Closed bjornharvold closed 5 years ago
Okay, so I'm not the only one with the problem #10571 It also looks like CLI 6.0.0 doesn't support authentication included in global .npmrc
This should be fixed sooner than later
There is definitely a problem when using a private npm repository. I could only run ng update
correctly once I removed my .npmrc
file, and removed every private package from package.json
. After running ng update @angular/cli'
it finally correctly generated the angular.json
file and I readded all the references I removed before.
Can you provide the list of option names used within .npmrc
?
I have the same problem, my .npmrc
looks like this:
@myprefix:registry=https://npm.ourdomain.local
Sure, this is what my .npmrc
looks like:
registry=https://npm.showpad.io:8080
save-exact=true
//npm.showpad.io:8080/:_authToken=${NPM_TOKEN}
While looking at the growing list of bugs relating .npmrc
#10704 #10571 #10660 I think this should be fixed asap
Hi @bjornharvold, @DaSchTour,
Could you verify this is still an issue with 6.0.1? There were a few fixes regarding the registry flag (we have 1 fix in queue for the strict-ssl flag). Thanks!
_ _ ____ _ ___
/ \ _ __ __ _ _ _| | __ _ _ __ / ___| | |_ _|
/ △ \ | '_ \ / _` | | | | |/ _` | '__| | | | | | |
/ ___ \| | | | (_| | |_| | | (_| | | | |___| |___ | |
/_/ \_\_| |_|\__, |\__,_|_|\__,_|_| \____|_____|___|
|___/
Angular CLI: 6.0.1
Node: 9.2.1
OS: win32 x64
Angular: 6.0.0
... animations, common, compiler, compiler-cli, core, forms
... http, language-service, platform-browser
... platform-browser-dynamic, router
Package Version
-----------------------------------------------------------
@angular-devkit/architect 0.6.1
@angular-devkit/build-angular 0.6.1
@angular-devkit/build-optimizer 0.6.1
@angular-devkit/core 0.6.1
@angular-devkit/schematics 0.6.1
@angular/cdk 6.0.1
@angular/cli 6.0.1
@angular/material 6.0.1
@ngtools/webpack 6.0.1
@schematics/angular 0.6.1
@schematics/update 0.6.1
rxjs 6.1.0
typescript 2.7.2
webpack 4.6.0
Yep still happens with 6.0.1. Targeting VSTS in my .npmrc registry=https://PRIVATE.pkgs.visualstudio.com/_packaging/PRIVATE/npm/registry/
Unexpected token T in JSON at position 0
TF400813: Resource not available for anonymous access. Client authentication required.
Angular CLI: 6.0.1
Node: 8.9.0
OS: darwin x64
Angular: 6.0.1
... animations, cli, common, compiler, compiler-cli, core, forms
... http, platform-browser, platform-browser-dynamic
... platform-server, router
Package Version
-----------------------------------------------------------
@angular-devkit/architect 0.6.1
@angular-devkit/build-angular 0.6.1
@angular-devkit/build-optimizer 0.6.1
@angular-devkit/core 0.6.1
@angular-devkit/schematics 0.6.1
@angular/cdk 5.2.5
@angular/material 5.2.5
@ngtools/json-schema 1.1.0
@ngtools/webpack 6.0.1
@schematics/angular 0.6.1
@schematics/update 0.6.1
ng-packagr 2.4.4
rxjs 6.1.0
typescript 2.7.2
webpack 4.6.0
Still valid for me too using a scoped repository.
ng update @angular/cli
ng update @angular/core
Went smoothly but
ng update @angular/material
broke with a 401 error.
Experiencing this issue with @angular/cli@6.0.3
and private Nexus repository
Content of .npmrc
looks something like...
registry=
email=
always-auth=true
_auth=
Having the same issue using a JFrog Artifactory (universal artifact manager) as registry in .npmrc
. This may be related: https://github.com/angular/devkit/issues/917
I'm also having this same problem with @angular/cli@6.0.3 and VSTS
Same problem here behind a private Nexus repo
Same here, happens with our own private repo ng update
returns Not found: @org/package
although npm install @org/package
works fine and the package is already installed in node_modules
.
Same problem with 6.0.7 just now.
@hansl any update on this? The issue still carries the "need: more info" label.
I'm also curious, is there anything we can do or provide to speed this issue up?
I think it is fixed by https://github.com/angular/devkit/pull/982 in https://github.com/angular/devkit/releases/tag/v6.1.0-beta.1 release. Can anybody verify?
I'd be happy to test it, but I'm not quite sure how to...I'm a little confused how devkit relates to CLI. What do I install to test this, is there an NPM package? Do I clone the repo and do an NPM link? If I install that package does the CLI use it, or does it supersede the CLI. Sorry, I'm a little ignorant, I'd love a little guidance.
Or do I just wait for an updated @angular/cli v6.1.0-beta.1 to be released?
@devoto13 I can't seem to find @angular/cli@6.1.0-beta.1
, it is not available in the npm registry: https://www.npmjs.com/package/@angular/cli
I was able to install @angular-devkit/build-angular@0.7.0-beta.1
individually, but that still resulted in a 401 Unauthorized
, but not sure if this is related.
@abbazabacto It is @schematics/update@0.7.0-beta.1
package, which contains the fix. It is a dependency of @angular/cli
and the last version of which depends on @schematics/update@0.7.0-beta.0
.
@ajpierson It looks like there is no easy way to try it out at the moment and the easiest way, as you suggest, is to wait until @angular/cli@6.1.0-beta.1
is released. Sorry for the confusion.
Thanks, that's how it looked to me too as free I dug in some more glad to hear I'm not crazy.
On Fri, Jun 1, 2018 at 1:54 AM Yaroslav Admin notifications@github.com wrote:
@abbazabacto https://github.com/abbazabacto It is @schematics/update@0.7.0-beta.1 package, which contains the fix. It is a dependency of @angular/cli and the last version depends on @schematics/update@0.7.0-beta.0.
@ajpierson https://github.com/ajpierson It looks like there is no easy way to try it out at the moment and the easiest way, as you suggest, is to wait until @angular/cli@6.1.0-beta.1 is released. Sorry for the confusion.
— You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub https://github.com/angular/angular-cli/issues/10624#issuecomment-393797741, or mute the thread https://github.com/notifications/unsubscribe-auth/AADcRWLfQ5m6zhLFo2ATQmhNa3C9KgCmks5t4PMZgaJpZM4TyC_f .
We're using a private repository and get "error 401 unauthorized" (see #10704 which was closed as duplicate of this issue). The problem still exists with @angular/cli@6.1.0-rc.0.
"@angular/cli@^6.1.0-rc.0": version "6.1.0-rc.0"
resolved "https://registry.yarnpkg.com/@angular/cli/-/cli-6.1.0-rc.0.tgz#7ffb203ab429beca19003369647015aa707921b9"
dependencies:
"@angular-devkit/architect" "0.7.0-rc.0"
"@angular-devkit/core" "0.7.0-rc.0"
"@angular-devkit/schematics" "0.7.0-rc.0"
"@schematics/angular" "0.7.0-rc.0"
"@schematics/update" "0.7.0-rc.0"
opn "^5.3.0"
rxjs "^6.0.0"
semver "^5.1.0"
symbol-observable "^1.2.0"
yargs-parser "^10.0.0"
Issue still exists inside @angular/cli@6.0.8
I have the same issue with a private git+ssh dependency and trying this against the latest version on master:
Angular CLI: local (v6.1.0-beta.0, branch: master)
Node: 9.10.0
OS: darwin x64
Angular: 5.2.11
... animations, common, compiler, compiler-cli, core, forms
... http, language-service, platform-browser
... platform-browser-dynamic, router, service-worker
Package Version
-----------------------------------------------------------
@angular-devkit/architect 0.7.0-rc.0
@angular-devkit/build-angular 0.7.0-rc.0
@angular-devkit/build-optimizer 0.7.0-rc.0
@angular-devkit/build-webpack 0.7.0-rc.0
@angular-devkit/core 0.7.0-rc.0
@angular-devkit/schematics 0.7.0-rc.0
@angular/cdk 5.2.5
@angular/cli 1.7.0
@ngtools/webpack 1.10.0
@schematics/angular 0.7.0-rc.0
@schematics/package-update 0.7.0-rc.0
@schematics/update 0.7.0-rc.0
rxjs 5.5.11
typescript 2.5.3
webpack 4.9.2
Also having the not found issue using while using a git+https dependency running @angular/cli 6.0.8
Seems like a common bug, any timeline on the resolution of this?
Any chance the cli could just log not found errors as a warning instead of exiting on them?
Hi Guys,
The issue related with npm's get config command itself.
npm get <key>
returns all other configs except _auth
and _authToken
. Even, npm config list
doesn't return them as well.
On update script, it tries to run this command, and this command fails, then actual value became null
, so your private registry authentication fails.
So quick and dirty solution is set your auth token manually on ./node_modules/@schematics/update/update/npmjs line number somewhere after 103.
auth = { token: "<your_auth_token", alwaysAuth: true }
FYI: My .npmrc file
strict-ssl=false
registry=https://<company_nexus_npm_registry>
_auth="<base64_token>"
always_auth=true
email=<company_email>
I'll try to create PR for this if anyone created anything similar.
Cheers
@tengis that's some great debugging friend! I just tried this out, and it works beautifully ;)
Important notice for people trying out this fix too, you need to have at least version 6.1.0-rc0
of the @angular/cli
package, before editing the npm.js
file as suggested.
What PR do you suggest to create, one that fixes the issue in npm
itself, or one that 'patches' it in CLI by fetching it somehow from .npmrc
and adding it in manually?
Thinking about it, you probably won't be able to change this in npm
itself as _auth
and _authToken
are secrets, and it is desired behaviour to never hand them out using npm get {KEY}
, judging from following terminal output:
npm get _authToken
npm ERR! ---sekretz---
@Timebutt Or perhaps add --auth flag on ng update command?!
I really wonder why not using plain npm and make use of the build in authentication. Adding an --auth flag so I have to add authentication again for angular. Very bad idea. Parse .npmrc
or just use npm
.
We have the same issue now. Does anyone have a solution for this problem?
still seeing this behavior in @angular/cli@6.1.0-rc.2
even in official 6.1 it's still an issue
Well I don't think that this will be solved any time soon, just guessing by how it is labled.
The good news: I found a bug report that precisely describes the issue we're experiencing The bad news: It's been open since May
😭
Our workaround was to remove our private package, then run...
ng update --registry=https://registry.npmjs.org/ @angular/cli
and then re-install the private package.
The worst? Or simply the worst? The worst.
my hack/solution:
go to node_modules\@schematics\update\update\npm.js
and change line 35-ish (first line of the method)
function getNpmClientSslOptions(strictSsl, cafile) {
const sslOptions = { strict: false }; // <---- RIGHT HERE.. normally, it's "{}"
if (strictSsl === 'false') {
sslOptions.strict = false;
}
else if (strictSsl === 'true') {
sslOptions.strict = true;
}
if (cafile) {
sslOptions.ca = fs_1.readFileSync(cafile);
}
return sslOptions;
}
Not sure why it's not getting the setting from the .npmrc file, but this let me get past the issue
@hansl & @filipesilva This thread still has the "need more info" and "low frequency" labels. Based on the thread's activity, I assume that both are not valid anymore and possibly give a false impression of the severity of this issue.
Why is this need more info and low frequency @hansl? It affects nearly every corporate developer because we all have private npm packages. Not to mention anyone who has spent the time to decouple their application into components.
I'm also seeing this issue on various 6.0.0+ versions. Tried some of the solutions above and none of them worked for me.
Any timeline on a fix?
Update:
Got it to work by removing the private registry from the .npmrc file and following the usual migration steps. But we shouldn't have to resort to this kind of a hack. Is someone going to change the attributes for this issue? Definitely shouldn't be labeled as low frequency
still the same issue with @schematics/update@0.7.2 and @angular/cli@6.1.2
Angular CLI: 6.1.2
Node: 8.11.3
OS: darwin x64
Angular: 6.0.7
... common, compiler, compiler-cli, core, forms, http
... platform-browser, platform-browser-dynamic
Package Version
-----------------------------------------------------------
@angular-devkit/architect 0.6.8
@angular-devkit/build-angular 0.6.8
@angular-devkit/build-optimizer 0.6.8
@angular-devkit/core 0.0.29
@angular-devkit/schematics 0.0.52
@angular/animations 6.0.9
@angular/cli 6.1.2
@angular/router 6.0.9
@ngtools/json-schema 1.1.0
@ngtools/webpack 6.0.8
@schematics/angular 0.7.2
@schematics/update 0.7.2
rxjs 6.2.1
typescript 2.7.2
webpack 4.8.3
ng update @angular/cli
401 Unauthorized
Still failing with 6.1.3
:
Angular CLI: 6.1.3
Node: 10.8.0
OS: linux x64
Angular: 6.1.2
... animations, common, compiler, compiler-cli, core, forms
... http, language-service, platform-browser
... platform-browser-dynamic, router
Package Version
-----------------------------------------------------------
@angular-devkit/architect 0.7.3
@angular-devkit/build-angular 0.7.3
@angular-devkit/build-optimizer 0.7.3
@angular-devkit/build-webpack 0.7.3
@angular-devkit/core 0.7.3
@angular-devkit/schematics 0.7.3
@angular/cli 6.1.3
@ngtools/webpack 6.1.3
@schematics/angular 0.7.3
@schematics/update 0.7.3
rxjs 6.2.2
typescript 2.9.2
webpack 4.9.2
$ ng update
401 Unauthorized
Already page one of the most commented open issues. Hopefully we will get some attentation when this hits the 400 comments mark and reach the top of most commented issues. So come on people, we can do this.
Facing this error too:
Angular CLI: 6.1.3
Node: 8.11.3
OS: win32 x64
Angular: 6.1.2
... animations, common, compiler, core, forms, http
... language-service, platform-browser, platform-browser-dynamic
... router
Package Version
------------------------------------------------------
@angular-devkit/architect 0.7.3 (cli-only)
@angular-devkit/core 0.7.3 (cli-only)
@angular-devkit/schematics 0.7.3 (cli-only)
@angular/cdk 6.4.3
@angular/cli <error>
@angular/compiler-cli <error>
@angular/flex-layout 6.0.0-beta.17
@schematics/angular 0.7.3 (cli-only)
@schematics/update 0.7.3 (cli-only)
rxjs 6.2.2
typescript 2.9.2 (cli-only)
delete node_modules
and run ng upgrade @angular/core
rm -rf node_modules
ng update @angular/core
it works for me
@aghou That does provide a usable workaround, but the time spent removing and re-installing is not good.
Still hoping for a fix.
I have the same problem with 6.1.3 and JFrog Artifactory. A fix would be most appreciated.
.npmrc is like: registry= email= always-auth=true _auth=
Versions
Repro steps
Observed behavior
Mention any other details that might be useful (optional)
This works fine using npm directly because the private repo has already been registered with npm