I was publishing the npm module and I got an error
I verified my package name does not exist in the npm registry
403 Forbidden - PUT https://registry.npmjs.org/package - Package name too similar to existing packages; try renaming your package to '#name/package' and publishing with 'npm publish --access=public' instead
I wanted to know what factors npm filter the package and verify the names
Related
I'm trying to install some packages from Azure Artifacts Feed which was set up by my organization. I still need other external packages in https://registry.npmjs.org/. Although they have configured NPM as upstream source for feed, my 'Reader' permission doesn't allow me to add new packages. So I can only use NPM scopes to install private packages from a scope registry and public package from official registry. But I cannot install private packages simply with scope name.
I've config my user's .npmrc, get authentication using "vsts-npm-auth". It looks like this now:
# $HOME\.npmrc
proxy=http://my-enterprise-proxy.com
noproxy[]=blah-blah-blah
strict-ssl=false
registry=https://registry.npmjs.org/
#feed-scope:registry:=https://pkgs.dev.azure.com/[ORGANIZATION_NAME]/_packaging/[FEED_NAME]/npm/registry/
always-auth=true
//pkgs.dev.azure.com/<ORGANIZATION_NAME>/_packaging/<FEED_NAME>/npm/registry/:username=[ENTER_ANY_VALUE_BUT_NOT_AN_EMPTY_STRING]
//pkgs.dev.azure.com/<ORGANIZATION_NAME>/_packaging/<FEED_NAME>/npm/registry/:_password=[BASE64_ENCODED_PERSONAL_ACCESS_TOKEN]
//pkgs.dev.azure.com/<ORGANIZATION_NAME>/_packaging/<FEED_NAME>/npm/registry/:email=npm requires email to be set but doesn't use the value
Now I try to execute:
npm install #feed-scope/package-needed
And I get:
npm ERR! code E404
npm ERR! 404 Not Found - GET pkgs.dev.azure.com/<ORGANIZATION_NAME>/_packaging/<FEED_NAME>/npm/registry/#my-scope%2fpackage-needed - The package '#my-scope/package-needed' was not found in feed '[FEED_NAME]'
npm ERR! 404
npm ERR! 404 '#my-scope/package-needed#*' is not in this registry.
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
I've explored my org's feed, there is only a package named "package-needed". I doubt that the scope name I add to command just what the problem is. But I don't know how can I remove it.
PS: Please ignore those placeholders.
Unfortunately, that's not going to work. The scope is part of an npm package's name. You should work with the owners of your feed to get you the Collaborator role, which is the same as the Reader role plus the ability to use packages from upstreams which have not yet been saved to your feed. This is distinct from the Contributor role which also adds the ability to publish packages directly to the feed.
Imagine an Azure DevOps feed (MyFeed) of npm packages with two views: Local and Release. This feed has an upstream source https://registry.npmjs.org/. Two packages (#scope/a and #scope/b) are already published and they are in Local view. Both of them directly depend on prop-types package from npmjs:
"dependencies": {
"prop-types": "^15.7.2"
},
"peerDependencies": {
"react": "^16.12.0",
...
}
Packages "a" and "b" are installed, builded (Storybook, i.e.) and deployed to some test environment for review. During installation of the packages their dependency prop-types is saved from upstream to the Local view of the feed.
Let's assume that package A passes review and is promoted to #Release view. Then I try to install it into the main project, which is connected to MyFeed#Release. But installation fails, because prop-types is still in Local view:
$ npm i #scope/a
npm ERR! code E404
npm ERR! 404 Not Found - GET https://*/*/_packaging/MyFeed%40Release/npm/registry/prop-types - NotFound
npm ERR! 404
npm ERR! 404 'prop-types#^15.7.2' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404 It was specified as a dependency of '#scope/a'
The only way to start using package "a" is to promote all it's dependencies to the same view (package "b" still installs correctly after that). But shouldn't it be done automatically? Or is there a workaround to use unpromoted (Local) upstream packages? There are could be plenty of dependencies from public packages from npmjs, which can hardly be managed manually.
Maybe I should create another feed, connected to npmjs and use it "in front" of MyFeed, like so:
npmjs <- MyUpstreamFeed (with Local view only) <- MyFeed (not directly connected to npmjs).
I'm trying to find a way to retrieve information about a npm compatible node package programmatically - specifically its name and peerDependencies.
I'm building a command line tool that accepts a package name that will be directly passed to npm install. Therefore a normal npm package name (like lodash) works, GitHub URLs like lodash/lodash#1234567 work and local file paths like /my/path/to/a/package also work.
This makes it hard to retrieve the name of the package that is installed, since the input is first resolved by npm and the resulting dependency name that is written to the package.json file.
I wanted to ask if there is a programmatic way to retrieve information about an npm package that is compatible with the user running npm install package from their command line, i.e. that offers the following functionality:
Resolving npm packages from the public and private registry (with all sorts of tag variants such as package#next)
Resolving GitHub dependencies (with all variants, such as commit hashes or tags)
Resolving tarball URLs
Resolving local packages in folders or tarballs
Things I have already tried:
Using pacote -> By default it does not use the authentication stored in ~/.npmrc
It also would be a very costly dependency in terms of package & dependency size
Parsing npm's install log (with --json) -> Not documented and appears to change with v7 to no longer contain the name of the installed dependency
Trying to use npm directly by importing the global module
No parseable information about the install process
Importing the global module also could be flaky and a local npm dependency would be very costly in terms of size
Using/Parsing npm show -> Does not work for GitHub URLs or local packages/tarballs
What I'm doing right now:
I'm parsing the package.json before the install and after the install and get the difference in dependencies (there should only be one). This dependency is then the resolved name that I can use to import the package.json and retrieve the list of peerDependencies.
But this feels very hacky and I still have to install the package before getting the info I need.
Therefore I wanted to ask if someone has a better idea to approach this problem.
I have published a scoped npm package in an npm-local repo on Artifactory. For example let's say it's #scope/packagename in the package.json. The path it creates on Artifactory seems to have an extra #scope in the path: https://artifacts.company.com/artifactory/webapp/#/artifacts/browse/tree/General/npm-local/#scope/packagename/-/#scope/packagename-version.tgz
Is this correct? Is there a problem with the publish? This is related to another question: Installing scoped npm packages from Artifactory. When I try to install this package I just published I get a 404 error leading me to believe there might be something wrong with the path?
Edit:
To publish my scoped package I edited my .npmrc:
#scope:registry=https://artifacts.company.com/artifactory/api/npm/npm-local/
//artifacts.company.com/artifactory/api/npm/npm-local/:_password=Q......
//artifacts.company.com/artifactory/api/npm/npm-local/:username=dgriner
//artifacts.company.com/artifactory/api/npm/npm-local/:email=d.griner#company.com
//artifacts.company.com/artifactory/api/npm/npm-local/:always-auth=true
In my package.json file I have the following:
"name": "#scope/packagename",
I then ran npm publish and it created the above path.
The path seems to be OK and should not lead to a resolution error.
The physical location of the NPM package does not effect the way it is being resolved. When resolving an NPM package, Artifactory is using the package metadata and not its path (as opposed to other supported package managers such as Maven which relies on the repository layout and artifact path).
As you have seen, Artifactory does have a layout for storing NPM packages. While it is not used for resolution it can be used for other concerns such as configuring fine grained access permission.
npm 3.x install fails on rename long paths in Windows/Azure when deploying node.js due to long paths:
npm ERR! EINVAL: invalid argument, rename 'D:\home\site\wwwroot\node_modules\azure_util\node_modules\pkgcloud\node_modules\gcloud\node_modules\gapitoken\node_modules\jws\node_modules\base64url\node_modules\meow\node_modules\indent-string\node_modules\repeating\node_modules\is-finite\node_modules\number-is-nan' -> 'D:\home\site\wwwroot\node_modules\number-is-nan'
Is there away to overcome it or prevent npm from renaming?
We found a solution. It seems like npm 3.x is getting to this situation when it needs to rename a long path only when you upgrade from older npm.
Meaning, since we already had this deployment running with an older npm, when we upgraded to npm 3.6.0 it tried to flatten the existing deployment and crashed.
The solution was just to remove the node_modules and redeploy.
According your info, your custom module azure_util is build in npm <3.x version, which has nested the node_modules folders.
You can try the following steps before deploying your node.js application to Azure Web Apps:
upgrade your local npm version up to 3.x version.
run command npm dedupe in your application directory, which will flatten the tree. You can find the description in npm change log
After these operations, your application's node.js deps should flat list in node_modules folder. And it should prevent the npm rename.
If you still occur the issue on your local env, you can try to rebuild your custom dependency in npm 3.x version, to make the directory tree flat in advance.