Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Installing private package from Github Package registry using Yarn fails with not authorized

This question is related to these. But none of the solutions worked for me.

  • Yarn can't find private Github npm registry
  • Installing private package from Github Package registry fails with not found/not authorized

I can install a package without issues with npm install @scope/package however I cannot do the same with yarn: yarn add @scope/package

yarn throws the following error: An unexpected error occurred: "https://npm.pkg.github.com/download/@scope/package/1.2.8/089b08cffb16074c210ec3a59b04de268ae1c7b3a0492dce110adee3ada05bdd: Request failed \"401 Unauthorized\"".

my .npmrc file looks like this: (tried with and without below .yarnrc)

registry=https://registry.npmjs.org/
//npm.pkg.github.com/:_authToken=MY_AUTHTOKEN
@scope:registry=https://npm.pkg.github.com/

I have tried adding this .yarnrc file:

registry "https://registry.npmjs.org"
"@scope:registry" "https://npm.pkg.github.com"

(without .yarnrc) I've tried this .npmrc file

registry=https://registry.yarnpkg.com/

@scope:registry=https://npm.pkg.github.com
//npm.pkg.github.com/:_authToken=MY_AUTHTOKEN
always-auth=true

Where MY_AUTHTOKEN is my Personal Access Token I've generated from Github. (it has access to everything in packages)

I have tried to:

  • remove yarn.lock
  • remove .yarnrc
  • login with npm login using my PAT as the password
  • logout of npm and removing global .npmrc and .yarnrc
  • logging in with yarn login

In case of any confusion I'm not actually trying @scope and /package but my actual scope and package name.

I do have access to the scope and package on Github.

and again my first setup works just fine with npm. But I cannot get this working with yarn, and cannot find any valid existing solution on SO.

like image 1000
MLyck Avatar asked May 11 '20 20:05

MLyck


People also ask

How do I authenticate a GitHub package?

You can authenticate to GitHub Packages with npm by either editing your per-user ~/. npmrc file to include your personal access token or by logging in to npm on the command line using your username and personal access token. To authenticate by adding your personal access token to your ~/.

Does yarn work with npm registry?

Yarn can consume the same package. json format as npm, and can install any package from the npm registry. This will lay out your node_modules folder using Yarn's resolution algorithm that is compatible with the node.

How do I install yarn packages?

Step 1 ā€” Installing Yarn Globally The Yarn maintainers recommend installing Yarn globally by using the NPM package manager, which is included by default with all Node. js installations. Use the -g flag with npm install to do this: sudo npm install -g yarn.

How do I install all packages in a package json with yarn?

Installing all dependencies: yarn or yarn install. Installing one and only one version of a package: yarn install --flat. Forcing a re-download of all packages: yarn install --force. Installing only production dependencies: yarn install --production.


3 Answers

The following worked for me in .npmrc

@mvce-superstars:registry=https://npm.pkg.github.com

Using yarn v2, the following worked for me in .yarnrc.yml:

npmScopes:
  "mvce-superstars":
    npmAlwaysAuth: true
    npmAuthToken: xxx-xxx # optional
    npmRegistryServer: "https://npm.pkg.github.com"

Note

The scope name is lowercase. This is supposed to be the name of the owner of the repository (ex. MVCE-Superstars) where the package was published, but the name has to be all lower-cased.


The setup

Publishing

  • I created a private copy of this hello-world repository.
  • I copied over the above .npmrc OR .yarnrc.yml file into the repoository.
  • Next I logged in using the npm login --registry=https://npm.pkg.github.com/ OR yarn npm login --scope=mvce-superstars command (skip if npmAuthToken is specified above)
  • I entered my github user name, and my token (with scopes read:package, write:package, and repo) (skip if npmAuthToken is specified above)
  • Finally, I pushed the package to my private repo using npm publish OR yarn npm publish

Output

npm notice 
npm notice šŸ“¦  @mvce-superstars/[email protected]
npm notice === Tarball Contents === 
npm notice 16.3kB example.gif   
npm notice 89B    bin.js        
npm notice 175B   lib/index.js  
npm notice 734B   package.json  
npm notice 2.0kB  yarn-error.log
npm notice 570B   Readme.md     
npm notice 167B   init.sh       
npm notice === Tarball Details === 
npm notice name:          @mvce-superstars/hello-world-npm        
npm notice version:       1.1.1                                   
npm notice package size:  14.3 kB                                 
npm notice unpacked size: 20.0 kB                                 
npm notice shasum:        5379c8030fa9c5f57e5baef67f2a8a784ce93361
npm notice integrity:     sha512-FAI/Wuy4gHW8C[...]FINQeIlZ+HDdg==
npm notice total files:   7                                       
npm notice 
+ @mvce-superstars/[email protected]

Downloading

  • I create a new npm project using npm init (use-hello-world-npm)
  • I copy the above .npmrc to the root of the folder
  • Next I logout of npm (npm logout --registry=https://npm.pkg.github.com/) and log back in (npm login --registry=https://npm.pkg.github.com/), just to be sure
  • Finally, I run yarn and like it was supposed to, it worked!

Output

yarn install v1.22.4
info No lockfile found.
[1/4] Resolving packages...
[2/4] Fetching packages...
[3/4] Linking dependencies...
[4/4] Building fresh packages...
success Saved lockfile.
Done in 0.55s.

yarn v2

āž¤ YN0000: ā”Œ Resolution step
āž¤ YN0014: ā”‚ @mvce-superstars/hello-world-npm@npm:^1.1.1: Only some patterns can be imported from legacy lockfiles (not "https://npm.pkg.github.com/download/@mvce-superstars/hello-world-npm/1.1.1/426126f89734c2c76bfac0342c1de9c95ad003b6e905a7b9f9f745892c86da7a#5379c8030fa9c5f57e5baef67f2a8a784ce93361")
āž¤ YN0000: ā”” Completed in 0.55s
āž¤ YN0000: ā”Œ Fetch step
āž¤ YN0013: ā”‚ @mvce-superstars/hello-world-npm@npm:1.1.1::__archiveUrl=https%3A%2F%2Fnpm.pkg.github.com%2Fdownload%2F%40mvce-superstars%2Fhello-world-npm%2F1.1.1%2F426126f89734c2c76bfac0342c1de9c95ad003b6e905a7b9f9f745892c86da7a can't be found in the cache and will be fetched from the remote server
āž¤ YN0000: ā”” Completed in 1.3s
āž¤ YN0000: ā”Œ Link step
āž¤ YN0031: ā”‚ One or more node_modules have been detected and will be removed. This operation may take some time.
āž¤ YN0000: ā”” Completed
āž¤ YN0000: Done with warnings in 1.87s

Contents of folder after yarn

.
ā”œā”€ā”€ node_modules
ā”‚Ā Ā  ā””ā”€ā”€ @mvce-superstars
ā”œā”€ā”€ package.json
ā””ā”€ā”€ yarn.lock

And for good measure, I remove it (yarn remove @mvce-superstars/hello-world-npm):

yarn remove v1.22.4
[1/2] Removing module @mvce-superstars/hello-world-npm...
[2/2] Regenerating lockfile and installing missing dependencies...
success Uninstalled packages.
Done in 0.06s.

and add it again (yarn add @mvce-superstars/hello-world-npm):

yarn add v1.22.4
[1/4] Resolving packages...
[2/4] Fetching packages...
[3/4] Linking dependencies...
[4/4] Building fresh packages...
success Saved lockfile.
success Saved 1 new dependency.
info Direct dependencies
ā””ā”€ @mvce-superstars/[email protected]
info All dependencies
ā””ā”€ @mvce-superstars/[email protected]
Done in 1.08s.

Sources:

  • https://help.github.com/en/packages/using-github-packages-with-your-projects-ecosystem/configuring-npm-for-use-with-github-packages
  • https://gemfury.com/help/private-yarn/
  • https://github.com/yarnpkg/yarn/issues/4451
like image 117
smac89 Avatar answered Oct 07 '22 05:10

smac89


You need only to use .npmrc in the root of your project with this content:

//npm.pkg.github.com/:_authToken=GITHUB_PERSONAL_TOKEN
@OWNER:registry=https://npm.pkg.github.com

Keep in mind that GITHUB_PERSONAL_TOKEN needs read:packages scope permissions in order to read the packages from your private repo.

like image 41
Alexander Dimitrov Avatar answered Oct 07 '22 04:10

Alexander Dimitrov


I am adding an answer here because after a day of trying different variations of the solutions here and elsewhere, I found that my issue was something else.

My issue was that, while npm is not case sensitive with regards to package names, yarn is when it comes to authentication! šŸ¤¦ā€ā™‚ļø

So, using the example from this solution:

registry=https://registry.yarnpkg.com/

@GITHUB_USERNAME:registry=https://npm.pkg.github.com
//npm.pkg.github.com/:_authToken=AUTH_TOKEN
always-auth=true

I needed to ensure two things:

  1. @GITHUB_USERNAME needs to match the case that you see on github and the name the package was published under. I.e., if your username is Pickle-Rick, you need to put @Pickle-Rick:registry=https://npm.pkg.github.com, not @pickle-rick or @Pickle-rick.

  2. You need to match this casing in your package.json or your yarn add command - whichever you are using. For example:

    "@Pickle-Rick/schwifty": "^1.0.0" in package.json or yarn add @Pickle-Rick/schwifty.

I found this solution by digging through yarn github issues.

like image 1
elethan Avatar answered Oct 07 '22 06:10

elethan