Yarn 无法通过 Github 包进行身份验证 - 但 npm 可以 [英] Yarn can't authenticate with Github Packages - but npm can

问题描述

我需要做什么来配置 yarn 以使用 Github 包进行身份验证?

我有一个 hello-world npm 包，我正尝试将其私下发布到 github.我希望能够使用 yarn 而不是 npm，但由于某种原因，yarn 无法通过 Github Package 服务进行身份验证:

error 无法发布包:"https://npm.pkg.github.com/@myuser/test-models:您的请求无法通过 GitHub 包服务进行身份验证.请确保您的访问令牌有效并配置了适当的范围."

NPM 发布时没有任何问题，所以我假设它在纱线处理配置信息的方式上有所不同.

详细纱线发布:

$ yarn publish --verbose纱线发布 v1.10.1详细 0.257170891 检查配置文件/Users/myuser/sites/test-models/.npmrc".详细 0.257665932 找到配置文件/Users/myuser/sites/test-models/.npmrc".详细 0.258189892 检查配置文件/Users/myuser/.npmrc".详细 0.258433341 找到配置文件/Users/myuser/.npmrc".详细 0.258899667 检查配置文件/usr/local/etc/npmrc".详细 0.259174747 检查配置文件/Users/myuser/sites/test-models/.npmrc".详细 0.259487532 找到配置文件/Users/myuser/sites/test-models/.npmrc".详细 0.260003161 检查配置文件/Users/myuser/sites/.npmrc".详细 0.260246617 检查配置文件/Users/myuser/.npmrc".详细 0.260455656 找到配置文件/Users/myuser/.npmrc".详细 0.260965719 检查配置文件/Users/.npmrc".详细 0.263449669 检查配置文件/Users/myuser/sites/test-models/.yarnrc".详细 0.263757077 检查配置文件/Users/myuser/.yarnrc".详细 0.264027657 找到配置文件/Users/myuser/.yarnrc".详细 0.264629421 检查配置文件/usr/local/etc/yarnrc".详细 0.264905752 检查配置文件/Users/myuser/sites/test-models/.yarnrc".详细 0.265187834 检查配置文件/Users/myuser/sites/.yarnrc".详细 0.265428211 检查配置文件/Users/myuser/.yarnrc".详细 0.265682381 找到配置文件/Users/myuser/.yarnrc".详细 0.26612276 检查配置文件/Users/.yarnrc".详细 0.268430721 当前时间:2020-07-15T16:04:57.727Z[1/4] 凹凸版...信息当前版本:0.0.3问题 新版本:信息继续当前版本:0.0.3[2/4] 登录...[3/4] 发布...详细 3.449685972 执行PUT"；请求https://npm.pkg.github.com/@myuser/test-models".详细 3.757506429 请求https://npm.pkg.github.com/@myuser/test-models"完成状态码 401.详细 3.760342835 错误:无法发布包:"https://npm.pkg.github.com/@myuser/test-models:您的请求无法通过 GitHub 包服务进行身份验证.请确保您的访问令牌有效并配置了适当的范围."在 MessageError.ExtendableBuiltin (/usr/local/Cellar/yarn/1.10.1/libexec/lib/cli.js:243:66)在新的 MessageError (/usr/local/Cellar/yarn/1.10.1/libexec/lib/cli.js:272:123)在/usr/local/Cellar/yarn/1.10.1/libexec/lib/cli.js:80723:13在 Generator.throw (<匿名>)在步骤 (/usr/local/Cellar/yarn/1.10.1/libexec/lib/cli.js:98:30)在/usr/local/Cellar/yarn/1.10.1/libexec/lib/cli.js:111:13在 processTicksAndRejections (internal/process/task_queues.js:97:5)错误无法发布包:"https://npm.pkg.github.com/@myuser/test-models:GitHub 包服务无法验证您的请求.请确保您的访问令牌有效并配置了适当的范围."信息 访问 https://yarnpkg.com/en/docs/cli/publish 获取有关此命令的文档.

纱线配置:

$ yarn 配置列表纱线配置 v1.10.1信息纱线配置{'版本标签前缀':'v'，'version-git-tag': 真,'version-commit-hooks': 真,版本-git-sign":假，'version-git-message': 'v%s','初始化版本':'1.0.0'，'init-license': 'MIT','保存前缀': '^','bin-links': 真,'忽略脚本':假，'忽略可选':假，注册表:'https://registry.yarnpkg.com','strict-ssl': 真,'用户代理':'纱线/1.10.1 npm/?节点/v13.11.0 达尔文 x64'，最后更新检查:1594760187916}信息 npm 配置{'//registry.npmjs.org/:_authToken': '
使用自动化令牌不会提示输入一次性密码，这意味着您可以将其用作发布工作流程中的秘密.现在，您可以在剪切发布时直接将包发布到 npm 注册表.
如果您是包维护者，并且希望要求包的发布者继续使用双因素身份验证并以交互方式发布，则可以在包设置中执行此操作.
如果您已经需要 2FA，则此行为没有变化；除非您允许，否则不会接受自动化令牌.
如果您一直在等待在您的 npm 帐户上启用双因素身份验证，因为它阻止您在自动化工作流程中发布，您现在可以设置自动化令牌并启用 2FA.
What do I need to do to configure yarn to authenticate with Github Packages?
I've got a hello-world npm package that I'm trying to publish privately to github.  I want to be able to use yarn instead of npm, but for some reason yarn can't authenticate with the Github Package service:
error Couldn't publish package: "https://npm.pkg.github.com/@myuser/test-models: Your request could not be authenticated by the GitHub Packages service. Please ensure your access token is valid and has the appropriate scopes configured."
NPM doesn't have any trouble publishing though, so I'm assuming it's some difference in the way yarn processes the config info.
Verbose yarn publish:
$ yarn publish --verbose
yarn publish v1.10.1
verbose 0.257170891 Checking for configuration file "/Users/myuser/sites/test-models/.npmrc".
verbose 0.257665932 Found configuration file "/Users/myuser/sites/test-models/.npmrc".
verbose 0.258189892 Checking for configuration file "/Users/myuser/.npmrc".
verbose 0.258433341 Found configuration file "/Users/myuser/.npmrc".
verbose 0.258899667 Checking for configuration file "/usr/local/etc/npmrc".
verbose 0.259174747 Checking for configuration file "/Users/myuser/sites/test-models/.npmrc".
verbose 0.259487532 Found configuration file "/Users/myuser/sites/test-models/.npmrc".
verbose 0.260003161 Checking for configuration file "/Users/myuser/sites/.npmrc".
verbose 0.260246617 Checking for configuration file "/Users/myuser/.npmrc".
verbose 0.260455656 Found configuration file "/Users/myuser/.npmrc".
verbose 0.260965719 Checking for configuration file "/Users/.npmrc".
verbose 0.263449669 Checking for configuration file "/Users/myuser/sites/test-models/.yarnrc".
verbose 0.263757077 Checking for configuration file "/Users/myuser/.yarnrc".
verbose 0.264027657 Found configuration file "/Users/myuser/.yarnrc".
verbose 0.264629421 Checking for configuration file "/usr/local/etc/yarnrc".
verbose 0.264905752 Checking for configuration file "/Users/myuser/sites/test-models/.yarnrc".
verbose 0.265187834 Checking for configuration file "/Users/myuser/sites/.yarnrc".
verbose 0.265428211 Checking for configuration file "/Users/myuser/.yarnrc".
verbose 0.265682381 Found configuration file "/Users/myuser/.yarnrc".
verbose 0.26612276 Checking for configuration file "/Users/.yarnrc".
verbose 0.268430721 current time: 2020-07-15T16:04:57.727Z
[1/4] Bumping version...
info Current version: 0.0.3
question New version:
info Proceeding with current version: 0.0.3
[2/4] Logging in...
[3/4] Publishing...
verbose 3.449685972 Performing "PUT" request to "https://npm.pkg.github.com/@myuser/test-models".
verbose 3.757506429 Request "https://npm.pkg.github.com/@myuser/test-models" finished with status code 401.
verbose 3.760342835 Error: Couldn't publish package: "https://npm.pkg.github.com/@myuser/test-models: Your request could not be authenticated by the GitHub Packages service. Please ensure your access token is valid and has the appropriate scopes configured."
    at MessageError.ExtendableBuiltin (/usr/local/Cellar/yarn/1.10.1/libexec/lib/cli.js:243:66)
    at new MessageError (/usr/local/Cellar/yarn/1.10.1/libexec/lib/cli.js:272:123)
    at /usr/local/Cellar/yarn/1.10.1/libexec/lib/cli.js:80723:13
    at Generator.throw (<anonymous>)
    at step (/usr/local/Cellar/yarn/1.10.1/libexec/lib/cli.js:98:30)
    at /usr/local/Cellar/yarn/1.10.1/libexec/lib/cli.js:111:13
    at processTicksAndRejections (internal/process/task_queues.js:97:5)
error Couldn't publish package: "https://npm.pkg.github.com/@myuser/test-models: Your request could not be authenticated by the GitHub Packages service. Please ensure your access token is valid and has the appropriate scopes configured."
info Visit https://yarnpkg.com/en/docs/cli/publish for documentation about this command.
Yarn config:
$ yarn config list
yarn config v1.10.1
info yarn config
{
  'version-tag-prefix': 'v',
  'version-git-tag': true,
  'version-commit-hooks': true,
  'version-git-sign': false,
  'version-git-message': 'v%s',
  'init-version': '1.0.0',
  'init-license': 'MIT',
  'save-prefix': '^',
  'bin-links': true,
  'ignore-scripts': false,
  'ignore-optional': false,
  registry: 'https://registry.yarnpkg.com',
  'strict-ssl': true,
  'user-agent': 'yarn/1.10.1 npm/? node/v13.11.0 darwin x64',
  lastUpdateCheck: 1594760187916
}
info npm config
{
  '//registry.npmjs.org/:_authToken': '<auth_token1_here>',
  '@myuser:registry': 'https://npm.pkg.github.com',
  '//npm.pkg.github.com/:_authToken': '<auth_token2_here>',
  python: '/usr/bin/python'
}
✨  Done in 0.11s.
All my config files:
$ cat /Users/myuser/.npmrc
//registry.npmjs.org/:_authToken=[my-npm-token]

$ cat /Users/myuser/sites/test-models/.npmrc
@myuser:registry=https://npm.pkg.github.com
//npm.pkg.github.com/:_authToken=[my-github-token]

$ cat /Users/myuser/.npmrc
//registry.npmjs.org/:_authToken=[my-npm-token]

$ cat /Users/myuser/.yarnrc
# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1


lastUpdateCheck 1594760187916

解决方案
For npm.pkg.github.com/:_authToken, you could try and use the third type of token which is just released yesterday (Oct. 2nd, 2020):

npm automation tokens


npm is introducing a new setting for access tokens to support publishing to the npm registry from CI/CD workflows.
Previously, you could create an access token with one of two settings: read-only, and publish.

A publish token allows you to publish packages, like the name implies, but if you have two-factor authentication (2FA) enabled on your account, you'll be prompted for your one-time passcode.
We recommend that people set up 2FA on their account for added security, but requiring a passcode means that all publishing must be done interactively. Many people want to automate their publish step with a CI/CD workflow.
Today, we've added a third option for access tokens: automation. You can create an automation token in your access token settings page.

Using an automation token will not prompt for a one-time passcode, meaning that you can use it as a secret in your publish workflow. Now you can publish a package directly to the npm registry when you cut a release.
If you're a package maintainer, and you want to require that publishers to your package continue to use two-factor authentication and publish interactively, you can do that in the package settings.

If you already required 2FA, there's no change to this behavior; automation tokens won't be accepted unless you allow them to be.
If you've been waiting to enable two-factor authentication on your npm account because it prevented you from publishing in an automated workflow, you can now set up an automation token and enable 2FA.


                        
这篇关于Yarn 无法通过 Github 包进行身份验证 - 但 npm 可以的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！