Our main requirement is to add a lib from a third-party private registry through the yarn-add command. Of course, _authToken is required.
我们主要的需求是,通过yarn add命令,添加一个来自第三方private registry的lib。当然,需要_authToken配合。
However, during actual operation, some problems were encountered. And these questions are rather obscure and weird. So make a note of it for emergencies.
但是在实际操作过程中,遇到了一些问题。而且这些问题都比较隐晦和古怪。因此做下记录,以备不时之需。
Example:
We need:
yarn add 【SPACE_NAME】/【PKG_NAME】,
and provided private registry:
https://npm.pkg.github.com/【ORG_NAME】
as well as:
_authToken=【xxx】
🔹Proxy Problem
When the computer used for development is in a Proxy environment, you may encounter SSL connection errors due to the proxy-layer.
当用于开发的电脑处于Proxy环境时,由于代理层的关系,可能会遇到SSL连接报错。
such as
error An unexpected error occurred:
"...xxx...": SSL Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE
or
error An unexpected error occurred:
"...xxx...": unable to verify the first certificate
These errors all seem to imply that there is a problem with the SSL handshake🤝, and that the auth-token has not yet come into play.
这些错误似乎都在暗示SSL握手🤝产生了问题,都还没有到auth-token发挥作用。
Solution
The answer to how to turn off SSL is easy to get from community discussions
从社区很容易得到如何关闭SSL的答案
.npmrc:
strict-ssl=false
But here's where the first weird thing may appear, yarn doesn't seem to recognize strict-ssl in .npmrc.
但是这里可能会出现第一个怪异的地方,yarn似乎并不认可在.npmrc中的strict-ssl。
So we may need to add to .yarnrc
因此我们可能需要添加到.yarnrc中
strict-ssl false
Note that this is the syntax of yarn 1.x, yarn 2 will use
注意这里是yarn 1.x的语法,yarn 2将使用
🔹Auth Problem
When we follow the regular syntax of npm and add the private registry and auth-token to .npmrc:
当我们按照npm的常规语法,将private registry和auth-token添加到.npmrc中后:
//npm.pkg.github.com/:_authToken=[xxx]
【SPACE_NAME】:registry=https://npm.pkg.github.com/【ORG_NAME】
At this time, yarn cannot be recognized, and the following error may occur:
此时yarn无法识别,可能出现如下的报错:
error An unexpected error occurred:
"...xxx...": Permission denied
Community discussion 1's attempt is to upgrade to yarn2 to use the new configuration (.yarnrc.yml) and new bug-fix
社区讨论1的尝试是,升级到yarn2,以使用新的配置(.yarnrc.yml),新的bug-fix
However, when your subsequent process is closely integrated with yarn, for example, subsequent CI steps also include yarn. Hastily upgrading yarn2 or switching to npm itself will have too much impact.
但是,当你的后续流程与yarn紧密结合,例如后续的CI步骤也包括yarn时。仓促的升级yarn2或换用npm本身,影响范围太大。
Community discussion 2 points out that it can be configured into .yarnrc according to the syntax rules of yarnrc.
社区讨论2的方案指出,可以按照yarnrc的语法规则,将其配置到.yarnrc中
"【SPACE_NAME】:registry" "https://npm.pkg.github.com/【ORG_NAME】"
"//npm.pkg.github.com/:_authToken" "[xxx]"
Of course it ultimately failed, at least for the complex third-party lib path mentioned above.
当然它最终还是失败了,起码对于上述复杂的第三方lib path来说。
After reading a lot of related issues and trying it out, for the above hypothetical scenario, the real reason is here: Yarn is unable to infer the token based on the base address
在阅读了大量的相关issue和进行尝试后,对于上述我们假设的场景来说,真正的原因在这里:Yarn 无法根据基础地址推断token的使用
It is mentioned here that yarn 1.x does not seem to be unable to read the auth-token in .npmrc, but when your lib path has multiple levels, it cannot automatically infer only through a full path.
这里提到,yarn 1.x似乎并不是无法读取.npmrc中的auth-token,而是当你的lib path存在多个层级时,它无法只通过一个全量的path自动推断。
So here we seem to have to deal with auth-token like this
因此这里我们似乎不得不这么来处理auth-token
.npmrc
//npm.pkg.github.com/:_authToken=【xxx】
//npm.pkg.github.com/【ORG_NAME】/:_authToken=【xxx】
//npm.pkg.github.com/【ORG_NAME】/【SPACE_NAME】/:_authToken=【xxx】
//npm.pkg.github.com/【ORG_NAME】/【SPACE_NAME】/【PKG_NAME】/:_authToken=【xxx】
【SPACE_NAME】:registry=https://npm.pkg.github.com/【ORG_NAME】
Translation by Google-Translate
Top comments (0)