Mongoose: 4.10.3 was released with database files included

Created on 28 May 2017 · 6Comments · Source: Automattic/mongoose

4.10.3 in the NPM repo extracts to almost 1GB:

$ du -kcs *
925156  package/

There are a few, what look to be, temporary directories in package/tools that are the culprit:

$ du -kcs package/tools/*
307932  package/tools/31000/
307932  package/tools/31001/
307960  package/tools/31002/

They seem to contain MongoDB databases.

confirmed-bug performance

Source

robertklep

👍7

All 6 comments

To add some insight on the consequences, apart from disclosing the databases of whoever published the npm package... We found out it broke our automated serverless API deployment because the unzipped package archive was over 250MB (actually about 1GB).

floo51 on 28 May 2017

👍1

We have the same issue. Cannot use 4.10.3 in production, because of the disk space required.

kyrylkov on 28 May 2017

I ended up not using the npm package and changing my package.json to:

"mongoose": "[email protected]:floo51/mongoose.git",

Dirty patch but works for now.

floo51 on 28 May 2017

Can confirm problem -- this is breaking my AWS lambda builds for being too large

ChavaSobreyra on 28 May 2017

Released 4.10.4, please upgrade if this issue is causing you grief :+1:

vkarpov15 on 31 May 2017

👍1

Thanks, @vkarpov15 :)

robertklep on 31 May 2017

Was this page helpful?

0 / 5 - 0 ratings

Related issues

Error: Argument passed in must be a single String of 12 bytes or a string of 24 hex characters

AraanBranco · 3Comments

MongoDB 3.6 $pushAll is removed by now

p3x-robot · 3Comments

querying against ObjectIds with the $lt and $gt operators

weisjohn · 3Comments

Required array field throws error when set as empty array

Soviut · 3Comments

Base models do not honor select: false for discriminators

varunjayaraman · 3Comments