Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-26700

NPM audit throws 403 when user doesn't have permissions to all the repositories in a virtual repository

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed
    • Resolution: Deferred
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: NPM
    • Labels:

      Description

      Feature description: The user should have read permissions to all repositories that exist in a virtual repository while performing the NPM audit request.

       

      Steps to reproduce:

      1. Create local, remote and virtual npm repos.
      2. Create a user, grant it permissions for remote, but not for the local.
      3. Configure npm client to work with the virtual repo.
      4. Create a sample npm project, by running 'npm init -y'
      5. Run 'npm install' to create the package-lock.json file, needed for the audit command
      6. Run 'npm audit'

      What is the expected behavior: Need to assign read permissions for all repositories that exist under the virtual repository.

       

      Possible workaround:

      1. Grant the user with the read permissions to all the other repositories aggregated in the virtual repository and then try running the npm audit command again.

      2. Create a new virtual repository that aggregates only the repositories for which user has the access to the virtual repository, configure the NPM client to point to the newly created virtual repository, and then execute the npm audit.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            pavang Pavan Gonugunta
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: