Context
I have a library of private components stored in Bit.dev as my source of truth.
To use them I must have a token and the registry information in my .npmrc file and with this token I can install all of my components anywhere I want.
/**.npmrc file example **/
@scopename:registry=https://node.bit.dev/
//node.bit.dev/:_authToken=my-really-secure-token
Problem
So, I am trying to use dependabot to update these dependencies on my projects but every time dependabot do the check it fails on authentication.
updater | INFO <job_number> Checking if @owner/scope.ui.teste 0.0.2 needs updating
proxy | 2022/03/11 18:18:35 [034] GET https://node.bit.dev:443/@owner%2Fscope.ui.teste
proxy | 2022/03/11 18:18:36 [034] 404 https://node.bit.dev:443/@owner%2Fscope.ui.teste
updater | INFO <job_number> Handled error whilst updating @owner/scope.ui.teste: private_source_authentication_failure {:source=>"node.bit.dev"}
My dependabot.yaml
version: 2
registries:
bit-components:
type: npm-registry
url: https://registry.npmjs.org
token: ${{secrets.NPM_RC_TOKEN}}
updates:
- package-ecosystem: "npm"
directory: "/"
registries:
- bit-components
schedule:
interval: "daily"
I have tried change the url to:
And also replaced the key token to use username and password for authentication but none of the changes solves the problem or change the error message. What can I do?
We solved it by changing our scope in Bit.dev to public and changing from url: https://registry.npmjs.org to url: https://node.bit.dev
dependabot.yml example
version: 2
registries:
bit-components:
type: npm-registry
url: https://node.bit.dev
token: ${{secrets.NPM_RC_TOKEN}}
updates:
- package-ecosystem: "npm"
directory: "/"
registries:
- bit-components
schedule:
interval: "daily"