Hi all,
I am running into an issue when trying to the use corepack prepare --all against an authenticated NPM registry.
Within our company we use a our own NPM registry which mirrors registry.npmjs.org to able to resolve packages within our closed infrastructure. Now i found these COREPACK_NPM_REGISTRY, COREPACK_NPM_TOKEN environment variables, which almost seem to work.
What i have noticed (after some debugging) is that the first request to retrieve the metadata of the package managers is an authenticated request. Meaning a request is send to our custom set NPM registry and it contains an Authorization header with the Bearer token.
Now the second request which downloads the actual package manager's binary does not contain an Authorization header, which results into a 401 error as the all of the request to our NPM registry must be authenticated.
When looking into the sources I have noticed that the corepackUtils.ts\installVersion(...) does check if the COREPACK_NPM_REGISTRY is configured and then applies it, but is does not take authentication environment variables COREPACK_NPM_TOKEN, COREPACK_NPM_USERNAME, COREPACK_NPM_PASSWORD into account.
However the npmRegistryUtils.ts\fetchAsJson(...) does apply all environment variables when building the request, which explains why the first request is authenticated.
For us (and I assume more people behind an authenticated NPM registry) it would be great if all requests that use the COREPACK_NPM_REGISTRY environment variable would also check if the COREPACK_NPM_TOKEN, COREPACK_NPM_USERNAME, COREPACK_NPM_PASSWORD environment variables are set. In order to create and Authorization header to be send along with the request.
Hi all,
I am running into an issue when trying to the use
corepack prepare --allagainst an authenticated NPM registry.Within our company we use a our own NPM registry which mirrors registry.npmjs.org to able to resolve packages within our closed infrastructure. Now i found these
COREPACK_NPM_REGISTRY,COREPACK_NPM_TOKENenvironment variables, which almost seem to work.What i have noticed (after some debugging) is that the first request to retrieve the metadata of the package managers is an authenticated request. Meaning a request is send to our custom set NPM registry and it contains an
Authorization headerwith the Bearer token.Now the second request which downloads the actual package manager's binary does not contain an
Authorization header, which results into a 401 error as the all of the request to our NPM registry must be authenticated.When looking into the sources I have noticed that the
corepackUtils.ts\installVersion(...)does check if theCOREPACK_NPM_REGISTRYis configured and then applies it, but is does not take authentication environment variablesCOREPACK_NPM_TOKEN,COREPACK_NPM_USERNAME,COREPACK_NPM_PASSWORDinto account.However the
npmRegistryUtils.ts\fetchAsJson(...)does apply all environment variables when building the request, which explains why the first request is authenticated.For us (and I assume more people behind an authenticated NPM registry) it would be great if all requests that use the
COREPACK_NPM_REGISTRYenvironment variable would also check if theCOREPACK_NPM_TOKEN,COREPACK_NPM_USERNAME,COREPACK_NPM_PASSWORDenvironment variables are set. In order to create andAuthorization headerto be send along with the request.