Description
Version
4.5.10
Environment info
Environment Info:
System:
OS: Linux 5.10 Arch Linux
CPU: (4) x64 Intel(R) Core(TM) i5-7300HQ CPU @ 2.50GHz
Binaries:
Node: 15.5.1 - /usr/bin/node
Yarn: 1.22.10 - ~/.local/bin/yarn
npm: 6.14.11 - /usr/bin/npm
Browsers:
Chrome: Not Found
Firefox: 84.0.2
npmGlobalPackages:
@vue/cli: 4.5.10
Steps to reproduce
I am using the npm registry on an Azure DevOps server (formerly known as Microsoft TeamFoundation Server; TFS). To authenticate, it is neccesary to use basic authentication, which is not possible with vue-cli.
This becomes apparent when running vue ui, vue create or vue upgrade in such an environment.
What is expected?
vue-cli should be able to access package information on the azure package feed
What is actually happening?
ERROR Failed to get response from https://myserver/tfs/mycollection/_packaging/packages/npm/registry/vue-cli-version-marker
As described in the npm registry docs, authentication with an npm registry is possible via basic auth, bearer auth and in both cases an optional OTP.
vue-cli only supports bearer auth without otp:
vue-cli/packages/@vue/cli/lib/util/ProjectPackageManager.js
Lines 279 to 312 in 027386e
In contrast npm info vue-cli-version-marker --json and yarn info vue-cli-version-marker --json work fine, because they implement basic auth.
I wonder why we have to reimplement an npm registry client anyway.
Note: For basic auth the credentials are stored in .npmrc as//registry-url:username=myusername and //registry-url:_password=base64-encoded password. So when sending the password with basic auth, we need to be careful not to double-encode.