Do not install forge cli with pnpm

Forge
1

Just sharing this in case it helps someone avoid hours of frustration.

If you’ve installed the Forge CLI using pnpm and you see this when trying to log in:

$ forge login
Log in to your Atlassian account
Press Ctrl+C to cancel.

? Enter your email: sh....

Next, enter your Atlassian API token. If you don't have a token, visit this URL to create one:

? Enter your Atlassian API token: [hidden]

✕ Logging you in...

Error: The CLI couldn't securely store your login credentials in a local keychain. Ensure you enable access to the macOS keychain when prompted. If a local keychain is not available, use environment variables before trying again.

:collision: The problem is pnpm breaks native module resolution for keytar, which Forge uses to store credentials in the macOS keychain.

:white_check_mark: Fix

Uninstall the Forge CLI from pnpm:

pnpm remove -g @forge/cli

Then reinstall it with npm instead:

npm install -g @forge/cli

That fixes the keychain integration, and forge login works as expected.

:pushpin: Related

I reported the root cause in the pnpm repo:
:link: keytar not found · Issue #9623 · pnpm/pnpm · GitHub

Hope this saves someone a few hours of debugging :slightly_smiling_face:

5 Likes
2

We have several Forge projects using pnpm successfully.

You can just add to your package.json the following :

"pnpm": {
    "ignoredBuiltDependencies": [],
    "onlyBuiltDependencies": [
      "@forge/cli",
      "cloudflared",
      "core-js",
      "esbuild",
      "keytar"
    ]
  }
4 Likes
3

Alright even better… Thx

4

From our experience, pnpm is such a relief compare to classic npm.

  • faster
  • more reliable
  • handles conflicts better
5

For some reason i don’t like to have global installations but prefer the “live” version granted by npx (pnpx), as such i’ve further digged and found this solution:

// this allows login
pnpx --allow-build=keytar --allow-build=cloudflared @forge/cli login

// this allows tunnel
pnpx --allow-build=keytar --allow-build=cloudflared @forge/cli tunnel -e Development

// this alias in .zshrc makes the dream come true
alias forge=‘pnpx --allow-build=keytar --allow-build=cloudflared @forge/cli’

Hope somebody finds this useful

6

Just found this thread because I have experienced the same problem The CLI couldn't securely store your login credentials in a local keychain but even when installing the Forge CLI using npm. This thread here pointed into a direction that helped me to fix my situation, so I want to share it here as well in case anyone else experiences this.

The reason was that I had ignore-scripts=true in my ~/.npmrc file, then this will block the postinstall script in the keytar package which downloads a certain build file for your system. Since there’s no allowlist feature for this setting in npm, you either have to temporarily disable the ignore-scripts flag or use pnpm instead as discussed above.

2 Likes