[Bug] Yarn 2 Response code 404 (not found) when installing from jfrog

Describe the bug

During yarn install the following error appears

➤ YN0000: ┌ Resolution step
➤ YN0001: │ HTTPError: @acme/sdk@npm:1.18.2: Response code 404 (Not Found)
    at EventEmitter.l.on (/Users/dimitriskyriazopoulos/Development/ui/.yarn/releases/yarn-sources.js:24:328280)
    at process._tickCallback (internal/process/next_tick.js:68:7)
➤ YN0000: └ Completed in 2.48s
➤ YN0000: Failed with errors in 2.48s

To Reproduce

Create a Jfrog account Navigate to library workspace Set proper config credentials to .npmrc and point repository to jfrog Use Yarn 1 to publish the package Create another project with dependency the package published earlier Switch to Yarn 2 Delete any yarn.lock if exists Make a yarn install

Environment if relevant (please complete the following information):

OS: OSX
Node version 10.16.3
Yarn version tested both 2.0.0-rc.29 & 2.0.0-rc.29.git.20200305.31ef68ca

Additional context

Some of company’s in-house packages are being published and served by JFrog. The credentials and repository info are being found to .npmrc in the following fashion:

.npmrc

registry=https://acme.jfrog.io/acme/api/npm/npm/
_auth = ${ARTIFACTORY_AUTH}
email = ${ARTIFACTORY_USERNAME}
always-auth = true

Having a dependency on package.json that is being served from JFrog’s artifactory (private repository)

package.json

"dependencies": {
    "@acme/sdk": "1.18.2",
}

Other approaches tried Checking the documentation noticed some configuration options that could be set to .yarnrc.yml

Then I executed the following commands

yarn config set npmAlwaysAuth true
yarn config set npmRegistryServer https://acme.jfrog.io/acme/api/npm/npm/
yarn config set npmAuthToken $ARTIFACTORY_AUTH

The error message was:

➤ YN0000: ┌ Resolution step
➤ YN0041: │ webpack-cli@npm:3.3.0: Invalid authentication (as an unknown user)
➤ YN0000: └ Completed in 1.66s
➤ YN0000: Failed with errors in 1.66s

The same happened when removed npmAuthToken and executed

yarn config set npmAuthIdent $ARTIFACTORY_USERNAME:$ARTIFACTORY_AUTH

Issue Analytics

State:
Created 4 years ago
Reactions:4
Comments:25 (5 by maintainers)

Top GitHub Comments

10reactions

deinicommented, Mar 11, 2020

I had some time today to set up a free-trial with Artifactory and was able to reproduce what you guys are seeing. However, I was able to both publish and install from it. There are a couple of scenarios here and I’ll try to address them all.

First, we need to clarify that all authentication configs must go in your repo’s .yarnrc.yml or your global one (~/.yarnrc.yml). Yarn v2 doesn’t read anything from .npmrc.

Starting with @DimitrK’s scenario, Artifactory as a proxy (no per-scope config): From the original issue description, I see that you tried doing

yarn config set npmAlwaysAuth true
yarn config set npmRegistryServer https://acme.jfrog.io/acme/api/npm/npm
yarn config set npmAuthToken $ARTIFACTORY_AUTH

This was really close! The issue here is that $ARTIFACTORY_AUTH is the basic auth and not the npmAuthToken. What you can do is:

yarn config set npmAlwaysAuth true
yarn config set npmRegistryServer https://acme.jfrog.io/acme/api/npm/npm
yarn npm login

This will ask for your username and password which will be exchanged for an npmAuthToken

Your repo’s .yarnrc.yml will end up with the following config

npmAlwaysAuth: true
npmRegistryServer: "https://acme.jfrog.io/acme/api/npm/npm"

Then on your global config ~/.yarnrc.yml you can see the npmAuthToken is now set

npmRegistries:
  "https://acme.jfrog.io/acme/api/npm/npm":
    npmAuthToken: <TOKEN>

@Tirke’s scenario, Scoped packages:

As @piqueme mentioned already the missing email might be the issue since JFrog states clearly in docs the following: “Your email address (npm publish will not work if your email is not specified in .npmrc)”

This is probably the issue since like you guys already figured out, we are not sending the email. However, this section of the Artifactory docs is under the “Basic Auth” strategy (npmAuthIdent) which we strongly discourage.

We have a yarn npm login --scope <scope> however the scope has to be defined. The easiest way to do this is to manually add the scope to your .yarnrc.yml.

npmScopes:
  acme:
    npmRegistryServer: https://acme.jfrog.io/acme/api/npm/npm
    npmPublishRegistry: https://acme.jfrog.io/acme/api/npm/npm

Then you can do: yarn npm login --scope acme

Which will ask for login/password, exchange it for an npmAuthToken and store it in ~/.yarnrc.yml.

Let me know if you guys have any more questions.

CC: @piqueme

3reactions

paleikacommented, Jun 22, 2021

We managed to add the jfrog package dependency using this yarn v2 config example. Quote symbols are used in the server address but are not needed for the identification

nodeLinker: node-modules
npmAlwaysAuth: true
npmAuthIdent: bmFkZXpo<...>XNDbm1DdTRuUHU=   //this is email:api-key from jfrog encoded in base64 format
npmRegistryServer: "https://jfrog.company.server/artifactory/api/npm/npm/"
yarnPath: .yarn/releases/yarn-berry.cjs

Top Results From Across the Web

Why am I getting 404 for some npm packages? - JFrog

However, when working with the npm public registry, HEAD requests will sometimes trigger a 404 error response even though the requested package exists....

yarn install throw error request failed \"404 Not found"

I found a solution yarn config set registry https://registry.npmjs.org rm yarn.lock yarn.

npm packages in the Package Registry - GitLab Docs

npm install returns npm ERR! 403 Forbidden. If you get this error, ensure that: The Package Registry is enabled in your project settings....

SAP BTP Trial. SAP BAS start error. Some extensions were ...

FW ERROR: The @sap-cds/cds-editor failed to install because Unable to calculate tarball URL for @sap-cds/cds-editor@21.5.2 npm package. yarn ...

Surviving the npm ERR! 404 with private packages

But my colleague is getting the following error on his Linux Debian 10 machine: ... 404 Note that you can also install from...