package.json scripts run with `yarn run` fail to auth with npm
mcous opened this issue ยท 8 comments
Do you want to request a feature or report a bug?
bug
What is the current behavior?
package.json scripts run with yarn run
fail to auth with npm
If the current behavior is a bug, please provide the steps to reproduce.
https://gist.github.com/mcous/0c62847401ed2dc5e230f38746f0c267
- Ensure you have a valid authToken in
.npmrc
- Create a package.json script
"who": "npm whoami"
npm run who
will workyarn run who
will fail withENEEDAUTH
- Workaround:
yarn config set registry https://registry.npmjs.org
- Related to #4451?
- Workaround:
What is the expected behavior?
package.json
scripts should not fail to auth with npm
if .npmrc
is set up correctly
Please mention your node.js, yarn and operating system version.
- macOS 10.12.6
- node v8.11.0
- npm v5.8.0
- yarn v1.6.0
I believe Yarn doesn't use your local npm directly. It creates an auth token which it passes to its own npm instance to auth itself for commands. E.g. I believe it does run same npm, however it rewrites config when running lifecycle scripts which affects npm.yarn publish
.
(Someone from yarn team feel free to explain more correctly ๐ )
If you need to run npm commands in yarn scripts that require auth, try logging in! ๐
Run yarn login
on cli, you'll be prompted for your npm username & email.
@jamsinclair I just tried this out, and it worked! That being said, I'm a little confused as to why. If I run a yarn script that calls the npm
"executable" directly, why does anything about my ~/.yarnrc
(it's my understanding that running yarn login
simply writes my npm
username and email to that file) have anything to do with how the npm
executable functions as a child process?
In my instance, I ran into this because I publish from CI. Running yarn login
before running scripts on CI is not an option. In my case I just use npm run
instead.
Great question! I'm just as unsure. I encountered this problem as well on CI for one of my projects.
Hopefully a Yarn team member can chime in whether this is a bug or intentional behaviour ๐ค
This is still an issue for people (see sindresorhus/np#416), and so it would be great if someone could look into this.
Ran into this issue as well - when using yarn run
to execute a script that in turn invokes npm install
, npm
is unable to install a private package.
I found another workaround is to add npm_config_registry=https://registry.npmjs.org
to the script command in package.json
. For example:
{
"scripts": {
"who": "npm_config_registry=https://registry.npmjs.org npm whoami"
}
}
+1 seeing the same issue. I am trying to invoke publish script from package.json which in turn calls Yarn to publish package to a private registry. Workaround does not really help in this case.
Workaround from another issue: #4475 (comment)
Closing as in v2 we completely stopped reading .npmrc
files.