Expired licenses cause "npm Install" to abort with an ERR rather than WARN.

[walkerworks]

Describe the bug Related to the issue of #17178 - When font-awesome pro licenses expire - the pro packages are no longer available. This makes sense, however, the authentication error doesn't gracefully fail the font-awesome package install and allow subsequent (non font-awesome) packages to be installed. It throws an ERR. This means that unless the font-awesome subscriber renews their license or completely removes the font-awesome pro packages - the subscriber's entire application is hosed.

To Reproduce Create any JavaScript framework application that utilizes external NPM packages in addition to some pro font-awesome packages. Remove or break your .npmrc file containing your font-awesome authentication. Clean your node_modules directory then run "NPM Install" - The package installations will get to the font-awesome package - crash on the authentication error - and fail to install the remaining required NPM packages. This makes it impossible to compile your application simply because your font-awesome license is expired.

Expected behavior The license failure should issue a WARN with a more descriptive explanation of the font-awesome problem and NOT crash the NPM installation.

Version and implementation Version: 15.12.2 was the last pro packages I had access to Browser and version:

• [ ] SVG with JS
• [ ] Web Fonts with CSS
• [ ] SVG Sprites
• [ ] On the Desktop

Bug report checklist

• [x ] I have filled out as much of the above information as I can
• [ ] I have included a test case because my odds go way up that the team can fix this when I do
• [x ] I have searched for existing issues and to the best of my knowledge this is not a duplicate

[tagliala]

Hi!

Thanks for being part of the Font Awesome Community and thanks for this report.

Sounds legit to me, even if I think that raised an error makes sens, because packages will not be installed and you want to be sure to notice that

Let's ask @robmadole

[walkerworks]

I'll obviously defer to you guys on this - as it is your project. I have not seen this behavior before from any other packages I've ever installed...and other developers I've spoken with about this expressed surprise that a single non-critical package can stop development.

[robmadole]

@walkerworks can you share a sanitized version of your .npmrc? This doesn't sound right to me unless you are using npm.fontawesome.com to install every single package in your dependencies/devDependencies.

Perhaps you've configured it so that all packages are installed through our private NPM repository?

[walkerworks]

Hi @robmadole - I don't think it's an issue with how we're doing our installs...other users reported the same behavior in the somewhat related ticket #17178 : Commenter -- well, that's them trying to serve it locally - BUT - same error.

My .npmrc used to look like this @fortawesome:registry=https://npm.fontawesome.com //npm.fontawesome.com/:_authToken=XXXX-XXXX-XXXX-XXXX-XXXX

[robmadole]

The issue is that if you are trying to install a package from the @fortawesome scope (which yours says @FortAwesome which is not technically correct) it's going to try and use npm.fontawesome.com. The @fortawesome/pro-light-svg-icons package actually has a dependency to @fortawesome/fontawesome-common-types. So when you try to install it's going to reach out and try to grab that one too from npm.fontawesome.com.

NPM doesn't distinguish between what is free and Pro for Font Awesome. It only know about scopes.

My recommendation would be to produce a verbose log of the error that you have. I'm still thinking that you have a configuration somewhere that is trying to install non-@fortawesome scoped packages through the npm.fontawesome.com registry.

[walkerworks]

I've attached the verbose install log.

2021-03-12T21_55_58_255Z-debug.log

In terms of:

The issue is that if you are trying to install a package from the @fortawesome scope (which yours says @FortAwesome which is not technically correct)

I'm not sure how we got that wrong? The instructions on using package managers recommended this.

or maybe I'm just not understanding your explanation? Are you saying that some of these font-awesome dependencies are set up wrong?

"@fortawesome/fontawesome-svg-core": "^1.2.34",
"@fortawesome/free-brands-svg-icons": "^5.15.2",
"@fortawesome/pro-duotone-svg-icons": "^5.15.2",
"@fortawesome/pro-light-svg-icons": "^5.15.2",
"@fortawesome/pro-solid-svg-icons": "^5.15.2",
"@fortawesome/vue-fontawesome": "^0.1.10",  **<------ Maybe this guy?**

"@fortawesome/fontawesome-pro": "^5.15.2"

[robmadole]

@walkerworks based on that log you are still trying to install from npm.fontawesome.com. This might be coming from your package-lock.json. Have you removed that and allowed npm to create a new one?

[walkerworks]

Here is a verbose log after removing package-lock.json. Same error - and the expected crash of the npm install prevents the creation of a new package-lock.json file.

2021-03-12T22_50_49_541Z-debug.log

I just want to reiterate - in case you're trying to solve the reason for this error - my license is definitely expired. I fully expect an attempt to download pro packages to fail. The point of this issue report is that an unable to authenticate issue with your package server should not (in my opinion) crash the entire npm install for an application. Personally, our team is now self-hosting the last available license versioned npm packages. I made this ticket for your other clients who may see their app crash entirely for a font-awesome license expiration. If you already understood this - I apologize...I just didn't want to waste more of your time in case we were not on the same page.

[robmadole]

No not a waste of time at all. The behavior you are seeing is not by design and I'm trying to make sure we don't actually have an issue here. So I appreciate you taking the time to go back and forth.

