"ng update" doesn't support private repos such as FontAwesome 5 Pro

[bjornharvold]

Versions

Angular CLI: 6.0.0
Node: 9.11.1
OS: darwin x64
Angular: 6.0.0
... animations, cli, common, compiler, compiler-cli, core, forms
... http, language-service, platform-browser
... platform-browser-dynamic, platform-server, router
... service-worker

Package                           Version
-----------------------------------------------------------
@angular-devkit/architect         0.6.0
@angular-devkit/build-angular     0.6.0
@angular-devkit/build-optimizer   0.6.0
@angular-devkit/core              0.6.0
@angular-devkit/schematics        0.6.0
@ngtools/webpack                  6.0.0
@schematics/angular               0.6.0
@schematics/update                0.6.0
rxjs                              6.1.0
typescript                        2.7.2
webpack                           4.6.0

Repro steps

• Add dependency on a private repo such as FontAwesome 5 Pro
• Run ng update @angular/core

Observed behavior

Not found : @fortawesome/pro-regular-svg-icons

Mention any other details that might be useful (optional)

This works fine using npm directly because the private repo has already been registered with npm

[DaSchTour]

Okay, so I'm not the only one with the problem #10571
It also looks like CLI 6.0.0 doesn't support authentication included in global .npmrc

[Ben305]

This should be fixed sooner than later

[Timebutt]

There is definitely a problem when using a private npm repository. I could only run ng update correctly once I removed my .npmrc file, and removed every private package from package.json. After running ng update @angular/cli' it finally correctly generated the angular.json file and I readded all the references I removed before.

[clydin]

Can you provide the list of option names used within .npmrc?

[Ben305]

I have the same problem, my .npmrc looks like this:

@myprefix:registry=https://npm.ourdomain.local

[Timebutt]

Sure, this is what my .npmrc looks like:

registry=https://npm.showpad.io:8080
save-exact=true
//npm.showpad.io:8080/:_authToken=${NPM_TOKEN}

[DaSchTour]

While looking at the growing list of bugs relating .npmrc #10704 #10571 #10660 I think this should be fixed asap

[hansl]

Hi @bjornharvold, @DaSchTour,

Could you verify this is still an issue with 6.0.1? There were a few fixes regarding the registry flag (we have 1 fix in queue for the strict-ssl flag). Thanks!

[rhythmnewt]

    _                      _                 ____ _     ___
    / \   _ __   __ _ _   _| | __ _ _ __     / ___| |   |_ _|
   / △ \ | '_ \ / _` | | | | |/ _` | '__|   | |   | |    | |
  / ___ \| | | | (_| | |_| | | (_| | |      | |___| |___ | |
 /_/   \_\_| |_|\__, |\__,_|_|\__,_|_|       \____|_____|___|
                |___/


Angular CLI: 6.0.1
Node: 9.2.1
OS: win32 x64
Angular: 6.0.0
... animations, common, compiler, compiler-cli, core, forms
... http, language-service, platform-browser
... platform-browser-dynamic, router

Package                           Version
-----------------------------------------------------------
@angular-devkit/architect         0.6.1
@angular-devkit/build-angular     0.6.1
@angular-devkit/build-optimizer   0.6.1
@angular-devkit/core              0.6.1
@angular-devkit/schematics        0.6.1
@angular/cdk                      6.0.1
@angular/cli                      6.0.1
@angular/material                 6.0.1
@ngtools/webpack                  6.0.1
@schematics/angular               0.6.1
@schematics/update                0.6.1
rxjs                              6.1.0
typescript                        2.7.2
webpack                           4.6.0

Yep still happens with 6.0.1. Targeting VSTS in my .npmrc registry=https://PRIVATE.pkgs.visualstudio.com/_packaging/PRIVATE/npm/registry/

Unexpected token T in JSON at position 0
TF400813: Resource not available for anonymous access. Client authentication required.

[ThYpHo0n]

Angular CLI: 6.0.1
Node: 8.9.0
OS: darwin x64
Angular: 6.0.1
... animations, cli, common, compiler, compiler-cli, core, forms
... http, platform-browser, platform-browser-dynamic
... platform-server, router

Package                           Version
-----------------------------------------------------------
@angular-devkit/architect         0.6.1
@angular-devkit/build-angular     0.6.1
@angular-devkit/build-optimizer   0.6.1
@angular-devkit/core              0.6.1
@angular-devkit/schematics        0.6.1
@angular/cdk                      5.2.5
@angular/material                 5.2.5
@ngtools/json-schema              1.1.0
@ngtools/webpack                  6.0.1
@schematics/angular               0.6.1
@schematics/update                0.6.1
ng-packagr                        2.4.4
rxjs                              6.1.0
typescript                        2.7.2
webpack                           4.6.0

Still valid for me too using a scoped repository.

ng update @angular/cli
ng update @angular/core

Went smoothly but
ng update @angular/material broke with a 401 error.

[abbazabacto]

Experiencing this issue with @angular/[email protected] and private Nexus repository

Content of .npmrc looks something like...

registry=
email=
always-auth=true
_auth=

[tilowestermann]

Having the same issue using a JFrog Artifactory (universal artifact manager) as registry in .npmrc. This may be related: angular/devkit#917

[ajpierson]

I'm also having this same problem with @angular/[email protected] and VSTS

[pouyio]

Same problem here behind a private Nexus repo

[7bamboo]

Same here, happens with our own private repo ng update returns Not found: @org/package although npm install @org/package works fine and the package is already installed in node_modules.

[eitland]

Same problem with 6.0.7 just now.

[tilowestermann]

@hansl any update on this? The issue still carries the "need: more info" label.

[Timebutt]

I'm also curious, is there anything we can do or provide to speed this issue up?

[devoto13]

I think it is fixed by angular/devkit#982 in https://github.com/angular/devkit/releases/tag/v6.1.0-beta.1 release. Can anybody verify?

[ajpierson]

I'd be happy to test it, but I'm not quite sure how to...I'm a little confused how devkit relates to CLI. What do I install to test this, is there an NPM package? Do I clone the repo and do an NPM link? If I install that package does the CLI use it, or does it supersede the CLI. Sorry, I'm a little ignorant, I'd love a little guidance.

Or do I just wait for an updated @angular/cli v6.1.0-beta.1 to be released?

[abbazabacto]

@devoto13 I can't seem to find @angular/[email protected], it is not available in the npm registry: https://www.npmjs.com/package/@angular/cli

I was able to install @angular-devkit/[email protected] individually, but that still resulted in a 401 Unauthorized, but not sure if this is related.

[catull]

I think this ticket can be closed.

Why ?

The original issue is that ng update does not support private repositories such as FontAwesome PRO.

That issue is resolved.
Now even environment variables (say for TOKENs to be used in build servers) are supported.

Other issues reported are

• @alex88 - ng does not honour gitlab specific URI
• @daniel-seitz's timeout is a different issue. I am not sure there is a private repo involved here.

These two issues must be dealt with separately, IMHO.

@Albyzai has not stated where the private repo is at.

[alex88]

@catull probably it won't handle any other git repository right? Like gitlab/github/bitbucket/aws codecommit and many others...

[catull]

@alex88 Your repo URL ...

"my-package": "git+ssh://[email protected]:my-package.git#master"

should it not be

"my-package": "git+ssh://[email protected]:>>>>USERNAME/<<<<<<my-package.git#master"

Compare this to my example:

"@streamlabs/obs-studio-node": "git+ssh://[email protected]:>>>>>>computerquip/<<<<<<obs-studio-node#staging",

[alex88]

@catull yes it's actually username/repo, I just wanted to remove also that part, sorry for the confusion

[catull]

No worries, just wanted to exclude another explanation ....

[catull]

@alex88 Have you considered using scoped package naming [1] ?

See, this is a snippet of my .npmrc:

@XXXXXXXXXX:registry=https://artifactory.YYYYYYYYYY:443/artifactory/api/npm/npm-virtual/

@fortawesome:registry=https://npm.fontawesome.com/
//npm.fontawesome.com/:_authToken=${NPM_TOKEN_FONTAWESOME}

You could have

    "my-package": "git+ssh://[email protected]:@YOUR_SCOPE/my-package.git#master"

As long as the package is published with @YOUR_SCOPE - could be @YOUR_ORGANISATION.

It works for FontAwesome.
They use the scope name @FortAwesome - yeah, "FORT awesome", not "FONT awesome".

Side note: You and I both know that "forte" in colloquial Italian means "awesome" in colloquial American English; my eye reads it as "awesome awesome" -> Super-awesome!

FontAwesome's repository is not the canonical from npmjs.org
Yet npm, yarn and most importantly ng all retrieve it from the right place.

Buona fortuna!

[1] https://docs.npmjs.com/misc/scope

[catull]

@daniel-seitz

Perhaps you are right.

Assuming the http proxy config works for, say, the initial npm install.
If that is the case, your issue is that ng update ignores the proxy configuration.
Then I apologise, my analysis above would be incorrect.

However, it is a different case from the original posting.

I suggest you open a new issue with exactly the the title "ng update ignores proxy config."
I do not have a setup which requires a proxy configuration, so I cannot assist you, sorry.

[alex88]

@catull haha for the side note 🤣
Sometimes I read it as awesome-awesome and sometimes if feels like a typo 😆

Anyway, that would involve having our own registry or paying for a private hosted on if I understand it correctly, I think that for now I'll just remove that dependency, upgrade to angular 7 and add it back 😄

Hate to do that but having our own means more maintenance/resources and the other option would be adding another cost. You probably also know how much Italian companies can be stingy 😄

Btw, thanks for the option, if it's something we need to support in long term that's definitely an option to look for!

[catull]

@alex88

On the scoped naming, the cost you incur is operating an NPM registry.

See open source alternatives below, "verdaccio" [1] and "bitsrc.io" [2].
I believe there are docker images for both of them.
At one point, "sinopia" was actively developed, but it has not been updated for more than 3 years.

Imagine this.

Let's just assume for a moment I like a certain library/package.

Let's say it is called banana; the original npm package would be available at https://www.npmjs.com/package/banana.

So, one day I decide to considerably change it, but the original maintainer is
a) not around, the e-mail she is using is invalid by now
b) the maintainer is not interested in your changes
c) the package is not maintained any more, and maintainership cannot be transferred to you

Now in this case, banana was last updated 7 years ago.
But that is beside the point.

Given the fact that I like banana, I can create a fork of it.
I will NOT be able to publish it at https://www.npmjs.com/package/banana.

But I will be able to publish it say, as https://www.npmjs.com/package/@catull/banana.
Then it would be public.

But let's also assume my company operates an internal NPM repository at registry.my-company.net:8080/npm/.

Now I can publish it at https://registry.my-company.net:8080/npm/@SOME_SCOPE/banana

You have to publish it with --scope @SOME_SCOPE.
Otherwise you would publish it at https://registry.my-company.net:8080/npm/banana

But here is the beauty: the scope name can be specifically configured in .npmrc.
It is recognised by all tools equally: npm, yarn and ng.

You can see a good example with bootstrap-vue:

• the original bootstrap-vue
• a fork @aorinevo/bootstrap-vue

[1] verdaccio
[2] bitsrc.io

[alex88]

@catull thanks a lot for the long explanation, I'll keep in mind, surely it's better than fetching from git directly 😄

[daniel-seitz]

@catull thank you, originally i had the same issue as the topic here and this is indeed now resolved. I'll open another issue as suggested, btw. yarn commands work, just the ng update doesnt. I tried migrate only - which works - and then update the packages via yarn, also works. I just think that I might miss something that ng update does as well, other than migrating to the angular.json file and lifting the packages to the recent version. ciao

[DaSchTour]

I really wonder why fontawesome pro works with 7.1.0 but fails with 7.1.1 and 7.1.2
It's a bit sad to see that newer version break again. I hope this can be finally fixed soon.

[Chklang]

I've same problem. "ng update --all" doesn't works with 7.1.2 (and 7.1.0 also) with private registry configured into local ".npmrc". @angular/cli while try to found package on registry.npmjs.org:

404 Not Found - GET https://registry.npmjs.org/mypackage - Not found

But into .npmrc i've :
registry=https://privaterepo.mycompagnie.fr/npm/

[aguacongas]

@Chklang did you try with ng update --registry https://privaterepo.mycompagnie.fr/npm/ ?

[kpaxton]

@aguacongas that works for me!
However, I shouldn't have to do that if the registry is declared in my .npmrc.

[aguacongas]

@kpaxton You're lucky, that doesn't for me. But my private repo needs authentication.
And I agree, we shouldn't have to do that.

[aniruddhadas9]

I also not lucky. I have also authentication set for my private registry and I am getting below error

Unable to authenticate, need: Basic realm="Artifactory Realm"

[aniruddhadas9]

@Chklang did you try with ng update --registry https://privaterepo.mycompagnie.fr/npm/ ?

Do you know what does ng update --registry https://privaterepo.mycompagnie.fr/npm/ command do? Users having auth set in their private registry can directly do what this command does?

[joeson1]

In our npmrc we have options like strict-ssl and always-auth which are boolean values when being parsed. The update script in npm.ts tries to call 'replace' on the options and fails when the function does not exist (which it doesn't for bools):
options[key] = options[key].replace(/\$\{([^\}]+)\}/, (_, name) => process.env[name] || '');
We fixed this by checking if the function exists before trying to call it. PR is attached

Now, ng update works as expected also with our private Artifactory

[florian-kittel]

Hi,

I had the same problem, because we are using Artifactory in our company. We store private repositories in it. So I had the same error when trying to use ng update.

But I can pass the parameter "-f" to force the update. I changed the names to give you an example what will happen with the force flag:

ng update @angular/cli -f
    Package not installed: "-f". Skipping.
    404 Not Found - Get https://registry.npmjs.org/@MYCORPORATE/MYREPO1 - Not Found
    404 Not Found - Get https://registry.npmjs.org/@MYCORPORATE/MYREPO2 - Not Found

After that all was installed and update. I did this with the Angular and CDK package as well. We are updated the internal packages for our own.

I hope this will help.

[florian-kittel]

PS: We also use https://www.npmjs.com/package/npm-check-updates with ncu command to check updates for our packages. This works well with Artifactory. So we now using ng update for all Angular related packages and ncu for other. But be careful and check if all new packages are working with the Angular packages.

[catull]

@florian-kittel
Both npm and yarn have had the outdated option, check it out, it may satisfy your requirements.
Works on public and private npm repos.

[DaSchTour]

Currently with 7.3.0 for me it works correctly again.

[clydin]

This should now be addressed in 7.3.0+. If anyone is still encountering problems, please open a new issue detailing the issue.

[angular-automatic-lock-bot]

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

_{This action has been performed automatically by a bot.}