Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-12916

Artifactory should either reject NPM packages with non-semver versions or discard the corrupted package.json

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Priority: 4 - Normal
    • Resolution: Done
    • Affects Version/s: 4.14.2
    • Fix Version/s: 6.11.0
    • Component/s: NPM
    • Labels:
      None
    • Severity:
      Medium

      Description

      A package with a corrupted version (i.e 1.0.0b, for example) will produce an error during metadata calc and will result in the offending package not having a corresponding .npm/<package>/package.json file (providing that the corrupted version is the only version of this package). This currently causes an exception during metadata calc when we try to write the package.json of the corresponding package. The absence of the package.json will also result in the the package not being indexed in the .npm/all.json file.

      The npmjs registry remidiates this by correcting the version (i.e 1.0.0b becomes 1.0.0-b) and the package continues to be installable.

      Ideally, Artifactory should be able to either do the same, or at least reject the deployment of the corrupt package.

      Reproduction:
      1.npm init with some non semver version (e.g 1.0.0b)
      2.npm publish this package to artifactory
      3.Notice a line in the log that says "2016-11-28 19:58:27,783 [art-exec-5883] [WARN ] (o.j.r.n.u.NpmUtils :94) Failed validating version: '1.0.1b' of package: 'foo': null
      "
      4.Notice that artifactory keeps the corrupt package.json in ~/.npm/<package>/<package>-1.0.0b.json, but also creates (or extracts?) a corrected one named "<package>-1.0.0-b.json".

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              barh Bar Haim
              Reporter:
              uriahl Uriah Levy
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Sync Status

                  Connection: RTFACT Sync
                  RTMID-12916 -
                  SYNCHRONIZED
                  • Last Sync Date: