gsoft-inc / azure-devops-npm-auth Goto Github PK

Hi, thanks for this great tool!

It would be great if this would also support alternative package managers like PNPM even when NPM is not installed. Currently this does not work, when executing the preinstall script the following output appears:

'npm' is not recognized as an internal or external command,
operable program or batch file.
child_process.js:655
    throw err;
    ^

Error: Command failed: npm config get userconfig
operable program or batch file.

The documentation says:

If you want to use your own Azure Active Directory application, it's possible to specify the client_id and tenant_id arguments
. . .
When creating your own Azure Active Directory application, under the authentication section, you need the configure it to be a public application

But it doesn't explain the details:

1. Where is the source code for the Azure Active Directory application?
2. How do I build it?
3. How do I deploy it?

This GitHub repo seems to only contain code for the CLI tool.

@hbo-iecheruo @D4N14L

Using this library together with npm preinstall script is a great experience when developing locally. Especially when new developers are added to a project.

But when running in CI environment this setup means that npm install will never complete since it is waiting for the login to be completed by the user.

What we need is a way to skip authentication in CI environments (at leas as part of the preinstall. This would allow great developer experience locally while not breaking CI environments.

Hi,
I'm using azure-devops-npm-auth to access my organisation's private NPM feed and I have a weird behaviour which is: from time to time it's possible to generate a token (go to the browser, paste code), and, when it works I can generate several times (deleting the .npmrc) and then suddenly starts to throw timeouts as shown on the image bellow

When I get timeouts, if I comment the code that throws the timeout on the timed-out.js (got module) it works again!:

Can you help?

Is possibile to use this library to authenticate a Service Principal with client_id and client_secret? I'm looking for a solution to authenticate a CI/CD service without a personal access token.

Would be possible to add custom config path to cli?

I downloaded your npm module globally and tried to run it. It doesn't appear to work right now as I got

(node:25238) UnhandledPromiseRejectionWarning: TypeError: Cannot set property device_authorization_endpoint of # which has only a getter
at Function.assign ()
at Function. (/usr/local/lib/node_modules/azure-devops-npm-auth/dist/authentication/mso-issuer.js:20:20)
at Generator.next ()
at fulfilled (/usr/local/lib/node_modules/azure-devops-npm-auth/dist/authentication/mso-issuer.js:5:58)
at processTicksAndRejections (internal/process/task_queues.js:97:5)
(node:25238) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag --unhandled-rejections=strict (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 1)
(node:25238) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

We have npm preinstall scripts setup as described, but are running into the following 2 issues:

• when calling npm install after token is no longer valid
  • preinstall script is executed and token is retrieved
  • however the subsequent install fails
• another case is when the users sets up a repo for the very first time and tries to run npm install
• preinstall script is not executed
• install fails

Both problems can be fixed by manually running npm run preinstall before executing npm install, however:

• this kind of breaks the super nice flow of handling auth automatically
• and it executes authentication twice

Note:

• in cases where token is expired but refresh token is not everything works like a charm

Any ideas where the error might be?

Hi, thanks for the saving us mac users, however, encountered an error when using

What I am missing here? Thanks :)

Thank you so much for this awesome tool!

It would be great if this also supported Yarn v2!

Currently this works very well with Yarn v1, because Yarn v1 will read from a .npmrc file.

But, this doesn't work with Yarn v2, because Yarn v2 does not support the .npmrc file, it only supports the .yarnrc.yml file.

I think this could be implemented in azure-devops-npm-auth by doing the following:

• Check to see if a .yarnrc.yml file exists in the current directory (this would be an indication that the user is using Yarn v2)
• If the user is using Yarn v2, write to ~/.yarnrc.yaml instead of .npmrc
• Write the ~/.yarnrc.yaml file with something like:

npmRegistries:
  //registry.name.com:
    npmAuthIdent: 'base64Encoded(vstsOrgName:vstsPersonalAccessToken)'

I'd be happy to contribute this, if this is something desired, with some pointers around the code, if possible!

Thank you!

Hi @yohanb @ntziolis

I'm getting this error after to authenticate successfully. Also, I see that the .npmrc file has the tokens there.

