SonarJS package-lock.json contains private registry links

The package-lock.json file inside sonarjs contains references to https://repox.jfrog.io/artifactory/api/npm registry instead of the standard npm registry.
As a result I get a following error when trying to install dependencies on my local

npm ERR! code E401
npm ERR! Incorrect or missing password.
npm ERR! If you were trying to login, change your password, create an
npm ERR! authentication token or enable two-factor authentication then
npm ERR! that means you likely typed your password in incorrectly.
npm ERR! Please try again, or recover your password at:
npm ERR!     https://www.npmjs.com/forgot
npm ERR! 
npm ERR! If you were doing some other operation then your saved credentials are
npm ERR! probably out of date. To correct this please try logging in again with:
npm ERR!     npm login

This makes it harder for ppl to contribute or run forks, workaround is removing package-lock.json and reinstalling, but it’s not ideal as even newer patch versions can break certain things potentially

Btw this wasn’t an issue ~2 months ago, I only noticed this recently

hi Vuk,

yes, the behavior changed because we disabled anonymous access to our registry. It was my understanding that npm should fallback to public registry. I will have a look how we can fix this, so we can keep using our registry internally and others can use the public one.

1 Like

I’ve just merged a fix on the master branch, could you pls give it a try?

1 Like

@saberduck I can confirm this resolves the issue, thank you for the quick help!

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.