NPM publish fails for packages that are linked to Gitea repositories #11469

New Issue

GiteaMirror · 2025-11-02T09:38:45-06:00

GiteaMirror commented

2025-11-02 09:38:45 -06:00

Originally created by @JoFrMueller on GitHub (Aug 16, 2023).

Description

When I try to publish specific packages with NPM, I get rejected:

2023/08/16 14:40:13 ...s/process/manager.go:188:Add() [T] Start 64dcc3ad: PUT: /api/packages/SomeOrg/npm/@someScope%2fannotations (request)
2023/08/16 14:40:13 ...eb/routing/logger.go:47:func1() [T] router: started PUT /api/packages/SomeOrg/npm/@someScope%2fannotations for
2023/08/16 14:40:13 ...vices/auth/oauth2.go:143:Verify() [T] OAuth2 Authorization: Found token for user[5]
2023/08/16 14:40:13 ...vices/auth/oauth2.go:153:Verify() [T] OAuth2 Authorization: Logged in user <User 5:user.name>
2023/08/16 14:40:13 models/repo/repo.go:309:LoadUnits() [T] repo.Units, ID=123, Types: [TypeCode, TypeIssues, TypePullRequests, TypeReleases, TypeWiki]
2023/08/16 14:40:13 ...s/repo_permission.go:139:func1() [T] Permission Loaded for <User 5:user.name> in <Repository 123:SomeOrg/FrontendLibs>:
Permissions: {AccessMode:owner Units:[0xc0031f5f80 0xc00353c000 0xc00353c090 0xc00353c150 0xc00353c1b0] UnitsMode:map[]}
2023/08/16 14:40:13 ...ges/helper/helper.go:31:LogAndProcessError() [D] no permission to upload this package

While publishing other NPM packages works perfectly fine.

These packages were accepted by other NPM registries like Verdaccio in the past.

The difference for the packages that fail is that for Verdaccio I had to put --ignore-scripts during the npm publish process.

It's not possible to reproduce via https://try.gitea.io/ as the demo site seems to not allow publishing of scoped NPM packages at all.

Gitea Version

1.20.2

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

Via docker, but I don't think it's related to the problem as I can publish many other NPM packages without a problem.

Database

PostgreSQL

Originally created by @JoFrMueller on GitHub (Aug 16, 2023). ### Description When I try to publish specific packages with NPM, I get rejected: 2023/08/16 14:40:13 ...s/process/manager.go:188:Add() [T] Start 64dcc3ad: PUT: /api/packages/SomeOrg/npm/@someScope%2fannotations (request) 2023/08/16 14:40:13 ...eb/routing/logger.go:47:func1() [T] router: started PUT /api/packages/SomeOrg/npm/@someScope%2fannotations for <someIP> 2023/08/16 14:40:13 ...vices/auth/oauth2.go:143:Verify() [T] OAuth2 Authorization: Found token for user[5] 2023/08/16 14:40:13 ...vices/auth/oauth2.go:153:Verify() [T] OAuth2 Authorization: Logged in user <User 5:user.name> 2023/08/16 14:40:13 models/repo/repo.go:309:LoadUnits() [T] repo.Units, ID=123, Types: [TypeCode, TypeIssues, TypePullRequests, TypeReleases, TypeWiki] 2023/08/16 14:40:13 ...s/repo_permission.go:139:func1() [T] Permission Loaded for <User 5:user.name> in <Repository 123:SomeOrg/FrontendLibs>: Permissions: {AccessMode:owner Units:[0xc0031f5f80 0xc00353c000 0xc00353c090 0xc00353c150 0xc00353c1b0] UnitsMode:map[]} 2023/08/16 14:40:13 ...ges/helper/helper.go:31:LogAndProcessError() [D] no permission to upload this package While publishing other NPM packages works perfectly fine. These packages were accepted by other NPM registries like Verdaccio in the past. The difference for the packages that fail is that for Verdaccio I had to put --ignore-scripts during the `npm publish` process. It's not possible to reproduce via https://try.gitea.io/ as the demo site seems to not allow publishing of scoped NPM packages at all. ### Gitea Version 1.20.2 ### Can you reproduce the bug on the Gitea demo site? No ### Log Gist _No response_ ### Screenshots _No response_ ### Git Version _No response_ ### Operating System _No response_ ### How are you running Gitea? Via docker, but I don't think it's related to the problem as I can publish many other NPM packages without a problem. ### Database PostgreSQL

GiteaMirror added the topic/packages type/bug labels 2025-11-02 09:38:45 -06:00

GiteaMirror closed this issue

2025-11-02 09:38:45 -06:00

GiteaMirror commented

2025-11-02 09:38:46 -06:00

@KN4CK3R commented on GitHub (Aug 16, 2023):

Is the package you tried public so that I can test it?

@KN4CK3R commented on GitHub (Aug 16, 2023): Is the package you tried public so that I can test it?

GiteaMirror commented

2025-11-02 09:38:46 -06:00

@JoFrMueller commented on GitHub (Aug 16, 2023):

Basically all the stuff was useless - I didn't realize that one has to enable packages per repository.
Because they changed internally the domain at some NPM package, the check for repo related packages was skipped.
So we just had to enable the package feature for the repo the NPM package refers to and then all was good.

It had nothing to do with --ignore-scripts at all.

@JoFrMueller commented on GitHub (Aug 16, 2023): Basically all the stuff was useless - I didn't realize that one has to enable packages per repository. Because they changed internally the domain at some NPM package, the check for repo related packages was skipped. So we just had to enable the package feature for the repo the NPM package refers to and then all was good. It had nothing to do with --ignore-scripts at all.

GiteaMirror commented

2025-11-02 09:38:46 -06:00

@JoFrMueller commented on GitHub (Aug 16, 2023):

I close it.

@JoFrMueller commented on GitHub (Aug 16, 2023): I close it.

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/gitea#11469