Getting GSAP bad authorization error when trying to build website with Netlify

[scuba_d]

Hi folks,

A few months ago, I joined a company where I, along with another developer, took on the responsibility of maintaining their website, which heavily relies on GSAP for animations. However, that other developer has since left the team, and I've been encountering an issue when attempting to build the website using Netlify. The error message I'm getting reads as follows:

npm ERR! code E403
npm ERR! 403 403 Forbidden - GET https://npm.greensock.com/@gsap%2fbusiness - bad authorization header. Please login again
npm ERR! 403 In most cases, you or one of your dependencies are requesting
npm ERR! 403 a package version that is forbidden by your security policy, or
npm ERR! 403 on a server you do not have access to.

It seems like the build is failing due to authorization problems related to GSAP. I suspect this might be linked to the other developer using credentials that are no longer valid since his accounts were deactivated. Regardless of this being the case, could someone please advise me on what steps I should take to resolve this issue and ensure that everything runs smoothly again? I should mention that I'm not a highly experienced developer, so your assistance (and patience!) would be greatly appreciated.

[Rodrigo]

Hi @scuba_d and welcome to the GSAP forums!

 

You should as your company to pass along the required information (Privjs Token) that they can find in their account dashboard) so you can install the bonus plugins in the project.

 

For deploying to Netlify you should follow the instructions in this guide:

https://gsap.com/docs/v3/Installation/guides/Club GSAP & Netlify

 

Although if they have some sort of CI/CD flow/pipeline, the deploys should be working automatically on Netlify after you push your latest changes to your repo, so I'm going to guess and assume that you're seeing this issue when trying to run the project locally on your machine?

 

Happy Tweening!

[scuba_d]

Hey @Rodrigo! Thank you so much for getting back to me on this! I checked my .npmrc file and there is indeed a token there, as shown in the picture below (I've just hidden it under the red line). However, I've just checked with company's IT team and they know nothing about us having a Greensock/GSAP account - so I'm starting to think that this token was under the account of the developer who's left us.

 

Do you think that could be what's been causing this? And, if that's the case, how could solve it? And do I even need a token if I'm on the free plan because my company's website doesn't need a commercial licence?

 

Thank you so much once again!

[mvaneijgen]

15 minutes ago, scuba_d said:

so I'm starting to think that this token was under the account of the developer who's left us.

That seems very plausible!

 

15 minutes ago, scuba_d said:

how could solve it?

Register as a Club member (we would love to have your support 🎉) and replace the token with the one you get when you sign up. 

 

15 minutes ago, scuba_d said:

And do I even need a token if I'm on the free plan because my company's website doesn't need a commercial licence?

If you don't need the bonus plugins and/or your client doesn't need a license, check the following page to make sure: https://gsap.com/licensing/

 

If that isn't the case and you don't want the (very useful) bonus plugins you'll need to check your `package.json` and uninstall `gsap@npm:@gsap/...` (at the dots... could either be plus, premium or business, depending the the license the original developer had) and follow the installation for the install via https://gsap.com/docs/v3/Installation/

 

Hope it helps and happy tweening! 

[scuba_d]

Hey @mvaneijgen, thank you so much for your help and quick reply! I'd like to keep what the project currently has - is there a way to check what this is by checking my files / run a command line? 😅

[mvaneijgen]

You could search in your project for `gsap.registerPlugin` and check which plugins are being loaded. On the https://gsap.com/docs/v3/Installation/ page you can easily see which once are "free" and which once fall under the "club" membership.

[scuba_d]

Thank you once again, @mvaneijgen! I confirm my company's website is using two plugins that fall under the Club membership. Given that, from what I read, we don't need a commercial licence, what would the step-by-step be to ensure the project keeps what it currently has but under a new licence?

 

Thank you! 🙏

 

Mariana

[mvaneijgen]

Check the following page https://gsap.com/pricing/ and fill in the interactive form, you can check the  "Club GSAP Overview" section which has a nice overview of which plugins fall under what tier. 

 

When you sign up the installation page (https://gsap.com/docs/v3/Installation/) will show you your authToken and this you can just drop in to your .npmrc file (the one your made a screenshot of) and everything will work as it should. 

[scuba_d]

@mvaneijgen, but if I need to get access to the SplitText plugin and the DrawSVG plugin (both under "club" and on which my company's website relies), I'd need to pay for membership, is that it? If so, how can I know the plan within which they fall under? Because by checking this page there doesn't seem to be a way to know that. Thank you!

 

[mvaneijgen]

2 minutes ago, scuba_d said:

but if I need to get access to the SplitText plugin and the DrawSVG plugin (both under "club" and on which my company's website relies), I'd need to pay for membership, is that it?

Yes!

3 minutes ago, scuba_d said:

If so, how can I know the plan within which they fall under? Because by checking this page there doesn't seem to be a way to know that. Thank you!

If you scroll down, you'll see Club GSAP Overview" section which has a nice overview of which plugins fall under what tier. 

 

[Rodrigo]

Hi,

 

As I mentioned in my previous post, you should ask the company for the token they purchased. For the error in your first post on this thread, it looks like the installation you're trying to run is trying to install the business package. So you should first talk to the company and find out who bought the original license the company or the developer that left. If the company did, then ask them for the token, probably they changed it once the other developer left, so that means the company has an GSAP account.

 

Also the structure of the .npmrc should look like this:

always-auth=true
@gsap:registry=https://npm.greensock.com
//npm.greensock.com/:_authToken=your-token-here

 

Happy Tweening!

[scuba_d]

Thank you so much, @Rodrigo! My company has already confirmed they know nothing about a GSAP license, but I find it strange that the developer who left might have bought it under his name... Anyway, I already reached out to him asking him that, so let's see if he gets to me.

In the meantime, I'll try changing the structure of the .mpmrc file to what you've just sent me, while including the token I have at the moment (although it had been working fine up until recently with the previous structure).

Shall I run any sort of command after changing the content of said file?

Thank you!

[Rodrigo]

Hi,

 

Yeah in that case the license is personal of that developer and probably the developer changed the token. That means that you should get your own license, probably include the full price or half in the costs of the project you're working with the company. Like that your license will be paid in one or two projects and after that is all profits for you!

 

If you have any questions related to the license, feel free to ask or contact us via DM or using our contact form.

 

Happy Tweening!

[scuba_d]

Got it, @Rodrigothank you once again! I'm currently trying to figure out who bought our former licence in the first place, which will most likely be followed by my company ending up buying a new (Business) one, that I'll be implementing myself. If that ends up being the case, apart from replacing the token, do I need to delete the gsap files I currently have on my project and install them again, or is there another more efficient way to go about this update? Thanks! 🙏

[Rodrigo]

1 minute ago, scuba_d said:

If that ends up being the case, apart from replacing the token, do I need to delete the gsap files I currently have on my project and install them again, or is there another more efficient way to go about this update?

Just uninstall any version of GSAP you have now from the command line:

npm uninstall --save gsap

Also delete the package-lock.json file from the project just in case.

 

Finally remember to NEVER push any .npmrc file to a public repo if it contains any private token. If you use a private repo, there is no issue, but on public repos it will expose the token to anyone. In those cases use an environmental variable in Netlify's config as shown here:

https://gsap.com/docs/v3/Installation/guides/Club GSAP & Netlify

 

Happy Tweening!

[scuba_d]

@Rodrigo, the package-lock.json file has a lot of non-gsap related info in it, so probably better not to remove it, right? Is it ok to keep the gsap info within it and then just run npm install once I install my new GSAP licence?

[Rodrigo]

Just now, scuba_d said:

the package-lock.json file has a lot of non-gsap related info in it, so probably better not to remove it, right?

Nope, there absolutely no issue in deleting that file. Actually when debugging npm installation issues is one of the first things people normally try. It will be created again when you install GSAP, so no worries.

 

Happy Tweening!

[scuba_d]

Right, because its content depends on whatever is in mypackage.jsonfile anyway! Thank you, got it! I really appreciate the help and the patience! 🙏

[scuba_d]

Hey @Rodrigo! My company has now purchased a new subscription - up until now we had the Business one, but decided the Premium one would suffice, so we went for that. I've tried installing GSAP by 1) manually including the code in the picture attached in the .npmrc file and 2) running the following command from my terminal: npm install gsap@npm:@gsap/shockinglyHowever, after running this line I got this error showing in the terminal:

 

npm ERR! code SELF_SIGNED_CERT_IN_CHAIN

npm ERR! errno SELF_SIGNED_CERT_IN_CHAIN

npm ERR! request to https://npm.greensock.com/@gsap%2fshockingly failed, reason: self-signed certificate in certificate chain

 

Did I do anything wrong? How can I address this? Thank you once again!

 

 

[Rodrigo]

Hi,

 

I'm on my phone now. The only thing I can think of is that you didn't deleted the package-lock.json file.

 

Remember, uninstall any version of GSAP from your project, delete the lock file, create a .npmrc file with the new token and run the install command.

 

If you keep having issues check your internet connection for proxy, firewall or malware software, maybe doing disabling those fixes the issue.

 

Happy Tweening!

[Cassie]

Just checking - because your snippet doesn't have this line.

Have you tried with the always-auth line in?

always-auth=true
@gsap:registry=https://npm.greensock.com
//npm.greensock.com/:_authToken=your-token-here

 

[scuba_d]

Hi @Rodrigo and @Cassie! Thank you for your suggestions. I've uninstalled the previous version of GSAP from my project, I've deleted the lock file and I've updated the .npmrc file with the new token + the always-auth=true line. I then run the npm install gsap@npm:@gsap/shockingly command in the console and still got the same error.

 

Don't know if you or any other member of this community has any other suggestion...? Thank you!

[scuba_d]

Just a quick update to let everyone know that I was able to overcome the issue mentioned above by running npm config set strict-ssl false and the installing GSAP (after installation I set strict-ssl to true again for safety reasons). Anyway, just wanted to post the solution here, should it be helpful to anyone else in the future, and thank all those who helped me, with a special shout out to @Rodrigo 💚