped registry, only the default registry.
For example my ~/.npmrc file is:
registry=https://registry.npmjs.org/
#test-scope:registry=http://nexus:8081/nexus/content/repositories/npm-test/
email=test#user.com
_auth="…"
If I do npm publish for a package scoped to test-scope, I get an authentication error.
AFAIK, the _auth only applies to the registry=... section. Is there a way of specifying an auth key for the #test-scope:registry=... section?
Thanks,
So, after some digging through the NPM source code, it turns out there is a way to do this.
My solution is below:
registry=https://registry.npmjs.org/
#test-scope:registry=http://nexus:8081/nexus/content/repositories/npm-test/
//nexus:8081/nexus/content/repositories/npm-test/:username=admin
//nexus:8081/nexus/content/repositories/npm-test/:_password=YWRtaW4xMjM=
email=…
Explanation:
The scope #test-scope specifies that packages with the scope should be published to a different registry than the default registry= when executing the npm publish command.
The two lines starting with //nexus:8081/... are used to specify the credentials to the scoped repository for both username and _password where _password is the base64 encoded password component from the previously used _auth credentials.
Using this approach, only scoped packages will be published and installed from the private registry and all other packages will be installed from the default registry.
Edit:
Additional to this, the password can be specified as an environment variable so that it is not stored in plaintext in the file.
For example:
registry=https://registry.npmjs.org/
#test-scope:registry=http://nexus:8081/nexus/content/repositories/npm-test/
//nexus:8081/nexus/content/repositories/npm-test/:username=admin
//nexus:8081/nexus/content/repositories/npm-test/:_password=${BASE64_PASSWORD}
email=…
Also, when using Nexus, the email= line must be specified.
for some strange reason the _auth is called _authToken when used with scoped packages. If you are using this you don't have to store your plain text password in your .npmrc
registry=https://registry.npmjs.org/
#test-scope:registry=http://nexus:8081/nexus/content/repositories/npm-test/
//nexus:8081/nexus/content/repositories/npm-test/:_authToken=...
email=…
Run the following command, replacing #company-scope with the scope, and company-registry with the name of your company’s npm Enterprise registry:
npm login --scope=#company-scope --registry=https://registry.company-registry.npme.io/
This information is available on the npm documention.
could someone explain me what exactly going on here.
what is the difference between
registry = http://localhost:4873
vs
http://localhost:4873
why doesn't the default npm registry (registry.npmjs.org) have a similar format at line 1 ?
how to set the priority level - as in I want npm to look first in my local registry and then move onto the public registry.
Does the registry at line 1 have priority over the one at line 4 ?
thanks !
Line 3 and 4 aren't registry definitions. They only define the authentication token to be used (as a key-value pair) for your local registry (line 3) and for the default npm registry (line 4).
Line 2 associates the scope flash with your local registry. If you for example publish a package with that scope, it will be automatically published to your local registry, using the authentication token specified in line 3.
This question already has answers here:
Escape # character in git proxy password
(5 answers)
Closed 7 years ago.
Please look into it as it is not working for me:
npm warn invalid config proxy http://'Accenture\username:userpassword#2017'#127.0.0.1:8080
npm warn invalid config Must be a full url with 'http://'
Finally i got the issue resolved with the help from network guy
strict-ssl=false
proxy = http://ip address of proxy:8088
https-proxy = https://ip address of proxy:8088
registry = http://registry.npmjs.org/
These settings should go in ~/.npmrc, or in /root/.npmrc if you need to use sudo.
If you wish to change any of the configuration properties in npm, the section on config on npmjs.com is useful:
https://docs.npmjs.com/cli/config
The full proxy configuration for npm is
npm config set http-proxy http://username:password#proxy-address.com:80/'
npm config set https-proxy http://username:password#proxy-address.com:80/'
That should work for you, you can also double check it's set by typing
npm config list
http-proxy = "http://username:password#proxy-address.com:80/"
https-proxy = "http://username:password#proxy-address.com:80/"
Further to that, if you prefer to edit the config file directly it is stored in a file called .npmrc that can be added either to each project root or the global settings in your user directory, please see the npmrc help content
https://docs.npmjs.com/files/npmrc
In relation to your question, if your password contains special characters, they need to be escaped. This url provides useful information on special characters:
http://www.cyberciti.biz/faq/unix-linux-export-variable-http_proxy-with-special-characters/
As an example, if your password were P#ssword then it will become P%40ssword.