Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-27266

NPM group repo caching incorrect metadata

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: New
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.30.0
    • Fix Version/s: None
    • Component/s: NPM
    • Labels:
    • Notability:
      3

      Description

      At times some version of some package from a proxied external NPM repository gets reported as "No matching version found" and the build fails. This happens for packages from "https://registry.npmjs.org/" which we have locally proxied as "npm-registry.npmjs.org-proxy". "npm-registry.npmjs.org-proxy" is a member of the repository group "npm-group" by which we normally obtain our external NPM packages during a build.

      This issue is intermittent.

      When this situation occurs for any particular package version, if we try to obtain the package by direct reference to the proxy repository it works fine.

       

      Below is an example of old metadata being returned:

       

      1.2.3.4 - - [01/Apr/2021:10:57:41 +0200] "GET /repository/npm-group/ng-mocks HTTP/1.1" 200 - 118779 104 "npm/6.14.6 node/v12.18.4 linux x64" [qtp459008848-33485]

      Even though we can see an outbound  request was made with 304 being returned:

      2021-04-01 10:57:41,612+0200 DEBUG [qtp459008848-33485]  *UNKNOWN org.sonatype.nexus.repository.npm.internal.orient.OrientNpmProxyFacet - Fetching: GET https://registry.npmjs.org/ng-mocks HTTP/1.1

      2021-04-01 10:57:41,693+0200 DEBUG [qtp459008848-33485]  UNKNOWN org.sonatype.nexus.repository.npm.internal.orient.OrientNpmProxyFacet - Response: HttpResponseProxy{HTTP/1.1 *304 Not Modified [Date: Thu, 01 Apr 2021 08:57:41 GMT, CF-Ray: 63909c83589a0d4e-ARN, Age: 2483, Cache-Control: public, max-age=300, ETag: "b502f1b8ad558e16f10c09c7f83e62f7", Last-Modified: Sun, 14 Mar 2021 08:46:39 GMT, Vary: Accept-Encoding, CF-Cache-Status: HIT, cf-request-id: 092e40261400000d4e2bbbc000000001, Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct", Server: cloudflare, Connection: Keep-Alive, Set-Cookie: __cfduid=d97e778603fe0bbd83acb59a6f9b2c5fd1617267461; expires=Sat, 01-May-21

       

      When group gave correct metadata the ETAG was was the same.

      1.2.3.4 - - [01/Apr/2021:15:22:58 +0200] "GET /repository/npm-group/ng-mocks HTTP/1.1" 200 - 679142 1014 "npm/6.14.6 node/v12.18.4 linux x64" [qtp459008848-34864]

       

      2021-04-01 15:22:58,163+0200 DEBUG [qtp459008848-34864]  *UNKNOWN org.sonatype.nexus.repository.npm.internal.orient.OrientNpmProxyFacet - Response: HttpResponseProxy

      Unknown macro: {HTTP/1.1 304 Not Modified [Date}

      So the issue is that the ETAG was correct, but what was stored at group cache was incorrect. What is cached at group and proxy is different 

      Removing "npm-registry.npmjs.org-proxy" from "npm-group", then restoring the membership and requesting the package again, now the package resolves and subsequent builds are successful.

       

       

       

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            msurani Mahendra Surani
            Last Updated By:
            Michael Oliverio Michael Oliverio
            Votes:
            3 Vote for this issue
            Watchers:
            6 Start watching this issue

              Dates

              Created:
              Updated:
              Date of First Response:

                tigCommentSecurity.panel-title