Npm user token fails on organization level runner

[victor77dev]

Select Topic Area

Question

Body

Hi, we face a problem that the workflow to publish npm package to github package registry using self hosted runner.

When we run the workflow on a mac runner which added in the repo, it works fine. But when we run the workflow on other linux runners set in the organization doesn't work.

When checking with npm whoami --registry=https://npm.pkg.github.com/, on the mac runner added in the repo returns github-actions[bot], which is expected. With that, all the npm install and npm publish in workflow works fine.

But when we check on the linux runners added in organization level, same workflow with checking npm whoami --registry=https://npm.pkg.github.com/ returns error

npm ERR! code E400
npm ERR! 400 Bad request - GET https://npm.pkg.github.com/-/whoami

In detailed npm log doesn't find further useful info

22 verbose argv "whoami" "--registry" "https://npm.pkg.github.com/"
23 timing npm:load:setTitle Completed in 0ms
24 timing npm:load:display Completed in 1ms
25 verbose logfile logs-max:10 dir:/root/.npm/_logs/2024-11-22T16_09_39_125Z-
26 verbose logfile /root/.npm/_logs/2024-11-22T16_09_39_125Z-debug-0.log
27 timing npm:load:logFile Completed in 12ms
28 timing npm:load:timers Completed in 0ms
29 timing npm:load:configScope Completed in 0ms
30 timing npm:load Completed in 45ms
31 silly logfile start cleaning logs, removing 3 files
32 silly logfile done cleaning log files
33 http fetch GET 400 https://npm.pkg.github.com/-/whoami 151ms (cache skip)
34 timing command:whoami Completed in 153ms
35 verbose stack HttpErrorGeneral: 400 Bad request - GET https://npm.pkg.github.com/-/whoami
35 verbose stack     at /opt/hostedtoolcache/node/20.11.0/x64/lib/node_modules/npm/node_modules/npm-registry-fetch/lib/check-response.js:95:15
35 verbose stack     at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
35 verbose stack     at async module.exports (/opt/hostedtoolcache/node/20.11.0/x64/lib/node_modules/npm/lib/utils/get-identity.js:14:26)
35 verbose stack     at async Whoami.exec (/opt/hostedtoolcache/node/20.11.0/x64/lib/node_modules/npm/lib/commands/whoami.js:10:22)
35 verbose stack     at async module.exports (/opt/hostedtoolcache/node/20.11.0/x64/lib/node_modules/npm/lib/cli-entry.js:61:5)
36 verbose statusCode 400

Together with that, the npm publish also got this 400 error.

Is there any difference or extra configuration on Organization-Level runners need to do so the token for github package npm registry works fine? Or is that related to Linux? Or any other reasons?

Thanks a lot!

[victor77dev]

We noticed the problem only happens in node 20.11.0.