1.3.0 broke nexus access

[axi92]

Since version 1.3.0 the private-extension-manager is not longer working with our nexus3.
If I downgrade to 1.2.0 it is working again.
I saw there were some changes in npm-registry-fetch and tried to upgrade to 9.0.0 but that does not solve the problem.

Extension log:

Warning: Discarding package ng-ide:
FetchError: Response timeout while trying to fetch https://domain.com/nexus/repository/npm-group/ng-ide (over 5000ms)
Warning: Discarding package ng-ide:
FetchError: Response timeout while trying to fetch https://domain.com/nexus/repository/npm-group/ng-ide (over 5000ms)
Warning: Discarding package ng-ide:
FetchError: Response timeout while trying to fetch https://domain.com/nexus/repository/npm-group/ng-ide (over 5000ms)

[joelspadin-garmin]

That is odd. Could you try fetching that package using the pacote CLI's manifest, packument, and/or tarball commands? If that does work, then I can try updating NPM libraries again. If it doesn't work, it sounds like there's either a problem with either pacote/npm-registry-fetch or nexus.

[axi92]

I have the problem that we use a self signed cert and NODE_TLS_REJECT_UNAUTHORIZED=0 is not working.
Do you have any idea how to test this?

In the private-extension-manager we have our cert in the config json.

[joelspadin-garmin]

If you're on Windows, this extension might help: https://marketplace.visualstudio.com/items?itemName=ukoloff.win-ca

Otherwise, I'm not very familiar with how Node or the NPM libraries handle certificates. https://stackoverflow.com/questions/9626990/receiving-error-error-ssl-error-self-signed-cert-in-chain-while-using-npm might be related?

[jamesbattersby]

I'm having the similar issues with JFrog Artifactory Enterprise Plus 7.6.2 rev 70602900.
I haven't had the chance to do much investigation yet, but with 1.3.0 it is failing to get the list of extensions, downgrade to 1.2.0 and it works fine. I get the same behaviour on Windows and Linux. I'll post more info when I've investigated.

[joelspadin-garmin]

I'm also getting timeouts with 1.3.0 now, though I don't have the time to investigate why at the moment. I'll probably just revert the NPM modules again.

[joelspadin-garmin]

I reverted everything yet again in v1.4.0. Let me know if it's working again.

[jamesbattersby]

Thanks - will give it a try as soon as it becomes available in the market place.

[jamesbattersby]

I still have the same problem with 1.4.0. I have tried switching between 1.4.0 and 1.2.0 just to confirm and 1.2.0 works fine, 1.4.0 never returns a list of extensions. With any luck I'll have some time this weekend to do some digging.

[joelspadin-garmin]

Oh. I forgot to go back to the old version libnpmsearch, so it looks like that's still depending on a newer version of npm-registry-fetch. Let me try reverting that one too.

[joelspadin-garmin]

Published v1.4.1 to revert libnpmsearch too.

[jamesbattersby]

It's now working for me with 1.4.1.

[axi92]

1.4.1 is working for us as well! Nice work!

[joelspadin-garmin]

Great! Sounds like we need to file an issue with https://github.com/npm/npm-registry-fetch/issues.

[jamesbattersby]

I found that with the failing version I get a TCP duplicate ACK going from my machine to the server, then nothing for 70 seconds, then a "TLSv1.2 Encryption Alert" back from the server (which I think is the server giving up). In the working version after the duplicate ACK there is more data sent to the server and it carries on. This made me think that the problem is quite low level. After some experimentation I made it work by replacing https-proxy-agent in make-fetch-happen with version 2.2.4 (down from 5.0.0). I still need to dig some more to find out exactly what is going on.