You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This header is an escape-hatch for sending messages to legacy clients that don't support current and future features. Most notably, we currently send a message through the npm-notice header when vulnerabilities have been detected in a project. This is a good thing to support until #5808 is in place with the full featureset, 'cause you'll at least be able to -notify- your users about this.
Historically, we've barely ever used this header, and I fully assume that this will continue to be the case going forward. If something gets sent through npm-notice, it's probably something very important for us to immediately push to our users.
Please mention your node.js, yarn and operating system version.
irrelevant
The text was updated successfully, but these errors were encountered:
Not right now, no. This is one of those "super ancient" things that's been around since the dawn of time and was mostly forgotten until someone pointed out recently we could use it for security notices. And when tests started failing when I was writing pacote lol.
Yarn also doesn't reflect the server's status line reason for responses, so it's impossible for a registry to provide additional context for a response code in the UI.
Do you want to request a feature or report a bug?
Feature
What is the current behavior?
Yarn ignores the
Npm-Notice
header from the npm registry.What is the expected behavior?
Like the npm CLI, Yarn should print out info messages when it receives an
npm-notice
header from a registry request.You can see the way npm itself does it here:
https://github.com/npm/npm-registry-fetch/blob/c34e158a153d81917bf3e2f378b9f553624fc782/check-response.js#L10-L12
This header is an escape-hatch for sending messages to legacy clients that don't support current and future features. Most notably, we currently send a message through the
npm-notice
header when vulnerabilities have been detected in a project. This is a good thing to support until #5808 is in place with the full featureset, 'cause you'll at least be able to -notify- your users about this.Historically, we've barely ever used this header, and I fully assume that this will continue to be the case going forward. If something gets sent through
npm-notice
, it's probably something very important for us to immediately push to our users.Please mention your node.js, yarn and operating system version.
irrelevant
The text was updated successfully, but these errors were encountered: