[BUG] npmrc errors related to lacking authToken are obscure

[EvanCarroll]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

This error has been reported before, but for different reasons. I was getting this error in my CI log,

npm notice 
npm ERR! code ENEEDAUTH
npm ERR! need auth This command requires you to be logged in.
npm ERR! need auth You need to authorize this machine using `npm adduser`
npm ERR! A complete log of this run can be found in:
npm ERR!     /root/.npm/_logs/2021-08-06T16_49_02_209Z-debug.log

With -ddd, I get

npm timing command:publish Completed in 219ms
npm verb stack Error: This command requires you to be logged in.
npm verb stack     at Publish.publish (/usr/local/lib/node_modules/npm/lib/publish.js:116:29)
npm verb cwd /builds/cpanel/cpanel/angular-validators
npm verb Linux 5.4.0-77-generic
npm verb argv "/usr/local/bin/node" "/usr/local/bin/npm" "publish" "-ddd" "dist/cpanel/angular-validators"
npm verb node v16.6.1
npm verb npm  v7.20.5
npm ERR! code ENEEDAUTH
npm ERR! need auth This command requires you to be logged in.
npm ERR! need auth You need to authorize this machine using `npm adduser`
npm verb exit 1
npm timing npm Completed in 1036ms
npm verb code 1
npm ERR! A complete log of this run can be found in:
npm ERR!     /root/.npm/_logs/2021-08-06T19_25_39_475Z-debug.log

My problem was I was generating the line in npmrc with (expanded the CI variables),

echo "@cpanel:registry=https://acme.com/projects/foo/package/npm/"
echo "//acme.com/api/v4/:_authToken=${GITLAB_TOKEN}"

When that second line should have been,

echo "//acme.com/api/v4/projects/foo/packages/npm/:_authToken=${GITLAB_TOKEN}"

It's not clear me what the syntax of these lines should be -- I don't see it documneted -- but there are lots of guides on both GitHub and GitLab that have people manually writing .npmrc with these details. One of those guides said that if the token works for multiple repositories we can have it specified without the rest of the path; that the auth line was only left-anchored. That seems to be incorrect. It seems like if the error is the url in the top must match the url in the bottom exactly than a more desirable error (then pointing the user to npm adduser would be),

Detected repository from .npmrc but there was no matching _authToken provide in this file.

---

This problem can even be created with minute problems in the registry that make it mismatch, like this may work with to pull down packages,

@cpanel:registry=https://acme.com/projects/foo/package/npm
//acme.com/api/v4/projects/foo/packages/npm/:_authToken=${GITLAB_TOKEN}

But it will throw the error above because you forgot the slash, it needs to be,

@cpanel:registry=https://acme.com/projects/foo/package/npm/
//acme.com/api/v4/projects/foo/packages/npm/:_authToken=${GITLAB_TOKEN}

---

This is further annoying because GitLab currently publishes two variables which look like they can be used,

export CI_REGISTRY='acme.net:5050'
export CI_API_V4_URL='https://acme.net/api/v4'

However these two variables can NOT be used together to create an npmrc.

echo "@acme:registry=${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/npm"
echo "//${CI_REGISTRY}/api/v4/projects/${CI_PROJECT_ID}/packages/npm/:_authToken=${GITLAB_TOKEN}"

Because then the bottom CI_REGISTRY will expand to having the port number :5050 and trigger a warning.

Note a lot of these issues would be impossible to create with a more sane npmrc format. I'll open up another issue for that.

Expected Behavior

An error more on the lines of,

Detected repository from .npmrc but there was no matching _authToken provide in this file.

Steps To Reproduce

1. Create a line in .npmrc that specifies scope and targets a private repo.
2. Create a lne for authentication that mismatches with the top
3. run npm publish

Environment

• OS: Alpine 3.13.5
• Node: 7.20.5
• npm: 16.6.1