Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Private registry documentation clarification #4654

Open
hbthegreat opened this issue Sep 9, 2023 · 22 comments
Open

Private registry documentation clarification #4654

hbthegreat opened this issue Sep 9, 2023 · 22 comments
Labels
docs Improvements or additions to documentation

Comments

@hbthegreat
Copy link

What is the type of issue?

Documentation is missing, Documentation is incorrect

What is the issue?

Private registries coming from Gitlab private repos (and potentially other places) utilise npm config set and put multiple lines in the .npmrc file. Not sure if this should be a feature request or a documentation request.

I am trying to figure out how to translate those into the bunfig.toml format as not sure where to place individual lines starting with //gitlab

Working npmrc

@company:registry=https://gitlab.com/api/v4/projects/<id>/packages/npm/
//gitlab.com/api/v4/projects/<id>/packages/npm/:_authToken=<access token>
//gitlab.com/api/v4/projects/<id>/packages/npm/:always-auth=true

Not working bunfig.toml

[install.scopes]
"@company" = { url = "https://gitlab.com/api/v4/projects/<id>/packages/npm/" }
//gitlab.com/api/v4/projects/<id>/packages/npm/:_authToken=<access token>
//gitlab.com/api/v4/projects/<id>/packages/npm/:always-auth=true

Thanks in advance

Where did you find it?

https://bun.sh/docs/install/registries
@hbthegreat hbthegreat added the docs Improvements or additions to documentation label Sep 9, 2023
@smnbnd
Copy link

smnbnd commented Sep 9, 2023
edited
Loading

+1
I'm also having trouble figuring this out as I attempt to transition an app to Bun at my day job to see how it fares. Besides that, I'm not sure if options like strict-ssl are supported.

@Frederick888
Copy link

Shouldn't it be

[install.scopes]
"@company" = { token = "<access token>", url = "https://gitlab.com/api/v4/projects/<id>/packages/npm/" }

?

And btw

  1. I don't think // comments are allowed in TOML? They should be # comments
  2. The token in your .npmrc maybe base64'd. Decode them in your bunfig.toml

@hbthegreat
Copy link
Author

These aren't comments. They are actually used in npmrc.

I did try the way you have mentioned however @Frederick888 and the main issue is not being able to have multiple things assigned to that "@company" part.

@Frederick888
Copy link

These aren't comments. They are actually used in npmrc.

I did try the way you have mentioned however @Frederick888 and the main issue is not being able to have multiple things assigned to that "@company" part.

You mentioned in the description yourself you had // lines in bunfig.toml:

Not working bunfig.toml

[install.scopes]
"@company" = { url = "https://gitlab.com/api/v4/projects/<id>/packages/npm/" }
//gitlab.com/api/v4/projects/<id>/packages/npm/:_authToken=<access token>
//gitlab.com/api/v4/projects/<id>/packages/npm/:always-auth=true

@hbthegreat
Copy link
Author

Yes they were included in the bunfig as an example of what I believe is a currently unsupported use case. I understand that beginning lines with // is unsupported in toml and wondering how we can include those extra lines of mapping. Apologies for being unclear.

@beeb
Copy link

beeb commented Sep 11, 2023
edited
Loading

Same problem with Codeartifact on AWS, even when always-auth=true is not required, cf. #4913

@choopk
Copy link

choopk commented Sep 11, 2023
edited
Loading

registry =

_auth =

email =

always-auth = true

strict-ssl = false

@FortAwesome:registry=https://npm.fontawesome.com/
//npm.fontawesome.com/:_authToken=

how would i convert the above to bunfig.toml

@choopk
Copy link

choopk commented Sep 12, 2023
edited
Loading

Global Registry

[install]
registry = "https://{email}:{token}@https://{org}/repository/npm-group/"
always-auth = true
strict-ssl = false

Scoped Registries

[install.scopes]
fortawesome = { url = "https://npm.fontawesome.com/", token = "" }

@hbthegreat
Copy link
Author

@choopk is that token you have referenced the same one as :_authToken= from the fontawesome line in your other comment?

@choopk
Copy link

choopk commented Sep 13, 2023

@choopk is that token you have referenced the same one as :_authToken= from the fontawesome line in your other comment?

the _auth goes to registry = "https://{email}:{token}@https://{org}/repository/npm-group/"

_authToken goes to fortawesome = { url = "https://npm.fontawesome.com/", token = "" }

however the initial installation took forever and never completed and failed.

@hbthegreat
Copy link
Author

Thanks for clarifying. I ended up getting it to work for gitlab registries by rotating my key and making sure it had all required permissions.

Now have set it up identically to what @Frederick888 mentioned above and didn't have to add anything else for always-auth.

@zachbryant
Copy link

zachbryant commented Sep 13, 2023
edited
Loading

The docs should definitely clarify that the PAT is not base64 encoded in the password field

@lukeed
Copy link

lukeed commented Sep 15, 2023

Took a longggg time to get this working with multiple registries (GitHub private, and npm public), but eventually got there.

Because GitHub doesn't forward a MISS to npm

If adding a scoped registry, you have to redeclare the default registry!

[install]
registry = "https://registry.npmjs.org" # redeclare default!

[install.scopes]
"@acme" = { token = "$ACME_TOKEN", url = "https://npm.pkg.github.com/" }
#                     ^ loads from .env file(s)
# add any other scoped registries (with their own access tokens)

@Electroid Electroid mentioned this issue Sep 15, 2023
Open
@lukeed lukeed mentioned this issue Sep 25, 2023
Closed
@tyteen4a03
Copy link

Took a longggg time to get this working with multiple registries (GitHub private, and npm public), but eventually got there.

Because GitHub doesn't forward a MISS to npm

If adding a scoped registry, you have to redeclare the default registry!

[install]
registry = "https://registry.npmjs.org" # redeclare default!

[install.scopes]
"@acme" = { token = "$ACME_TOKEN", url = "https://npm.pkg.github.com/" }
#                     ^ loads from .env file(s)
# add any other scoped registries (with their own access tokens)

Your solution unfortunately didn't work for Font Awesome. Here's what my .bunfig.toml looks like:

[install]
registry = "https://registry.npmjs.org"

[install.scopes]
"@fortawesome" = { token = "$FONTAWESOME_NPM_AUTH_TOKEN", url = "https://npm.fontawesome.com/" }

@tyteen4a03
Copy link

fortawesome

Is that a typo?

No, Font Awesome's prefix is indeed @fortawesome.

@josephearl
Copy link

Is there a way do this without needing to store tokens/passwords in bunfig.toml so it can be committed?
NPM lets you do this and then you authenticate separately with npm adduser --scope=@org --registry=https://org-registry-url

@beeb
Copy link

beeb commented Oct 4, 2023
edited
Loading

Is there a way do this without needing to store tokens/passwords in bunfig.toml so it can be committed? NPM lets you do this and then you authenticate separately with npm adduser --scope=@org --registry=https://org-registry-url

Bun will read environment variables from the .env files so you can use a variable name inside bunfig.toml (see examples above)

@hematy61
Copy link

hematy61 commented Nov 7, 2023
edited
Loading

I have had the same issue and combining everything here and bun docs resolved my issues to some extend but the final catch was for private repositories it was throwing initially 404 and then with some changes 403s.

here is my .npmrc

@mycompany:registry = https://mycompany-repos.com/api/team-a
//mycompany.com/someotherstuff/:strict-ssl=false
//mycompany.com/someotherstuff/:always-auth=false
//mycompany.com/someotherstuff/:username=userA
//mycompany.com/someotherstuff/:pass=APassword

@fortawesome:registry=https://npm.fontawesome.com/
//npm.fontawesome.com/:_authToken:SomeTokenGoesHere

and this is similar stuff converted into bunfig.toml

[install]
# set default registry as a string (this is required as of today)
registry = "https://registry.npmjs.org"


[install.scopes]
"@mycompany" = { url = "https://mycompany-repos.com/api/team-a", strict-ssl = false, always-auth=false, username="userA", pass = "APassword" }
"@fortawesome" = { url = "https://npm.fontawesome.com/", token = "SomeTokenGoesHere"}

and at this point of was getting 403s. The reason was that a missing / after team-a. By adding a / at the end of the https://mycompany-repos.com/api/team-a/ bun was able to catch up and install all deps.

@LightFi91
Copy link

Not sure if exactly related but I had been trying to add/update my bunfig.toml file and running bun i --no-cache but it wouldn't pick up the config changes. I had to delete bun.lockb before it picked things back up, for anyone coming into this.

@hussain-nz
Copy link

Took a longggg time to get this working with multiple registries (GitHub private, and npm public), but eventually got there.

Because GitHub doesn't forward a MISS to npm

If adding a scoped registry, you have to redeclare the default registry!

[install]
registry = "https://registry.npmjs.org" # redeclare default!

[install.scopes]
"@acme" = { token = "$ACME_TOKEN", url = "https://npm.pkg.github.com/" }
#                     ^ loads from .env file(s)
# add any other scoped registries (with their own access tokens)

None of these configs work for @fortawesome/fontawesome. I was having high hopes for bun but this is too simple to ignore. I am discounting it now as a possible alternative to npm install. Also had issues with bundle splitting when building. The only thing left that might be viable is bun test.

@hussain-nz
Copy link

None of these configs work for @fortawesome/fontawesome. I was having high hopes for bun but this is too simple to ignore. I am discounting it now as a possible alternative to npm install. Also had issues with bundle splitting when building. The only thing left that might be viable is bun test.

I finally fixed it, there were a couple of gotchas:

  • If you are using a local config (i.e. not global), then it needs to be bunfig.toml and NOT starting with a dot like this: .bunfig.toml, it looks like the one that starts with a dot is for the global config (outside your source code location that you are running bun install from). After this my "404" errors for fortawesome/fontawesome turned into "401" errors. See next point :)
  • The second thing was that you need to check your token's casing, I visited fontawesome website and got the token straight from there, it was all in upper case. Using the upper case one finally fixed the 401 error. My final bunfig.toml:
[install]
# set default registry as a string (this is required as of today)
registry = "https://registry.npmjs.org"


[install.scopes]
"@fortawesome" = { token = "UPPERCASE-123-123-123-ABC123ABC", url = "https://npm.fontawesome.com/" }

@Envo
Copy link

Envo commented Jun 10, 2024
edited
Loading

I would appreciate some help as I can't me it work. My organisation have several packages on a hosted Sonatype Nexus Repository and no matter how i set the scope, bun always search our packages on registry.npmjs.org where they're obviously missing.

[install]
registry = "https://registry.npmjs.org"

[install.scopes]
"@private" = { url = "https://my.org.com/repository/org-private-npm-group/", token = "string-token" }

Am i doing it a wrong way? I tried it on canary as well, with the same results and i'm on windows.

Update: so the problem is related that our packages doesn't belong to any scopes. they just lies inside our private repository like "package-1.0.1" and "lister-1.0.0" and not like "@private/package-1.0.1"

Is there a workaround for this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
docs Improvements or additions to documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests