This is a (Bug Report / Feature Proposal)

Feature Proposal

Description

Our Github organisation uses Github's two-factor authentication, I assumed I would be able to create a personal access token and use that in place of my password but I get the following error.

{"message":"This API can only be accessed with username and password Basic Auth","documentation_url":"https://developer.github.com/v3/oauth_authorizations/#oauth-authorizations-api"}

If I use my real password I get

{"message":"Must specify two-factor authentication OTP code.","documentation_url":"https://developer.github.com/v3/auth#working-with-two-factor-authentication"}

Additional Data

• npm 4.2.0
• serverless 1.9.0
• node 6.10.1

This is a question

Description

Have you planned to make yith compatible with Gitlab ?

Its seems I cannot run serverless remove --stage prod. I am sure the correct bucket has been exported:

Serverless: Could not remove AWS package storage: The specified bucket is not valid.

  Invalid Bucket Name ------------------------------------

  The specified bucket is not valid.

     For debugging logs, run again after setting the "SLS_DEBUG=*" environment variable.

  Get Support --------------------------------------------
     Docs:          docs.serverless.com
     Bugs:          github.com/serverless/serverless/issues
     Forums:        forum.serverless.com
     Chat:          gitter.im/serverless/serverless

  Your Environment Information -----------------------------
     OS:                     darwin
     Node Version:           8.1.4
     Serverless Version:     1.25.0

This is a Bug Report

Description

For bug reports:

• What went wrong?
  Attempting to login, received 403 from registry
• What did you expect should have happened?
  I should have logged in (credentials were all correct)
• What stacktrace or error message did you
  experience?

$ npm login
Username: zakhenry.123456
Password: 
Email: (this IS public) zak.henry@[email]
npm ERR! code E403
npm ERR! Forbidden

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/zak/.npm/_logs/2018-01-15T16_12_13_279Z-debug.log

• NPM CLI version you are using:
  (client) node v8.9.1 (npm v5.5.1)

I have the latest version of serverless 1.17.0 and I get the following error when I try to follow the instructions in the Readme file.

Serverless Error ---------------------------------------
 
  The Serverless version (1.17.0) does not satisfy the "frameworkVersion" (=1.11.0) in serverless.yml
 
  Get Support --------------------------------------------
     Docs:          docs.serverless.com
     Bugs:          github.com/serverless/serverless/issues
     Forums:        forum.serverless.com
     Chat:          gitter.im/serverless/serverless
 
  Your Environment Information -----------------------------
     OS:                     darwin
     Node Version:           6.11.1
     Serverless Version:     1.17.0

Description

Publishing a package that is 3Mb will be saved to s3 on its own but also to the index.json:

(src/put/publish.js)

    json['dist-tags'][tag] = version;
    json._attachments[`${name}-${version}.tgz`] = pkg._attachments[`${name}-${version}.tgz`];
    json.versions[version] = versionData;

    ...

    await storage.put(
      `${name}/${version}.tgz`,
      json._attachments[`${name}-${version}.tgz`].data, // eslint-disable-line no-underscore-dangle
      'base64',
    );

    await storage.put(
      `${name}/index.json`,
      JSON.stringify(json),
    );

If you publish 100 times, the index.json will be roughly 300Mb, which will fail or be grossly inefficient:

    const pkgBuffer = await storage.get(`${name}/index.json`);
    json = JSON.parse(pkgBuffer.toString());

Would the solution be to clear out json._attachements prior to saving to index.json?
What recommendations do you have since I have already run into the issue, can I simply delete the entirety of the bucket in s3 if I don't care about past releases?

This is a Bug Report

Description

• What went wrong?
  I can upload a package but when I try and install I get an integrity check error: integrity checksum failed when using sha512. I am also using a custom domain.

