registry unconditionally returning gzipped JSON responses breaks old npm

[mayank-jain]

sudo npm install -g localtunnel
[sudo] password for rails: 
npm http GET https://registry.npmjs.org/localtunnel
npm http 304 https://registry.npmjs.org/localtunnel
npm http GET https://registry.npmjs.org/request/2.65.0
npm http GET https://registry.npmjs.org/yargs/3.29.0
npm http GET https://registry.npmjs.org/debug/2.2.0
npm http GET https://registry.npmjs.org/openurl/1.1.0
npm http 304 https://registry.npmjs.org/debug/2.2.0
npm http 304 https://registry.npmjs.org/yargs/3.29.0
npm http 200 https://registry.npmjs.org/request/2.65.0
npm ERR! registry error parsing json
npm http 304 https://registry.npmjs.org/openurl/1.1.0
npm ERR! SyntaxError: Unexpected token �
npm ERR! ����V[o�6��+���a�hY�e����C�6`غ��M@I�D["U�r���o�wH�I�u���D<��w��}>�=e\�Q��*�tJJ�q�Ro��V���Z���%�T��*D�g�F��r'�E��l���cHj���hb�����*��HDۜ������m�z��DB���3�d>�4I�{�V�,}�"k��w�R������tzj���� ��l���'V����x�%MMh������*��݁�9b򐺳^&
                                                                                                                          B�'���[�!�S��2pP�95e>���k���
!���2ɑ��$�Ə��
             �1̌o��9��j�"3����E�^E�7��J~A*������,�����D��
�H�k                                                    O�6`$H�#D�u\�S�U�
;�C��r��Hr5�Ճ)y��$Ji|1P8*2ڈ5�Fp"n����m���4m�iZ���\s��<��u�J�\T5��� F,�h������V��\ŷ~s̋���*�ڎۉ����</�MV^��z��WM������y�5׫mQע�d�1���n�-���g�f�6�-����E��I����=�!\1L����[hu�X��A�_� ��?t�v�.�,��gF�~�.:��
                                                                                                                              �Le�  /�]d�#���$::u�C�̤���y��Dc4�(���X'%�r��N��-Ì��C���iÓ�/�"9��b�?�̵��F�FTش��><����Ý
npm ERR!     at Object.parse (native)
npm ERR!     at RegClient.<anonymous> (/usr/share/npm/node_modules/npm-registry-client/lib/request.js:238:23)
npm ERR!     at Request.self.callback (/usr/lib/nodejs/request/index.js:148:22)
npm ERR!     at Request.EventEmitter.emit (events.js:98:17)
npm ERR!     at Request.<anonymous> (/usr/lib/nodejs/request/index.js:896:14)
npm ERR!     at Request.EventEmitter.emit (events.js:117:20)
npm ERR!     at IncomingMessage.<anonymous> (/usr/lib/nodejs/request/index.js:847:12)
npm ERR!     at IncomingMessage.EventEmitter.emit (events.js:117:20)
npm ERR!     at _stream_readable.js:920:16
npm ERR!     at process._tickCallback (node.js:415:13)
npm ERR! If you need help, you may report this log at:
npm ERR!     <http://github.com/isaacs/npm/issues>
npm ERR! or email it to:
npm ERR!     <npm-àgooglegroups.com>

npm ERR! System Linux 3.19.0-56-generic
npm ERR! command "/usr/bin/nodejs" "/usr/bin/npm" "install" "-g" "localtunnel"
npm ERR! cwd /home/rails/workspace/office/batooni-dev
npm ERR! node -v v0.10.25
npm ERR! npm -v 1.3.10
npm ERR! type unexpected_token
npm ERR! 
npm ERR! Additional logging details can be found in:
npm ERR!     /home/rails/workspace/office/batooni-dev/npm-debug.log
npm ERR! not ok code 0

[mayank-jain]

some one can help me?

[gunsch]

Seeing similar issues right now for other packages as well.

$ npm install -g is-posix-bracket
npm http GET https://registry.npmjs.org/is-posix-bracket
npm http 200 https://registry.npmjs.org/is-posix-bracket
npm ERR! registry error parsing json
npm ERR! SyntaxError: Unexpected token
npm ERR! �Y�n�����R\lW�DR�W����s��r1�\�V�9Kr)��W�Kɺ4@��@_���'�o��%YR,  �?�!�;;;�3������e4��Hy&���+��-T�ٸ,�3�؞���~���~;
                ��Px֠+D���6����%�/�\EY
npm ERR! ��B�E*�*J�����`�h*R&U�cI��٫7��f�$L�䅐
                                              �A5�O8�T�`~̥<4!AIe(>����F̕�
npm ERR! ��M˴���(�����6�}y�k�jI��c�%"�c:͉R��Z�HMJ����u�I�עP�-F㥚dŊr?����.�e���ά�*+��O�s
npm ERR! ��2���,�I��++[�'φ�����)�|�J���F1&��F��Ƽ���f#�9��P�!�q�!!
                                                                 h��'p�6|L+�ճ�/%���1�N��S?�Ts�������)����Z�gYhyȣAݫ ��[_^}7�_�7����xb,nϼz)c^��p,�4+��AP B��Hcg��?�F�?��/��+���[I�1O�*�$?@'X������@�;��v��N���m��N�ӵw��    ��q��*1-'\�   x��^��}���0��0��A�ߵC���M<C��%�i����r��dHKö�q
                                                                     �f�&�Y��PY
                                                                               .�
                                                                                 �
npm ERR! �E�}+E�(�dY�(�?��c�E�q���<�����W�>~���i\I3+ƛ�cl
                                                        �
npm ERR! ����;*����|�
                     NӖ�/����I�?b���.��qn�Y�1��_��z��K�A���׀�%2U,͆���0���{��YIEF B^Ɣ���
                                                                                      �#*"�w�H3z��ʘ܂�;�=��������|��;��1�H��kH��n=�'_'�?@�O[n�g�����������9��kȽ�2�q:����z��;l[]�
npm ERR! ���)%��E�����i��O�I����>�MiX�1C�l�Q4M�?(����n���'�ߥ�q}�cz}˺l���s���v;.��n�,�]u�
                                                                                        ��P���A��7���^��/�f��M9�DH3�Zв5�������I��p�|6�-�k�G���p�}���8��\r�"@�lp�-�29�t�ge�����*�4���
                                                                             v�R-7�H�
npm ERR! k�ˆB���y��}�K1�􈝦R���_�+��c#���6<��w���<�-%��M�2
/.�l���)�Yc                                             ɧBS�;�,5�+y�Ny�egt~V�� +��J�E��z��������Ga�
           �M��܋t4�BLH����hy�O��²��wr57�ѰV����~�C�����e���Fmc���P��uuby�]�����ӿd%K��D1���yhF�E�W�KHq�B{��y�.B��:���ҍ
             Am
               ��.�F�
                     7�f���I��
                              x��B  &�<�
npm ERR! ň�f�q9aө������l�d��S�w6Z���%��fKc�V�<��wn����!���9��D_!w6u$;��W�!�Tް�+JH�|�w�Ъ,���i���w��/�U��2�²��PW�XHG*�!��������vZ�eג�ѵ@[m�@�j)���ͽ�
�H3�4RR!�����~(���\V$}�Ѭ����y��)����Oyկi�qe�cYn���Ɗ�wID�hO1��Ǻ�Q�>2�
npm ERR! z��Y�|F�B��y��֍g|.�LĀa�8��U
                                    T Z�m�P��|\T�6��N[�a'4��k�b   ԇk�bvhւ뺅�d�����$�Qu/�B���|Iv�j���βU�Ȥh�٬�,F�����2?��]:壣���ёe��p�����\+�P��Z�8���4%�   ����"]C��
�{+��U�׵���~�v�����)?�|��&6������^�����Dw_��*GKWmj��X�'q:��b��%�4�ɉ�Ç��n��V
npm ERR!     at Object.parse (native)
npm ERR!     at RegClient.<anonymous> (/usr/local/Cellar/node/0.10.25/lib/node_modules/npm/node_modules/npm-registry-client/lib/request.js:241:23)
npm ERR!     at Request.self.callback (/usr/local/Cellar/node/0.10.25/lib/node_modules/npm/node_modules/request/request.js:123:22)
npm ERR!     at Request.EventEmitter.emit (events.js:98:17)
npm ERR!     at Request.<anonymous> (/usr/local/Cellar/node/0.10.25/lib/node_modules/npm/node_modules/request/request.js:893:14)
npm ERR!     at Request.EventEmitter.emit (events.js:117:20)
npm ERR!     at IncomingMessage.<anonymous> (/usr/local/Cellar/node/0.10.25/lib/node_modules/npm/node_modules/request/request.js:844:12)
npm ERR!     at IncomingMessage.EventEmitter.emit (events.js:117:20)
npm ERR!     at _stream_readable.js:920:16
npm ERR!     at process._tickCallback (node.js:415:13)
npm ERR! If you need help, you may report this *entire* log,
npm ERR! including the npm and node versions, at:
npm ERR!     <http://github.com/isaacs/npm/issues>

