v-prefix in package.json version causes false negative during version comparison #139
Description
Hi,
I've got an issue.
Even if a npm package altready exists with the current version, the gh action wants to publish it again:
npm ERR! 403 403 Forbidden - PUT https://registry.npmjs.org/@xxx%2fxxx - You cannot publish over the previously published versions: 0.34.0.
My GH action:
- if: ${{ matrix.language == 'nodejs' && env.PUBLISH_NPM == 'true' }}
uses: JS-DevTools/npm-publish@v2.2.1
with:
access: "public"
token: ${{ env.NPM_TOKEN }}
package: ${{github.workspace}}/sdk/nodejs/bin/package.json
provenance: true
I've tried with strategy: upgrade without success.
Thanks
Metadata
Metadata
Assignees
Labels
Type
Projects
Milestone
Relationships
Participants
Activity
scraly commentedon Sep 12, 2023
After several tried, the strategy upgrade resolved it... crossed fingers for the next time :)
mcous commentedon Sep 12, 2023
Hi @scraly, that doesn't sound good. Is this the repository? https://github.com/ovh/pulumi-ovh
If so, I believe the cause is that in your
package.json, theversionfield isv0.34.0. I've always seen theversionfield without thev, because that's what thenpm versioncommand writes.{ "name": "@ovh-devrelteam/pulumi-ovh", - "version": "v0.34.0", + "version": "0.34.0",I didn't truthfully know that
npmwould accept that! But, sincenode-semvercan parse it,npmseems happy. The bug innpm-publishis that it only checks strings in the default strategy. It callsnpm info @ovh-devrelteam/pulumi-ovhand receives0.34.0fromnpm. Since0.34.0 !== v0.34.0(from npm and the package.json, respectively), it tries to publish.The reason
strategy: upgradeworks is because in the upgrade strategy, we pass both versions intonode-semverto compare them[-]Try to publish npm package even if already exists in the registry[/-][+]`v`-prefix in `package.json` version causes false negative during version comparison[/+]fix: use validated package.json version in manifest
fix: use validated package.json version in manifest (#147)