Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-20008

npm-registry plugin fails to merge metadata of different types, causes java.lang.StackOverflowError

    Details

      Description

      Update to version 3.16.1 triggered a java.lang.StackOverflowError when trying to fetch the metadata of a NPM dependency, with our repository configuration. 

      Configuration:

      • npm-all = group

      Scanning order

      Repositories in the group are defined in the order above. The first thing I found out is that the list is processed in reverse order: https://github.com/sonatype/nexus-public/blob/master/plugins/nexus-repository-npm/src/main/java/org/sonatype/nexus/repository/npm/internal/NpmGroupFacet.java#L261

      This seems to behaves agains what is documented here: https://help.sonatype.com/learning/repository-manager-3/first-time-installation-and-setup/lesson-3%3A-creating-and-managing-repository-groups

       

      When adding members to your group, we recommend you order your hosted repositories at the top, above your proxies. In common snapshot scenarios, your team will develop internal, hosted components then upload each improvement to the repository manager. Each time a request for a version is made, its retrieval is faster if organized in sequential order.

       

      The Issue

      After some debugging, I found that the "author" field was filled with a self-reference to the whole metadata in a NestedAttributesMap object. 

      From npm-other-org, the "author" field was defined as the following:

       

      "author" : "Yehuda Katz"
      

      from npm-registry, the "author" field is defined as the following:

       

      "author": {     
          "name": "Yehuda Katz" 
      }
      

      Both formats are valid according to https://docs.npmjs.com/files/package.json#people-fields-author-contributors

       

      The recursive object structure can be reproduced with NpmMergeObjectMapperTest with the attached patch over 3.16.1 source.

       

       

        Attachments

          Activity

            People

            Assignee:
            moncef Moncef Ben-Soula
            Reporter:
            glavoie Gabriel Lavoie
            Last Updated By:
            Michael Prescott Michael Prescott
            Team:
            NXRM - Cypher
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Date of First Response:

                tigCommentSecurity.panel-title