Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[npm/yarn] InvalidPackageName #5246

Closed
Sergio-IME opened this issue Jun 8, 2022 · 5 comments · Fixed by #5259
Closed

[npm/yarn] InvalidPackageName #5246

Sergio-IME opened this issue Jun 8, 2022 · 5 comments · Fixed by #5259
Assignees
@raj-meka
Labels
Batch How We Work: Feature. Outcome achieved within 1 iteration. Can live under an epic, or stand alone. good first issue L: javascript:npm npm packages via npm T: bug 🐞 Something isn't working

Comments

@Sergio-IME
Copy link

Hi
(sorry if this has to go to support instead of here, not quite sure)
it seems that this particular npm package is causing trouble in Insights > Dep graph > Dependabot tab, but maybe it has other ramifications

Package ecosystem
npm

Images of the diff or a link to the PR, issue, or logs

updater | ERROR <job_XXXXXXXXX> Error processing @_sh/strapi-plugin-ckeditor (Dependabot::NpmAndYarn::PackageName::InvalidPackageName)
updater | ERROR <job_XXXXXXXXX> Dependabot::NpmAndYarn::PackageName::InvalidPackageName
updater | ERROR <job_XXXXXXXXX> /home/dependabot/dependabot-updater/vendor/ruby/2.7.0/gems/dependabot-npm_and_yarn-0.191.0/lib/dependabot/npm_and_yarn/package_name.rb:26:in `initialize'
updater | ERROR <job_XXXXXXXXX> /home/dependabot/dependabot-updater/vendor/ruby/2.7.0/gems/dependabot-npm_and_yarn-0.191.0/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb:234:in `new'
updater | ERROR <job_XXXXXXXXX> /home/dependabot/dependabot-updater/vendor/ruby/2.7.0/gems/dependabot-npm_and_yarn-0.191.0/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb:234:in `types_package'
updater | ERROR <job_XXXXXXXXX> /home/dependabot/dependabot-updater/vendor/ruby/2.7.0/gems/dependabot-npm_and_yarn-0.191.0/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb:251:in `types_update_available?'
updater | ERROR <job_XXXXXXXXX> /home/dependabot/dependabot-updater/vendor/ruby/2.7.0/gems/dependabot-npm_and_yarn-0.191.0/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb:78:in `latest_resolvable_version'
updater | ERROR <job_XXXXXXXXX> /home/dependabot/dependabot-updater/vendor/ruby/2.7.0/gems/dependabot-npm_and_yarn-0.191.0/lib/dependabot/npm_and_yarn/update_checker.rb:32:in `latest_resolvable_version'
updater | ERROR <job_XXXXXXXXX> /home/dependabot/dependabot-updater/vendor/ruby/2.7.0/gems/dependabot-common-0.191.0/lib/dependabot/update_checkers/base.rb:74:in `preferred_resolvable_version'
updater | ERROR <job_XXXXXXXXX> /home/dependabot/dependabot-updater/vendor/ruby/2.7.0/gems/dependabot-common-0.191.0/lib/dependabot/update_checkers/base.rb:257:in `preferred_version_resolvable_with_unlock?'
updater | ERROR <job_XXXXXXXXX> /home/dependabot/dependabot-updater/vendor/ruby/2.7.0/gems/dependabot-common-0.191.0/lib/dependabot/update_checkers/base.rb:249:in `numeric_version_can_update?'
updater | ERROR <job_XXXXXXXXX> /home/dependabot/dependabot-updater/vendor/ruby/2.7.0/gems/dependabot-common-0.191.0/lib/dependabot/update_checkers/base.rb:199:in `version_can_update?'
updater | ERROR <job_XXXXXXXXX> /home/dependabot/dependabot-updater/vendor/ruby/2.7.0/gems/dependabot-common-0.191.0/lib/dependabot/update_checkers/base.rb:44:in `can_update?'
updater | ERROR <job_XXXXXXXXX> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:454:in `requirements_to_unlock'
updater | ERROR <job_XXXXXXXXX> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:232:in `check_and_create_pull_request'
updater | ERROR <job_XXXXXXXXX> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:82:in `check_and_create_pr_with_error_handling'
updater | ERROR <job_XXXXXXXXX> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:56:in `block in run'
updater | ERROR <job_XXXXXXXXX> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:56:in `each'
updater | ERROR <job_XXXXXXXXX> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:56:in `run'
updater | ERROR <job_XXXXXXXXX> /home/dependabot/dependabot-updater/lib/dependabot/update_files_job.rb:17:in `perform_job'
updater | ERROR <job_XXXXXXXXX> /home/dependabot/dependabot-updater/lib/dependabot/base_job.rb:35:in `run'
updater | ERROR <job_XXXXXXXXX> bin/update_files.rb:22:in `<main>'
@Sergio-IME Sergio-IME added the T: bug 🐞 Something isn't working label Jun 8, 2022
@mattt
Copy link
Contributor

mattt commented Jun 14, 2022
edited

Thanks so much for reporting this issue, @Sergio-IME.

I just opened PR #5259 with a fix.

@mattt mattt mentioned this issue Jun 14, 2022
Merged
@Sergio-IME
Copy link
Author

Thank you!

@Sergio-IME
Copy link
Author

Sergio-IME commented Jun 16, 2022
edited

Hello
0.193.0 is not happy either

updater | ERROR <job_XXXXXXXX> Error processing @_sh/strapi-plugin-ckeditor (Dependabot::NpmAndYarn::PackageName::InvalidPackageName)
updater | ERROR <job_XXXXXXXX> Dependabot::NpmAndYarn::PackageName::InvalidPackageName
updater | ERROR <job_XXXXXXXX> /home/dependabot/dependabot-updater/vendor/ruby/2.7.0/gems/dependabot-npm_and_yarn-0.193.0/lib/dependabot/npm_and_yarn/package_name.rb:35:in `initialize'
updater | ERROR <job_XXXXXXXX> /home/dependabot/dependabot-updater/vendor/ruby/2.7.0/gems/dependabot-npm_and_yarn-0.193.0/lib/dependabot/npm_and_yarn/package_name.rb:80:in `new'
updater | ERROR <job_XXXXXXXX> /home/dependabot/dependabot-updater/vendor/ruby/2.7.0/gems/dependabot-npm_and_yarn-0.193.0/lib/dependabot/npm_and_yarn/package_name.rb:80:in `types_package_name'
updater | ERROR <job_XXXXXXXX> /home/dependabot/dependabot-updater/vendor/ruby/2.7.0/gems/dependabot-npm_and_yarn-0.193.0/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb:234:in `types_package'
updater | ERROR <job_XXXXXXXX> /home/dependabot/dependabot-updater/vendor/ruby/2.7.0/gems/dependabot-npm_and_yarn-0.193.0/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb:251:in `types_update_available?'
updater | ERROR <job_XXXXXXXX> /home/dependabot/dependabot-updater/vendor/ruby/2.7.0/gems/dependabot-npm_and_yarn-0.193.0/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb:78:in `latest_resolvable_version'
updater | ERROR <job_XXXXXXXX> /home/dependabot/dependabot-updater/vendor/ruby/2.7.0/gems/dependabot-npm_and_yarn-0.193.0/lib/dependabot/npm_and_yarn/update_checker.rb:32:in `latest_resolvable_version'
updater | ERROR <job_XXXXXXXX> /home/dependabot/dependabot-updater/vendor/ruby/2.7.0/gems/dependabot-common-0.193.0/lib/dependabot/update_checkers/base.rb:74:in `preferred_resolvable_version'
updater | ERROR <job_XXXXXXXX> /home/dependabot/dependabot-updater/vendor/ruby/2.7.0/gems/dependabot-common-0.193.0/lib/dependabot/update_checkers/base.rb:257:in `preferred_version_resolvable_with_unlock?'
updater | ERROR <job_XXXXXXXX> /home/dependabot/dependabot-updater/vendor/ruby/2.7.0/gems/dependabot-common-0.193.0/lib/dependabot/update_checkers/base.rb:249:in `numeric_version_can_update?'
updater | ERROR <job_XXXXXXXX> /home/dependabot/dependabot-updater/vendor/ruby/2.7.0/gems/dependabot-common-0.193.0/lib/dependabot/update_checkers/base.rb:199:in `version_can_update?'
updater | ERROR <job_XXXXXXXX> /home/dependabot/dependabot-updater/vendor/ruby/2.7.0/gems/dependabot-common-0.193.0/lib/dependabot/update_checkers/base.rb:44:in `can_update?'
updater | ERROR <job_XXXXXXXX> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:454:in `requirements_to_unlock'
updater | ERROR <job_XXXXXXXX> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:232:in `check_and_create_pull_request'
updater | ERROR <job_XXXXXXXX> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:82:in `check_and_create_pr_with_error_handling'
updater | ERROR <job_XXXXXXXX> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:56:in `block in run'
updater | ERROR <job_XXXXXXXX> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:56:in `each'
updater | ERROR <job_XXXXXXXX> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:56:in `run'
updater | ERROR <job_XXXXXXXX> /home/dependabot/dependabot-updater/lib/dependabot/update_files_job.rb:17:in `perform_job'
updater | ERROR <job_XXXXXXXX> /home/dependabot/dependabot-updater/lib/dependabot/base_job.rb:35:in `run'
updater | ERROR <job_XXXXXXXX> bin/update_files.rb:22:in `<main>'

