Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-29477

deleting the current "latest" tgz version from an NPM hosted repo removes the latest tag instead of replacing it with newest published version

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 3.36.0
    • Fix Version/s: 3.38.0
    • Component/s: NPM
    • Labels:
    • Story Points:
      3
    • Sprint:
      NXRM MadMax Sprint 26
    • Notability:
      2
    • InvestmentLayer:
      support-escalated

      Description

      SYMPTOM:

      Can't download the asset after removing one version of an NPM component from a NPM hosted repository.

      REPRODUCE STEPS:

      1. Create a npm hosted repository: npm-hosted
      2. Create and publish "mytest" with version 1.0.0, 1.1.0, 1.2.0
        # Change below to your Nexus npm hosted repository URL:
        _NXRM_URL="http://dh1:8081/repository/npm-hosted"
        mkdir -v mytest; cd mytest
        cat << EOF > ./package.json
        {
            "author": "nxrm test",
            "description": "reproducing issue",
            "keywords": [],
            "license": "ISC",
            "main": "index.js",
            "name": "mytest",
            "publishConfig": {
                "registry": "${_NXRM_URL}"
            },
            "scripts": {
                "test": "echo \"Error: no test specified\" && exit 1"
            },
            "version": "1.0.0"
        }
        EOF
        for i in {0..2}; do
          sed -i.tmp -E 's/"version": "1.[0-9].0"/"version": "1.'${i}'.0"/' ./package.json
          npm publish --registry "${_NXRM_URL}" -ddd || break
          sleep 1
        done
        cd -
        
      3. Make sure "npm pack mytest" downloads v1.2.0
        npm pack mytest --registry "${_NXRM_URL}"
        
      4. From your browser, go to mytest/mytest-1.2.0.tgz, and click [ Delete asset ], or delete with curl
        curl -u admin:admin123 -X DELETE ${_NXRM_URL%/}/mytest/-/mytest-1.2.0.tgz
        
      5. Try "npm pack mytest" again
        npm cache clean --force
        npm pack mytest --registry "${_NXRM_URL}"
        

      EXPECTED BEHAVIOUR:

      The "npm pack mytest" should download v1.1.0.

      NPM package metadata MUST ALWAYS have a latest tag according to package metadata docs, the full package metadata format, under the dist-tags section , "Every package will have a latest tag defined"

      ACTUAL BEHAVIOUR:

      npm ERR! code ETARGET
      npm ERR! notarget No matching version found for mytest@latest.
      npm ERR! notarget In most cases you or one of your dependencies are requesting
      npm ERR! notarget a package version that doesn't exist.
      
      npm ERR! A complete log of this run can be found in:
      npm ERR!     /home/testuser/.npm/_logs/2021-11-08T05_15_16_193Z-debug.log
      

      Also, the dist-tags in the metadata is empty:

      POTENTIAL CAUSE:

      When an asset is deleted from a NPM component, can't find any metadata recreate method such as NpmPackageRootMetadataUtils#createFullPackageMetadata is used.

        Attachments

          Activity

            People

            Assignee:
            mkalachov Maksym Kalachov
            Reporter:
            hosako Hajime Osako
            Last Updated By:
            Michael Oliverio Michael Oliverio
            Team:
            NXRM - Mad Max
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Date of First Response:

                tigCommentSecurity.panel-title