Environment Info:
System:
OS: Linux 5.10 Arch Linux
CPU: (4) x64 Intel(R) Core(TM) i5-7300HQ CPU @ 2.50GHz
Binaries:
Node: 15.5.1 - /usr/bin/node
Yarn: 1.22.10 - ~/.local/bin/yarn
npm: 6.14.11 - /usr/bin/npm
Browsers:
Chrome: Not Found
Firefox: 84.0.2
npmGlobalPackages:
@vue/cli: 4.5.10
Steps to reproduce
I am using the npm registry on an Azure DevOps server (formerly known as Microsoft TeamFoundation Server; TFS). To authenticate, it is neccesary to use basic authentication, which is not possible with vue-cli.
This becomes apparent when running vue ui, vue create or vue upgrade in such an environment.
What is expected?
vue-cli should be able to access package information on the azure package feed
In contrast npm info vue-cli-version-marker --json and yarn info vue-cli-version-marker --json work fine, because they implement basic auth.
I wonder why we have to reimplement an npm registry client anyway.
Note: For basic auth the credentials are stored in .npmrc as//registry-url:username=myusername and //registry-url:_password=base64-encoded password. So when sending the password with basic auth, we need to be careful not to double-encode.
Version
4.5.10
Environment info
Steps to reproduce
I am using the npm registry on an Azure DevOps server (formerly known as Microsoft TeamFoundation Server; TFS). To authenticate, it is neccesary to use basic authentication, which is not possible with vue-cli.
This becomes apparent when running
vue ui
,vue create
orvue upgrade
in such an environment.What is expected?
vue-cli should be able to access package information on the azure package feed
What is actually happening?
As described in the npm registry docs, authentication with an npm registry is possible via basic auth, bearer auth and in both cases an optional OTP. vue-cli only supports bearer auth without otp: https://github.com/vuejs/vue-cli/blob/027386e8d15495ee6c2f738adb5f97139dc6c81e/packages/%40vue/cli/lib/util/ProjectPackageManager.js#L279-L312
In contrast
npm info vue-cli-version-marker --json
andyarn info vue-cli-version-marker --json
work fine, because they implement basic auth.I wonder why we have to reimplement an npm registry client anyway.
Note: For basic auth the credentials are stored in
.npmrc
as//registry-url:username=myusername
and//registry-url:_password=base64-encoded password
. So when sending the password with basic auth, we need to be careful not to double-encode.