Requesting a tarball directly without previously requesting the package json fails

[JessicaMulein]

We noticed this because we had multiple sinopias behind a load balancer where NPM would get the toplevel on one instance and request the tgz directly on another. Although your normal use case probably doesn't account for load balancers, I would think it's possible that someone clearing out their sinopia cache will experience clients requesting a tarball without first asking for the package json or otherwise attempt to manually download tarball links.

Ideally it should check if it has the package first and pull from upstream otherwise.

Can you confirm? Would you prefer us to PR fixes, do you want to address it, or would this be a won'tfix/won'tmerge?

[rlidwka]

Confirmed, it fails.

I'll address it since doing it right is a bit non-trivial.

[JessicaMulein]

Many thanks. I'd like to add that we're impressed with your responsiveness and proactiveness in keeping ahead of problems. We spent a day investigating the 404/500 failures and created a fix only to find out you'd already fixed it in master. If there's anything I/we can do to help, please let us know. Thanks for being a great maintainer.

(oops, I keep clicking that close and comment button!)

[rlidwka]

Fixed, and published as sinopia@0.5.7. Thanks for reporting this.

[JessicaMulein]

Many thanks. We'll give it a test with our ELB on monday.