Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-21628

npm version numbers limited to int32 numeric range

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: 6.10.1
    • Fix Version/s: None
    • Component/s: NPM
    • Labels:
      None

      Description

      Publishing an npm package with version number 0.0.2072013758 worked, because 2072013758 < 2147483648. Publishing the same package with version number 0.0.2972258708 failed, because 2972258708 >= 2147483648.

      The symptoms: the tarball itself is published, but the package metadata (/artifactory/api/npm/reponame/packagename) are not updated with the new version at all. No error appears in the artifactory server logs.

      Why it's a bug and not a limitation: it's established that npm package versions are constrained by the SemVer specification. SemVer permits limits on total version string length, but not on the size of integer values. The grammar in the SemVer spec specifies each component as a sequence of digits.

      Suggested fix: use BigDecimal.

      (Submitter ref: DOP-17491)

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            aecolley Adrian Colley
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: