Skip to content

Broken verify-auth implementation #414

Open
@EricCrosson

Description

@EricCrosson

TL;DR: I receive ENEEDAUTH npm errors until I comment out these three lines in my node_modules directory -- then publication works fine.

What I did

I attempted to use multi-semantic-release to semantically-publish the typescript-tools monorepo. I configured the NPM_TOKEN environment variable with an Automation-type npm token

Both locally and in GitHub actions I invoked

npx multi-semantic-release

What I expected to happen

I expected packages to publish semantically.

What actually happened

I received the npm error

npm ERR! code ENEEDAUTH
npm ERR! need auth This command requires you to be logged in.
npm ERR! need auth You need to authorize this machine using `npm adduser`

More details

Note: I originally opened an issue in multi-semantic-release but determined the root cause did not lie with code in that repository.

I have 24 packages in the typescript-tools monorepo. While instrumenting the @semantic-release/npm code with debug statements I learned that some (but not all!) of the npm whoami calls in this try block were failing. Plenty of them succeeded in printing my npm username in my stdout.

I was sure from my debugging that the npm credentials were being configured in the temporary .npmrc file correctly, so I tried commenting out the throw statement handling the whoami errors and sure enough, I was able to publish!

[6:56:59 PM] › 🎉  Released 5 of 24 packages, semantically!

So something must be going wrong with the whoami check. I don't think it's being rate-limited; I tried making 100 parallel calls to npm whoami using the @semantic-release/npm temporary .npmrc configuration and all 100 calls succeeded.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions