Nexus 2 (NPM) - HeroDevs Never‑Ending Support

Overview

Nexus 2 lacks Bearer token support and does not provide a way to easily provide basic authentication credentials. Since Nexus doesn’t provide credentials out of the box, and many NES packages have public trials that don’t require authentication, consumers will only see listings for those versions.

To overcome this, the NES Registry will inspect User Agent headings and immediately reject any requests lacking an Authentication header if the string nes-require-auth=basic is found. Nexus can be configured to provide this via the HTTP Request Settings (optional) > User Agent field.

Note

This will append the field to the User Agent header, not replace it.

Authentication Required Configuration

Sonatype Nexus 2 repository configuration showing HTTP Request Settings with User Agent field containing nes-require-auth=basic and authentication credentials configured

Settings

correct password + User Agent

Sonatype Nexus 2 package listing page showing full package versions including non-trial versions like Vue 2.7.20

Result

Full listings, including non-trial/public versions. For example, Vue 2's 2.7.20 (which is an NES-only version number)

Troubleshooting

Determining if Nexus 2 is correctly sending the right information can be tricky. Please review the following steps.

Validate network access

Setup the proxy registry with no credentials and no User Agent
Navigate to nexus/content/repositories/<your_repo>/@neverendingsupport/vue2 and verify that you see the trial versions of vue (publicly available)
Navigate to nexus/content/repositories/<your_repo>/@neverendingsupport/vue2 and note what versions are available, if any.

Validate requiring auth works correctly

Add User Agent, but do not provide authentication (See configurations below)
Navigate to nexus/content/repositories/<your_repo>/@neverendingsupport/vue2 and verify that the request failed.

Verify auth is working

Add User Agent and correct credentials
Navigate to a package you have access to
Validate non-trial versions are present, where they were not
Follow link to an asset (search for .tgz for easy access) and verify download
Observe the listing in nexus/content/repositories/<your_repo>/ should now have packages.
Configure projects to download from your nexus proxy and pull as expected.

Validate requiring authentication without providing credentials fails

Sonatype Nexus 2 repository configuration showing HTTP Request Settings with User Agent field containing nes-require-auth=basic but no authentication credentials provided

Settings

Require auth but not provide it

Sonatype Nexus 2 error page showing authentication failure with blocked_auto status when authentication is required but not provided

Result

Required auth but not provided = failed + blocked_auto

Validate providing incorrect credentials shows public packages

Sonatype Nexus 2 repository configuration showing HTTP Request Settings with User Agent field containing nes-require-auth=basic and incorrect authentication credentials provided

Settings

Require auth, but provide incorrect credentials (password can be anything as long as it's at least 8 characters)

Viewed in localhost

Sonatype Nexus 2 package listing page showing only trial versions of packages when incorrect credentials are provided, with Vue 2.7.20 not appearing in the list

Result

Only -trial versions appear. For instance, in Vue2 search for 2.7.20 (which would only be available in NES)