Skip to content

Instantly share code, notes, and snippets.

@reggi

reggi/2018-05-18-npm-versioning-bug.md

Last active December 13, 2018 09:24
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save reggi/de7a27ad56110c32ee66a73b647d2abd to your computer and use it in GitHub Desktop.
Save reggi/de7a27ad56110c32ee66a73b647d2abd to your computer and use it in GitHub Desktop.
Download ZIP
Raw
2018-05-18-npm-versioning-bug.md

npm Versioning Bug

TLDR; this is about a specific versioning mishap that is happening with one of my packages. I have been in communication with npm about this issue since May 2nd.

Update: on May 7, 16:24 PDT I recieved this email from npm that this issue is a bug on their end.

I recently created a monorepo and I've been creating some small cli tools getting a feel for getting into open source at a larger scale so I've been publishing a lot of modules. I am having a rather complicated and odd npm issue and I wanted to document it.

The issue is with this package here @reggi/pkg.json-parse which many of my other packages depend on.

Publish is successful

I am using lerna to manage the monorepo and I have a jenkins server running the publishing process.

Here's the output from the publish:

> lerna publish --yes --cd-version=patch

lerna info version 3.0.0-beta.18
lerna info versioning independent
lerna info Checking for updated packages...
lerna info Comparing with @reggi/command@0.0.8.

Changes:
 - @reggi/command: 0.0.9 => 0.0.10
 - @reggi/dep-merge: 0.0.8 => 0.0.9
 - @reggi/dep-merge-cli: 0.0.6 => 0.0.7
 - @reggi/gitpkg.upsert: 0.0.5 => 0.0.6
 - @reggi/help: 0.0.9 => 0.0.10
 - @reggi/help.filter-until: 0.0.10 => 0.0.11
 - @reggi/help.parse-argv: 0.0.10 => 0.0.11
 - @reggi/help.set-entire: 0.0.10 => 0.0.11
 - @reggi/help.string-argv: 0.0.10 => 0.0.11
 - @reggi/journey: 1.0.8 => 1.0.9
 - @reggi/journey.coerce-to-array: 0.0.10 => 0.0.11
 - @reggi/journey.coerce-to-plain-object: 0.0.10 => 0.0.11
 - @reggi/journey.fn-free: 0.0.9 => 0.0.10
 - @reggi/journey.fn-reduce: 0.0.9 => 0.0.10
 - @reggi/journey.is-promise: 0.0.10 => 0.0.11
 - @reggi/journey.pass-thru: 0.0.9 => 0.0.10
 - @reggi/pkg: 0.0.6 => 0.0.7
 - @reggi/pkg-cli: 0.0.6 => 0.0.7
 - @reggi/pkg-plugin-babel-6-to-node-4: 0.0.9 => 0.0.10
 - @reggi/pkg-plugin-babel-7-to-node-4: 0.0.9 => 0.0.10
 - @reggi/pkg-plugin-cobalt: 0.0.9 => 0.0.10
 - @reggi/pkg-plugin-jest: 0.0.9 => 0.0.10
 - @reggi/pkg-plugin-name-dir: 0.0.10 => 0.0.11
 - @reggi/pkg-plugin-name-scope: 0.0.10 => 0.0.11
 - @reggi/pkg-plugin-prop: 0.0.10 => 0.0.11
 - @reggi/pkg-plugin-sort: 0.0.10 => 0.0.11
 - @reggi/pkg-plugin-standard: 0.0.9 => 0.0.10
 - @reggi/pkg.file-exists: 0.0.9 => 0.0.10
 - @reggi/pkg.fs: 0.0.10 => 0.0.11
 - @reggi/pkg.is-local-module: 0.0.10 => 0.0.11
 - @reggi/pkg.json-parse: 0.0.20 => 0.0.21
 - @reggi/pkg.pretty-json: 0.0.9 => 0.0.10
 - @reggi/pkg.prop-overwrite: 0.0.9 => 0.0.10
 - @reggi/pkg.read-json: 0.0.8 => 0.0.9
 - @reggi/pkg.throw-error: 0.0.9 => 0.0.10
 - @reggi/pkgprop: 0.0.2 => 0.0.3
 - @reggi/pkgprop-cli: 0.0.1 => 0.0.2
 - reggi-cli: 0.0.1 => 0.0.2
 - replace-cli: 1.0.9 => 1.0.10
 - @reggi/requireable: 0.0.10 => 0.0.11
 - @reggi/requireable-cli: 0.0.13 => 0.0.14
 - results-cli: 0.0.9 => 0.0.10
 - @reggi/subrepo: 0.0.2 => 0.0.3
 - @reggi/subrepo-cli: 0.0.1 => 0.0.2

lerna info auto-confirmed 
lerna info publish Publishing packages to npm...
lerna info published @reggi/command
lerna info published @reggi/journey.coerce-to-array
lerna info published @reggi/help.string-argv
lerna info published @reggi/help.filter-until
lerna info published @reggi/help.set-entire
lerna info published @reggi/journey.coerce-to-plain-object
lerna info published @reggi/pkg-plugin-name-scope
lerna info published @reggi/journey.is-promise
lerna info published @reggi/pkg-plugin-name-dir
lerna info published @reggi/pkg-plugin-prop
lerna info published @reggi/pkg-plugin-sort
lerna info published @reggi/pkg.pretty-json
lerna info published @reggi/pkg.is-local-module
lerna info published @reggi/pkg.fs
lerna info published @reggi/pkg.json-parse
lerna info published @reggi/pkg.prop-overwrite
lerna info published @reggi/subrepo
lerna info published @reggi/pkg.throw-error
lerna info published @reggi/pkg-plugin-babel-6-to-node-4
lerna info published @reggi/journey.pass-thru
lerna info published @reggi/pkg-plugin-babel-7-to-node-4
lerna info published @reggi/help.parse-argv
lerna info published @reggi/journey.fn-free
lerna info published @reggi/pkg-plugin-jest
lerna info published @reggi/pkg-plugin-standard
lerna info published @reggi/pkgprop
lerna info published @reggi/pkg.file-exists
lerna info published replace-cli
lerna info published @reggi/journey.fn-reduce
lerna info published @reggi/pkg-plugin-cobalt
lerna info published @reggi/journey
lerna info published @reggi/dep-merge
lerna info published @reggi/help
lerna info published @reggi/gitpkg.upsert
lerna info published @reggi/pkg.read-json
lerna info published @reggi/requireable
lerna info published @reggi/pkg
lerna info published @reggi/pkgprop-cli
lerna info published @reggi/requireable-cli
lerna info published @reggi/dep-merge-cli
lerna info published results-cli
lerna info published @reggi/subrepo-cli
lerna info published @reggi/pkg-cli
lerna info published reggi-cli
Successfully published:
 - @reggi/command@0.0.10
 - @reggi/dep-merge@0.0.9
 - @reggi/dep-merge-cli@0.0.7
 - @reggi/gitpkg.upsert@0.0.6
 - @reggi/help@0.0.10
 - @reggi/help.filter-until@0.0.11
 - @reggi/help.parse-argv@0.0.11
 - @reggi/help.set-entire@0.0.11
 - @reggi/help.string-argv@0.0.11
 - @reggi/journey@1.0.9
 - @reggi/journey.coerce-to-array@0.0.11
 - @reggi/journey.coerce-to-plain-object@0.0.11
 - @reggi/journey.fn-free@0.0.10
 - @reggi/journey.fn-reduce@0.0.10
 - @reggi/journey.is-promise@0.0.11
 - @reggi/journey.pass-thru@0.0.10
 - @reggi/pkg@0.0.7
 - @reggi/pkg-cli@0.0.7
 - @reggi/pkg-plugin-babel-6-to-node-4@0.0.10
 - @reggi/pkg-plugin-babel-7-to-node-4@0.0.10
 - @reggi/pkg-plugin-cobalt@0.0.10
 - @reggi/pkg-plugin-jest@0.0.10
 - @reggi/pkg-plugin-name-dir@0.0.11
 - @reggi/pkg-plugin-name-scope@0.0.11
 - @reggi/pkg-plugin-prop@0.0.11
 - @reggi/pkg-plugin-sort@0.0.11
 - @reggi/pkg-plugin-standard@0.0.10
 - @reggi/pkg.file-exists@0.0.10
 - @reggi/pkg.fs@0.0.11
 - @reggi/pkg.is-local-module@0.0.11
 - @reggi/pkg.json-parse@0.0.21
 - @reggi/pkg.pretty-json@0.0.10
 - @reggi/pkg.prop-overwrite@0.0.10
 - @reggi/pkg.read-json@0.0.9
 - @reggi/pkg.throw-error@0.0.10
 - @reggi/pkgprop@0.0.3
 - @reggi/pkgprop-cli@0.0.2
 - reggi-cli@0.0.2
 - replace-cli@1.0.10
 - @reggi/requireable@0.0.11
 - @reggi/requireable-cli@0.0.14
 - results-cli@0.0.10
 - @reggi/subrepo@0.0.3
 - @reggi/subrepo-cli@0.0.2
lerna info git Pushing tags...
lerna success publish finished
$ ssh-agent -k
unset SSH_AUTH_SOCK;
unset SSH_AGENT_PID;
echo Agent pid 25928 killed;
[ssh-agent] Stopped.
Finished: SUCCESS

As you can see the module is successfully published at 0.0.21.

@reggi/pkg.json-parse: 0.0.20 => 0.0.21

The issue is when you use npm view to get the latest version number.

$ npm view @reggi/pkg.json-parse version
0.0.2

You can see it's still at 0.0.2. How can this be?

