-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Open
Labels
Description
Verify latest release
- I verified that the issue exists in the latest pnpm release
pnpm version
v10.24.0
Which area(s) of pnpm are affected? (leave empty if unsure)
Dependencies resolver
Link to the code that reproduces this issue or a replay of the bug
No response
Reproduction steps
- Create a project containing a
.npmrcsuch as:
//gitlab.example.com/api/v4/projects/scope%2Fexample-package/packages/npm/:_authToken="${NPM_TOKEN}"
@scope:registry=https://gitlab.example.com/api/v4/projects/scope%2Fexample-package/packages/npm/
location=project
- Add a dependency in
package.jsonsuch as:
"dependencies": {
"@scope/example-package": "0.0.1"
},
- Attempt to install dependencies with
pnpm install.
Describe the Bug
When configuring a private registry via a .npmrc file, the suggestion is to use <project_id> in your URLs. However, many GitLab examples use a project name with HTML entities, which the API accepts (i.e., @scope%2Fexample-package). When using this pattern, an authorization header is sent to the registry, but when a package is requested, the URL is rewritten, thus an authorization header is not sent.
Here is an example of the output I received when using the wrong key. It clearly demonstrates the URL rewrite.
❯ pnpm i
ERR_PNPM_FETCH_404 GET https://gitlab.example.com/api/v4/projects/scope%2Fexample-package/packages/npm/@scope%2Fexample-package: Not Found - 404
@scope/example-package is not in the npm registry, or you have no permission to fetch it.
An authorization header was used: Bearer gldt[hidden]
...
ERR_PNPM_FETCH_404 GET https://gitlab.example.com/api/v4/projects/1/packages/npm/@scope/example-package/-/@scope/example-package-0.0.1.tgz: Not Found - 404
This error happened while installing a direct dependency of /example-project/
No authorization header was set for the request.
When I change both authentication URLs in .npmrc to the <project_id> everything works as expected.
Expected Behavior
Use the specified package registry URL when installing dependencies.
Which Node.js version are you using?
14.11.1
Which operating systems have you used?
- macOS
- Windows
- Linux
If your OS is a Linux based, which one it is? (Include the version if relevant)
NixOS 25.11
Reactions are currently unavailable