Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-12304

`npm publish` on an already published package version does not update all changed package metadata

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.14.2, 3.2.0
    • Fix Version/s: 3.4.0
    • Component/s: NPM
    • Labels:

      Description

      I use the Nexus Repository for private NPM repository with allow-redeploy enabled. And the problem is that the system is not deleting dependencies in package.json at same module version number republished.

      For example:
      I have published package at version 0.0.2-SNAPSHOT
      http://localhost:8081/nexus/content/repositories/npm-private/fooPackage/

      I will get the metadata descriptor:

      "versions": {
      	"0.0.1": xxx,
      	"0.0.2-SNAPSHOT": {
      		"name": "fooPackage",
      	},
      	"dependencies": {
      		"dependencyA": "1.0.0",
      		"dependencyB": "1.0.0"
      	},
      }
      

      Then i will change dependencies for version 0.0.2-SNAPSHOT to this

      "dependencies": {
      	"dependencyA": "2.0.0"
      }
      

      after npm publish I will get from http://localhost:8081/nexus/content/repositories/npm-private/fooPackage/

      "versions": {
      	"0.0.1": xxx,
      	"0.0.2-SNAPSHOT": {
      		"name": "fooPackage",
      	},
      	"dependencies": {
      		"dependencyA": "2.0.0", - incremented,OK
      		"dependencyB": "1.0.0" - should be deleted,NOK
      	},
      }
      

      I replicated this bug at latest docker images sonatype/nexus:oss and sonatype/nexus3.

      I know that republishing in NPM is considered as an anti-pattern. But you are allowing this option in private repo and it is very usefull, because we using the snapshot versions in development cycle at it is a bit pain to change the version everytime if there is any update in snapshot.

      I'm using this as a workaround now : https://support.sonatype.com/hc/en-us/articles/221433608-Deleting-a-specific-npm-package-version-in-Nexus-Repository-Manager-2-x

      Thanks

        Attachments

          Activity

            People

            Assignee:
            jstephens Joseph Stephens
            Reporter:
            aizerin Lukáš Sulík
            Last Updated By:
            Peter Lynch
            Team:
            Nexus - Formats
            Votes:
            3 Vote for this issue
            Watchers:
            8 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Date of First Response:

                tigCommentSecurity.panel-title