Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Npm install not sending accept: 'application/vnd.npm.install-v1+json' header #7529

Closed
2 tasks done
yuvalojfrog opened this issue May 15, 2024 · 4 comments
Closed
2 tasks done

[BUG] Npm install not sending accept: 'application/vnd.npm.install-v1+json' header #7529

yuvalojfrog opened this issue May 15, 2024 · 4 comments
Labels
Bug thing that needs fixing Needs Triage needs review for next steps

Comments

@yuvalojfrog
Copy link

yuvalojfrog commented May 15, 2024
edited

Is there an existing issue for this?

  • I have searched the existing issues

This issue exists in the latest npm version

  • I am using the latest npm

Current Behavior

when running Npm install with the latest version Npm does not send any more the accept: 'application/vnd.npm.install-v1+json' header.

https://github.com/npm/registry/blob/main/docs/responses/package-metadata.md

as a result, we are getting the full metadata and not the abbreviated metadta

Expected Behavior

Npm will send accept: 'application/vnd.npm.install-v1+json header as part of the npm install command.

Steps To Reproduce

npm install tiny-tarball and see the headers that send using proxy

Environment

node bin location = /opt/homebrew/Cellar/node/22.0.0/bin/node
; node version = v22.0.0
; npm version = 10.4.0
@yuvalojfrog yuvalojfrog added Bug thing that needs fixing Needs Triage needs review for next steps labels May 15, 2024
@yuvalojfrog
Copy link
Author

yuvalojfrog commented May 15, 2024
edited

It began with NPM version 10.4.0.

I noticed this commit, which could result in a 2-6 times increase in network traffic when requesting the full metadata instead of the "slim" version.
Are we sure this is what we want??
for example, installing npm (npm install npm) will now download 21MB of metadata instead of 2.1MB (x10 more!)

Additionally, I couldn't find any documentation on this.

@yuvalojfrog yuvalojfrog mentioned this issue May 15, 2024
Open
2 tasks
@wraithgar
Copy link
Member

The minified version of the packuments do not have all of the attributes that npm needs to install pacakges anymore. Work is being done on the registry to fix this, and until then we have to fetch the full packuments for all installations to work.

@nadav-yo
Copy link

nadav-yo commented May 15, 2024
edited

@wraithgar
That means the traffic could be up to 10x more... And that's just for the metadata..then there are the dependencies and their packuments, and the packages themselves..
Why not add it to the abbreviated package metadata?

For instance, npm install npm now downloads 21mb(!!) instead of 2.1mb(which is also very big) on the abbreviated data. That doesn't sounds right, and there are many many packages that have very big packuments... And as we know each npm install downloads a lot of these

@yuvalojfrog
Copy link
Author

@wraithgar,
Your response would be greatly appreciated.
I believe this change carries significant implications. Could you provide further details on your plans regarding it? Specifically, I'm interested in understanding if there will be modifications to the abbreviated package metadata or any alterations within the registry itself.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug thing that needs fixing Needs Triage needs review for next steps
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@wraithgar @nadav-yo @yuvalojfrog