The rebuild hosted npm metadata task is intended to rebuild package metadata using only the existing tgz package files on disk in storage.
If the tgz file contains a valid package.json that has a version value that contains a "+" <build> portion as part of the version, then the resulting package level metadata will contain Two version entries instead of just one:
1. one that include the complete semantic version string ( unexpected )
2. one that includes the semantic version string without the build portion ( expected)
( see https://semver.org/#backusnaur-form-grammar-for-valid-semver-versions for what build version part is )
- Start with a test package.json in a local dir that includes this valid semantic version 1.0.87-test.1250+43260ff:
- Have an NXRM 2 instance running at with a hosted npm repo at https://localhost:8081/nexus/content/repositories/npmjs-internal - repo version 2.14.13 was used during this test.
- Configure NPM CLI with. suitable credentials
- npm publish --registry https://localhost:8081/nexus/content/repositories/npmjs-internal
- Verify the package metadata retrieved from https://localhost:8081/nexus/content/repositories/npmjs-internal/test-package only contains one version listed as 1.0.87-test.1250 ( not 1.0.87-test.1250+43260ff ) - this is expected and normal, this is exactly how the official registry behaves when deploying a package there with the same version.
- Verify the tarball URL in the package metadata refers to this URL http://localhost:8081/nexus/content/repositories/npmjs-internal/test-package/-/test-package-1230.0.87-test.1250.tgz and that downloading it works.
- Now stop NXRM, and move sonatype-work/nexus/db/npm directory aside.
- Start NXRM and manually run a rebuild hosted npm metadata task against the npmjs-internal repo.
- Now download the package metadata. notice that it references 2 available versions instead of 1 now.
With the following tarball URLs:
Problem: http://localhost:8081/nexus/content/repositories/npmjs-internal/test-package/-/test-package-1.0.87-test.1250+43260ff.tgz will return 404 and should not be present as an available version.
When this type of package metadata is migrated to NXRM 3.33.1 Postgres, the result is
- /repository/npmjs-internal/test-package/-/test-package-1.0.87-test.1250.tgz can be downloaded from NXRM 3
- package metadata at /repository/npmjs-internal/test-package will also list two versions being available ( garbage in and garbage out ) - which is wrong.
Rebuild metadata task should produce metadata versions available in package metadata that match how the package metadata was before it was rebuilt with the task.