search

npm / cli

the package manager for JavaScript
https://docs.npmjs.com/cli/
Other
8.3k stars 3.05k forks source link

[BUG] Does automation token support 'npm access set status' command? #7625

Closed justuno closed 1 month ago

justuno commented 1 month ago

Is there an existing issue for this?

This issue exists in the latest npm version

Current Behavior

I'm facing 403 issue when I executed 'npm access set status=public @justuno-lyd/hello_npm --userconfig .npmrc' If I change to Publish token, no issues here.

Expected Behavior

Able to use automation token to update package access level

Steps To Reproduce

  1. echo //registry.npmjs.org/:_authToken=${NPM_TOKEN} > .npmrc NPM_TOKEN is automation type
  2. execute 'npm access set status=public @justuno-lyd/hello_npm --userconfig .npmrc' facing 403 issue
  3. change NPM_TOKEN to Publish type
  4. execute 'npm access set status=public @justuno-lyd/hello_npm --userconfig .npmrc' it works

Environment

prefix = "/opt/homebrew"

; "project" config from /Users/yadong/Desktop/work/test/hello_npm/.npmrc

//registry.npmjs.org/:_authToken = (protected)

; node bin location = /opt/homebrew/Cellar/node@20/20.12.2/bin/node ; node version = v20.12.2 ; npm local prefix = /Users/yadong/Desktop/work/test/hello_npm ; npm version = 10.5.0 ; cwd = /Users/yadong/Desktop/work/test/hello_npm ; HOME = /Users/yadong ; Run npm config ls -l to show all defaults.

; "publishConfig" from /Users/yadong/Desktop/work/test/hello_npm/package.json ; This set of config values will be used at publish-time.

access = "public"

kchindam-infy commented 1 month ago

Hello @justuno
Yes you can change the package status using the Automation Token. make sure to grant necessary Read and Write access to the package you want to change the access (login to your npmjs account and from profile you can give access to your automation token).

The command you are using is incorrect to set status, instead use : npm access public @justuno-lyd/hello_npm --userconfig .npmrc

justuno commented 1 month ago

Hello @justuno Yes you can change the package status using the Automation Token. make sure to grant necessary Read and Write access to the package you want to change the access (login to your npmjs account and from profile you can give access to your automation token).

The command you are using is incorrect to set status, instead use : npm access public @justuno-lyd/hello_npm --userconfig .npmrc

Thanks @kchindam-infy , classic token can not grant access, and the command I used is correct with my npm, the command you said is fit with elder version I suppose.

kchindam-infy commented 1 month ago

Hi @justuno Yes legacy tokens does not support read and write access. You can always use Granular access token, offers better security too.

You can find more about npm access tokens here : https://docs.npmjs.com/about-access-tokens.

justuno commented 1 month ago

Hi @justuno Yes legacy tokens does not support read and write access. You can always use Granular access token, offers better security too.

You can find more about npm access tokens here : https://docs.npmjs.com/about-access-tokens.

Thanks @kchindam-infy but Granular access token only supports 50 packages, does not fit my company needs. I'll try to find another way to resolve it, thanks for your help~