"Verify user is authenticated" Credentials Issue

[colinking]

Hitting an issue with authentication when trying to publish a private scoped package to npm.

Running yarn run release (where "release": "np" in package.json):

> yarn run release
yarn run v1.16.0
$ np

Publish a new version of @segment/package-name (current: 1.0.4)

Commits:
- Add np for releasing to npm (#3)  66f0afc

Commit Range:
93f42078aea5ad8114c57c618db33f06c89e4147...master

? Select semver increment or specify new version patch 	1.0.5
? This scoped repo @segment/package-name hasn't been published. Do you want to publish it publicly? No

  ❯ Prerequisite check
    ✔ Ping npm registry
    ✔ Check npm version
    ✔ Check yarn version
    ✖ Verify user is authenticated
      → npm ERR!     /Users/colinking/.npm/_logs/2019-06-18T20_37_11_472Z-debug.log
      Check git version
      Check git remote
      Validate version
      Check for pre-release version
      Check git tag existence
    Git
    Cleanup
    Installing dependencies using Yarn
    Running tests using Yarn
    Bumping version using Yarn
    Publishing package using Yarn
    Enabling two-factor authentication
    Pushing tags
    Creating release draft on GitHub

✖ Command failed: npm access ls-collaborators @segment/package-name
npm ERR! code E403
npm ERR! 403 Forbidden - GET https://registry.yarnpkg.com/-/package/%40segment%2Fpackage-name/collaborators?format=cli - Forbidden

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/colinking/.npm/_logs/2019-06-18T20_37_11_472Z-debug.log



Publish failed. Rolling back to the previous state…
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.

What's odd is that I am logged in:

> yarn login
yarn login v1.16.0
info npm username: colinking
info npm email: <email>
✨  Done in 0.06s.

And I'm even able to fetch that collaborators list that is 403-ing:

> npm access ls-collaborators @segment/node-ctlstore
{
	// ...
}

And both of the following publish fine:

> ./node_modules/.bin/np

> npm run release

Possibly this is an issue with np getting auth rights correctly via yarn?

Expected behavior

Expected to not get a 403 issue from np. It should have published fine, just like it does when run with npm instead of yarn.

Environment

np - 5.0.3
Node.js - v10.15.3
npm - 6.9.0
Git - 2.20.1
OS - macOS 10.14.5

---

IssueHunt Summary

bunysae has been rewarded.

Backers (Total: $50.00)

• kylemh ($50.00)

Submitted pull Requests

• #498 Added yarn issue with failing user authentication to the docs

---

Tips

• Checkout the Issuehunt explorer to discover more funded issues.
• Need some help from other developers? Add your repositories on IssueHunt to raise funds.

---

IssueHunt has been backed by the following sponsors. Become a sponsor

[colinking]

Also worth noting, I tried yarn logout && yarn login (from #256 (comment)) but that didn't seem to work here.

Also looks like @brmscheiner ran into the same issue based on their comment here: #420 (comment)

[itaisteinherz]

And I'm even able to fetch that collaborators list that is 403-ing:

This is the error I get when trying to execute the command:

❯ npm access ls-collaborators @segment/package-name
npm ERR! code E403
npm ERR! 403 Forbidden - GET http://registry.npmjs.org/-/package/%40segment%2Fpackage-name/collaborators?format=cli - Forbidden

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/Itai/.npm/_logs/2019-06-24T06_55_25_767Z-debug.log

This also might be related to #395, #317 and a few other similar issues.

[kylemh]

Also seeing an issue. I'd like to try and resolve this, so I'll pull the repo down locally, but @sindresorhus ... any inkling as to why collaborators('@private-org/private-package') could fail in this package, but npm access ls-collaborators @private-org/private-package responds with 200 status and a list of users?

Really need this one fixed 🙏

[issuehunt-oss]

@kylemh has funded $50.00 to this issue.

---

• Submit pull request via IssueHunt to receive this reward.
• Want to contribute? Chip in to this issue via IssueHunt.
• Checkout the IssueHunt Issue Explorer to see more funded issues.
• Need help from developers? Add your repository on IssueHunt to raise funds.

[bunysae]

@colinking @kylemh
This error looks like a wrong registry url. np (version 5.0.3) tries to publish to the default registry url. If you choose yarn to run np, yarn overrides the registry url with https://registry.yarnpkg.com/ (default-setting). So it doesn't matter, what registry url you configured for npm. Yarn always overrides this url. If you execute the command npm access ls-collaborators @segment/node-ctlstore, the registry url from npm is used. The mismatch between these two commands can come from the different registries.

In version 6.0.0 (np), you can tell np to use the registry url from the publishConfig property in package.json.

[kylemh]

@sindresorhus I'm not sure if I should notify the author of #491 to collect the bounty or if @bunysae should get it given the explanation of the issue and workaround?

Also, I'm guessing this can be closed by instructing devs to go to v6.0.0 and changing publishConfig

[sindresorhus]

You can give it to @bunysae, but it can only be given by referencing a PR. @bunysae Can you do a PR to add a tip about this issue to the readme? Maybe a FAQ item?

[bunysae]

@sindresorhus Done

[issuehunt-oss]

@sindresorhus has rewarded $45.00 to @bunysae. See it on IssueHunt

• 💰 Total deposit: $50.00
• 🎉 Repository reward(0%): $0.00
• 🔧 Service fee(10%): $5.00