search

yarnpkg / yarn

The 1.x line is frozen - features and bugfixes now happen on https://github.com/yarnpkg/berry
https://classic.yarnpkg.com
Other
41.44k stars 2.73k forks source link

Adding a scoped package under a custom alias that does not include the scope fails to send auth headers. #7943

Open austin-rausch opened 4 years ago

austin-rausch commented 4 years ago

Bug description

Yarn install for a custom aliased package that is private and scoped does not send auth headers. When adding the scope to the alias name, or include always_auth it will send auth headers. Command

yarn install

What is the current behavior?

When trying to install a scoped private package as an alias without the scope, yarn install is not sending auth headers causing a 404 on install.

What is the expected behavior?

The install should not 404, and instead should send auth headers along with the request.

The npm registry should not use the package name for an aliased package, it should use the target package, E.G. "some-alias": "npm:@some-scope/some-package@1.0.0", Should use @some-scope/some-package not some-alias See: https://github.com/yarnpkg/yarn/blob/b07a19b961dc9521fd15d18f62e30990d4945f28/src/registries/npm-registry.js#L157

Steps to Reproduce

  1. Add an aliased package at an alias name that does not have the scope, E.G.yarn add some-alias@npm:@some-scope/some-package@1.0.0 that has a scope and requires authorization
  2. Attempt to yarn install
  3. Receive 404 error

Environment

alexk111 commented 4 years ago

Here is a workaround for the issue: https://github.com/yarnpkg/yarn/issues/8130#issuecomment-636281053

laggage commented 3 years ago

I encountered the problem too, It bothers me a lot. Does anyone have any temporary solution for it?

austin-rausch commented 3 years ago

@laggage

If you make the alias have a scope it will send the authentication header, E.G.

"@some-scope/some-package_1_0_0": "npm:@some-scope/some-package@1.0.0",

Since the alias name / key name / package identity (which is the part that gets used for the isScopedPackage) has the scope it will send the auth headers.

The work around linked above is strange, to depend on the cache for the install, and since the linked issue above is closed as its fixed in v2 this seems to be the path forward. Can't say I agree with closing the linked issue.

gamedevsam commented 2 years ago

There's plenty of people sill using yarn@1.x - this should be fixed imo. Just ran into this issue and spent half a day trying to figure out what was causing it.

wstmp commented 2 months ago

Sadly, me and my team also lost a day of work due to this issue.