npm publish not working on AWS CodeArtifact

Question

I am trying to use npm publish to publish a javascript library to a private NPM repository hosted on AWS Codeartifact.

When I try running npm publish on my local machine, it works without any issues. However, when I try to run it on Jenkins, it looks like the package is trying to be published to NPM's package repository instead of AWS codeartifact and I get the following error:

 > @company/[email protected] prepare .
 > npm run co:login
 
 
 > @company/[email protected] co:login /usr/src/components
 > aws codeartifact login --tool npm --domain <DOMAIN> --repository <REPOSITORY>
 
 Successfully configured npm to use AWS CodeArtifact repository <AWS_CODEARTIFACT_URL>
 Login expires in 12 hours at 2020-12-08 11:15:37+00:00
 npm notice 
 npm notice package: @company/[email protected]
 npm notice === Tarball Contents === 
 npm notice 2.9kB package.json   
 npm notice 1.6kB README.md      
 npm notice 268B  dist/index.d.ts
 npm notice === Tarball Details === 
 npm notice name:          @company/package              
 npm notice version:       0.2.2                                   
 npm notice package size:  2.1 kB                                  
 npm notice unpacked size: 4.8 kB                                  
 npm notice shasum:        <SHASUM>
 npm notice integrity:     <INTEGRITY>
 npm notice total files:   3                                       
 npm notice 
 npm ERR! code E404
 npm ERR! 404 Not Found - PUT https://registry.npmjs.org/@company%2fpackage - Not found
 npm ERR! 404 
 npm ERR! 404  '@company/[email protected]' is not in the npm registry.
 npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
 npm ERR! 404 
 npm ERR! 404 Note that you can also install from a
 npm ERR! 404 tarball, folder, http url, or git url.
 
 npm ERR! A complete log of this run can be found in:
 npm ERR!     /root/.npm/_logs/2020-12-08T00_20_19_949Z-debug.log

If I understand the AWS codeartifact documentation, it should set the right settings in .npmrc when we run aws codeartifact login command. I still don't understand why it is trying to push to the npm registry instead of AWS.

Here is my package.json:

{
  "name": "@company/package",
  "version": <VERSION>,
  "main": "dist/index.js",
  "module": "dist/index.js",
  "types": "dist/index.d.ts",
  "files": [
    "dist"
  ],
  "dependencies": {...},
  "scripts": {
    "co:login": "aws codeartifact login --tool npm --domain <DOMAIN> --repository <REPOSITORY>",
    "prepare": "npm run co:login"
  },
  "eslintConfig": {...},
  "browserslist": {...},
  "peerDependencies": {...},
  "devDependencies": {...}
}

Update

I added the link to my CodeArtificat using

npm set registry <LINK_TO_CODE_ARTIFACT>

When I execute the publish script locally, I get this error on the script's first run:

Unable to authenticate, need: Bearer realm="company/package", Basic realm="company/package"

That error disappears on subsequent runs. However, when I try the same on my Jenkins pipeline, I keep getting this error. Not sure what this means. I saw a thread related to this error on Azure, but am unable to find anything on AWS CodeArtifact.

Answer 1

The problem was that I was using two different package managers, yarn and npm to do several tasks in this project. The code was built using yarn but the publish was happening over npm. In order to be uniform, i.e. use yarn across all our tasks, I tried yarn publish and it magically worked.

Moral of the story: Be consistent with your package managers.

Answer 2

I had a very similar issue to this one, using CodeBuild and CodeArtifact to publish npm packages.

The recommended approach of using a prepare step with a aws codeartifact login command didn't work for me. I think that might be down to some issue with Ubuntu and npm not allowing actual access to the .npmrc file that the login command writes to.

In the end I added the following extra shell commands to my script before npm publish using advice from https://docs.aws.amazon.com/codeartifact/latest/ug/npm-auth.html :

  npm set registry https://<endpoint name>.d.codeartifact.eu-west-2.amazonaws.com/npm/<repo name>/
  npm config set //<endpoint name>.d.codeartifact.eu-west-2.amazonaws.com/npm/<repo name>/:always-auth=true
  npm config set //<endpoint name>.d.codeartifact.eu-west-2.amazonaws.com/npm/<repo name>/:_authToken=$(aws codeartifact get-authorization-token --domain <domain> | jq -r .authorizationToken)
  npm publish --unsafe-perm

Note, the endpoint name and domain name will depend on your own set up.

Note also, I've used jq to extract the auth token - this comes as standard on a CodeBuild server.

Note also this example is in eu-west-2 but could be in any region if you change that.