bun install fails on a fresh clone — bun.lock resolves to a non-public registry

[quinnypig]

Summary

A clean clone of main can't bun install — every dependency download returns 401 Unauthorized. This blocks external contributors and fork CI.

Repro

git clone https://github.com/bee-computer/bee-cli.git
cd bee-cli
bun install

error: GET https://…codeartifact…amazonaws.com/npm/shared/typescript/-/typescript-5.9.3.tgz - 401
error: GET https://…codeartifact…amazonaws.com/npm/shared/date-fns/-/date-fns-4.1.0.tgz - 401
… (all 43 deps)

Cause

Every resolved URL in the committed bun.lock points at a private AWS CodeArtifact registry rather than registry.npmjs.org. Bun honors the lockfile's resolved URLs, so it hits that host regardless of the consumer's --registry / .npmrc / bunfig config. Outside contributors have no credentials for it → 401. (A local npm config get registry of registry.npmjs.org makes no difference.)

Impact

No one outside your network can install deps, build, or run the test suite from a clean checkout — effectively closing off PRs and fork CI.

Suggested fix

Regenerate the lockfile against the public registry (clean env pointed at registry.npmjs.org, rm bun.lock && bun install) and commit. A minimal CI job that runs bun install with no private registry config would catch regressions.

Note

The resolved URLs also embed internal registry/account details; you may prefer to scrub those from history rather than just overwrite the lockfile.

[etown]

Sorry, fixed.