Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Checking for npm package existence should ignore tag and check against all versions #35

Closed
rikoe opened this issue Apr 15, 2021 · 0 comments · Fixed by #84
Closed

Checking for npm package existence should ignore tag and check against all versions #35

rikoe opened this issue Apr 15, 2021 · 0 comments · Fixed by #84
Labels
bug Something isn't working

Comments

@rikoe
Copy link

rikoe commented Apr 15, 2021

The tag property is clearly needed when actually publishing a package, but I don't think it should be used for checking whether a package exists.

In fact, it looks like the current code just does npm view <package>@<tag> version, which will:

  1. say the package doesn't exist if the tag is different, or has previous been published with no tag (or is no longer "latest")
  2. say the package doesn't exist if the version isn't the most recent version for that tag

Both of these will result in false negatives, where it will then try to publish the package because it thinks it doesn't exist, but it actually does, and the publish will fail.

Instead, it should ignore the tag entirely, and just use npm view <package> versions, which returns all versions of the package, and then do a contains check to see if the version being checked matches any of them.

I would recommend using an existing dependency for this, e.g. https://github.com/azu/can-npm-publish

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants