Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

When running yarn, yarn.lock file is generated with private token from bash

Tags:

npm

yarnpkg

gem-fury

I'm using Gem Fury for some of our private packages. I set the yarn registry to use their proxy for public and our private node modules:

yarn config set registry "https://npm-proxy.fury.io/$GEMFURY_TOKEN/username"

GEMFURY_TOKEN is set in .bash. yarn config get registry produces:

https://npm-proxy.fury.io/$(GEMFURY_TOKEN)/username

When we run yarn, the yarn.lock file will generate this:

[email protected]:
  version "0.1.0"
  resolved "https://npm.fury.io/username/private-module/-/0.1.0.tgz?auth=<GEMFURY TOKEN>"
  dependencies:
    ember-cli-babel "^5.1.6"

[email protected]:
  version "0.1.4"
  resolved "https://npm.fury.io/username/private-module-2/-/0.1.4.tgz?auth=<GEMFURY TOKEN>"
  dependencies:
    ember-cli-babel "^5.1.6"
    ember-inflector "^1.9.6"

I don't want private tokens in the git repository. Is there a way I can exclude the token from being added to the yarn.lock file on generation?

like image 459
Danielle Adams Avatar asked Feb 22 '17 21:02

Danielle Adams

People also ask

How is yarn lock file generated?

Whenever you run yarn (which is the equivalent of running yarn install ) upon a fresh install, a yarn. lock file is generated. It lists the versions of dependencies that are used at the time of the installation process. That means it looks into your package.

How do I change the lock on a yarn file?

Your yarn. lock file is auto-generated and should be handled entirely by Yarn. As you add/upgrade/remove dependencies with the Yarn CLI, it will automatically update your yarn. lock file.

Should I Gitignore yarn lock?

You should never, ever "gitignore" your lock files( package-lock. json and/or yarn. lock )! Even when installing using npm install , it generates a notice that we "should commit this file".

Does yarn use npm registry?

Yarn can consume the same package. json format as npm, and can install any package from the npm registry. This will lay out your node_modules folder using Yarn's resolution algorithm that is compatible with the node. js module resolution algorithm.

1 Answers

Try to set up npm as described in Gem Fury documentation. The crucial parts are setting always-auth to true and using npm login

If this doesn't help then you can use Git pre-commit hooks that will remove credentials from yarn.lock when changes are commited to Git repository.

like image 72
SergeyLebedev Avatar answered Oct 08 '22 06:10

SergeyLebedev
Sign in to Comment

Related questions

Installing Grunt on OS X
Module build failed: Error: `sass-loader` requires `node-sass` >=4. Please install a compatible version
How do you correctly use parallelshell with npm scripts?
The term 'node' is not recognized... In Powershell
How to install Node.js, npm, socket.io and use them? [closed]
How do I upgrade all scoped packages with Yarn?
npm WARN @typescript-eslint/[email protected] requires a peer of typescript@*
Electron app cant find sqlite3 module
ts-node-dev bad option: --transpileOnly and bad option: --ignoreWatch
npm install -D sass-loader node-sass Vue.js 2021
Plugins[0][1] must be an object, false, or undefined
npm install -g karma error MSB4019: The imported project "C:\Microsoft.Cpp.Default.props" was not found
Laravel is not defined
root directory for node module
React: How to run "react-scripts start" with a different root?
TypeError: Cannot read property 'webpackJsonp' of undefined
npm install in GitHub Action fails with "ENOENT: no such file or directory" - Works fine elsewhere
Only 'npm install' in GitLab CI when package.json has been updated

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!