9

I am trying to run a job with a Node.js project. One of the steps is rtnpminstall which runs the npm install command. The rtnpminstall command is run by the Artifactory plugin on Jenkins. The error says.

npm ERR! code E403
npm ERR! 403 403 Forbidden - GET 
 https://<artifactoryurl>/artifactory/api/npm/<npm registry>/<dependency name>
npm ERR! 403 In most cases, you or one of your dependencies are requesting
npm ERR! 403 a package version that is forbidden by your security policy.

But when I run using npm install -g, it works fine.

When I can click on the dependency link in the jenkins job log, it downloads fine.

I am trying to see what could be the issue as we do not want to use -g option.

My guess is there night be no write permission on project folder on jenkins agent.

TylerH
  • 20,799
  • 66
  • 75
  • 101
Devops
  • 91
  • 1
  • 1
  • 3
  • 1
    Yes, 403 error means that the user does not have permissions and mostly the deploy/cache permission because the dependencies are downloaded from the remote source and need to be cached. Check the Artifactory logs and check the request.log for the username and see if any specific error comes up? – Muhammed Kashif Jun 15 '21 at 07:56

2 Answers2

4

As Muhammed Kashif wrote in his note above -

403 error means that the user does not have permissions and mostly the Deploy/Cache permission because the dependencies are downloaded from the remote source and need to be cached.

This confusing "403" message comes from Artifactory -
not from the remote repository - because without the Deploy/Cache permissions
the user is forbidden from saving artifacts in the cache.

JFrog actually has a page describing this situation, but
only after reading Muhammed's comment I understood what they meant :)

Granting Deploy/Cache permissions to access remote repositories

Gonen
  • 4,005
  • 1
  • 31
  • 39
  • Newbe here. I cloned a little github repository on my HDD and I get the same error. They're artifactory links. (https://github.com/Nmuta/nest_typeorm-postgres) How do I get the deploy permission? Is there anything I can locally change? Do I have to register in jfrog site? I'm completely lost, as I can't understand anything in the provided link. – Yuta73 Apr 29 '22 at 21:51
  • @Yuta73, it is best to ask the maintainer of that GitHub project (you may need to signup for some 3rd-party repository to get these artifacts - I don't know) – Gonen Apr 29 '22 at 22:14
1

In my case, I work bebind the company's proxy and also got this problem. After go throught so many workaround and sill got stuck, I figured out that I've changed my password => _auth value in .npmrc file has changed. That why I couldn't access package files

Thao Duong
  • 11
  • 2