Private npm registry authentication issue on yarn.lock and package.json semver mismatch · yarnpkg/yarn#5256

(3 comments) (0 reactions) (1 assignee)JavaScript (41,514 stars) (2,731 forks)batch import

good first issuehelp wantedtriaged

説明

Do you want to request a feature or report a bug? BUG

What is the current behavior? Yarn does not authenticate with the private npm registry when the package.json and yarn.lock have a semver mismatch for a spesific package.

For example: yarn add css-hot-loader edit package.json and remove the carrot (^) from the version yarn install Result: Rejected 401, Unauthenticated

OS: Linux, Ubuntu (Heroku)

コントリビューターガイド

技術スタック: javascriptnodejs
領域: clideveloper experience
Issue 種別: bug
難度: 3
推定時間: 1-2 days
活動状況: stale
明確さ: needs investigation
前提条件: Familiarity with npm registries and authenticationUnderstanding of semver range resolution
初心者向け度: 20
調査方針: Investigate the authentication flow in Yarn's resolver when resolving packages from a private registry. Focus on the interplay between package.json version ranges and yarn.lock locked versions. Look at relevant files such as src/resolvers/index.js and src/util/request manager.js. Check the issue comments for any prior investigation or maintainer notes.