Skip to content

ng update not respecting the user level .npmrc auth token #21439

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
14 tasks
gaborari opened this issue Jul 28, 2021 · 2 comments
Closed
14 tasks

ng update not respecting the user level .npmrc auth token #21439

gaborari opened this issue Jul 28, 2021 · 2 comments

Comments

@gaborari
Copy link

🐞 Bug report

Command (mark with an x)

  • new
  • build
  • serve
  • test
  • e2e
  • generate
  • add
  • [x ] update
  • lint
  • extract-i18n
  • run
  • config
  • help
  • version
  • doc

Is this a regression?

Yes, the previous version in which this bug was not present was: 11.1.0

Description

I have a private npm feed which provides packages for internal projects.

The projects are having their own .npmrc files (project-level npmrc) without tokens - the tokens could be found in the user-level .npmrc file (c:\users\xxx\.npmrc).

Updating the mentioned package is performed by ng update mypackage in the projects.

Issues started to rise about a week ago - when performing the ng update mypackage:

With non-latest cli, 11.1.0, after it downloads a version dynamically:

Found 174 dependencies.
Fetching dependency metadata from registry...
Error fetching metadata for 'mypackage': Unable to authenticate, need: Bearer authorization_uri=....", TFS-Federated

After updating to the latest cli, I get similar error:

An unhandled exception occurred: Unable to authenticate, need: Bearer authorization_uri

Based on my debugging, the newer cli versions are not picking up the tokens from the user-level npmrc.
If I add the tokens to the project-level npmrc files, then the ng update could be performed - but this is not a viable option, committing tokens to the repositories would be a problem.

🔬 Minimal Reproduction

ng update mypackage

where mypackage is accessible in a private repository, and the project level npmrc file contains only the registry setting, and always-auth true

🔥 Exception or Error


Error fetching metadata for 'mypackage': Unable to authenticate, need: Bearer authorization_uri=....", TFS-Federated


An unhandled exception occurred: Unable to authenticate, need: Bearer authorization_uri

🌍 Your Environment


local cli (but when performing the update, the cli downloads a newer version)
Angular CLI: 11.1.0
Node: 12.18.4
OS: win32 x64

Angular CLI: 12.1.3
Node: 12.18.4
Package Manager: npm 6.14.6
OS: win32 x64

Anything else relevant?
@alan-agius4
Copy link
Collaborator

Same root cause of #21406 which will be addressed in the next release.

@angular-automatic-lock-bot
Copy link

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

This action has been performed automatically by a bot.

@angular-automatic-lock-bot angular-automatic-lock-bot bot locked and limited conversation to collaborators Aug 28, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alan-agius4 @gaborari