looks like this @types/_sh__strapi-plugin-ckeditor

dependabot-core/npm_and_yarn/lib/dependabot/npm_and_yarn/package_name.rb

Line 80 in 536376d

self.class.new("@types/#{@scope}__#{@name}")

is rejected by this

dependabot-core/npm_and_yarn/lib/dependabot/npm_and_yarn/package_name.rb

Line 17 in 536376d

(?=[^\.\_]) # reject leading dot or underscore

@jakecoffman jakecoffman reopened this Jun 16, 2022
@abdulapopoola abdulapopoola added the Batch How We Work: Feature. Outcome achieved within 1 iteration. Can live under an epic, or stand alone. label Mar 14, 2024
raj-meka added a commit that referenced this issue Apr 23, 2024
@raj-meka
#5246:removing the leading underscore restriction in the package naming.
b2b3cfe
raj-meka added a commit that referenced this issue Apr 23, 2024
@raj-meka
#5246:changes are done as per the review comments.
845611d
raj-meka added a commit that referenced this issue Apr 23, 2024
@raj-meka
#5246:removing the leading underscore restriction in the package naming.
0ed89ad
raj-meka added a commit that referenced this issue Apr 23, 2024
@raj-meka
#5246:changes are done as per the review comments.
1803206
raj-meka added a commit that referenced this issue Apr 23, 2024
@raj-meka
Merge branch 'main' into raj/#5246
09bcb48
raj-meka added a commit that referenced this issue Apr 23, 2024
@raj-meka
#5246:changes done as per review comments.
f861fa1
raj-meka added a commit that referenced this issue Apr 24, 2024
@raj-meka
#5246:changes done at package name regex inorder to meet the response…
00913b8 
… as expected with proper validation
raj-meka added a commit that referenced this issue Apr 24, 2024
@raj-meka
#5246:changes reset to original
5f28b9a
raj-meka added a commit that referenced this issue Apr 25, 2024
@raj-meka
Merge branch 'main' into raj/#5246
05f7445
raj-meka added a commit that referenced this issue Apr 25, 2024
@raj-meka
Merge pull request #9569 from dependabot/raj/#5246
bd9b132 
#5246:removing the leading underscore restriction in the package naming.
@raj-meka
Copy link
Collaborator

Thank you so much for reporting an issue @Sergio-IME

i have raised PR #9569 with a fix

@abdulapopoola
Copy link
Member

Fixed in #9569

@JamieMagee JamieMagee mentioned this issue Apr 30, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@raj-meka raj-meka

Labels
Batch How We Work: Feature. Outcome achieved within 1 iteration. Can live under an epic, or stand alone. good first issue L: javascript:npm npm packages via npm T: bug 🐞 Something isn't working
Projects
Dependabot
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update NPM package name validation rules dependabot/dependabot-core
6 participants
@mattt @jeffwidman @abdulapopoola @jakecoffman @Sergio-IME @raj-meka