/-/v1/login not implemented (npm login) > npm@9.x

[sloonz]

⚠️ ⚠️ ⚠️ ⚠️⚠️ ⚠️ ⚠️ ⚠️⚠️ ⚠️ ⚠️ ⚠️⚠️ ⚠️ ⚠️ ⚠️

Upgrade your client to npm@9.5.0 to solve your issue:
Check: #3413 (comment)

or npm clients older than v9.5.0

WORKAROUND available ⬇️

⚠️ ⚠️ ⚠️ ⚠️⚠️ ⚠️ ⚠️ ⚠️⚠️ ⚠️ ⚠️ ⚠️⚠️ ⚠️ ⚠️ ⚠️

On a fresh Verdaccio default installation (5.15.4), npm login on a user I created with npm adduser asks to re-enter the email. This is because the login actually fails, and npm login automatically try to register a new account when login fails :

 http --- 172.17.0.1 requested 'POST /-/v1/login'
 http --- 404, user: null(172.17.0.1), req: 'POST /-/v1/login', bytes: 25/150
 http --- 172.17.0.1 requested 'PUT /-/user/org.couchdb.user:sloonz'
 error--- the user sloonz could not being added. Error: username is already registered
 http --- 409, user: null(172.17.0.1), req: 'PUT /-/user/org.couchdb.user:sloonz', error: username is already registered
 http --- 172.17.0.1 requested 'GET /-/user/org.couchdb.user:sloonz?write=true'
 http --- 200, user: null(172.17.0.1), req: 'GET /-/user/org.couchdb.user:sloonz?write=true', bytes: 0/45
 http --- 172.17.0.1 requested 'PUT /-/user/org.couchdb.user:sloonz/-rev/undefined'
 http --- 201, user: sloonz(172.17.0.1), req: 'PUT /-/user/org.couchdb.user:sloonz/-rev/undefined', bytes: 170/77

So to summarize what happened (when I tried to login on an user created with adduser) :

1. v1 login fails because Verdaccio doesn't implements it
2. npm falls back to trying to create a new account (and therefore asks user for its email, even if it was already provided at adduser)
3. that fails too, because the user already exists
4. npm tries to get an auth token anyway and succeed because the user indeed exists and the v1 failure was a mistake

So in the end, login kinda works, but prompts for an email while it shouldn’t. But more importantly : without /-/v1/login, npm login doesn't work at all on npm 9.0.0-pre.3 :

$ node bin/npm-cli.js login --registry http://localhost:3000/
npm notice Log in on http://localhost:3000/
npm ERR! code ENYI
npm ERR! Web login not supported

[juanpicado]

Hi @sloonz

Yeah probably something to review npm/cli#5550 soon, for now npm9 is alpha and no big issue. I'm glad this logic is being refactored because is confusing at least in my side.

Thanks for the detailed explanation

[jeffrson]

npm@9 was announced by my current npm@8 - and it should be GA now - npm@latest is 9.1.2.

Unfortunately something goes wrong with auth-type "web":

npm info using npm@9.1.2
npm info using node@v18.12.1
npm verb title npm adduser
npm verb argv "adduser" "--loglevel" "verbose" "--auth-type" "web" "--registry" "http://localhost:4873"
npm verb logfile logs-max:10 dir:...
npm verb logfile ...
npm notice Log in on http://localhost:4873/
npm verb web adduser before first POST
npm http fetch POST 404 http://localhost:4873/-/v1/login 33ms
npm verb stack WebLoginNotSupported: Web login not supported
...
npm verb statusCode 404
npm verb cwd C:\temp\t1
npm verb Windows_NT 10.0.19044
npm verb node v18.12.1
npm verb npm  v9.1.2
npm ERR! code ENYI
npm ERR! Web login not supported
npm verb exit 1
npm verb code 1

It works with --auth-type=legacy, though.

[juanpicado]

Thanks for the workaround @jeffrson !

Ref: #1515
Ref: npm/cli#5551
Ref: npm/rfcs#629
Ref: npm/rfcs#93
npm9 release notes: https://github.blog/changelog/2022-10-24-npm-v9-0-0-released/

[djcors]

if you use the flag --auth-type=legacy works.. but is needed an update from verdaccio to fix npm@9 compatibility

[StephenHodgson]

Thanks for the workaround. Super frustrating at first

[juanpicado]

Some news, after npm@9.5.0 there is a gracefully fallback behaviour, check here
npm/cli#6158

eg:

npm adduser --registry http://localhost:4873

npm notice Log in on http://localhost:4873/
npm verb web adduser before first POST
npm sill logfile start cleaning logs, removing 1 files
npm sill logfile done cleaning log files
npm http fetch POST 404 http://localhost:4873/-/v1/login 132ms
npm verb web add user not supported, trying couch 
Username: 

[berkenbrock10]

thanks bro, you saved my life :D

[prom00]

Am I correct this is still an issue?

[StephenHodgson]

@prom00 yes, I don't believe a proper fix has ever made it in

[juanpicado]

As long there is a viable workaround, also the feature at npm fallback automatically so is just fine, not a bug prio for me, but definitely in the roadmap to be fixed.

[prom00]

I've been looking around to find out if the legacy authentication will be removed from npm.
Might be something to keep in mind, we might be better off fixing the issue before it gets removed.