Search Unity

Setup for scoped registries (private registries)

Discussion in 'Package Manager' started by rizu, Oct 25, 2018.

  1. rizu

    rizu

    Joined:
    Oct 8, 2013
    Posts:
    1,158
    2018.3.0b7 added following:
    We already got informative post about how to use git from package manager here:
    https://forum.unity.com/threads/syntax-for-git-paths-on-package-manager.573673/#post-3819487

    Any chance to we could also get some brief introduction on how to setup scoped registries (private registries)?
     
  2. okcompute_unity

    okcompute_unity

    Unity Technologies

    Joined:
    Jan 16, 2017
    Posts:
    575
    Hello @rizu,

    Sure. Here it is! :)

    Introduction
    The concept of scopes is borrowed from npm (https://docs.npmjs.com/misc/scope), it allows a subset of packages to be hosted on a registry other than the default.

    Configuration (manifest.json)
    Project manifests (manifest.json) can now contain any number of scoped registry configurations in the scopedRegistries attribute. This new configuration does not supersede the registry attribute or the UPM_REGISTRY environment variable; those will still be used as the default when a package matches none of the configured scopes.

    The scopes attribute of each configuration is an array of strings that can be mapped to a package name in two ways:
    1. As a namespace. This type of configuration assumes that packages follow the Reverse Domain Name Notation (https://en.wikipedia.org/wiki/Reverse_domain_name_notation). In other words, a scope such as com.unity is the equivalent of com.unity.*
    2. As an exact package name match.
    When deciding in which registry a given package should be searched, Package Manager will settle on the scope that is the closest match to the requested package name.

    The snippet below demonstrates how scope selection works:

    Code (JavaScript):
    1. {
    2.   "scopedRegistries": [
    3.     {
    4.       "name": "Main",
    5.       "url": "https://my.company.com/registry",
    6.       "scopes": [
    7.         "com.my-company", "com.my-company.tools.packageX"
    8.       ]
    9.     },
    10.     {
    11.       "name": "Tools",
    12.       "url": "https://my.company.com/tools-registry",
    13.       "scopes": [
    14.         "com.my-company.tools"
    15.       ]
    16.     }
    17.   ],
    18.   "dependencies": {
    19.     "com.unity.cinemachine": "1.0.0",
    20.     "com.unity.2d.common": "1.0.0",
    21.     "com.unity.2d.animation": "1.0.0",
    22.     "com.my-company.package1": "1.0.0"
    23.   }
    24. }
    With the above configuration:
    1. com.my-company.packageA
      . will be fetched from Main because it is in the com.my-company.* namespace.
    2. com.other-namespace.packageX
      will be fetched from Main because its name is an exact match. It also matches com.my-company.tools.* (Tools) but that is less specific.
    3. com.my-company.tools.animation
      will be fetched from Tools because it is in the com.my-company.tools.* namespace. It also matches com.my-company.* (Main) but that is less specific.
    4. com.other-company.packageA
      will be fetched from the default registry because it matches none of the configured scopes.
    Why "scoped" registries?
    It's to ensure determinism when deciding from which registry a package should be fetched. By using scopes, a package will always be mapped to one and only one registry, guaranteeing a consistent result regardless of network conditions.

    Supported Registries type
    Unity Package Manager supports npm protocol based registries. You can use any off the shelves npm registries server and it should work.

    These are the registries that we know should work
    • Verdaccio Probably the easiest server to configure
    Search all package limitation

    Some npm registry server does not support the
    /all 
    route to search all packages (e.g. Artifactory). Displaying scoped registry packages as part of the "All packages" list relies on scoped registries to support the old npm API protocol, which has an HTTP endpoint that returns the metadata of all published packages (eg: https://registry.my-company.com/-/all). When a registry does not support the old protocol, packages from that registry will simply not be displayed in the UI. However, this limitation does not apply to package resolution, so packages from scoped registries can still be manually added to the project manifest.

    Limitations
    • In the Package Manager window, the "All packages" tab will now display and allow you to install packages found in scoped registries. But, they will be mixed with the default Unity registry. There is no differentiation for now. In future releases of the UI, the source and the scope of each package will be made clearly visible.
    Thanks for trying out this feature. Let us know if you have any issues. Look for a production quality release in 2019.1.

    Regards,

    Pascal
     
    Last edited: Mar 28, 2019
  3. M_R

    M_R

    Joined:
    Apr 15, 2015
    Posts:
    461
    Hi,
    how does it work with registries/packages that requires auth? it picks up whatever
    npm login
    you do in the terminal? or requires env variables / cli startup?

    also do you plan to integrate with the unity account management (so it picks the credentials I am logged in unity with)?
     
  4. okcompute_unity

    okcompute_unity

    Unity Technologies

    Joined:
    Jan 16, 2017
    Posts:
    575
    Hi @M_R ,

    The Package Manager does not support authentication for now. Your repository needs to be public. One thing you can do is limit access to people inside your LAN.

    If you have a use case that is common, we could look into adding this feature. Can you expand a little bit more on why you would need auth on a local/private registry?

    Regards,

    Pascal
     
  5. M_R

    M_R

    Joined:
    Apr 15, 2015
    Posts:
    461
    to prevent unwanted access to the packages, the same way we have auth required on bitbucket (ssh, it works btw).
    also we need access at least from:
    - our office
    - our homes (or anywhere we may be, i.e. if we need a urgent hotfix in the weekend)
    - cloud build

    the best pattern would be to link it with our organization for Unity account, so anyone (plus cloud build) can have access without modifying either env or manifest.json.

    for the main registry, I can access private stuff by modifying the manifest, but it feels hacky (and doesn't support multiple users without gitignoring it):
    Code (CSharp):
    1. {
    2.     "registry":"https://blablablabla",
    3.     "always-auth":true,
    4.     "email":"hardcoded@email.com"
    5.     "_auth":"<hardcoded basic auth>"
    6.     "dependencies":{...}
    7. }
     
    Ricky-Tonic likes this.
  6. okcompute_unity

    okcompute_unity

    Unity Technologies

    Joined:
    Jan 16, 2017
    Posts:
    575
    Thank you @M_R for the feedback! Will transfer your request to our product manager to validate priority.

    Regards,

    Pascal
     
  7. Adrian

    Adrian

    Joined:
    Apr 5, 2008
    Posts:
    350
    Easiest would be if Unity supported the standard npm authentication.

    i.e. a user would log in with npm adduser REGISTRY, which updates the .npmrc file in the user's home directory and Unity would pick up those credentials.

    This would mean existing private npm registry setups could be used with Unity without having a separate authentication process.
     
    M_R likes this.
  8. okcompute_unity

    okcompute_unity

    Unity Technologies

    Joined:
    Jan 16, 2017
    Posts:
    575
    Hi @Adrian ,

    I took note of your suggestion.

    Thanks,

    Pascal
     
  9. M_R

    M_R

    Joined:
    Apr 15, 2015
    Posts:
    461
    as @Adrian says, plus the ability for
    npm adduser ...
    in the cloud build
     
  10. okcompute_unity

    okcompute_unity

    Unity Technologies

    Joined:
    Jan 16, 2017
    Posts:
    575
    @M_R I just wanted to give you a follow-up on this feature request. We analyzed it, and it will require a bit of work to provide a good user experience (persist credentials, env vars, login window, etc.). The complexity is a bit greater than I would have anticipated. I hope we can implement this feature sometime in 2019. We have a couple of higher priority issues to address in our backlog before attacking this one. As for your request to support Unity auth on scoped registries, it is not something we have in our roadmap. Sorry.

    @Adrian Even though Package Manager is compatible with *npm* web API, it is not the same technology underneath (e.g. we don't share the same configuration scheme for scoped registries)

    Regards,

    Pascal
     
  11. dzamani

    dzamani

    Joined:
    Feb 25, 2014
    Posts:
    89
    Hi @okcompute_unity,

    I was wondering if you could ask about another way to do auth with packages. The idea would be to have a callback everytime the package manager try to access scoped registries. That callback would be called for each scoped registry and should return a boolean saying if it has access or not to it.

    Something like this:
    Code (CSharp):
    1. bool HasAccessToRegistry(string registryUrl)
    2. {
    3.     var authToken = FetchToken();
    4.     if (registryUrl == "someurl" && authToken.IsValid())
    5.         return true;
    6.     return false;
    7. }
    The FetchToken would be something the user will develop.

    Now I know the management of the registry isn't done at the package level but somewhere in the engine (if I'm not wrong) so having that callback may not be that easy based on your architecture but that would be perfect for us to do what we want about these registries.

    Auth is the main reason why we can't have public registries since we can't share our code but having LAN only packages is preventing us from remote working (well not absolute prevention but still it's very painful to grab each package manually from their git repo when you are at home).

    Anyway if you could ask about the feasibility of this solution, that would be great, thanks!
     
  12. okcompute_unity

    okcompute_unity

    Unity Technologies

    Joined:
    Jan 16, 2017
    Posts:
    575
    Hi @dzamani ,

    Thank you for your suggestion. We have a well-defined plan to implement this feature. This is only a matter of prioritization. If you have an enterprise support account, you can contact your assigned account manager to express the value for your company to make this feature available sooner.

    Regards,

    Pascal
     
    dzamani likes this.
  13. nhold

    nhold

    Joined:
    May 2, 2017
    Posts:
    50
    Will there\could there be support for just a git repository representing a registry? I do this method with my custom package manager and it makes it really easy for anyone to make one.
     
  14. okcompute_unity

    okcompute_unity

    Unity Technologies

    Joined:
    Jan 16, 2017
    Posts:
    575
    @nhold Can you expand a bit more on your setup? Do you have examples? Or a public repository that you can share?

    Thank you!

    Pascal
     
  15. nhold

    nhold

    Joined:
    May 2, 2017
    Posts:
    50
    Obviously my setup will be a lot simpler but you can see the repo for the package manager itself here:

    https://github.com/nhold/ubPackageManager

    Essentially the idea is a 'registry' is just a git repo with lots of `Package Definition Files` which is defined as:

    Code (JavaScript):
    1. {
    2.     "name": "ubGridArray",
    3.     "versions": [{
    4.         "version": "1",
    5.         "branch": "version-1"
    6.     }],
    7.     "description": "1D array as 2D array.",
    8.     "location": "https://someurl/ubgridarray.git",
    9.     "parentDir": "Bifrost",
    10.     "childDir": "ubgridarray/Assets/Plugins/ubGridArray"
    11.      "dependencies": [
    12.         "ubConfig"
    13.     ]
    14. }
    So to read from the registry you just pull\clone it and read the json files to populate the data.
     
  16. okcompute_unity

    okcompute_unity

    Unity Technologies

    Joined:
    Jan 16, 2017
    Posts:
    575
    Interesting. We have no plan to support such a feature. I just don't want to give you false hope. But will see. If hosting out of the shelve npm registries turns out to be too hard/complex for people, we could consider this alternative approach.

    Btw, were you aware that the Unity Package Manager supports Git URLs project dependencies? https://forum.unity.com/threads/git-support-on-package-manager.573673/

    Thanks a lot for sharing. This gives me another perspective :)

    Regards,

    Pascal
     
    nhold likes this.
  17. dtaTrifork

    dtaTrifork

    Joined:
    Aug 21, 2017
    Posts:
    3
    What are the rules about version matching within scoped registries?

    Traditionally we would base rules on the NPM protocol found here: https://docs.npmjs.com/files/package.json

    Suppose you have the following packages:
    - A in versions 1.0.3, and 1.2.0
    - B depends on A version 1.0.3
    - C depends on A version 1.2.0

    Is this something we can expect the package manager to be able to handle and correctly isolate? As far as my testing illustrates the package manager will default to the highest versioned dependency.

    Finally, the dependency on package A seems to be a hidden package within the `Library/PackageCache` along with the remaining packages. But said dependency will not be illustrated within unity.
     
  18. okcompute_unity

    okcompute_unity

    Unity Technologies

    Joined:
    Jan 16, 2017
    Posts:
    575
    Hi @dtaTrifork ,

    The package manager conflict resolution algorithm will always choose the highest version number requested unless the package is a root dependency (i.e. you explicitly added the package to your project). We are working on documenting the conflict resolution algorithm. Coming soon.

    The Package Manager UI does not show transitive dependencies. This is something we have on our roadmap.

    Regards,

    Pascal
     
    technicat likes this.
  19. giacomohomunculus

    giacomohomunculus

    Joined:
    Oct 3, 2018
    Posts:
    14
    Hi,
    I am setting up Unity Package Manager to work with a private npm registry.
    I am getting an error:

    An error occurred while resolving packages:
    Project has invalid dependencies:
    mypackage: self signed certificate in certificate chain

    I can pull the package from the registry using NPM fine, how can I specify the cafile for the Unity package manager?
     
  20. okcompute_unity

    okcompute_unity

    Unity Technologies

    Joined:
    Jan 16, 2017
    Posts:
    575
    MNNoxMortem and technicat like this.
  21. astorms

    astorms

    Joined:
    Jan 31, 2018
    Posts:
    26
    Hi @okcompute_unity,

    I would love to see standard .npmrc authentication support as well. That would allow our organization to connect to an Azure Artifacts NPM feed, which can only be connected to with credentials.
     
    M_R, oatsbarley and okcompute_unity like this.
  22. benoitv_unity

    benoitv_unity

    Unity Technologies

    Joined:
    Aug 3, 2017
    Posts:
    40
    Hi @astorms,

    We will support authentication in the future although it will most likely not be based on npmrc. Unfortunately, I can't give you an ETA at this point.

    Regards,
    Benoit
     
  23. bdovaz

    bdovaz

    Joined:
    Dec 10, 2011
    Posts:
    673
    @okcompute_unity @benoitv_unity I have a question about versioning format.

    Suppose I have two packages:

    Package A: 1.0.0
    Package B: 1.0.0

    "Package B" has a dependency on "Package A" on version "1.0.0".

    1. I set in my project "manifest.json" a dependency on "Package B -> 1.0.0".
    2. I make an update to my "Package A" and set a "2.0.0" version.
    3. I add to my project "manifest.json" a dependency on "Package A -> 2.0.0".
    4. What dependency is getting my "Package B" now? "1.0.0" or "2.0.0"?

    Also I want to know if it's possible to have dependencies on this format: https://docs.npmjs.com/files/package.json#dependencies

    I tested ">=1.0.0" and I got the following error: Version is invalid. Expected a 'semver' compatible version
     
  24. okcompute_unity

    okcompute_unity

    Unity Technologies

    Joined:
    Jan 16, 2017
    Posts:
    575
  25. bdovaz

    bdovaz

    Joined:
    Dec 10, 2011
    Posts:
    673
    No problem.

    Ok, thanks.

    It would be nice to document that as it's a confusing concept.

    Ok, thanks.
     
  26. MartijnGG

    MartijnGG

    Joined:
    May 3, 2018
    Posts:
    57
    I've setup a local NPM registery to try this out, but have been running into some local iteration workflow issues.
    Say I have `com.company.test` published at `0.0.1`, and a unity test project that has this as a dependency in its manifest using the scoped registery.
    I now want to make some changes to my package, and see these changes in my unity test project. This requires me to up the version in the package.json, the manifest json, and republish the package. Is there an easier way to do this?
    I could use `file:` to directly use the package, but this would require me to change it back to a version if I ever want to test my project and package in CI, or publish it for the public.

    So advise is greatly appreciated.
     
  27. okcompute_unity

    okcompute_unity

    Unity Technologies

    Joined:
    Jan 16, 2017
    Posts:
    575
    Hi @MartijnGG ,

    It depends a lot on your setup. What VCS are you using? Git? If yes, you could temporarily clone the repo under the
    Packages/
    folder. You could create an OS symlink in the
    Packages/
    folder to point to the package development folder. You could use the local package feature (`file:`) as you stated.

    There is a couple of ways.

    Pascal
     
  28. MartijnGG

    MartijnGG

    Joined:
    May 3, 2018
    Posts:
    57
    I will give the symlinking method a try and see how this goes. How does the unity team work with this for packages currently developed?

    If the manifest contains a package defined by a version (not a
    file:
    ) but exists in the local
    Packages
    folder, does it use the local copy instead?
     
  29. okcompute_unity

    okcompute_unity

    Unity Technologies

    Joined:
    Jan 16, 2017
    Posts:
    575
    @MartijnGG Yes, packages under the
    Packages/
    folder (we call this feature embedded packages) override any version defined in
    manifest.json
    . So, the local copy is used instead.

    Unity developers have different workflows. It depends on the team. Some have lots of packages (e.g. DOTS team) needing to be worked at the same time. Some have just one package. From my understanding, the local package feature (
    file:
    ) is extensively used when in development.

    Regards,

    Pascal
     
  30. msandrof

    msandrof

    Joined:
    Mar 18, 2019
    Posts:
    3
    I've been struggling to get Artifactory to work with the Unity package manager. I can create npm repos and successfully publish to them with npm. However there doesn't appear to be any artifactory-recommended URL that works in the scopedRegistries section of the manifest.json. I also noticed that Artifactory doesn't appear to support "/all". Could you explain how you have configured Artifactory internally at Unity and what is the recommended URL to use in the manifest.json? We're running Artifactory Pro 6.8.7 and the most current (as of this writing) version of Unity.
     
  31. okcompute_unity

    okcompute_unity

    Unity Technologies

    Joined:
    Jan 16, 2017
    Posts:
    575
    Hi @msandrof ,

    You made me realized that our post is wrong. We use Artifactory internally but not for scopedRegistries. As you noticed, Artifactory doesn't support the
    /all
    path. I have updated the post. Really sorry about this!

    That said, scopedRegistries should still work. The
    /all
    path is used for listing packages. It means that you won't see your company packages in the All tab. But, it does not prevent packages to be manually added to the project. Admitting though this not the optimal UX!

    As far as what URL to setup, it depends a lot on your infrastructure. You can check the *Set Me Up* page in the Artifactory repo dashboard. Mine looks like this:
    https://<hostname>/api/npm/<registry-name>
    .

    Pascal
     
  32. msandrof

    msandrof

    Joined:
    Mar 18, 2019
    Posts:
    3
    Thanks for the reply. Any chance you'll be changing the Package Manager to better support Artifactory and listing packages? We use artifactory but want to have a good user experience when adding/updating packages, so for now we will deploy verdaccio which I've been testing with. But not what you would call optimal.

    Another question/problem. When I update my package in verdaccio, the Package Manager correctly shows that a new version is available. However, when I update, it doesn't always recompile the scripts. It seems to do it if I've not updated for some time (like first update in the morning), but if I do it too frequently, it just says it have updated but the scripts are not compiled. My npm package includes meta files with guids and timeCreated fields (which are updated appropriately). Any help would be greatly appreciated.
     
  33. okcompute_unity

    okcompute_unity

    Unity Technologies

    Joined:
    Jan 16, 2017
    Posts:
    575
    @msandrof

    This was not in our plan and have a lot of higher priority features to implement before. I'll bump the *user requested this feature* count by 1 though and let our PM know :)

    Oh, I think I know what the issue is. We've noticed lately that *npm* CLI v 6.x.x and up now set the modification date of all files inside the tarball to
    Oct, 26th, 1985
    (yes, Marthy Macfly return date! :) ). This is a problem for the Unity Asset Database. Since the modification date is the same when you update a package, the asset database thinks the content has not changed and does not re-import. We made a fix on our end but it will only available starting in 2019.1. Can you confirm that you are using *npm CLI 6.x.x* to publish packages? If so, can you use *npm 5.x.x CLI* for now?

    Regards,

    Pascal
     
  34. msandrof

    msandrof

    Joined:
    Mar 18, 2019
    Posts:
    3
    Yes, we're using npm 6.7.0. We should be able to use the older version, thanks for the tip! Also, thanks for the +1 for the package manager artifactory feature!
     
    okcompute_unity likes this.
  35. jan-bajana

    jan-bajana

    Joined:
    Nov 14, 2013
    Posts:
    8
    About Scoped Packages,
    Following documentation from NPM the scoped package has to have a name in this way:
    https://docs.npmjs.com/creating-and-publishing-an-org-scoped-package
    So in package.json
    "name": "@com.vos.test/com.vos.test.packagethree"


    But Unity is not able to load Scoped packages in this way even I link them locally. Why is that?
    Error message:

    Code (CSharp):
    1. An error occurred while resolving packages:
    2.   Project has invalid dependencies:
    3.     com.vos.test.packagethree: Package [com.vos.test.packagethree@1.0.0] cannot be found
     
  36. okcompute_unity

    okcompute_unity

    Unity Technologies

    Joined:
    Jan 16, 2017
    Posts:
    575
    @jan-bajana Unity Package Manager does not support npm scope registries. Unity Package Manager is not npm. We are re-using the same backend technology because we would have written a similar backend API anyway. Bonus, there was also tons of OSS implementation and providers options available for users to host their own registries.

    See our scoped registries implementation documentation on the first post of this thread.

    Regards,

    Pascal
     
  37. jan-bajana

    jan-bajana

    Joined:
    Nov 14, 2013
    Posts:
    8
    @okcompute_unity Ok, I see. Thank you for the fast answer.
    It is working if I do not use npm scope registries.
    But functionality with npm `npmjs` standard registry should be granted?
     
    okcompute_unity likes this.
  38. okcompute_unity

    okcompute_unity

    Unity Technologies

    Joined:
    Jan 16, 2017
    Posts:
    575
  39. Fabien-LG

    Fabien-LG

    Joined:
    Mar 9, 2013
    Posts:
    14
    I will put this here if anyone has the same issue as we had:

    In versions < 2018.3, we were using the following parameters to authenticate:
    Code (csharp):
    1.  
    2. "registry": "http://the-registry-url/",
    3. "email": "the-email",
    4. "always-auth": true,
    5. "_auth":"the-auth"
    6.  
    This does not work anymore in newer version *but* using
    Code (csharp):
    1. registry": "http://user:password@the-registry-url/"
    *does* work.
     
  40. okcompute_unity

    okcompute_unity

    Unity Technologies

    Joined:
    Jan 16, 2017
    Posts:
    575
    Hi @Fabien-LG ,

    You were using an unsupported/undocumented feature and have been affected by an internal refactoring. We use to rely on *npm* library internally. This is not the case anymore. Your alternative should work and continue to work since it is part of the HTTP standard :)

    Regards,

    Pascal
     
  41. 3pns

    3pns

    Joined:
    Sep 5, 2014
    Posts:
    4
    Still no date for support for password protected private registries ? I have to use the import from folder feature for now to manually import my packages, a little bit bothersome although it is a huge up upgrade compared to no dependency management system, happy to see Unity also think about developers as well.
    Also excited about the extra CLI commands that will come during the year, those features made me reconsider quitting unity, please keep up the good work !
     
  42. okcompute_unity

    okcompute_unity

    Unity Technologies

    Joined:
    Jan 16, 2017
    Posts:
    575
    I'm sorry. This is not something that we can manage to ship in 2019.x timeline. Expect this feature in 2020.x release cycle

    This is also planned for next year. Sorry.

    Thank you! Will do. Hope the introduced delays in providing the expected features won't change your view :)

    Regards,

    Pascal
     
  43. JJJohan

    JJJohan

    Joined:
    Mar 18, 2016
    Posts:
    204
    I'm curious if this approach still works for Unity 2018.4 or newer. My team would like to stay on the 2018.4 LTS and we were looking at having credentials embedded via the http://user:password@the-registry-url/ approach, however I'm finding it doesn't seem to consistently pass the credentials through. It'll correctly list the packages, but fail to actually pull it down (if it's not already cached on disk). This is using Verdaccio as the back-end, I can see in the logs that the user-password is only forwarded on some of the requests.

    Since we have several offices globally it would be preferable if we can have a public package registry e.g. setup with Verdaccio but it absolutely needs authentication. I've tried to go as far as patching the managed package manager DLLs at runtime to pass in an 'Authorisation' HTTP header for JWT tokens but unfortunately the requests are done via a native binary which isn't something we can easily patch in memory.

    We're really quite keen to use the package manager but we may have to look at using a Nuget alternative due to this limitation.

    Edit:

    Currently investigating using some sort of proxy via AWS to handle authentication, don't want to give up yet as I personally do really like the idea of the built-in package manager!
     
    Last edited: May 29, 2019
    adam_helios and Claytonious like this.
  44. okcompute_unity

    okcompute_unity

    Unity Technologies

    Joined:
    Jan 16, 2017
    Posts:
    575
    @jjohan I'm really sorry to read this limitation prevents you to move forward using the Package Manager :(. Adding auth support for scoped registries is high in our priority list. This is planned for a 2020.1 release. But let me check if we can backport this in 2018.4/2019.4

    Regards,

    Pascal.
     
    ABorodin, Claytonious and dzamani like this.
  45. M_R

    M_R

    Joined:
    Apr 15, 2015
    Posts:
    461
    +1 :D

    edit: i did some tests with a local registry (verdaccio), and these are the requests it makes:

    when opening the window:
    Code (CSharp):
    1. http <-- 200, user: <user>(127.0.0.1), req: 'GET /-/all', bytes: 0/526
    2. http <-- 200, user: <user>(127.0.0.1), req: 'GET /com.xxx.test', bytes: 0/2497
    3. http <-- 200, user: <user>(127.0.0.1), req: 'GET /com.xxx.test2', bytes: 0/1116
    4. http <-- 200, user: <user>(127.0.0.1), req: 'GET /com.xxx.test', bytes: 0/2497
    5. http <-- 200, user: <user>(127.0.0.1), req: 'GET /com.xxx.test2', bytes: 0/1116
    6. http <-- 401, user: null(127.0.0.1), req: 'HEAD /com.xxx.test/-/com.xxx.test-3.0.0.tgz', error: authorization required to access package com.xxx.test
    when trying to upgrade a package:
    Code (csharp):
    1. http <-- 401, user: null(127.0.0.1), req: 'GET /com.xxx.test/-/com.whatwapp.test-3.0.0.tgz', error: authorization required to access package com.xxx.test
    the HEAD and GET request for the package archive are not authenticated

    (I had version 1.0.0 cached, so it didn't trigger any server requests)

    I hope at least this can be fixed soon
     
    Last edited: May 29, 2019
  46. weiping-toh

    weiping-toh

    Joined:
    Sep 8, 2015
    Posts:
    43
    I can't get the packages on my registry to show up on the UI. But I have managed to manually validate the json response for /-/all using curl. May I know what tags/keys that the UI uses to filter packages?
     
  47. adam_helios

    adam_helios

    Joined:
    Jan 24, 2018
    Posts:
    1
    @okcompute_unity, I just want to add my voice to the calls for auth support. I've gone the verdaccio route setting up a scoped registry, and we're really excited to start setting up our own internal packages. We just can't have them public. :(
     
    Last edited: Jul 3, 2019
    fherbst and mgiliazov like this.
  48. bdovaz

    bdovaz

    Joined:
    Dec 10, 2011
    Posts:
    673
    +1

    Same problem here.
     
    fherbst, mgiliazov and adam_helios like this.
  49. Martin_Gonzalez

    Martin_Gonzalez

    Joined:
    Mar 25, 2012
    Posts:
    281
    Hi! I've a verdaccio running in docker locally just to test this but I guess I'm missing something.
    I have this in my manifest.json

    Code (CSharp):
    1. "scopedRegistries": [
    2.     {
    3.       "name": "MyModules",
    4.       "url": "http://0.0.0.0:4873/",
    5.       "scopes": [
    6.         "@etermax"
    7.       ]
    8.     }
    9.   ]
    And I've a published package called @etermax/protoz-core and I cannot see it in the package manager.
    If I enter to http://0.0.0.0:4873/ I can see the package and doing http://0.0.0.0:4873/-/all can see all my packages (in this case only one)
     
  50. okcompute_unity

    okcompute_unity

    Unity Technologies

    Joined:
    Jan 16, 2017
    Posts:
    575
    Hi @Martin_Gonzalez ,

    Looks like you have set up your scoped registry *à la npm*. Upm scoped registries are not configured the same way. First, you need to use reverse domain name notation to name your name (ex: com.gonzalez.etermax) See the documentation about naming your package here: https://docs.unity3d.com/Manual/cus-naming.html

    Then, you can set a scope on your domain like this:

    Code (JavaScript):
    1. "scopedRegistries": [
    2.     {
    3.       "name": "MyModules",
    4.       "url": "http://0.0.0.0:4873/",
    5.       "scopes": [
    6.         "com.gonzalez"
    7.       ]
    8.     }
    9.   ]
    See the scoped registries documentation here for more detail: https://docs.unity3d.com/Manual/upm-scoped.html

    Regards,

    Pascal