I have a very strange problem I cannot seem to get my head around…
We use a private registry in the Azure Artifacts to also distribute private npm packages. My Azure Pipeline is using the npmAuthenticate Task to authenticate against this feed. The feed information is placed inside a project’s .npmrc file.
The feed permisssions show the project as contributor role:
User/Group: [ProjectName]Contributor - Role: Contributor
Randomly the build fails on the npm ci
step with this error message:
#17 132.8 npm ERR! code E401
#17 132.8 npm ERR! Incorrect or missing password.
With diagnostic output I see errors for differing packages. Across pipeline runs however, the packages with 401 errors vary. Also not all packages are affected. Most of them can be loaded just fine.
#17 55.03 npm http fetch GET 401 https://***/***/_packaging/***/npm/registry/resolve-from/-/resolve-from-4.0.0.tgz 50860ms attempt #2 (cache skip)
What we changed recently
- We upgraded fom Node 16.14.0 to 20.12.1 including npm 10.5.0
What I tried already
- I placed my own token inside the project’s .npmrc file.
- Verified that it is failing and succeeding on the same build agent.
- I tried running with the previous node version (16.14.0) where npm ci succeeds.
- I tried using node 18.20 with the same outcome
- I searched the web for anything known regarding Node versions 18 and 20 having problems in this regard but to no avail.
- Apparently it is working with Node
18.18
but not above.
Excerpt from the pipeline and Docker files
Pipeline:
[...]
- task: npmAuthenticate@0
inputs:
workingFile: .npmrc
displayName: 'NPM Auth'
- bash: |
docker build -f ./deployment/ci.Dockerfile -t $(projectName):$(Build.SourceVersion) .
displayName: 'CI build docker image'
[...]
ci.Dockerfile:
FROM node:20.12 AS builder
RUN apt-get update &&
apt-get install -y chromium &&
wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-5.0.1.3006-linux.zip -O ~/sonar.zip &&
unzip ~/sonar.zip -d /opt/sonar &&
rm ~/sonar.zip
ENV CHROME_BIN=/usr/bin/chromium PATH="/opt/sonar/sonar-scanner-5.0.1.3006-linux/bin:${PATH}"
WORKDIR /build
COPY package.json /build
COPY package-lock.json /build
COPY .npmrc /build
COPY sonar.properties /build
RUN npm -d ci # <-- It fails here. Usually run without -d.
COPY . /build
RUN npm run build:ci
[...]
2
Answers
I tried your task and with same Dockerfile, it’s always working on my side. As your pipeline is intermittently failed when same source code and same agent used. The difference between my pipeline and yours is the two packages json content and agent, please:
I was experiencing a similar problem with azure devops server after moving to node 18.20/npm 10.5.0. Some builds that worked without issue with earlier versions of node and npm failed partway through an
npm ci
with authentication errors after switching to npm 18.20 or higher.The issue seems to be that npm 10.5 is tripping a usage limit in azure artifacts and the requests are being throttled. You can see if this is happening by looking at the azure devops usage details, looking for the npm requests, and checking if any have a status other than zero or mention a "Circuit Breaker" error. The error message I found was –
My short term solution is to limit the number of sockets that npm could use
npm ci --maxsockets 1
which allowed the command to complete without errors.