Avoid using a global installation of Verdaccio. Despite what Verdaccio examples or documentation suggest, globally installed plugins may not work.
Verdaccio loads plugins by requiring them from various locations. Global
node_modules are NOT included in this search because they are NOT part of the
Node.js resolve algorithm. See
#13
for more info.
Solutions that worked for others:
- Add your global
node_modulesfolder to theNODE_PATHenvironment variable. This hints to Node.js where else to search in addition to default locations. - Create a
package.jsonand install Verdaccio + plugins locally. - If you are using npm, try using yarn (only tested with classic). It installs or resolves modules differently such that globally installed plugins are found.
- Extend the official Docker image. It uses a local Verdaccio installation by default.
- Double-check that your configured client id and client secret are correct.
- You might be using this plugin in combination with another auth plugin that allows users to register without having a corresponding GitHub account.
- If you are behind a proxy, make sure you are also passing through the query
parameters to Verdaccio. See
#47
for an example using
nginx.
Error: "npm ERR! Unable to authenticate, your authentication token seems to be invalid." or "error--- undefined is forbidden publish for"
You can run into this problem if you're using Verdaccio's legacy token encryption of Verdaccio (which is inconveniently the default).
In that case, if authentication succeeds but the user does not have any groups, the user is treated as anonymous.
This is different from how Verdaccio acts when using JWT API security. In that case, the user does not need to have any groups as long as authentication succeeds.
For more context, please see: