Reputation: 89
unable to npm publish new package to artifact registry even though my logged in user as Owner access
My organization is part of the Artifact Registry beta, and I'm proceeding through the quickstart fine, but when I attempt to publish my first package I'm getting:
npm ERR! code E403
npm ERR! 403 403 Forbidden - PUT https://us-central1-npm.pkg.dev/[obsuring projectid]/npm-packages/security - Permission "artifactregistry.repositories.uploadArtifacts" denied on resource "projects/[obsuring projectid]/locations/us-central1/repositories/npm-packages" (or it may not exist)
npm ERR! 403 In most cases, you or one of your dependencies are requesting
npm ERR! 403 a package version that is forbidden by your security policy.
my account has Owner access so not sure why I'm getting this error.
.npmrc file is in same directory as package.json for what I'm trying to publish:
registry=https://us-central1-npm.pkg.dev/[obscuring projectId]/npm-packages/
//us-central1-npm.pkg.dev/[obscuring projectId]/security/:_password="[obscuring password]"
//us-central1-npm.pkg.dev/[obscuring projectId]/security/:username=oauth2accesstoken
//us-central1-npm.pkg.dev/[obscuring projectId]/security/:email=[obscuring email]
//us-central1-npm.pkg.dev/[obscuring projectId]/security/:always-auth=true
before publishing I'm running this to update password in .npmrc file:
npm run artifactregistry-login ./.npmrc --registry https://registry.npmjs.org/
Upvotes: 4
Views: 7889
Answers (3)
Reputation: 506
I was having the same problem.
Here was my setup:
bitbucket pipeline to bump package version and push change and tag back to git branch. Then publish to GCP Artifact Registry npm repository.
The account I was using to authenticate with was also a project owner, so should've had permissions to publish, but for some reason owners do not have access to create a new package, just publish new versions.
The solution for me was to add the permission "Artifact Registry Administrator" to the owner account. Apparently this allows for creating and managing packages, as well as versions.
Hope this helps someone.
Upvotes: 0
Reputation: 397
I had the very same issue (I work with Windows platform) and I fixed it by using Linux on Wsl2.
There's an issue with the Google Artifact Registry Auth package for Windows.
Everytime I executed:
npx google-artifactregistry-auth
I received this output:
npx: installed 47 in 4.24s
Retrieving application default credentials...
Success!
When I checked my .npmrc under my user folder, I discovered that no _authToken was produced for my private npm repo.
By repeating the same procedure under Linux Wsl2 (use this Install Node.js in Linux Wsl to install Node and NPM), the Google Artifact Registry Auth was correctly able to retrieve the _authToken and I was able to perform:
npm publish
Upvotes: 2
Reputation: 2448
This issue looks like a permissions issue.
There are some points to have a consideration regarding permissions, I have found some documentation about it.
First grant a team member a role at the project level if the same permissions apply to all repositories in the project, so please check if your project has effectively the project-wide permissions, you can use the following documentation.
Also you can check the repository-specific permissions please see this document Even you can configure public access to the repo, please see the following link
If you are using a VM Instance please consider that it must have both Artifact Registry permissions and storage access scope configured, you can find further information in this link. If you are using Google Kubernetes Engine instead, you can grant the access to clusters, please check this other documentation for this purpose.
Additionally you can see this link with the Artifact Registry IAM roles and the permissions.
Finally I have found some additional information about the error you are facing, in another post in stackoverflow, where they mentioned that:
It looks like a package with that name was already published by someone else, so you'd need to use a different name in your package.json file and then npm publish again. Else, you can look if you're trying to publish the same version that's already published.
You can check this post in the following link
I hope the information I sent you was useful for you
Upvotes: 0
Related Questions
- Google Cloud Container Registry/Artifact Registry Permissions
- Unable to push Docker image into GCP container registry [permission error]
- GCP yum artifact registry 403 when imported from packer instance
- Service Account Unable to Push Docker Image to Google Artifact Registry
- Google Container Registry access denied when pushing docker container
- Unable to Push to Google Container Registry (access denied)
- Google Container Registry permission
- Unable to push to Google Container Registry - Permission issue
- Unable to Push to Google Container Registry (unable to access the repository)
- Cloud Container Builder - gcloud app deploy fails with missing permission