Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-27266

NPM group repo caching incorrect metadata



    • Type: Bug
    • Status: New
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.30.0
    • Fix Version/s: None
    • Component/s: NPM
    • Labels:
    • Notability:


      At times some version of some package from a proxied external NPM repository gets reported as "No matching version found" and the build fails. This happens for packages from "https://registry.npmjs.org/" which we have locally proxied as "npm-registry.npmjs.org-proxy". "npm-registry.npmjs.org-proxy" is a member of the repository group "npm-group" by which we normally obtain our external NPM packages during a build.

      This issue is intermittent.

      When this situation occurs for any particular package version, if we try to obtain the package by direct reference to the proxy repository it works fine.


      Below is an example of old metadata being returned:

      - - [01/Apr/2021:10:57:41 +0200] "GET /repository/npm-group/ng-mocks HTTP/1.1" 200 - 118779 104 "npm/6.14.6 node/v12.18.4 linux x64" [qtp459008848-33485]

      Even though we can see an outbound  request was made with 304 being returned:

      2021-04-01 10:57:41,612+0200 DEBUG [qtp459008848-33485]  *UNKNOWN org.sonatype.nexus.repository.npm.internal.orient.OrientNpmProxyFacet - Fetching: GET https://registry.npmjs.org/ng-mocks HTTP/1.1

      2021-04-01 10:57:41,693+0200 DEBUG [qtp459008848-33485]  UNKNOWN org.sonatype.nexus.repository.npm.internal.orient.OrientNpmProxyFacet - Response: HttpResponseProxy{HTTP/1.1 *304 Not Modified [Date: Thu, 01 Apr 2021 08:57:41 GMT, CF-Ray: 63909c83589a0d4e-ARN, Age: 2483, Cache-Control: public, max-age=300, ETag: "b502f1b8ad558e16f10c09c7f83e62f7", Last-Modified: Sun, 14 Mar 2021 08:46:39 GMT, Vary: Accept-Encoding, CF-Cache-Status: HIT, cf-request-id: 092e40261400000d4e2bbbc000000001, Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct", Server: cloudflare, Connection: Keep-Alive, Set-Cookie: __cfduid=d97e778603fe0bbd83acb59a6f9b2c5fd1617267461; expires=Sat, 01-May-21


      When group gave correct metadata the ETAG was was the same. - - [01/Apr/2021:15:22:58 +0200] "GET /repository/npm-group/ng-mocks HTTP/1.1" 200 - 679142 1014 "npm/6.14.6 node/v12.18.4 linux x64" [qtp459008848-34864]


      2021-04-01 15:22:58,163+0200 DEBUG [qtp459008848-34864]  *UNKNOWN org.sonatype.nexus.repository.npm.internal.orient.OrientNpmProxyFacet - Response: HttpResponseProxy

      Unknown macro: {HTTP/1.1 304 Not Modified [Date}

      So the issue is that the ETAG was correct, but what was stored at group cache was incorrect. What is cached at group and proxy is different 

      Removing "npm-registry.npmjs.org-proxy" from "npm-group", then restoring the membership and requesting the package again, now the package resolves and subsequent builds are successful.







            Unassigned Unassigned
            msurani Mahendra Surani
            Last Updated By:
            Michael Oliverio Michael Oliverio
            3 Vote for this issue
            6 Start watching this issue


              Date of First Response: