Missing support for npm bearer auth and OTP

[bodograumann]

Version

4.5.10

Environment info

Environment Info:

  System:
    OS: Linux 5.10 Arch Linux
    CPU: (4) x64 Intel(R) Core(TM) i5-7300HQ CPU @ 2.50GHz
  Binaries:
    Node: 15.5.1 - /usr/bin/node
    Yarn: 1.22.10 - ~/.local/bin/yarn
    npm: 6.14.11 - /usr/bin/npm
  Browsers:
    Chrome: Not Found
    Firefox: 84.0.2
  npmGlobalPackages:
    @vue/cli: 4.5.10

Steps to reproduce

I am using the npm registry on an Azure DevOps server (formerly known as Microsoft TeamFoundation Server; TFS). To authenticate, it is neccesary to use basic authentication, which is not possible with vue-cli.

This becomes apparent when running vue ui, vue create or vue upgrade in such an environment.

What is expected?

vue-cli should be able to access package information on the azure package feed

What is actually happening?

ERROR Failed to get response from https://myserver/tfs/mycollection/_packaging/packages/npm/registry/vue-cli-version-marker

---

As described in the npm registry docs, authentication with an npm registry is possible via basic auth, bearer auth and in both cases an optional OTP. vue-cli only supports bearer auth without otp: https://github.com/vuejs/vue-cli/blob/027386e8d15495ee6c2f738adb5f97139dc6c81e/packages/%40vue/cli/lib/util/ProjectPackageManager.js#L279-L312

In contrast npm info vue-cli-version-marker --json and yarn info vue-cli-version-marker --json work fine, because they implement basic auth.

I wonder why we have to reimplement an npm registry client anyway.

Note: For basic auth the credentials are stored in .npmrc as//registry-url:username=myusername and //registry-url:_password=base64-encoded password. So when sending the password with basic auth, we need to be careful not to double-encode.

[haoqunjiang]

😂 Well, I reimplemented the registry client because of the poor performance of Windows subprocesses: https://github.com/vuejs/vue-cli/issues/4895#issuecomment-559727276 Didn't expect so many edge cases here…