Skip to content

v-prefix in package.json version causes false negative during version comparison #139

Closed
@scraly

Description

@scraly

Hi,

I've got an issue.
Even if a npm package altready exists with the current version, the gh action wants to publish it again:

npm ERR! 403 403 Forbidden - PUT https://registry.npmjs.org/@xxx%2fxxx - You cannot publish over the previously published versions: 0.34.0.

My GH action:

      - if: ${{ matrix.language == 'nodejs' && env.PUBLISH_NPM == 'true' }}
        uses: JS-DevTools/npm-publish@v2.2.1
        with:
          access: "public"
          token: ${{ env.NPM_TOKEN }}
          package: ${{github.workspace}}/sdk/nodejs/bin/package.json
          provenance: true

I've tried with strategy: upgrade without success.

Thanks

Activity

scraly

scraly commented on Sep 12, 2023

@scraly
Author

After several tried, the strategy upgrade resolved it... crossed fingers for the next time :)

mcous

mcous commented on Sep 12, 2023

@mcous
Member

Hi @scraly, that doesn't sound good. Is this the repository? https://github.com/ovh/pulumi-ovh

If so, I believe the cause is that in your package.json, the version field is v0.34.0. I've always seen the version field without the v, because that's what the npm version command writes.

  {
      "name": "@ovh-devrelteam/pulumi-ovh",
-     "version": "v0.34.0",
+     "version": "0.34.0",

I didn't truthfully know that npm would accept that! But, since node-semver can parse it, npm seems happy. The bug in npm-publish is that it only checks strings in the default strategy. It calls npm info @ovh-devrelteam/pulumi-ovh and receives 0.34.0 from npm. Since 0.34.0 !== v0.34.0 (from npm and the package.json, respectively), it tries to publish.

The reason strategy: upgrade works is because in the upgrade strategy, we pass both versions into node-semver to compare them

reopened this on Sep 12, 2023
changed the title [-]Try to publish npm package even if already exists in the registry[/-] [+]`v`-prefix in `package.json` version causes false negative during version comparison[/+] on Sep 12, 2023
added a commit that references this issue on Sep 13, 2023
636ce56
added a commit that references this issue on Sep 13, 2023
402d679
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      Participants

      @scraly@mcous

      Issue actions

        `v`-prefix in `package.json` version causes false negative during version comparison · Issue #139 · JS-DevTools/npm-publish