Cannot install packages with sensitive names

What I Wanted to Do

I am trying to install a package that contains the word whoami in its name.

$ npm install @pown/whoami

What Happened Instead

The package was not installed due to a 401 error.

curl 'https://registry.npmjs.org/@pown/whoami/-/whoami-2.0.1.tgz' -vvv

Reproduction Steps

$ npm install @pown/whoami

Details

This might be related to a WAF issue.

Platform Info

$ npm --versions
{ k: '1.0.0',
  npm: '6.7.0',
  ares: '1.15.0',
  brotli: '1.0.7',
  cldr: '34.0',
  http_parser: '2.8.0',
  icu: '63.1',
  llhttp: '1.1.1',
  modules: '67',
  napi: '4',
  nghttp2: '1.34.0',
  node: '11.10.1',
  openssl: '1.1.1a',
  tz: '2018e',
  unicode: '11.0',
  uv: '1.26.0',
  v8: '7.0.276.38-node.17',
  zlib: '1.2.11' }

$ node -p process.platform
darwin

Reproduced an error, although not 401.

$ npm install @pown/whoami
npm ERR! code EINTEGRITY
npm ERR! sha512-TPB6Srgfag/cSwax9YXPOPKfiethiSXCk6tQTiKnNkkAjAH2nrqYzCn1VgH4HWRhy/LUBWoZEV9dSrdpWllutg== integrity checksum failed when using sha512: wanted sha512-TPB6Srgfag/cSwax9YXPOPKfiethiSXCk6tQTiKnNkkAjAH2nrqYzCn1VgH4HWRhy/LUBWoZEV9dSrdpWllutg== but got sha512-QAc7Cxk/lfJstGzur7LdytBLTYmGwD8fiPlaKlz5HSB9Q2fVX1WggIjxwPPtdCKwLG0FLVH+jusu5djzGmHLxg==. (26 bytes)

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/john/.npm/_logs/2019-03-19T08_08_12_139Z-debug.log

Thanks. If you look at the logs you will see it is due to a 401 error when trying to fetch https://registry.npmjs.org/@pown/whoami/-/whoami-2.0.1.tgz

If you re-write the url slightly differenltly you get the tar.gz file:

curl 'https://registry.npmjs.org/@pown/whoami/-/w/whoami-2.0.1.tgz' -vvv

I suspect this might be due to a overzealous web application firewall

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.