• What did you expect should have happened?
  The package should install correctly

• What was the config / env variables you used?

export CODEBOX_REGION="eu-west-2" # Set the AWS region you wish your registry to be deployed to
export CODEBOX_ADMINS="admins" # Comma seperated list of github usernames (e.g. "jon,kadi"), these users will be the only ones able to publish
export CODEBOX_REGISTRY="https://registry.npmjs.org/" # The NPM mirror you wish to proxy through to
export CODEBOX_BUCKET="npm-storage" # The name of the bucket in which you wish to store your packages
export CODEBOX_GITHUB_URL="https://api.github.com/" # The GitHub / GitHub Enterprise **api** url
export CODEBOX_GITHUB_CLIENT_ID="client-id" # The client id for your GitHub application
export CODEBOX_GITHUB_SECRET="secret" # The secret for your GitHub application
export CODEBOX_RESTRICTED_ORGS="org-name" # OPTIONAL: Comma seperated list of github organisations to only allow access to users in that org (e.g. "craftship,myorg").  Useful if using public GitHub for authentication, as by default all authenticated users would have access.i
export AWS_SDK_LOAD_CONFIG=1

• What stacktrace or error message did you experience?
  integrity checksum failed when using sha512

Additional Data

• NPM CLI version you are using:
  6.9.0

• Serverless version you're using:
  1.40.0

• Node version you're using:
  11.13.0

This is a Bug Report

Description

For bug reports:

• What went wrong?
  Command to migrate packages already deployed fails. Command is not recognized.

  serverless codebox domain --stage yourstage --host custom-domain.com

  I see the source for the plugin in the .serverless folder, but regardless of how I structure the above command, I receive the following error.

  Serverless Error --------------------------------------- Command "codebox domain" not found, Run "serverless

  Expecting an error, if I omit the domain I get the following:

  Serverless Error --------------------------------------- The command you entered did not catch on any hooks

• What was the config / env variables you used?
  All CODEBOX_ environment variables are present and I am running the above command from the root of the codebox serverless repo

This is a Feature Proposal

Description

It would be ideal if there was the ability for a developer to publish pre-releases only, ie npm publish --tag pre but be denied the right to publish the stable releases. This could be configured in the form of an environment variable NONADMIN_PUBLISH_DIST_TAGS=pre,next.

This allows the workflow of a developer working with a module and publishing it to the repo under a prerelease dist tag, then using it temporarily in another repo to validate an idea (that can't just be tested entirely locally with npm link), or continue work while the first change is being reviewed.

This is a Feature Proposal

Description

I created a .npmrc in my home folder, then tried to use yarn publish in a project.

• What went wrong?

I got the following in my terminal:

yarn publish v0.19.1
[1/4] Bumping version...
info Current version: 1.0.3
question New version: 1.0.4
info New version: 1.0.4
[2/4] Logging in...
question npm username: hassankhan.otpotp
question npm email: [email protected]
question npm password:
success Logged in.
[3/4] Publishing...
success Published.
[4/4] Revoking token...
success Revoked login token.
error An unexpected error occurred: "https://l90d4v81rh.execute-api.eu-west-1.amazonaws.com/prod/registry/-/user/token/<myToken>: '<myToken>' not a valid key=value pair (missing equal-sign) in Authorization header: 'Bearer <myToken>'.".
info If you think this is a bug, please open a bug report with the information provided in "/Users/hassankhan/Projects/yith-test/yarn-error.log".
info Visit https://yarnpkg.com/en/docs/cli/publish for documentation about this command.

• What did you expect should have happened?

It should have published like npm publish would have.

Additional Data

• NPM CLI version you are using: 3.10.3
• Yarn CLI version you are using: 0.19.1
• Serverless version you're using: 1.6.1
• Node version you're using: 6.7.0

This is a Bug Report?

Bug? / Misconfiguration? / Lacking doc?

Description

After deploying a serverless application (following the tutorial), and configuring my .npmrc to the following:

registry=https://XXXX.execute-api.eu-central-1.amazonaws.com/prod/registry
always-auth=true

I manage to login correctly

But npm login fails with the appropriate configuration:

registry=https://my.custom.domain.com/prod/registry
always-auth=true

Additional Data

• When checking https://my.custom.domain.com/prod/registry on my browser, it works correctly
• https is working too and the certificate is valid
• when running the serverless command to migrate (serverless codebox domain --stage prod --host my.custom.domain.com), i get "Access denied"

• NPM CLI version you are using:
  npm 5.5.1

• Serverless version you're using:
  serverless 1.11.0

• Node version you're using:
  node 8.9.1

This is a Bug Report

Description

The latest tag is always updated when running npm publish, even when specifying another tag using the --tag flag. This is not the expected behavior (see additional data).

I believe this can fixed by deleting line 69 (json['dist-tags'].latest = version;) in publish.js, but I'm not entirely sure whether there are assumptions in this code that I'm not aware of.