Sibling dependency

You can see here when I try and install a dependency that uses 0.0.21 of the package the install fails:

$ npm i reggi-cli -g
npm ERR! Darwin 16.7.0
npm ERR! argv "/Users/treggi/.nvm/versions/node/v6.8.0/bin/node" "/Users/treggi/.nvm/versions/node/v6.8.0/bin/npm" "i" "reggi-cli" "-g"
npm ERR! node v6.8.0
npm ERR! npm  v3.10.8
npm ERR! code ETARGET

npm ERR! notarget No compatible version found: @reggi/pkg.json-parse@^0.0.21
npm ERR! notarget Valid install targets:
npm ERR! notarget 0.0.2
npm ERR! notarget
npm ERR! notarget This is most likely not a problem with npm itself.
npm ERR! notarget In most cases you or one of your dependencies are requesting
npm ERR! notarget a package version that doesn't exist.
npm ERR! notarget
npm ERR! notarget It was specified as a dependency of '@reggi/pkg.read-json'
npm ERR! notarget

npm ERR! Please include the following file with any support request:
npm ERR!     /Users/treggi/Desktop/acq-cps-angular-install/npm-debug.log

This is odd, because the publish command was successful and version 0.0.21 is unavailable.

Try publishing again

Ok so if 0.0.21 isn't available I should try and publish it again.

➜  pkg.json-parse git:(updates) ✗ npm publish
npm notice
npm notice 📦  @reggi/pkg.json-parse@0.0.21
npm notice === Tarball Contents ===
npm notice 1.4kB package.json
npm notice 285B  index.build.js
npm notice === Tarball Details ===
npm notice name:          @reggi/pkg.json-parse
npm notice version:       0.0.21
npm notice package size:  861 B
npm notice unpacked size: 1.7 kB
npm notice shasum:        7aed9e12cdf30e3aeeb6264d7471d7e54de26849
npm notice integrity:     sha512-pSEfyJBuNXdkp[...]PEV7cWH3p/PFQ==
npm notice total files:   2
npm notice
npm ERR! publish Failed PUT 403
npm ERR! code E403
npm ERR! You cannot publish over the previously published versions: 0.0.21. : @reggi/pkg.json-parse

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/thomas/.npm/_logs/2018-05-02T16_18_09_457Z-debug.log

No, it's not a latest tag issue

This also makes no sense.

➜  pkg.json-parse git:(updates) ✗ npm dist-tag add @reggi/pkg.json-parse@0.0.21 latest
npm WARN dist-tag add latest is already set to version 0.0.21

So I published without lerna

➜  pkg.json-parse git:(updates) ✗ npm publish
npm notice
npm notice 📦  @reggi/pkg.json-parse@0.0.22
npm notice === Tarball Contents ===
npm notice 1.4kB package.json
npm notice 285B  index.build.js
npm notice === Tarball Details ===
npm notice name:          @reggi/pkg.json-parse
npm notice version:       0.0.22
npm notice package size:  861 B
npm notice unpacked size: 1.7 kB
npm notice shasum:        13a3ecc553537d72adeca62b5a6ad24fd7f9231e
npm notice integrity:     sha512-9Sx+NFN6FTCDp[...]vRzQ1dUJEmf5Q==
npm notice total files:   2
npm notice
+ @reggi/pkg.json-parse@0.0.22

$ npm view @reggi/pkg.json-parse version
0.0.2

$ npm i @reggi/pkg.json-parse@latest
npm WARN test@1.0.0 No description
npm WARN test@1.0.0 No repository field.

+ @reggi/pkg.json-parse@0.0.21
updated 1 package in 1.517s

$ npm view @reggi/pkg.json-parse dist-tags
{ latest: '0.0.2' }

Here's a good picture

It's clear here that when I install with the latest tag it works and installs 0.0.22 but without it it fails, No matching version found for the package it just installed...

$ npm i @reggi/pkg.json-parse@latest
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN babel-plugin-rewire@1.1.0 requires a peer of babel-core@^6.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN babel-plugin-rewire@1.1.0 requires a peer of babel-template@^6.2.0 but none is installed. You must install peer dependencies yourself.
npm WARN babel-plugin-rewire@1.1.0 requires a peer of babel-types@^6.2.0 but none is installed. You must install peer dependencies yourself.
npm WARN reggi-cli@0.0.4 No description
npm WARN reggi-cli@0.0.4 No repository field.
npm WARN reggi-cli@0.0.4 No license field.

+ @reggi/pkg.json-parse@0.0.22
added 1 package from 1 contributor and updated 1 package in 57.978s
[+] no known vulnerabilities found [427 packages audited]

$ npm i @reggi/pkg.json-parse       
npm ERR! code ETARGET
npm ERR! notarget No matching version found for @reggi/pkg.json-parse@0.0.22
npm ERR! notarget In most cases you or one of your dependencies are requesting
npm ERR! notarget a package version that doesn't exist.

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/thomas/.npm/_logs/2018-05-18T20_58_54_058Z-debug.log

Conclusion

It seems that the npm site itself for the package here:

https://www.npmjs.com/package/@reggi/pkg.json-parse

as well as the npm view command only know about 0.0.2.

I originally thought this was a lerna issue but it seems to be an issue with npm.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment