问题
This question is related to these. But none of the solutions worked for me.
- Yarn can't find private Github npm registry
- Installing private package from Github Package registry fails with not found/not authorized
I can install a package without issues with npm install @scope/package
however I cannot do the same with yarn: yarn add @scope/package
yarn throws the following error:
An unexpected error occurred: "https://npm.pkg.github.com/download/@scope/package/1.2.8/089b08cffb16074c210ec3a59b04de268ae1c7b3a0492dce110adee3ada05bdd: Request failed \"401 Unauthorized\"".
my .npmrc file looks like this: (tried with and without below .yarnrc)
registry=https://registry.npmjs.org/
//npm.pkg.github.com/:_authToken=MY_AUTHTOKEN
@scope:registry=https://npm.pkg.github.com/
I have tried adding this .yarnrc file:
registry "https://registry.npmjs.org"
"@scope:registry" "https://npm.pkg.github.com"
(without .yarnrc) I've tried this .npmrc file
registry=https://registry.yarnpkg.com/
@scope:registry=https://npm.pkg.github.com
//npm.pkg.github.com/:_authToken=MY_AUTHTOKEN
always-auth=true
Where MY_AUTHTOKEN
is my Personal Access Token
I've generated from Github. (it has access to everything in packages)
I have tried to:
- remove yarn.lock
- remove .yarnrc
- login with
npm login
using my PAT as the password - logout of npm and removing global .npmrc and .yarnrc
- logging in with
yarn login
In case of any confusion I'm not actually trying @scope and /package but my actual scope and package name.
I do have access to the scope and package on Github.
and again my first setup works just fine with npm. But I cannot get this working with yarn, and cannot find any valid existing solution on SO.
回答1:
The following worked for me in .npmrc
@mvce-superstars:registry=https://npm.pkg.github.com
Using yarn v2, the following worked for me in .yarnrc.yml
:
npmScopes:
"mvce-superstars":
npmAlwaysAuth: true
npmRegistryServer: "https://npm.pkg.github.com"
Firstly, note the lowercase scope name. This is supposed to be the name of the owner of the repository (MVCE-Superstars) where the package was published, but the name has to be all lower-cased.
The setup
Publishing
- I created a private copy of this hello-world repository.
- I copied over the above
.npmrc
OR.yarnrc.yml
file into the repoository. - Next I logged in using the
npm login --registry=https://npm.pkg.github.com/
ORyarn npm login --scope=mvce-superstars
command - I entered my github user name, and my token (with scopes
read:package
,write:package
, andrepo
) - Finally, I pushed the package to my private repo using
npm publish
ORyarn npm publish
Output
npm notice
npm notice 📦 @mvce-superstars/hello-world-npm@1.1.1
npm notice === Tarball Contents ===
npm notice 16.3kB example.gif
npm notice 89B bin.js
npm notice 175B lib/index.js
npm notice 734B package.json
npm notice 2.0kB yarn-error.log
npm notice 570B Readme.md
npm notice 167B init.sh
npm notice === Tarball Details ===
npm notice name: @mvce-superstars/hello-world-npm
npm notice version: 1.1.1
npm notice package size: 14.3 kB
npm notice unpacked size: 20.0 kB
npm notice shasum: 5379c8030fa9c5f57e5baef67f2a8a784ce93361
npm notice integrity: sha512-FAI/Wuy4gHW8C[...]FINQeIlZ+HDdg==
npm notice total files: 7
npm notice
+ @mvce-superstars/hello-world-npm@1.1.1
Downloading
- I create a new npm project using
npm init
(use-hello-world-npm
) - I copy the above
.npmrc
to the root of the folder - Next I logout of npm (
npm logout --registry=https://npm.pkg.github.com/
) and log back in (npm login --registry=https://npm.pkg.github.com/
), just to be sure - Finally, I run
yarn
and like it was supposed to, it worked!
Output
yarn install v1.22.4
info No lockfile found.
[1/4] Resolving packages...
[2/4] Fetching packages...
[3/4] Linking dependencies...
[4/4] Building fresh packages...
success Saved lockfile.
Done in 0.55s.
yarn v2
➤ YN0000: ┌ Resolution step
➤ YN0014: │ @mvce-superstars/hello-world-npm@npm:^1.1.1: Only some patterns can be imported from legacy lockfiles (not "https://npm.pkg.github.com/download/@mvce-superstars/hello-world-npm/1.1.1/426126f89734c2c76bfac0342c1de9c95ad003b6e905a7b9f9f745892c86da7a#5379c8030fa9c5f57e5baef67f2a8a784ce93361")
➤ YN0000: └ Completed in 0.55s
➤ YN0000: ┌ Fetch step
➤ YN0013: │ @mvce-superstars/hello-world-npm@npm:1.1.1::__archiveUrl=https%3A%2F%2Fnpm.pkg.github.com%2Fdownload%2F%40mvce-superstars%2Fhello-world-npm%2F1.1.1%2F426126f89734c2c76bfac0342c1de9c95ad003b6e905a7b9f9f745892c86da7a can't be found in the cache and will be fetched from the remote server
➤ YN0000: └ Completed in 1.3s
➤ YN0000: ┌ Link step
➤ YN0031: │ One or more node_modules have been detected and will be removed. This operation may take some time.
➤ YN0000: └ Completed
➤ YN0000: Done with warnings in 1.87s
Contents of folder after yarn
.
├── node_modules
│ └── @mvce-superstars
├── package.json
└── yarn.lock
And for good measure, I remove it (yarn remove @mvce-superstars/hello-world-npm
):
yarn remove v1.22.4
[1/2] Removing module @mvce-superstars/hello-world-npm...
[2/2] Regenerating lockfile and installing missing dependencies...
success Uninstalled packages.
Done in 0.06s.
and add it again (yarn add @mvce-superstars/hello-world-npm
):
yarn add v1.22.4
[1/4] Resolving packages...
[2/4] Fetching packages...
[3/4] Linking dependencies...
[4/4] Building fresh packages...
success Saved lockfile.
success Saved 1 new dependency.
info Direct dependencies
└─ @mvce-superstars/hello-world-npm@1.1.1
info All dependencies
└─ @mvce-superstars/hello-world-npm@1.1.1
Done in 1.08s.
The repository is located here, so if you want to see for yourself that it worked just the way I explained it, comment below with your username on github and I will send you an invite.
Sources:
- https://help.github.com/en/packages/using-github-packages-with-your-projects-ecosystem/configuring-npm-for-use-with-github-packages
- https://gemfury.com/help/private-yarn/
- https://github.com/yarnpkg/yarn/issues/4451
回答2:
You need only to use .npmrc in the root of your project with this content:
//npm.pkg.github.com/:_authToken=GITHUB_PERSONAL_TOKEN
@OWNER:registry=https://npm.pkg.github.com
Keep in mind that GITHUB_PERSONAL_TOKEN needs read:packages scope permissions in order to read the packages from your private repo.
来源:https://stackoverflow.com/questions/61738819/installing-private-package-from-github-package-registry-using-yarn-fails-with-no