Installing a private package from Gitlab with Yarn

Question

I have a private npm package that is published to the Gitlab Package Registry using a Gitlab CI pipeline.

I want to install this package in a project using yarn.

Following the documentation helped me come up with the following .npmrc file :

//gitlab.com/api/v4/packages/npm/:_authToken=glpat-***********
@my-org:registry=https://gitlab.com/api/v4/packages/npm/

With the above, npm install @my-org/my-package works perfectly. However, yarn add @my-org/my-package fails. using --verbose shows a 404 :

verbose 1.169823875 Error: https://gitlab.com/api/v4/projects/<my-project-id>/packages/npm/@my-org/my-package/-/@my-org/my-package-1.0.3.tgz: Request failed "404 Not Found"


error An unexpected error occurred: "https://gitlab.com/api/v4/projects/<my-project-id>/packages/npm/@my-org/my-package/-/@my-org/my-package-1.0.3.tgz: Request failed \"404 Not Found\""

The package does exist at version 1.0.3, NPM installs it.

• I need to get this to work with Yarn. How can I do this ?
• Additionaly, is there a way to take the authToken out of the .npmrc file ?

Answer 1

I also was not able to install it with yarn, but npm was ok.

This this worked out:

npm config set -- //gitlab.com/api/v4/packages/npm/:_authToken=XXX

npm config set -- //gitlab.com/api/v4/projects/<projectID>/packages/npm/:_authToken=XXX

npm config set @my-scope:registry https://gitlab.com/api/v4/packages/npm/  

yarn config set '//gitlab.com/api/v4/projects/:_authToken' "XXX"

yarn config set '//gitlab.com/api/v4/packages/npm/:_authToken' "XXX"

And no need for .npmrc for this setup.

Here is the official GitLab docs on that issue.

Answer 2

I tried many things, including all mentioned in this post, but none worked. Now, I do not know why, but the following worked for me:

Anonymized:

@XXXXX:registry=https://gitlab.com/api/v4/packages/npm/
//gitlab.com/api/v4/projects/:_authToken=XXXXX
//gitlab.com/api/v4/packages/npm/:_authToken=XXXXX

Abstracted:

@<my-org>:registry=https://gitlab.com/api/v4/packages/npm/
//<gitlab-url>/api/v4/projects/:_authToken=<auth-token>
//<gitlab-url>/api/v4/packages/npm/:_authToken=<auth-token>

My auth token is in my main gitlab group and holds only the right to read package repository.
Both packages are in different groups below that one.

Following the docs you get urls with project/<id>/npm and packages/npm but the key I think is adding the middle line that isn't really documented.

Answer 3

Your config in .npmrc should work if you are using Yarn v1.x, as Yarn 1 uses the registries configured in this file.

However, for Yarn 2, you must configure your private registries in the .yarnc.yml at the project level:

npmScopes:
  my-org:
    npmRegistryServer: "https://gitlab.com/api/v4/projects/my-project-id/packages/npm/"
    npmAlwaysAuth: true
    npmAuthToken: glpat-*******

Replace my-org with the scope of your package, my-project-id with the numeric id of your Gitlab project, and put your token with scope "api".