Private npm package; unable to install in yarn 1.0.1

[ryanpatrickcook]

I'm unable to yarn install when using a private npm package using yarn 1.0.1 when working in previous versions.

yarn install v1.0.1
[1/5] Validating package.json...
[2/5] Resolving packages...
⠁ [3/5] Fetching packages...
error An unexpected error occurred: “...: Request failed \“404 Not Found\“”.
info If you think this is a bug, please open a bug report with the information provided in “yarn-error.log”.
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.

yarn install returned exit code 1

Action failed: yarn install

auth token in .npmrc file
Ubuntu 14.04.4 LTS
node: v4.2.6
yarn: 1.0.1

Mac 10.11.6
node: v6.9.4
yarn: 1.0.1

yarn-error.txt

[BYK]

You may just need to reauthenticate in npm or your registry. Can you try that?

[kevinold]

I'm seeing this issue as well against a private npm modules I have.

[dehbmarques]

I just had the same issue and managed to fix by setting the npm registry in the yarn config and recreating the yarn.lock file.

$ yarn config set registry https://registry.npmjs.org
$ rm yarn.lock
$ yarn

[evert]

We're also seeing an issue that yarn no longer seems to handle reading .npmrc correctly, after installing 1.0.1.

npm whoami correctly reports evrt, but installing private packages with 1.0.1 show a 404 Not Found error. Yesterday's yarn did not have this issue.

[ohana54]

Could be related to #4339?

[narkeeso]

I'm only running into this issue when running yarn inside a docker container using Ubuntu 16. I'm not able to reproduce this issue on OSX 10.12 (with or without yarn.lock).

If I remove the yarn.lock file when building my docker image, I'm able to successfully resolve private packages. That probably explains why @dehbmarques solution works, setting the registry is not actually the workaround, however removing the yarn.lock is the temporary workaround.

Can anyone else confirm if you're having issues on Ubuntu as well?

[shousper]

Same issue here, been waiting a long time to upgrade from 0.24.x, but the same issue remains.
Regardless of registry setting for npmjs.org or yarnpkg.com the problem is the same.
I have tried swapping the registry domain in our yarn.lock file, toggling my registry setting back and forth, as well as clearing my local yarn cache before each attempt.
The only way we can proceed forward with versions > 0.24.x is to delete the yarn.lock file and re-run yarn, thus forcing upgrades to all dependencies. (which is seeming like the only solution at this point 😞 )

In any scenario, if I roll back to 0.24.x and run yarn install, no matter what, it works flawlessly.

[aiham]

Just recreating the yarn.lock file was sufficient for me, no need to change the registry config.

[narkeeso]

@aiham I am able to recreate the yarn.lock file successfully but any following install using the lock file fail. Having to recreate the lock file every time defeats the purpose.

[BYK]

This should be resolved by #4350 and/or #4347 IMO. Can anyone confirm?

[aiham]

@narkeeso I only had to recreate it once.

[aiham]

Based on the PRs @BYK has posted, I probably fixed this for myself when I reverted my registry config to the default value: yarn config delete registry

[maroy1986]

Same issue here. Using a private NPM registry. It couldn't find any packages with yarn 1.0.1. If I roll back to 0.28.4, everything starts working again.

My private repo is configured in the .npmrc file and is using basic auth. If I do yarn config list I see it picks it up but doesn't seem to care about it.

[BYK]

Okay, let's wait until these are merged and we release 1.0.2 or at least have a nightly with both fixes. Anyone up for testing if these fix the issue?

[maroy1986]

@BYK I can, just poke me when it's available!

[BYK]

@maroy1986, thanks! Here you go https://yarnpkg.com/en/docs/nightly

[shousper]

@BYK No luck for me on the 1.0.1-20170910.2124 nightly. I've just realised I'm getting a slightly different error to the OP, but still a 404:

error An unexpected error occurred: "https://registry.yarnpkg.com/@ftr/bus-messages/-/bus-messages-1.0.0.tgz: Request failed \"404 Not Found\"".

I'm going to drop a comment on #3622 as well.

[juriwiens]

Adding a trailing slash like described in #4339 works for me

[perlun]

• yarn install to regenerate the lockfile did not help for me; yarn install still failed on Travis where it used the new version of yarn
• Tried with this nightly on Travis, which still didn't help:

$ yarn install v1.0.1-20170911.0332

This is on Travis. The way we set up the private NPM tokens are like this:

echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > ~/.npmrc`
echo "//registry.npmjs.org/:_authToken=\${NPM_TOKEN}" > .npmrc

Has the format of this changed somehow?

I upgraded local yarn to 1.0.1, then wiped the node_modules folder and yarn cache locally, which made it possible to reproduce the problem there also.

I looked at #4339, but I don't set up a .yarnrc in Travis at the moment so I don't know how I would tweak it. Will wait to see if #4350 solves this anyway, pinning down yarn to 0.27.5 for now.

[maroy1986]

@BYK Just tried it and the nightly build works for me!

[BYK]

@maroy1986 yay!

[BYK]

@perlun - the version you've tried seems to be the latest nightly, which should include #4350. Can you provide more info about the failure you're seeing so we can investigate and hopefully fix it before 1.0.2?

[BYK]

@ryanpatrickcook can you give the latest nightly a try to see if it fixes your issue?

[maroy1986]

@BYK Well apparently I've talked too fast :

Log :

Trace: 
  Error: https://[SENSORED]/npm/npm/g/-/g-2.0.1.tgz: Request failed "401 Unauthorized"
      at Request.<anonymous> (C:\Program Files (x86)\Yarn\lib\cli.js:57662:26)
      at emitOne (events.js:115:13)
      at Request.emit (events.js:210:7)
      at Request.module.exports.Request.onRequestResponse (C:\Program Files (x86)\Yarn\lib\cli.js:118210:10)
      at emitOne (events.js:115:13)
      at ClientRequest.emit (events.js:210:7)
      at HTTPParser.parserOnIncomingClient (_http_client.js:565:21)
      at HTTPParser.parserOnHeadersComplete (_http_common.js:116:23)
      at TLSSocket.socketOnData (_http_client.js:454:20)
      at emitOne (events.js:115:13)

Going back to prior 1.0.0 version make it works again... At least the error isn't the same!

[BYK]

@maroy1986 this says unauthorized and the package doesn't seem to be scoped so may be you actually need always-auth true?

[maroy1986]

@BYK You're right, that was it. I also found that I can now remove my basic auth line in my .npmrc and leave the token base auth only, which wasn't working before, that's good news and way more secure than having my private repo password unencrypted in my .npmrc file! Waiting for 1.0.2 release to update my builder docker image to Yarn 1.x ! 🚀

[mribichich]

I can confirm that it works again with v1.0.1-20170911.1702

[rolandjitsu]

When can we expect a release? Or can I install nightly using the installation script?

Oops, realized I can run curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --nightly 😄

[kaylie-alexa]

@rolandjitsu you can install nightlies here https://yarnpkg.com/en/docs/nightly

[rolandjitsu]

@kaylieEB thanks, just found that flag in the bash script.

[BYK]

When can we expect a release? Or can I install nightly using the installation script?

Yeah, a release is very soon.

[perlun]

See also #4451

[voxmatt]

FWIW, I simply had to delete the lock file. Googling for a failure to yarn install private repos gets you here, and I suspect many people will have the same issue I just had:

Steps to Repo:

• new computer (or maybe simply a recent change in .npmrc credentials?)
• cloned a repo with a yarn.lock file
• yarn install fails on private npm repo

Steps to fix:

• rm yarn.lock
• yarn install

[huw]

If your package is hosted privately on npmjs.org, removing the line @scope:registry=https://registry.npmjs.org/ frpm .npmrc worked for us — presumably this is due to issues with yarnpkg being a CDN for npmjs.org

[w-]

on yarn 1.3.2 and still getting this error.
i did this
#4335 (comment)

$ yarn config set registry https://registry.npmjs.org
$ rm yarn.lock
$ yarn

in order to resolve it

---

Update:

After cleaning cache and attempting #4335 (comment)

removing the line @scope:registry=https://registry.npmjs.org/ frpm .npmrc

also worked.

[BryanYang]

@huw this work for me. I can't add private package by yarn, then I try to delete this line in my .npmrc:

//registry.npmjs.org/:_authToken=0dbd7f05-1542-4546-beb8-9989a1e63255
# I annotate the line below. then it work.
# registry=http://registry.npmjs.org

thanks for your remind.