Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-24655

NPM dist-tag behaviour when client is configured with virtual repository

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Backlog
    • Resolution: Unresolved
    • Affects Version/s: 7.5.7, 7.12.5
    • Fix Version/s: None
    • Component/s: NPM
    • Labels:
      None
    • Severity:
      Low

      Description

      Issue description

      Executing npm dist-tag ls <package-name> command on NPM virtual repository(which has local and remote) we see a version of the package which is marked at the registry end is getting retrieved even though if we mark the same dist-tag with a different version in the local repository. Please find below for complete steps to replicate the behavior. 

       Currently, in the virtual repository we first merge the local tags and then the remote tags. In the described behavior we override existing tags in case the tag key already exists.

       

      Steps to reproduce:

       -> Create NPM repositories using Quick Setup from Artifactory UI

       -> Configure npm client with above created Artifactory NPM repository

       -> Installed eslint package using the below command:     

       > npm install eslint --registry http://<Artifactory-URL>/artifactory/api/npm/npm/
      

        -> By default(at remote registry) package eslint has v7.0.0-rc.0 as the next tag.

      > npm dist-tag ls eslint
      es6jsx: 0.11.0-alpha.0
      latest: 7.17.0
      next: 7.0.0-rc.0
      

       -> Now, copy the package to the local repository and tag v7.17.0 as next

      > npm dist-tag add eslint@7.17.0 next
      +next: eslint@7.17.0
      

       As I have marked the dist tag next to v7.17.0 in the local repository when executed dist-tag ls on the virtual repository which is an aggregation of local + remote repository I see v7.0.0-rc.0 is showing as the next tag. Please find below the output for your reference.

      > npm dist-tag ls eslint:
      es6jsx: 0.11.0-alpha.0
      latest: 7.17.0
      next: 7.0.0-rc.0
      

       However, when I perform the same on virtual with local only(by excluding remote repository) I see the output as below:

      > npm dist-tag ls eslint:
      es6jsx: 0.11.0-alpha.0
      latest: 7.17.0
      next: 7.17.0
      

       

       

      This will affect when the customer is trying to install a package (when NPM client configured with the virtual repository) using dist-tag, as we see package v7.0.0-rc.0 installed even though he has marked v7.17.0 in the local repository.

      > npm install eslint@next
      npm WARN @esri/hub-components@1.0.1 requires a peer of @esri/arcgis-rest-auth@^2.0.0 but none is installed. You must install peer dependencies yourself.
      npm WARN @esri/hub-components@1.0.1 requires a peer of @esri/arcgis-rest-feature-layer@^2.0.0 but none is installed. You must install peer dependencies yourself.
      npm WARN @esri/hub-components@1.0.1 requires a peer of @esri/arcgis-rest-geocoding@^2.0.0 but none is installed. You must install peer dependencies yourself.
      npm WARN @esri/hub-components@1.0.1 requires a peer of @esri/arcgis-rest-portal@^2.0.0 but none is installed. You must install peer dependencies yourself.
      npm WARN @esri/hub-components@1.0.1 requires a peer of @esri/arcgis-rest-request@^2.0.0 but none is installed. You must install peer dependencies yourself.
      npm WARN @esri/hub-components@1.0.1 requires a peer of @esri/arcgis-rest-types@^2.0.0 but none is installed. You must install peer dependencies yourself.
      npm WARN @esri/hub-components@1.0.1 requires a peer of @esri/hub-common@^6.4.0 but none is installed. You must install peer dependencies yourself.
      npm WARN @esri/hub-components@1.0.1 requires a peer of @esri/hub-downloads@^6.4.0 but none is installed. You must install peer dependencies yourself.
      npm WARN @esri/hub-components@1.0.1 requires a peer of @esri/hub-events@^6.4.0 but none is installed. You must install peer dependencies yourself.
      npm WARN eslint-config-prettier@6.11.0 requires a peer of eslint@>=3.14.1 but none is installed. You must install peer dependencies yourself.
      npm WARN eslint-config-xo@0.27.2 requires a peer of eslint@>=6.4.0 but none is installed. You must install peer dependencies yourself.
      npm WARN eslint-plugin-ava@9.0.0 requires a peer of eslint@>=6.2.0 but none is installed. You must install peer dependencies yourself.
      npm WARN eslint-plugin-es@2.0.0 requires a peer of eslint@>=4.19.1 but none is installed. You must install peer dependencies yourself.
      npm WARN eslint-plugin-eslint-comments@3.2.0 requires a peer of eslint@>=4.19.1 but none is installed. You must install peer dependencies yourself.
      npm WARN eslint-plugin-import@2.22.0 requires a peer of eslint@^2 || ^3 || ^4 || ^5 || ^6 || ^7.2.0 but none is installed. You must install peer dependencies yourself.
      npm WARN eslint-plugin-node@10.0.0 requires a peer of eslint@>=5.16.0 but none is installed. You must install peer dependencies yourself.
      npm WARN eslint-plugin-prettier@3.1.4 requires a peer of eslint@>=5.0.0 but none is installed. You must install peer dependencies yourself.
      npm WARN eslint-plugin-unicorn@12.1.0 requires a peer of eslint@>=6.3.0 but none is installed. You must install peer dependencies yourself.
      npm WARN eslint-template-visitor@1.1.0 requires a peer of eslint@^6.4.0 but none is installed. You must install peer dependencies yourself.
      + eslint@7.0.0-rc.0
      added 5 packages from 3 contributors, removed 19 packages, updated 7 packages and audited 1247 packages in 11.43s
      48 packages are looking for funding
        run `npm fund` for details
      found 58 low severity vulnerabilities
        run `npm audit fix` to fix them, or `npm audit` for details
      

       

       

      Expected behavior: Package version tagged at local repository should get retrieved when executed npm dist-tag ls <package-name> against the virtual repository which has local + remote.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            pavang Pavan Gonugunta
            Votes:
            2 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:

                Sync Status

                Connection: RTFACT Sync
                RTMID-24655 -
                SYNCHRONIZED
                • Last Sync Date: