GitHub Packages as npm proxy

Hello,
is it possible to configure Nexus to use GitHub Packages as a npm proxy? HTTP authentication option doesn’t seem to work.
Here are GitHub docs how to do it locally: Configuring npm for use with GitHub Packages - GitHub Docs
But no luck with Nexus npm proxy.

Update: I have updated Nexus to the newest Linux version (OSS 3.27.0-03). Now I have the option to setup HTTP Authentication as “Preemptive Bearer Token”. And now, it seems that Nexus can talk with GitHub npm repo, but there must be some a bug, because downloading tarball does not work. It responds with 404.
Help please?

Update 2 and solution:
In my opinion there is some serious bug in Nexus. But it works. What you need to do is to use a classic HTTP Username authentication, as username you GH username, and as password - personal token. Now you must uncheck checkbox “Validate that all content uploaded to this repository is of a MIME type appropriate for the repository format”… Which is stupid.
It will NOT work with “Preemptive Bearer Token”.

Sonatype, please fix this…

Update 3:
Ok, that was not a solution. It seemed to work, but it didn’t - I was not able to install any other version of the package without invalidating the cache.

Here is a PR with the fix: NEXUS-23750 - Does not support npm GitHub Package Registry by marverix · Pull Request #79 · sonatype/nexus-public · GitHub

About issues and fixes:

First problem

Nexus is using HttpClient 4.5, which is using since version 4.1 DefaultRedirectStrategy. According to the documentation :

302 Moved Temporarily, 301 Moved Permanently and 307 Temporary Redirect status codes will result in an automatic redirect of HEAD and GET methods only.

and (probably) HttpClient is copying all headers from the original request. Normally it’s not an issue, but GitHub Package Registry is redirecting (with 302) to an automatically generated AWS (S3 probably) link with the X-Amz-Credential GET parameter. AWS does not allow us to use both the Authorization Bearer token and the mentioned X-Amz-Credential , and responses with HTTP 400.

The fix is to manually handle redirect, so we can use the execute method to control if we should or shouldn’t add the Authorization Bearer header (by checking the existence of X-Amz-Credential ).

Second problem

In the NpmContentValidator, Nexus was adding always a .json extension if there was no extension at all. Which was wrong. npm packages’ names in AWS are just some random hashes without extension. But those are application/octet-stream - which is the tarball that we are expecting to get.

The fix is to check if the declared content type is application gzip. If so then let’s append .tgz instead .json.

I am facing the similar issue of 404 which started coming abruptly.
We are on nexus version -3.38.1
node version - v18.7.0
pnpm version - v7.8.0
I am using the proxy repo to connect to github and tried testing using the bearer token and even username and password as token.
Nothing was changed on Nexus side and things were working fine.

Hi Prashant, did you find a solution to your problem ?

I’m trying to install npm package aframe@1.3.0, but it fails on its three-bmfont-text dependency because it is hosted on github

Hi All,

Just got the proxy to GitHub Packages working on Nexus Repository 3.55 with the following:

Nexus Repo 3.55
Remote Storage URL: https://npm.pkg.github.com
Authentication type: Preemptive Bearer Token (SO NOT the username one)
Token: OBTAINED_TOKEN_FROM_GITHUB
Enabled: Enable redirects to the same location (may be required by some servers)
Enabled: Allow cookies to be stored and used
Other settings: Default

Hope above helps!

Kind regards,

Joris

Hi All,

will this also work for Maven artifacts? (pom.xml, *.jar, …) ?
I´m trying to setup a proxy Repo in Nexus for my Github package(s) - but couln´nt get that working.

Any advice would be very appreciated

Thx, Torsten