Closed Mitchell-Mulder closed 1 year ago
travi
commented
1 year ago This plug-in defines a direct dependency on npm in order to avoid mismatches like this. The dependency has not yet been updated to use npm v9.
If you are finding that npm is being used from your environment rather than the one installed into node_modules at runtime, that is a bug. Would you be willing to investigate why that command is not using the proper version?
travi
commented
1 year ago Considering that execa is correctly provided with the preferLocal flag, the most likely situation you have is that another one of your dependencies is also installingnpm directly.
Are you running semantic-release with npx or installing as a dependency? If installing as a dependency, try checking for other instances with npm ls npm
travi
commented
1 year ago after further investigation, this situation should only be present if you are using the legacy (less secure) auth option. if you switch to using modern token auth, this problem would be resolved for you. is there any reason that is not an option for you, @Mitchell-Mulder?
crudo
commented
1 year ago crudo
commented
1 year ago 
emilfjellstrom
commented
1 year ago For now, you can run the npm config fix command right before you release
sh 'npm config fix'
sh 'yarn release' For now, you can run the npm config fix command right before you release
our dependence on npm has already been updated to npm v9, but that came with the removal of support for legacy auth. if your project is still using legacy auth, you should migrate to token auth instead
npm recently released v9 which includes some breaking changes in which the legacy authentication types have been consolidated into “legacy”, making the auth-type default to “web”.
JFrog has an article describing the change https://jfrog.com/knowledge-base/artifactory-changes-to-the-login-behavior-in-npm-v9/.
I'm getting the error below using
npm@9.1.1Can the
.npmrcsetup be modified to support npm v9?