official package "-" cannot be synced

[89ao]

Your Environment

• verdaccio version: v5.21.1
• node version [12.x.x, 14.x.x]: v12.18.4
• package manager: [npm@7, pnpm@6, yarn@2] 6.14.6
• os: [mac, windows@10, linux] linux
• platform: [npm, docker, helm, other] npm

Describe the bug

Officical package url :
https://www.npmjs.com/package/-

While I'am using verdaccio v5.21.1 serving npm repo,It seems that clients cannot install "-" by "npm i -" command.

Client logs looks like this (while clients running "npm i -" command):

root@c42a8f03405d:~/test# npm i - --registry=http://11.159.212.250:4873/ --verbose --loglevel silly
npm verb cli /usr/local/bin/node /usr/local/bin/npm
npm info using npm@9.6.6
npm info using node@v20.2.0
npm verb title npm i -
npm verb argv "i" "-" "--registry" "http://11.159.212.250:4873/" "--loglevel" "verbose" "--loglevel" "silly"
npm verb logfile logs-max:10 dir:/root/.npm/_logs/2023-07-05T04_08_23_004Z-
npm verb logfile /root/.npm/_logs/2023-07-05T04_08_23_004Z-debug-0.log
npm sill logfile start cleaning logs, removing 1 files
npm sill logfile done cleaning log files
npm sill idealTree buildDeps
npm sill fetch manifest -@^0.0.1
npm http fetch GET 404 http://11.159.212.250:4873/- 17ms (cache skip)
npm http fetch GET 404 http://11.159.212.250:4873/- 7ms (cache skip)
npm sill placeDep ROOT -@ REPLACE for:  want: ^0.0.1
npm verb stack HttpErrorGeneral: 404 Not Found - GET http://11.159.212.250:4873/- - File not found
npm verb stack     at /usr/local/lib/node_modules/npm/node_modules/npm-registry-fetch/lib/check-response.js:95:15
npm verb stack     at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
npm verb stack     at async RegistryFetcher.packument (/usr/local/lib/node_modules/npm/node_modules/pacote/lib/registry.js:87:19)
npm verb stack     at async RegistryFetcher.manifest (/usr/local/lib/node_modules/npm/node_modules/pacote/lib/registry.js:118:23)
npm verb stack     at async #nodeFromEdge (/usr/local/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js:1049:19)
npm verb stack     at async #buildDepStep (/usr/local/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js:917:11)
npm verb stack     at async Arborist.buildIdealTree (/usr/local/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js:196:7)
npm verb stack     at async Promise.all (index 1)
npm verb stack     at async Arborist.reify (/usr/local/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js:159:5)
npm verb stack     at async Install.exec (/usr/local/lib/node_modules/npm/lib/commands/install.js:147:5)
npm verb statusCode 404
npm verb pkgid -@^0.0.1
npm verb cwd /root/test
npm verb Linux 3.10.107-1-tlinux2_kvm_guest-0055
npm verb node v20.2.0
npm verb npm  v9.6.6
npm ERR! code E404
npm ERR! 404 Not Found - GET http://11.159.212.250:4873/- - File not found
npm ERR! 404
npm ERR! 404  '-@^0.0.1' is not in this registry.
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
npm verb exit 1
npm verb unfinished npm timer reify 1688530103163
npm verb unfinished npm timer reify:loadTrees 1688530103170
npm verb code 1

npm ERR! A complete log of this run can be found in: /root/.npm/_logs/2023-07-05T04_08_23_004Z-debug-0.log

While server logs below:

 info <-- 172.17.0.1 requested 'GET /-'
 http <-- 404, user: null(172.17.0.1), req: 'GET /-', error: File not found
 http <-- 404, user: null(172.17.0.1), req: 'GET /-', error: File not found
 info <-- 172.17.0.1 requested 'GET /-'
 http <-- 404, user: null(172.17.0.1), req: 'GET /-', error: File not found
 http <-- 404, user: null(172.17.0.1), req: 'GET /-', error: File not found

The normal server logs looks like this (while clients running "npm i a" for example ):

info <-- 172.17.0.1 requested 'GET /a'
 info --- auth/allow_action: access granted to: undefined
 info --- allowed access for a
 http <-- 200, user: null(172.17.0.1), req: 'GET /a', bytes: 0/15932
 http <-- 200, user: null(172.17.0.1), req: 'GET /a', bytes: 0/15932
 info <-- 172.17.0.1 requested 'GET /a_mock'
 info --- auth/allow_action: access granted to: undefined
 info --- allowed access for a_mock
 info --- making request: 'GET https://registry.npmjs.org/a_mock'
 http --- 200, req: 'GET https://registry.npmjs.org/a_mock' (streaming)
 http --- 200, req: 'GET https://registry.npmjs.org/a_mock', bytes: 4/29280
 http <-- 200, user: null(172.17.0.1), req: 'GET /a_mock', bytes: 0/4943
 http <-- 200, user: null(172.17.0.1), req: 'GET /a_mock', bytes: 0/4943
 info <-- 172.17.0.1 requested 'POST /-/npm/v1/security/advisories/bulk'
 info <-- 172.17.0.1 requested 'GET /a_mock/-/a_mock-1.0.5.tgz'
 info --- auth/allow_action: access granted to: undefined
 info --- allowed access for a_mock
 info <-- 172.17.0.1 requested 'GET /a/-/a-3.0.1.tgz'
 info --- auth/allow_action: access granted to: undefined
 info --- allowed access for a
 info --- making request: 'GET https://registry.npmjs.org/a_mock/-/a_mock-1.0.5.tgz'
 info --- making request: 'GET https://registry.npmjs.org/a/-/a-3.0.1.tgz'
 http <-- 200, user: null(172.17.0.1), req: 'POST /-/npm/v1/security/advisories/bulk', bytes: 73/2
 http <-- 200, user: null(172.17.0.1), req: 'POST /-/npm/v1/security/advisories/bulk', bytes: 73/2
 http <-- 200, user: null(172.17.0.1), req: 'GET /a/-/a-3.0.1.tgz', bytes: 0/5165
 http <-- 200, user: null(172.17.0.1), req: 'GET /a/-/a-3.0.1.tgz', bytes: 0/5165
 http <-- 200, user: null(172.17.0.1), req: 'GET /a_mock/-/a_mock-1.0.5.tgz', bytes: 0/24783
 http <-- 200, user: null(172.17.0.1), req: 'GET /a_mock/-/a_mock-1.0.5.tgz', bytes: 0/24783

To Reproduce

npm i - --registry=http://11.159.212.250:4873/ --verbose --loglevel silly

Expected behavior

root@c42a8f03405d:~/test# npm i a --registry=http://11.159.212.250:4873/ --verbose --loglevel silly
npm verb cli /usr/local/bin/node /usr/local/bin/npm
npm info using npm@9.6.6
npm info using node@v20.2.0
npm verb title npm i a
npm verb argv "i" "a" "--registry" "http://11.159.212.250:4873/" "--loglevel" "verbose" "--loglevel" "silly"
npm verb logfile logs-max:10 dir:/root/.npm/_logs/2023-07-05T04_08_14_893Z-
npm verb logfile /root/.npm/_logs/2023-07-05T04_08_14_893Z-debug-0.log
npm sill logfile start cleaning logs, removing 1 files
npm sill logfile done cleaning log files
npm sill idealTree buildDeps
npm sill fetch manifest a@*
npm http fetch GET 200 http://11.159.212.250:4873/a 40ms (cache miss)
npm sill placeDep ROOT a@3.0.1 OK for:  want: *
npm sill fetch manifest a_mock@1.0.5
npm http fetch GET 200 http://11.159.212.250:4873/a_mock 430ms (cache miss)
npm sill placeDep ROOT a_mock@1.0.5 OK for: a@3.0.1 want: 1.0.5
npm sill reify moves {}
npm sill audit bulk request {
npm sill audit   '-': [ '0.0.1' ],
npm sill audit   http: [ '0.0.1-security' ],
npm sill audit   a: [ '3.0.1' ],
npm sill audit   a_mock: [ '1.0.5' ]
npm sill audit }
npm sill tarball no local data for a_mock@http://11.159.212.250:4873/a_mock/-/a_mock-1.0.5.tgz. Extracting by manifest.
npm sill tarball no local data for a@http://11.159.212.250:4873/a/-/a-3.0.1.tgz. Extracting by manifest.
npm http fetch POST 200 http://11.159.212.250:4873/-/npm/v1/security/advisories/bulk 358ms
npm sill audit report {}
npm http fetch GET 200 http://11.159.212.250:4873/a/-/a-3.0.1.tgz 977ms (cache miss)
npm http fetch GET 200 http://11.159.212.250:4873/a_mock/-/a_mock-1.0.5.tgz 1190ms (cache miss)
npm sill ADD node_modules/a_mock
npm sill ADD node_modules/a

added 2 packages, and audited 5 packages in 2s

found 0 vulnerabilities
npm verb exit 0
npm info ok

Screenshots, server logs, package manager log

Configuration File (cat ~/.config/verdaccio/config.yaml)

storage: /repo/npm/verdaccio/storage
http_proxy: http://x.x.x.x:3128
https_proxy: http://x.x.x.x:3128
no_proxy: localhost,127.0.0.1
plugins: ./plugins
url_prefix: /npm/
max_body_size: 10mb

listen:
   -  0.0.0.0:4873

web:
  title: TXX-NPM

auth:
  htpasswd:
    file: ./htpasswd
    max_users: -1

uplinks:
  npmjs:
    url: https://registry.npmjs.org/
    maxage: 4m
    timeout: 10s
    agent_options:
      keepAlive: true
      maxSockets: 40
      maxFreeSockets: 10
packages:
  '@*/*':
    # scoped packages
    access: $all
    publish: $authenticated
    proxy: npmjs

  '**':
    access: $all
    publish: $authenticated
    proxy: npmjs

middlewares:
  audit:
    enabled: true
server:
  keepAliveTimeout: 60

# log settings
logs:
  - {type: stdout, format: pretty, level: http}

Environment information

Debugging output

• $ NODE_DEBUG=request verdaccio display request calls (verdaccio <--> uplinks)
• $ DEBUG=verdaccio* verdaccio enable extreme verdaccio debug mode (verdaccio api)
• $ npm -ddd prints:
• $ npm config get registry prints:

Contribute to Verdaccio

• I'm willing to fix this bug 🥇

[89ao]

After I turn on "extreme verdaccio debug mode" and run "npm i "again ,it seems to be the second log occurs error already .
please help me debug and solve this ,thanks very much.

DEBUG=verdaccio* verdaccio -c ~/.config/verdaccio/config.yaml &

[juanpicado]

It's a problem with the core, verdaccio uses /-/ for some paths, due the nature of the express middleware and some legacy code causes this issue, seems easy to solve, you can follow progress on #3919 for the fix.