I'm still thinking you have a tricky .npmrc or environment variable playing games with us here.

What's the output of npm config list? Make sure you check for any sensitive data before you paste it in here

[walkerworks]

Turns out, we don't use the .npmrc file. We have the license stuff in the global register.

npm config set "@fortawesome:registry" https://npm.fontawesome.com/ npm config set "//npm.fontawesome.com/:_authToken" XXX-XXX-XXX-XXX-XXX

Give me a moment to get the config stuff. I have to keep reverting to the old code to break it again to get your data.

[walkerworks]

; cli configs metrics-registry = "https://registry.npmjs.org/" scope = "" user-agent = "npm/6.14.11 node/v14.16.0 win32 x64"

; userconfig PATH_TO.npmrc @fortawesome:registry = "https://npm.fontawesome.com/" prefix = "PATH_TO\Git\local"

; builtin config undefined

; node bin location = PATH_TO\nodejs\node.exe ; cwd = PATH_TO_APP ; HOME = PATH_TO_ME ; "npm config ls -l" to show all defaults.

[CameronCT]

Having same issue, Pro license expired. However I can only use free solid package icons. If I install anything that's not that specific package, my builds will fail when being deployed for authentication errors.

[robmadole]

For those whose license has expired, you will not be able to use https://npm.fontawesome.com. So the first step is going to be to make sure you've removed any configuration that points the scope @fortawesome to that address.

After that your package-lock.json files will need to be modified. The easiest thing to do is remove that file and then re-install.

@CameronCT if that doesn't work let me know what you see.

[walkerworks]

@CameronCT

• also, if you have an old .npmrc file hanging around with an @fortawesome:registry=https://npm.fontawesome.com & AuthTokenspecified ...Remove them. And if you did a global setup like this: npm config set "@fortawesome:registry" https://npm.fontawesome.com/

undo it via npm config delete <key> [<key> ...]

....I think those were the gotchas that got me.

[CameronCT]

I've done all of that, I'll explain what I've done so far.

1. Check for any other .npmrc files that are in my current or other directories using npm config list and this is what is found

   
   ; "builtin" config from C:\Users\ctouc\AppData\Roaming\npm\node_modules\npm\npmrc

prefix = "C:\Users\ctouc\AppData\Roaming\npm"

; node bin location = C:\Program Files\nodejs\node.exe ; cwd = C:\Users\ctouc\Documents\GitHub\next ; HOME = C:\Users\ctouc ; Run npm config ls -l to show all defaults.

There was a `@fortawesome:registry` record in here, but from the advice of others I have removed it.

2. Removed `.npmrc` file in repo which DID exist at one point since I did have a former Font Awesome Pro subscription.

3. Removed `package-lock.json` and did `npm install` again.

Here are my current Font Awesome packages

"@fortawesome/fontawesome-svg-core": "^1.2.34",
"@fortawesome/free-brands-svg-icons": "^5.15.2",
"@fortawesome/free-regular-svg-icons": "^5.15.4",
"@fortawesome/free-solid-svg-icons": "^5.15.4",
"@fortawesome/react-fontawesome": "^0.1.14",

Keep in mind, installing on my local PC is fine however when deploying the build to services like Netlify is where I get the issue. On another project, removing `free-brands-svg-icons` and `free-regular-svg-icons` has resolved the issue. I cannot do that in this case since my repository relies on a lot of icons in this list.

And yes, **I have** deployed with cache cleared on Netlify if anyone asks.

[robmadole]

@CameronCT how about npm config list in your CI output?

[CameronCT]

@CameronCT how about npm config list in your CI output?

Would that be relevant considering the repo I'm doing this on is a brand new project in Netlify itself?

[robmadole]

@CameronCT if it's working on your dev machine and not CI, I think logs from CI is where to go next. If you have a verbose log from running npm install in CI that would be helpful too. We may be assuming that the failure is the same as what your previously experienced locally. That may not be the case?

[CameronCT]

10:16:50 AM: Build ready to start
10:16:52 AM: build-image version: 73def8bb10593b9b818f44989a75ea508018ccb7 (focal)
10:16:52 AM: build-image tag: v4.5.2
10:16:52 AM: buildbot version: ff9e2433dccff2a568f42fdd27a8e92c84c8a325
10:16:53 AM: Building without cache
10:16:53 AM: Starting to prepare the repo for build
10:16:53 AM: No cached dependencies found. Cloning fresh repo
10:16:53 AM: git clone https://github.com/Keyma-sh/next
10:16:54 AM: Preparing Git Reference refs/heads/redesign
10:16:55 AM: Parsing package.json dependencies
10:16:56 AM: Starting build script
10:16:56 AM: Installing dependencies
10:16:56 AM: Python version set to 2.7
10:16:57 AM: v16.13.1 is already installed.
10:16:57 AM: Now using node v16.13.1 (npm v8.1.2)
10:16:57 AM: Started restoring cached build plugins
10:16:57 AM: Finished restoring cached build plugins
10:16:58 AM: Attempting ruby version 2.7.2, read from environment
10:16:59 AM: Using ruby version 2.7.2
10:16:59 AM: Using PHP version 8.0
10:16:59 AM: Started restoring cached node modules
10:16:59 AM: Finished restoring cached node modules
10:17:00 AM: Installing NPM modules using NPM version 8.1.2
10:17:08 AM: npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
10:17:09 AM: npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
10:17:16 AM: npm WARN deprecated @types/react-toastify@4.1.0: This is a stub types definition. react-toastify provides its own type definitions, so you do not need this installed.
10:17:20 AM: npm WARN deprecated popper.js@1.16.1: You can find the new Popper v2 at @popperjs/core, this package is dedicated to the legacy v1
10:17:35 AM: npm ERR! code E401
10:17:35 AM: npm ERR! Incorrect or missing password.
10:17:35 AM: npm ERR! If you were trying to login, change your password, create an
10:17:35 AM: npm ERR! authentication token or enable two-factor authentication then
10:17:35 AM: npm ERR! that means you likely typed your password in incorrectly.
10:17:35 AM: npm ERR! Please try again, or recover your password at:
10:17:35 AM: npm ERR!     https://www.npmjs.com/forgot
10:17:35 AM: npm ERR!
10:17:35 AM: npm ERR! If you were doing some other operation then your saved credentials are
10:17:35 AM: npm ERR! probably out of date. To correct this please try logging in again with:
10:17:35 AM: npm ERR!     npm login
10:17:35 AM: npm ERR! A complete log of this run can be found in:
10:17:35 AM: npm ERR!     /opt/buildhome/.npm/_logs/2022-01-10T18_17_35_463Z-debug.log
10:17:35 AM: Error during NPM install
10:17:35 AM: Build was terminated: Build script returned non-zero exit code: 1
10:17:35 AM: Creating deploy upload records
10:17:35 AM: Failing build: Failed to build site
10:17:35 AM: Failed during stage 'building site': Build script returned non-zero exit code: 1
10:17:35 AM: Finished processing build request in 42.850388245s

Netlify does not offer a "verbose" mode as far as I'm aware - however if there's a way to make it verbose then I can do so.

Just in case you have concerns about the build log not mentioning Font Awesome, this has been a continuous issue with a lot of my other repositories and removing FA packages seems to resolve the issue despite the error not stating the realm. I don't know why Netlify CI doesn't specify where the authentication error is occurring. Font Awesome is also the only package I've ever had to authenticate for since I had a Pro subscription.

If you want to reproduce the issue: https://github.com/keyma-sh/next/tree/redesign

[robmadole]

@CameronCT just looked at your repro. The package-lock.json still references npm.fontawesome.com.

[CameronCT]

@CameronCT just looked at your repro. The package-lock.json still references npm.fontawesome.com.

I'm aware, but when I remove package-lock.json and do npm install it still will default to npm.fontawesome.com despite there not being an .npmrc file located in the working directory or the user-level .npmrc. Or having any mention of font awesome anywhere in npm config list. Any other ideas?

[robmadole]

@CameronCT sorry but I don't have any other recommendations for you beyond what's already been posted in this thread.

[CameronCT]

@CameronCT sorry but I don't have any other recommendations for you beyond what's already been posted in this thread.

When you try to delete package-lock.json and do npm install do your packages result in the same as what I have?

[CameronCT]

While this issue is closed. I have actually found a solution for this, though I'm not too sure which part of my solution is what made it work or not.

As mentioned before, I followed several comments in a few issues that explain the following.

1. Check .npmrc if such exists in your project directory for any @fortawesome:registry because if you had a pro package and it expired, then this is typically the first problem.
2. Make sure you didn't have a environment set variable for font awesome, using npm config list you can validate this. There also may be a .npmrc file in your User directory that may also contain this.
3. Clearing yarn.lock or in my case, package-lock.json and then reinstalling via npm install.

Alrighty, so this covers pretty much everything that Font Awesome and others have suggested. Which has worked for some, but for others hasn't worked.

What worked for me is, after performing steps 1 and 2 I decided to take a step further by deleting node_modules and restarting my PC. After doing both of these steps and then doing npm install this has actually resolved my issue.

While I'm still not sure why this happened and I'm not sure if the PC restart was actually necessary. This is what I did to resolve the problem.

[tripflex]

Super annoying considering the "perpetual license" for the version you have installed, so whether it's around how npm handlings things or not, still annoying that FA does not give any details on how to deal with this.

Pretty much what happens is due to the way npm/yarn works, it's going to try and deal with this anytime you install a package, regardless of what it is.

Basically when you still have the configuration in .rpmrc it's going to try and use the authentication (EVEN IF you specify file location, because of the @fortawesome/fontawesome-common-types dependency (even if it exists in your node_modules)

My guess is they have no documentation on how to still use a version you have from NPM in your project after license has expired, for those who will just renew to not have to deal with it.

If you guys are having issues still, MAKE SURE there's nothing in your .npmrc for FA anymore, and if that doesn't work, try directly referencing the file location if you can:

"@fortawesome/fontawesome-pro": "file:/Users/me/purchased_modules/@fortawesome/fontawesome-pro"