1

I've started a new project. I'm using ssh-agent and an ssh key for cloning and updating github. On three different githhub repos, when I run

git clone git@github.com:mygithub/example.git
cd example
npm install

I get the popup:

I did a search and found

But I'm already using a pub/private keypair for github.

Four GitHub login dialog windows popped up, but after I click the X in the login dialog, the npm install keeps running and finishes installing everything (I think).

The last line printed in the npm install before one of the dialog prompts was:

[#####] \ reify:core-js: timing reifyNode:node_modules/es-abstract Completed in 11908ms

What in my package.json is causing the GitHub Signin dialog to popup? How can I track this problem down? Is there a verbose mode for debug logging to show when this dialog is opened?

isherwood
  • 58,414
  • 16
  • 114
  • 157
PatS
  • 8,833
  • 12
  • 57
  • 100

1 Answers1

0

A GitHub login popup is likely coming from a dependencies that is listed in github that is "password" protected (like a private GitHub repo).

The general syntax is https://example.com/some/package/not-published-in-npm.tgz.

Below I give commands to illustrate the reason this happens. In this example, I use a public GitHub repo https://github.com/sindresorhus/is to illustrate the kind of URL that causes the popup (for a private GitHub repo).

The following set of commands allow you to experiment yourself in a safe test directory test-git-popup. The package @sindresorhus/is is installed using it's GitHub location.

mkdir test-git-popup
cd test-git-popup
npm init -y
npm install https://github.com/sindresorhus/is/tarball/v0.14.0
cat package.json
 . . . truncated . . .
  "dependencies": {
    "@sindresorhus/is": "https://github.com/sindresorhus/is/tarball/v0.14.0"
  }

The above should work without a GitHub login popup because the resource is located in a public GitHub repository.

If, however, the GitHub repository were private then a GitHub login popup would occur. That popup looks like this:

In Summary: Public GitHub repositories don't require user's to login to access them but private repositories do require a login.

In my case, the npm package being requested was located in a private GitHub repository.

To illustrate the problem using the browser, open the URL listed (in the package.json file using an incognito browser session.
In my example, the URL would be: https://github.com/sindresorhus/is/tarball/v0.14.0 because of the dependency listed as:

    "@sindresorhus/is": "https://github.com/sindresorhus/is/tarball/v0.14.0"

If, after opening that URL (from an incognito session), if you see a screen that requires you to login, then this is the equivalent to what is happening when npm is trying to access the resource.
Below is the screen I saw when trying to access a resource from a private GitHub repo.

enter image description here

PatS
  • 8,833
  • 12
  • 57
  • 100