Search code examples
node.jsnpmnexus

Authentication error on publishing to private NPM repository on Nexus

I am having authentication problem when publishing to my private npm registry hosted on my private Nexus.

My Nexus setup is I have npm-proxy, npm-registry (hosted npm with allowRepublish=false), npm-snapshots (hosted npm with allowRepublish=true) and npm-public (group with all other three repositories).

Since I am developing a library, I am using my snapshot repository, so I can redeploy same version constantly (something like snapshot in maven world).

In my library project I have set this option in package.json

"publishConfig": {
    "registry": "https://my.nexus.com/repository/npm-snapshots/"
}

Next, I created .npmrc file with following content:

registry=https://my.nexus.com/repository/npm-public/
_auth=RVhBTVBMRQ==

And with this setup I can publish project with no problem. However, what bothers me, is that I have my password (which is just base64 encoded) stored in file, that should be commited, but I can't commit it, due to credentials in it.

I have tried to instead login to npm registry and removed the auth line from .npmrc npm adduser --registry=https://my.nexus.com/repository/npm-snapshots --always-auth

I got response Logged in as myusername on https://my.nexus.com/repository/npm-snapshots.

However, when I try to run npm publish I get:

npm ERR! code E401
npm ERR! Unable to authenticate, need: BASIC realm="Sonatype Nexus Repository Manager"
npm verb exit [ 1, true ]
npm timing npm Completed in 6867ms

npm ERR! A complete log of this run can be found in:
npm ERR!     C:\Users\XXXX\AppData\Roaming\npm-cache\_logs\2019-07-30T19_31_01_598Z-debug.log

Now in my other project (which is using this library), I simply created .npmrc file with content registry=https://nexus.mjamsek.com/repository/npm-public/ and run command npm adduser --registry=https://my.nexus.com/repository/npm-public --always-auth and I was able to download the published package.

However, the publish still won't work and I don't know why.

EDIT 31.7.2019: On my list of active realms I also have npm Bearer Token Realm

Solution

  • You need a trailing slash on the end of the registry URL passed into npm adduser, otherwise npm will chop off the last segment of the URL, and it won't work.