Details
-
Type:
Improvement
-
Status: New
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: 2.14.19, 3.25.1
-
Fix Version/s: None
-
Labels:
-
Notability:4
Description
Routing rules can be used to control which npm packages can be downloaded through a proxy repository. However, they cannot be used to block download of npm metadata requests. For instance, you can block download of:
https://localhost/repository-npm-proxy/someproject/-/someproject-1.0.0.tgz
But you cannot block download of:
https://localhost/repository-npm-proxy/someproject
For better or worse, most npm builds are configured to always pull the latest versions of components. Because you can't block download of metadata via routing, you'll end up with a broken build if the latest version is in the metadata, but blocked by routing.