pnpm: Failure to resolve scoped package via Nexus proxy (npm works)
pnpm version: 6.28.0
Code to reproduce the issue:
example package.json:
{
"name": "example",
"version": "0.0.1",
"private": true,
"dependencies": {
"@gehtsoft/forex-connect-lite": "0.0.2"
}
}
Unproxied .npmrc:
audit=false
save-exact=true
cache=./cache
store-dir=./store
@gehtsoft:registry=https://www.myget.org/F/gehtsoft-public/npm/
Proxied via Nexus (with auth, elided):
audit=false
save-exact=true
cache=./cache
store-dir=./store
@gehtsoft:registry=http://localhost:8081/repository/npm-gehtsoft-public/
pnpm-lock.yaml stanza for relevant artifact:
/@gehtsoft/forex-connect-lite/0.0.2:
resolution: {integrity: sha1-O1E4wmuxijI0vl1LLWtcs4iRZ0M=, tarball: '@gehtsoft/forex-connect-lite/-/@gehtsoft/forex-connect-lite-0.0.2.tgz'}
dependencies:
buffer: 6.0.3
crypto-js: 4.1.1
pako: 2.0.4
xml: 1.0.1
xmldom: 0.6.0
dev: false
Equivalent npm package-lock.json stanza:
"@gehtsoft/forex-connect-lite": {
"version": "0.0.2",
"resolved": "https://www.myget.org/F/gehtsoft-public/npm/@gehtsoft/forex-connect-lite/-/@gehtsoft/forex-connect-lite-0.0.2.tgz",
"integrity": "sha1-O1E4wmuxijI0vl1LLWtcs4iRZ0M=",
"requires": {
"buffer": "^6.0.3",
"crypto-js": "^4.1.1",
"pako": "^2.0.4",
"xml": "^1.0.1",
"xmldom": "^0.6.0"
}
},
Expected behavior:
pnpm install (direct) works and produces a lock file.
pnpm install --frozen-lockfile (using Nexus) works
Actual behavior:
pnpm install works and produces lock file
pnpm install --frozen-lockfile using Nexus fails to resolve (404) - pnpm debug information attached.
npm install (direct) works and produces package-lock.json
npm ci (via Nexus) works as expected.
Note specifically the different URLs used by pnpm vs npm to retrieve the artifact:
pnpm: http://localhost:8081/repository/npm-gehtsoft-public/@gehtsoft/forex-connect-lite/-/@gehtsoft/forex-connect-lite-0.0.2.tgz
npm: http://localhost:8081/repository/npm-gehtsoft-public/@gehtsoft/forex-connect-lite/-/forex-connect-lite-0.0.2.tgz
There is an extra @gehtsoft in the path used by pnpm which is resulting in a 404.
Additional information:
node -vprints:v16.13.2- Windows, macOS, or Linux?: Linux - Ubuntu 20.04
- Nexus
v3.37.3
pnpm-debug.log subset:
"29 debug pnpm:request-retry": {
"attempt": 1,
"error": {
"code": "ERR_PNPM_FETCH_404",
"hint": "An authorization header was used: Basic cm86[hidden]",
"attempts": 1,
"request": {
"url": "http://localhost:8081/repository/npm-gehtsoft-public/@gehtsoft/forex-connect-lite/-/@gehtsoft/forex-connect-lite-0.0.2.tgz",
"authHeaderValue": "Basic cm86[elided]"
},
"response": {
"size": 0
},
"resource": "http://localhost:8081/repository/npm-gehtsoft-public/@gehtsoft/forex-connect-lite/-/@gehtsoft/forex-connect-lite-0.0.2.tgz"
},
"maxRetries": 2,
"method": "GET",
"timeout": 10000,
"url": "http://localhost:8081/repository/npm-gehtsoft-public/@gehtsoft/forex-connect-lite/-/@gehtsoft/forex-connect-lite-0.0.2.tgz"
},
Equivalent subset of npm-debug.log:
npm http fetch GET 200 http://localhost:8081/repository/npm-gehtsoft-public/@gehtsoft/forex-connect-lite/-/forex-connect-lite-0.0.2.tgz 370ms (cache miss)
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Reactions: 6
- Comments: 16 (8 by maintainers)
@zkochan: you can close this - the issue is not with pnpm but actually with Nexus
The root cause is how Nexus stores scoped packages without matching the exact upstream path.
npm cibypasses any settings in.npmrcfor registry and uses the the raw url in thepackage-lock.json. If I substitute the URL in the lock file with Nexus’s registry, the same problem occurs.yarnand attempt to replace the URL in theyarn.lockfile.npm / yarn / pnpm can all be made to work with a minor use of
sedon the lock file prior to usage in the CI environment so there is a work-around.I’ll raise a bug in Nexus and link it here for reference sake. Thank you for investigating, sorry for wasting your time.