No way to configure that we should always authenticate to NPM about npm HOT 9 CLOSED

Thanks for taking a look. I tested your latest code snippet and it does work! I didn't realize I could pull the always-auth field from the config. Thanks for the tip. I'll start working on a PR.

from npm.

Thanks for the report!
I think you can configure this option in a .npmrc file at the root of your project:

always-auth = true

The config is read get-last-release.js#L9.
We prefer to configure all npm options in the .npmrc rather than adding new options to the plugin.

Let us know if that work. If it doesn't work, the proper fix will be to make sure we read this property from .npmrc.

On a side note it would be good to add some comments about that in the README.

from npm.

Looking at it more in details the alwaysAuth has to be configured in the auth object when calling the client and not in the regular config.

So the client call should be something along those lines:

const auth = NPM_TOKEN ? {token: NPM_TOKEN} : {username: NPM_USERNAME, password: NPM_PASSWORD, email: NPM_EMAIL};
auth.alwaysAuth = config.get('always-auth');
const data = await promisify(client.get.bind(client))(uri, {auth});

PR with tests is welcome!

from npm.

FYI, I created #7 to address this issue.

from npm.

Are you authenticating with a token or with username / password and email? Just wondering.

Looking at the client code it seems that in the case of a call that set the token the request is always authenticated no matter the always-auth parameter.

The always-auth param seems to be used only in the case of a legacy auth (user/pass/mail). See https://github.com/npm/npm-registry-client/blob/c1f1f431550d5faf86dc6cfb2e7e0d094194021b/lib/authify.js#L11

from npm.

That's right. We're using username + password. It looks like we have an older style auth token that uses _auth, not _authToken, so it doesn't seem to work with these libraries

from npm.

@pbomb I'm working on the PR #10 in order to officially support the the legacy authentication (_auth). We would like to mention in the docs the private repository product that use legacy and auth and do not support the _authToken.

Would you mind letting us know what repository product and version you are using?

Thanks!

from npm.

@pvdlg That's great. We're using Artifactory Version 5.3.1.

from npm.

Thanks for the info!

from npm.