Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG](libnpmpublish) Unpublish url not correctly defined #4253

Closed
ychailler opened this issue Oct 15, 2019 · 6 comments · Fixed by #4657
Closed

[BUG](libnpmpublish) Unpublish url not correctly defined #4253

ychailler opened this issue Oct 15, 2019 · 6 comments · Fixed by #4657
Labels
Bug thing that needs fixing Priority 2 secondary priority issue ws:libnpmpublish Related to the libnpmpublish workspace.

Comments

@ychailler
Copy link

Hello,

When unpublishing a package into an internal repository (such as artifactory) where the registry contains a path, the tarballUrl bellow (unpublish.js:71) will be wrong as it will contain the full registry path

const tarballUrl = url.parse(dist.tarball).pathname.substr(1)

Example :

C:>npm unpublish my-app@1.0-SNAPSHOT --verbose --force --registry https://artifactory.example.com/api/npm/npm-snapshots/
npm info it worked if it ends with ok
npm verb cli [ 'C:\Tools\node-v10.16.3-win-x64\node.exe',
npm verb cli 'C:\Tools\node-v10.16.3-win-x64\node_modules\npm\bin\npm-cli.js',
npm verb cli 'unpublish',
npm verb cli 'my-app@1.0-SNAPSHOT',
npm verb cli '--verbose',
npm verb cli '--force',
npm verb cli '--registry',
npm verb cli 'https://artifactory.example.com/api/npm/npm-snapshots/' ]
npm info using npm@6.9.0
npm info using node@v10.16.3
npm WARN using --force I sure hope you know what you are doing.
npm verb npm-session 501f69ac7af05ab3
npm http fetch GET 200 https://artifactory.example.com/api/npm/npm-snapshots/my-app?write=true 372ms
npm http fetch PUT 200 https://artifactory.example.com/api/npm/npm-snapshots/my-app/-rev/1-0 44ms
npm http fetch GET 304 https://artifactory.example.com/api/npm/npm-snapshots/my-app?write=true 93ms
npm http fetch DELETE 200 https://artifactory.example.com/api/npm/npm-snapshots/api/npm/npm-snapshots/my-app/-/my-app-1.0-SNAPSHOT.tgz/-rev/1-0 79ms
-my-app@1.0-SNAPSHOT
npm verb exit [ 0, true ]
npm timing npm Completed in 5982ms
npm info ok

The last DELETE fetch is wrong the registry path has been duplicated

@lenaing
Copy link

lenaing commented Jan 15, 2020

Hello, we also encounter this issue 👍

  • Node version : v12.14.1
  • Npm version : 6.13.4
$ DEBUG=* npm --loglevel silly unpublish mypackage@X.Y.Z --registry https://artifact.example.com/artifactory/api/npm/my-npm-repository-local/
npm info it worked if it ends with ok
npm verb cli [
npm verb cli   '/usr/local/lib/nodejs/node-v12.14.1-linux-x64/bin/node',
npm verb cli   '/usr/local/lib/nodejs/node-v12.14.1-linux-x64/bin/npm',
npm verb cli   '--loglevel',
npm verb cli   'silly',
npm verb cli   'unpublish',
npm verb cli   'mypackage@X.Y.Z',
npm verb cli   '--registry',
npm verb cli   'https://artifact.example.com/artifactory/api/npm/my-npm-repository-local/'
npm verb cli ]
npm info using npm@6.13.4
npm info using node@v12.14.1
npm verb npm-session 7e70fbc9b971c0a2
npm sill unpublish args[0] mypackage@X.Y.Z
npm sill unpublish spec Result {
npm sill unpublish   type: 'version',
npm sill unpublish   registry: true,
npm sill unpublish   where: undefined,
npm sill unpublish   raw: 'mypackage@X.Y.Z',
npm sill unpublish   name: 'mypackage',
npm sill unpublish   escapedName: 'mypackage',
npm sill unpublish   scope: undefined,
npm sill unpublish   rawSpec: 'X.Y.Z',
npm sill unpublish   saveSpec: null,
npm sill unpublish   fetchSpec: 'X.Y.Z',
npm sill unpublish   gitRange: undefined,
npm sill unpublish   gitCommittish: undefined,
npm sill unpublish   hosted: undefined
npm sill unpublish }
npm http fetch GET 200 https://artifact.example.com/artifactory/api/npm/my-npm-repository-local/mypackage?write=true 140ms
npm http fetch PUT 200 https://artifact.example.com/artifactory/api/npm/my-npm-repository-local/mypackage/-rev/1-0 31ms
npm http fetch GET 304 https://artifact.example.com/artifactory/api/npm/my-npm-repository-local/mypackage?write=true 64ms
npm http fetch DELETE 200 https://artifact.example.com/artifactory/api/npm/my-npm-repository-local/artifactory/api/npm/my-npm-repository-local/mypackage/-/mypackage-X.Y.Z.tgz/-rev/1-0 77ms
- mypackage@X.Y.Z
npm verb exit [ 0, true ]
npm timing npm Completed in 749ms
npm info ok

Here is an excerpt from the package.json for mypackage as stored by Artifactory :

$ curl "https://artifact.example.com/artifactory/my-npm-repository-local/.npm/mypackage/package.json"
{
  "_id" : "mypackage",
  "_rev" : "1-0",
  "name" : "mypackage",
  "description" : "myrepo",
  "dist-tags" : {
    "latest" : "X.Y.Z"
  },
  "versions" : {
    "X.Y.Z" : {
      "name" : "mypackage",
      "description" : "myrepo",
      "version" : "X.Y.Z",
      "author" : "Me <me@example.com>",
      "repository" : "git@gitlab.example.com:mygroup/myrepo.git",
      "engines" : {
        "node" : ">= 8"
      },
      "main" : "app",
      "dist" : {
        "tarball" : "//my-npm-repository-local/mypackage/-/mypackage-X.Y.Z.tgz",
        "shasum" : "56e8df39a36cadec1e830d2e66fc304ebf90dbd3"
      },

So the JSON as stored by artifactory seems correct.
However, when the unpublish goes on, the previous URL ( https://artifact.example.com/artifactory/api/npm/my-npm-repository-local/mypackage?write=true ) does not contains the same data for the dist.tarball field :

$ curl -s "https://artifact.example.com/artifactory/api/npm/my-npm-repository-local/mypackage?write=true"|jq .versions[].dist.tarball
"https://artifact.example.com/artifactory/api/npm/my-npm-repository-local/mypackage/-/mypackage-X.Y.Z.tgz"

I believe this may be an Artifactory issue, as this may be their NPM API that rewrite the URL, breaking the logic here : https://github.com/npm/libnpmpublish/blob/latest/unpublish.js#L72 .
As we have customer support, I'll trigger a ticket to have their insight on the subject.

As a workaround :

curl -vvv --user my_user --password my_password -X DELETE https://artifact.example.com/artifactory/api/npm/my-npm-repository-local/mypackage/-/mypackage-X.Y.Z.tgz/-rev/1-0

Kind regards,

@atigm
Copy link

atigm commented Nov 23, 2020

Hi,

Any update ?

I have the same issue

@andi-dev
Copy link

It looks like the PR to fix this issue was approved, but not merged since 3 months.

@fsher
Copy link

fsher commented Jun 29, 2021

Same issue, private registry.

Node: 14.16.1
Npm: 6.14.12

@jacob-haller-roby
Copy link

@andi-dev

It looks like the PR to fix this issue was approved, but not merged since 3 months.

Hey, author of that PR here.

Neither myself nor the person who approved have write access to the repo. This was just a problem I encountered and resolved myself in a fork. PR was provided because I'm just a really cool dude.

It's up to someone with write access to approve/merge it now. Here's hoping!

@fritzy fritzy transferred this issue from npm/libnpmpublish Jan 18, 2022
@fritzy fritzy changed the title Unpublish url not correctly defined [libnpmpublish] Unpublish url not correctly defined Jan 18, 2022
@fritzy fritzy added Needs Triage needs review for next steps ws:libnpmpublish Related to the libnpmpublish workspace. labels Jan 18, 2022
@fritzy fritzy changed the title [libnpmpublish] Unpublish url not correctly defined [BUG](libnpmpublish) Unpublish url not correctly defined Jan 18, 2022
ruyadorno added a commit that referenced this issue Mar 1, 2022
Adds a test that ensures it's possible to unpublish a specific version
of a package from a custom registry (containing multiple slashes)

Relates to: #4253
@ruyadorno ruyadorno added Bug thing that needs fixing Priority 2 secondary priority issue and removed Needs Triage needs review for next steps labels Mar 1, 2022
@ruyadorno
Copy link
Contributor

ruyadorno commented Mar 1, 2022

Added a (current failing) test asserting this problem #4484

ruyadorno added a commit to ruyadorno/cli that referenced this issue Mar 31, 2022
Fixes unpublishing a package from a registry url that has pathnames
after its hostname.

Fixes: npm#4253
ruyadorno added a commit to ruyadorno/cli that referenced this issue Apr 19, 2022
Fixes unpublishing a package from a registry url that has pathnames
after its hostname.

Fixes: npm#4253
ruyadorno added a commit to ruyadorno/cli that referenced this issue Apr 19, 2022
Fixes unpublishing a package from a registry url that has pathnames
after its hostname.

Fixes: npm#4253
ruyadorno added a commit that referenced this issue Apr 26, 2022
Fixes unpublishing a package from a registry url that has pathnames
after its hostname.

Fixes: #4253
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug thing that needs fixing Priority 2 secondary priority issue ws:libnpmpublish Related to the libnpmpublish workspace.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

8 participants