cli icon indicating copy to clipboard operation
cli copied to clipboard
verified publisher icon npm

[BUG] Cannot use automation token to call 'npm hook add'

Open CiaranMn opened this issue 3 years ago • 2 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

This issue exists in the latest npm version

  • [X] I am using the latest npm

Current Behavior

I cannot use an automation token to call npm hook add [package] [endpoint] [secret]

Instead, I receive the following error:

npm ERR! code E403
npm ERR! 403 403 Forbidden - POST https://registry.npmjs.org/-/npm/v1/hooks/hook
npm ERR! 403 In most cases, you or one of your dependencies are requesting
npm ERR! 403 a package version that is forbidden by your security policy, or
npm ERR! 403 on a server you do not have access to.

I can call npm hook add using a publish token.

Expected Behavior

I should be able to use an automation token to call npm hook add.

The use case is to programmatically add hooks for packages of interest, without needing to disable 2FA completely on the account in question.

Steps To Reproduce

  1. set an automation auth token via .npmrc
  2. call npm hook add [some-package] [some-endpoint] [some-secret] (add --no-workspaces if necessary for local config to take effect)
  3. see 403 error
  4. replace token with a publish token for the same user
  5. repeat step 2, see call succeed

Environment

  • npm: 8.18.0
  • Node.js: 18.7.0
  • OS Name: MacOS 12.4
  • System Model Name: Macbook Pro
  • npm config:
# npm config ls --no-workspaces

; //registry.npmjs.org/:_authToken = (protected) ; overridden by project
cache = "/Users/Ciaran/.npm" 

; "project" config from /Users/ciaran/[project-path]/.npmrc

//registry.npmjs.org/:_authToken = (protected) 

; "cli" config from command line options

workspaces = false 

; node bin location = /Users/ciaran/.nvm/versions/node/v18.7.0/bin/node
; node version = v18.7.0
; npm local prefix = /Users/ciaran/[project-path]
; npm version = 8.18.0
; cwd = /Users/ciaran/[project-path]
; HOME = /Users/ciaran
; Run `npm config ls -l` to show all defaults.

CiaranMn avatar Aug 30 '22 07:08 CiaranMn

I highly doubt this could solve the problem but have you tried doing it with (https://www......) While I was using http requests with python it depended on if it was https\http as well as having www in the url. Python3 ~requests (uses www.google.com) <----format python3 ~urllib3(uses https\http://www.google.com) <----formatt maybe with NPM this is the same problem

EIonv avatar Aug 30 '22 21:08 EIonv

I highly doubt this could solve the problem but have you tried doing it with (https://www......) While I was using http requests with python it depended on if it was https\http as well as having www in the url. Python3 ~requests (uses www.google.com) <----format python3 ~urllib3(uses https\http://www.google.com) <----formatt maybe with NPM this is the same problem

I have tried this, it didn't help, but thanks for the suggestion!

CiaranMn avatar Sep 07 '22 13:09 CiaranMn