How should I set _auth in .npmrc when using a Nexus https npm registry proxy?

Question

Context

1. My .npmrc file seems to be correctly read (checked with npm config ls -l both from command line and from Maven build).

2. the machine on which npm is run cannot connect directly to the net, it can only connect to a Nexus npm registry url. Therefore, proxy properties proxy and https-proxy are not set.

3. As access to Nexus is restricted, I have generated an access token from within Nexus.

4. Nexus security tokens are made from a username and a password which both contain characters such as / which usually have to be "url encoded"

5. as expected, with this configuration, when running npm install detects no proxy.

6. Nexus npm registry proxy seems to be correctly set (I can both access json files and download tgz files using a web browser after having connected using the token generated)

7. If I set registry to http://registry.npmjs.org/ and comment _auth, email, always-auth, strict-ssl properties, and add proxy and https-proxy configuration, npm install works as expected (but I won't be able to do it on target environment)

Content of .npmrc file

; Nexus proxy registry pointing to http://registry.npmjs.org/ registry = https://<host>/nexus/content/repositories/npmjs-registry/   ; base64 encoded authentication token _auth = <see question below>  ; required by Nexus email = <valid email>  ; force auth to be used for GET requests always-auth = true  ; we don't want to put certificates in .npmrc strict-ssl = false  loglevel = silly 

Question

How should I generate the _auth property properly in order to have npm install work as expected?

I tried so far

1. base64Encode(<username>:<password>)
   • results in npm info retry will retry, error on last attempt: Error: socket hang up
2. base64Encode(urlencode(<username>:<password>))
   • results in npm info retry will retry, error on last attempt: Error: This request requires auth credentials. Run `npm login` and repeat the request.
3. base64Encode(urlencode(<username>):urlencode(<password>))
   • results in npm info retry will retry, error on last attempt: Error: socket hang up

When getting the socket hang up error I have the following stack trace:

http request GET https://<host>/nexus/content/repositories/npmjs-registry/fsevents sill fetchPackageMetaData Error: socket hang up sill fetchPackageMetaData     at TLSSocket.onHangUp (_tls_wrap.js:1035:19) sill fetchPackageMetaData     at TLSSocket.g (events.js:260:16) sill fetchPackageMetaData     at emitNone (events.js:72:20) sill fetchPackageMetaData     at TLSSocket.emit (events.js:166:7) sill fetchPackageMetaData     at endReadableNT (_stream_readable.js:905:12) sill fetchPackageMetaData     at doNTCallback2 (node.js:441:9) sill fetchPackageMetaData     at process._tickCallback (node.js:355:17) sill fetchPackageMetaData  error for fsevents@^1.0.0 { [Error: socket hang up] code: 'ECONNRESET' } WARN install Couldn't install optional dependency: socket hang up verb install Error: socket hang up verb install     at TLSSocket.onHangUp (_tls_wrap.js:1035:19) verb install     at TLSSocket.g (events.js:260:16) verb install     at emitNone (events.js:72:20) verb install     at TLSSocket.emit (events.js:166:7) verb install     at endReadableNT (_stream_readable.js:905:12) verb install     at doNTCallback2 (node.js:441:9) verb install     at process._tickCallback (node.js:355:17) 

When getting the This request requires auth credentials error I have the following stack trace:

npm sill fetchPackageMetaData Error: This request requires auth credentials. Run `npm login` and repeat the request. npm sill fetchPackageMetaData     at CachingRegistryClient.authify (<root>\ui\target\node\node_modules\npm\node_modules\npm-registry-client\lib\authify.js:17:14) npm sill fetchPackageMetaData     at CachingRegistryClient.makeRequest (<root>\ui\target\node\node_modules\npm\node_modules\npm-registry-client\lib\request.js:103:17) npm sill fetchPackageMetaData     at <root>\ui\target\node\node_modules\npm\node_modules\npm-registry-client\lib\request.js:66:17 npm sill fetchPackageMetaData     at RetryOperation._fn (<root>\ui\target\node\node_modules\npm\node_modules\npm-registry-client\lib\attempt.js:18:5) npm sill fetchPackageMetaData     at null._onTimeout (<root>\ui\target\node\node_modules\npm\node_modules\retry\lib\retry_operation.js:49:10) npm sill fetchPackageMetaData     at Timer.listOnTimeout (timers.js:92:15) npm sill fetchPackageMetaData  error for fsevents@^1.0.0 [Error: This request requires auth credentials. Run `npm login` and repeat the request.] npm WARN install Couldn't install optional dependency: This request requires auth credentials. Run `npm login` and repeat the request. npm verb install Error: This request requires auth credentials. Run `npm login` and repeat the request. npm verb install     at CachingRegistryClient.authify (<root>\ui\target\node\node_modules\npm\node_modules\npm-registry-client\lib\authify.js:17:14) npm verb install     at CachingRegistryClient.makeRequest (<root>\ui\target\node\node_modules\npm\node_modules\npm-registry-client\lib\request.js:103:17) npm verb install     at <root>\ui\target\node\node_modules\npm\node_modules\npm-registry-client\lib\request.js:66:17 npm verb install     at RetryOperation._fn (<root>\ui\target\node\node_modules\npm\node_modules\npm-registry-client\lib\attempt.js:18:5) npm verb install     at null._onTimeout (<root>\ui\target\node\node_modules\npm\node_modules\retry\lib\retry_operation.js:49:10) npm verb install     at Timer.listOnTimeout (timers.js:92:15) 

Thanks in advance.

Answer 1

https://books.sonatype.com/nexus-book/reference/npm-deploying-packages.html

$ echo -n 'username:password' | openssl base64 

Answer 2

If you have authorization token you should not use username:password. I suggest you:

1. Generate token

   • Delete your ~/.npmrc or rename it.
   • Make sure your env settings like $NPM_CONFIG_* are unset.
   • Verify that email and other settings are unset by using: npm config list
   • Log into the npm using: npm login --registry=https://nexus.whatever.registry/respository/npm-whatever-group/
   • Once you are logged - you are logged. The npm should generate a token for it in your ~/.npmrc. It will look like:

//nexus.whatever.registry/respository/npm-whatever-group/:_authToken=NpmToken.YOUR-LOVELY-TOKEN-IN-HEX

2. You can use that token in your project, CI pipeline, and other ones. Make sure in your project .npmrc there is:

//nexus.whatever.registry/respository/npm-whatever-group/:_authToken=NpmToken.YOUR-LOVELY-TOKEN-IN-HEX email = <EMAIL_USED_FOR_TOKEN_GENERATION> always-auth = true registry = https://nexus.whatever.registry/respository/npm-whatever-group/

3. If you have problems with authentication/certs:

   • add env variable (also to your CI/CD pipline) $NODE_EXTRA_CA_CERTS to point to /home/wherever/is/your/cert.pem

4. For CI/CD pipelines (like gitlabs or jenikins):

   • consider replacing actual values from your .npmrc project file with ${RELEVANT_ENV_VARIABLES}. This way you will make them less visible and always self-updating on change of pipline.

Hope this help.