diff --git a/lib/index.js b/lib/index.js index 12dca97e1..01d978bb3 100644 --- a/lib/index.js +++ b/lib/index.js @@ -19,10 +19,17 @@ module.exports = function(config_hash) { if (config['allow_'+action](req.params.package, req.remoteUser)) { next(); } else { - next(new UError({ - status: 403, - msg: 'user '+req.remoteUser+' not allowed to '+action+' it' - })); + if (req.remoteUser === 'anonymous') { + next(new UError({ + status: 403, + msg: "can't "+action+" restricted package without auth, did you forget 'npm set always-auth true'?", + })); + } else { + next(new UError({ + status: 403, + msg: 'user '+req.remoteUser+' not allowed to '+action+' it' + })); + } } }; };