-
Notifications
You must be signed in to change notification settings - Fork 44
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FEATURE] npm authentication #77
Comments
Hello @evantahler There is a token option to authenticate the request (it take an npm access token). For CLI however i don't know. |
We ran into the same 404 issue after updating our dependencies and discovering newer supposedly semver-compliant pacote builds 404 and older builds do not. npm-registry-fetch 10.0.0 introduced breaking changes around auth scopes, and these breaking changes were brought over to pacote between 11.3.1 and 11.3.2.
We have hacked around it by changing eg.:
to
|
the scoped auth config is the solution here. it is not safe to pass the same auth token to every host. |
What / Why
We use
pacote
to check thelatest
tag version on NPM to let people know if they are running an old version of our packages (https://www.grouparoo.com/docs/support/upgrading-grouparoo#determining-if-there-are-updates). Everything works fine for public NPM packages, but we cannot check on private packages. It would be great if there was a way to use local or user-level NPM authentication tokens from.npmrc
files with pacote to check on these private packages.When
Every time the manifest for a private package is checked
Where
Both programmatically and on the CLI:
How
...
Current Behavior
404'd
Expected Behavior
Maybe something like this:
Who
Everyone!
References
nope.
The text was updated successfully, but these errors were encountered: