[JIRA] (JENKINS-50920) NPM registry credentials not correctly formatted

Issue Type:	Bug
Assignee:	Dominik Bartholdi
Attachments:	npmConfig.PNG
Components:	config-file-provider-plugin, nodejs-plugin
Created:	2018-04-20 21:53
Priority:	Major
Reporter:	John Case

I am trying to use Jenkins to publish npm packages to a private npm repository. I use the config-file-provider plugin to create a new npm config file.

Creating the config looks like this:

The credentials used in that config is a "username with password" credentials configured with the correct username/password for publishing to my repository.

The publish part of my Jenkinsfile looks like:

 
                                                                nodejs(nodeJSInstallationName: "6.12.0", configId: "npm-publish-config") {
    lerna publish --conventional-commits --yes
}

When I run the build I get the following error when it tries to publish:

 
                                                                need auth You need to authorize this machine using `npm adduser` 
                                                            

I did a little debugging. I was able to fine the file it claims to have used as it's npm config:

 
                                                                @myScope:registry = http://my.private.registry/
 //my.private.registry/:always-auth = true
 //my.private.registry/:username = jenkins
 //my.private.registry/:_password = <<redacted>> 
                                                            

I have found no information online about the :username and :_password properties being supported by NPM. Everything I have found has said that the .npmrc config file should have an _authToken property like this:

 
                                                                @myScope:registry = http://my.private.registry/
 //my.private.registry/:always-auth = true
 //my.private.registry/:_authToken="SECRET" 
                                                            

What am I doing wrong?

This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e)

johnmcase@gmail.com (JIRA)

unread,

Apr 20, 2018, 5:55:02 PM4/20/18

to jenkinsc...@googlegroups.com

John Case updated an issue

Jenkins /

Change By:	John Case

I am trying to use Jenkins to publish npm packages to a private npm repository. I use the config-file-provider plugin to create a new npm config file.

Creating the config looks like this:

!npmConfig.PNG!

The credentials used in that config is a "username with password" credentials configured with the correct username/password for publishing to my repository.

The publish part of my Jenkinsfile looks like:

{code:java}

nodejs(nodeJSInstallationName: "6.12.0", configId: "npm-publish-config") {
lerna publish --conventional-commits --yes
}

{code}

When I run the build I get the following error when it tries to publish:

{noformat}
need auth You need to authorize this machine using `npm adduser`{noformat}

I did a little debugging. I was able to fine find the file it claims to have used as it's npm config:
{code:java}

@myScope:registry = http://my.private.registry/
//my.private.registry/:always-auth = true
//my.private.registry/:username = jenkins

//my.private.registry/:_password = <<redacted>>{code}

I have found no information online about the :username and :_password properties being supported by NPM. Everything I have found has said that the .npmrc config file should have an _authToken property like this:

{code:java}

@myScope:registry = http://my.private.registry/
//my.private.registry/:always-auth = true

//my.private.registry/:_authToken="SECRET"{code}

What am I doing wrong?

domi@fortysix.ch (JIRA)

unread,

Apr 22, 2018, 2:37:02 PM4/22/18

to jenkinsc...@googlegroups.com

Dominik Bartholdi assigned an issue to Nikolas Falco

Jenkins /

Change By:	Dominik Bartholdi
Assignee:	Dominik Bartholdi Nikolas Falco

domi@fortysix.ch (JIRA)

unread,

Apr 22, 2018, 2:37:03 PM4/22/18

to jenkinsc...@googlegroups.com

Dominik Bartholdi updated an issue

Jenkins /

Change By:	Dominik Bartholdi
Component/s:	config-file-provider-plugin

nfalco79@hotmail.com (JIRA)

unread,

Apr 23, 2018, 6:07:03 AM4/23/18

to jenkinsc...@googlegroups.com

Nikolas Falco commented on

Re: NPM registry credentials not correctly formatted

if you are using artifactory as company npm repository (as me), the email is required

johnmcase@gmail.com (JIRA)

unread,

Apr 23, 2018, 9:14:01 AM4/23/18

to jenkinsc...@googlegroups.com

John Case edited a comment on

Re: NPM registry credentials not correctly formatted

e We are not using Artifactory. We are using [Verdaccio|http://www.verdaccio.org/] Publishing to it works manually with the authToken property as described in the issue.

johnmcase@gmail.com (JIRA)

unread,

Apr 23, 2018, 9:14:02 AM4/23/18

to jenkinsc...@googlegroups.com

John Case commented on

Re: NPM registry credentials not correctly formatted

e are not using Artifactory. We are using Verdaccio Publishing to it works manually with the authToken property as described in the issue.

nfalco79@hotmail.com (JIRA)

unread,

May 3, 2018, 2:28:02 PM5/3/18

to jenkinsc...@googlegroups.com

Nikolas Falco commented on

Re: NPM registry credentials not correctly formatted

Today I have try to use
//my.private.registry/:_authToken=<BASE64 user:password>
to authenticate against our artifactory instance without success.

I also found a stackoverflow post where nexus use the same configuration with username and _password instead of _authToken.

More investigation are needed, I have no a plan to solve this.

nfalco79@hotmail.com (JIRA)

unread,

May 3, 2018, 2:29:04 PM5/3/18

to jenkinsc...@googlegroups.com

Nikolas Falco edited a comment on

Re: NPM registry credentials not correctly formatted

Today I have try to use

{noformat}
//my.private.registry/:_authToken=<BASE64 user:password> {noformat}

to authenticate against our artifactory instance without success.

I also found a [stackoverflow post|https://stackoverflow.com/questions/49404870/how-to-set-auth-for-a-scoped-registry-in-npmrc] where nexus use the same configuration with username and _password instead of _authToken.

More investigation are is needed, I have no a plan to solve this.

nfalco79@hotmail.com (JIRA)

unread,

Jan 12, 2020, 8:02:03 AM1/12/20

to jenkinsc...@googlegroups.com

Nikolas Falco commented on

Re: NPM registry credentials not correctly formatted

Looking for this issue again I see that you are trying to use authentication token method that is different with normal npm login.

Indeed the authentication token (as seems from the documentation) is created one time and always valid (unlike the password) and is the reason why in our environment

 
                                                                //my.private.registry/:_authToken=<BASE64 user:password> 
                                                            

does not works.

This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)

nfalco79@hotmail.com (JIRA)

unread,

Jan 12, 2020, 8:02:03 AM1/12/20

to jenkinsc...@googlegroups.com

Nikolas Falco closed an issue as Not A Defect

Jenkins /

Change By:	Nikolas Falco
Status:	Open Closed
Resolution:	Not A Defect

nfalco79@hotmail.com (JIRA)

unread,

Jan 12, 2020, 8:03:01 AM1/12/20

to jenkinsc...@googlegroups.com

Nikolas Falco edited a comment on

Re: NPM registry credentials not correctly formatted

Looking for this issue again I see that you are trying to use [authentication token|https://docs.npmjs.com/using-private-packages-in-a-ci-cd-workflow] method that is different with normal npm login.

Indeed the authentication token (as seems from the [this documentation |https://docs.npmjs.com/using-private-packages-in-a-ci-cd-workflow] ) is created one time and always valid (unlike the password) and is the reason why in our environment
{noformat}//my.private.registry/:_authToken=<BASE64 user:password>{noformat}
does not works.