npm - Yarn 无法通过 Github 包进行身份验证 - 但 npm 可以

Question

我需要做什么来配置 yarn 以使用 Github 包进行身份验证？

我有一个 hello-world npm 包，我正试图将它私下发布到 github。我希望能够使用 yarn 而不是 npm，但由于某种原因，yarn 无法通过 Github Package 服务进行身份验证：

error Couldn't publish package: "https://npm.pkg.github.com/@myuser/test-models: Your request could not be authenticated by the GitHub Packages service. Please ensure your access token is valid and has the appropriate scopes configured."

NPM 在发布时没有任何问题，所以我假设 yarn 处理配置信息的方式有所不同。

详细纱线发布：

$ yarn publish --verbose
yarn publish v1.10.1
verbose 0.257170891 Checking for configuration file "/Users/myuser/sites/test-models/.npmrc".
verbose 0.257665932 Found configuration file "/Users/myuser/sites/test-models/.npmrc".
verbose 0.258189892 Checking for configuration file "/Users/myuser/.npmrc".
verbose 0.258433341 Found configuration file "/Users/myuser/.npmrc".
verbose 0.258899667 Checking for configuration file "/usr/local/etc/npmrc".
verbose 0.259174747 Checking for configuration file "/Users/myuser/sites/test-models/.npmrc".
verbose 0.259487532 Found configuration file "/Users/myuser/sites/test-models/.npmrc".
verbose 0.260003161 Checking for configuration file "/Users/myuser/sites/.npmrc".
verbose 0.260246617 Checking for configuration file "/Users/myuser/.npmrc".
verbose 0.260455656 Found configuration file "/Users/myuser/.npmrc".
verbose 0.260965719 Checking for configuration file "/Users/.npmrc".
verbose 0.263449669 Checking for configuration file "/Users/myuser/sites/test-models/.yarnrc".
verbose 0.263757077 Checking for configuration file "/Users/myuser/.yarnrc".
verbose 0.264027657 Found configuration file "/Users/myuser/.yarnrc".
verbose 0.264629421 Checking for configuration file "/usr/local/etc/yarnrc".
verbose 0.264905752 Checking for configuration file "/Users/myuser/sites/test-models/.yarnrc".
verbose 0.265187834 Checking for configuration file "/Users/myuser/sites/.yarnrc".
verbose 0.265428211 Checking for configuration file "/Users/myuser/.yarnrc".
verbose 0.265682381 Found configuration file "/Users/myuser/.yarnrc".
verbose 0.26612276 Checking for configuration file "/Users/.yarnrc".
verbose 0.268430721 current time: 2020-07-15T16:04:57.727Z
[1/4] Bumping version...
info Current version: 0.0.3
question New version:
info Proceeding with current version: 0.0.3
[2/4] Logging in...
[3/4] Publishing...
verbose 3.449685972 Performing "PUT" request to "https://npm.pkg.github.com/@myuser/test-models".
verbose 3.757506429 Request "https://npm.pkg.github.com/@myuser/test-models" finished with status code 401.
verbose 3.760342835 Error: Couldn't publish package: "https://npm.pkg.github.com/@myuser/test-models: Your request could not be authenticated by the GitHub Packages service. Please ensure your access token is valid and has the appropriate scopes configured."
    at MessageError.ExtendableBuiltin (/usr/local/Cellar/yarn/1.10.1/libexec/lib/cli.js:243:66)
    at new MessageError (/usr/local/Cellar/yarn/1.10.1/libexec/lib/cli.js:272:123)
    at /usr/local/Cellar/yarn/1.10.1/libexec/lib/cli.js:80723:13
    at Generator.throw (<anonymous>)
    at step (/usr/local/Cellar/yarn/1.10.1/libexec/lib/cli.js:98:30)
    at /usr/local/Cellar/yarn/1.10.1/libexec/lib/cli.js:111:13
    at processTicksAndRejections (internal/process/task_queues.js:97:5)
error Couldn't publish package: "https://npm.pkg.github.com/@myuser/test-models: Your request could not be authenticated by the GitHub Packages service. Please ensure your access token is valid and has the appropriate scopes configured."
info Visit https://yarnpkg.com/en/docs/cli/publish for documentation about this command.

纱线配置：

$ yarn config list
yarn config v1.10.1
info yarn config
{
  'version-tag-prefix': 'v',
  'version-git-tag': true,
  'version-commit-hooks': true,
  'version-git-sign': false,
  'version-git-message': 'v%s',
  'init-version': '1.0.0',
  'init-license': 'MIT',
  'save-prefix': '^',
  'bin-links': true,
  'ignore-scripts': false,
  'ignore-optional': false,
  registry: 'https://registry.yarnpkg.com',
  'strict-ssl': true,
  'user-agent': 'yarn/1.10.1 npm/? node/v13.11.0 darwin x64',
  lastUpdateCheck: 1594760187916
}
info npm config
{
  '//registry.npmjs.org/:_authToken': '<auth_token1_here>',
  '@myuser:registry': 'https://npm.pkg.github.com',
  '//npm.pkg.github.com/:_authToken': '<auth_token2_here>',
  python: '/usr/bin/python'
}
✨  Done in 0.11s.

我所有的配置文件：

$ cat /Users/myuser/.npmrc
//registry.npmjs.org/:_authToken=[my-npm-token]

$ cat /Users/myuser/sites/test-models/.npmrc
@myuser:registry=https://npm.pkg.github.com
//npm.pkg.github.com/:_authToken=[my-github-token]

$ cat /Users/myuser/.npmrc
//registry.npmjs.org/:_authToken=[my-npm-token]

$ cat /Users/myuser/.yarnrc
# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1


lastUpdateCheck 1594760187916

Answer 1

对于npm.pkg.github.com/:_authToken，您可以尝试使用昨天（2020 年 10 月 2 日）刚刚发布的第三种代币：

npm 自动化令牌

npm 正在引入访问令牌的新设置，以支持从 CI/CD 工作流发布到 npm 注册表。

以前，您可以使用以下两种设置之一创建访问令牌：只读和发布。
发布令牌允许您发布包，就像名称所暗示的那样，但如果您的帐户启用了双重身份验证 (2FA)，系统会提示您输入一次性密码。

我们建议人们在他们的帐户上设置 2FA 以增加安全性，但需要密码意味着所有发布都必须以交互方式完成。许多人希望使用 CI/CD 工作流程自动化他们的发布步骤。

今天，我们为访问令牌添加了第三个选项：自动化。您可以在访问令牌设置页面中创建自动化令牌。

使用自动化令牌不会提示您输入一次性密码，这意味着您可以在发布工作流程中将其用作密码。现在，您可以在剪切发布时直接将包发布到 npm 注册表。

如果您是包维护者，并且希望要求包的发布者继续使用双因素身份验证并以交互方式发布，则可以在包设置中执行此操作。
如果您已经需要 2FA，则此行为没有变化；除非您允许，否则不会接受自动化令牌。

如果您一直在等待在您的 npm 帐户上启用双重身份验证，因为它阻止您在自动化工作流程中发布，您现在可以设置自动化令牌并启用 2FA。