Error on some names

[astur]

HTTPError throws when checking some package names via this cli-package. Like this:

~ $ npm-name f
HTTPError: Response code 404 (Not Found)
    at stream.catch.then.data (/usr/local/lib/node_modules/npm-name-cli/node_modules/squatter/node_modules/got/index.js:182:13)
    at <anonymous>
    at process._tickCallback (internal/process/next_tick.js:188:7)

f is real npm package.

When using API from npm-name it will be all right for this package:

const nn = require('npm-name');
await nn('f') // false

I thing it is a bug.

[sindresorhus]

The error is coming from https://github.com/sholladay/squatter

// @sholladay

[sholladay]

Thanks, I am able to reproduce this. Seems to be due to changes to the npm registry. Specifically, the call we make at has-binary-or-dependent.js#L16-L28 is now failing for all packages. The reason you only see it for some packages in the CLI is because we short-circuit the logic and don't run that code if we don't need it, which is the case for some packages.

I ran the squatter tests and the integration test for hasBinaryOrDependent() is failing where it was previously passing.

The error output from the squatter tests shows the full GotError:

HTTPError (GotError) {
  headers: {
    'accept-ranges': 'bytes',
    age: '0',
    'cache-control': 'max-age=0',
    connection: 'close',
    date: 'Wed, 23 May 2018 16:01:32 GMT',
    'npm-notice': 'this endpoint is deprecated',
    'transfer-encoding': 'chunked',
    via: '1.1 varnish',
    'x-cache': 'MISS',
    'x-cache-hits': '0',
    'x-served-by': 'cache-bos8228-BOS',
    'x-timer': 'S1527091292.376027,VS0,VE366',
  },
  host: 'registry.npmjs.org',
  hostname: 'registry.npmjs.org',
  method: 'GET',
  path: '/-/_view/dependedUpon?group_level=2&startkey=%5B%22rawr%22%5D&endkey=%5B%22rawr%22%2C%7B%7D%5D&stale=update_after&skip=0&limit=1000',
  protocol: 'https:',
  statusCode: 404,
  statusMessage: 'Not Found',
  url: 'https://registry.npmjs.org/-/_view/dependedUpon?group_level=2&startkey=%5B%22rawr%22%5D&endkey=%5B%22rawr%22%2C%7B%7D%5D&stale=update_after&skip=0&limit=1000',
  message: 'Response code 404 (Not Found)',
}

The thing that catches my eye is that npm-notice header:

'npm-notice': 'this endpoint is deprecated'

I guess this is a hard deprecation. 😞

Anyone know if there is a replacement? I filed https://github.com/npm/registry/issues/231 back when I first released squatter, asking for an alternative. I'm not aware of any movement on that. @zeke's dependent-counts package is the best solution I know of, but it is out of date and the install size is 11MB.

[zeke]

The all-the-package-names package is updated daily by a bot. It's not up-to-the-minute accurate, but will be adequate for most cases:

npx all-the-package-names | egrep '^foo'

See also available by @feross.

[sholladay]

I need something that, given a package name, returns a list of dependents (or at least the number of dependents).

dependent-counts looks great, but I would prefer to use an online API in this case. Know anyone I should ping, maybe someone on the registry team?

[zeke]

Yeah dependent-counts is in dire need of upkeep and automation.

Registry folks you may want to reach out to:

• https://github.com/ceejbot
• https://github.com/bcoe
• https://github.com/soldair
• https://github.com/mmalecki

[sholladay]

I reached out to Benjamin Coe on Twitter and he replied that the endpoint being used here has not knowingly been deprecated. So this is likely just a regression on the registry that will (hopefully) be fixed soon.

I'll give them some time to fix it and in the meantime, I'll think about ideas for offline fallbacks to improve the UX going forward.

[astur]

@sholladay

I need something that, given a package name, returns a list of dependents (or at least the number of dependents).

My new package check-npm-dependents can help you with number of dependents. Not offline but always up to date. It takes data right from npmjs.com pages.

[sholladay]

Neat idea! Seems like a reasonable workaround for now. I'll open a couple of issues with improvement ideas and look into including it in a patch release.

[zeke]

check-npm-dependents

good idea, @astur.

Is anyone else sad that it's 2018, npm Inc has been a funded company for 5 years, and there's still no API for this kind of thing? Seems ridiculous that we have to scrape the website for this info.

[astur]

@sholladay

I'll open a couple of issues...

Ok, fixed version on npm now.

[sindresorhus]

@sholladay Can you use that package and release a new version of squatter so we can close this issue?

[sholladay]

I have fixed this in squatter@0.2.0 (release notes here). Note that I had to release it as a breaking change, because scra (a subdependency of check-npm-dependents) requires Node 8+, whereas squatter previously supported Node 7.6+. That shouldn't be a problem for anyone since Node 7 is EOL and npm-name-cli is already on 8+, but we'll have to upgrade manually here.

I opened a PR with the upgrade: #13

Unrelated side note: scra relies on a deprecated version of socks, so it prints warnings to the console on installation. Would be great if we could clean that up. @astur.

[astur]

@sholladay No problem, I can change scra to got if you want it.

[sholladay]

Also, in case anyone wonders why we were using a CouchDB view in the first place, it was officially supported...

Because npm cares deeply about backwards compatibility, as the npm regsitry grows out of its CouchApp and CouchDB origins, all of the original endpoints and functionality of the original API will continue to be supported.

😞

[astur]

@sholladay Now npm-name-cli uses got instead scra. Does it works well on your task?