Vercel Deployment Issue with GSAP authentication

[cyberpatrolunit]

• • Hey all - I've been struggling to deploy a test project via Vercel, I can get the app to build but only when using the command:  'npm install gsap'
    
    If I use 'npm install gsap@npm:@gsap/business' or any other such as 'npm install gsap@npm:@gsap/shockingly' or 'npm install gsap@npm:@gsap/premium' then I get 403 errors:
    
    [17:29:08.248] Running build in Washington, D.C., USA (East) – iad1

    [17:29:09.522] Cloning github.com/cyberpatrolunit/videoglove_landing (Branch: main, Commit: 4f8dc0d)

    [17:29:09.536] Skipping build cache, deployment was triggered without cache.

    [17:29:10.074] Cloning completed: 551.358ms

    [17:29:10.396] Running "vercel build"

    [17:29:10.902] Vercel CLI 32.6.1

    [17:29:11.777] Running "install" command: `npm install gsap@npm:@gsap/premium`...

    [17:29:24.884] npm WARN ERESOLVE overriding peer dependency

    [17:29:38.358] npm ERR! code E403 [17:29:38.362] npm ERR! 403 403 Forbidden - GET https://npm.greensock.com/@gsap%2fpremium - bad authorization header. Please login again

    [17:29:38.362] npm ERR! 403 In most cases, you or one of your dependencies are requesting

    [17:29:38.363] npm ERR! 403 a package version that is forbidden by your security policy, or

    [17:29:38.363] npm ERR! 403 on a server you do not have access to.

    [17:29:38.365]

    [17:29:38.366] npm ERR! A complete log of this run can be found in: /vercel/.npm/_logs/2023-12-11T01_29_12_236Z-debug-0.log

    [17:29:38.414] Error: Command "npm install gsap@npm:@gsap/premium" exited with 1

    
    I have a '.npmrc' in my root dir with :
     

    always-auth=true

    @gsap:registry=https://npm.greensock.com

    //npm.greensock.com/:_authToken={my_token}

     

  • Send

   

   

  I've poked around finding similar issues but I still can't get authenticated.. Any insight would be greatly appreciated ! 

   

   

 

 

 

 

 

[cyberpatrolunit]

Not sure what I did, but it's working now..  ¯\_(ツ)_/¯

[mvaneijgen]

Hi @cyberpatrolunit welcome to the forum and thanks for being a club member ?

 

Maybe you had to clear your lock files, which usually fixes my issue ? but I'm not well versed in the whole deploying thing. Some one will probably jump in here sooner or later to provide some more tips , but for now glad your issue is fixed and happy tweening! 

[Supachai]

I have similar issue in my local Next.js project right now.
The message always show "bad authorization header".
I make sure to have .npmrc file on my project root with the token generated from website.

Not sure what to do now. Where should I login again? on the website?

$ yarn add gsap@npm:@gsap/business
yarn add v1.22.17
[1/4] ?  Resolving packages...
error An unexpected error occurred: "https://npm.greensock.com/@gsap%2fbusiness: bad authorization header. Please login again".

[GreenSock]

These may be helpful: 

 

 

https://blog.privjs.com/article/how-to-install-club-greensock-packages-on-vercel

[Supachai]

At the end, I couldn't yarn add the package, and end up with downloading zip file for gsap.

That works for me, but when I tried to add @gsap/react package, I got same error again.

This time, no zip file available for download. I tried to generate new Token again for the 3rd time.

Somehow it works, but the network was very slow.

 

I think the server might get some trouble to authenticate new Token, and get slow when download.

If anyone has same issue, keep trying regenerate the Token and try again.

[GreenSock]

Hm, are you saying that you tried to run npm install @gsap/react and you got an error? Can you provide more details like what the error said? 

 

Our NPM expert is looking into the server logs to see if there were any glitches, but we're not aware of any at this point. Occasionally there are bots that send massive traffic to our servers which bogs them down, but we try to deal with those promptly and it's pretty rare that we have those issues. Sorry about any hassles there! Maybe you hit at the exact time one of those bot attacks was happening. ?‍♂️

[Supachai]

2 hours ago, GreenSock said:

Hm, are you saying that you tried to run npm install @gsap/react and you got an error? Can you provide more details like what the error said? 

 

Our NPM expert is looking into the server logs to see if there were any glitches, but we're not aware of any at this point. Occasionally there are bots that send massive traffic to our servers which bogs them down, but we try to deal with those promptly and it's pretty rare that we have those issues. Sorry about any hassles there! Maybe you hit at the exact time one of those bot attacks was happening. ?‍♂️

I did try both npm install and yarn add. The error messages as below.

 

Quote

supachaic$ npm i @gsap/react
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/postcss-nested/node_modules/postcss
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer postcss@"^8.2.14" from [email protected]
npm WARN node_modules/postcss-nested
npm WARN   postcss-nested@"^6.0.1" from [email protected]
npm WARN   node_modules/daisyui/node_modules/tailwindcss
npm WARN   2 more (tailwindcss, tailwindcss)
npm ERR! code E403
npm ERR! 403 403 Forbidden - GET https://npm.greensock.com/@gsap%2freact - bad authorization header. Please login again
npm ERR! 403 In most cases, you or one of your dependencies are requesting
npm ERR! 403 a package version that is forbidden by your security policy, or
npm ERR! 403 on a server you do not have access to.

 

Quote

supachaic$ yarn add @gsap/react
yarn add v1.22.17
[1/4] ?  Resolving packages...
error An unexpected error occurred: "https://npm.greensock.com/@gsap%2freact: bad authorization header. Please login again".

 

After got 2 errors, I regenerate new Token again and try yarn add again.

This time the error message of bad authorization header not show up anymore. But I got some messages about trouble in network connection. After 2 retries, the package install was done.

 

Quote

supachaic$ yarn add @gsap/react
yarn add v1.22.17
[1/4] ?  Resolving packages...
info There appears to be trouble with your network connection. Retrying...
info There appears to be trouble with your network connection. Retrying...
info There appears to be trouble with the npm registry (returned undefined). Retrying...
info There appears to be trouble with the npm registry (returned undefined). Retrying...
[2/4] ?  Fetching packages...
warning Pattern ["strip-ansi@^6.0.1"] is trying to unpack in the same destination "/Users/supachaic/Library/Caches/Yarn/v6/npm-strip-ansi-cjs-6.0.1-9e26c63d30f53443e9489495b2105d37b67a85d9-integrity/node_modules/strip-ansi-cjs" as pattern ["strip-ansi-cjs@npm:strip-ansi@^6.0.1"]. This could result in non-deterministic behavior, skipping.
warning Pattern ["string-width@^4.1.0"] is trying to unpack in the same destination "/Users/supachaic/Library/Caches/Yarn/v6/npm-string-width-cjs-4.2.3-269c7117d27b05ad2e536830a8ec895ef9c6d010-integrity/node_modules/string-width-cjs" as pattern ["string-width-cjs@npm:string-width@^4.2.0"]. This could result in non-deterministic behavior, skipping.
warning Pattern ["strip-ansi@^6.0.0"] is trying to unpack in the same destination "/Users/supachaic/Library/Caches/Yarn/v6/npm-strip-ansi-cjs-6.0.1-9e26c63d30f53443e9489495b2105d37b67a85d9-integrity/node_modules/strip-ansi-cjs" as pattern ["strip-ansi-cjs@npm:strip-ansi@^6.0.1"]. This could result in non-deterministic behavior, skipping.
[3/4] ?  Linking dependencies...
[4/4] ?  Building fresh packages...
success Saved lockfile.
success Saved 1 new dependency.
info Direct dependencies
└─ @gsap/react@2.0.0
info All dependencies
└─ @gsap/react@2.0.0
✨  Done in 77.48s.

 

[GreenSock]

Thanks for the detailed information, @Supachai! I'll pass that along to our NPM expert. It does sound like a network or server thing that happened when you were attempting to install. I'm glad you got it to work eventually. 

[Prasanna]

I just checked the server logs and it seems like there were a few D-DOS attempts on the server and it is quite possible that @Supachaiwas trying to install during the same time. The D-DOS attack could have affected the response speeds. We gracefully handle DDOS attacks, but unfortunately due to the intensity of such attacks some responses could be delayed.

@Supachai we hope you don't experience such issues again, but let us know if it does. We will consider some improvements on the infra.