package.json scripts run with `yarn run` fail to auth with npm

Question

package.json scripts run with `yarn run` fail to auth with npm

mcous opened this issue 6 years ago · 8 comments

mcous commented 6 years ago

Do you want to request a feature or report a bug?
bug

What is the current behavior?
package.json scripts run with yarn run fail to auth with npm

If the current behavior is a bug, please provide the steps to reproduce.

https://gist.github.com/mcous/0c62847401ed2dc5e230f38746f0c267

Ensure you have a valid authToken in .npmrc
Create a package.json script "who": "npm whoami"
npm run who will work
yarn run who will fail with ENEEDAUTH
- Workaround: yarn config set registry https://registry.npmjs.org
- Related to #4451?

What is the expected behavior?

package.json scripts should not fail to auth with npm if .npmrc is set up correctly

Please mention your node.js, yarn and operating system version.

macOS 10.12.6
node v8.11.0
npm v5.8.0
yarn v1.6.0

Answer 1 · 2018-07-23T02:58:01.000Z

~~I believe Yarn doesn't use your local npm directly. It creates an auth token which it passes to its own npm instance to auth itself for commands. E.g. yarn publish.~~ I believe it does run same npm, however it rewrites config when running lifecycle scripts which affects npm.

(Someone from yarn team feel free to explain more correctly 😅 )

If you need to run npm commands in yarn scripts that require auth, try logging in! 😄
Run yarn login on cli, you'll be prompted for your npm username & email.

Answer 2 · 2018-07-23T03:23:30.000Z

@jamsinclair I just tried this out, and it worked! That being said, I'm a little confused as to why. If I run a yarn script that calls the npm "executable" directly, why does anything about my ~/.yarnrc (it's my understanding that running yarn login simply writes my npm username and email to that file) have anything to do with how the npm executable functions as a child process?

In my instance, I ran into this because I publish from CI. Running yarn login before running scripts on CI is not an option. In my case I just use npm run instead.

Answer 3 · 2018-07-23T05:05:00.000Z

Great question! I'm just as unsure. I encountered this problem as well on CI for one of my projects.

Hopefully a Yarn team member can chime in whether this is a bug or intentional behaviour 🤞

Answer 4 · 2019-07-07T16:01:31.000Z

This is still an issue for people (see sindresorhus/np#416), and so it would be great if someone could look into this.

Answer 5 · 2019-08-29T17:56:44.000Z

Ran into this issue as well - when using yarn run to execute a script that in turn invokes npm install, npm is unable to install a private package.

I found another workaround is to add npm_config_registry=https://registry.npmjs.org to the script command in package.json. For example:

{
    "scripts": {
        "who": "npm_config_registry=https://registry.npmjs.org npm whoami"
    }
}

Answer 6 · 2020-04-03T22:03:03.000Z

+1 seeing the same issue. I am trying to invoke publish script from package.json which in turn calls Yarn to publish package to a private registry. Workaround does not really help in this case.

Answer 7 · 2021-08-20T21:56:25.000Z

Workaround from another issue: #4475 (comment)

Answer 8 · 2021-08-22T19:58:27.000Z

Closing as in v2 we completely stopped reading .npmrc files.

https://yarnpkg.com/getting-started/migration