Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] npm install asking for a password on nested private packages using git+ssh. #2725

Open
brunoclima opened this issue Feb 18, 2021 · 11 comments
Labels
Bug thing that needs fixing Priority 2 secondary priority issue Release 7.x work is associated with a specific npm 7 release

Comments

@brunoclima
Copy link

brunoclima commented Feb 18, 2021

Current Behavior:

npm asks for a password (through VS Code) when installing private bitbucket packages that have another private package on its dependencies using git+ssh.
In a separate terminal it just get stuck in the private package installation for around 20 minutes before throwing a lot of errors.

Expected Behavior:

npm installs git+ssh packages using my SSH credentials (just like v6 did)

Steps To Reproduce:

  1. Have SSH configured.
  2. Install any private package from bitbucket (or another host. I cant test on any other than bitbucket) that depends on another private package, both using the format git+ssh://[email protected]:company-name/package-name.git.

Environment:

  • OS: Ubuntu 20.04
  • Node: 14.15.5
  • npm: 7.5.4
@brunoclima brunoclima added Bug thing that needs fixing Needs Triage needs review for next steps Release 7.x work is associated with a specific npm 7 release labels Feb 18, 2021
@wraithgar wraithgar added Priority 2 secondary priority issue and removed Needs Triage needs review for next steps labels Mar 26, 2021
@Dewep
Copy link

Dewep commented Apr 28, 2021

Hi @brunoclima!
Did you find a solution?
I mean, something else than downgrading to npm v6?

@brunoclima
Copy link
Author

Hey @Dewep!
Unfortunately, I didn't. I tried to work around urls and stuff but nothing works.
I'm using v6 until they fix it.

@joonseokhu
Copy link

Any updates yet??

@medin-n
Copy link

medin-n commented Feb 3, 2022

I have the same issue, do you have any update?

@mrft
Copy link

mrft commented Mar 9, 2022

Same here...

@JimmayVV
Copy link

This really needs some official attention

@mitchellrj
Copy link

mitchellrj commented May 31, 2022

Seems like this is related to #2610 and complaints about behaviour changes in v7:

Git dependencies on known git hosts (GitHub, BitBucket, etc.) will always attempt to fetch package contents from the relevant tarball CDNs if possible, falling back to git+ssh for private packages. resolved value in package-lock.json will always reflect the git+ssh url value. Saved value in package.json dependencies will always reflect the canonical shorthand value.

From https://blog.npmjs.org/post/626173315965468672/npm-v7-series-beta-release-and-semver-major

We found that when it tries to fetch the Bitbucket package via HTTPS first and MFA is enforced, then it shows the login prompt and freezes there.

@mitchellrj
Copy link

mitchellrj commented May 31, 2022

A workaround I've found for this is to change the hostname to ssh.bitbucket.org or git.bitbucket.org. This works around the matching logic in npm/hosted-git-info.

@mrft
Copy link

mrft commented Dec 5, 2022

Workaround seems to be broken again in npm version 9:
For example:

"somelib" "[email protected]:ourorganisation/ourrepo.git#v20220901"

became

"somelib" "[email protected]:ourorganisation/ourrepo.git#v20220901"

was working with npm 8 but running rm -rf node_modules package-lock.json && npm install with npm 9 prints:

npm ERR! code ENOENT
npm ERR! syscall open
npm ERR! path /home/me/workspace/myproject/[email protected]:ourorganisation/ourrepo.git/package.json
npm ERR! errno -2
npm ERR! enoent ENOENT: no such file or directory, open '/home/me/workspace/myproject/[email protected]:ourorganisation/ourrepo.git/package.json'
npm ERR! enoent This is related to npm not being able to find a file.
npm ERR! enoent 

while the original issue is still there, so the problem only seems to be getting worse...

@mitchellrj
Copy link

@mrft try prefixing your spec with git+ssh://

@mrft
Copy link

mrft commented Dec 5, 2022

To be entirely clear for the next person reading this thread, the version on the next line seems to work in npm 9, but was broken when we tried it with the latest npm8 version.

"somelib" "git+ssh://[email protected]:ourorganisation/ourrepo.git#v20220901"

while this version seems to work for us with both:

  • node v16.18.1 and npm 8.19.2
  • node v18.12.1 and npm 9.1.3
"somelib": "ssh://[email protected]:ourorganisation/ourrepo.git#v20220901",

On top of that, it turns out that VSCode can still mess things up for you.
You can avoid that by editing the File->Preferences->Settings

Set git.terminalAuthentication AND github.gitAuthentication to FALSE
(and restart any VSCode terminal for the settings to take effect) in order to stop VSCode from interfering with npm installs with git dependencies (bitbucket or github)
cfr. https://stackoverflow.com/a/71288248

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug thing that needs fixing Priority 2 secondary priority issue Release 7.x work is associated with a specific npm 7 release
Projects
None yet
Development

No branches or pull requests

8 participants