You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The tag property is clearly needed when actually publishing a package, but I don't think it should be used for checking whether a package exists.
In fact, it looks like the current code just does npm view <package>@<tag> version, which will:
say the package doesn't exist if the tag is different, or has previous been published with no tag (or is no longer "latest")
say the package doesn't exist if the version isn't the most recent version for that tag
Both of these will result in false negatives, where it will then try to publish the package because it thinks it doesn't exist, but it actually does, and the publish will fail.
Instead, it should ignore the tag entirely, and just use npm view <package> versions, which returns all versions of the package, and then do a contains check to see if the version being checked matches any of them.
The
tag
property is clearly needed when actually publishing a package, but I don't think it should be used for checking whether a package exists.In fact, it looks like the current code just does
npm view <package>@<tag> version
, which will:Both of these will result in false negatives, where it will then try to publish the package because it thinks it doesn't exist, but it actually does, and the publish will fail.
Instead, it should ignore the tag entirely, and just use
npm view <package> versions
, which returns all versions of the package, and then do acontains
check to see if the version being checked matches any of them.I would recommend using an existing dependency for this, e.g. https://github.com/azu/can-npm-publish
The text was updated successfully, but these errors were encountered: