Expand my Community achievements bar.

SOLVED

403 JFrog - ui.frontend module - build fail issue

Avatar

Level 3

hi all,

 

I joined a project where jfrog is used as repo manager for hosting artifacts.

When giving a build we got the following error - 

[INFO] npm ERR! code E403
[INFO] npm ERR! 403 403 Forbidden - GET https://<<clientDomain>.jfrog.io/artifactory/api/npm/customer-experience-management-npm-virtual/ws/-...
[INFO] npm ERR! 403 In most cases, you or one of your dependencies are requesting
[INFO] npm ERR! 403 a package version that is forbidden by your security policy, or
[INFO] npm ERR! 403 on a server you do not have access to.
[INFO]
[INFO] npm ERR! A complete log of this run can be found in: C:\Users\Admin\AppData\Local\npm-cache\_logs\2024-07-23T12_26_09_146Z-debug-0.log

 

The ui.frontend module fails at this stage.

 

thanks,

Rahul

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi @gallaghan6,

 

Could of follow up queries here - 

  1. Is this the only artifact which is giving 403 issue? Are there any other artifacts which got downloaded from JFrog in the build before?
  2. Did you check whether the authentication in general is successful? You can directly hit the URL and log in to access the artifact page on JFrog once.
  3. JFrog can block out artifacts which have security vulnerabilities - The ws plugin has the latest version as 8.18.0 while the previous ones are susceptible to DoS attacks.
    Please refer https://security.snyk.io/package/npm/ws
    In such a case you might want to upgrade the version in both your webpack and JFrog to proceed.

 

Hope this helps!

View solution in original post

14 Replies

Avatar

Community Advisor

@gallaghan6 

This seems to be a permissions issue.

Can you check if the user account which you are using to access the resources in JFrog repository has the required permissions

Avatar

Level 3

i'm able to download other assets from jfrog in ui.frontend and its part of the build so any particular reason why this would be an issue?

Avatar

Community Advisor

Hi @gallaghan6 
Is GET https://<<clientDomain>.jfrog.io/artifactory/api/npm/customer-experience-management-npm-virtual/ws/-... Public or protected by authorization?

 

If it is protected by authorization, then can you try to use same credentials for local build as you are using with cloud manager. It might be possible that you might be using user credential but cloud manager/build is using the service credentials.

This is just assumption for "i'm able to download other assets from jfrog in ui.frontend and its part of the build"



Arun Patidar

Avatar

Community Advisor

Since this is client's own private jfrog repo, it needs to be authenticated. How are you guys handling the authentication ? You can check if you have a .npmrc file which is where generally authentication information is stored. If not, you will probably have to generate one
Check this for more details : https://docs.npmjs.com/cli/v10/configuring-npm/npmrc#auth-related-configuration 

Avatar

Level 3

There is a npmrc file which is configured and downloading artifacts for other node modules but only this one for web socket is giving an issue.

Avatar

Community Advisor

Are you able to access the path directly on jfrog UI using npmrc's credentials ? If not, it could still be a permission issue. If yes, then try what @Rohan_Garg suggested to upgrade the version. 

Avatar

Level 3

The permission issue should have been valid for all the other artifacts too.

Avatar

Correct answer by
Community Advisor

Hi @gallaghan6,

 

Could of follow up queries here - 

  1. Is this the only artifact which is giving 403 issue? Are there any other artifacts which got downloaded from JFrog in the build before?
  2. Did you check whether the authentication in general is successful? You can directly hit the URL and log in to access the artifact page on JFrog once.
  3. JFrog can block out artifacts which have security vulnerabilities - The ws plugin has the latest version as 8.18.0 while the previous ones are susceptible to DoS attacks.
    Please refer https://security.snyk.io/package/npm/ws
    In such a case you might want to upgrade the version in both your webpack and JFrog to proceed.

 

Hope this helps!

Avatar

Level 3

For 1 yes, its only the ws module which gives error of 403.

For 2, I am not able to access the page using my domain credentials. The .npmrc file has the credentials.

For 3, the version is present in package-lock.json, I will need to first host it on JFrog first?

"node_modules/ws": {
"version": "8.16.0",
"resolved": "https://clientDomain.jfrog.io/artifactory/api/npm/customer-experience-management-npm-virtual/ws/-/ws-8.16.0.tgz",
"integrity": "sha512-HS0c//T==,
"dev": true,
"engines": {
"node": ">=10.0.0"
},

 

Avatar

Community Advisor

Hi @gallaghan6, please find the below pointers - 

#2 - Try using the credentials from .npmrc file once. If the issue persists then implement #3.

For #3, yes you can commit it in package-lock.json file - even though the file is automatically generated with the build it is intended to be checked into the source repos.

 

Hope this helps!

Avatar

Level 3

deploying the latest version worked by adding change in package-lock.json

thanks @Rohan_Garg 

Avatar

Administrator

@gallaghan6 Did you find the suggestion helpful? Please let us know if you require more information. Otherwise, please mark the answer as correct for posterity. If you've discovered a solution yourself, we would appreciate it if you could share it with the community. Thank you!



Kautuk Sahni