Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-18095

corrupt cached npm metadata in a remote repo doesn't update from upstream

    Details

    • Type: Bug
    • Status: Pending QA
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: 5.11.2, 6.5.9
    • Fix Version/s: None
    • Component/s: NPM
    • Labels:
    • Sprint:
      Pam - Quality 7

      Description

      If the cached metadata of a package is not valid json, the metadata will never update, even with Metadata Retrieval Cache Period set to 0 or zapping the cache. You must delete the cached version for the correct file to be pulled from upstream.

      We can see in the general tab that the checksum uploaded does not match the actual:

      Uploaded checksum doesn't match the actual checksum. Please redeploy the artifact with a correct checksum.If you trust the uploaded artifact you can accept the actual checksum by clicking the 'Fix Checksum' button.

      Trying to pull the package from instance A with the npm client will fail with a 404 not found, and will show the following in the logs of instance A:

      Error while parsing the response of a remote npm JSON query on 'http://mill.jfrog.info:12034/artifactory/api/npm/npm-test/test': Unexpected character ('<' (code 60)): expected a valid value (number, String, array, object, 'true', 'false' or 'null')

      If a remote repo detects that the cached package's actual checksum does not match the uploaded checksum, it should always pull from the upstream.

       

      Steps to reproduce:

      -Have two instances A and B

      -set up a npm remote repo on instance A (with Metadata Retrieval Cache Period set to ) to proxy a npm ocal repo on instance B

      -have instance A cache package and metadadta from instance B

      -in the file store, "corrupt" the package.json for the package by replacing the contents of the sha1 file with html

      -try to resolve the package from instance A with the npm client, see it 404s. If you try to view the metadata at api/npm/<npmrepo>/<packageName>, it will say could not parse metadata. 

      -The metadata will not update from the upstream until you delete it from the cache.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                andreik Andrei Komarov
                Reporter:
                mattheww Matthew Wang
              • Votes:
                7 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated: