ERROR: unexpected registry response! {}

[danmactough]

I installed wombat as recommended: npm install -g wombat. Then to test it, ran wombat whoami and got that error:

whoami ERROR:unexpected registry response! {}

node: v4.4.5
npm: v2.15.5 & v3.9.5

FWIW, I'm also seeing intermittent 500 errors from the registry, so maybe not specifically a wombat problem:

⇰ npm whoami
npm info it worked if it ends with ok
npm info using [email protected]
npm info using [email protected]
npm info attempt registry request try #1 at 3:41:58 PM
npm http request GET https://registry.npmjs.org/-/whoami
npm http 500 https://registry.npmjs.org/-/whoami
npm info retry will retry, error on last attempt: Error: Registry returned 500 for GET on https://registry.npmjs.org/-/whoami
npm info attempt registry request try #2 at 3:42:39 PM
npm http request GET https://registry.npmjs.org/-/whoami
npm http 200 https://registry.npmjs.org/-/whoami
danmactough
npm info ok

[soldair]

we had a failing authorization service on a single host yesterday. i believe this is the issue you ran into and it is resolved. would you mind testing again today?

a side note.. wombat-cli calls whoami before every command and it probably shouldn't

[danmactough]

Still seeing the same behavior (no more 500s, though).

[ 9:14:52] ~
⇰ wombat whoami
whoami ERROR: unexpected registry response! {}
[ 9:15:02] ~
⇰ wombat hook ls
hook ls ERROR: 401 {"message":"not authorized"}
[ 9:15:11] ~
⇰ npm whoami
npm info it worked if it ends with ok
npm info using [email protected]
npm info using [email protected]
npm info attempt registry request try #1 at 9:15:22 AM
npm http request GET https://registry.npmjs.org/-/whoami
npm http 200 https://registry.npmjs.org/-/whoami
danmactough
npm info ok

[soldair]

great. run wombat login or npm login and you should be good to go.

there may be some account issue which ill be happy to look into. is your github username the same as your npm one?

[soldair]

so happy you are trying hooks by the way! if you have any issues with them or thoughts please post them on https://github.com/npm/registry/issues . happy to answer any questions =)

[danmactough]

Yup. Same user name.

And that worked (but kind of doesn't work for me in practical usage, which I'll explain). So, here's the refined bug report/feature request:

Wombat should interpret environment variables in npmrc files.

I have an ~/.npmrc file that contains my npm auth token by reference to an environment variable (in other words, //registry.npmjs.org/:_authToken=${NPM_TOKEN}). (When I ran wombat login, it replaced the environment variable with the actual token.)

This is a "problem" because my company's private repos also each have an npmrc in the project root that follows the same pattern: the auth token is included by reference to an environment variable. We do this because only certain users are permitted to have access to our npm organization's admin user (for security reasons), and this is how we switch identities -- by default, we are ourselves, but when we need to be the admin (currently, to manage access, for example, but wombat hook management would need this access, too), we override the auth token with an environment variable to become the admin. (And, to be honest, in our specific case, "we" means "me", but that could change.)

This pattern works just fine with npm, and I expect wombat to work the same way.

As an aside, the hooks feature is 🎉 💯 🎊 ! Great start!

Our current use case is a hook on our organization that pings AWS API Gateway, which triggers an AWS Lambda function, which, if the event is a "package:publish" event, grants read-only access to the newly published package to our "deployers" npm team (which is contains a specific, non-person user whose credentials are used on CircleCI test, build, and deploy our apps).

This should solve a major pain point. Previously, any time one of our engineers published a private npm package, they were confused when their builds would start failing. This was particularly painful because that stage of development -- since you've just published a new private package, you've probably just refactored something and expecting breakage.

[soldair]

hmmmm. i see. this is a bug for sure.thank you!
yeah we see this npmrc env pattern a lot for private modules users. =)

that is so cool. thank you so much for sharing your workflow!

i have one bug in the event identification im not sure you've noticed. but the first time a package is published ever. the event type is package:change. i have a patch landing soon for this.

also. more difficult to resolve but less of a problem.. the first time a package is changed after the very first hook for it is added the event is always package:change. This is an implementation detail because i dont have a previous version of the document in cache to diff to generate the change type.

if the first is solved your workflow should be really solid. to work around any potential issues from the second one you can npm star any modules to make sure they have fired at least one change. =/ ill probably trigger a hook-added change automatically when a hook is added to fix the bug in the future.

[danmactough]

i have one bug in the event identification im not sure you've noticed. but the first time a package is published ever. the event type is package:change. i have a patch landing soon for this.

😭 Well, eventually we'll get this workflow nailed down. I didn't expect this to be perfect. It's important, though. I think the ability to manage team access by rule (rather than requiring an individual grant for each package) is pretty core to private npm/organizations usage, so I'm hoping this is a stop-gap until npm allows me to just configure this in our organization's settings. (Not that github is any better, tbh, but it would be great to solve the problem instead of expanding it.)

Is there a issue I can track for that bug?

[soldair]

just made on npm/registry#25
in the mean time you can also try to add the user on package:change also it should be idempotent right?

[danmactough]

it should be idempotent right?

ah yes, good point. thanks!

[danmactough]

@soldair fyi rexxars/registry-auth-token#2

[czardoz]

I am seeing the same issue here:

aniket [~] -> wombat whoami
whoami ERROR: unexpected registry response! {}
aniket [~] -> npm whoami
czardoz

Logged in on NPM, but not on wombat.

[soldair]

Thanks for the ping. I'll see if i can get that pulled in today.

[czardoz]

@soldair If it helps, 1.0.2 seems to be working correctly:

aniket [~] -> wombat whoami
czardoz
aniket [~] -> wombat --version
1.0.2
aniket [~] ->