Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-20082

NPM dependency metadata caching



    • Type: New Feature
    • Status: Open
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: NPM, Remote Repository
    • Labels:


      With npm remote repos, we are finding the following use case with dependencies between packages ending up with an error message during builds. 


      • We are publishing multiple packages directly to the public npm registry.
      • We do not want to publish to both the public registry and the local Artifactory instance.
      • We needed to increase the value of the Metadata Retrieval Cache Period because we were making to many requests to the public registry from Artifactory.

      Summary of problem:
      Development group releases a large volume of packages with new versions that depend on each other at the latest version. As the meta data (package.json) for packages trickles into Artifactory (because of the expiration of Metadata Cache), the dependencies which are pointing to the latest version aren't resolving because Artifactory hasn't updated the dependencies meta data yet.
      Package A v1.0.0 depends on Package B v1.0.0
      Public NPM contains:
      Package A v1.0.0
      Package B v1.0.0
      Artifactory contains:
      Package A v1.0.0
      Package B v1.0.0
      Package B v1.1.0 is released
      Package A is updated to depend on B v1.1.0
      Package A v 1.1.0 is released
      Public NPM contains:
      Package A v1.1.0
      Package B v1.1.0
      Package A meta data expires and Artifactory updates metadata for Package A
      Package B meta data has not expired and remains the same.
      Artifactory contains:
      Package A v1.1.0
      Package B v1.0.0
      Npm install run using Artifactory and fails when Package B v1.1.0 is not found.

      It seems like there needs to be an additional query to the remote repo for NPM dependencies that are not found in Artifactory.  We want to avoid decreasing the time for the metadata cache retrieval.  Can Artifactory handle this a different way for these inter dependencies where if a dependency is not found in Artifactory that it can force a lookup to the remote.  Or when caching an artifact, search through and look for these dependencies and if there are any versions missing from the local cache then also cache those packages from the source remote site.




            micah.goldbaum Micah Goldbaum
            13 Vote for this issue
            7 Start watching this issue