Scoped packages return 404

Question

Scoped packages return 404

diervo opened this issue 7 years ago · comments

Diego Ferreiro Val commented 7 years ago

Scoped packages return a 404, for example the command: npm info @types/node --registry=http://myregistry.com fails.

That being said it worked a couple of times so It might be related somehow with the issue #96 and #97, since it did work intermittently?

Note that in my server I do have applied the PR #98

Diego Ferreiro Val · Answer 1 · Thu Dec 14 2017 10:53:04 GMT+0800 (China Standard Time)

Ok I found the root cause: There is a a bunch of race conditions in http-call library due to incorrect use of async/await.

The problem is described here: https://jakearchibald.com/2017/await-vs-return-vs-return-await/

Because of this the property req.body might be a string or JSON depending if the promise has been resolved.

Nikita Ivanov · Answer 2 · Fri Oct 26 2018 19:04:36 GMT+0800 (China Standard Time)

I still have this issue in 2.8.2 with env variable NPM_REGISTER_AUTH_READ=true. All scoped packages return 404, but everything else works as intended. In logs it says just something like this:

[API] measure#request=6ms method=GET user-agent="npm/6.4.1 node/v8.11.1 linux x64" status=404 path=/@nuxtjs/axios request_id=0.9942495738552943

Ryan Saul · Answer 3 · Sat Nov 17 2018 03:06:05 GMT+0800 (China Standard Time)

I could use some help here. The service works well for me when I've deleted the lock file, but when I use a set yarn.lock file I run into frequent 404 errors. AFAIK all of the dependencies are otherwise available.

Dan Gautsch · Answer 4 · Sat Nov 17 2018 05:11:29 GMT+0800 (China Standard Time)

@BobNobrain @giantryansaul I'll review sometime this weekend and next week. Haven't had as much time for this project lately. But should have some free time over the holiday.

Dan Gautsch · Answer 5 · Sun Nov 18 2018 22:42:16 GMT+0800 (China Standard Time)

@giantryansaul when you say, set yarn.lock. do you mean the one committed with the project that comes with v2.8.3?

Ryan Saul · Answer 6 · Tue Nov 20 2018 01:36:27 GMT+0800 (China Standard Time)

@dgautsch No I mean the yarn lock file we use for our team's project. I've reset the "resolved" links from the public yarn registry so that they all get re-written to this new registry. All of these packages will download correctly from the public registry, but a handful of them (mostly @type libraries) will get 404 errors.

Lyra Naeseth · Answer 7 · Tue Feb 19 2019 08:10:24 GMT+0800 (China Standard Time)

I just ran into this in switching from verdaccio to npm-register.

Most of the scoped packages in our yarn.lock files had URL-escaped /s within their tarball URLs, like https://npm.abc.xyz/@vx%2ftext/-/text-0.0.165.tgz. But some of them did not, and npm-register 404’d them: https://npm.abc.xyz/@vx/text/-/text-0.0.165.tgz won’t work. Looking through routes.js, it looks like those might work if the tarball name had a /hash suffix.

We used sed to url-escape all scoped package names in our yarn.lock files, and then our yarn installs started to complete successfully.