Yarn: An unexpected error occurred: Request failed \"404 Not Found\"".

As an aside, the package clearly does exist and yarn is clearly accessing the package in some way because the url contains the version number it is attempting to retrieve.

Having ran some more tests, I've found that the same package fails to install from other repositories that require it when using Yarn. However, it works fine when using npm.

This leads me to think it isn't my repository specific config. Could it be something to do with the name of the package tripping Yarn up, or the url encoding or something?

Clutching at straws here, but hopefully this might bump someone in the right direction

I fixed this: I simply re-published the offending package with a new version number.

I have no idea why that fixed it.

I will leave this here in case it aids debugging.

I'm experiencing the same issue. This seems to happen randomly and is often resolved by simply retrying the build.

We're also experiencing the exact same issue.
Some private modules work some do not; all the same @scope.

We just experienced the same issue. Some more context here in the hopes that it might help

• We were running yarn in our CI (Drone), which runs in ephemeral Docker containers [Alpine Linux]
• The issue occurred in only ONE of our services building, whereas nothing went wrong with the other services, even though they have the exact same dependency tree (!)
• a manual install on my Mac for the same repo yielded no issues at all (!)
• the issue was limited to a single private package

As mentioned above as workaround, publishing a new version of the package resolved the issue.

Unfortunately, I was unable to obtain a detailed yarn-error.log as the containers are destroyed immediately after a failed build. If anyone else has this issue, could you try it again with a verbose install and throw the log in here?

I am seeing the same issue. I'm using a docker image in circleci 2.0 and having some unrelated issues that I'm debugging locally (compilation difference on cci vs local).

• when I yarn on the host OSX machine, everything works.
• when I yarn on the container (Ubuntu), I get the error.
• when I yarn on the ^^container (Ubuntu) running on circleci 2.0 infrastructure, it works.

I have setup .npmrc etc. It's really a head-scratcher that it doesn't work for me on a locally running container.

Verbose didn't provide me with any information that I can spot:

root@2adc7c09ff9a:~/af/spec/dummy# yarn --pure-lockfile --ignore-optional
yarn install v0.21.3
[1/4] Resolving packages...
[2/4] Fetching packages...
error An unexpected error occurred: "https://registry.yarnpkg.com/@alienfast/build/-/build-2.0.38.tgz: Request failed \"404 Not Found\"".
info If you think this is a bug, please open a bug report with the information provided in "/root/af/spec/dummy/yarn-error.log".
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.
root@2adc7c09ff9a:~/af/spec/dummy# yarn --pure-lockfile --ignore-optional --verbose
yarn install v0.21.3
verbose 0.178 current time: 2017-03-01T20:22:52.715Z
[1/4] Resolving packages...
[2/4] Fetching packages...
verbose 0.798 Performing "GET" request to "https://registry.yarnpkg.com/@alienfast/build/-/build-2.0.38.tgz".
verbose 0.861 Performing "GET" request to "https://registry.yarnpkg.com/@alienfast/ui/-/ui-1.0.34.tgz".
verbose 0.894 Performing "GET" request to "https://registry.yarnpkg.com/react-relay/-/react-relay-0.10.0.tgz".
verbose 0.895 Performing "GET" request to "https://registry.yarnpkg.com/react-dom/-/react-dom-15.4.2.tgz".
verbose 0.919 Performing "GET" request to "https://registry.yarnpkg.com/eslint/-/eslint-3.15.0.tgz".
verbose 0.941 Performing "GET" request to "https://registry.yarnpkg.com/flow-bin/-/flow-bin-0.39.0.tgz".
verbose 0.951 Performing "GET" request to "https://registry.yarnpkg.com/@alienfast/material-ui/-/material-ui-0.16.87.tgz".
verbose 0.966 Performing "GET" request to "https://registry.yarnpkg.com/@alienfast/react-formal/-/react-formal-0.24.7.tgz".
verbose 1.003 Performing "GET" request to "https://registry.yarnpkg.com/babel-runtime/-/babel-runtime-6.23.0.tgz".
verbose 1.103 Performing "GET" request to "https://registry.yarnpkg.com/graphql/-/graphql-0.9.1.tgz".
verbose 1.178 Performing "GET" request to "https://registry.yarnpkg.com/lodash/-/lodash-4.17.4.tgz".
verbose 1.206 Performing "GET" request to "https://registry.yarnpkg.com/material-ui/-/material-ui-0.16.7.tgz".
verbose 1.249 Performing "GET" request to "https://registry.yarnpkg.com/react-i18next/-/react-i18next-2.2.0.tgz".
verbose 1.261 Performing "GET" request to "https://registry.yarnpkg.com/react-relay-network-layer/-/react-relay-network-layer-1.4.0.tgz".
verbose 1.272 Performing "GET" request to "https://registry.yarnpkg.com/react-router/-/react-router-3.0.2.tgz".
verbose 1.696 Performing "GET" request to "https://registry.yarnpkg.com/react-router-relay/-/react-router-relay-0.13.5.tgz".
verbose 1.764 Performing "GET" request to "https://registry.yarnpkg.com/react-sizeme/-/react-sizeme-2.2.0.tgz".
verbose 2.063 Performing "GET" request to "https://registry.yarnpkg.com/recompose/-/recompose-0.22.0.tgz".
verbose 2.144 Error: https://registry.yarnpkg.com/@alienfast/build/-/build-2.0.38.tgz: Request failed "404 Not Found"
    at Request.handleRequestError (/root/.yarn/lib/fetchers/tarball-fetcher.js:231:20)
    at emitOne (events.js:96:13)
    at Request.emit (events.js:189:7)
    at Request.onRequestResponse (/root/.yarn/node_modules/request/request.js:986:10)
    at emitOne (events.js:96:13)
    at ClientRequest.emit (events.js:189:7)
    at HTTPParser.parserOnIncomingClient (_http_client.js:522:21)
    at HTTPParser.parserOnHeadersComplete (_http_common.js:99:23)
    at TLSSocket.socketOnData (_http_client.js:411:20)
    at emitOne (events.js:96:13)
    at TLSSocket.emit (events.js:189:7)
error An unexpected error occurred: "https://registry.yarnpkg.com/@alienfast/build/-/build-2.0.38.tgz: Request failed \"404 Not Found\"".
info If you think this is a bug, please open a bug report with the information provided in "/root/af/spec/dummy/yarn-error.log".
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.

root@2adc7c09ff9a:~/af/spec/dummy# cat ~/.npmrc
registry=https://registry.npmjs.org/
//registry.npmjs.org/:_authToken=${NPM_TOKEN}

root@2adc7c09ff9a:~/af/spec/dummy# echo $NPM_TOKEN
xxxxx-xxxx-xxxx-xxxx-xxxxxxxx

Same here, it works locally on OSX but not on the CircleCI container (circleci 1.0).

I tried to yarn cache clean - afterwards a different package failed installation.

It happens with yarn 0.18.1 as well as 0.21.3 - so maybe something changed in the yarnpkg registry configuration? Or, since I think everyone in the comments here is using CircleCI in the problem-scenario, it's an issue with CircleCI configuration?

So, we think we've managed to solve the problem; would be keen to see if it works for others:
We had to make a slight change to .npmrc which makes little sense why this works:

registry=http://registry.npmjs.org/
//registry.npmjs.org/:_authToken=${NPM_TOKEN}
@ourscope:registry=https://registry.npmjs.org/

Thing to note is that we required both normal registry AND one for our private scoped registry. Just make sure you change @ourscope with your own.

Let me know if this helps anyone.

@rogchap i just tried your solution but still see the same problem as before :(

we have a hyphen in our scope name, maybe that could be the culprit?

registry=http://registry.npmjs.org/
//registry.npmjs.org/:_authToken=${NPM_TOKEN}
@our-scope:registry=https://registry.npmjs.org/

@rogchap this workaround didn't have any effect on our situation.

root@f41305331cb8:~/af/spec/dummy# cat ~/.npmrc
registry=https://registry.npmjs.org/
//registry.npmjs.org/:_authToken=${NPM_TOKEN}
@alienfast:registry=https://registry.npmjs.org/

Confirmed it fails with 0.20.4 and 0.21.3. Given that this has also been working for me without a problem, I'm curious if something has changed on the server side to cause this. This certainly now seems like a bug.

• I just deployed new versions of the 'offending' scoped modules and it made no difference, same error.
• I ran npm install and have no problems fetching the modules in the problem environment

So, not fixed for me...again.

I had another private module give me the 404 message, even though it seems to resolve the correct version (must be reading something correctly somewhere), and seems to try and download the same tar url as NPM.

This time I REMOVED the registries (except the auth one) in .npmrc to get it to work!

There is no consistency at all, randomly "playing" with .npmrc seems to temporarily work.

I'm trying to promote Yarn, but every engineer in our company (rightly) says that Yarn is "not stable", "un usable", "not reliable", "doesn't work with private modules", "fails on the CI server" etc etc.

I wonder if the Private NPM registry is doing something "funky" with the user-agent!?? <- Wild guess.

In order to better understand this we may need some input from core contributors. @bestander, any insights?

We don't use private packages much so this feature has less eyes on.
Afaik most of the issues were fixed by the community.
This is a great opportunity to try to fix it.
I don't think npm registry would do something with the response based on UA, most likely the token is not passed at all for some reason.

Okay, so I forked yarn and fiddled around a bit. It seems like it loses the token before it fetches the tarball or rather after the first request is sent...

yarn add v0.23.0-0
verbose 0.227 current time: 2017-03-06T20:25:18.877Z
info No lockfile found.
[1/4] Resolving packages...
⠁ { authorization: 'Bearer MY_TOKEN_IS_HERE' } <<<<<----- here it uses my token for the request
verbose 0.409 Performing "GET" request to "https://registry.npmjs.org/@ovos-media%2flib-director".
verbose 1.306 Request "https://registry.npmjs.org/@ovos-media%2flib-director" finished with status code 200.
{} <--- token is gone
verbose 1.316 Performing "GET" request to "https://registry.npmjs.org/bluebird".
{} <--- token is gone
verbose 1.318 Performing "GET" request to "https://registry.npmjs.org/jwt-decode".
verbose 1.531 Request "https://registry.npmjs.org/bluebird" finished with status code 200.
verbose 1.572 Request "https://registry.npmjs.org/jwt-decode" finished with status code 200.
[2/4] Fetching packages...
https: /@ovos-media/lib-director/-/lib-director-0.4.1.tgz https://registry.yarnpkg.com/@ovos-media/lib-director/-/lib-director-0.4.1.tgz
{} <--- token is gone
verbose 1.597 Performing "GET" request to "https://registry.yarnpkg.com/@ovos-media/lib-director/-/lib-director-0.4.1.tgz".
verbose 2.663 Error: https://registry.yarnpkg.com/@ovos-media/lib-director/-/lib-director-0.4.1.tgz: Request failed "404 Not Found"
    at Request.res (/home/ubuntu/yarn/lib/fetchers/tarball-fetcher.js:232:20)
    at emitOne (events.js:90:13)
    at Request.emit (events.js:182:7)
    at Request.onRequestResponse (/home/ubuntu/yarn/node_modules/request/request.js:986:10)
    at emitOne (events.js:90:13)
    at ClientRequest.emit (events.js:182:7)
    at HTTPParser.parserOnIncomingClient (_http_client.js:469:21)
    at HTTPParser.parserOnHeadersComplete (_http_common.js:103:23)
    at TLSSocket.socketOnData (_http_client.js:359:20)
    at emitOne (events.js:90:13)
error An unexpected error occurred: "https://registry.yarnpkg.com/@ovos-media/lib-director/-/lib-director-0.4.1.tgz: Request failed \"404 Not Found\"".

When I explicitly set the authorization header in the npm-registry.js before the request is sent, everything works fine. So there seems to be some bug in yarn and not on the server side.

EDIT:

Okay, so after further inspection, this problem occurs because the check whether the authorization header should be set returns false in npm-registry.js -> https://github.com/yarnpkg/yarn/pull/2598/files#diff-b053bee294c216269844e5874039b6caR62
And this, in turn, happens because it compares the yarnpkg registry proxy with the npmjs registry.

https://registry.yarnpkg.com/@ovos-media/lib-director/-/lib-director-0.4.1.tgz https://registry.npmjs.org/

Okay, so i figured out how to fix this issue for us without a change to yarns source code.
It's basically what @rogchap posted but (in our case) in the other direction:

registry=https://registry.npmjs.org/
@ovos-media:registry=https://registry.yarnpkg.com/
//registry.npmjs.org/:_authToken=your-auth-token

OR alternatively completely getting rid of registry:

//registry.npmjs.org/:_authToken=your-auth-token

This seems to work because then yarn does not use different registries for the package in question to fetch info and tarballs. However, I'm unsure as to why yarn mixes these two and I think that maybe the check for the auth token could be changed/improved somehow.

What is the next step?
Document the workaround or make changes to Yarn?

I've been trying out every possible combination for the past few hours and I think it's safe to say that there is no reliable workaround for this issue. @flipace any idea if this is something that can be fixed easily? Both of your methods do not work for me :(.

Actually, scratch that, it does. Removing the registry assignments and only keeping the line with the auth-token seems to do the trick. Damn typos. Thanks @flipace!

@bestander i'll try to come up with a PR in the next few days, the behavior of yarn in this case is not the way it should be. Thanks @pleunv for confirming that the workaround works for you too!

The workaround does not work for me unfortunately 😿

@willrstern could you post your .npmrc maybe?

Ah, removing .yarnrc worked for me. Contents were:

# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1


registry "https://registry.npmjs.org/"
email <email>
lastUpdateCheck 1489181224804
username <username>

note, the npmjs.org registry was something I had added when troubleshooting why it wasn't working, so it wasn't the offending config.

@flipace .npmrc was all manner of the workarounds above including the token-only line.

~None of these workarounds worked for me.~

Actually it works if I put this in my docker file:

RUN echo -e "registry=https://registry.npmjs.org/\n//registry.npmjs.org/:_authToken=\${NPM_AUTH_TOKEN}\nsatoshipay:registry=https://registry.npmjs.org/" > /usr/src/app/.npmrc
RUN yarn

The scope in question for me is @satoshipay

Co-worker and I had this issue...after installing node v7.7.4, and re-logging into npm via npm login, everything worked.

@Levino Can you run yarn config list and have a look if yarn is picking up the .npmrc file? In #521 @BohdanTkachenko solved the issue similarly. At least this also works for me :)

Just a reminder that PR from the community is welcome, no one in the core team is currently looking into this

@bestander Are there any pointers from the core team where the issues may be?
Our current workaround is to go back to using npm 😞

Somewhere in package-resolver or package-fetcher.

On Tue, 16 May 2017 at 06:29, Roger Chapman notifications@github.com
wrote:

@bestander https://github.com/bestander Are there any pointers from the
core team where the issues may be?
Our current workaround is to go back to using npm 😞

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/yarnpkg/yarn/issues/2738#issuecomment-301679399, or mute
the thread
https://github.com/notifications/unsubscribe-auth/ACBdWMCFoI3uXa_ROrI-ZqwvTGyJjUrhks5r6TQygaJpZM4MGvow
.

For all those having this issue please check for an .npmrc file in your project directory as well as every parent directory above it. If one exists it will override the .npmrc file in your home directory. A member of my team ran into this issue. He had a different token set in a different .npmrc file.

I also have somewhere else to look. We have these issue usually with yarn install and usage of scoped private packages in CI. Yesterday I had the issue again. The team member who created the new service had not configured registry.npmjs.org as the registry for the scope in his local .npmrc. This lead to the fact that the yarn.lock had registry.yarnpkg.com links for all packages, including the scoped ones. Funnily it worked locally but broke in CI. So I deleted the yarn.lock and recreated it on my machine, where I have set registry.npmjs.org for the scope in my .npmrc file. Now the yarn.lock file only had links to registry.npmjs.org. I pushed the new yarn.lock and CI went through without any issues.

Thank you!

Also having .npmrc in the cwd helped us on gitlab-ci.

I'm having the same issue in a docker container + yarn 0.26.1 (install works fine locally on my Mac).

.npmrc is:

@binded:registry=https://registry.npmjs.com/
//registry.npmjs.org/:_authToken=${NPM_TOKEN}

NPM_TOKEN is correctly set. Getting following error:

====>> cat .npmrc
  #!/bin/bash -eo pipefail
cat .npmrc
//registry.npmjs.org/:_authToken=${NPM_TOKEN}
====>> build
  #!/bin/bash -eo pipefail
build
engines.node (package.json):  7
engines.npm (package.json):   unspecified (use default)
v7.10.0 is already installed.
Now using node v7.10.0 (npm v4.2.0)
default -> 7 (-> v7.10.0 *)
Using default npm version: 4.2.0
Resolving yarn version 0.26 via semver.io...
Downloading and installing yarn (0.26.1)...
Installed yarn 0.26.1
Installing node modules (yarn.lock)
yarn install v0.26.1
[1/4] Resolving packages...
[2/4] Fetching packages...
error An unexpected error occurred: "https://registry.yarnpkg.com/@binded/binded-client/-/binded-client-1.3.2.tgz: Request failed \"404 Not Found\"".
info If you think this is a bug, please open a bug report with the information provided in "/ci/project/yarn-error.log".
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.
Error: Exited with code 1
Step failed
Task failed

I also tried with the following .npmrc:

registry=http://registry.npmjs.org/
//registry.npmjs.org/:_authToken=${NPM_TOKEN}
@binded:registry=https://registry.npmjs.com/

I'm not sure if that's relevant but my yarn.lock lists (it resolves as https://registry.yarnpkg.com/... instead of https://registry.npmjs.com/...):

"@binded/binded-client@^1.3.2":
  version "1.3.2"
  resolved "https://registry.yarnpkg.com/@binded/binded-client/-/binded-client-1.3.2.tgz#0c29ed98436084b39420020a533df26da3ebbda3"

update: if I delete yarn.lock, the install succeeds.
update: looks like installing [email protected] fixed my issue (I think I was using [email protected] before)

@olalonde I had the same error. Setting the registry on my machine to https://registry.npmjs.org/ and creating the yarn.lock solved the issue for me.

Hello,

Since I had the same problem and I managed to solve it, I'm gona share my experience.
I tried all of the random workarounds, but as @rogchap said - going back to npm worked for me.

After successful installation with npm yarn install stopped giving 404 Not Found.

I have no idea whatsoever what happened and how it got fixed.
I'll keep an eye on this issue. Hope someone solves this mystery.

Best,
pgergov

This problem is randomly occurring on Codeship builds. Any progress or ideas what's causing that?

Hey guys, just wanted to share with you that in 0.27.5 the problem is solved. For reference: https://github.com/yarnpkg/yarn/issues/3765
This issue seems closable now.

Thanks for following up, @pgergov

I also had this issue today. I changed the registry to the github tarball url. I couldn't find what the npmjs url was, so I tried Github's found here.
https://github.com/{USER}/{REPO}/tarball/{BRANCH}

Just putting this here in case someone has the same issue as I did.

I am on latest version 0.27.5. I also experience the Request failed 404 Not Found yarn error. Downgrading the version to 0.27.3 works.

@panalbish you can try 0.28.2 or try updating your auth token to see if it works.

@panalbish Thanks for the suggestion. Downgrading to 0.27.3 worked.
@BYK I tried 0.28.2 and 0.28.4 they both failed. I get an error when it is trying to download code from github

yarn install v0.27.5
warning package.json: No license field
warning [email protected]: No license field
[1/4] Resolving packages...
[2/4] Fetching packages...
error An unexpected error occurred: "https://codeload.github.com/soda0289/typescript-eslint-parser/tar.gz/840978a594dd659cfa2b40d8672ce7a742864623: Request failed \"404 Not Found\"".

If i had to guess may it is sending auth tokens to the github domain causing a 404. Will try and look into more tonight.

Seem this issue covers the problem:
https://github.com/yarnpkg/yarn/issues/3907

Duplicate of #3907.

It seems removing yarn.lock before executing yarn (or yarn install) command can fix the problem for me.

It seems removing yarn.lock before executing yarn (or yarn install) command can fix the problem for me.

And then you should stop using yarn altogether. The yarn.lock file is the file that guarantuees "reproducible builds". You never want to delete that.

Ok, calm down. It was up to application itself I was trying to use.
Btw shouldn't package.json be sufficient for build itself?

Technically yes. The lockfile guarantees that you will use the same versions than everyone else on the team. If for some reason you don't care, you can remove the lockfile and Yarn will create a new one from scratch.

That being said, it's curious it solved your issue, since the one we're tracking here is related to a configuration parameter. Maybe your lockfile was referencing an URL that had been removed since then? A git commit that has been deleted via a force-push, maybe?

This is actual message I have got:

vagrant@homestead:~/Projects/l5b.dev$ yarn
yarn install v0.27.5
[1/4] Resolving packages...
[2/4] Fetching packages...
error An unexpected error occurred: "https://registry.yarnpkg.com/webpack-dev-server/-/webpack-dev-server-2.7.0.tgz: Request failed \"404 Not Found\""

Tried again to install repository which is Laravel application (Installation steps). npm worked fine on both localhost (vagrant) and online but yarn output that error.

Well, search no further:

No luck on npm either:

Maybe the webpack org decided to unland this release after you installed it.

Hm, npm install finished installation although bunch of warnings. But warnings are not errors.
I am trying to catch these JS things still. I stood in jQuery era and need to speed up.

Ok, calm down. It was up to application itself I was trying to use.

I did not mean no offense. I am sorry if any was taken.

Btw shouldn't package.json be sufficient for build itself?

You might want to read this: https://www.sitepoint.com/yarn-vs-npm/ and let me highlight the most interesting paragraph:

The yarn.lock File
In package.json, the file where both npm and Yarn keep track of the project’s dependencies, version numbers aren’t always exact. Instead, you can define a range of versions. This way you can choose a specific major and minor version of a package, but allow npm to install the latest patch that might fix some bugs.
In an ideal world of semantic versioning, patched releases won’t include any breaking changes. This, unfortunately, is not always true. The strategy employed by npm may result into two machines with the same package.json file, having different versions of a package installed, possibly introducing bugs.
To avoid package version mis-matches, an exact installed version is pinned down in a lock file. Every time a module is added, Yarn creates (or updates) a yarn.lock file. This way you can guarantee another machine installs the exact same package, while still having a range of allowed versions defined in package.json.
In npm, the npm shrinkwrap command generates a lock file as well, and npm install reads that file before reading package.json, much like how Yarn reads yarn.lock first. The important difference here is that Yarn always creates and updates yarn.lock, while npm doesn’t create one by default and only updates npm-shrinkwrap.json when it exists.

So if you do not care about pinning down versions to avoid "random" builds, instead of removing the yarn.lock file and running yarn you should leave the file in place and use npm install (which will ignore the yarn.lock file)

Is your project online somewhere?

@Tpojka try to remove the yarn.lock file and the node_modules locally (!) and then run yarn locally. Afterwards commit the new yarn.lock file and see if that helps

Background: This will change the pinned version of your missing package to the latest one that is still compatible with the version range defined in the package.json. If the one that is currently pinned in your yarn.lock has been unpublished, the new one should be there.

Yeah, I have been using yarn 0.18 for a long time because of this weird issue and can confirm that a one time removal-recreation of yarn.lock seems to resolve the issue. So somehow it is related to old yarn version's lock files as far as I can tell.

@sottbessler unfortunately this seems random. Sometimes a removal of the yarn.lock works, sometimes not. There's something else weird going on. It can resolve the package (as it knows what version to download) but 404's of the tar file.

Faced this issue, worked on my mac machine, but not on the server.

Works in yarn v1.0.1 (for us locally, on CI, and in Heroku buildpack) by following https://github.com/yarnpkg/yarn/issues/3765#issuecomment-327890328 and https://github.com/yarnpkg/yarn/issues/3765#issuecomment-328207599 .

always-auth=true
https://registry.npmjs.org/:_authToken=${NPM_TOKEN}

I'm still having an issue here.

I've tried adding always-auth=true to my .npmrc file. I've also tried adding an explicit https: in front of //registry.npmjs.org/:_authToken=.... That didn't make any difference either.

Things work great for Yarn 0.27.3, but anything 1.0.0+ seems to have this problem (I'm currently using yarn 1.2.1).

Am I missing something here?

Try removing everything from .npmrc except //registry.npmjs.org/:_authToken=${NPM_TOKEN}. This is the only thing that consistently works for us with our private @-scoped packages (Unix/Windows/OSX) on yarn 1.0.0+.

@pleunv Thanks! That worked for me using Yarn 1.3.2, but only if I ran this command as well:

yarn config set registry https://registry.npmjs.org

My impression was that the default Yarn registry was just a proxy for npmjs.org. So I'm not sure why this should be necessary, but it absolutely is in my case (tested with and without).

I can't believe more people aren't having trouble with this. I would have thought that every non-open source project would be tripping over this?!?

I've only tested this doing deployments (i.e., inside a Dockerfile doing a build). I'll try it on my dev machine soon (my efforts to figure this out this morning cost me more than an hour 😢 ).

@pleunv @xogeny can you provide a small repro case for us so we can fix this issue once and for all? It is very hard to trace this for us :(

@BYK unless I'm missing something, any such test case would, by necessity, require a private repo and in order to successfully test yarn we'd need to share a private access token of some kind. That seems awkward at best.

It seems like the best approach would be for the Yarn project itself to establish some private repositories (via a cheap, minimal organizational account) so that you could do these tests by supplying an access token via an environment variable via CircleCI or your local dev/testing environment. That way it would be your token and you wouldn't need to share it with anybody.

But I'm open to other suggestions. I just don't quite know how to organize things.

Yeah, the private scope makes this a bit difficult to provide you with a repro. Either way, we had this on our CI with any privately scoped package, on the default nodeJS docker container.

@BYK I can set up a trial version of a Bintray npm repository with an accompanying repro-repo and send you the access key on mail if it'd help.

@SpainTrain Thanks a lot, setting

always-auth=true
@scope:always-auth=true

to the top of .npmrc fixed it with yarn v1.3.2

In my situation, the problem went away when I updated yarn.lock to resolve private packages from npmjs.com instead of yarnpkg.com like so -

"@myco/pak1@>=0.0.8":
  version "0.0.11"
  resolved "https://registry.yarnpkg.com/@myco/pak1/-/pak1-0.0.11.tgz#8b5c53bd7378d7f00554fd4813ad9d332d0d87dc"
                             ^^^^^^^ change this
  resolved "https://registry.npmjs.com/@myco/pak1/-/pak1-0.0.11.tgz#8b5c53bd7378d7f00554fd4813ad9d332d0d87dc"
  dependencies:
    lodash "4.*"

None of these solutions worked for me. We're not even using a private package, just a public fork of a public package. Changed yarn.lock to reference npmjs.com, used the yarn registry setting before yarn-install step.

CircleCI just gets 404's intermittently on "codeload" github urls during yarn-install step for some reason.

I can also confirm that after running yarn config set registry https://registry.npmjs.org as @xogeny suggested, yarn add @org/priv-module no longer 404s and correctly installs the package.

However, here's the interesting part — I switched back to the original registry (yarn config set registry https://registry.yarnpkg.com), did rm -rf *; yarn cache clean and yarn add @org/priv-module again, I could no longer reproduce the 404, i.e. it installed correctly. I'm pretty sure I'm not crazy here — yarn add @org/priv-module did 404 the very first time.

How exactly does registry.yarnpkg.com proxy registry.npmjs.org? Feels like some cache got populated after a successful fetch?

I'm on v1.3.4 on macOS 10.13.2, and .npmrc is just plain 'ol //registry.npmjs.org/:_authToken={auth token}

Same issue here. Here is a log from TravisCI

$ node --version
v8.9.4
$ npm --version
5.6.0
$ nvm --version
0.33.8
before_install.1
0.42s$ yarn config set registry https://registry.npmjs.org
yarn config v1.3.2
success Set "registry" to "https://registry.npmjs.org".
before_install.2
0.43s$ yarn cache clean
yarn cache v1.3.2
success Cleared cache.
$ yarn
yarn install v1.3.2
[1/4] Resolving packages...
[2/4] Fetching packages...
error An unexpected error occurred: "https://registry.yarnpkg.com/pinkie-promise/-/pinkie-promise-2.0.1.tgz: Request failed \"404 Not Found\"".
info If you think this is a bug, please open a bug report with the information provided in "/home/travis/build/grundiss/contenter/yarn-error.log".
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.

Funny thing: locally everything works just fine.

just for completion, here a couple of failing circleci builds, and the 404 package is not always the same:

https://circleci.com/gh/EnoahNetzach/gnodsidfjgi/5
https://circleci.com/gh/EnoahNetzach/gnodsidfjgi/7

I have (hopefully) fixed my problem by following this instruction and creating an offline mirror, but this is certainly not the way anyone can go.

Wow. Turned out my problem wasn't part of this issue, but more like a part of more global thing: https://github.com/floatdrop/pinkie/issues/18

Shit, now we started getting this problem too. Private scoped package. Random reproduction - sometimes works (with some versions), sometimes it doesn't.

Seeing this error on our project. It is bizarre, since I don't get a 404 when hitting the URL manually:

Trace:
  Error: https://codeload.github.com/types/npm-v8flags/tar.gz/de224ae1cd5fd7dbb4e7158a6cc7a29e5315930d: Request failed "404 Not Found"
      at Request.handleRequestError (C:\Users\stewx\AppData\Roaming\nvm\v6.10.0\node_modules\yarn\lib\fetchers\tarball-fetcher.js:203:20)
      at emitOne (events.js:96:13)
      at Request.emit (events.js:188:7)
      at Request.onRequestResponse (C:\Users\stewx\AppData\Roaming\nvm\v6.10.0\node_modules\yarn\node_modules\request\request.js:1068:10)
      at emitOne (events.js:96:13)
      at ClientRequest.emit (events.js:188:7)
      at HTTPParser.parserOnIncomingClient (_http_client.js:474:21)
      at HTTPParser.parserOnHeadersComplete (_http_common.js:99:23)
      at TLSSocket.socketOnData (_http_client.js:363:20)
      at emitOne (events.js:96:13)

We have solved all errors like these by switching our URLs a little. Avoid tar/gz and use tarball, i.e.:

"package_name":"https://github.com/somebody/package_name/tarball/master"

If your package is hosted privately on npmjs.org, removing the line @scope:registry=https://registry.npmjs.org/ from .npmrc worked for us — presumably this is due to issues with yarnpkg being a CDN for npmjs.org

I'm exhibiting this today
error An unexpected error occurred: “https://registry.yarnpkg.com/@types/webpack/-/webpack-3.8.10.tgz: Request failed \“404 Not Found\“”.
Not a private repo :(

+1 for me. Started experiencing it today as well. Trying in install webpack on our CI.

Same here lol. Tried latest

error An unexpected error occurred: "https://registry.yarnpkg.com/@types/webpack/-/webpack-4.1.1.tgz: Request failed \"404 Not Found\"".

It is being discussed here https://github.com/yarnpkg/yarn/issues/5530

In my case I had a local .npmrc that defined a private registry for a specific scope, all I had to add was registry=https://registry.npmjs.org/ at the top of the file. Resulting in:

# .npmrc
registry=https://registry.npmjs.org/

@acme:registry=https://acme.jfrog.io/acme/api/npm/npm/
//acme.jfrog.io/acme/api/npm/npm/:_auth=YYYYYYYYYYYYYYYYYYYYYYYYYY
//acme.jfrog.io/acme/api/npm/npm/:username=username
//acme.jfrog.io/acme/api/npm/npm/:[email protected]
//acme.jfrog.io/acme/api/npm/npm/:always-auth=true

Working with CircleCI also had 404 with yarn install.

removing yarn.lock

This worked for me. Digging some more, discovered there were bad urls in the yarn lock.

The yarn lock was using registry.yarnpkg.com that would 404'd on CircleCI (no clue why it worked locally).

The resulting config that did the trick:

- run: echo "//registry.npmjs.org/:_authToken=$NPM_AUTH_TOKEN" > ~/.npmrc
- run: yarn config set registry https://registry.npmjs.org/
- run: yarn

Thanks all, I too have resolved this issue by deleting yarn.lock.

For me, the failing command was yarn add gatsby-plugin-react-helmet react-helmet.

I was able to run a yarn upgrade (tried out of curiosity), and then the above command worked. Not sure why that is, but I'd be grateful if someone had an explanation.

maybe npm is needed due to dependency is not available on yarn repositories

have the same issue with yarn + CI + material

yarn install v1.22.4
[1/4] Resolving packages...
[2/4] Fetching packages...
error An unexpected error occurred: "https://registry.yarnpkg.com/@material-ui/core/-/core-4.11.0.tgz: Request failed \"404 Not Found\"".
info If you think this is a bug, please open a bug report with the information provided in "/builds/springs-apps/flopanda/flopanda-front-end/yarn-error.log".
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.