registry.npmjs.org connector requires authentication - why?

jacob.appleton_7306

Re: Unable to query https://registry.npmjs.org

We had a ProGet connector to https://registry.npmjs.org working just fine, but then started seeing 401 errors when ProGet was trying to refresh the feed and we were unable to download new package versions.

Following the advice on the thread linked, we created a user at npmjs.org and added it to the connector. It is now working fine.

I have two questions about this:

What changed? As far as I understand, you don't need to have an account to download npm packages from npmjs.org (I can do it from the command-line without authenticating). Why does it seem that ProGet needs one?
Can someone please confirm that ProGet connectors are unidirectional? ie. you can download packages via a connector, but can't publish via one.

Thanks

atripp

I'll start with the easy one; connectors are "read only", there is no mechanism to push a package to a connector in ProGet.

As for authentication, I really don't know. That's weird, and it's definitely nothing in ProGet.

The 401 could be coming from a proxy server (inside your network) or from registry.npmjs.org itself, and there's no way to know within ProGet which it is.

I can't imagine it's a proxy server that somehow works with a npmjs.org username/password. But, maybe it is.
I don't know why registry.nmpjs.org would send you a 401. Other users haven't experienced this, and I just tested it on a brand new instance myself... and the connector worked just fine. There is talk of throttling large organizations, so maybe it's related to them blocking your IP or something?

It could have also just been a temporary glitch, somewere. Maybe if you remove authentication, it will work.

ABout the only way to diagnose this would be to attach ProGet to a tool like Fiddler or WireShark, so you can see the requests PRoGet makes, then reproduce those exact same requests, and either reach out to your internal IT folks or try your luck with npmjs.