Affects Version/s: None
Fix Version/s: None
Currently we are using the referer header of the npm install to decide weather to return the full metadata or a shorter version.
This should be changed to the referer header.
You can request package metadata from this endpoint:
The registry responds with a JSON-formatted string containing metadata for the package named, either in full or abbreviated form depending on what you request in the Accept header. If you provide no Accept header, the full document is returned. To request an abbreviated document with only the fields required to support installation, set the Accept header in your request to the following string:
A more typical accept header might request json as a fallback, like this:
application/vnd.npm.install-v1+json; q=1.0, application/json; q=0.8, /
Example of request headers the client actually send on install:
You can try removing the accept header and see the response is getting larger.
Please see that we comply with the same response format with npm official registry for the short version.