why I can't star package whose name starts with '@'


(谢超) #1

What I Wanted to Do

I want to star package https://www.npmjs.com/package/@sindresorhus/is, so I run:

npm star @sindresorhus/is

What Happened Instead

npm reports:

npm ERR! code E401
npm ERR! You must be logged-in to modify a package. : @sindresorhus/is

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/xiechao/.npm/_logs/2018-09-12T10_06_55_611Z-debug.log

I am sure that I have logged in!

Reproduction Steps

$ npm login
$ npm star @sindresorhus/is

Details

Platform Info

$ npm --versions

{ test: '1.0.0',
  npm: '6.3.0',
  ares: '1.10.1-DEV',
  cldr: '32.0',
  http_parser: '2.8.0',
  icu: '60.1',
  modules: '57',
  napi: '3',
  nghttp2: '1.32.0',
  node: '8.11.3',
  openssl: '1.0.2o',
  tz: '2017c',
  unicode: '10.0',
  uv: '1.19.1',
  v8: '6.2.414.54',
  zlib: '1.2.11' }

$ node -p process.platform
 
darwin


(Lars Willighagen) #2

Reproduced on v6.4.1. It seems like there are some issues with permissions for scoped packages. I can star packages in orgs that I’m part of just fine.


(Brian Olore) #3

I’m betting the @ isn’t getting encoded properly, notice that the / is converted to %2f

npm http request PUT https://registry.npmjs.org/@sindresorhus%2fis
npm http 401 https://registry.npmjs.org/@sindresorhus%2fis

Update, now I’m not so sure, because the GET works:

npm http request GET https://registry.npmjs.org/@sindresorhus%2fis?write=true
npm http 200 https://registry.npmjs.org/@sindresorhus%2fis?write=true

Maybe useful log info

npm http request PUT https://registry.npmjs.org/@sindresorhus%2fis
npm http 401 https://registry.npmjs.org/@sindresorhus%2fis
npm verb headers { date: 'Wed, 12 Sep 2018 15:36:33 GMT',
npm verb headers   'content-type': 'application/json',
npm verb headers   'content-length': '70',
npm verb headers   connection: 'keep-alive',
npm verb headers   'set-cookie': 
npm verb headers    [ '__cfduid=da985c9e59f267cb2383a08163a1c79b21536766593; expires=Thu, 12-Sep-19 15:36:33 GMT; path=/; domain=.registry.npmjs.org; HttpOnly' ],
npm verb headers   'cf-ray': '45937346aa7091dc-EWR',
npm verb headers   'expect-ct': 'max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"',
npm verb headers   vary: 'Accept-Encoding',
npm verb headers   server: 'cloudflare' }
npm verb stack Error: You must be logged-in to modify a package. : @sindresorhus/is
npm verb stack     at makeError (/Users/brian/.nvm/versions/node/v8.11.3/lib/node_modules/npm/node_modules/npm-registry-client/lib/request.js:316:12)

(Brian Olore) #4

Well, after playing around a bit, it is not related to the @ of the %2f, at least from the client side. I still have suspicions on the registry server itself though.

A very similar issue was reported and fixed in 2016, but no link to any commit/code was provided. In fact, I can’t find the source code for the registry :frowning_face: One difference though is that we now get a 401 with You must be logged-in instead of a 404 with ... is not in the npm registry