Details
-
Type:
Bug
-
Status: New
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: 3.9.0, 3.24.0
-
Fix Version/s: None
-
Component/s: NPM
-
Labels:
-
Notability:3
Description
It has been reported that Artifactory instances may serve npm package metadata that contains tarball URLs of this form:
https://example.com/jquery/-/jquery-3.5.1.tgz?dl=https%3A%2F%2Fregistry.npmjs.org%2Fjquery%2F-%2Fjquery-3.5.1.tgz
When one creates an NPM proxy repository to such a remote registry serving this type of package metadata, NXRM will not properly resolve the available package versions. Valid package versions listed in the package metadata file will return 404 from NXRM.
When the most recent available NPM CLI at the time of this report ( 6.14.5) receives such package metadata, the CLI is able to work with URLs of this form.
Expected
Properly locate and serve available versions of packages despite their tarball URLs containing query data.
Workaround
NXRM 2 is able to proxy npm packages with tarball urls with query params. One could use this type of proxying setup: NXRM 3 -> NXRM 2 -> Remote serving query data URLs