Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-27118

Artifactory Returns 404 Instead of 403 for blocked artifacts from NPM Virtual Repositories

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Resolution: Unresolved
    • Affects Version/s: 7.37.13
    • Fix Version/s: None
    • Environment:
    • Severity:
      Critical
    • Location:
      External

      Description

      Description:

      Get 403 with the remote repository.

      $ npm install moment@2.29.1
      npm ERR! code E403
      npm ERR! 403 403 Forbidden - GET http://mill.jfrog.team:12132/artifactory/api/npm/npm-remote/moment/-/moment-2.29.1.tgz
      npm ERR! 403 In most cases, you or one of your dependencies are requesting
      npm ERR! 403 a package version that is forbidden by your security policy, or
      npm ERR! 403 on a server you do not have access to.

      npm ERR! A complete log of this run can be found in:
      npm ERR! /Users/jians/.npm/_logs/2022-04-25T05_56_56_787Z-debug.log

      Get 404 with the virtual repository.

      $ npm install moment@2.29.1
      npm ERR! code E404
      npm ERR! 404 Not Found - GET http://mill.jfrog.team:12132/artifactory/api/npm/npm-virtual/moment/-/moment-2.29.1.tgz
      npm ERR! 404
      npm ERR! 404 'moment@http://mill.jfrog.team:12132/artifactory/api/npm/npm-virtual/moment/-/moment-2.29.1.tgz' is not in this registry.
      npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
      npm ERR! 404
      npm ERR! 404 Note that you can also install from a
      npm ERR! 404 tarball, folder, http url, or git url.

      npm ERR! A complete log of this run can be found in:
      npm ERR! /Users/jians/.npm/_logs/2022-04-25T06_00_08_010Z-debug.log

       

      What is the impact to the customer - What are they trying to achieve? where does that bug hurts them? what does it stop them from achieving? What is the expected behavior? : It shoued return 403 not 404**

      Steps to reproduce: 

      1. create repositories: npm-remote & npm-virtual in Artifactory UI
      2. create a policy & rule, Click the Block Dwonload checkbox
      3. create a watch including the rule.
      4. create a directory test & cd  # in Terminal
      5. npm init -y # in Terminal
      6. rm -rf ~/.npmrc
      7. npm config set registry http://mill.jfrog.team:12801/artifactory/api/npm/npm-virtual/
      8. npm login
      9. npm install moment@2.29.1 --registry http://mill.jfrog.team:12801/artifactory/api/npm/npm-virtual/

        Attachments

          Activity

              People

              Assignee:
              Unassigned
              Reporter:
              jians Jian Sun
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:

                  Sync Status

                  Connection: RTFACT Sync
                  RTMID-27182 -
                  SYNCHRONIZED
                  • Last Sync Date: