profile
viewpoint

Ask questionsUnexpected behavior when using NPM private registry

Expect behavior

Run updating dependences without exception.

Actual behavior

Parsing dependencies information
  - Updating eslint-config-prettier (from 3.1.0)…/builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-npm_and_yarn-0.112.5/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:320:in `handle_missing_package': The following source could not be reached as it requires authentication (and any provided details were invalid or lacked the required permissions): registry.npmjs.org (Dependabot::PrivateSourceAuthenticationFailure)
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-npm_and_yarn-0.112.5/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:181:in `handle_npm_updater_error'
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-npm_and_yarn-0.112.5/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:41:in `rescue in updated_lockfile_content'
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-npm_and_yarn-0.112.5/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:24:in `updated_lockfile_content'
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-npm_and_yarn-0.112.5/lib/dependabot/npm_and_yarn/file_updater.rb:187:in `updated_package_lock_content'
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-npm_and_yarn-0.112.5/lib/dependabot/npm_and_yarn/file_updater.rb:120:in `package_lock_changed?'
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-npm_and_yarn-0.112.5/lib/dependabot/npm_and_yarn/file_updater.rb:149:in `block in updated_lockfiles'
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-npm_and_yarn-0.112.5/lib/dependabot/npm_and_yarn/file_updater.rb:148:in `each'
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-npm_and_yarn-0.112.5/lib/dependabot/npm_and_yarn/file_updater.rb:148:in `updated_lockfiles'
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-npm_and_yarn-0.112.5/lib/dependabot/npm_and_yarn/file_updater.rb:39:in `updated_dependency_files'
...
/builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-common-0.112.5/lib/dependabot/shared_helpers.rb:112:in `run_helper_subprocess': 404 Not Found - GET https://registry.npmjs.org/@myPrivateRegistoryScope%2faws-util - Not found (Dependabot::SharedHelpers::HelperSubprocessFailed)
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-npm_and_yarn-0.112.5/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:151:in `run_npm_top_level_updater'
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-npm_and_yarn-0.112.5/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:139:in `block in run_npm_updater'
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-common-0.112.5/lib/dependabot/shared_helpers.rb:141:in `with_git_configured'
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-npm_and_yarn-0.112.5/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:137:in `run_npm_updater'
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-npm_and_yarn-0.112.5/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:115:in `run_current_npm_update'
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-npm_and_yarn-0.112.5/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:35:in `block (2 levels) in updated_lockfile_content'
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-npm_and_yarn-0.112.5/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:34:in `chdir'
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-npm_and_yarn-0.112.5/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:34:in `block in updated_lockfile_content'
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-common-0.112.5/lib/dependabot/shared_helpers.rb:37:in `block (2 levels) in in_a_temporary_directory'
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-common-0.112.5/lib/dependabot/shared_helpers.rb:37:in `chdir'
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-common-0.112.5/lib/dependabot/shared_helpers.rb:37:in `block in in_a_temporary_directory'
	from /usr/lib/ruby/2.6.0/tmpdir.rb:93:in `mktmpdir'
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-common-0.112.5/lib/dependabot/shared_helpers.rb:34:in `in_a_temporary_directory'
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-npm_and_yarn-0.112.5/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:30:in `updated_lockfile_content'
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-npm_and_yarn-0.112.5/lib/dependabot/npm_and_yarn/file_updater.rb:187:in `updated_package_lock_content'
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-npm_and_yarn-0.112.5/lib/dependabot/npm_and_yarn/file_updater.rb:120:in `package_lock_changed?'
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-npm_and_yarn-0.112.5/lib/dependabot/npm_and_yarn/file_updater.rb:149:in `block in updated_lockfiles'
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-npm_and_yarn-0.112.5/lib/dependabot/npm_and_yarn/file_updater.rb:148:in `each'
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-npm_and_yarn-0.112.5/lib/dependabot/npm_and_yarn/file_updater.rb:148:in `updated_lockfiles'
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-npm_and_yarn-0.112.5/lib/dependabot/npm_and_yarn/file_updater.rb:39:in `updated_dependency_files'
...

Step to reproduce

At first, prepare .npmrc in the repository to be updated as follows.

registry=https://repo.example.com/npm-all/

And https://repo.example.com/npm-all/ is configured on the registry side so that it can be accessed without a token.

Finally, run script.

dependabot/dependabot-core

Answer questions kenchan0130

@feelepxyz I tried step execution using pry. So, I may find the cause in https://github.com/dependabot/dependabot-core/blob/master/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb#L72-L75. This method (def npmrc) returns nil because @npmrc was nil and directory is '/' in my case.

And I found a new problem. If I use yarn.lock instead of package-lock.json, as shown below, package-lock.json is downloaded to the repository and an error occurs.

/builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/gitlab-4.12.0/lib/gitlab/request.rb:54:in `validate': Server responded with code 404, message: 404 File Not Found. Request URI: https://gitlab.example.com/api/v4/projects/SampleGroup%2Fdependabot/repository/files/package%2Dlock%2Ejson (Gitlab::Error::NotFound)
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/gitlab-4.12.0/lib/gitlab/request.rb:46:in `block (2 levels) in <class:Request>'
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/gitlab-4.12.0/lib/gitlab/client/repository_files.rb:38:in `get_file'
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-common-0.112.11/lib/dependabot/clients/gitlab_with_retries.rb:67:in `public_send'
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-common-0.112.11/lib/dependabot/clients/gitlab_with_retries.rb:67:in `block in method_missing'
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-common-0.112.11/lib/dependabot/clients/gitlab_with_retries.rb:82:in `retry_connection_failures'
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-common-0.112.11/lib/dependabot/clients/gitlab_with_retries.rb:64:in `method_missing'
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-common-0.112.11/lib/dependabot/file_fetchers/base.rb:316:in `_fetch_file_content_fully_specified'
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-common-0.112.11/lib/dependabot/file_fetchers/base.rb:298:in `_fetch_file_content'
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-common-0.112.11/lib/dependabot/file_fetchers/base.rb:86:in `fetch_file_from_host'
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-common-0.112.11/lib/dependabot/file_fetchers/base.rb:78:in `fetch_file_if_present'
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-npm_and_yarn-0.112.11/lib/dependabot/npm_and_yarn/file_fetcher.rb:60:in `package_lock'
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-npm_and_yarn-0.112.11/lib/dependabot/npm_and_yarn/file_fetcher.rb:40:in `fetch_files'
	from /builds/SampleGroup/dependabot/vendor/bundle/ruby/2.6.0/gems/dependabot-common-0.112.11/lib/dependabot/file_fetchers/base.rb:53:in `files'
	from /builds/SampleGroup/dependabot/bin/generic-update-script.rb:96:in `<top (required)>'
	from bin/dependabot.rb:8:in `load'
	from bin/dependabot.rb:8:in `<main>'
useful!
source:https://uonfu.com/
Github User Rank List