Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-29477

deleting the current "latest" tgz version from an NPM hosted repo removes the latest tag instead of replacing it with newest published version

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 3.36.0
    • Fix Version/s: 3.38.0
    • Component/s: NPM
    • Labels:
    • Story Points:
      3
    • Sprint:
      NXRM MadMax Sprint 26
    • Notability:
      2
    • InvestmentLayer:
      support-escalated
    • Aha Concept:
      non-concept

      Description

      SYMPTOM:

      Can't download the asset after removing one version of an NPM component from a NPM hosted repository.

      REPRODUCE STEPS:

      1. Create a npm hosted repository: npm-hosted
      2. Create and publish "mytest" with version 1.0.0, 1.1.0, 1.2.0 
        # Change below to your Nexus npm hosted repository URL:
_NXRM_URL="http://dh1:8081/repository/npm-hosted"
mkdir -v mytest; cd mytest
cat << EOF > ./package.json
{
    "author": "nxrm test",
    "description": "reproducing issue",
    "keywords": [],
    "license": "ISC",
    "main": "index.js",
    "name": "mytest",
    "publishConfig": {
        "registry": "${_NXRM_URL}"
    },
    "scripts": {
        "test": "echo \"Error: no test specified\" && exit 1"
    },
    "version": "1.0.0"
}
EOF
for i in {0..2}; do
  sed -i.tmp -E 's/"version": "1.[0-9].0"/"version": "1.'${i}'.0"/' ./package.json
  npm publish --registry "${_NXRM_URL}" -ddd || break
  sleep 1
done
cd -
      3. Make sure "npm pack mytest" downloads v1.2.0 
        npm pack mytest --registry "${_NXRM_URL}"
      4. From your browser, go to mytest/mytest-1.2.0.tgz, and click [ Delete asset ], or delete with curl 
        curl -u admin:admin123 -X DELETE ${_NXRM_URL%/}/mytest/-/mytest-1.2.0.tgz
      5. Try "npm pack mytest" again 
        npm cache clean --force
npm pack mytest --registry "${_NXRM_URL}"

      EXPECTED BEHAVIOUR:

      The "npm pack mytest" should download v1.1.0.

      NPM package metadata MUST ALWAYS have a latest tag according to package metadata docs, the full package metadata format, under the dist-tags section , "Every package will have a latest tag defined"

      ACTUAL BEHAVIOUR:

      npm ERR! code ETARGET
npm ERR! notarget No matching version found for mytest@latest.
npm ERR! notarget In most cases you or one of your dependencies are requesting
npm ERR! notarget a package version that doesn't exist.

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/testuser/.npm/_logs/2021-11-08T05_15_16_193Z-debug.log

      Also, the dist-tags in the metadata is empty:

      POTENTIAL CAUSE:

      When an asset is deleted from a NPM component, can't find any metadata recreate method such as NpmPackageRootMetadataUtils#createFullPackageMetadata is used.

        Attachments

          Activity

            People

            Assignee:
            mkalachov Maksym Kalachov [X] (Inactive)
            Reporter:
            hosako Hajime Osako
            Last Updated By:
            Nicholas Blair Nicholas Blair
            Team:
            NXRM - Mad Max
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Date of First Response:

                tigCommentSecurity.panel-title