search

npm / cli

the package manager for JavaScript
https://docs.npmjs.com/cli/
Other
8.46k stars 3.15k forks source link

[BUG] Cannot use automation token to call 'npm hook add' #5441

Open CiaranMn opened 2 years ago

CiaranMn commented 2 years ago

Is there an existing issue for this?

This issue exists in the latest npm version

Current Behavior

I cannot use an automation token to call npm hook add [package] [endpoint] [secret]

Instead, I receive the following error:

npm ERR! code E403
npm ERR! 403 403 Forbidden - POST https://registry.npmjs.org/-/npm/v1/hooks/hook
npm ERR! 403 In most cases, you or one of your dependencies are requesting
npm ERR! 403 a package version that is forbidden by your security policy, or
npm ERR! 403 on a server you do not have access to.

I can call npm hook add using a publish token.

Expected Behavior

I should be able to use an automation token to call npm hook add.

The use case is to programmatically add hooks for packages of interest, without needing to disable 2FA completely on the account in question.

Steps To Reproduce

  1. set an automation auth token via .npmrc
  2. call npm hook add [some-package] [some-endpoint] [some-secret] (add --no-workspaces if necessary for local config to take effect)
  3. see 403 error
  4. replace token with a publish token for the same user
  5. repeat step 2, see call succeed

Environment

; //registry.npmjs.org/:_authToken = (protected) ; overridden by project cache = "/Users/Ciaran/.npm"

; "project" config from /Users/ciaran/[project-path]/.npmrc

//registry.npmjs.org/:_authToken = (protected)

; "cli" config from command line options

workspaces = false

; node bin location = /Users/ciaran/.nvm/versions/node/v18.7.0/bin/node ; node version = v18.7.0 ; npm local prefix = /Users/ciaran/[project-path] ; npm version = 8.18.0 ; cwd = /Users/ciaran/[project-path] ; HOME = /Users/ciaran ; Run npm config ls -l to show all defaults.

EIonv commented 2 years ago

I highly doubt this could solve the problem but have you tried doing it with (https://www......) While I was using http requests with python it depended on if it was https\http as well as having www in the url. Python3 ~requests (uses www.google.com) <----format python3 ~urllib3(uses https\http://www.google.com) <----formatt maybe with NPM this is the same problem

CiaranMn commented 2 years ago

I highly doubt this could solve the problem but have you tried doing it with (https://www......) While I was using http requests with python it depended on if it was https\http as well as having www in the url. Python3 ~requests (uses www.google.com) <----format python3 ~urllib3(uses https\http://www.google.com) <----formatt maybe with NPM this is the same problem

I have tried this, it didn't help, but thanks for the suggestion!