pnpm dlx ignores auth in local .npmrc file #7996
Comments
|
If |
|
Well it's already loading the registry setting from the local file, so it seems appropriate to load the related registry settings (such as auth) from the same place. I think that there's a difference between where the file comes from, and how its installed. And, prior to the adding the dlx cache support, this used to work, and other than using npx for this use case, I'm not sure how to fix our CI build using pnpm without this working again as I can't see any sort of supported work around. |
|
We've experienced this issue also when trying to retrieve packages from a private Azure artifacts feed. For now we've had to specify the version of PNPM to 8.x in our pipelines to avoid this. |
Last pnpm version that worked
8.10.0
pnpm version
9.0.5
Code to reproduce the issue
I have the auth token for our private npm repo (artifactory) in a local .npmrc file. This ends out being necessary due to the permissions allowed in out CI environment.
That file looks something like this:
Using 8.x
pnpm dlx some-private-packagewould correctly use the auth token, with 9.x, auth breaks returning a 401.That
//registry.npmjs.org/:_authToken=npm_[hidden]line comes from my global .npmrc file.Note that it is loading the local .npmrc file since if I comment out the local registry setting, the error switches to:
Expected behavior
Auth settings in the local .npmrc file should have precedence over those in the global .npmrc file, as was the case in 8.x.
Actual behavior
see above.
Additional information
Note that this is reproducible on MacOS and Linux, haven't been able to test on Windows bit I assume it's the same.
Node.js version
20.11.1
Operating System
macOS
The text was updated successfully, but these errors were encountered: