Develop Reference

Installing a private package from Gitlab with Yarn

I have a private npm package that is published to the Gitlab Package Registry using a Gitlab CI pipeline.
I want to install this package in a project using yarn.
Following the documentation helped me come up with the following .npmrc file :
//gitlab.com/api/v4/packages/npm/:_authToken=glpat-***********
#my-org:registry=https://gitlab.com/api/v4/packages/npm/
With the above, npm install #my-org/my-package works perfectly.
However, yarn add #my-org/my-package fails. using --verbose shows a 404 :
verbose 1.169823875 Error: https://gitlab.com/api/v4/projects/<my-project-id>/packages/npm/#my-org/my-package/-/#my-org/my-package-1.0.3.tgz: Request failed "404 Not Found"
error An unexpected error occurred: "https://gitlab.com/api/v4/projects/<my-project-id>/packages/npm/#my-org/my-package/-/#my-org/my-package-1.0.3.tgz: Request failed \"404 Not Found\""
The package does exist at version 1.0.3, NPM installs it.
I need to get this to work with Yarn. How can I do this ?
Additionaly, is there a way to take the authToken out of the .npmrc file ?

I also was not able to install it with yarn, but npm was ok.
This this worked out:
npm config set -- //gitlab.com/api/v4/packages/npm/:_authToken=XXX
npm config set -- //gitlab.com/api/v4/projects/<projectID>/packages/npm/:_authToken=XXX
npm config set #my-scope:registry https://gitlab.com/api/v4/packages/npm/
yarn config set '//gitlab.com/api/v4/projects/:_authToken' "XXX"
yarn config set '//gitlab.com/api/v4/packages/npm/:_authToken' "XXX"
And no need for .npmrc for this setup.
Here is the official GitLab docs on that issue.

Your config in .npmrc should work if you are using Yarn v1.x, as Yarn 1 uses the registries configured in this file.
However, for Yarn 2, you must configure your private registries in the .yarnc.yml at the project level:
npmScopes:
my-org:
npmRegistryServer: "https://gitlab.com/api/v4/projects/my-project-id/packages/npm/"
npmAlwaysAuth: true
npmAuthToken: glpat-*******
Replace my-org with the scope of your package, my-project-id with the numeric id of your Gitlab project, and put your token with scope "api".

Install multiple npm packages from private gitlab registry

I'm using gitlab to host my private npm packages. At the moment I've 2 projects I published to the gitlab package registry. Both packages are used by another project (let's say 3rd project). According to the gitlab documentation, I installed both packages in the 3rd project using the following commands:
npm config set #myscope:registry https://gitlab.com/api/v4/projects/<first-project-id>/packages/npm/
npm config set "//gitlab.com/api/v4/projects/<first-project-id>/packages/npm/:_authToken" "<auth-token>"
npm install #myscope/first-package
npm config set #myscope:registry https://gitlab.com/api/v4/projects/<second-project-id>/packages/npm/
npm config set "//gitlab.com/api/v4/projects/<second-project-id>/packages/npm/:_authToken" "<auth-token>"
npm install #myscope/second-package
My problem is now that I cannot run a simple "npm install" anymore because my 3rd project depends on the 2 private packages. Sure, I can call "npm config set" before running "npm install" in the 3rd project, but the problem is that when I call "npm config set" for the second project, it replaces the first config (because both are having the same scope). So I can only install 1 package, for the second I'm getting an error because it cannot be found (because it has another project-id in gitlab, thus another package registry url). I already tried the following without success:
npm config set #myscope/first-package:registry https://gitlab.com/api/v4/projects/<first-project-id>/packages/npm/
npm config set "//gitlab.com/api/v4/projects/<first-project-id>/packages/npm/:_authToken" "<auth-token>"
npm install #myscope/first-package
npm config set #myscope/second-package:registry https://gitlab.com/api/v4/projects/<second-project-id>/packages/npm/
npm config set "//gitlab.com/api/v4/projects/<second-project-id>/packages/npm/:_authToken" "<auth-token>"
npm install #myscope/second-package
But now I cannot install any of the packages. So, anyone know how I can set the registry-url for packages sharing the same scope but having a different url?

I finally solved the issue by using the instance-level installation. First, I thought it's not working for me because it still told me 404. But the problem was that gitlab instructs me to run npm config set '//gitlab.com/api/v4/packages/npm/:_authToken' "<my-token>". But this is not working on my Windows because of the apostrophes that surrounds the url. I replaced them with " and now everything works fine.

npm error E401: Unable to authenticate, need: BASIC realm="Sonatype Nexus Repository Manager"

I upgraded node version to 12.16.2 and npm version to 6.14.4. After that I am not able to run npm install, as I'm getting this error
code E401
npm ERR! Unable to authenticate, need: BASIC realm="Sonatype Nexus Repository Manager"
I even tried deleting node_modules and package-lock.json and running npm install again, but doesn't change anything.

I had similar issue. I resolved it by adding _auth into my ~/.npmrc. See the doc how to encode your nexus credential. I added the encoded credential using npm config set _auth xxx.
You wont be able to see the value using npm config list or npm config get _auth.

In my case, the problem was I've entered another registry address in same Nexus for npm login command.
npm login --registry=http://nexus_url:port/repository/wrong_address
My problem was solved by logging into correct address:
npm login --registry=http://nexus_url:port/repository/correct_address

what worked for me is :
I deleted the .npmrc file under C/users/ folder.
and ran npx vsts-npm-auth -config .npmrc command to create a new file in the users folder

Deleted the .npmrc file under C/users/ folder
npm set registry=http....
npm set _auth=(login:pass in base64):

I found a way out. With this new npm version they are enforcing authentication to access certain packages. We realised we don't need to use authentication for any of the packages we were downloading, hence the auth code we had was unnecessary. So we just removed it and it all worked.

vsts-npm-auth -config .npmrc -F
Is the only solution I found;
Edit: make sure to run npm install -g vsts-npm-auth before

You can remove package-lock.json .. it works with me

I'm run set's command from the post and add in nexus "Active realms" profile "npm Bearer Token Realm". Links: https://help.sonatype.com/repomanager3/system-configuration/access-control/realms
My problem was solved.

I encountered this error when running an npm install that was pulling some dependencies from a non-public registry located on a self-hosted Azure DevOps (AzDo) server.
I had a .npmrc file in the project, and a .npmrc file in my user profile dir with an AzDo personal access token (PAT) that had allowed access previously. The AzDo UI reported my token as still being valid.
PS C:\src\app> npm install
npm ERR! code E401
npm ERR! Unable to authenticate, need: Basic realm="{INTERNAL_REGISTRY_URL}", Negotiate, NTLM
In my case, the solution was to regenerate the AzDo PAT and update the .npmrc found in my user profile directory.

What worked for me was running npm login, then entering my Username, Password, and Email to log in to the registry defined in .npmrc. I then proceeded with npm installing the packages I needed and it worked.

Had the same issue while doing npm i for a private npm registry. Solved it by removing the _authToken parameter from some lines in my .npmrc file in my user's root directory:
Before:
//registry.npm.example.com/:_authToken=NpmToken.XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXX
//npm.artifacts.example.io/:_authToken=NpmToken.XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXX
update-notifier=false
registry=https://npm.artifacts.example.io/
After:
//registry.npm.example.com/
//npm.artifacts.example.io/
update-notifier=false
registry=https://npm.artifacts.example.io/

In my case the Nexus Authentication and project I am using requires Node version: 12.8.1.
I was using node version: 16.13.2
I use NVM to install 12.8.1 with nvm install 12.8.1
Then nvm use 12.8.1
This will now work on my machine and environment.

if the .npmrc file config like this
//registry.npm.example.com/:_auth="base64(username:psw)"
try this
//registry.npm.example.com/:_authToken="base64(username:psw)"

In my case, npmjs expected a Base64 encoded Personal Access Token in the .npmrc file, and I had forgotten to Base64 encode it before pasting it into the user .npmrc file.

You can try downgrading the current node version, 16, to 14.20.0.
My steps to fix this issue.
Earlier I had configured NODE_HOME under "Environment variable".
I removed it.
Only configured the path.
Created a new folder in the "C" drive and pasted the node files.
(System variable)Path = "C:\Node\node-v14.20.0-win-x64"

I had same issue as I had configured my auth through the .npmrc file by adding the below details to it:
_auth=xxx
always-auth=true
email=example#mail.com
The error was:
npm ERR! code E401
npm ERR! Unable to authenticate, need: BASIC realm="Sonatype Nexus Repository Manager"
then got resolved after removing underscore (_) from auth in the .npmrc file:
auth=xxx
always-auth=true
email=example#mail.com

Authentication error on publishing to private NPM repository on Nexus

I am having authentication problem when publishing to my private npm registry hosted on my private Nexus.
My Nexus setup is I have npm-proxy, npm-registry (hosted npm with allowRepublish=false), npm-snapshots (hosted npm with allowRepublish=true) and npm-public (group with all other three repositories).
Since I am developing a library, I am using my snapshot repository, so I can redeploy same version constantly (something like snapshot in maven world).
In my library project I have set this option in package.json
"publishConfig": {
"registry": "https://my.nexus.com/repository/npm-snapshots/"
}
Next, I created .npmrc file with following content:
registry=https://my.nexus.com/repository/npm-public/
_auth=RVhBTVBMRQ==
And with this setup I can publish project with no problem. However, what bothers me, is that I have my password (which is just base64 encoded) stored in file, that should be commited, but I can't commit it, due to credentials in it.
I have tried to instead login to npm registry and removed the auth line from .npmrc
npm adduser --registry=https://my.nexus.com/repository/npm-snapshots --always-auth
I got response Logged in as myusername on https://my.nexus.com/repository/npm-snapshots.
However, when I try to run npm publish I get:
npm ERR! code E401
npm ERR! Unable to authenticate, need: BASIC realm="Sonatype Nexus Repository Manager"
npm verb exit [ 1, true ]
npm timing npm Completed in 6867ms
npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\XXXX\AppData\Roaming\npm-cache\_logs\2019-07-30T19_31_01_598Z-debug.log
Now in my other project (which is using this library), I simply created .npmrc file with content registry=https://nexus.mjamsek.com/repository/npm-public/ and run command npm adduser --registry=https://my.nexus.com/repository/npm-public --always-auth and I was able to download the published package.
However, the publish still won't work and I don't know why.
EDIT 31.7.2019: On my list of active realms I also have npm Bearer Token Realm

When you do npm login or npm adduser the NPM client creates an authentication token that will be used in future request to the registry. Default NXRM configuration allows only Local Authenticating Realm which doesn't recognise NPM's token. Please make sure you have npm Bearer Token Realm active.

You need a trailing slash on the end of the registry URL passed into npm adduser, otherwise npm will chop off the last segment of the URL, and it won't work.

_auth= replaced with output of btoa('username:userpassword') and it worked for me.
I did use this btoa from chrome as below.

I encountered this problem today, my solution was to delete all registry entry from my npmrc file:
registry=https://my.nexus.com/repository/npm-snapshots/
Idealy delete anything superfluous, back it up before-hand, in my case my file contained only:
strict-ssl=false
Then you can
npm login --registry=https://my.nexus.com/repository/npm-public/ again.
If that's not working, you also bypass npm login with curl, look at this life saving post.

Make sure the _auth token is correct. In my case I changed my system credentials and forgot to generate new _auth token. I was getting the exact same error i.e.
"npm ERR! code E401
npm ERR! Unable to authenticate, need: BASIC realm="Sonatype Nexus Repository Manager"
once i fixed it, the issue was resolved.
For those who are looking for the command to generate _auth. It is:
btoa('username:userpassword')

I had same problem, my solution was to delete my global .npmrc file, and after login npm login.

I had ended with three versions of node on my machine. It turned out that the ones i installed later had their own local .npmrc files in the node_modules folders. They didn't use the global .npmrc even after i removed the local one so i had to copy it.

I was struggling about this problem last two days, finally the solution was to delete .npmrc file from root (user) directory.
When npm tried to login, it used the creds inside this file and ignore your pass login.

I've had a similar issue. I also have our credentials stored in an npmrc file in my user directory. When set up with node16/npm7, I would receive the error
npm ERR! code ENEEDAUTH
npm ERR! need auth This command requires you to be logged in.
npm ERR! need auth You need to authorize this machine using `npm adduser`
If I use nvm to downgrade to node12/npm6, it works. I'd prefer a working solution without downgrading, but for now it lets me move on.
UPDATE:
We finally figured it out (a while ago, but I forgot about this answer). In our .npmrc files in our user directories, we needed to add/change our authorization config entry.
Before:
_auth={base64 encoded username:password}
After:
//{path to private repository}:_auth={base64 encoded username:password}

Just enable anonymous access in the nexus dashboard, it will pull from your private registry.

NPM install resulting in 401 Unauthorized for private repo

I have the following line in my dependencies in package.json:
"log": "https://git.mydomain.com/myproject/myrepo/repository/archive.tar.gz?ref=0.1.0",
I get the following:
km#Karls-MBP ~/dev/vertica (km/ref) $ npm install
npm ERR! code E401
npm ERR! 404 401 Unauthorized: log#https://git.mydomain.com/myproject/myrepo/repository/archive.tar.gz?ref=0.5.0
npm ERR! A complete log of this run can be found in:
npm ERR! /Users/km/.npm/_logs/2018-02-16T08_49_38_669Y-debug.log
I don't know if the issue is GitLab (where the repo exists) or NPM.
Node v8.9.4
NPM v5.6.0

Remove .npmrc from the Home Directory, it should be able to work. I did the same and it works for me.

My user directory .npmrc file had a stale authtoken as below.
//registry.npmjs.org/:_authToken=3615fa68-123a-4d72-b99a-772b5b1edc48
By removing this line, the npm installation works fine and no longer throws an authentication error.

You need to add user to npm registery
>> npm whoami [ it will return not authorized ]
To add new user follow below steps :-
>> npm adduser (then enter your name and complex password and your email)
>> npm whoami (return your registered name)

I got the same error but the reason in my case was different than the above answers:
I discovered that the package-lock.json had some of the packages resolved to a private url instead of the typical public npm urls, so deleting the npm lock file and running npm install again solved it
But if this is the case, you need to check with the team still why this private url resolution happened instead of the normal one

I got this when I used --prefer-offline
- npm ci --cache .npm --prefer-offline --unsafe-perm --no-optional
Removing that option fixed it.

In my case I have to change the content of .npmrc file to package-lock=false.
Now it works fine!

removing the .npmrc from the root directory worked for me

removing the .npmrc from the root directory worked perfectly for me as well

I noticed this error for a public github repo. Removed the entry always-auth = true and was able to proceed.