"ng update" doesn't support private repos such as FontAwesome 5 Pro

[bjornharvold]

Versions

Angular CLI: 6.0.0
Node: 9.11.1
OS: darwin x64
Angular: 6.0.0
... animations, cli, common, compiler, compiler-cli, core, forms
... http, language-service, platform-browser
... platform-browser-dynamic, platform-server, router
... service-worker

Package                           Version
-----------------------------------------------------------
@angular-devkit/architect         0.6.0
@angular-devkit/build-angular     0.6.0
@angular-devkit/build-optimizer   0.6.0
@angular-devkit/core              0.6.0
@angular-devkit/schematics        0.6.0
@ngtools/webpack                  6.0.0
@schematics/angular               0.6.0
@schematics/update                0.6.0
rxjs                              6.1.0
typescript                        2.7.2
webpack                           4.6.0

Repro steps

• Add dependency on a private repo such as FontAwesome 5 Pro
• Run ng update @angular/core

Observed behavior

Not found : @fortawesome/pro-regular-svg-icons

Mention any other details that might be useful (optional)

This works fine using npm directly because the private repo has already been registered with npm

[DaSchTour]

Okay, so I'm not the only one with the problem #10571 It also looks like CLI 6.0.0 doesn't support authentication included in global .npmrc

[Ben305]

This should be fixed sooner than later

[Timebutt]

There is definitely a problem when using a private npm repository. I could only run ng update correctly once I removed my .npmrc file, and removed every private package from package.json. After running ng update @angular/cli' it finally correctly generated the angular.json file and I readded all the references I removed before.

[clydin]

Can you provide the list of option names used within .npmrc?

[Ben305]

I have the same problem, my .npmrc looks like this:

@myprefix:registry=https://npm.ourdomain.local

[Timebutt]

Sure, this is what my .npmrc looks like:

registry=https://npm.showpad.io:8080
save-exact=true
//npm.showpad.io:8080/:_authToken=${NPM_TOKEN}

[DaSchTour]

While looking at the growing list of bugs relating .npmrc #10704 #10571 #10660 I think this should be fixed asap

[hansl]

Hi @bjornharvold, @DaSchTour,

Could you verify this is still an issue with 6.0.1? There were a few fixes regarding the registry flag (we have 1 fix in queue for the strict-ssl flag). Thanks!

[rhythmnewt]

    _                      _                 ____ _     ___
    / \   _ __   __ _ _   _| | __ _ _ __     / ___| |   |_ _|
   / △ \ | '_ \ / _` | | | | |/ _` | '__|   | |   | |    | |
  / ___ \| | | | (_| | |_| | | (_| | |      | |___| |___ | |
 /_/   \_\_| |_|\__, |\__,_|_|\__,_|_|       \____|_____|___|
                |___/

Angular CLI: 6.0.1
Node: 9.2.1
OS: win32 x64
Angular: 6.0.0
... animations, common, compiler, compiler-cli, core, forms
... http, language-service, platform-browser
... platform-browser-dynamic, router

Package                           Version
-----------------------------------------------------------
@angular-devkit/architect         0.6.1
@angular-devkit/build-angular     0.6.1
@angular-devkit/build-optimizer   0.6.1
@angular-devkit/core              0.6.1
@angular-devkit/schematics        0.6.1
@angular/cdk                      6.0.1
@angular/cli                      6.0.1
@angular/material                 6.0.1
@ngtools/webpack                  6.0.1
@schematics/angular               0.6.1
@schematics/update                0.6.1
rxjs                              6.1.0
typescript                        2.7.2
webpack                           4.6.0

Yep still happens with 6.0.1. Targeting VSTS in my .npmrc registry=https://PRIVATE.pkgs.visualstudio.com/_packaging/PRIVATE/npm/registry/

Unexpected token T in JSON at position 0
TF400813: Resource not available for anonymous access. Client authentication required.

[ThYpHo0n]

Angular CLI: 6.0.1
Node: 8.9.0
OS: darwin x64
Angular: 6.0.1
... animations, cli, common, compiler, compiler-cli, core, forms
... http, platform-browser, platform-browser-dynamic
... platform-server, router

Package                           Version
-----------------------------------------------------------
@angular-devkit/architect         0.6.1
@angular-devkit/build-angular     0.6.1
@angular-devkit/build-optimizer   0.6.1
@angular-devkit/core              0.6.1
@angular-devkit/schematics        0.6.1
@angular/cdk                      5.2.5
@angular/material                 5.2.5
@ngtools/json-schema              1.1.0
@ngtools/webpack                  6.0.1
@schematics/angular               0.6.1
@schematics/update                0.6.1
ng-packagr                        2.4.4
rxjs                              6.1.0
typescript                        2.7.2
webpack                           4.6.0

Still valid for me too using a scoped repository.

ng update @angular/cli
ng update @angular/core

Went smoothly but ng update @angular/material broke with a 401 error.

[abbazabacto]

Experiencing this issue with @angular/cli@6.0.3 and private Nexus repository

Content of .npmrc looks something like...

registry=
email=
always-auth=true
_auth=

[tilowestermann]

Having the same issue using a JFrog Artifactory (universal artifact manager) as registry in .npmrc. This may be related: https://github.com/angular/devkit/issues/917

[ajpierson]

I'm also having this same problem with @angular/cli@6.0.3 and VSTS

[pouyio]

Same problem here behind a private Nexus repo

[7bamboo]

Same here, happens with our own private repo ng update returns Not found: @org/package although npm install @org/package works fine and the package is already installed in node_modules.

[eitland]

Same problem with 6.0.7 just now.

[tilowestermann]

@hansl any update on this? The issue still carries the "need: more info" label.

[Timebutt]

I'm also curious, is there anything we can do or provide to speed this issue up?

[devoto13]

I think it is fixed by https://github.com/angular/devkit/pull/982 in https://github.com/angular/devkit/releases/tag/v6.1.0-beta.1 release. Can anybody verify?

[ajpierson]

I'd be happy to test it, but I'm not quite sure how to...I'm a little confused how devkit relates to CLI. What do I install to test this, is there an NPM package? Do I clone the repo and do an NPM link? If I install that package does the CLI use it, or does it supersede the CLI. Sorry, I'm a little ignorant, I'd love a little guidance.

Or do I just wait for an updated @angular/cli v6.1.0-beta.1 to be released?

[abbazabacto]

@devoto13 I can't seem to find @angular/cli@6.1.0-beta.1, it is not available in the npm registry: https://www.npmjs.com/package/@angular/cli

I was able to install @angular-devkit/build-angular@0.7.0-beta.1 individually, but that still resulted in a 401 Unauthorized, but not sure if this is related.

[devoto13]

@abbazabacto It is @schematics/update@0.7.0-beta.1 package, which contains the fix. It is a dependency of @angular/cli and the last version of which depends on @schematics/update@0.7.0-beta.0.

@ajpierson It looks like there is no easy way to try it out at the moment and the easiest way, as you suggest, is to wait until @angular/cli@6.1.0-beta.1 is released. Sorry for the confusion.

[ajpierson]

Thanks, that's how it looked to me too as free I dug in some more glad to hear I'm not crazy.

On Fri, Jun 1, 2018 at 1:54 AM Yaroslav Admin notifications@github.com wrote:

@abbazabacto https://github.com/abbazabacto It is @schematics/update@0.7.0-beta.1 package, which contains the fix. It is a dependency of @angular/cli and the last version depends on @schematics/update@0.7.0-beta.0.

@ajpierson https://github.com/ajpierson It looks like there is no easy way to try it out at the moment and the easiest way, as you suggest, is to wait until @angular/cli@6.1.0-beta.1 is released. Sorry for the confusion.

— You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub https://github.com/angular/angular-cli/issues/10624#issuecomment-393797741, or mute the thread https://github.com/notifications/unsubscribe-auth/AADcRWLfQ5m6zhLFo2ATQmhNa3C9KgCmks5t4PMZgaJpZM4TyC_f .

[cluetjen]

We're using a private repository and get "error 401 unauthorized" (see #10704 which was closed as duplicate of this issue). The problem still exists with @angular/cli@6.1.0-rc.0.

    "@angular/cli@^6.1.0-rc.0":  version "6.1.0-rc.0"

    resolved "https://registry.yarnpkg.com/@angular/cli/-/cli-6.1.0-rc.0.tgz#7ffb203ab429beca19003369647015aa707921b9"
    dependencies:
      "@angular-devkit/architect" "0.7.0-rc.0"
      "@angular-devkit/core" "0.7.0-rc.0"
      "@angular-devkit/schematics" "0.7.0-rc.0"
      "@schematics/angular" "0.7.0-rc.0"
      "@schematics/update" "0.7.0-rc.0"
      opn "^5.3.0"
      rxjs "^6.0.0"
      semver "^5.1.0"
      symbol-observable "^1.2.0"
      yargs-parser "^10.0.0"

[Brampage]

Issue still exists inside @angular/cli@6.0.8

[admosity]

I have the same issue with a private git+ssh dependency and trying this against the latest version on master:

Angular CLI: local (v6.1.0-beta.0, branch: master)
Node: 9.10.0
OS: darwin x64
Angular: 5.2.11
... animations, common, compiler, compiler-cli, core, forms
... http, language-service, platform-browser
... platform-browser-dynamic, router, service-worker

Package                           Version
-----------------------------------------------------------
@angular-devkit/architect         0.7.0-rc.0
@angular-devkit/build-angular     0.7.0-rc.0
@angular-devkit/build-optimizer   0.7.0-rc.0
@angular-devkit/build-webpack     0.7.0-rc.0
@angular-devkit/core              0.7.0-rc.0
@angular-devkit/schematics        0.7.0-rc.0
@angular/cdk                      5.2.5
@angular/cli                      1.7.0
@ngtools/webpack                  1.10.0
@schematics/angular               0.7.0-rc.0
@schematics/package-update        0.7.0-rc.0
@schematics/update                0.7.0-rc.0
rxjs                              5.5.11
typescript                        2.5.3
webpack                           4.9.2

[DavidDecraene]

Also having the not found issue using while using a git+https dependency running @angular/cli 6.0.8

Seems like a common bug, any timeline on the resolution of this?

[epelc]

Any chance the cli could just log not found errors as a warning instead of exiting on them?

[tengis]

Hi Guys,

The issue related with npm's get config command itself.

npm get <key> returns all other configs except _auth and _authToken. Even, npm config list doesn't return them as well.

On update script, it tries to run this command, and this command fails, then actual value became null, so your private registry authentication fails.

https://github.com/angular/angular-cli/blob/6449a753641340d8fc19a752e1a1ced75f974efa/packages/schematics/update/update/npm.ts#L47

So quick and dirty solution is set your auth token manually on ./node_modules/@schematics/update/update/npmjs line number somewhere after 103.

auth = { token: "<your_auth_token", alwaysAuth: true }

FYI: My .npmrc file

strict-ssl=false
registry=https://<company_nexus_npm_registry>
_auth="<base64_token>"
always_auth=true
email=<company_email>

I'll try to create PR for this if anyone created anything similar.

Cheers

[Timebutt]

@tengis that's some great debugging friend! I just tried this out, and it works beautifully ;)

Important notice for people trying out this fix too, you need to have at least version 6.1.0-rc0 of the @angular/cli package, before editing the npm.js file as suggested.

What PR do you suggest to create, one that fixes the issue in npm itself, or one that 'patches' it in CLI by fetching it somehow from .npmrc and adding it in manually?

[Timebutt]

Thinking about it, you probably won't be able to change this in npm itself as _auth and _authToken are secrets, and it is desired behaviour to never hand them out using npm get {KEY}, judging from following terminal output:

npm get _authToken                                                                                                                                                         
npm ERR! ---sekretz---

[tengis]

@Timebutt Or perhaps add --auth flag on ng update command?!

[DaSchTour]

I really wonder why not using plain npm and make use of the build in authentication. Adding an --auth flag so I have to add authentication again for angular. Very bad idea. Parse .npmrc or just use npm.

[jusefb]

We have the same issue now. Does anyone have a solution for this problem?

[beanian]

still seeing this behavior in @angular/cli@6.1.0-rc.2

[modul8com]

even in official 6.1 it's still an issue

[DaSchTour]

Well I don't think that this will be solved any time soon, just guessing by how it is labled.

[roblarsen]

The good news: I found a bug report that precisely describes the issue we're experiencing The bad news: It's been open since May

😭

[roblarsen]

Our workaround was to remove our private package, then run...

ng update --registry=https://registry.npmjs.org/ @angular/cli

and then re-install the private package.

The worst? Or simply the worst? The worst.

[tommck]

my hack/solution:

go to node_modules\@schematics\update\update\npm.js and change line 35-ish (first line of the method)

function getNpmClientSslOptions(strictSsl, cafile) {
    const sslOptions = { strict: false }; // <---- RIGHT HERE.. normally, it's "{}"
    if (strictSsl === 'false') {
        sslOptions.strict = false;
    }
    else if (strictSsl === 'true') {
        sslOptions.strict = true;
    }
    if (cafile) {
        sslOptions.ca = fs_1.readFileSync(cafile);
    }
    return sslOptions;
}

Not sure why it's not getting the setting from the .npmrc file, but this let me get past the issue

[tilowestermann]

@hansl & @filipesilva This thread still has the "need more info" and "low frequency" labels. Based on the thread's activity, I assume that both are not valid anymore and possibly give a false impression of the severity of this issue.

[bytenik]

Why is this need more info and low frequency @hansl? It affects nearly every corporate developer because we all have private npm packages. Not to mention anyone who has spent the time to decouple their application into components.

[grantcp]

I'm also seeing this issue on various 6.0.0+ versions. Tried some of the solutions above and none of them worked for me.

Any timeline on a fix?

Update:

Got it to work by removing the private registry from the .npmrc file and following the usual migration steps. But we shouldn't have to resort to this kind of a hack. Is someone going to change the attributes for this issue? Definitely shouldn't be labeled as low frequency

[e-hein]

still the same issue with @schematics/update@0.7.2 and @angular/cli@6.1.2

Angular CLI: 6.1.2
Node: 8.11.3
OS: darwin x64
Angular: 6.0.7
... common, compiler, compiler-cli, core, forms, http
... platform-browser, platform-browser-dynamic

Package                           Version
-----------------------------------------------------------
@angular-devkit/architect         0.6.8
@angular-devkit/build-angular     0.6.8
@angular-devkit/build-optimizer   0.6.8
@angular-devkit/core              0.0.29
@angular-devkit/schematics        0.0.52
@angular/animations               6.0.9
@angular/cli                      6.1.2
@angular/router                   6.0.9
@ngtools/json-schema              1.1.0
@ngtools/webpack                  6.0.8
@schematics/angular               0.7.2
@schematics/update                0.7.2
rxjs                              6.2.1
typescript                        2.7.2
webpack                           4.8.3

ng update @angular/cli
401 Unauthorized

Workaround that works for me:

• temporary removing all private dependencies from package.json (no need to uninstall / reinstall them)
• and ensure there's no private default registry in .npmrc (usually I got the private mirror with public and private packages there)

[ghost]

Still failing with 6.1.3:

Angular CLI: 6.1.3
Node: 10.8.0
OS: linux x64
Angular: 6.1.2
... animations, common, compiler, compiler-cli, core, forms
... http, language-service, platform-browser
... platform-browser-dynamic, router

Package                           Version
-----------------------------------------------------------
@angular-devkit/architect         0.7.3
@angular-devkit/build-angular     0.7.3
@angular-devkit/build-optimizer   0.7.3
@angular-devkit/build-webpack     0.7.3
@angular-devkit/core              0.7.3
@angular-devkit/schematics        0.7.3
@angular/cli                      6.1.3
@ngtools/webpack                  6.1.3
@schematics/angular               0.7.3
@schematics/update                0.7.3
rxjs                              6.2.2
typescript                        2.9.2
webpack                           4.9.2

$ ng update
401 Unauthorized

[DaSchTour]

Already page one of the most commented open issues. Hopefully we will get some attentation when this hits the 400 comments mark and reach the top of most commented issues. So come on people, we can do this.

[deniskrafczyk]

Facing this error too:

Angular CLI: 6.1.3
Node: 8.11.3
OS: win32 x64
Angular: 6.1.2
... animations, common, compiler, core, forms, http
... language-service, platform-browser, platform-browser-dynamic
... router

Package                      Version
------------------------------------------------------
@angular-devkit/architect    0.7.3 (cli-only)
@angular-devkit/core         0.7.3 (cli-only)
@angular-devkit/schematics   0.7.3 (cli-only)
@angular/cdk                 6.4.3
@angular/cli                 <error>
@angular/compiler-cli        <error>
@angular/flex-layout         6.0.0-beta.17
@schematics/angular          0.7.3 (cli-only)
@schematics/update           0.7.3 (cli-only)
rxjs                         6.2.2
typescript                   2.9.2 (cli-only)

[aghou]

delete node_modules and run ng upgrade @angular/core

rm -rf node_modules
ng update @angular/core

it works for me

[ghost]

@aghou That does provide a usable workaround, but the time spent removing and re-installing is not good.

Still hoping for a fix.

[Konni1337]

I have the same problem with 6.1.3 and JFrog Artifactory. A fix would be most appreciated.

.npmrc is like: registry= email= always-auth=true _auth=