Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Publishing a npm package won't store dependencies information #21013

Closed
joecarl opened this issue Sep 1, 2022 · 0 comments · Fixed by #21017
Closed

Publishing a npm package won't store dependencies information #21013

joecarl opened this issue Sep 1, 2022 · 0 comments · Fixed by #21017

Comments

@joecarl
Copy link
Contributor

joecarl commented Sep 1, 2022

Description

The main reason I ended up here is because I published a npm package to my local gitea registry and then, when I tried to install it into another project I realized peerDependencies were not being installed. This didn't happen when I was using another registry, like verdaccio. So I decided to investigate why was this happening on Gitea only.

After publishing my package, if I access the url https://mygiteahost/api/packages/<owner>/npm/@scope%2Fpackage I get the following json:

{
	"_id": "@scope/package",
	"name": "@scope/package",
	"description": "description",
	"dist-tags": {
		"latest": "4.0.18"
	},
	"versions": {
		"4.0.18": {
			"_id": "@scope/[email protected]",
			"name": "@scope/package",
			"version": "4.0.18",
			"description": "description",
			"author": {
				"name": "Author"
			},
			"license": "ISC",
			"repository": {
				"type": "",
				"url": ""
			},
			"readme": "## package",
			"dist": {
				"integrity": "sha512-xBTkbkYxBgVcottHDlF0gp/wflbZ1Im7g2x8AJf7P+Qz/wxVMzYWMci3ilTEBN1+ZQea7TAppgBGrjKC/ZCIag==",
				"shasum": "a20233713f6fdc6f10fa6b0e8addca837b98f011",
				"tarball": "https://host.dev/api/packages/owner/npm/%scope%2Fpackage/-/4.0.18/package-4.0.18.tgz"
			}
		}
	},
	"readme": "## package",
	"repository": {
		"type": "",
		"url": ""
	},
	"author": {
		"name": "Author"
	},
	"license": "ISC"
}

As you can see it is missing information about dependencies.

This is the equivalent in verdaccio:

{
	"name": "@scope/package",
	"versions": {
		"4.0.18": {
			"name": "@scope/package",
			"version": "4.0.18",
			"description": "description",
			"author": {
				"name": "Author",
				"url": "https://Author.es"
			},
			"license": "ISC",
			"main": "dist/frontend/pkg/main.mjs",
			"scripts": {
				"test": "echo \"Error: no test specified\" && exit 1",
				"start": "echo \"Error: no dev mode available\" && exit 1",
				"build": "rm -rf dist/frontend && NODE_ENV=production ./node_modules/.bin/babel sources/frontend --keep-file-extension --out-dir dist/frontend --copy-files"
			},
			"files": [
				"dist/frontend"
			],
			"devDependencies": {
				"@babel/cli": "^7.17.10",
				"@babel/core": "^7.18.2",
				"@babel/eslint-parser": "^7.18.2",
				"@babel/plugin-transform-runtime": "^7.18.2",
				"@babel/preset-env": "^7.18.2",
				"@babel/preset-react": "^7.17.12",
				"@babel/runtime": "^7.18.3",
				"eslint": "^8.17.0",
				"eslint-plugin-react": "^7.30.0",
				"sass": "^1.52.2"
			},
			"peerDependencies": {
				"react": "^18.1.0",
				"react-dom": "^18.1.0"
			},
			"readmeFilename": "README.md",
			"_id": "@scope/[email protected]",
			"_nodeVersion": "18.6.0",
			"_npmVersion": "8.18.0",
			"dist": {
				"integrity": "sha512-R032NpKnDw00M9CczYnT59UacbKNM0MQt2npVKV3fOWmoaJSVZ0SESakb72xbQiRcxBiy2GoU2rXy2E+ZiFrXA==",
				"shasum": "9560390f7aa3ec972ad3868481db94d457d46d8d",
				"tarball": "http://verdaccio-host.dev/@scope/package/-/@scope/package-4.0.148.tgz"
			},
			"contributors": []
		}
	},
	"time": {
		"modified": "2022-09-01T00:34:55.326Z",
		"created": "2022-09-01T00:34:55.326Z",
		"4.0.148": "2022-09-01T00:34:55.326Z"
	},
	"users": {},
	"dist-tags": {
		"latest": "4.0.148"
	},
	"_uplinks": {
		"cs": {
			"fetched": 1661992481981
		}
	},
	"_distfiles": {
		"package-4.0.18.tgz": {
			"url": "https://host.dev/api/packages/Author/npm/%40Author%2Fpackage/-/4.0.18/package-4.0.18.tgz",
			"sha": "c9b7d524618c780ccf2b43457462379c465fb108",
			"registry": "cs"
		}
	},
	"_attachments": {
		"package-4.0.18.tgz": {
			"shasum": "c9b7d524618c780ccf2b43457462379c465fb108"
		},
		"package-4.0.148.tgz": {
			"shasum": "9560390f7aa3ec972ad3868481db94d457d46d8d",
			"version": "4.0.148"
		}
	},
	"_rev": "6-0fac5b9cbba016ba",
	"_id": "@scope/package",
	"readme": "## package"
}

I don't even know if npm uses this information to install peerDependencies, the only thing I know is that peers were installed when I downloaded the package from verdaccio and they were not when I did it from Gitea.

I know that I can install peer deps manually, but I don't wanna go through that process everytime.

I really want to use Gitea because it's awesome!!

Is this a bug or am I doing something wrong??

Thanks in advance.

Gitea Version

1.17.1

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

I'm running Gitea using the latest docker image.

Database

No response

@lunny lunny added this to the 1.17.2 milestone Sep 1, 2022
zeripath pushed a commit that referenced this issue Sep 2, 2022
Set DevDependencies, PeerDependencies & OptionalDependencies in npm package metadatas

Fix  #21013
6543 pushed a commit that referenced this issue Sep 3, 2022
…#21017) (#21044)

Backport #21017

Set DevDependencies, PeerDependencies & OptionalDependencies in npm package metadatas

Fix #21013
tyroneyeh added a commit to tyroneyeh/gitea that referenced this issue Sep 7, 2022
commit 32eef4a
Author: Lunny Xiao <[email protected]>
Date:   Wed Sep 7 05:32:20 2022 +0800

    Add changelog for v1.17.2 (go-gitea#21089)

    Co-authored-by: John Olheiser <[email protected]>
    Co-authored-by: 6543 <[email protected]>
    Co-authored-by: delvh <[email protected]>
    Co-authored-by: techknowlogick <[email protected]>

commit 449b39e
Author: Tyrone Yeh <[email protected]>
Date:   Tue Sep 6 16:42:05 2022 +0800

    Fix sub folder in repository missing add file dropdown (go-gitea#21069) (go-gitea#21083)

    Backport go-gitea#21069

    In repository sub folder missing add file dropdown menu, Probably broken since go-gitea#20602

commit 06f968d
Author: zeripath <[email protected]>
Date:   Tue Sep 6 07:54:47 2022 +0100

    Fix hard-coded timeout and error panic in API archive download endpoint (go-gitea#20925) (go-gitea#21051)

    Backport go-gitea#20925

    This commit updates the `GET /api/v1/repos/{owner}/{repo}/archive/{archive}`
    endpoint which prior to this PR had a couple of issues.

    1. The endpoint had a hard-coded 20s timeout for the archiver to complete after
       which a 500 (Internal Server Error) was returned to client. For a scripted
       API client there was no clear way of telling that the operation timed out and
       that it should retry.

    2. Whenever the timeout _did occur_, the code used to panic. This was caused by
       the API endpoint "delegating" to the same call path as the web, which uses a
       slightly different way of reporting errors (HTML rather than JSON for
       example).

       More specifically, `api/v1/repo/file.go#GetArchive` just called through to
       `web/repo/repo.go#Download`, which expects the `Context` to have a `Render`
       field set, but which is `nil` for API calls. Hence, a `nil` pointer error.

    The code addresses (1) by dropping the hard-coded timeout. Instead, any
    timeout/cancelation on the incoming `Context` is used.

    The code addresses (2) by updating the API endpoint to use a separate call path
    for the API-triggered archive download. This avoids producing HTML-errors on
    errors (it now produces JSON errors).

    Signed-off-by: Peter Gardfjäll <[email protected]>

    Signed-off-by: Peter Gardfjäll <[email protected]>
    Signed-off-by: Andrew Thornton <[email protected]>
    Co-authored-by: Peter Gardfjäll <[email protected]>
    Co-authored-by: Lunny Xiao <[email protected]>

commit 084797b
Author: Lunny Xiao <[email protected]>
Date:   Tue Sep 6 06:48:57 2022 +0800

    Fix delete user missed some comments (go-gitea#21067) (go-gitea#21068)

commit 7888a55
Author: zeripath <[email protected]>
Date:   Sun Sep 4 17:17:48 2022 +0100

    Delete unreferenced packages when deleting a package version (go-gitea#20977) (go-gitea#21060)

    Backport go-gitea#20977

    Delete a package if its last version got deleted. Otherwise removing the owner works only after the clean up job ran.

    Fix go-gitea#20969

    Co-authored-by: KN4CK3R <[email protected]>

commit ea416d7
Author: zeripath <[email protected]>
Date:   Sun Sep 4 17:17:35 2022 +0100

    Redirect if user does not exist on admin pages (go-gitea#20981) (go-gitea#21059)

    Backport go-gitea#20981

    When on /admin/users/ endpoints if the user is no longer in the DB,
    redirect instead of causing a http 500.

    Co-authored-by: KN4CK3R <[email protected]>

commit 0db6add
Author: zeripath <[email protected]>
Date:   Sun Sep 4 17:17:27 2022 +0100

    Set uploadpack.allowFilter etc on gitea serv to enable partial clones with ssh (go-gitea#20902) (go-gitea#21058)

    Backport go-gitea#20902

    When setting.Git.DisablePartialClone is set to false then the web server will add filter support to web http. It does this by using`-c` command arguments but this will not work on gitea serv as the upload-pack and receive-pack commands do not support this.

    Instead we move these options into the .gitconfig instead.

    Fix go-gitea#20400

    Signed-off-by: Andrew Thornton <[email protected]>

    Signed-off-by: Andrew Thornton <[email protected]>

commit 0ecbb71
Author: qwerty287 <[email protected]>
Date:   Sun Sep 4 17:12:37 2022 +0200

    Fix 500 on time in timeline API (go-gitea#21052) (go-gitea#21057)

    Backport go-gitea#21052

    Before converting a TrackedTime for the API we need to load its attributes - otherwise we get an NPE.

    Fix go-gitea#21041

commit ea38455
Author: Jason Song <[email protected]>
Date:   Sun Sep 4 23:12:01 2022 +0800

    Fill the specified ref in webhook test payload (go-gitea#20961) (go-gitea#21055)

    Backport go-gitea#20961

    The webhook payload should use the right ref when it‘s specified in the testing request.

    The compare URL should not be empty, a URL like `compare/A...A` seems useless in most cases but is helpful when testing.

commit 8fc80b3
Author: zeripath <[email protected]>
Date:   Sun Sep 4 16:11:02 2022 +0100

    Add another index for Action table on postgres (go-gitea#21033) (go-gitea#21054)

    Backport go-gitea#21033

    In go-gitea#21031 we have discovered that on very big tables postgres will use a
    search involving the sort term in preference to the restrictive index.

    Therefore we add another index for postgres and update the original migration.

    Fix go-gitea#21031

    Signed-off-by: Andrew Thornton <[email protected]>

commit 71aa64a
Author: zeripath <[email protected]>
Date:   Sun Sep 4 14:59:20 2022 +0100

    fix broken insecureskipverify handling in rediss connection uris (go-gitea#20967) (go-gitea#21053)

    Backport go-gitea#20967

    Currently, it's impossible to connect to self-signed TLS encrypted redis instances. The problem lies in inproper error handling, when building redis tls options - only invalid booleans are allowed to be used in `tlsConfig` builder. The problem is, when `strconv.ParseBool(...)` returns error, it always defaults to false - meaning it's impossible to set `tlsOptions.InsecureSkipVerify` to true.

    Fixes go-gitea#19213

    Co-authored-by: Igor Rzegocki <[email protected]>

commit 3aba72c
Author: zeripath <[email protected]>
Date:   Sun Sep 4 14:41:21 2022 +0100

    Add more checks in migration code (go-gitea#21011) (go-gitea#21050)

    Backport go-gitea#21011

    When migrating add several more important sanity checks:

    * SHAs must be SHAs
    * Refs must be valid Refs
    * URLs must be reasonable

    Signed-off-by: Andrew Thornton <[email protected]>

commit bd1412c
Author: José Carlos <[email protected]>
Date:   Sat Sep 3 21:11:03 2022 +0200

    Add Dev, Peer and Optional dependencies to npm PackageMetadataVersion (go-gitea#21017) (go-gitea#21044)

    Backport go-gitea#21017

    Set DevDependencies, PeerDependencies & OptionalDependencies in npm package metadatas

    Fix go-gitea#21013

commit 3973ce3
Author: silverwind <[email protected]>
Date:   Sat Sep 3 19:51:09 2022 +0200

    Improve arc-green code theme (go-gitea#21039) (go-gitea#21042)

    Backport go-gitea#21039

    - Increase contrasts overall
    - Add various missing theme classes
    - Ensure strings and constants are colored the same across languages

commit fbde31f
Author: Tyrone Yeh <[email protected]>
Date:   Sat Sep 3 21:36:27 2022 +0800

    Add down key check has tribute container (go-gitea#21016) (go-gitea#21038)

    Backport go-gitea#21016

    Fixes an issue where users would not be able to select by pressing the down arrow when using @tag above a message

    Bug videos:

    https://user-images.githubusercontent.com/1255041/188095999-c4ccde18-e53b-4251-8a14-d90c4042d768.mp4
@go-gitea go-gitea locked and limited conversation to collaborators May 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants