使用 Nexus https npm 注册表代理时,应该如何在 .npmrc 中设置 _auth?

问题描述 投票:0回答:7

背景

  1. 我的 

    .npmrc
    文件似乎已正确读取(从命令行和 Maven 构建中使用 
    npm config ls -l
    检查)。

  2. 运行

    npm
    的机器无法直接连接到网络,它只能连接到 Nexus npm 注册表 URL。因此,未设置代理属性 
    proxy
    https-proxy

  3. 由于对 Nexus 的访问受到限制,我已从 Nexus 内生成了访问令牌。

  4. Nexus 安全令牌由用户名和密码组成,其中都包含 

    /
    等字符,通常必须进行“url 编码”

  5. 正如预期的那样,使用此配置,运行时

    npm install
    检测不到代理。

  6. Nexus npm 注册表代理似乎已正确设置(使用生成的令牌进行连接后,我可以使用网络浏览器访问 

    json
    文件并下载 
    tgz
    文件)

  7. 如果我将 

    registry
    设置为 
    http://registry.npmjs.org/
    并注释 
    _auth
    email
    always-auth
    strict-ssl
    属性,并添加 
    proxy
    https-proxy
    配置,
    npm install
    按预期工作(但是我将无法在目标环境中执行此操作)

.npmrc
文件内容

; Nexus proxy registry pointing to http://registry.npmjs.org/
registry = https://<host>/nexus/content/repositories/npmjs-registry/ 

; base64 encoded authentication token
_auth = <see question below>

; required by Nexus
email = <valid email>

; force auth to be used for GET requests
always-auth = true

; we don't want to put certificates in .npmrc
strict-ssl = false

loglevel = silly

问题

我应该如何正确生成 

_auth
属性才能让 
npm install
按预期工作?

到目前为止我已经尝试过了

  1. base64编码(
    <username>:<password>
    )
    • 结果
      npm info retry will retry, error on last attempt: Error: socket hang up
  2. base64Encode(urlencode(
    <username>:<password>
    ))
    • 结果
      npm info retry will retry, error on last attempt: Error: This request requires auth credentials. Run `npm login` and repeat the request.
  3. base64Encode(urlencode(
    <username>
    )
    :
    urlencode(
    <password>
    ))
    • 结果
      npm info retry will retry, error on last attempt: Error: socket hang up

收到 

socket hang up
错误时,我有以下堆栈跟踪:

http request GET https://<host>/nexus/content/repositories/npmjs-registry/fsevents
sill fetchPackageMetaData Error: socket hang up
sill fetchPackageMetaData     at TLSSocket.onHangUp (_tls_wrap.js:1035:19)
sill fetchPackageMetaData     at TLSSocket.g (events.js:260:16)
sill fetchPackageMetaData     at emitNone (events.js:72:20)
sill fetchPackageMetaData     at TLSSocket.emit (events.js:166:7)
sill fetchPackageMetaData     at endReadableNT (_stream_readable.js:905:12)
sill fetchPackageMetaData     at doNTCallback2 (node.js:441:9)
sill fetchPackageMetaData     at process._tickCallback (node.js:355:17)
sill fetchPackageMetaData  error for fsevents@^1.0.0 { [Error: socket hang up] code: 'ECONNRESET' }
WARN install Couldn't install optional dependency: socket hang up
verb install Error: socket hang up
verb install     at TLSSocket.onHangUp (_tls_wrap.js:1035:19)
verb install     at TLSSocket.g (events.js:260:16)
verb install     at emitNone (events.js:72:20)
verb install     at TLSSocket.emit (events.js:166:7)
verb install     at endReadableNT (_stream_readable.js:905:12)
verb install     at doNTCallback2 (node.js:441:9)
verb install     at process._tickCallback (node.js:355:17)

收到 

This request requires auth credentials
错误时,我有以下堆栈跟踪:

npm sill fetchPackageMetaData Error: This request requires auth credentials. Run `npm login` and repeat the request.
npm sill fetchPackageMetaData     at CachingRegistryClient.authify (<root>\ui\target\node\node_modules\npm\node_modules\npm-registry-client\lib\authify.js:17:14)
npm sill fetchPackageMetaData     at CachingRegistryClient.makeRequest (<root>\ui\target\node\node_modules\npm\node_modules\npm-registry-client\lib\request.js:103:17)
npm sill fetchPackageMetaData     at <root>\ui\target\node\node_modules\npm\node_modules\npm-registry-client\lib\request.js:66:17
npm sill fetchPackageMetaData     at RetryOperation._fn (<root>\ui\target\node\node_modules\npm\node_modules\npm-registry-client\lib\attempt.js:18:5)
npm sill fetchPackageMetaData     at null._onTimeout (<root>\ui\target\node\node_modules\npm\node_modules\retry\lib\retry_operation.js:49:10)
npm sill fetchPackageMetaData     at Timer.listOnTimeout (timers.js:92:15)
npm sill fetchPackageMetaData  error for fsevents@^1.0.0 [Error: This request requires auth credentials. Run `npm login` and repeat the request.]
npm WARN install Couldn't install optional dependency: This request requires auth credentials. Run `npm login` and repeat the request.
npm verb install Error: This request requires auth credentials. Run `npm login` and repeat the request.
npm verb install     at CachingRegistryClient.authify (<root>\ui\target\node\node_modules\npm\node_modules\npm-registry-client\lib\authify.js:17:14)
npm verb install     at CachingRegistryClient.makeRequest (<root>\ui\target\node\node_modules\npm\node_modules\npm-registry-client\lib\request.js:103:17)
npm verb install     at <root>\ui\target\node\node_modules\npm\node_modules\npm-registry-client\lib\request.js:66:17
npm verb install     at RetryOperation._fn (<root>\ui\target\node\node_modules\npm\node_modules\npm-registry-client\lib\attempt.js:18:5)
npm verb install     at null._onTimeout (<root>\ui\target\node\node_modules\npm\node_modules\retry\lib\retry_operation.js:49:10)
npm verb install     at Timer.listOnTimeout (timers.js:92:15)
npm nexus npm-install
7个回答
74
投票

来源:https://help.sonatype.com/repomanager3/nexus-repository-administration/formats/npm-registry/npm-security & https://help.sonatype.com/repomanager3/nexus-repository-administration/formats/npm-registry/publishing-npm-packages

  1. 配置注册表(在步骤 2 中配置身份验证之前执行此操作很重要,因为身份验证设置将基于注册表):

     npm config set registry="http://localhost:8081/repository/npm-internal/"

  2. 使用如下示例所示的行配置身份验证:

     npm config set _auth="$(echo -n 'username:password' | base64)"

  3. 使用以下命令检查当前配置:

     npm config ls

  4. 发布你的 npm 包:

     npm publish --registry http://localhost:8081/repository/npm-internal/
24
投票

如果您有授权令牌,则不应使用用户名:密码。 我建议你:

  1. 生成代币

    • 删除你的 ~/.npmrc 或重命名它。
    • 确保您的环境设置(例如 $NPM_CONFIG_* )未设置。
    • 使用以下方法验证电子邮件和其他设置是否已取消设置:
      npm config list
    • 使用以下方式登录 npm:
      npm login --registry=https://nexus.whatever.registry/respository/npm-whatever-group/
    • 一旦您登录 - 您就已登录。 npm 应该在 ~/.npmrc 中为其生成一个令牌。它看起来像:

//nexus.whatever.registry/respository/npm-whatever-group/:_authToken=NpmToken.YOUR-LOVELY-TOKEN-IN-HEX

  1. 您可以在您的项目、CI 管道和其他项目中使用该令牌。确保您的项目 .npmrc 中有:

//nexus.whatever.registry/respository/npm-whatever-group/:_authToken=NpmToken.YOUR-LOVELY-TOKEN-IN-HEX
email = <EMAIL_USED_FOR_TOKEN_GENERATION>
always-auth = true
registry = https://nexus.whatever.registry/respository/npm-whatever-group/

  1. 如果您遇到身份验证/证书问题:

    • 添加环境变量(也添加到您的 CI/CD 管道中) $NODE_EXTRA_CA_CERTS 指向 /home/wherever/is/your/cert.pem

  2. 对于 CI/CD 管道(如 gitlabs 或 jenikins):

    • 考虑用 
      ${RELEVANT_ENV_VARIABLES}
      替换 .npmrc 项目文件中的实际值。这样,您将使它们不那么明显,并且始终在管道更改时进行自我更新。

希望这有帮助。

10
投票

查看

registry-client
代码后,我找到了答案,就在这里。我发布它是因为它可能对其他人有帮助:

base64Encode(<username>:<password>)

顺便说一句,有一个 URL 编码,但它是由 

authify.js
负责处理的。

我面临的“套接字挂起”问题是由于以下事实:如果在 Windows 配置中设置了代理,则从 CLI(而不是从 Maven 构建)启动 

npm
时,所有 ``.npmrc``代理设置似乎被忽略,而本机代理排除(对于公司 URL)被 npm 忽略。我会开一张罚单来报告这种奇怪的行为。

8
投票
Before you run npm login, please follow the instructions below :

1) Create an ~/.npmrc file with the following contents:

registry=https://example.com/repository/npm-group/
[email protected]
always-auth=true
//example.com/repository/npm-group/:_authToken=

2) run `npm login`

# npm login
Username: firstname.lastname
Password: 
Email: (this IS public) [email protected]
Logged in as firstname,lastname on https://example.com/repository/npm-group/.

Use the same password you use to login to example.com
2
投票

我不了解 Nexus,但我们使用神器作为 npm 存储库,在那里我可以通过调用 

base64encode(username:encryptedPassword)
来创建我的身份验证令牌,其中 
encryptedPassword
是我从我的个人神器配置文件中获得的令牌。

也许这有帮助。

2
投票

我的 npmrc 如下:

registry=https://registry.npmjs.org/
@mycompany:registry=https://nexus.mycompany.ninja/repository/npm-hosted/
//nexus.mycompany.ninja/repository/npm-hosted/:_auth="this is my real auth secret="
0
投票

我刚刚编写了一个包装器,它将凭据存储在系统钥匙串中并动态提供它们。查看:https://github.com/Xiphe/npm_keychain_auth

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.