Description

At our workspace we use custom yarn registry which requires basic auth. We don't specify user:password in the registry url in our custom .yarnrc, and the basic auth credentials are in .npmrc. This setup's been working for normal npm/yarn commands outside jupyterlab.

When we run "jupyter labextension install xxx", we get error like Failed to fetch package metadata for 'xxx': <HTTPError 404: ''>, while the extension actually gets install by yarn/npm. Looks like on the python side there is some additional logic in jupyterlab.commands module that tries to get package metadata from the registry

, and this logic causes the 404 error. jupyterlab.commands uses urllib.request.Request. While urllib.request.Request itself is possible to support basic auth, like via urllib.request.HTTPBasicAuthHandler or request header, the jupyterlab.commands logic does not use urllib.request.Request that way. So in our case we always get error from jupyterlab.commands.

As mentioned we see the issue does not really prevent the extension from being installed, probably because that jupyterlab.commands's logic is separate from the logic that really installs the extension via yarn. But I wonder what the use is of this jupyterlab.commands logic, and if jupyterlab can support basic auth yarn registry.

Context

• JupyterLab version: 3.0.10