Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-15714

Continue to serve locally cached proxied npm packages that are unpublished on the remote

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.7.1, 3.11.0, 3.12.0
    • Fix Version/s: 3.13.0
    • Component/s: NPM
    • Labels:

      Description

      It is rare, but technically unpublishing npm packages is possible at a remote npm registry.

      When Nexus is proxying a remote npm repository, a specific package version may get locally cached. Then the remote may unpublish that same package, thus altering the package metadata which lists the versions of the package at the remote site.

      The next time Nexus gets the remote metadata for that package, the metadata is replaced, not merged, with its own local metadata. See https://issues.sonatype.org/browse/NEXUS-8624.

      If metadata age is set as -1, then Nexus will never get new metadata, so will not know about new versions that get published.

      If it is set to anything greater, then the new metadata from the remote may get downloaded and will not refer to the already locally cached package, it will replace the local metadata and Nexus will not serve the already cached unpublished package to inbound requests.

      There is a use case for continuing to serve the already cached package, if we have a project depending on that package, we don't want our project to be affected if this module is unpublished at the remote.

      Nexus should also provide an option to continue serving the cached packages, while at the same time have a method to reconcile packages/metadata which are explicitly deleted from the local cache or remote site.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jstephens Joseph Stephens
              Reporter:
              rseddon Rich Seddon
              Last Updated By:
              Peter Lynch
              Team:
              Nexus - Formats
              Votes:
              5 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title