yarn config set npmAlwaysAuth true
yarn config set npmRegistryServer https://acme.jfrog.io/acme/api/npm/npm
yarn npm login
This will ask for your username and password which will be exchanged for an npmAuthToken
Your repo's .yarnrc.yml will end up with the following config
npmAlwaysAuth: true
npmRegistryServer: "https://acme.jfrog.io/acme/api/npm/npm"
Then on your global config ~/.yarnrc.yml you can see the npmAuthToken is now set
npmRegistries:
"https://acme.jfrog.io/acme/api/npm/npm":
npmAuthToken: <TOKEN>@Tirke's scenario, Scoped packages:
As @piqueme mentioned already the missing email might be the issue since JFrog states clearly in docs the following:
"Your email address (npm publish will not work if your email is not specified in .npmrc)"
This is probably the issue since like you guys already figured out, we are not sending the email. However, this section of the Artifactory docs is under the "Basic Auth" strategy (npmAuthIdent) which we strongly discourage.
We have a yarn npm login --scope <scope> however the scope has to be defined. The easiest way to do this is to manually add the scope to your .yarnrc.yml.
npmScopes:
acme:
npmRegistryServer: https://acme.jfrog.io/acme/api/npm/npm
npmPublishRegistry: https://acme.jfrog.io/acme/api/npm/npmThen you can do:
yarn npm login --scope acme
Which will ask for login/password, exchange it for an npmAuthToken and store it in ~/.yarnrc.yml.
Let me know if you guys have any more questions.
CC: @piqueme
DimitrK, none23raiffeisen, oliviernt, LukerSpringtree, leannechen, pi0neerpat, and Shaffan reacted with thumbs up emoji
DimitrK, none23raiffeisen, damenking, and leannechen reacted with hooray emoji
leannechen and Shaffan reacted with heart emoji
All reactions
Thanks @deini .
Although yarn npm login works for users who have simple login credentials, it won't work for business users with SAML SSO integrations to JFrog.
In such case you are being connected with the SSO provider when navigating through browser and your login is transparent. No passwords are issued and there is no access in setting a password within JFrog user profile.
A possible solution would be to add a browser login on yarn npm login spawned from CLI similar to what Heroku CLI does.
I will also open a ticket on them in order to get some feedback on that. I feel this limitation will stop many companies which are using JFrog + SSO switching to Yarn 2
@DimitrK Good points, how is this handled by npm? Is there a way that you can get the npmAuthToken from Jfrog's UI?
Since I don't have access to a SAML SSO + Jfrog registry, I can't really try it out.
@deini Currently jFrog provides SSO users with an API key .
This is being handled right now as per documentation for Basic authentication .
In short, setting the registry and 3 more fields in .npmrc (example values):
registry=https://acme.jfrog.io/acme/api/npm/npm/
_auth =<API_KEY>
email = [email protected]
always-auth = true
@DimitrK Is it really an API_KEY or your user:password base64 encoded? That's what I'm getting from the docs.
Can you try to decode it and use npm login and use that username/password?
@deini good news, it seems that API_KEY can be actually used as a password on its entirely. So doing yarn npm login and entering email as username and API_KEY as password works like a charm.
I also had to remove any node_modules folder for this yarn install to run properly although that should be irrelevant.
Thanks for your support on this.
I did the same commands
yarn config set npmAlwaysAuth true
yarn config set npmRegistryServer https://jfrog.tech/api/npm/frontend-local
yarn npm login
all done, I can do yarn npm publish too, but...
yarn add lodash
I got this
➤ YN0027: lodash@unknown can't be resolved to a satisfying range:
HTTPError: Response code 404 (Not Found)
at o.<anonymous> (/Users/i.mirdzhamolov/projects/ui-kit/.yarn/releases/yarn-2.2.2.cjs:23:12912)
at processTicksAndRejections (internal/process/task_queues.js:97:5)
➤ Errors happened when preparing the environment required to run this command.
When I delete npmRegistryServer from my local .yarnrc.yml – yarn add lodash works, but then doesn't work yarn npm publish...
How I can resolve this issue? 😞
I'm getting error after trying above step. Does anyone have solution for this?
YN0000: ┌ Resolution step
➤ YN0033: │ react-dom@npm:17.0.1: No authentication configured for request
➤ YN0000: └ Completed in 0s 302ms
➤ YN0000: Failed with errors in 0s 309ms
(node:48568) UnhandledPromiseRejectionWarning: Error: jest-diff@npm:26.6.2: No authentication configured for request
(node:48568) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 8)
This works great (thank you @deini 🙏 ) but one oddity I'm not understanding is that we need to have an npmScopes defined so that developers can run yarn npm login --scope <scope>, but the credentials that are then written to ~/.yarnrc.yml can't be used until we delete that npmScopes definition?
Thoughts:
Should there be a --registry flag that can be used with yarn npm login --scope <scope> so we don't need the temporary .yarnrc.yml config?
Or, should there be a useUserNpmAuthToken that we can add to the repositories .yarnrc.yml config to make it use this user specific token?
Or, am I doing something wrong here, and this should actually work already?
After 3hrs of searching and trying I finally found the solution (yarn: 2.4.1). It's closely related to ideas from above. Here in case anyone encounters the same problem:
Problem to solve: For @acme, use a separate GitLab URL and a token.
Manually create a file ~/.yarnrc.yml:
npmRegistries:
"https://gitlab.com/api/v4/packages/npm/":
npmAlwaysAuth: true
npmAuthToken: <YOUR-TOKEN-HERE>
npmScopes:
acme:
npmRegistryServer: https://gitlab.com/api/v4/packages/npm/
And finally, I can add my library:
yarn add @acme/library
Or alternatively, run it in command line (e.g. very handy in Dockerfile):
yarn config set --json npmRegistries '{"https://gitlab.com/api/v4/packages/npm/":{"npmAlwaysAuth":true,"npmAuthToken":"'${GITLAB_TOKEN}'"}}'
yarn config set --json npmScopes '{"sygnum":{"npmRegistryServer":"https://gitlab.com/api/v4/packages/npm/"}}'
For us, setting npmAlwaysAuth: true in our project's .yarnrc.yml file was actually causing problems. When we ran yarn install, we were getting the error Invalid authentication (as an anonymous user) for some of our packages. Removing npmAlwayAuth: true from our .yarnrc.yml file fixed the issue.
We're using Yarn 2.4.1 and JFrog Artifactory 6.18.1.
So, my recommended instructions for anyone who is just getting started is to just run these two commands in your project's directory (the one that contains your package.json file):
yarn config set npmRegistryServer https://example.com/artifactory/api/npm/........
yarn npm login
After specifying your username and password, you should be good to go 🙂
We managed to add the jfrog package dependency using this yarn v2 config example.
Quote symbols are used in the server address but are not needed for the identification
nodeLinker: node-modules
npmAlwaysAuth: true
npmAuthIdent: bmFkZXpo<...>XNDbm1DdTRuUHU= //this is email:api-key from jfrog encoded in base64 format
npmRegistryServer: "https://jfrog.company.server/artifactory/api/npm/npm/"
yarnPath: .yarn/releases/yarn-berry.cjs
i'm having issues with this.
i'm using Artifactory and a scoped registry (which has all been working with NPM)
if i use yarn npm login --scope my_registry with my username and password, the login is successful and a key is added to ~/.yarnrc.yml, however trying to pull any packages from that registry gives me a 403 error.
if i try the instructions from @DimitrK in #1039 (comment), then the login fails. I've tried both username and password, and every combination of API keys i can get from artifactory.
any ideas?
yarn version: 3.0.1
.yarnrc.yml
yarnPath: .yarn/releases/yarn-berry.cjs
nodeLinker: node-modules
npmAlwaysAuth: true
npmRegistryServer: "https://artifactory.my-company.com/artifactory/api/npm/registry-npmjs-org/"
npmScopes:
my-registry:
npmAlwaysAuth: true
npmPublishRegistry: "https://artifactory.my-company.com/artifactory/api/npm/my-registry/"
npmRegistryServer: "https://artifactory.my-company.com/artifactory/api/npm/my-registry/"Finally figured out what was happening. NPM expects the password to be base64 encoded. With yarn you either don't encode anything or encode the username:password combo.
My final config looks like this:
npmRegistries:
//service.jfrog.io/service/api/npm/npm-local/:
npmAlwaysAuth: true
npmAuthIdent: 'service-user:${JFROG_PASSWORD}'
npmScopes:
npmRegistryServer: 'https://service.jfrog.io/service/api/npm/npm-local'
Here is the ~/.yarnrc.yml what worked for me:
npmRegistryServer: "https://myserver.jfrog.io/artifactory/api/npm/my-npm-virtual/"
npmAuthToken: "********"
npmAlwaysAuth: true
nodeLinker: "node-modules" # optional
The above works both with scoped and non-scoped packages. Hope it helps.
