-
Notifications
You must be signed in to change notification settings - Fork 3k
Can't access scoped metadata from registry #9164
Comments
It turns out that the fact that this route worked for so long for unscoped packages was sort of a quirk of CouchDB -- this way of accessing individual package metadata was never used by the npm CLI (at least as far as I've been able to tell), and as such wasn't ported over to the new registry architecture for use with scoped packages. In fact, it's likely that the unscoped version will stop working at some point in the near future as the npm registry team locks down access to anything not supported as part of the official interface between the CLI and the registry. The workaround is pretty simple: fetch the entire package document, and then pick off the property
If you want an interface like this back / to work with scoped packages, you might want to file an issue describing your use case at https://github.com/npm/public-api/issues/new. |
What quirk of CouchDB? It seems like a behavior that's been thought out and implemented on purpose: https://github.com/npm/npm-registry-couchapp/blob/v2.6.10/registry/shows.js#L139-L153 It seems quite wasteful to download data for every version in the module's history if all you need is one version. For modules with two releases it may not matter that much but for other modules the difference is significant - for express it is 2kB vs 500kB, see:
And it only gets worse with every new version. At some point it will be a problem if it isn't already. It's just a matter of deciding if generating and sending 500kB of unneeded data by the npm registry when the client wants to get 2kB is already unreasonable or we need to wait until it's 5MB. See comments to PR 16 and PR 17 of package-json: |
This API end-point is now documented - https://github.com/npm/registry/blob/master/docs/REGISTRY-API.md#getpackageversion Can this issue please be re-opened to reflect that scoped packages are not supported per the API spec? |
This is the issue tracker for the npm CLI, which hasn't used that access pattern for the registry since before |
FWIW, discussion of this issue is ongoing at https://github.com/npm/registry/issues/34 |
While accessing a scoped package at https://registry.npmjs.org/@sindresorhus%2Fdf/, I see that version 1.0.1 is available. Trying to access the metadata for the 1.0.1 package, https://registry.npmjs.org/@sindresorhus%2Fdf/1.0.1, I get nothing.
However, this URL form works for non-scoped packages, https://registry.npmjs.org/pageres/1.0.1
I get '401 Unauthorized' as the HTTP status code from the npm registry.
Also, the following was in the response header:
npm-notice:ERROR: you cannot fetch versions for scoped packages
This issue came to light as part of a pull request (sindresorhus/package-json#6 (comment)) against package-json.
IRC discussion: http://logs.nodejs.org/npm/2015-07-29#19:04:58.872
The text was updated successfully, but these errors were encountered: