npm install fails due to missing authentification token. This occurs with v1.4.0 and not v1.3.0

1. git checkout v1.4.0 (which is also origin/main currently)
2. npm install

401 Unauthorized - GET https://npm.pkg.github.com/@la-jarre-a-son%2fui - authentication token not provided

Hello @piazic
I did not think anoyone was building MIDI Jar themself so i did not make the ui public.

I'll put the package on public, i think you will need to register your Github token to npm to install @la-jarre-a-son/ui package.
https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-npm-registry#authenticating-with-a-personal-access-token

Hello @ArTiSTiX

Thanks for the quick reply!

I'm getting Permission permission_denied: The token provided does not match expected scopes.
But the token was generated with "repo" permissions.

@piazic can you retry plz ?

Permissions were inherited from repository (which i would like to keep private), if i cannot let this package be publicly available to everyone, i may have to add you specifically.

I've retried just now and still getting the same error message.

@piazic ah sorry, didn't catch the token scope you mentioned.
I suppose your personal token must have the read:packages scope permission. repo will be not enough.
You can generate a new one here: https://github.com/settings/tokens

Many thanks, I was able to access and run the new version.

I had to use python < 3.12 as distutils is still used.
Then I was getting an error:
midi-jar\node_modules\nlf\lib\compare-module-names.js:30 return compareVersions(module1.version, module2.version); ^ TypeError: compareVersions is not a function
which I've fixed by changing to
return compareVersions.compare(module1.version, module2.version, "<=");

@piazic Cool !

I had to use python < 3.12 as distutils is still used. Then I was getting an error: midi-jar\node_modules\nlf\lib\compare-module-names.js:30 return compareVersions(module1.version, module2.version); ^ TypeError: compareVersions is not a function which I've fixed by changing to return compareVersions.compare(module1.version, module2.version, "<=");

What's your environment ?

I forked a fork of nlf (original package was not up-to-date, and audit reported critical security issues), so i might have to open a PR to fix this.

I'm on Windows 11
npm 10.2.0
node 18.18.0

npm --list shows

+-- nlf@2.1.1 (git+ssh://git@github.com/la-jarre-a-son/nlf.git#ce2904ea7e2000e881e5b4eb199d56c4713653b2)
| +-- archy@1.0.0
| +-- commander@9.5.0 invalid: "2.19.0" from node_modules/nlf
| +-- compare-versions@5.0.3 invalid: "3.4.0" from node_modules/nlf
| +-- glob-all@3.3.1 invalid: "3.1.0" from node_modules/nlf

Something's wrong in my config then?

Edit: after npm update, looks better but npm list log still shows

42 error invalid: commander@9.5.0 midi-jar\node_modules\nlf\node_modules\commander
42 error invalid: compare-versions@5.0.3 midi-jar\node_modules\nlf\node_modules\compare-versions
42 error invalid: glob-all@3.3.1 midi-jar\node_modules\glob-all
42 error invalid: snyk-resolve-deps@4.7.3 midi-jar\node_modules\snyk-resolve-deps
42 error invalid: dmg-license@ midi-jar\node_modules\dmg-license

(and install still fails to compile without my change in nlf code)

Hezllo @piazic,

I encountered the same issue, and on my side, it was the nlf package not being up to date in npm 🤷‍♂️.
For some reason, even if it was supposed to be my fork, npm was using the original package.

I switched for a published fork (on github's registry, same as other packages i needed to fork), maybe it fixed the issue for you too.

Concerning the distutils issue, yup, i had the issue too, you can simply pip install setuptools, until all node packages depending on node-gyp are up-to-date (in my case i think this is some dependency from electron that requires node-gyp ^9, so i may upgrade at one time).

Thanks @ArTiSTiX !