34

I signed up for the Github private npm registry beta and followed their instruction: https://github.com/features/package-registry

Works great with npm but I'd prefer using yarn. And while npm has no issues finding the registered package, yarn can't find it at all.

yarn add @omniphx/adminite-adminite-ui-components outputs:

yarn add v1.19.0
info No lockfile found.
warning package-lock.json found. Your project contains lock files generated by tools other than Yarn. It is advised not to mix package managers in order to avoid resolution inconsistencies caused by unsynchronized lock files. To clear this warning, remove package-lock.json.
[1/4]   Resolving packages...
error Couldn't find package "@omniphx/adminite-ui-components" on the "npm" registry.
info Visit https://yarnpkg.com/en/docs/cli/add for documentation about this command.

After reading up on private repos with yarn, I thought the trick was due to yarn having a slightly different rc format. Unfortunately, that didn't work either and yarn is still unable to find the private registry.

.npmrc

registry=https://registry.npmjs.org
@omniphx:registry=https://npm.pkg.github.com/omniphx

.yarnrc

registry "https://registry.npmjs.org"
"@omniphx:registry" "https://npm.pkg.github.com/omniphx"

Also confirmed that my github token is set too with yarn config list:

yarn config v1.19.0
info yarn config
{
  'version-tag-prefix': 'v',
  'version-git-tag': true,
  'version-commit-hooks': true,
  'version-git-sign': false,
  'version-git-message': 'v%s',
  'init-version': '1.0.0',
  'init-license': 'MIT',
  'save-prefix': '^',
  'bin-links': true,
  'ignore-scripts': false,
  'ignore-optional': false,
  registry: 'https://registry.npmjs.org',
  'strict-ssl': true,
  'user-agent': 'yarn/1.19.0 npm/? node/v12.11.1 darwin x64',
  email: 'mattjmitchener@gmail.com',
  lastUpdateCheck: 1570679687836,
  username: 'omniphx',
  '@omniphx:registry': 'https://npm.pkg.github.com/omniphx'
}
info npm config
{
  '//npm.pkg.github.com/:_authToken': 'fake12345',
  registry: 'https://registry.npmjs.org',
  '@omniphx:registry': 'https://npm.pkg.github.com/omniphx',
  python: '/usr/bin/python'
}

Any idea?

Resolved

Changed "@myorg:registry" "https://npm.pkg.github.com/myorg"
To      "@myorg:registry" "https://npm.pkg.github.com"
Marty Mitchener
  • 580
  • 2
  • 5
  • 16
  • Does this fix help in your case? https://stackoverflow.com/questions/58430182/how-do-i-install-private-packages-using-yarn-inside-a-github-action/58430650#58430650 – peterevans Oct 17 '19 at 23:43

4 Answers4

29

I've just run into a similar situation. It seemed that yarn was only looking in the main Yarn package registry for my organization's private package. I had copied the examples from GitHub's Packages documentation for constructing your .npmrc file directly to the .yarnrc file in the project that will be consuming the app, not knowing that the formats were different (I've never had to deal with .yarnrc files before).

However, after updating the .yarnrc file with the correct format that you've mentioned above (which I also found in googling around), yarn successfully found the private package and installed it correctly.

As a heads up, my yarn version: 1.17.3

Steps I Took

  1. Start new terminal session
  2. cd to the project
  3. nvm use (if you have a specific node version to use)
  4. Add the correctly-formatted .yarnrc file to the project. See below for what it looks like.
  5. Manually add the package and version range to the package.json for my private package
  6. Run npm login --registry=https://npm.pkg.github.com --scope=@MyOrg
    • See the note below on scope / org gotcha's
  7. Run yarn

That worked for me.

.yarnrc

"@myorg:registry" "https://npm.pkg.github.com"

Note: See below for a note on the org / scope name gotcha's

Other Notes

I know that it appears that you don't have any issues with this, given your GH username / scope above, but for anyone else that comes here, the documentation on GH is a little sparse with regards to mapping your username / org name to a scope in the package name. Just remember these little gotcha's here:

  • The name of your package must always be scoped to your org (or username)
    • E.g., name: @johndturn/my-package
  • If your organization has capital letters in it, like MyOrg, just replace them in the name of the package in your package.json and your .yarnrc with lowercase
    • E.g., name: @myorg/my-package
    • Note: When authenticating with npm login, I still have kept the uppercase letters in the --scope= argument.
  • The name of your package doesn't have to be the same name of the repo.
    • E.g., for a repo called MyOrg/random-prefix.js-lib, you can have name: @myorg/js-lib in your package.json file for the project itself. Then, installing it in other projects will look something like @myorg/js-lib: 1.0.0.
John T
  • 774
  • 8
  • 10
  • Worked for me too, thanks. Now figuring out how to set it in my CI, which does not run on Github Actions but rather on jenkins. – Dhwaneet Bhatt Jan 10 '20 at 11:19
  • @DhwaneetBhatt great question, and it should be fairly straightforward, with some assumptions. If you're running in Jenkins with Pipelines and a `Jenkinsfile`, **my assumption** is that you can simply add in the above commands (like `npm login ...`) into your `Jenkinsfile`, in a pre-build step. This also assumes that you have Jenkins authenticated with some sort of user in your GitHub org that has the correct privileges to pull packages from your org. That said, I haven't implemented it for our Jenkins boxes yet, but I'll let you know when I do (if it varies from what I've mentioned). – John T Jan 11 '20 at 21:01
  • 2
    Thanks for the reply! Looks like my issue was that I had `"@myorg:registry" "https://npm.pkg.github.com/myorg"` instead of `"@myorg:registry" "https://npm.pkg.github.com"`. Weird that that same url worked fine in my `.npmrc` – Marty Mitchener Feb 04 '20 at 01:43
  • 2
    @MatthewMitchener looks like you found the simplest answer: just leave the `/myorg` off the end in your `.npmrc`, and then GitHub Package Registry works with either yarn or npm. (With no need for a separate `.yarnrc`.) – medmunds Apr 19 '20 at 01:30
6

The problem I had is slightly different.

After tried what John suggested I still can't add private registry packages with yarn (but perfectly fine with npm)

Then I realise two things:

For GitHub packages, npm is fine with either

registry=https://npm.pkg.github.com/my-org

or

@my-org:registry=https://npm.pkg.github.com

but yarn only allow the latter syntax.

Docs from Github website only show the first syntax which could cause problems for yarn users.

Another thing is that if you npm login to the private registry but use a .yarnrc file in your project, yarn can't really mix your npm credentials with it. Although it seems behave differently on different environment.

But it would seems to be a best practice to stick with either yarn login + .yarnrc, or npm login + .npmrc (you can still use yarn to manage your packages in both cases)

Xinan
  • 3,002
  • 1
  • 16
  • 18
  • 1
    As to the two different formats, this Github blog post explains the migration: https://github.blog/2019-09-11-proxying-packages-with-github-package-registry-and-other-updates/ The `registry=` format enabled proxying of all npm packages via the github packages registry, whereas `@my-org:registry:` would lock down the requests to only the github packages registry. – Dave Espionage Sep 02 '20 at 22:39
6

In Yarn v2+ the setup has changed quite a bit. ".yarnrc" is ignored and only ".yarnrc.yml" is used.

To setup a private registry with a scope and token from env, add something along these lines to the ".yarnrc.yml" file (fontawesome example):

npmScopes:
  fortawesome:
    npmRegistryServer: "https://npm.fontawesome.com"
    npmAuthToken: ${FONTAWESOME_TOKEN}

Documentation: https://yarnpkg.com/configuration/yarnrc#npmScopes

kdb
  • 1,994
  • 3
  • 13
  • 11
1

I'm not an expert with npm/yarn so I might be misunderstanding what is happening here, but I don't think package proxying from the npm registry works with yarn yet. Could that be related? When package proxying was released for npm I remember reading comments on Twitter from people that tried it with yarn and it didn't work.

Found the Twitter thread here: https://twitter.com/github/status/1171832034580451328

It doesn't work with Yarn. As soon as I change the registry url -> Couldn't find package.

peterevans
  • 34,297
  • 7
  • 84
  • 83