astro add does not respect scoped registry configurations

[diesieben07]

Astro Info

Astro                    v4.5.18
Node                     v20.11.1
System                   Linux (x64)
Package Manager          npm
Output                   hybrid
Adapter                  none
Integrations             @astrojs/preact

If this issue only occurs in one browser, which browser is a problem?

No response

Describe the Bug

astro add does not work if the package being added is in a custom registry and that custom registry is configured for the package's scope only. Astro ignores the custom registry and reports that the package does not exist.

What's the expected result?

astro add will query the NPM config for the registry using npm config get registry.
When a scoped package is being added, such as @example/astro-integration this is incorrect, as it ignores any registry that is configured for that scope only. Instead in case of a scoped package Astro should first query npm config get @example:registry and only if that returns undefined fall back to npm config get registry.

Link to Minimal Reproducible Example

n/a

Participation

• I am willing to submit a pull request for this issue.

[matthewp]

PR welcome here.

[diesieben07]

In looking into this further, I noticed that astro add will use plain fetch requests to talk to the registry. This will fail in case of a private registry.

I will work on a PR that replaces this with npm show commands if possible. These will automatically respect the NPM config anyways, so there would not be a need to parse it.

[rishi-raj-jain]

@diesieben07

If possible, can you share an example of what happens right now and what's the expected behaviour. I'm trying to understand this better in a given use case.

[diesieben07]

We have a private NPM registry that requires authentication. We are hosting an Astro Integration in it and want to enable using it with astro add. NPM is configured to use our private registry for our package scope using .npmrc.

When doing astro add @example/our-integration the Astro CLI will attempt to fetch information about this package from the NPM registry. It does not take the scope configuration (or authentication info for that matter) configured in .npmrc into account. Thus it attempts to use the normal NPM registry instead of our private one. This obviously fails, because the package does not exist there and astro add then fails, reporting the package to not exist.

I did some experiments in trying to make this work. The part about using a separate registry for the scope is trivial (just run npm config get @example:registry first). But authentication info is much less trivial, because the NPM CLI refuses to output it on the command line, so astro add would have to analyze the config file itself, which is more complex than you might think.

[rishi-raj-jain]

@diesieben07

Appreciate the prompt and detailed response. I totally understand it now.

I'll have to try it out myself by creating my own private package and then try raising a PR.