-
Notifications
You must be signed in to change notification settings - Fork 3.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot install private github repository with https #2054
Comments
This makes pacote use the git+https: url as the resolved value for known hosts when auth is provided. When auth is not provided, we store the ssh url as the resolved value, in order to maintain a canonical save value that is never git:// for known hosts. In order to fully fix npm/cli#2054, we will also need to have @npmcli/arborist store the git+https url in the package-lock.json and package.json if https auth is provided.
The change in npm/pacote#61 is the first half of this. It will tell pacote to use git+https and not fall back to ssh, if https auth is provided. It will also use git+https as the The second part of the change will be fixed in @npmcli/arborist, by having it store git+https in the package{,-lock}.json files (instead of the shortcut or git+ssh) for known hosts when https auth is present. |
This makes Arborist use the git+https: url as the saved value in package-lock.json and package.json files for known git hosts when http auth is provided. When auth is not provided, we store the canonical ssh url in package-lock.json, and the more human-friendly shortcut in package.json, in order to maintain a canonical save value that is never git:// for known hosts. This is the second part of the fix for npm/cli#2054.
This makes Arborist use the git+https: url as the saved value in package-lock.json and package.json files for known git hosts when http auth is provided. When auth is not provided, we store the canonical ssh url in package-lock.json, and the more human-friendly shortcut in package.json, in order to maintain a canonical save value that is never git:// for known hosts. This is the second part of the fix for npm/cli#2054.
This makes Arborist use the git+https: url as the saved value in package-lock.json and package.json files for known git hosts when http auth is provided. When auth is not provided, we store the canonical ssh url in package-lock.json, and the more human-friendly shortcut in package.json, in order to maintain a canonical save value that is never git:// for known hosts. This is the second part of the fix for npm/cli#2054.
This makes Arborist use the git+https: url as the saved value in package-lock.json and package.json files for known git hosts when http auth is provided. When auth is not provided, we store the canonical ssh url in package-lock.json, and the more human-friendly shortcut in package.json, in order to maintain a canonical save value that is never git:// for known hosts. This is the second part of the fix for npm/cli#2054. PR-URL: #205 Credit: @isaacs Close: #205 Reviewed-by: @wraithgar
Works great, thank you! |
@isaacs @bencergazda I am having the exactly same issue, but not sure how to solve this. would you like to explain in more detail? |
npm install --verbose
with package.json containingCurrent Behavior:
It uses SSH to connect, and not the given token.
Expected Behavior:
It should use the credentials from the package URL. It should
npm ERR! remote: Invalid username or password.
error even if it could use SSHIt works as expected with [email protected]
Steps To Reproduce:
npm install -g npm@7
npm install
npm install -g npm@6
npm install
Environment:
The text was updated successfully, but these errors were encountered: