Private npm registry authentication issue on yarn.lock and package.json semver mismatch · yarnpkg/yarn#5256

(3 评论) (0 反应) (1 负责人)JavaScript (41,514 star) (2,731 fork)batch import

good first issuehelp wantedtriaged

描述

Do you want to request a feature or report a bug? BUG

What is the current behavior? Yarn does not authenticate with the private npm registry when the package.json and yarn.lock have a semver mismatch for a spesific package.

For example: yarn add css-hot-loader edit package.json and remove the carrot (^) from the version yarn install Result: Rejected 401, Unauthenticated

OS: Linux, Ubuntu (Heroku)

贡献者指南

技术栈: javascriptnodejs
领域: clideveloper experience
议题类型: bug
难度: 3
预计时间: 1-2 days
活动状态: stale
清晰度: needs investigation
前置要求: Familiarity with npm registries and authenticationUnderstanding of semver range resolution
新手友好度: 20
研究方向: Investigate the authentication flow in Yarn's resolver when resolving packages from a private registry. Focus on the interplay between package.json version ranges and yarn.lock locked versions. Look at relevant files such as src/resolvers/index.js and src/util/request manager.js. Check the issue comments for any prior investigation or maintainer notes.