You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have the auth token for our private npm repo (artifactory) in a local .npmrc file. This ends out being necessary due to the permissions allowed in out CI environment.
Using 8.x pnpm dlx some-private-package would correctly use the auth token, with 9.x, auth breaks returning a 401.
ERR_PNPM_FETCH_401 GET https://<hostname>/artifactory/api/npm/npm/some-private-package: - 401
No authorization header was set for the request.
These authorization settings were found:
//registry.npmjs.org/:_authToken=npm_[hidden]
That //registry.npmjs.org/:_authToken=npm_[hidden] line comes from my global .npmrc file.
Note that it is loading the local .npmrc file since if I comment out the local registry setting, the error switches to:
ERR_PNPM_FETCH_404 GET https://registry.npmjs.org/some-private-package: Not Found - 404
Expected behavior
Auth settings in the local .npmrc file should have precedence over those in the global .npmrc file, as was the case in 8.x.
Actual behavior
see above.
Additional information
Note that this is reproducible on MacOS and Linux, haven't been able to test on Windows bit I assume it's the same.
Node.js version
20.11.1
Operating System
macOS
The text was updated successfully, but these errors were encountered:
If pnpm dlx will read the settings from the local .npmrc file, it will also read setting like hoist-pattern, node-linker, etc. These settings change how the packages are installed and can break the package that runs via dlx.
Well it's already loading the registry setting from the local file, so it seems appropriate to load the related registry settings (such as auth) from the same place. I think that there's a difference between where the file comes from, and how its installed.
And, prior to the adding the dlx cache support, this used to work, and other than using npx for this use case, I'm not sure how to fix our CI build using pnpm without this working again as I can't see any sort of supported work around.
We've experienced this issue also when trying to retrieve packages from a private Azure artifacts feed. For now we've had to specify the version of PNPM to 8.x in our pipelines to avoid this.
Last pnpm version that worked
8.10.0
pnpm version
9.0.5
Code to reproduce the issue
I have the auth token for our private npm repo (artifactory) in a local .npmrc file. This ends out being necessary due to the permissions allowed in out CI environment.
That file looks something like this:
Using 8.x
pnpm dlx some-private-package
would correctly use the auth token, with 9.x, auth breaks returning a 401.That
//registry.npmjs.org/:_authToken=npm_[hidden]
line comes from my global .npmrc file.Note that it is loading the local .npmrc file since if I comment out the local registry setting, the error switches to:
Expected behavior
Auth settings in the local .npmrc file should have precedence over those in the global .npmrc file, as was the case in 8.x.
Actual behavior
see above.
Additional information
Note that this is reproducible on MacOS and Linux, haven't been able to test on Windows bit I assume it's the same.
Node.js version
20.11.1
Operating System
macOS
The text was updated successfully, but these errors were encountered: