Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-24151

Scoped npm packages have incorrect paths resulting in verbose Yarn log output

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: 3 - High
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: NPM
    • Labels:
      None
    • Severity:
      High

      Description

      When publishing a scoped npm package to JFrog, the tarball URL is different that what the npm public registry uses.  This issue has been brought up before in RTFACT-16206, but at the time the issues was merely aesthetic in the JFrog dashboard.

      However, since the release of Yarn 2, this now has a great impact when using scoped packages as the log output is affected.  When registries don't follow the standard URL pattern for an npm registry, Yarn will append an __archiveUrl property to packages since it cannot infer the URL from just the package name.  This was explained to me in an issue I opened regarding this issue on Yarn's GitHub repo: https://github.com/yarnpkg/berry/issues/2192#issuecomment-735833055

      Currently, when publishing a scoped package, the tarball would look something like this:

      https://scope.jfrog.io/scope/api/npm/npm-virtual/@scope/package-a/-/@scope/package-a-1.1.0.tgz
      

      But the correct URL is this:

      https://scope.jfrog.io/scope/api/npm/npm-virtual/@scope/package-a/-/package-a-1.1.0.tgz
      

      As you can see, the scope should be present immediately after the registry url, but NOT after the /-/ portion of the url.

      This results in log output that looks like this when installing packages in Yarn 2 which greatly complicates reading the logs due to the archive url being present in each log line.

      ➤ YN0041: │ @company/package-a@npm:10.11.0::__archiveUrl=https://company.registry.com/company/api/npm/npm-virtual/@company/package-a/-/@company/package-a-10.11.0.tgz: Invalid authentication (as an anonymous user)
      ➤ YN0041: │ @company/package-b@npm:10.11.0::__archiveUrl=https://company.registry.com/company/api/npm/npm-virtual/@company/package-b/-/@company/package-b-10.11.0.tgz: Invalid authentication (as an anonymous user)
      ➤ YN0041: │ @company/package-c@npm:10.11.0::__archiveUrl=https://company.registry.com/company/api/npm/npm-virtual/@company/package-c/-/@company/package-c-10.11.0.tgz: Invalid authentication (as an anonymous user)
      ➤ YN0041: │ @company/package-d@npm:10.11.0::__archiveUrl=https://company.registry.com/company/api/npm/npm-virtual/@company/package-d/-/@company/package-d-10.11.0.tgz: Invalid authentication (as an anonymous user)
      

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            mskelton Mark Skelton
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:

                Sync Status

                Connection: RTFACT Sync
                RTMID-24151 -
                SYNCHRONIZED
                • Last Sync Date: