1. 技术文章
  2. Yarn can't authenticate with Github Packages - but npm can

Yarn can't authenticate with Github Packages - but npm can

南笙酒味 提交于 2021-01-21 11:20:24

问题


What do I need to do to configure yarn to authenticate with Github Packages?

I've got a hello-world npm package that I'm trying to publish privately to github. I want to be able to use yarn instead of npm, but for some reason yarn can't authenticate with the Github Package service:

error Couldn't publish package: "https://npm.pkg.github.com/@myuser/test-models: Your request could not be authenticated by the GitHub Packages service. Please ensure your access token is valid and has the appropriate scopes configured."

NPM doesn't have any trouble publishing though, so I'm assuming it's some difference in the way yarn processes the config info.

Verbose yarn publish:

$ yarn publish --verbose
yarn publish v1.10.1
verbose 0.257170891 Checking for configuration file "/Users/myuser/sites/test-models/.npmrc".
verbose 0.257665932 Found configuration file "/Users/myuser/sites/test-models/.npmrc".
verbose 0.258189892 Checking for configuration file "/Users/myuser/.npmrc".
verbose 0.258433341 Found configuration file "/Users/myuser/.npmrc".
verbose 0.258899667 Checking for configuration file "/usr/local/etc/npmrc".
verbose 0.259174747 Checking for configuration file "/Users/myuser/sites/test-models/.npmrc".
verbose 0.259487532 Found configuration file "/Users/myuser/sites/test-models/.npmrc".
verbose 0.260003161 Checking for configuration file "/Users/myuser/sites/.npmrc".
verbose 0.260246617 Checking for configuration file "/Users/myuser/.npmrc".
verbose 0.260455656 Found configuration file "/Users/myuser/.npmrc".
verbose 0.260965719 Checking for configuration file "/Users/.npmrc".
verbose 0.263449669 Checking for configuration file "/Users/myuser/sites/test-models/.yarnrc".
verbose 0.263757077 Checking for configuration file "/Users/myuser/.yarnrc".
verbose 0.264027657 Found configuration file "/Users/myuser/.yarnrc".
verbose 0.264629421 Checking for configuration file "/usr/local/etc/yarnrc".
verbose 0.264905752 Checking for configuration file "/Users/myuser/sites/test-models/.yarnrc".
verbose 0.265187834 Checking for configuration file "/Users/myuser/sites/.yarnrc".
verbose 0.265428211 Checking for configuration file "/Users/myuser/.yarnrc".
verbose 0.265682381 Found configuration file "/Users/myuser/.yarnrc".
verbose 0.26612276 Checking for configuration file "/Users/.yarnrc".
verbose 0.268430721 current time: 2020-07-15T16:04:57.727Z
[1/4] Bumping version...
info Current version: 0.0.3
question New version:
info Proceeding with current version: 0.0.3
[2/4] Logging in...
[3/4] Publishing...
verbose 3.449685972 Performing "PUT" request to "https://npm.pkg.github.com/@myuser/test-models".
verbose 3.757506429 Request "https://npm.pkg.github.com/@myuser/test-models" finished with status code 401.
verbose 3.760342835 Error: Couldn't publish package: "https://npm.pkg.github.com/@myuser/test-models: Your request could not be authenticated by the GitHub Packages service. Please ensure your access token is valid and has the appropriate scopes configured."
    at MessageError.ExtendableBuiltin (/usr/local/Cellar/yarn/1.10.1/libexec/lib/cli.js:243:66)
    at new MessageError (/usr/local/Cellar/yarn/1.10.1/libexec/lib/cli.js:272:123)
    at /usr/local/Cellar/yarn/1.10.1/libexec/lib/cli.js:80723:13
    at Generator.throw (<anonymous>)
    at step (/usr/local/Cellar/yarn/1.10.1/libexec/lib/cli.js:98:30)
    at /usr/local/Cellar/yarn/1.10.1/libexec/lib/cli.js:111:13
    at processTicksAndRejections (internal/process/task_queues.js:97:5)
error Couldn't publish package: "https://npm.pkg.github.com/@myuser/test-models: Your request could not be authenticated by the GitHub Packages service. Please ensure your access token is valid and has the appropriate scopes configured."
info Visit https://yarnpkg.com/en/docs/cli/publish for documentation about this command.

Yarn config:

$ yarn config list
yarn config v1.10.1
info yarn config
{
  'version-tag-prefix': 'v',
  'version-git-tag': true,
  'version-commit-hooks': true,
  'version-git-sign': false,
  'version-git-message': 'v%s',
  'init-version': '1.0.0',
  'init-license': 'MIT',
  'save-prefix': '^',
  'bin-links': true,
  'ignore-scripts': false,
  'ignore-optional': false,
  registry: 'https://registry.yarnpkg.com',
  'strict-ssl': true,
  'user-agent': 'yarn/1.10.1 npm/? node/v13.11.0 darwin x64',
  lastUpdateCheck: 1594760187916
}
info npm config
{
  '//registry.npmjs.org/:_authToken': '<auth_token1_here>',
  '@myuser:registry': 'https://npm.pkg.github.com',
  '//npm.pkg.github.com/:_authToken': '<auth_token2_here>',
  python: '/usr/bin/python'
}
✨  Done in 0.11s.

All my config files:

$ cat /Users/myuser/.npmrc
//registry.npmjs.org/:_authToken=[my-npm-token]

$ cat /Users/myuser/sites/test-models/.npmrc
@myuser:registry=https://npm.pkg.github.com
//npm.pkg.github.com/:_authToken=[my-github-token]

$ cat /Users/myuser/.npmrc
//registry.npmjs.org/:_authToken=[my-npm-token]

$ cat /Users/myuser/.yarnrc
# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1


lastUpdateCheck 1594760187916

回答1:


For npm.pkg.github.com/:_authToken, you could try and use the third type of token which is just released yesterday (Oct. 2nd, 2020):

npm automation tokens

npm is introducing a new setting for access tokens to support publishing to the npm registry from CI/CD workflows.

Previously, you could create an access token with one of two settings: read-only, and publish.
A publish token allows you to publish packages, like the name implies, but if you have two-factor authentication (2FA) enabled on your account, you'll be prompted for your one-time passcode.

We recommend that people set up 2FA on their account for added security, but requiring a passcode means that all publishing must be done interactively. Many people want to automate their publish step with a CI/CD workflow.

Today, we've added a third option for access tokens: automation. You can create an automation token in your access token settings page.

Using an automation token will not prompt for a one-time passcode, meaning that you can use it as a secret in your publish workflow. Now you can publish a package directly to the npm registry when you cut a release.

If you're a package maintainer, and you want to require that publishers to your package continue to use two-factor authentication and publish interactively, you can do that in the package settings.
If you already required 2FA, there's no change to this behavior; automation tokens won't be accepted unless you allow them to be.

If you've been waiting to enable two-factor authentication on your npm account because it prevented you from publishing in an automated workflow, you can now set up an automation token and enable 2FA.



来源:https://stackoverflow.com/questions/62919391/yarn-cant-authenticate-with-github-packages-but-npm-can

标签
npm
yarnpkg
github-package-registry
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!