Cli: [BUG] 7.x Cannot use tags to install against a privately scoped package on the npm registry

Created on 26 Aug 2020  路  11Comments  路  Source: npm/cli

I commented on another ticket but I believe this may actually be a separate issue so I'm opening my own issue as this is a major blocker to us using the npm 7 cli at all.

Current Behavior:

We see this issue using the npm 7 beta:

the command npm i @creditiq/item@latest gives the error

npm ERR! code E404
npm ERR! 404 Not Found - GET https://registry.npmjs.org/@creditiq%2fitem - Not found
npm ERR! 404
npm ERR! 404  '@creditiq/item@latest' is not in the npm registry.

but npm info @creditiq/item

happily shows

@creditiq/[email protected] | UNLICENSED | deps: 4 | versions: 868
placeholder
https://github.com/creditiq/ciq-item#readme

dist
.tarball: https://registry.npmjs.org/@creditiq/item/-/item-30.42.1.tgz
.shasum: 9bf171850eb215fe8ed4d345d737f480132b0b4d
.integrity: sha512-Xd4rgTT8iHRVBZ/kXxyUqF4DRQesJcIDkS0PwdjEY3cVnTwyIf4MtssHo6NFVBW2A3fnwVmAwxBS3Q4lGIwErQ==
.unpackedSize: 2.8 MB

dependencies:
@creditiq/calculations: ^7.3.0 @creditiq/types: ^4.151.0
@creditiq/rule-engine: ^2.0.2  json-stable-stringify: ^1.0.1

maintainers:
- creditiq <[email protected]>

dist-tags:
beta: 30.33.2-2  latest: 30.42.1

published 39 minutes ago by creditiq <[email protected]>

Note: i'm also able to install the version pointed to by latest with npm i @creditiq/[email protected] . It seems specifically related to using the latest tag. Note: this is a privately scoped package and this doesn't happen with public packages. I also tested using a beta tag we had created and the same error occurs so I believe it is a regression with installing using any tag (semver seems ok)

Here is our .npmrc for both the package i'm installing and the one i'm installing into:

scope=creditiq
always-auth=true
@creditiq:registry=https://registry.npmjs.org/
//registry.npmjs.org/:_authToken=${CIQ_NPM_TOKEN}

Note: the token is available in the env.

Expected Behavior:

npm i @creditiq/item@latest installs latest version

Steps To Reproduce:

  1. Create a scoped package and publish
  2. Attempt to install that package using @latest

Environment:

Mac OS Catalina
npm 7.0.0-beta.7

Bug Release 7.x
Source
picture scamden

All 11 comments

hi @scamden thanks for the report, can you please let me know what is the current "name" property of your package.json?

ruyadorno picture ruyadorno on 3 Sep 2020

@ruyadorno I work with @scamden
the name of the package being installed in the bug report is @creditiq/item.
The tag install issue described is not specific to this package but happens with all of our privately scoped @creditiq/* packages.

aliatsis picture aliatsis on 8 Sep 2020
👍1

@ruyadorno sorry was out of town last week, but yes anthony is exactly correct:"name": "@creditiq/item",

scamden picture scamden on 8 Sep 2020
👍1

ah 馃槃 thanks for confirming, the reason I ask is because we recently fixed a bug in which would cause scoped packages to fail to fetch tarballs from the public registry, I believe this is the same bug. Could you please give it another try with the most recent beta patch? npm i -g npm@next-7

ruyadorno picture ruyadorno on 9 Sep 2020

@ruyadorno unfortunately it's not fixed yet:

:~$ npm i @creditiq/item@latest
npm ERR! code E404
npm ERR! 404 Not Found - GET https://registry.npmjs.org/@creditiq%2fitem - Not found
npm ERR! 404
npm ERR! 404  '@creditiq/item@latest' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/scamden/.npm/_logs/2020-09-09T17_21_13_981Z-debug.log

npm --version
7.0.0-beta.10
scamden picture scamden on 9 Sep 2020

I see! 馃槥 seeing that it's not that same issue it would be nice to get a bit more info to help out reproducing/understanding it 馃榿 if I understood correctly the scope @creditiq is published to the public registry (at: https://registry.npmjs.org/)? is it a private or public scope? (I don't think it's public since I'm getting 404 when trying npm view @creditiq/item)

ruyadorno picture ruyadorno on 9 Sep 2020

I tried recreating a minimal reproduction by creating a new package, renaming it to use a scope and installing some other package (from the public registry) pointing to its latest tag, e.g:

cd ./test-scoped-pkg
npm init -y
sed -i .bkp -E 's#test-scoped-pkg#\@ruyadorno\/&#g' package.json
npm i @ruyadorno/dep-foo@latest

And everything works as expected 馃 maybe there are some more details yet to be found here. Could you please share if possible your package.json, the error log files and the output from npm config ls -l (double check to not leak any tokens but the config ls should take care of that).

ruyadorno picture ruyadorno on 9 Sep 2020

@ruyadorno

no problem here there are.
Archive.zip

scamden picture scamden on 11 Sep 2020

@ruyadorno any more info you need? this is a pretty frustrating bug for us.

scamden picture scamden on 21 Sep 2020

Sorry about the delay @scamden! Ok, so there's some good news! I managed to wrap up this morning a fix to (what I'm quite sure was) the root of the problem and shipped it in today's release: v7.0.0-beta.12

Please give it a try with the usual update: npm i -g npm@next-7 and let us know! 馃槃

Thanks again for the report and all the help reproducing the problem!

ruyadorno picture ruyadorno on 22 Sep 2020
1

This looks fixed thank you!

scamden picture scamden on 23 Sep 2020
1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

1000i100 picture 1000i100  路  3Comments
Cohen-Carlisle picture Cohen-Carlisle  路  4Comments
millerick picture millerick  路  3Comments
MadhuriGurumurthy11 picture MadhuriGurumurthy11  路  3Comments
OnkelTem picture OnkelTem  路  4Comments