Failed to look up package from Verdaccio (Node.js private proxy registry)

[weirdolucifer]

How are you running Renovate?

Self-hosted

If you're self-hosting Renovate, tell us what version of Renovate you run.

35.32.2

If you're self-hosting Renovate, select which platform you are using.

GitLab self-hosted

Was this something which used to work for you, and then stopped?

I never saw this working

Result.

Renovate is throwing 403 while getting packages from Verdaccio (Node.js private proxy registry). Hence, Failed to look up npm package semver (repository="repo_name", packageFile=package.json, dependency=semver)

Steps to reproduce:

renovate.json looks like

{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": [
    "config:base"
  ],
  "gitLabAutomerge": true,
  "pip_requirements": {
    "fileMatch": ["[a-zA-Z-_]+\/[a-zA-Z-_]*requirements[a-zA-Z-_]*\\.txt$", "requirements.txt$"]
  },
  "npmrc": "always-auth = true \\nemail = \"<email_id>\" \\nregistry = \"http://52.35.230.55/\" \\nstrict-ssl = false \\nusername = \"aregee\" \\n//52.35.230.55/:_authToken=\"<auth_token>\" \\npackage-lock=false",
  "packageRules": [
    {
      "enabled": false,
      "groupName": "everything",
      "matchPackagePatterns": ["*"],
      "separateMajorMinor": false
    }
  ],
  "vulnerabilityAlerts": {
    "enabled": true
  },
  "osvVulnerabilityAlerts": true
}

Each npm repo contains .npmrc, which looks like this:

always-auth = true
email = "email"
registry = "http://52.35.230.55/"
strict-ssl = false
username = "username"
//52.35.230.55/:_authToken="token"
package-lock=false

Relevant debug logs

Logs

smaller logs ``` DEBUG: GET http://52.35.230.55/semver = (code=ERR_NON_2XX_3XX_RESPONSE, statusCode=403 retryCount=0, duration=128) (repository=datashop-engine/datashop-demoapp) DEBUG: Failed to look up npm package semver (repository=datashop-engine/datashop-demoapp, packageFile=package.json, dependency=semver) ``` Full logs: ``` DEBUG: Vulnerability GHSA-x6fg-f45m-jf5q affects semver 4.0.0 (repository=datashop-engine/datashop-demoapp) DEBUG: Setting allowed version 4.3.2 to fix vulnerability GHSA-x6fg-f45m-jf5q in semver 4.0.0 (repository=datashop-engine/datashop-demoapp) DEBUG: Vulnerability GHSA-c2qf-rxjj-qqgw affects semver 4.0.0 (repository=datashop-engine/datashop-demoapp) DEBUG: Setting allowed version 5.7.2 to fix vulnerability GHSA-c2qf-rxjj-qqgw in semver 4.0.0 (repository=datashop-engine/datashop-demoapp) DEBUG: Vulnerability GHSA-72xf-g2v4-qvf3 affects tough-cookie 2.4.3 (repository=datashop-engine/datashop-demoapp) DEBUG: Setting allowed version 4.1.3 to fix vulnerability GHSA-72xf-g2v4-qvf3 in tough-cookie 2.4.3 (repository=datashop-engine/datashop-demoapp) DEBUG: Skipping vulnerability lookup for package eslint due to unsupported version ^4.19.1 (repository=datashop-engine/datashop-demoapp) DEBUG: Skipping vulnerability lookup for package jquery due to unsupported version ^3.5.1 (repository=datashop-engine/datashop-demoapp) DEBUG: Vulnerability GHSA-f4c9-cqv8-9v98 affects jsdom 12.2.0 (repository=datashop-engine/datashop-demoapp) DEBUG: Setting allowed version 16.5.0 to fix vulnerability GHSA-f4c9-cqv8-9v98 in jsdom 12.2.0 (repository=datashop-engine/datashop-demoapp) DEBUG: Skipping vulnerability lookup for package moment due to unsupported version ^2.22.2 (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: datashop-engine/ci-webui, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Setting npmrc (repository=datashop-engine/datashop-demoapp) DEBUG: Adding token authentication for https://52.35.230.55/ to hostRules (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: @innovaccer/design-system-next, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: @babel/cli, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: @babel/core, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: @babel/plugin-proposal-class-properties, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: @babel/plugin-proposal-export-namespace-from, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: @babel/plugin-transform-typescript, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: @babel/preset-env, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: @babel/preset-react, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: @babel/preset-typescript, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: @commitlint/cli, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: @commitlint/config-conventional, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: @innovaccer/design-system, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: @types/enzyme, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: @types/jest, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: @types/node, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: @types/react, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: @types/react-dom, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: @types/react-router-dom, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: babel-jest, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: babel-loader, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: babel-polyfill, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: css-loader, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: enginePackage, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: enzyme, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: enzyme-adapter-react-16, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: eslint, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: eslint-config-airbnb, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: eslint-config-prettier, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: eslint-plugin-import, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: eslint-plugin-jest, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: eslint-plugin-jsx-a11y, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: eslint-plugin-prettier, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: eslint-plugin-react, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: history, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: http-proxy-middleware, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: husky, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: identity-obj-proxy, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: immutability-helper, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: jest, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: jest-enzyme, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: jest-styled-components, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: jquery, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: jsdom-global, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: lint-staged, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: mini-css-extract-plugin, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: moment, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: node-time-ago, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: optimize-css-assets-webpack-plugin, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: polished, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: prettier, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: prop-types, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: query-string, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: react, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: react-app-polyfill, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: react-bootstrap, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: react-dates, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: react-datetime, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: react-dom, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: react-email-editor, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: react-idle, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: react-loadable, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: react-router, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: react-router-dom, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: react-test-renderer, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: react-testing-library, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: regenerator-runtime, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: style-loader, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: styled-components, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: time-number, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: tslint, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: tslint-config-prettier, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: typescript, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: video-react, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: webtoolkit, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: xss-filters, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: Dependency: datashop-vendor, is disabled (repository=datashop-engine/datashop-demoapp) DEBUG: GET http://52.35.230.55/semver = (code=ERR_NON_2XX_3XX_RESPONSE, statusCode=403 retryCount=0, duration=128) (repository=datashop-engine/datashop-demoapp) DEBUG: Failed to look up npm package semver (repository=datashop-engine/datashop-demoapp, packageFile=package.json, dependency=semver) DEBUG: GET http://52.35.230.55/tough-cookie = (code=ERR_NON_2XX_3XX_RESPONSE, statusCode=403 retryCount=0, duration=130) (repository=datashop-engine/datashop-demoapp) DEBUG: Failed to look up npm package tough-cookie (repository=datashop-engine/datashop-demoapp, packageFile=package.json, dependency=tough-cookie) DEBUG: GET http://52.35.230.55/jsdom = (code=ERR_NON_2XX_3XX_RESPONSE, statusCode=403 retryCount=0, duration=131) (repository=datashop-engine/datashop-demoapp) DEBUG: Failed to look up npm package jsdom (repository=datashop-engine/datashop-demoapp, packageFile=package.json, dependency=jsdom) DEBUG: PackageFiles.add() - Package file saved for base branch (repository=datashop-engine/datashop-demoapp, baseBranch=master) DEBUG: Package releases lookups complete (repository=datashop-engine/datashop-demoapp, baseBranch=master) DEBUG: branchifyUpgrades (repository=datashop-engine/datashop-demoapp) DEBUG: detectSemanticCommits() (repository=datashop-engine/datashop-demoapp) DEBUG: getCommitMessages (repository=datashop-engine/datashop-demoapp) DEBUG: semanticCommits: detected "angular" (repository=datashop-engine/datashop-demoapp) DEBUG: semanticCommits: enabled (repository=datashop-engine/datashop-demoapp) DEBUG: 0 flattened updates found: (repository=datashop-engine/datashop-demoapp) DEBUG: Returning 0 branch(es) (repository=datashop-engine/datashop-demoapp) DEBUG: config.repoIsOnboarded=true (repository=datashop-engine/datashop-demoapp) DEBUG: packageFiles with updates (repository=datashop-engine/datashop-demoapp, baseBranch=master) ```

[weirdolucifer]

Moved to Discussion.

[rarkins]

You've committed the token to the repo?

And renovate looks up the right server IP, but just fails with credentials?

[github-actions[bot]]

Please create a GitHub Discussion instead of this issue.

We only want Renovate maintainers to create new Issues. If needed, a Renovate maintainer will create an Issue after your Discussion been triaged and confirmed. As a Renovate user, please create a GitHub Discussion in this repo instead.

This Issue will now be closed and locked. We may later batch-delete this issue. This way we keep Issues actionable, and free of duplicates or wrong bug reports.

Thanks, the Renovate team