Error: Could not login to npm

[zeke]

I've seen this a few times now: I run the CLI, it fails. If I run npm whoami then give npx semantic-release-cli setup another time, it works! Not sure what the deal is, as I'm not changing my login status.

First attempt fails:

$ npx semantic-release-cli setup
? What is your npm registry? https://registry.npmjs.org/
? What is your npm username? zeke
ERR! semantic-release Error: Could not login to npm.
ERR! semantic-release     at getNpmToken (/usr/local/lib/node_modules/semantic-release-cli/src/lib/npm.js:51:21)
ERR! semantic-release     at <anonymous>
ERR! semantic-release     at process._tickCallback (internal/process/next_tick.js:188:7)
ERR! semantic-release  { Error: Could not login to npm.
ERR! semantic-release     at getNpmToken (/usr/local/lib/node_modules/semantic-release-cli/src/lib/npm.js:51:21)
ERR! semantic-release     at <anonymous>
ERR! semantic-release     at process._tickCallback (internal/process/next_tick.js:188:7)
ERR! semantic-release   stack: 'Error: Could not login to npm.\n    at getNpmToken (/usr/local/lib/node_modules/semantic-release-cli/src/lib/npm.js:51:21)\n    at <anonymous>\n    at process._tickCallback (internal/process/next_tick.js:188:7)' }

But I'm logged in to npm:

$ npm whoami
zeke

Second attempt works:

$ npx semantic-release-cli setup
? What is your npm registry? https://registry.npmjs.org/
? What is your npm username? zeke
? What is your GitHub username? zeke

[gr2m]

Yeah I've seen that myself lately, without updating semantic-release-cli, I think. Would love it if someone could investigate

[zeke]

For the record, I'm still getting this error a lot.

[simlu]

Same here. How do you resolve this?

Edit: Nvm, just try again and again... :)

[simlu]

Ok, this is getting ridiculous... :/

[gr2m]

@simlu sorry that this frustrates you, but please be kind ❤️ we would appreciate if you could delete or edit your comment

[simlu]

@gr2m Apologies for not providing more details - just having a really bad day here. So this seems to be related to slow connections somehow. After tethering through my phone it worked /shrugs

[cliffvick]

I am still getting this error quite a bit as well. Has there been any progress on determining what is causing this?

[gr2m]

nope. I’m quite sure something changed on npm’s side. Nobody is looking into it right now, I get it too, all the time :( if you could look into it that’d be great

[zeke]

Hey @kbrandwijk and @pvdlg 👋 , I'm trying to understand how this part of the code works. Does the PUT request to CouchDB generate a new token on every request?

cli/src/lib/npm.js

Lines 24 to 27 in 45c00b4

	const uri = url.resolve(npm.registry, '-/user/org.couchdb.user:' + encodeURIComponent(npm.username));
	const {err, token} = await new Promise(resolve => {
	client.request(uri, {method: 'PUT', body}, async (err, parsed, raw, response) => {

[zeke]

Wondering if we could just fall back to using the token in ~/.npmrc, using get-auth-token-from-npmrc, or something similar.

[gr2m]

Does the PUT request to CouchDB generate a new token on every request?

I don’t know, but looks like it? Here is how it worked before: https://github.com/semantic-release/cli/blame/bdbf616c8f0b03816f5a509e7c48d06c92a81344/src/lib/npm.js#L12 when we used npm-registry-client

I guess that would be the right code to investigate though, if there is an error, maybe log out the error entirely and see if there is anything helpful in there?

Wondering if we could just fall back to using the token in ~/.npmrc,

I think that’d be dangerous, I very often have dedicated npm accounts only for semantic-release, I woudln’t want it accidentally take a token from my personal account when I don’t want to

[theoomoregbee]

From working on this #185 i saw that it always generates token at first, and then complain about not able to login, trying again immediately it should work, since the first try generates the token without you knowing

check https://github.com/theo4u/cli/blob/aac04906701889d4bb17b2ae75671bb2dea012ee/src/lib/npm.js#L46
i resolved it there instead of the body because parsed returns the newly generated token

@gr2m ^^

[pvdlg]

The problem come from the npm registry instability. npm-registry-client include a retry mechanism that was alleviating the network/server issues.

It has been changed to handle 409 errors from some "compatible" registries in 92e15f7.

The solution would be to use a proper http client (personally I prefer https://github.com/sindresorhus/got) that would allow to use Promises, setup the authentication (token or user/pass/email) and handle the different errors. And we would need to add a retry mechanism with https://github.com/sindresorhus/p-retry.

Another solution would be to use npm-registry-client again and to promisify it with https://github.com/sindresorhus/pify so we can handle a callback with multiple arguments (err, parsed, raw and response) with multiargs.

I would rather use https://github.com/sindresorhus/got rather than continuing to deal with the multiple issues and shortcomings of npm-registry-client (we had a bunch of problems with it in https://github.com/semantic-release/npm).

[timiscoding]

I'm new to semantic-release-cli and I sometimes get this issue. First time I ran setup it logged in fine but subsequent attempts kept failing then after a while, it seemed to work again. Here are my logs running the module with npm_config_loglevel=verbose:

login failure

request uri https://registry.npmjs.org/-/user/org.couchdb.user:timiscoding
verb semantic-release request new user, so can't send auth
info semantic-release attempt registry request try #1 at 10:48:28
verb semantic-release request id 4733ce8b8e603591
http semantic-release request PUT https://registry.npmjs.org/-/user/org.couchdb.user:timiscoding
http semantic-release 201 'https://registry.npmjs.org/-/user/org.couchdb.user:timiscoding'
verb semantic-release headers { 'content-type': 'application/json',
verb semantic-release   'content-encoding': 'gzip',
verb semantic-release   'cache-control': 'max-age=300',
verb semantic-release   'transfer-encoding': 'chunked',
verb semantic-release   'accept-ranges': 'bytes',
verb semantic-release   date: 'Wed, 04 Apr 2018 00:48:29 GMT',
verb semantic-release   via: '1.1 varnish',
verb semantic-release   connection: 'keep-alive',
verb semantic-release   'x-served-by': 'cache-syd18921-SYD',
verb semantic-release   'x-cache': 'MISS',
verb semantic-release   'x-cache-hits': '0',
verb semantic-release   'x-timer': 'S1522802908.204149,VS0,VE1702',
verb semantic-release   vary: 'Accept-Encoding, Accept' }
ERR! semantic-release Error: Could not login to npm.

login success

request uri https://registry.npmjs.org/-/user/org.couchdb.user:timiscoding
verb semantic-release request new user, so can't send auth
info semantic-release attempt registry request try #1 at 10:50:30
verb semantic-release request id 393737a7265f2531
http semantic-release request PUT https://registry.npmjs.org/-/user/org.couchdb.user:timiscoding
http semantic-release 201 'https://registry.npmjs.org/-/user/org.couchdb.user:timiscoding'
verb semantic-release headers { 'content-type': 'application/json',
verb semantic-release   'cache-control': 'max-age=300',
verb semantic-release   'content-length': '127',
verb semantic-release   'accept-ranges': 'bytes',
verb semantic-release   date: 'Wed, 04 Apr 2018 00:50:32 GMT',
verb semantic-release   via: '1.1 varnish',
verb semantic-release   connection: 'keep-alive',
verb semantic-release   'x-served-by': 'cache-syd18935-SYD',
verb semantic-release   'x-cache': 'MISS',
verb semantic-release   'x-cache-hits': '0',
verb semantic-release   'x-timer': 'S1522803031.714634,VS0,VE1682',
verb semantic-release   vary: 'Accept-Encoding, Accept' }
info semantic-release Successfully created npm token.

It appears that on the first try, the response is sending back json data but on subsequent tries, it sends back compressed data and so the code @zeke linked is not extracting the token.

Update: Replacing

cli/src/lib/npm.js

Line 45 in 45c00b4

resolve(response.body);

with

if (response.headers['content-encoding'] === 'gzip') {
    zlib.gunzip(response.body, (err, buffer) => {
      if (err) reject(err);
      resolve(JSON.parse(buffer.toString('utf8')));
    })
  } else {
    resolve(response.body);
  }
}

seems to have fixed my issue.

[PSanetra]

I have created the PR #199, which will probably fix this issue. I did not receive the error message "Error: Could not login to npm", but "Invalid authentication code" since I am using 2FA.

[selbekk]

Had the same problem, but resolved itself after running npm whoami as suggested.

[semantic-release-bot]

🎉 This issue has been resolved in version 3.6.5 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀

[pvdlg]

This should be fixed in 3.6.5. Please let us know if the issue is indeed fixed.

[zeke]

Thanks, @pvdlg! 🙏

[richardschneider]

@pvdlg I'm running 4.0.5 and still get the error!

> npm whoami
makaretu

> semantic-release-cli -v
4.0.5

> semantic-release-cli setup
? What is your npm registry? https://registry.npmjs.org/
? What is your npm username? makaretu
ERR! semantic-release Error: Could not login to npm.
ERR! semantic-release     at getNpmToken (C:/Users/Owner/AppData/Roaming/npm/node_modules/semantic-release-cli/src/lib/npm.js:55:21)
ERR! semantic-release     at <anonymous>
ERR! semantic-release     at process._tickCallback (internal/process/next_tick.js:188:7)
ERR! semantic-release  { Error: Could not login to npm.
ERR! semantic-release     at getNpmToken (C:/Users/Owner/AppData/Roaming/npm/node_modules/semantic-release-cli/src/lib/npm.js:55:21)
ERR! semantic-release     at <anonymous>
ERR! semantic-release     at process._tickCallback (internal/process/next_tick.js:188:7)
ERR! semantic-release   stack: 'Error: Could not login to npm.\n    at getNpmToken (C:/Users/Owner/AppData/Roaming/npm/node_modules/semantic-release-cli/src/lib/npm.js:55:21)\n    at <anonymous>\n    at process._tickCallback (internal/process/next_tick.js:188:7)' }

[simlu]

@richardschneider does this happen constantly or just occasionally? If it happens evey time I'd say it's a different issue (credentials to incorrect etc)

[RemeJuan]

I just ran into this myself on 4.0.7 and I got around it by turning off 2fa on npm, which is not ideal.

Seem maybe SR cli does not understand the 2fa with NPM, but it asked for it with guthub.

[kariae]

I confirm that the issue still exists on 4.0.7 even though npm whoami gives the good username

EDIT: after a quick debugging, I don't get E401 as code.error as supposed in npm.js#L35

for me, it's EOTP as code error, please someone confirm, I can send a PR for that ;)

[lgaticaq]

Some code error EOTP with version 4.0.7

[gr2m]

did that get resolved via #238?

[jimthedev]

Hey all, just a heads up that if you are still having this issue or something resembling this issue on OSX then make sure to check that an outdated isn't saved in your OSX keychain. I'd reset my bot account via the npm web interface but didn't do the same in my osx keychain which had my old password. You can check this by going to Keychain Access > All Items then search for semantic-release-cli:npm. Hope it helps someone who thinks they have this issue but actually have other problems. :)

[isthatcentered]

If you run your command with yarn ..., try running it with npm .... This "solves" the issue for me.

(I know this issue is closed but it comes up in the first results in google so adding this solution seems useful)

[Jeff-Tian]

I met the error today, finally figured out that the username should be all in lowercase.

npx semantic-release-cli setup                                                                                 $(spaceship_rprompt)
? What is your npm registry? https://registry.npmjs.org/
? What is your npm username? Jeff-Tian
? What is your npm password? [hidden]
ERR! semantic-release Error: Could not login to npm.
ERR! semantic-release     at getNpmToken (/Users/tianjef/.npm/_npx/17020/lib/node_modules/semantic-release-cli/src/lib/npm.js:25:21)
ERR! semantic-release     at processTicksAndRejections (internal/process/task_queues.js:97:5)
ERR! semantic-release  Error: Could not login to npm.
ERR! semantic-release     at getNpmToken (/Users/tianjef/.npm/_npx/17020/lib/node_modules/semantic-release-cli/src/lib/npm.js:25:21)
ERR! semantic-release     at processTicksAndRejections (internal/process/task_queues.js:97:5) {
ERR! semantic-release   stack: 'Error: Could not login to npm.\n' +
ERR! semantic-release     '    at getNpmToken (/Users/tianjef/.npm/_npx/17020/lib/node_modules/semantic-release-cli/src/lib/npm.js:25:21)\n' +
ERR! semantic-release     '    at processTicksAndRejections (internal/process/task_queues.js:97:5)'
ERR! semantic-release }

wechat-api on  master [!] is 📦 v0.0.0-development via ⬢ v12.16.2 at ☸️  kubesail-jeff-tian (jeff-tian) took 36s
➜ npm whoami
jeff-tian

wechat-api on  master [!] is 📦 v0.0.0-development via ⬢ v12.16.2 at ☸️  kubesail-jeff-tian (jeff-tian)
➜ npx semantic-release-cli setup
? What is your npm registry? https://registry.npmjs.org/
? What is your npm username? jeff-tian
? What is your npm password? [hidden]
? What is your GitHub username? jeff-tian

[gr2m]

could you send a pull request that lower-cases the username?