npm ERR! System Darwin 15.3.0
npm ERR! command "/usr/local/Cellar/node/0.10.25/bin/node" "/usr/local/bin/npm" "install" "-g" "is-posix-bracket"
npm ERR! cwd /Users/jesse/Dropbox/projects/notes
npm ERR! node -v v0.10.25
npm ERR! npm -v 1.3.24
npm ERR! type unexpected_token
npm ERR!
npm ERR! Additional logging details can be found in:
npm ERR!     /Users/jesse/Dropbox/projects/notes/npm-debug.log
npm ERR! not ok code 0

[gunsch]

It seems I was using a rather old version of npm. Upgrading to much more recent npm (v3.8.5) makes things run more smoothly.

[larowlan]

Seeing lots of the same errors today, updating npm/node resolves - did something change on the endpoints to render the old versions non-functional?

[p0wl]

we're seeing the same problems with npm 1.3.14. is updating npm the only solution?

[m0nkmaster]

We're running node 0.10.21 and npm 1.3.11 on CentOS and are experiencing the same issues. We're not that able to update node at the moment, has anyone found a solution which doesn't require updating node? btw this is happening for all my required npm modules, not specifically localtunnel.

[p0wl]

you can update npm without updating node via npm install -g npm

[schorsch3000]

@p0wl you cant if your npm as old as the ubuntu-14.01 default package :(

[Asvarox]

We have same problem, npm 1.3.10 and node 0.10.25. Can't currently upgrade the npm globally.

Our current workaround is to install newer npm via the old one locally, ie.

npm install npm@2.10.0

And then use it to install other dependencies

nodejs node_modules/npm/bin/npm-cli install

[othiym23]

@npm/registry-team team is testing a switch over to Content-Encoding: gzip for package metadata, because the savings in bandwidth would make installs faster and more reliable for everyone. Unfortunately, npm@1.3 and older can't handle gzipped responses. Doubly unfortunately, the npm CLI team doesn't support npm@1.3 anymore, as it's quite old (and buggy).

The registry team is in the process of rolling back this change until we can try again with a safer combination of headers that won't break old npm. I would also strongly urge anyone and everyone running npm@1.3 to upgrade, even if – especially if – you've gotten it through using the official Ubuntu packages, because that means you're running an old, insecure version of Node as well. I encourage everyone using old Ubuntu- or Fedora-distributed packages for Node and npm to switch to using the Node|Source distribution instead, which uses official builds from the Node.js build working group.

Thanks for your time and the detailed reports, everyone. I'll close this once we've rolled back the changes to the registry and given the CDN cache time to invalidate.

[kelsmj]

I was on NPM 3.3.6 and Node 5.0 and getting these issues

[othiym23]

@kelsmj Can you upload the console output to https://gist.github.com/? I suspect that your node process may be running a subprocess that's a Node of an older version, because by default npm@2+ handles gzipped responses without difficulty. Thanks!

[kelsmj]

It was actually JSPM that was failing, saying it could not parse the package.json when it was trying to npm:install some of dependencies (angular, moment etc). We don't get any verbose logging with that. To further complicate things, we are doing all this in Docker off a base Ubuntu 14.04.2 image. We are using an older version of JSPM, so maybe we need to upgrade that as well.

[cah-oster]

I'm using a version newer than 1.3 and getting this error:

+ node --version
v0.12.7
+ npm -version
2.11.3
+ sudo npm set progress=false
+ sudo npm install -g grunt-cli
npm http GET https://registry.npmjs.org/grunt-cli
npm http 200 https://registry.npmjs.org/grunt-cli
npm http GET https://registry.npmjs.org/grunt-cli/-/grunt-cli-1.2.0.tgz
npm http 200 https://registry.npmjs.org/grunt-cli/-/grunt-cli-1.2.0.tgz
npm http GET https://registry.npmjs.org/grunt-known-options
npm http GET https://registry.npmjs.org/nopt
npm http GET https://registry.npmjs.org/resolve
npm http GET https://registry.npmjs.org/findup-sync
npm http 200 https://registry.npmjs.org/grunt-known-options
npm http 200 https://registry.npmjs.org/nopt
npm ERR! registry error parsing json
npm http 304 https://registry.npmjs.org/findup-sync
npm http 200 https://registry.npmjs.org/resolve
npm http GET https://registry.npmjs.org/findup-sync/-/findup-sync-0.3.0.tgz
npm http GET https://registry.npmjs.org/grunt-known-options/-/grunt-known-options-1.1.0.tgz
npm ERR! SyntaxError: Unexpected token �
npm ERR! ������Y[o�6��+���X��T�ڭ��!����a���r��s$C�S�A����8i�4N<{����D�����G�|���ː�fU=ﲃ켁+|*��Z"��b���ƽ��T �9��8��+{   

[othiym23]

@cah-oster Until we have this change rolled back, you'll need to update to a newer version of npm@2, which is easily enough done with sudo npm install -g npm@latest-2. The changes to how npm and npm-registry-client handle gzipped response bodies didn't land until mid-npm@2 release lifecycle.

[cah-oster]

@othiym23 that fixed it. thanks. I read in another issue that was closed as a duplicate of this, that npm version > 1.3 was good enough.

[othiym23]

@cah-oster Your comment caused me to dig more deeply into the source, so I was able to figure out roughly when the change had been made. Thanks!

[othiym23]

Retitled issue to reflect the underlying issue.

[mikedoug]

Is there an ETA to solving this issue?

[othiym23]

@mikedoug I believe that it should be resolved now, in that the responses returned to the npm CLI are now only gzipped if the client sends an accepts-encoding: gzip header, which is only done by versions of npm that can handle decoding the response, and the unconditionally compressed responses should have aged out of the cache on our CDN. Are you seeing evidence to the contrary?

[mikedoug]

It is not working here: npm http GET https://registry.npmjs.org/gulp
npm http 200 https://registry.npmjs.org/gulp
npm ERR! registry error parsing json
npm ERR! SyntaxError: Unexpected token
npm ERR! �Yێ�6�C��Z�E��Zh�"@ۗ�})�/#[�n��M���CI��ٍ]��~0lQ�̐s�19�]�6���C�Eѕ�k|���%�Ia5#V��&#UB�2i����
�qe�˶��w�ށ��f��CY�E��=�8Ж�_z���ˏQ�

[mikedoug]

We worked around it by upgrading our Node to 4.x from nodesource.com's debian packages. This includes 2.15.0 which upgrades nicely to 2.15.2 and does not suffer from these problems.

https://github.com/nodesource/distributions#debinstall

[terenya-aleksandr]

Still getting the same errors

[soldair]

this is my oversight i need smarter invalidation. The older npm clients pull specific verisons by url directly whereas the suported clients pull the top level document. I apologize again for the delay in resolving this and now that we've found another case ill update again soon.

[soldair]

@mrjefftang how do things look for you now? The per version invalidation is still in progress but i verified the urls in your issue comment have been purged.

[terenya-aleksandr]

npm http 200 https://registry.npmjs.org/concat-map/0.0.1
npm ERR! registry error parsing json
npm ERR! error rolling back Error: ENOTEMPTY, rmdir '/usr/local/lib/node_modules/grunt-cli/node_modules/findup-sync/node_modules/glob/node_modules/inflight/node_modules/wrappy'
npm ERR! error rolling back  glob@5.0.15 { [Error: ENOTEMPTY, rmdir '/usr/local/lib/node_modules/grunt-cli/node_modules/findup-sync/node_modules/glob/node_modules/inflight/node_modules/wrappy']
npm ERR! error rolling back   errno: 53,
npm ERR! error rolling back   code: 'ENOTEMPTY',
npm ERR! error rolling back   path: '/usr/local/lib/node_modules/grunt-cli/node_modules/findup-sync/node_modules/glob/node_modules/inflight/node_modules/wrappy' }
npm http 200 https://registry.npmjs.org/balanced-match
npm http GET https://registry.npmjs.org/balanced-match/-/balanced-match-0.3.0.tgz
npm ERR! SyntaxError: Unexpected token
xldQ=T7o>|bFmYaM!Tp+
y0%j               IAM!;:u0oO,;"twx1yaxjz)VhRToE_mwAXE
npm ERR!
npm ERR! 4'D5zXP>~1dZD&t?0Hu:08/xB>.=~eu$2o|M.+ZGkQ!t_6"m6Rl]Cne:#V|hP(|dgP@;=P
{1Uzn4}!        ;QQ
E      U.,l,MHs"YE
 q;r[We:Ee=$h8)E#y};=oT
                       @6
npm ERR!     at Object.parse (native)
npm ERR!     at RegClient.<anonymous> (/usr/share/npm/node_modules/npm-registry-client/lib/request.js:238:23)
npm ERR!     at Request.self.callback (/usr/lib/nodejs/request/index.js:148:22)
npm ERR!     at Request.EventEmitter.emit (events.js:98:17)
npm ERR!     at Request.<anonymous> (/usr/lib/nodejs/request/index.js:896:14)
npm ERR!     at Request.EventEmitter.emit (events.js:117:20)
npm ERR!     at IncomingMessage.<anonymous> (/usr/lib/nodejs/request/index.js:847:12)
npm ERR!     at IncomingMessage.EventEmitter.emit (events.js:117:20)
npm ERR!     at _stream_readable.js:920:16
npm ERR!     at process._tickCallback (node.js:415:13)
npm ERR! If you need help, you may report this log at:
npm ERR!     <http://github.com/isaacs/npm/issues>
npm ERR! or email it to:
npm ERR!     <npm-@googlegroups.com>

npm ERR! System Linux 4.1.13-boot2docker
npm ERR! command "/usr/bin/nodejs" "/usr/bin/npm" "install" "-g" "grunt-cli"
npm ERR! cwd /devops/docker/ansible
npm ERR! node -v v0.10.25
npm ERR! npm -v 1.3.10
npm ERR! type unexpected_token
npm http 200 https://registry.npmjs.org/balanced-match/-/balanced-match-0.3.0.tgz
npm ERR!
npm ERR! Additional logging details can be found in:
npm ERR!     /devops/docker/ansible/npm-debug.log
npm ERR! not ok code 0

[soldair]

thanks @terenya-aleksandr ill look at these! note that if you don't run npm cache clear we respond with the same etag so it may use a garbled version from cache.

[mrjefftang]

Thanks @soldair that fixed it for all of my package dependencies.

[soldair]

@terenya-aleksandr concat-map/0.0.1 was not in my invalidation list yet. i ran just that one and /balanced-match for good measure. its really hard to tell whats going on because logging was so racy in those versions. helps?

[soldair]

just so anyone still effected knows my strategy.
I'm pulling every url y'all have requested with the patterns used by the effected older npm versions from massive logs generated the past couple days.

Hopefully this will ensure we don't miss anything folks are actually using. These old urls had support for dynamic version ranges and things that makes it impossible to generate the url strings any other way.

Please post module version urls you are still having issues with and ill look into each to make sure we have everything sorted out. Don't forget to npm cache clear if it's applicable to your build setup though! =)

update:
all of the urls i scraped have been invalidated and if the plan worked this should be resolved for everyone.

[chiefy]

did npm cache clear before I got this about 5 minutes ago:

here's a gist

[soldair]

@chiefy i need a bit more log data to see the url that had the encoding issue. the logging is very racey
If you could make a gist with your npm-debug.log contents i can figure out exactly the requests with the issue.

Anyone still experiencing the issue can feel free to contact us through support@npmjs.com so we can track these as regular tickets. I dont want to miss anyone.

[terenya-aleksandr]

@soldair

npm http 304 https://registry.npmjs.org/is-property
npm ERR!
npm ERR! Additional logging details can be found in:
npm ERR!     /var/www/sites/evessio/apps/evessio/evessio-admin/npm-debug.log
npm ERR! not ok code 0

[soldair]

@terenya-aleksandr could we move this to ticket via an email to support@npmjs.com so i can help you more directly? and or I need a gist to your npm-debug.log

[terenya-aleksandr]

npm http 200 https://registry.npmjs.org/tiny-lr-fork/0.0.5
npm ERR! registry error parsing json
npm http 200 https://registry.npmjs.org/sugar/-/sugar-1.4.1.tgz
npm http 200 https://registry.npmjs.org/open/0.0.5
npm http 200 https://registry.npmjs.org/gaze
npm http GET https://registry.npmjs.org/qs/-/qs-1.2.2.tgz
npm http GET https://registry.npmjs.org/istanbul/-/istanbul-0.3.22.tgz
npm http 200 https://registry.npmjs.org/connect-livereload
npm http 304 https://registry.npmjs.org/connect
npm ERR! SyntaxError: Unexpected token
npm ERR!TN0(q^IP
                hZKU!'$%qCR
                           x|w}cl
                                 {Q     m+
BEz@_0Z#U=                                )jmT
npm ERR! Ynkk^EvGn%"QiLGyp6q\k(M/Z[yBC]dM(bI]3
                                              Vf@?t'`)
                                                      kl8RT5hgoa
npm ERR! Dhf7JNrK~998
N^+
npm ERR! H;E⌂3+(E#K7#J+8X8O8fy4}O7

[soldair]

@terenya-aleksandr i cleared open/0.0.5 and tiny-lr-fork/0.0.5. lets continue in a support ticket if you are still having issues so we can use this more for status announcements. support@npmjs.com

[terenya-aleksandr]

@soldair thanks. Ok, let's continue in a support ticket.

[soldair]

ok folks. We setup a process that will catch anything that you might have an issue with that we haven't been able to purge manually. this change resolves this issue.

If you get an encoding error please npm cache clear. wait 20 or so seconds and try again.
If you continue to get the error please send a support request to support@npmjs.com along with your npm-debug.log so i can help you directly.

[soldair]

we had a some valid package names that were incorrectly filtered by a regular expression. this should be resolved now for you folks using socket.io-client etc =)

[sarsenault]

Still seeing errors while using Kappa to proxy the npm registry. There is an update that can handle the gzipped packages that works fine, but with an old install it still doesn't seem to be working any better yet. Unfortunately, there isn't any npm-debug.log since it is a proxy client, but I am noticing that every package with the version in the url (eg. /angular-messages/-/angular-messages-1.4.8.tgz) is fine, while those directly querying (eg. /angular-annotorious) are having failures.

Is this because you are checking the client string? The proxy server will pass along the client npm version in the request, which could be high enough to handle gzipped content (eg v3.8.3) but the proxy itself doesn't necessarily know to expect gzipped content. I assume given this that older Kappa versions will be permanently broken, for anyone else with similar problems.

[barbarak]

What was not working for me now is, I think you may have cracked it :)
Thanks!

[sirLisko]

Same here. Thanks a lot guys :)

[soldair]

@sarsenault we are not checking agent strings. if the proxy passes accept-encoding: gzip through from the npm client but does not support gzip responses for json it then it probably won't work. The proxy would have to strip the accept-encoding header on the way to the registry.

tarballs are always gzip and the npm client itself unpacks them. There was no change there so it makes sense that this would work.

[chiefy]

fwiw, npm did a post-mortem on this subject. thank you @othiym23 @soldair !