Additional Data

• NPM documentation on tags
• Prereleases and Npm

This is a Bug Report

Description

For bug reports:

• What went wrong?
  Codebox failed to deploy.

• What did you expect should have happened?
  I expected Codebox to use the profile value from my serverless.yml.

• What was the config / env variables you used?

• What stacktrace or error message did you
  experience?

$ sls deploy --stage prod
Serverless: Bundling with Webpack...
Time: 2148ms
              Asset     Size  Chunks             Chunk Names
authorizerGithub.js  15.1 kB       0  [emitted]  authorizerGithub
  distTagsDelete.js  27.6 kB       1  [emitted]  distTagsDelete
     distTagsGet.js  35.9 kB       2  [emitted]  distTagsGet
     distTagsPut.js  27.8 kB       3  [emitted]  distTagsPut
             get.js  36.1 kB       4  [emitted]  get
             put.js  38.9 kB       5  [emitted]  put
          tarGet.js  25.5 kB       6  [emitted]  tarGet
         userPut.js    11 kB       7  [emitted]  userPut
Serverless: Packing external modules: babel-polyfill@^6.22.0, github@^8.1.1, node-fetch@^1.6.3
Serverless: Packaging service...
Serverless: Could not create AWS Logging SNS Topic: Missing credentials in config

  Credentials Error --------------------------------------

     Missing credentials in config

     For debugging logs, run again after setting the "SLS_DEBUG=*" environment variable.

  Get Support --------------------------------------------
     Docs:          docs.serverless.com
     Bugs:          github.com/serverless/serverless/issues

     Please report this error. We think it might be a bug.

  Your Environment Information -----------------------------
     OS:                 darwin
     Node Version:       6.7.0
     Serverless Version: 1.8.0

I managed to work around it by running export AWS_PROFILE="MyProfile"and then redeploying.

Additional Data

• NPM CLI version you are using: 3.10.3
• Serverless version you're using: 1.8.0
• Node version you're using: 6.7.0

This is a Bug Report

Description

For bug reports:

• What went wrong?
  When attempting to use npm i npm --save failed.

It actually came about attempting to install cordova as npm is a dependency of it.

• What did you expect should have happened?
  npm module should have installed

• What stacktrace or error message did you
  experience?

Similar or dependent issues:

• #39

Additional Data

• NPM CLI version you are using:
  3.10.16
• Serverless version you're using:
  1.6.1
• Node version you're using:
  v6.2.0

This is a Bug Report

The serverless install url in the README points to an obsolete version.

Description

Expected:

https://github.com/craftship/codebox-npm/tree/0.21.2

Actual:

https://github.com/craftship/codebox-npm/tree/0.21.0

Description

Can we add versionFunctions: false option in serverless.yml? this option is true by default in serverless. so, this will create new function versions for each new deployment, which increases code storage in Lambda, so the cost.

I think mostly versioning is not required in registry by default.

Pull request - #77

Additional Data

• NPM CLI version you are using - 4.2.0:
• Serverless version you're using - 1.11.0:
• Node version you're using - 7.8.0:

In the README it seems to be saying add the token without the // prefix, is that correct or just an oversight?

Bug Report

npm logout throws Registry returned 403 for DELETE on https://abcdefg12345.execute-api.us-east-1.amazonaws.com/prod/registry/-/user/token/4b72ca7212dec3de8bc4520de2275c112401312b

It should have logged out user from npm for default scope.

logs:

npm logout
npm ERR! Darwin 16.4.0
npm ERR! argv "/usr/local/bin/node" "/usr/local/bin/npm" "logout"
npm ERR! node v7.8.0
npm ERR! npm  v4.2.0
npm ERR! code E403

npm ERR! Registry returned 403 for DELETE on https://abcdefg12345.execute-api.us-east-1.amazonaws.com/prod/registry/-/user/token/4b72ca7212dec3de8bc4520de2275c112401312b
npm ERR! 
npm ERR! If you need help, you may report this error at:
npm ERR!     <https://github.com/npm/npm/issues>

npm ERR! Please include the following file with any support request:
npm ERR!     /Users/user/.npm/_logs/2017-04-20T12_04_54_670Z-debug.log

Also I see similar issue while using npm unpublish @org/[email protected]
(Registry returned 403 for DELETE on https://abcdefg12345.execute-api.us-east-1.amazonaws.com/prod/registry/@org%2ftest/-rev/undefined).

Any idea how to fix this?

Additional Data

• NPM CLI version you are using - 4.2.0:
• Serverless version you're using - 1.11.0:
• Node version you're using - 7.8.0:

I'm trying to setup the application and followed all the steps, but I'm not being able to execute npm install because I get a 403 (forbidden) all the time..

I've got to run npm login but can't go any further because of this.. apparently all the settings are ok (I've checked the variables in aws console) and I'm stuck now...

Is there any checklist I could use to try to find where it's failing ?

Thanks a lot !

Following the steps from the README.md and finally running serverless deploy --stage prod results into:

The Serverless version (1.25.0) does not satisfy the "frameworkVersion" (=1.11.0) in serverless.yml

Changing the serverless.yml line #1 into:

frameworkVersion: '=1.25.0'

fixes the error.

This is a Bug Report

Description

I've published a package on Yith under my username, elsewhere my colleague has logged in and tries to download the package.

For bug reports:

• What went wrong?
  It failed with a checksum error.

• What did you expect should have happened?
  It should have downloaded the dependency as usual.

• What stacktrace or error message did you
  experience?

npm ERR! Darwin 15.6.0
npm ERR! argv "/usr/local/Cellar/node@6/6.9.5/bin/node" "/usr/local/bin/npm" "i" "-S" "yith-test"
npm ERR! node v6.9.5
npm ERR! npm  v3.10.10

npm ERR! shasum check failed for /var/folders/hy/5mcsh4rj4nqdr2dd7lsfzybr0000gn/T/npm-44837-8db82cdb/wgn99rpqrc.execute-api.eu-west-1.amazonaws.com/prod/registry/yith-test/-/yith-test-1.0.1.tgz
npm ERR! Expected: e4ef8ff55c945d69986138d3d390c41d1841cf9a
npm ERR! Actual:   298b1fe737fc503f48bc89e36ad063615bf9fc04
npm ERR! From:     https://wgn99rpqrc.execute-api.eu-west-1.amazonaws.com/prod/registry/yith-test/-/yith-test-1.0.1.tgz
npm ERR!
npm ERR! If you need help, you may report this error at:
npm ERR!     <https://github.com/npm/npm/issues>

npm ERR! Please include the following file with any support request:
npm ERR!     /Users/hassankhan/Projects/yith-project-test/npm-debug.log

Additional Data

• NPM CLI version you are using: 3.10.10
• Serverless version you're using: 1.6.1
• Node version you're using: 6.9.5

This is a Feature Proposal

Description

Is there a recommended way of upgrading from an older version?

Installing using the instructions results in a copy of this repo without any Git history, so would it be better for us to clone the repo and deploy instead?

This is a (Bug Report / Feature Proposal)

Description

Cannot npm install a package published to the registry.

For bug reports:

• What went wrong?
  The s3 bucket has...

$ aws s3 ls some-registry-prod/intelli-notes-common/
2019-04-19 00:28:45       7072 1.0.47.tgz
2019-04-19 00:30:31       7071 1.0.48.tgz
2019-04-19 01:21:01       7077 1.0.49.tgz
2019-04-19 01:21:01      11907 index.json

The install fails...

$ npm install intelli-notes-common
npm ERR! Only absolute URLs are supported

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/trenta/.npm/_logs/2019-04-19T07_29_16_405Z-debug.log

• What did you expect should have happened?
  It should have installed the npm package

• What was the config / env variables you used?
  export CODEBOX_REGION="us-west-2" # Set the AWS region you wish your registry to be deployed to
  export CODEBOX_ADMINS="TrentonAdams" # Comma seperated list of github usernames (e.g. "jon,kadi"), these users will be the only ones able to publish
  export CODEBOX_REGISTRY="https://registry.npmjs.org/" # The NPM mirror you wish to proxy through to
  export CODEBOX_BUCKET="some-npm-registry" # The name of the bucket in which you wish to store your packages
  export CODEBOX_GITHUB_URL="https://api.github.com/" # The GitHub / GitHub Enterprise api url
  export CODEBOX_GITHUB_CLIENT_ID="" # The client id for your GitHub application
  export CODEBOX_GITHUB_SECRET="" # The secret for your GitHub application
  export CODEBOX_RESTRICTED_ORGS="" # OPTIONAL: Comma seperated list of github organisations to only allow access to users in that org (e.g. "craftship,myorg"). Useful if using public GitHub for authentication, as by default all authenticated users would have access.

• What stacktrace or error message did you
  experience?

Log output...

0 info it worked if it ends with ok
1 verbose cli [ '/home/trenta/.nvm/versions/node/v11.8.0/bin/node',
1 verbose cli   '/home/trenta/.nvm/versions/node/v11.8.0/bin/npm',
1 verbose cli   'install',
1 verbose cli   'intelli-notes-common' ]
2 info using [email protected]
3 info using [email protected]
4 verbose npm-session 13ea6922d9af3cd0
5 silly install loadCurrentTree
6 silly install readLocalPackageData
7 http fetch GET 200 https://dfdfdsfasdfafe.execute-api.us-west-2.amazonaws.com/prod/registry/intelli-notes-common 582ms
8 silly fetchPackageMetaData error for intelli-notes-common@latest Only absolute URLs are supported
9 timing stage:rollbackFailedOptional Completed in 2ms
10 timing stage:runTopLevelLifecycles Completed in 2654ms
11 verbose stack TypeError: Only absolute URLs are supported
11 verbose stack     at getNodeRequestOptions (/home/trenta/.nvm/versions/node/v11.8.0/lib/node_modules/npm/node_modules/node-fetch-npm/src/request.js:131:11)
11 verbose stack     at fetch.Promise (/home/trenta/.nvm/versions/node/v11.8.0/lib/node_modules/npm/node_modules/node-fetch-npm/src/index.js:44:21)
11 verbose stack     at new Promise (<anonymous>)
11 verbose stack     at fetch (/home/trenta/.nvm/versions/node/v11.8.0/lib/node_modules/npm/node_modules/node-fetch-npm/src/index.js:41:10)
11 verbose stack     at retry (/home/trenta/.nvm/versions/node/v11.8.0/lib/node_modules/npm/node_modules/make-fetch-happen/index.js:332:14)
11 verbose stack     at /home/trenta/.nvm/versions/node/v11.8.0/lib/node_modules/npm/node_modules/promise-retry/index.js:29:24
12 verbose cwd /home/trenta/Documents/development/node/intelli-notes/server
13 verbose Linux 4.15.0-46-generic
14 verbose argv "/home/trenta/.nvm/versions/node/v11.8.0/bin/node" "/home/trenta/.nvm/versions/node/v11.8.0/bin/npm" "install" "intelli-notes-common"
15 verbose node v11.8.0
16 verbose npm  v6.5.0
17 error Only absolute URLs are supported
18 verbose exit [ 1, true ]

Interestingly enough, npm knows what the latest version of the the package is...

$ npm view intelli-notes-common
npm ERR! Cannot read property '1.0.49' of undefined
Unhandled rejection TypeError: Cannot read property '1.0.49' of undefined
    at BB.try (/home/trenta/.nvm/versions/node/v11.8.0/lib/node_modules/npm/lib/view.js:222:57)
    at tryCatcher (/home/trenta/.nvm/versions/node/v11.8.0/lib/node_modules/npm/node_modules/bluebird/js/release/util.js:16:23)
    at Function.Promise.attempt.Promise.try (/home/trenta/.nvm/versions/node/v11.8.0/lib/node_modules/npm/node_modules/bluebird/js/release/method.js:39:29)
    at prettyView (/home/trenta/.nvm/versions/node/v11.8.0/lib/node_modules/npm/lib/view.js:186:16)
    at BB.all.results.map (/home/trenta/.nvm/versions/node/v11.8.0/lib/node_modules/npm/lib/view.js:173:35)
    at Array.map (<anonymous>)
    at /home/trenta/.nvm/versions/node/v11.8.0/lib/node_modules/npm/lib/view.js:173:24
    at f (/home/trenta/.nvm/versions/node/v11.8.0/lib/node_modules/npm/node_modules/once/once.js:25:25)
    at /home/trenta/.nvm/versions/node/v11.8.0/lib/node_modules/npm/node_modules/npm-registry-client/lib/request.js:78:16
    at /home/trenta/.nvm/versions/node/v11.8.0/lib/node_modules/npm/node_modules/npm-registry-client/lib/request.js:105:12
    at f (/home/trenta/.nvm/versions/node/v11.8.0/lib/node_modules/npm/node_modules/once/once.js:25:25)
    at RegClient.<anonymous> (/home/trenta/.nvm/versions/node/v11.8.0/lib/node_modules/npm/node_modules/npm-registry-client/lib/request.js:324:12)
    at Request._callback (/home/trenta/.nvm/versions/node/v11.8.0/lib/node_modules/npm/node_modules/npm-registry-client/lib/request.js:216:14)
    at Request.self.callback (/home/trenta/.nvm/versions/node/v11.8.0/lib/node_modules/npm/node_modules/request/request.js:185:22)
    at Request.emit (events.js:197:13)
    at Request.<anonymous> (/home/trenta/.nvm/versions/node/v11.8.0/lib/node_modules/npm/node_modules/request/request.js:1161:10)

Additional Data

$ serverless --version
1.41.0
$ npm --version
6.5.0
$ node --version
v11.8.0

This is a (Bug Report / Feature Proposal)

Description

I was able to publish a package once I used "npm login" and used my github credentials, however once I switched to another project and tried to install that package, I received a 403 Forbidden. I tried sending a PostMan request to the API Gateway endpoint and got the following in the body of the 403:
{
"Message": "User is not authorized to access this resource with an explicit deny"
}

Although I'm not confident this is valid as I wasn't sure what the proper headers were. Sending no auth info returns a 401, but adding basic auth and entering my github username and password gave me the 403 above.

For bug reports:

• What went wrong?
  NPM publish works fine, but when I go to npm install I get a 403 Forbidden

• What did you expect should have happened?
  NPM install should have worked

• What was the config / env variables you used?
  CODEBOX_ADMINS beckleyc
  CODEBOX_BUCKET fowl-npm-registry
  CODEBOX_GITHUB_CLIENT_ID xxxxxx
  CODEBOX_GITHUB_SECRET xxxxxxx
  CODEBOX_GITHUB_URL https://api.github.com/
  CODEBOX_REGION us-east-1
  CODEBOX_REGISTRY http://registry.npmjs.org/
  CODEBOX_RESTRICTED_ORGS testOrg

• What stacktrace or error message did you
  experience?
  7 http fetch GET 403 https://xxxxx.execute-api.us-east-1.amazonaws.com/dev/registry/avian-common 181ms
  8 silly fetchPackageMetaData error for [email protected] 403 Forbidden: [email protected]

Additional Data

• NPM CLI version you are using:
  6.4.1

• Serverless version you're using:
  1.30.3

• Node version you're using:
  8.11.4

This is a Feature Proposal

Description

When deploying, chances are you're not using Codebox Insights 😄 , so the warnings might be a little scary. Perhaps we could add some check or hide the Codebox Insights stuff behind a flag?

Bug Report

Seems because the attachements are stored it quite quickly hits the 6MB limit when requesting files from S3.

Description

For bug reports:

• What went wrong?
  body size is too long is too long from Lambda in get.js

• What did you expect should have happened?
  Relevant private package should be returned

• What was the config / env variables you used?
  N/A

• What stacktrace or error message did you
  experience?
  body size is too long

Additional Data

• NPM CLI version you are using:
  3.10.10
• Serverless version you're using:
  1.5.1
• Node version you're using:
  6.9.5
• Yith Version:
  0.7.0

Feature usage info needed

I have tried to restrict organisation using export CODEBOX_RESTRICTED_ORGS="xyzOrg" and export CODEBOX_GITHUB_URL="https://api.github.com/" and provided github tokens(from https://github.com/settings/developers) from same org.

Tried logged in(using npm login) from github organisation email. but serverless url throws 403 for all the requests.

If I remove CODEBOX_RESTRICTED_ORGS, everything works fine.

Need more clarifications on how to properly use CODEBOX_RESTRICTED_ORGS?

Additional Data

• NPM CLI version you are using - 4.2.0:
• Serverless version you're using - 1.11.0:
• Node version you're using - 7.8.0:

This is a (Bug Report / Feature Proposal)

Bug report

Description

Okay, I think i finally sorted this out.
If you create a repository then operate a custom domain on it, it seems that packages you push on it (using the custom domain url) will give a 401 error when pulled later on (through npm install/yarn add)

Additional Data

Removing the "authorizer: authorizerGithub" on the target.default handler will remove auth checking from the lambda function. It seems to work correctly after that.
But well, as a drawback everyone can now install your packages given the registry and name.

• NPM CLI version you are using: npm 5.5.1, yarn 1.3.2
• Serverless version you're using: 1.24.1
• Node version you're using: 8.9.1

This is a Feature Proposal

Description

Currently, attempting to publish a package that exists on the public registry will always fail. This restriction makes sense if we assume that users should (or only want to) store unique packages in codebox and intend to proxy all other requests to the global registry.

I'm new here and not sure if this assumption is intentional and/or a desirable characteristic of this registry solution in particular. If so, please allow me to convince you of a few good reasons to allow configuration of this restriction:

1. overriding or patching public packages. deprecated, poorly maintained, and abandoned packages are all too common on the public registry and pose a huge risk to operational security and stability. allowing organizations to publish new (or override existing) versions of public packages is a good way to mitigate that risk.
2. limiting published packages to certain scopes. organizations may wish to enforce, at the registry level, which scope(s) are eligible for private hosting. this is useful when developers opt to only associate the private registry with certain scope(s) or if an organization needs to maintain several registries, each responsible for a discrete scope(s).
3. deprecating private scopes. very similar to # 2, organizations migrating from an existing private registry solution may wish to continue to provide read-only access to a legacy scoped package and also disable publishing new packages to that same scope.

A naive implementation that would satisfy # 2 & # 3 could be accomplished by adding a new environment variable (eg: CODEBOX_RESTRICTED_SCOPES) formatted as a comma-delimited list of permissible scopes. A simple membership check of this list before the existing unique check should be sufficient.

# 1 quickly becomes non-trivial if the ability to override at the version level is desired as existing checks and processes are limited to the package level.

What do y'all think?

This is a Question

Description

It doesn't seem that there's anything (from the documentation, anyway) to stop a valid GitHub user from connecting to the API Gateway of your private registry. Looking through the authorizer, it seems only users in the YITH_ADMINS can connect, but I could be wrong?

This is a Bug Report

Description

I published a package (yith-test) on my Yith deployment successfully. I then tried to npm install -S yith-test in another package. I also tried npm install -S lodash unsuccessfully.

For bug reports:

• What went wrong?
  I got a 403 error from the registry.

• What did you expect should have happened?
  It should have retrieved my package from the Yith S3 bucket

• What stacktrace or error message did you
  experience?

$ npm install -S yith-test
npm ERR! Darwin 15.6.0
npm ERR! argv "/Users/hassankhan/.nvm/versions/node/v6.7.0/bin/node" "/Users/hassankhan/.nvm/versions/node/v6.7.0/bin/npm" "i" "yith-test" "-S"
npm ERR! node v6.7.0
npm ERR! npm  v3.10.3
npm ERR! code E403

npm ERR! Registry returned 403 for GET on https://l90d4v81rh.execute-api.eu-west-1.amazonaws.com/prod/registry/yith-test
npm ERR!
npm ERR! If you need help, you may report this error at:
npm ERR!     <https://github.com/npm/npm/issues>

npm ERR! Please include the following file with any support request:
npm ERR!     /Users/hassankhan/Projects/yith-project-test/npm-debug.log

$ npm install -S lodash
npm ERR! Darwin 15.6.0
npm ERR! argv "/Users/hassankhan/.nvm/versions/node/v6.7.0/bin/node" "/Users/hassankhan/.nvm/versions/node/v6.7.0/bin/npm" "i" "lodash" "-S"
npm ERR! node v6.7.0
npm ERR! npm  v3.10.3
npm ERR! code E403

npm ERR! Registry returned 403 for GET on https://l90d4v81rh.execute-api.eu-west-1.amazonaws.com/prod/registry/lodash
npm ERR!
npm ERR! If you need help, you may report this error at:
npm ERR!     <https://github.com/npm/npm/issues>

npm ERR! Please include the following file with any support request:
npm ERR!     /Users/hassankhan/Projects/yith-project-test/npm-debug.log

Additional Data

• NPM CLI version you are using: 3.10.3
• Serverless version you're using: 1.6.1
• Node version you're using: 6.7.0

This is a Bug Report

Description

For bug reports:

• What went wrong?
  I wasn't able to run npm i in my project.

• What did you expect should have happened?
  It should have installed my project's dependencies successfully.

• What was the config / env variables you used?

• What stacktrace or error message did you
  experience?

$ npm i myprivpackage -S
npm ERR! Darwin 15.6.0
npm ERR! argv "/Users/cainaleao/.nvm/versions/node/v4.6.0/bin/node" "/Users/hassankhan/.nvm/versions/node/v4.6.0/bin/npm" "i" "myprivpackage" "-S"
npm ERR! node v4.6.0
npm ERR! npm  v3.10.9
npm ERR! code E403

npm ERR! Registry returned 403 for GET on https://XXXXXXXXX.execute-api.eu-west-1.amazonaws.com/prod/registry/myprivpackage
npm ERR!
npm ERR! If you need help, you may report this error at:
npm ERR!     <https://github.com/npm/npm/issues>

npm ERR! Please include the following file with any support request:
npm ERR!     /Development/Sandbox/testnode/npm-debug.log

$ npm i lodash -S
npm ERR! Darwin 15.6.0
npm ERR! argv "/Users/hassankhan/.nvm/versions/node/v4.6.0/bin/node" "/Users/cainaleao/.nvm/versions/node/v4.6.0/bin/npm" "i" "lodash" "-S"
npm ERR! node v4.6.0
npm ERR! npm  v3.10.9
npm ERR! code E403

npm ERR! Registry returned 403 for GET on https://XXXXXXXXX.execute-api.eu-west-1.amazonaws.com/prod/registry/lodash
npm ERR!
npm ERR! If you need help, you may report this error at:
npm ERR!     <https://github.com/npm/npm/issues>

npm ERR! Please include the following file with any support request:
npm ERR!     /Development/Sandbox/testnode/npm-debug.log

Additional Data

• NPM CLI version you are using: 3.10.9
• Serverless version you're using: 1.8.0
• Node version you're using: 4.6.0

Also tested on:

• NPM CLI version you are using: 3.10.10
• Serverless version you're using: 1.8.0
• Node version you're using: 6.7.0

This is a Bug Report

Description

• What went wrong?
  Attempted to publish package after logging in.

• What did you expect should have happened?
  Should have published the package.

• What was the config / env variables you used?
  Err.. mostly my env arguments?

• What stacktrace or error message did you
  experience?

$ npm publish
npm ERR! registry error parsing json
npm ERR! publish Failed PUT 413
npm ERR! Unexpected token H in JSON at position 0
npm ERR! HTTP content length exceeded 10485760 bytes.

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/hassankhan/.npm/_logs/2017-06-24T20_53_19_366Z-debug.log

Similar or dependent issues:

• #50

Additional Data

• NPM CLI version you are using: 4.6.1
• Serverless version you're using: 1.11.0
• Node version you're using: 6.10.0

Create contribution guidelines to help people get involved.

This is a Feature Proposal

Description

It would be super nice if we could have a secrets.yml and secrets.example.yml which contain all the current environment variables. This then gets pulled into serverless.yml for deployment. secrets.yml should be added to .gitignore as well.

This is a Feature Proposal

Description

Please support NPM tokens.

npm token list --registry https://xyz.amazonaws.com/dev/registry/
npm token create --read-only --registry https://xyz.amazonaws.com/dev/registry/

These commands currently fail (403) because of missing endpoint:

https://xyz.amazonaws.com/dev/registry/-/npm/v1/tokens

Read-only tokens are useful in CI builds.

This is a Bug Report

Description

Ran sls remove --stage prod.

For bug reports:

• What went wrong?
  The stack failed to delete.

• What did you expect should have happened?
  The stack should have been deleted.

• What was the config / env variables you used?

• What stacktrace or error message did you
  experience?

$ sls remove --stage prod
Serverless: Getting all objects in S3 bucket...
Serverless: Removing objects in S3 bucket...
Serverless: Removing Stack...
Serverless: Checking Stack removal progress...
...........................................Serverless: Deployment failed!

  Serverless Error ---------------------------------------

     An error occurred while provisioning your stack: PackageStorage
     - The bucket you tried to delete is not empty.

  Get Support --------------------------------------------
     Docs:          docs.serverless.com
     Bugs:          github.com/serverless/serverless/issues

  Your Environment Information -----------------------------
     OS:                 darwin
     Node Version:       6.7.0
     Serverless Version: 1.6.1

Additional Data

• NPM CLI version you are using: 3.10.3
• Serverless version you're using: 1.6.1
• Node version you're using: 6.7.0