Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Cannot install 2 versions of the same public package

See original GitHub issue

Describe the bug I try installing a different version of a package that was already cached by verdaccio, and it fails

To Reproduce Install version x.0.0 of a package and then try installing version y.0.0.

npm set registry http://localhost:4873/

npm i @angular/cdk@7.0.3  # successful, updates package.json to only have version `7.0.3`.

npm i @angular/cdk@9.2.4  # fails, because version is unknown to verdaccio.

Expected behavior Both packages are installed successfully.

Screenshots

npm ERR! code ETARGET
npm ERR! notarget No matching version found for @angular/common@9.1.12.
npm ERR! notarget In most cases you or one of your dependencies are requesting
npm ERR! notarget a package version that doesn't exist.

npm ERR! A complete log of this run can be found in:
npm ERR!     C:\Users\rony.fragin\AppData\Roaming\npm-cache\_logs\2020-09-18T22_16_05_892Z-debug.log

Configuration File (cat ~/.config/verdaccio/config.yaml)

#
# This is the default config file. It allows all users to do anything,
# so don't use it on production systems.
#
# Look here for more config file examples:
# https://github.com/verdaccio/verdaccio/tree/master/conf
#

# path to a directory with all packages
storage: /root/.local/share/verdaccio/storage

store:
  offline-storage:

# path to a directory with plugins to include
plugins: ./plugins

web:
  title: Verdaccio
  # comment out to disable gravatar support
  # gravatar: false
  # by default packages are ordercer ascendant (asc|desc)
  # sort_packages: asc
  # convert your UI to the dark side
  # darkMode: true

listen: 0.0.0.0:4873

# translate your registry, api i18n not available yet
# i18n:
# list of the available translations https://github.com/verdaccio/ui/tree/master/i18n/translations
#   web: en-US

auth:
  htpasswd:
    file: ./htpasswd
    # Maximum amount of users allowed to register, defaults to "+inf".
    # You can set this to -1 to disable registration.
    # max_users: 1000

# a list of other known repositories we can talk to
uplinks:
  npmjs:
    url: https://registry.npmjs.org/
    timeout: 100ms
    cache: false
    fail_timeout: 1m
    max_fails: 100
  server2:     
    url: http://mirror.local.net/     
    timeout: 100ms
    cache: false
    fail_timeout: 1m

packages:
  '@*/*':
    # scoped packages
    access: $all
    publish: $authenticated
    unpublish: $authenticated
    proxy: npmjs

  '**':
    # allow all users (including non-authenticated users) to read and
    # publish all packages
    #
    # you can specify usernames/groupnames (depending on your auth plugin)
    # and three keywords: "$all", "$anonymous", "$authenticated"
    access: $all

    # allow all known users to publish/publish packages
    # (anyone can register by default, remember?)
    publish: $authenticated
    unpublish: $authenticated

    # if package is not available locally, proxy requests to 'npmjs' registry
    proxy: npmjs

# You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections.
# A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout.
# WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.
server:
  keepAliveTimeout: 180

middlewares:
  audit:
    enabled: true

# log settings
logs:
  - { type: stdout, format: pretty, level: http }
  #- {type: file, path: verdaccio.log, level: info}
#experiments:
#  # support for npm token command
#  token: false
#  # support for the new v1 search endpoint, functional by incomplete read more on ticket 1732
#  search: false

# This affect the web and api (not developed yet)
#i18n:
#web: en-US

Environment information

*** WARNING: Verdaccio doesn't need superuser privileges. Don't run it under root! ***

Environment Info:

  System:
    OS: Linux 4.15 Ubuntu 18.04.4 LTS (Bionic Beaver)
    CPU: (2) x64 Intel(R) Xeon(R) CPU E5-2680 v2 @ 2.80GHz
  Binaries:
    Node: 10.22.0 - ~/.nvm/versions/node/v10.22.0/bin/node
    npm: 6.14.6 - ~/.nvm/versions/node/v10.22.0/bin/npm
  npmGlobalPackages:
    verdaccio: 4.8.1

Workaround I manually go to the url https://registry.npmjs.org/@angular/common copy the data to the package.json in the storage folder and then it works

I ran the following python script to do it for all packages:

import json
import urllib

my_list = [<list of package names>]
BASE_DIR = '/root/.local/share/verdaccio/storage'

for item in my_list:
  data = json.loads(urllib.request.urlopen(f"https://registry.npmjs.org/{item}").read())
  with open(f'{BASE_DIR}/{item}/package.json', 'w') as outfile:
    json.dump(data, outfile)
  print(f"done - {item}")

every time I install a new version, I need to fetch the package.json again from the npm repo… how do I make verdaccio not update package.json to only contain specific versions?