Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-32035

Repo 2 - outbound HTTP connection leak and broken not found cache when optional npm abbreviated metadata feature is enabled

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Parked
    • Affects Version/s: 2.15.0, 2.15.1
    • Fix Version/s: None
    • Component/s: NPM, Transport
    • Notability:
      2

      Description

      Using 2.15.0 or 2.15.1, enable abbreviated npm metadata feature by adding this line to conf/nexus.properties:

      nexus.npm.abbreviateMetadata=true
      

      Create a proxy repo to official npm registry at https://registry.npmjs.org

      Make more than 20 requests for a package that does not exist:

      #!/bin/bash
      
      for index in {1..40}; do
        curl -H "Accept: application/vnd.npm.install-v1+json; q=1.0, application/json; q=0.8, */*"  "http://localhost:8081/nexus/content/repositories/npm-proxy/@example%2Fdoes-not-exist" -s -w "%{stderr} %{http_code}\n" 1>/dev/null; 
      done
      

      Two problems are noticed:

      1. The outbound http connection pool for the specific proxy repo gets filled and leaks http connections after 20 connections are used.
      2. Even though the remote returns 404 responses, these are never cached despite the fact that the not found cache is enabled and set to 1440 minutes.

      Expected

      Do not leak http connections when the abbreviated metadata feature is enabled. Properly cache 404 responses.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              plynch Peter Lynch
              Last Updated By:
              Rich Seddon Rich Seddon
              Team:
              NXRM - Mad Max
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title