Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-18774

allow scoped NPM package name parts that start with '.' or '_'

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.14.0
    • Fix Version/s: 3.16.0
    • Component/s: NPM
    • Story Points:
      2

      Description

      Currently, Nexus will not proxy NPM packages which begin with a leading '.' or '_'; attempting to pull these results in:

      2019-01-03 11:22:25,450-0800 WARN  [qtp799270832-391]  admin org.sonatype.nexus.repository.npm.internal.NpmHandlers - Error: GET /@angular-toolkit/utils: Status{successful=false, code=400, message='null'} - Name starts with '.' or '_': _
      utils
      java.lang.IllegalArgumentException: Name starts with '.' or '_': _utils
              at com.google.common.base.Preconditions.checkArgument(Preconditions.java:210)
              at org.sonatype.nexus.repository.npm.internal.NpmPackageId.<init>(NpmPackageId.java:63)
              at org.sonatype.nexus.repository.npm.internal.NpmHandlers.packageId(NpmHandlers.java:83)
              at org.sonatype.nexus.repository.npm.internal.NpmProxyFacetImpl.getCachedContent(NpmProxyFacetImpl.java:100)
              at org.sonatype.nexus.repository.proxy.ProxyFacetSupport.maybeGetCachedContent(ProxyFacetSupport.java:342)
              at org.sonatype.nexus.repository.proxy.ProxyFacetSupport.get(ProxyFacetSupport.java:218)
              at org.sonatype.nexus.repository.proxy.ProxyHandler.handle(ProxyHandler.java:50)
              ...

      This aligns with the advice provided by NPM:  https://docs.npmjs.com/files/package.json#name

      "Some rules:

      • The name must be less than or equal to 214 characters. This includes the scope for scoped packages.
      • The name can’t start with a dot or an underscore."

      Unfortunately, packages with such names exist in the NPM registry (http://registry.npmjs.org/@angular-toolkit/_utils ).  Affected customers are therefore prevented from bringing them down through Nexus.  Since the de facto naming restrictions at the NPM registry apparently allow these characters, Nexus should follow suit.

      Expected

      • unscoped package names are not allowed to start with underscore or period
      • a scope is part of the complete package name, so the non-scoped name part of a scoped package name is allowed to start with a period or a dot
      • current package name validation logic should reference the official npm validation logic

        Attachments

          Activity

            People

            • Assignee:
              pkundra Parul Kundra
              Reporter:
              jkruger John Kruger
              CC:
              Marco Morado
              Last Updated By:
              Parul Kundra
              Team:
              NXRM - Cypher
            • Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Date of First Response: