Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-24823

It should be possible to block npm metadata with routing rule

    Details

    • Type: Improvement
    • Status: New
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 2.14.19, 3.25.1
    • Fix Version/s: None
    • Component/s: NPM, Routing
    • Labels:
    • Notability:
      4

      Description

      Routing rules can be used to control which npm packages can be downloaded through a proxy repository.  However, they cannot be used to block download of npm metadata requests. For instance, you can block download of:

      https://localhost/repository-npm-proxy/someproject/-/someproject-1.0.0.tgz

      But you cannot block download of:

      https://localhost/repository-npm-proxy/someproject

      For better or worse, most npm builds are configured to always pull the latest versions of components. Because you can't block download of metadata via routing, you'll end up with a broken build if the latest version is in the metadata, but blocked by routing.

       

       

       

       

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            rseddon Rich Seddon
            Last Updated By:
            Peter Lynch Peter Lynch
            Votes:
            2 Vote for this issue
            Watchers:
            8 Start watching this issue

              Dates

              Created:
              Updated:
              Date of First Response:

                tigCommentSecurity.panel-title