Adobe Experience Manager Sites & More

PraveenKumarG · 7/23/24

hi all,

I joined a project where jfrog is used as repo manager for hosting artifacts.

When giving a build we got the following error -

[INFO] npm ERR! code E403
[INFO] npm ERR! 403 403 Forbidden - GET https://<<clientDomain>.jfrog.io/artifactory/api/npm/customer-experience-management-npm-virtual/ws/-...
[INFO] npm ERR! 403 In most cases, you or one of your dependencies are requesting
[INFO] npm ERR! 403 a package version that is forbidden by your security policy, or
[INFO] npm ERR! 403 on a server you do not have access to.
[INFO]
[INFO] npm ERR! A complete log of this run can be found in: C:\Users\Admin\AppData\Local\npm-cache\_logs\2024-07-23T12_26_09_146Z-debug-0.log

The ui.frontend module fails at this stage.

thanks,

Rahul

Rohan_Garg · 7/23/24

Hi @PraveenKumarG,

Could of follow up queries here -

Is this the only artifact which is giving 403 issue? Are there any other artifacts which got downloaded from JFrog in the build before?
Did you check whether the authentication in general is successful? You can directly hit the URL and log in to access the artifact page on JFrog once.
JFrog can block out artifacts which have security vulnerabilities - The ws plugin has the latest version as 8.18.0 while the previous ones are susceptible to DoS attacks.
Please refer https://security.snyk.io/package/npm/ws
In such a case you might want to upgrade the version in both your webpack and JFrog to proceed.

Hope this helps!

View solution in original post

AMANATH_ULLAH · 7/23/24

@PraveenKumarG

This seems to be a permissions issue.

Can you check if the user account which you are using to access the resources in JFrog repository has the required permissions

PraveenKumarG · 7/23/24

i'm able to download other assets from jfrog in ui.frontend and its part of the build so any particular reason why this would be an issue?

arunpatidar · 7/23/24

Hi @PraveenKumarG
Is GET https://<<clientDomain>.jfrog.io/artifactory/api/npm/customer-experience-management-npm-virtual/ws/-... Public or protected by authorization?

If it is protected by authorization, then can you try to use same credentials for local build as you are using with cloud manager. It might be possible that you might be using user credential but cloud manager/build is using the service credentials.

This is just assumption for "i'm able to download other assets from jfrog in ui.frontend and its part of the build"

Arun Patidar

h_kataria · 7/23/24

Since this is client's own private jfrog repo, it needs to be authenticated. How are you guys handling the authentication ? You can check if you have a .npmrc file which is where generally authentication information is stored. If not, you will probably have to generate one
Check this for more details : https://docs.npmjs.com/cli/v10/configuring-npm/npmrc#auth-related-configuration

PraveenKumarG · 7/23/24

There is a npmrc file which is configured and downloading artifacts for other node modules but only this one for web socket is giving an issue.

h_kataria · 7/23/24

Are you able to access the path directly on jfrog UI using npmrc's credentials ? If not, it could still be a permission issue. If yes, then try what @Rohan_Garg suggested to upgrade the version.

MukeshYadav_ · 7/23/24

Hi @PraveenKumarG ,

Pls have a look https://stackoverflow.com/questions/67960455/npm-error-403-when-downloading-dependencies-from-artifa...

Thanks

PraveenKumarG · 7/23/24

The permission issue should have been valid for all the other artifacts too.

Rohan_Garg · 7/23/24

Hi @PraveenKumarG,

Could of follow up queries here -

Is this the only artifact which is giving 403 issue? Are there any other artifacts which got downloaded from JFrog in the build before?
Did you check whether the authentication in general is successful? You can directly hit the URL and log in to access the artifact page on JFrog once.
JFrog can block out artifacts which have security vulnerabilities - The ws plugin has the latest version as 8.18.0 while the previous ones are susceptible to DoS attacks.
Please refer https://security.snyk.io/package/npm/ws
In such a case you might want to upgrade the version in both your webpack and JFrog to proceed.

Hope this helps!

PraveenKumarG · 7/23/24

For 1 yes, its only the ws module which gives error of 403.

For 2, I am not able to access the page using my domain credentials. The .npmrc file has the credentials.

For 3, the version is present in package-lock.json, I will need to first host it on JFrog first?

"node_modules/ws": {
  "version": "8.16.0",
  "resolved": "https://clientDomain.jfrog.io/artifactory/api/npm/customer-experience-management-npm-virtual/ws/-/ws-8.16.0.tgz",
  "integrity": "sha512-HS0c//T==,
  "dev": true,
  "engines": {
    "node": ">=10.0.0"
  },

Rohan_Garg · 7/23/24

Hi @PraveenKumarG, please find the below pointers -

#2 - Try using the credentials from .npmrc file once. If the issue persists then implement #3.

For #3, yes you can commit it in package-lock.json file - even though the file is automatically generated with the build it is intended to be checked into the source repos.

Hope this helps!

PraveenKumarG · 7/24/24

deploying the latest version worked by adding change in package-lock.json

thanks @Rohan_Garg

arunpatidar · 7/23/24

Hi @PraveenKumarG
Please check https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/frontend-pipelines-using-p...

Arun Patidar

kautuk_sahni · 7/23/24

@PraveenKumarG Did you find the suggestion helpful? Please let us know if you require more information. Otherwise, please mark the answer as correct for posterity. If you've discovered a solution yourself, we would appreciate it if you could share it with the community. Thank you!

Adobe Experience Manager Sites & More

403 JFrog - ui.frontend module - build fail issue

Arun Patidar

Arun Patidar

Kautuk Sahni

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe