Problem description: Artifactory does not serve the npm package available in the remote cache as the latest i.e. with old/stale metadata if the remote npm repo (i.e. smart remote repo) is not reachable or the remote repo is marked offline.
What is the impact on the customer - What are they trying to achieve? where does that bug hurt them? what does it stop them from achieving?
Due to this builds/resolution of packages fail with 404 when the packages are resolved with the no version specified, as it looks for the latest version in the remote and doesn't serve the available package version in the remote cache.
What is the expected behavior? It's expected that Artifactory servers the package available in the remote cache as the latest version when the metadata is expired and if the smart remote is marked as offline or if the smart remote is not reachable.
Steps to reproduce the issue.
1. Setup npm repositories on Artifactory instance A
2. Create a smart remote repository pointing to a local repository on another Artifactory instance B
3. Publish different versions of npm package to npm local repository on Artifactory instance B (example - jquery 3.5.1 and latest jquery 3.6.0)
4. Now try resolving the jquery 3.5.1 using the npm virtual repository Artifactory instance A, observe that jquery 3.5.1 is cached in the npm remote cache repository
5. To make the remote repository not reachable set a dummy HTTP proxy in the Artifactory proxies and apply it to the remote repository or shut down the remote Artifactory instance B
6. Please ensure the metadata retrieval period is set 1 sec and missed retrieval as well to 1 and also set the remote repo as offline. Also, make sure the local npm client cache is cleaned
7. Try installing the jquery package again without specifying the version and observe the below errors.
Artifactory/Xray version on which the bug was reproduced (If the bug was reproduced not on the latest major), 7.31.13, 7.33.12 and latest i.e. 7.38.8
DB type & Version NA
Is this an HA env? if so, how many nodes are used. NA
Is this On-Prem or SaaS? NA
OS details if relevant
Installation type (i.e. Docker, RPM, etc..) NA
- Possible workaround: No workaround