Comments (8)
I don't think verdaccio can fix the problem. It would require it to unpack the tarball, modify the shinkwrap file, and repack it. That would change the checksum which would have further consequences. Packing the tarball has to be the responsibility of the client.
Subsequent to what I posted above, we are moving onto using yarn
for npm package deployment. See
https://www.npmjs.com/package/yarn
https://code.facebook.com/posts/1840075619545360
It still uses npm behind the scenes, but it doesn't use the shrinkwrap file. Instead it uses a new file called yarn.lock
which does not have these problems. Further, it appears that after running yarn
to create the yarn.lock
file, running npm shrinkrap
creates a shrinkwrap file that doesn't have any resolved
elements, so there's no longer any need to run the gulp
task (so far anyway). And npm publish
with a package which has both yarn.lock
and npm-shrinkwrap.json
files works very nicely. The package can then be deployed either using yarn add packagename
or npm install packagename
depending on what the user has installed. And with this workflow, it works fine with verdaccio.
from verdaccio.
Just to add the yarn.lock
file does contain references to the address of the verdaccio
server, which works for us because we are always deploying from the verdaccio
server and never directly. The shrinkwrap file generated afterwards doesn't contain references to the server, though (no resolved elements).
In either case, i.e. installing using either yarn
or npm
, everything is now properly cached. Even so, installing using yarn
takes a fraction of the time that npm install
takes. For example one project takes 120 seconds with npm
and only 25 seconds with yarn
. So it's a big efficiency improvement.
from verdaccio.
Just to bring this up to date: I'm not sure this is something that should be addressed within Verdaccio. The npm client is in charge of the shrinkwrap file. Any time you install or update anything with --save set, if there's a shrinkwrap file, it will get updated. The safest option if you need network-free installs is to update the shrinkwrap file before publishing. I use a gulp
task for it which looks like this:
gulp.task('rewrap', function (cb) {
// remove resolved elements from npm-shrinkwrap
var shrinkwrapFile = path.join(__dirname, 'npm-shrinkwrap.json'),
fs = require('fs'),
shrinkwrap = require('./npm-shrinkwrap.json')
gutil.log('unwrap: removing resolved elements from ' + shrinkwrapFile)
function replacer(key, value) {
if (!this.version) {
return value
}
switch (key) {
case 'resolved':
case 'from':
return undefined
default:
return value
}
}
fs.writeFile(shrinkwrapFile, JSON.stringify(shrinkwrap, replacer, 2), function (err) {
cb(err)
})
})
All it does is remove the resolved
elements, which means an npm install
of the published package will fetch everything from the default registry (so if that's Verdaccio, there's no Internet access required).
from verdaccio.
I'm seeing this while trying to install nodemailer
on an internal only server that uses a sinopia
cache as a proxy.
from verdaccio.
I have recently noticed this as well, thanks for looking into it.
from verdaccio.
I think I found the cause of this problem, or actually two of them.
- When a package that you install is still in your cache, downloaded directly (not through the cache), it will show up in the shrinkwrap as resolved from the npmjs server (which is true). This should not be resolved by verdaccio, as it is a user fault.
- If a package contains a
npm-shrinkwrap.json
file, it will contain direct urls to the original repository. In my opinion, verdaccio should scan the packages for these files, and update theresolved
tags there if that url points to the upstream repository.
from verdaccio.
I think @steve-p-com cleared that up. Thanks. Closing
from verdaccio.
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
from verdaccio.
Related Issues (20)
- windows 10 cannot adduser
- Search for plug-ins crashes HOT 2
- I need pagination HOT 1
- Error: Cannot find module '@verdaccio/cli' HOT 1
- Transitive uplink dependencies provide a 404 error HOT 3
- Missing refresh after LogOut in 5.27.0 HOT 2
- Base href value in HTML of http://localhost:4873/ suddenly turns into https://ip.address.of.server/ HOT 1
- use domain can not load packages HOT 1
- Release 5.28.1 HOT 4
- bug: do not cache tarballs from upstreams since 5.26.0 HOT 1
- The uplinks configuration does not take effect during query HOT 2
- [Web] Markdown language on README is missing monospace styles and coloring HOT 5
- Still Fetching Packages from Old Uplink Source after Switching
- Getting EACCES: permission denied, open '/verdaccio/storage/@asyncapi/html-template/package.json.tmp4446934159360625'
- npm ERR! 404 '@vue-office/[email protected]' is not in this registry HOT 1
- config.yml listen: 0.0.0.0:80 is ignored - server still starts listening to default port 4873 HOT 1
- Verdaccio UI not visible HOT 2
- Problems when trying to use npm audit with bucket storage HOT 1
- Missing newline after version output leaves command prompt on the same line
- Copy authorization from request to proxy
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from verdaccio.