Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Critical bug? ERR_PNPM_FETCH_404 because /download/ is /-/ for new packages on npmjs #3744

Open
AgainPsychoX opened this issue Sep 3, 2021 · 4 comments
Open

Critical bug? ERR_PNPM_FETCH_404 because /download/ is /-/ for new packages on npmjs #3744

AgainPsychoX opened this issue Sep 3, 2021 · 4 comments
Labels
type: bug

Comments

@AgainPsychoX
Copy link

AgainPsychoX commented Sep 3, 2021
edited
Loading

pnpm version: pnpm@6.14.5

Code to reproduce the issue

Wanted to contribute to https://github.com/liuweiGL/vite-plugin-mkcert/ , freshly cloned, try to run npm install, notice it's pnpm repo (thanks for npx only-allow pnpm), installed freshly pnpm globally, tried running pnpm install, it was running for a while, then I see multiple warnings and error at the end.

Debug log: https://gist.github.com/AgainPsychoX/dd85dbc4490fe9137ef14ba1d787f075

Expected behaviour

Download all packages successfully.

Actual behaviour

Additional information

Node version: v16.3.0
Operating system: Windows 10

After some investigation, I realized that PNPM is wrong here and it seems ignoring NPMJS registry manifests...

For example:

  • https://registry.npmjs.org/has-unicode/download/has-unicode-2.0.1.tgz is 404.
  • https://registry.npmjs.org/has-unicode/ tells us version 2.0.1 exists, but under different URL.
  • https://registry.npmjs.org/has-unicode/-/has-unicode-2.0.1.tgz downloads successfully and it's valid package.

IMO, the registry should rewrite /download/ to /-/ "just in case", but for sure the PNPM should look up manifests URL for downloading.
This was referenced Sep 3, 2021
Closed
Closed
@zkochan
Copy link
Member

zkochan commented Sep 3, 2021

This happened because the lockfile was created using a non-standard registry. So the one who created the lockfile, was using

registry=https://registry.npm.taobao.org/

https://github.com/liuweiGL/vite-plugin-mkcert/blob/4ddd0f145535ace5a79af2ddf7f6e56f057c4e2d/.npmrc#L2

For some reason, taobao uses different location for the tarballs. I am not sure how could we fix it. Maybe using some hardcoded fix. If the tarball contains /download/ and the registry is npmjs, we can try the standard tarball URL

CoolSpring8 added a commit to CoolSpring8/griseous that referenced this issue Sep 30, 2021
@CoolSpring8
chore: specify npm registry mirror
4ba0380 
see pnpm/pnpm#3744
@richex-cn
Copy link

richex-cn commented May 24, 2022
edited
Loading

Any updates? I also encountered this mistake while pnpm i, Is it possible to consider adding a command line parameter to make pnpm ignore the tarball in lockfile?

@banyudu
Copy link

banyudu commented Jun 16, 2022

I bypassed this issue by running npm config set registry https://registry.npm.taobao.org/

@richex-cn
Copy link

richex-cn commented Jun 16, 2022
edited
Loading

I bypassed this issue by running npm config set registry https://registry.npm.taobao.org/

If you use a non-standard registry to generate a lock file, there will be annoying problems when you want to use the NPM registry in future.

BTW, Taobao registry mirror has been changed to https://registry.npmmirror.com , And the resolution of npm.taobao.org will stop on 2022-06-16.

@plylrnsdy plylrnsdy mentioned this issue Sep 16, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@zkochan @banyudu @AgainPsychoX @richex-cn