Read config from ~/.yarnrc

[otaku]

Given the following:

yarn config set @scope:registry https://registry.npmjs.org/
yarn config set //registry.npmjs.org/:_authToken xxxx-xxxx-xxxx-xxxx-xxxxxxxxx

I expect to be able to be able to access the private packages on the registry.

I believe this relates to #3932 as well as a few others.

Explanation: YarnRegistry extends NpmRegistry however NpmRegistry.getScopedOption does not try to read from YarnRegistry.config so it is unable to find //registry.npmjs.org/:_authToken resulting in errors.

[otaku]

YarnRegistry.getScopedOption does not exist.

[BYK]

@arcanis @rally25rs @imsnif can you take a look?

@otaku thanks a lot for the fix! Do you think you can add tests for the fix?

[imsnif]

Hey @otaku - thanks a lot for this patch! I left one comment. To elaborate: if I understand correctly, we could achieve the same effect by implementing YarnRegistry.getScopedOption and leaving the registry assignment in the for loop as is. Or am I missing something? What do you think?
Also, a test case for this would definitely be great.

Other than that, looks like an important fix. I feel like I've encountered this issue in the past and had to dance around it without looking too much into it. :)
Would be happy to merge. Good find!

[imsnif]

Do you think it will be possible to swap this for an implementation of YarnRegistry.getScopedOption?

[otaku]

I believe that would turn into endless recursion.

NpmRegistry.getScopedOption would loop through all registries looking for getScopedOption and call it, however if it doesn't exist in that registry, it in turn would do the same thing. It could be possible by passing optional arguments to not recurse... but I don't know if that's worth the complexity.

[imsnif]

Sorry, I'll clarify my meaning. How aboutif we implement YarnRegistry.getScopedOption as something like:

  getScopedOption(scope: string, option: string): mixed {
    return this.getOption(scope + (scope ? ':' : '') + option);
}

[otaku]

YarnRegistry is an extension of NpmRegistry so getScopedOption is the same function as this one.

I could look into moving all the logic into BaseRegistry and remove them from both YarnRegistry and NpmRegistry if that's the desired goal?

[imsnif]

I think we can start by adding a test for this and then playing around to see what works best. It'll be much easier that way. Makes sense?

[otaku]

I've added a simple test case against two scoped registries. Let me know if there's any more changes needed. I originally attempted to modify all test cases to run with YarnRegistry but that quickly became a headache.

I don't understand in which scenarios https://registry.yarnpkg.com should receive the NPM authentication token; or why registry.yarnpkg.com is even receiving authTokens for registry.npmjs.org. I believe it was introduced in #5216

All the test cases appear to be for NpmRegistry and none exist for YarnRegistry

[otaku]

Alternatively, instead of YarnRegistry checking NpmRegistry and NpmRegistry checking YarnRegistry.

I've modified BaseRegistry.getOption to include an optional argument boolean searchRegistries with a default value of true which will search other registries for the same key. The searchRegistries argument so other registries may call super.getOption. I've also moved the npmMap and turned into aliases in BaseRegistry.

This is a slightly cleaner implementation as it moves everything into BaseRegistry.

Tests are passing as well. Check it out here: otaku/yarn@master...otaku:registry-fix2

Let me know if I should merge these changes into this PR.

---

Also, to attempt to answer your first question / concern:

yarn/src/fetchers/tarball-fetcher.js

Line 151 in ec8cea0

const registry = this.config.registries[this.registry];

registry is set to npm. It directly calls NpmRegistry.request bypassing YarnRegistry entirely. It never actually tries to get the configuration option from YarnRegistry config anywhere.

[imsnif]

Hey @otaku - first: thanks for all the rapid work on this!

I reverted your src changes locally and the new test-case you added still passes. A brief look tells me maybe it needs to be adjusted a little? Feel like taking a look?
Once we have a test that consistently fails without the changes and passes with them, it'll be significantly easier to decide where these changes should live (base, YarnRegistry, NpmRegistry, etc.)

As for tests - there indeed don't seem to be unit tests for YarnRegistry. While it is tested in the integration tests (and also in some other tests), I agree that it's Not Good(tm). iirc we plan on merging the two paths soon, so that will solve this particular issue.

[arcanis]

Just want to mention that the BaseRegistry / YarnRegistry / NpmRegistry classes are a nonsense that we want to eventually merge into a single implementation. Just make sure that any change you make there won't make this more difficult 🙂

[otaku]

Fixed the test case. I had it running against YarnRegistry instead of NpmRegistry. Given that you're moving to a single implementation, I went ahead and merged my other changes in.

[imsnif]

@otaku - let me know if you want a hand fixing those tests.

[otaku]

All good to go now! The recursive getOption broke everything.

[imsnif]

Hey @otaku - thanks again for your work on this.

The issue I find with this implementation (and please correct me if I missed something) is that it causes .yarnrc and .npmrc to be merged in a rather confusing way. Essentially, if I have a config key in one of them, it will be used.
Sometimes (like in the case of the registry here) .npmrc will take precedence, and at other times .yarnrc will take precedence (I think in most if not all other cases).
It's confusing to us maintainers and thus it will certainly be confusing for users.
I tried to find an easy way to fix this (starting out in my initial comments about implementing getScopedOption in the YarnRegistry), but I think it does not make sense the way things are in the registries right now.

I feel it would be much better, maintainability-wise and usability-wise to wait for the bigger refactor @arcanis talked about above. Where we can decide how the two config files are merged exactly and write it out explicitly. Barring that, I think a temporary solution that would simplify rather than add complexity is addressing this issue: #3683
Doing that would also bring us a step closer to merging these three classes. If you'd want to go in that direction and implement it yourself, I'd be happy to review and merge that in a separate PR. What do you think? Makes sense?

[otaku]

@imsnif You're not wrong. It's actually confusing even trying to follow the code. Currently, you have resolvers which figures out which registry to read from. Given the registry that it choice, the following occurs:

Currently in master:

• NPMRegistry
  • .npmrc
• YarnRegistry:
  • .yarnrc
  • aliases from .npmrc
  • .npmrc
  • defaults (an object)

This PR:

• NPMRegistry
  • .npmrc
  • .yarnrc
  • Aliases, following above order
• YarnRegistry:
  • .yarnrc
  • .npmrc
  • Aliases, following above order
  • defaults (an object)

This is the temporary solution that I came up with for now, otherwise I could change this PR into a larger refactor of one registry with multiple configuration sources.

If you'd like a PR for the larger refactor I need a few answers:

• How does yarnpkg.com registry work?
• When should yarnpkg.com receive registry.npmjs.org tokens?
• Why not use config settings to set a registry for certain packages so that it will directly use registry.npmjs.org and not have to pass tokens to yarnpkg.com? (assuming yarnpkg.com is a proxy)
• What's the actual priority of config files?
• How should the configuration be merged together?

[imsnif]

Hey @otaku - great! So, let's get things rolling.

Since we're changing the behaviour of the config files (what we call fixing a bug might be called "creating a bug" by someone else) - I wouldn't want to do it more than we absolutely have to. So ideally, I'd want to do it just once.

I think the desired precedence for config files is:

1. .yarnrc
2. .npmrc
3. defaults*

IMO, this can be achieved as mentioned here: #3683 by extracting the loadConfig method into the BaseRegistry and placing all that logic there (not in one function ofc - but you get my drift :) ). Then all registries will have the same config and this problem will go away. Also, we'll be much closer to merging these classes.
What do you think?

*I'm ignoring the aliases right now for simplicity.

[imsnif]

Do note that if we go this way, I think we'll need to add quite a lot of new test cases that will articulate this behaviour - because as far as I saw this is hardly tested right now.

[imsnif]

Hey, @otaku - do you feel like picking this up?

[otaku]

I currently do not have time due to work @imsnif

[imsnif]

Thanks for your work and effort up until now @otaku!

[tregusti]

Was this added/fixed in some other PR? I would like to use it =)

[jonaskello]

This would be useful to me too, was it ever merged?

[codepunkt]

Same here. I find the combination of NPMRegistry and YarnRegistry and their handling of .npmrc/.yarnrc a major source of confusion. Either document the exact behavior, including a description of the methods using .npmrc information and those using .yarnrc information, or do something along the lines of this pull request.

It's literally impossible to configure yarn to talk to an internal private registry (including authentication and over SSL) simply by reading the docs. I have no clue what information goes where, all i know is that information configured in .yarnrc is not read in cases where it should be in order to work.

I cannot possibly know which of these configuration tidbits (registry, _auth, strict-ssl, always-auth and more) has to be in which configuration file. Factor in a mix of local (project) and global (user dir) configuration and i'm basically screwed.

Help.

/cc @imsnif @arcanis

[arcanis]

The system is completely overhauled in the v2. Yarn will only read .yarnrc files, and the configuration settings can be queried via yarn config -v for an easier discoverability. Contributions welcome to move faster towards a release!