Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Weird publish error while publishing a new version to npm? (E403)
See original GitHub issueAffected Packages
cli?
Problem
I’m using a custom script for setting our pre-release versions, and I noticed an error sometimes from NPM.
The error I’m getting while publishing is:
error an error occurred while publishing @graphql-codegen/flow: E403 403 Forbidden - PUT https://registry.npmjs.org/@graphql-codegen%2fflow - You cannot publish over the previously published versions: 1.17.8-alpha-0f93aa04.0.
🦋 error In most cases, you or one of your dependencies are requesting
🦋 error a package version that is forbidden by your security policy.
I scanned the log, and noticed that changesets already checks that, and it seems valid:
// ...
🦋 info npm info @graphql-codegen/flow
// ...
🦋 info @graphql-codegen/flow is being published because our local version (1.17.8-alpha-0f93aa04.0) has not been published on npm
// ...
error an error occurred while publishing @graphql-codegen/flow: E403 403 Forbidden - PUT https://registry.npmjs.org/@graphql-codegen%2fflow - You cannot publish over the previously published versions: 1.17.8-alpha-0f93aa04.0.
🦋 error In most cases, you or one of your dependencies are requesting
🦋 error a package version that is forbidden by your security policy.
// ...
Maybe I’m missing something - but it seems like changesets looks for that package in that specific version, and it can’t find it in NPM. But then when it tries to publish it, it fails because it already exists (?).
I checked and the package does exists on NPM, around the same time the pipeline was executed. I can only assume that the publish went fine, and the NPM error reflects something else?
This seems a bit random, because out of 40 packages, 30 worked correctly, and 10 has failed. I tried to run it again, but then it happens again, for different packages.
A complete log is here: https://github.com/dotansimha/graphql-code-generator/runs/944017592 or https://github.com/dotansimha/graphql-code-generator/runs/943997311
Proposed solution
No idea. Back then we had similar issues with E403 from NPM, and the messages was never informative enough, or mistaken. @ardatan suggested once that publishing many packages in short period of time causes issues, and it’s better to limit the amount of publish command and not run all packages in parallel. We tried to limit the amount of publishing to maximum of 5 in parallel, and that seems to resolve the issue.
Issue Analytics
- State:
- Created 3 years ago
- Comments:11 (8 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I’d +1 making a PR to lower this number for publishing
If A depends on B and we publish A first but fail (for whatever reason) to publish B then we might end up with a broken package A being on npm - it would potentially specify non-existent (on npm) version of B as its dep.
An alternative approach to a topological order is to publish packages in whatever order under a separate tag and switch the tag on all published packages after all packages are published. When I think about it now - this might be a better approach as it works better with cyclic dependencies 🤔