npm ERR! Unable to authenticate, need: Basic realm="Artifactory Realm"

Question

I tried to run the command:

npm install -g @angular/cli@9.1.0

but I have got the following error:

npm ERR! code E401
npm ERR! Unable to authenticate, need: Basic realm="Artifactory Realm"

npm ERR! A complete log of this run can be found in:
npm ERR! /Users/xxxx/.npm/_logs/2021-08-10T19_33_12_063Z-debug.log

note: node js and npm worked fine.

I have followed the instructions in Artifactory to solve this issue using the command:

npm config set registry https://artifactory.......com/artifactory/api/npm/xxxx/

as I have paste the following into the ~/.npmrc file:

_auth = fhgf......ghgj==
email = xxx@xxx.com
always-auth = true

I have also tried using npm login, but I have got the below err and couldn’t continue:

npm login
Username: xxx@xxx.com
npm WARN Name may not contain non-url-safe chars
Username: (xxx@xxx.com)
Username: (xxx@xxx.com)
Username: (xxx@xxx.com)
Username: (xxx@xxx.com)

How can I solve this issue?

Answer 1

The following can be used to get the correct string to use for the _auth value in your .npmrc file. I prefer this because it is Artifactory that is giving you the encoded NPM auth token.

curl -H "Authorization: Bearer {artifactory-identity-token}" https://{artifactoryHost}/artifactory/api/npm/auth

• Replace {artifactory-identity-token} with your actual identity token from Artifactory.
• Replace {artifactoryHost} with your Artifactory host.

Answer 2

I also had this issue once I upgraded to node 21 and could not publish to a private artifactory registry as it required authentication. I fixed this by doing 2 things:

1. Updated the local .npmrc to

@company:registry=http://artifactory.company.com
//artifactory.company.com/repository/:_auth=<BASE64 OF username:password HERE>
always-auth=true

2. I ran npm config fix in the deployment environment before running npm publish

Answer 3

I am not a NodeJs / NPM person but tried to figure out what actually happens here for my artifactory set up. These are my findings and it works well in my latest version JFROG artifactory version 7.41.x .

The _auth to be added in the .npmrc will receive either by:

1) Using cURL : curl -u <username>:<password> -X GET "https://<artifactoryURL>/artifactory/api/npm/auth/"

2) Using base64 encode : Same value can be obtained by generating the base64 value of base64(<username>:<encrypted-password>) . The encrypted password can be obtained from the "Edit Profile" section in the UI of that user. I'm not sure where else we can get it.

Artifactory documentation on this is somewhat confusing and I found out this by trial and error.

Answer 4

So, two things may be happening here at once:

• Different authentication configuration between npm version ≥v9 and npm version <v9.
• The creation of the _auth value.

Different authentication configuration between npm version ≥v9 and npm version <v9.

---

In npm v9.0.0, authentication related settings must be scoped:

Example

.npmrc

//<registry>:_auth=<TOKEN>
registry=<registry>

That is, you can no longer use NPM_CONFIG__AUTH with a raw authentication token:

Example

$ docker run -it docker.io/library/node:14-alpine /bin/sh
/ # npm --version
6.14.18
/ # export NPM_CONFIG_REGISTRY=***
/ # export NPM_CONFIG__AUTH=***
/ # npm install
...
/ # echo $?
0

$ docker run -it docker.io/library/node:19-alpine /bin/sh
/ # npm --version
9.5.1
/ # export NPM_CONFIG_REGISTRY=***
/ # export NPM_CONFIG__AUTH=***
/ # npm install
npm ERR! code E401
npm ERR! Incorrect or missing password.
...
/ # echo $?
1

NOTE: NPM_CONFIG_REGISTRY is a private npm registry.

(Additional documentation from Artifactory)

Using an .npmrc file is backwards compatible with older versions of npm and is the preferred method of authentication configuration.

The creation of the _auth value.

---

Likewise, it would appear in most cases you will need to use an API Key in order to authenticate:

# NOTE: The settings _auth, _authToken, username and _password must all be
# scoped to a specific registry. This ensures that npm will never send
# credentials to the wrong host.
#
# See: https://docs.npmjs.com/cli/v8/configuring-npm/npmrc#auth-related-configuration
//<registry>:username=first.last@company.com
# Base64-encoded API Key (***)
//<registry>:_password=***
registry=<registry>
email=first.last@company.com

# A basic-auth string to use when authenticating against the npm registry.
#
#   base64Encode(<username>:<password>)
#
# NOTE: For use with Artifactory, `password` should be an API Key.
//<registry>:_auth=***

To create an API Key, click on the user dropdown in the upper-righthand corner, then Edit Profile.

Answer 5

Artifactory moved to support APIKEY only. If your old _auth was base64 encoding of username:password or username:encrypted_password then both are unacceptable now. You must use APIKEY in place of these.

So, the supported _auth now becomes:

_auth: APIKEY

But ironically, even this didn't work in some cases.

Following seemed to be more reliable:

1. You need to get base64 string of your username:APIKEY. You can get base64 by running following command in PowerShell

[System.Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes("username:APIKEY"))

2. Whatever is the output, use that in _auth variable of your .npmrc file (located in %userprofile%\.npmrc)

So, the final file looks like following:

registry=<URL>
_auth = <Base64 of username:APIKEY>
email = myemail@email.com
always-auth = true

Answer 6

For me, I already had .npmrc file with someone else's expired token. Hence, when i was doing npm login, it was giving this authentication error.

To fix this, i deleted the .npmrc, executed npm config set registry ... command and then npm login was executed.

Answer 7

vim .npmrc(to edit the configuration file) i - to insert registry=<URL> _auth = <Base64 of username:APIKEY> email = myemail@email.com always-auth = true

to get the Base64, you can do in your terminal

$echo -n cb4b84e9-b861-443c-9ed3-958086d97208 | base64

wq - to save document

Answer 8

This issue can also occur when you try to install the package you are publishing as a dependency. I.e. publishing package name @core with a dependency also named @core

Answer 9

Login to https://url/artifactory/api/npm/auth/ and copy the _auth value from here to the .npmrc file

Answer 10

Try something like this.

.npmrc file content like this:

//npm.corp_id.com/:_authToken=TOKEN_VALUE_HERE

Removing _ from authToken in .npmrc, It's just for me

//npm.corp_id.com/:authToken=TOKEN_VALUE_HERE

Answer 11

For me, the issue was calling USER myusername too early in the Dockerfile, it caused an authentication issue with my artifactory even though the .npmrc file was in place.

Simply moving the USER call down, after npm i fixed the issue for me.

Answer 12

The issue is due to the '@' special character in the username, I assume the user is SAML based. Follow the below steps to resolve the issue,

1. Generate the auth token using the /api/npm/auth endpoint with “curl -u :<API_KEY> https://url/artifactory/api/npm/auth/”
2. Add the generated block directly into .npmrc file as

_auth = Auth-token-generated-from-1st-point

always-auth = true