Done! You can now install packages from https://pkgs.dev.azure.com/xxx/xxx/_packaging/xxx/npm/registry/

npm ERR! code E401
npm ERR! Unable to authenticate, your authentication token seems to be invalid.
npm ERR! To correct this please trying logging in again with:
npm ERR!     npm login

Do you know what the problem can be?

Thanks in advance!

Hello,

We've been using this package for a very long time, and yesterday it randomly started failing with the below error. Any idea what's going on?

I'm getting the same error that PR2 is meant to fix:

C:\Git\my-project\.npmrc
(node:4816) UnhandledPromiseRejectionWarning: Error: No private registry defined in project .npmrc or user defined .npmrc.
    at getRegistry (C:\Git\my-project\node_modules\azure-devops-npm-auth\dist\index.js:73:15)

I'm using [email protected]

That suggests that this fix hasn't yet been published as a new version of this package

When using scoped registry the no private registry is found.

Sample .npmrc:

@myscope:registry=someregistryurl
always-auth=true

Fails with:

(node:30304) UnhandledPromiseRejectionWarning: Error: No private registry defined in project .npmrc or user defined .npmrc.
    at getRegistry (C:\git\ktit\node_modules\azure-devops-npm-auth\dist\index.js:73:15)

When removing the scope everything works just fine, so issue is in detection of the registry and not configuration or how the command is executed etc.

After update the command npx azure-devops-npm-auth --client_id='xxxxxxx' --tenant_id='xxxxxxxxx' is not working.

Version Npm: 8.5.1

Error Console:

sh: azure-devops-npm-auth: command not found
error Command failed with exit code 127.

Version 1.0.13 using the same command works normally.

Hey,

see:

It's fairly common (I think) to not prefix nested dotfiles with a dot

e.g. mine is at ~/.config/npm/npmrc which causes this script to break as it tries to find the config file at ~/.config/npm/npmrc/.npmrc

Was just going to submit a PR but it might need a bit of thinking about so I'm raising a bug for now

Looking through the dependencies of the package.json I have found that the @types/mocha library is not placed in the devDependencies, which is causing our project to crash (since we use jest as per company policy.)

Solution would be to move @types/mocha to devDependencies instead of the regular depencies of the package.

I am trying to use azure-devops-npm-auth in a directory that does not contain a .npmrc file.

Requirement
The use case for this is to create a react app from a react template package that exists in a private registry. Example: npx create-react-app my-app --template @private-registry/cra-template-typescript

Issue
I am receiving the error below:

C:\Users\andrewfabrizi\source>azure-devops-npm-auth
C:\Users\andrewfabrizi\AppData\Roaming\npm\node_modules\azure-devops-npm-auth\dist\npm-config\ini-config.js:16
throw new Error(Configuration file at '${filePath}' doesn't exist.);
^

Error: Configuration file at 'C:\Users\andrewfabrizi\source.npmrc' doesn't exist.
at new IniConfig (C:\Users\andrewfabrizi\AppData\Roaming\npm\node_modules\azure-devops-npm-auth\dist\npm-config\ini-config.js:16:23)
at new NpmConfig (C:\Users\andrewfabrizi\AppData\Roaming\npm\node_modules\azure-devops-npm-auth\dist\npm-config\index.js:15:9)
at new ProjectNpmConfig (C:\Users\andrewfabrizi\AppData\Roaming\npm\node_modules\azure-devops-npm-auth\dist\npm-config\index.js:51:9)
at Object. (C:\Users\andrewfabrizi\AppData\Roaming\npm\node_modules\azure-devops-npm-auth\dist\index.js:20:26)
at Module._compile (internal/modules/cjs/loader.js:1158:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:1178:10)
at Module.load (internal/modules/cjs/loader.js:1002:32)
at Function.Module._load (internal/modules/cjs/loader.js:901:14)
at Module.require (internal/modules/cjs/loader.js:1044:19)
at require (internal/modules/cjs/helpers.js:77:18)

Workaround
If I create an empty .npmrc file in the current directory here: C:\Users\andrewfabrizi\source.npmrc, it works and adds the tokens to the user config .npmrc here: C:\Users\andrewfabrizi.npmrc.

Solution
Can you remove the need for the empty .npmrc file in the project directory? If it doesn't exist, it can then fallback to the user config as npm does with it's commands.