Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

yarn publish not respecting publishConfig in package.json for scoped packages #5279

Closed
yyx990803 opened this issue Jan 25, 2018 · 4 comments · Fixed by #5290
Closed

yarn publish not respecting publishConfig in package.json for scoped packages #5279

yyx990803 opened this issue Jan 25, 2018 · 4 comments · Fixed by #5290
Assignees
@rally25rs
Labels
cat-bug cat-compatibility triaged

Comments

@yyx990803
Copy link

yyx990803 commented Jan 25, 2018
edited
Loading

Do you want to request a feature or report a bug?

Bug

What is the current behavior?
When attempting to publish a scoped package for the first time, even with the following in package.json:

{
  "publishConfig": {
    "access": "public"
  }
}

yarn publish still fails with "You must sign up for private packages".

Note this only happens on the initial publish; once the package has been created, subsequent publish works as expected.

If the current behavior is a bug, please provide the steps to reproduce.

Create an arbitrary scoped package with the above publicConfig settings in package.json, and try yarn publish

What is the expected behavior?

Successfully publish the package with public access. (Using npm works as expected)

Please mention your node.js, yarn and operating system version.

yarn-error.log 
  Arguments: 
  /Users/evan/.nvm/versions/node/v8.9.1/bin/node /usr/local/Cellar/yarn/1.3.2/libexec/bin/yarn.js publish

PATH: 
  ./node_modules/.bin:/Users/evan/.nvm/versions/node/v8.9.1/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Applications/VMware Fusion.app/Contents/Public

Yarn version: 
  1.3.2

Node version: 
  8.9.1

Platform: 
  darwin x64

npm manifest: 
  {
    "name": "@vue/publish-test",
    "version": "1.0.0",
    "description": "",
    "main": "index.js",
    "author": "Evan You",
    "license": "MIT",
    "publishConfig": {
      "access": "public"
    }
  }

yarn manifest: 
  No manifest

Lockfile: 
  No lockfile

Trace: 
  Error: https://registry.yarnpkg.com/@vue%2fpublish-test: You must sign up for private packages
      at Request.params.callback [as _callback] (/usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:62098:18)
      at Request.self.callback (/usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:123085:22)
      at emitTwo (events.js:126:13)
      at Request.emit (events.js:214:7)
      at Request.<anonymous> (/usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:124068:10)
      at emitOne (events.js:116:13)
      at Request.emit (events.js:211:7)
      at IncomingMessage.<anonymous> (/usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:123988:12)
      at Object.onceWrapper (events.js:313:30)
      at emitNone (events.js:111:20)
@ghost ghost assigned torifat Jan 25, 2018
@ghost ghost added the triaged label Jan 25, 2018
@rally25rs rally25rs self-assigned this Jan 26, 2018
@rally25rs
Copy link
Contributor

Confirmed. I got this today in Yarn v1.4.0 too trying to lerna publish a yarn workspace with private scoped packages. I'm not entirely sure how that flag works at the npm registry api level, but I'll see if I can find time to dig into it next week (and assigned to myself).

rally25rs added a commit to rally25rs/yarn that referenced this issue Jan 29, 2018
@rally25rs
feat(publish): Publish command uses publishConfig.access in package.json
dd2a51c 
For npm compatability, `yarn publish` should check `publishConfig.access` in package.json and use it
as if the `--access` option was passed.

yarnpkg#5279
@rally25rs rally25rs mentioned this issue Jan 29, 2018
Merged
arcanis pushed a commit that referenced this issue Jan 30, 2018
@rally25rs @arcanis
feat(publish): Publish command uses publishConfig.access in package.j…
aa200e4 
…son (#5290)

* feat(publish): Publish command uses publishConfig.access in package.json

For npm compatability, `yarn publish` should check `publishConfig.access` in package.json and use it
as if the `--access` option was passed.

#5279

* WIP: CI test failure debugging

* WIP: CI test failure debugging

* WIP: CI test failure debugging

* fix CI errors by mocking npm password prompt

* use jest expect().toBeCalledWith() for publish command tests
@tommytroylin
Copy link

@arcanis @rally25rs

publishConfig accepts not only access but also some other configs

Any config values can be overridden, but of course only "tag", "registry" and "access" probably matter for the purposes of publishing.
document

It seems like your fix just covers access case. At least tag and registry should also be covered.

{
	"publishConfig": {
	    "access": "public",
	    "registry": "https://registry.npmjs.org/"
	  }
}

@tommytroylin tommytroylin mentioned this issue Feb 2, 2018
Open
@renovate renovate bot mentioned this issue Feb 6, 2018
Closed
@jonaskello
Copy link

I also ran into this while trying to publish scoped packages with lerna to a private npm server (verdaccio). Not sure if yarn respects the settings in the package.json publishConfig in general? If not that should probably be fixed according to the comment above by @tommytroylin

@jonaskello
Copy link

Seems this was already reported in #5310

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rally25rs rally25rs

Labels
cat-bug cat-compatibility triaged
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(publish): Publish command uses publishConfig.access in package.json rally25rs/yarn
5 participants
@rally25rs @torifat @yyx990803 @jonaskello @tommytroylin