Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Won't Fix
-
Affects Version/s: 3.19.1
-
Fix Version/s: None
-
Component/s: NPM
-
Labels:
-
Notability:2
Description
When an npm proxy repository rewrites metadata it seems to set the "latest" dist-tag to the highest semantic version, rather than the "latest" seen on the proxy's remote.
Reproduce steps:
- Create a hosted npm repository with 'allow redeploy', and a proxy of that repository
- Publish 3 versions of a package to the hosted npm repository. I used versions 0.0.1, 0.0.2, and 0.0.3, published in that order
- Fetch the package metadata and all three package tarballs through the proxy.
- Verify that the proxy's metadata has 0.0.3 set as the latest
- Republish version 0.0.2 and delete version 0.0.3 in the hosted repository.
This left me with versions 0.0.2 and 0.0.3 in the hosted repository, with 0.0.2 as the latest.
I expired cache on the proxy, and refetched the metadata.
Version 0.0.3 is seen as the latest in the proxy.
I have attached a complete sonatype-work directory from a 3.19.1 instance that has the hosted and proxy repositories in this state.
Workaround
Delete the cached package from the proxy repository to force the proxy package metadata to be rebuilt from scratch. Using the UI is one way to do that.
Attachments
Issue Links
- is caused by
-
NEXUS-15714 Continue to serve locally cached proxied npm packages that are unpublished on the remote
-
- Closed
-
- is related to
-
NEXUS-15714 Continue to serve locally cached proxied npm packages that are unpublished on the remote
-
- Closed
-
- relates
-
NEXUS-24232 npm package metadata does not get updated when a package tarball is deleted
-
- Closed
-