Private npm registry authentication issue on yarn.lock and package.json semver mismatch · yarnpkg/yarn#5256

(3 留言) (0 反應) (1 負責人)JavaScript (41,514 star) (2,731 fork)batch import

good first issuehelp wantedtriaged

描述

Do you want to request a feature or report a bug? BUG

What is the current behavior? Yarn does not authenticate with the private npm registry when the package.json and yarn.lock have a semver mismatch for a spesific package.

For example: yarn add css-hot-loader edit package.json and remove the carrot (^) from the version yarn install Result: Rejected 401, Unauthenticated

OS: Linux, Ubuntu (Heroku)

貢獻者指南

技術棧: javascriptnodejs
領域: clideveloper experience
議題類型: bug
難度: 3
預計時間: 1-2 days
活動狀態: stale
清晰度: needs investigation
前置要求: Familiarity with npm registries and authenticationUnderstanding of semver range resolution
新手友善度: 20
研究方向: Investigate the authentication flow in Yarn's resolver when resolving packages from a private registry. Focus on the interplay between package.json version ranges and yarn.lock locked versions. Look at relevant files such as src/resolvers/index.js and src/util/request manager.js. Check the issue comments for any prior investigation or maintainer notes.