Adding @request/promise-core dependency broke npm behind a proxy. #137
Comments
|
Hi @dsandor , interesting catch! I tried it with Since it is the proxies' fault that they don't work with scoped packages I wouldn't want to fix it on |
|
This does indeed work. I am a little worried that I will soon have a nightmare situation having to configure any package that uses scoped dependencies this way. But that is more of a proxy problem than an issue with request-promise. Thanks for your help. |
|
I actually use Artifactory which has the same problem and is a commercial product from jfrog. So in a corporate environment where access to npmjs.org is restricted the solution does not actually work. :/ We have to fork the repo and upload it to our internal repo. |
|
I found a section in the Artifactory docs that explicitly states that
Please read that section and verify that you set up your proxy correctly. It would be great if you post here what you had to do in order to make it working. Thanks! |
|
We also use Artifactory and I can confirm that adding the following config to my project's |
|
@todd doesn't that cause your client to fetch the package from npmjs.org? @analog-nico I am working with my admin to get Artifactory setup to rewrite the scoped modules in such a way that it will properly proxy these dependencies. Will update with info when I get it. |
|
@dsandor Yup. We mirror npmjs.org so we can also publish private packages to it. But we don't otherwise restrict access to npmjs prime. |
|
So I am in a different situation where access is only allowed through Artifactory. npmjs.org is blocked. |
|
Right, I was simply confirming that the configuration change works for people that are in our situation. |
|
Just to let people know, I'm use Nexus Repository Manager as a Proxy & Local NPM, and it works without issues. |
|
We are opening an issue with jfrog about this. It is configured per the docs but it is not working. I will let you know when there is a reported fix to either the software or our config. |
|
@dsandor Thanks for diligently working on this! And I am sorry for the inconvenience. |
|
This is also an issue on tonicdev.com; not sure what power I have to fix it there (other than report a missing package).. |
|
You are right @crazy4groovy , we can only report it there. It seems they didn't implement requiring scoped packages yet. |
|
This was resolved at my organization by following these steps (remember we use Artifactory):
|
|
Thanks for the info @dsandor ! I am closing this issue since its original points are resolved. However, everyone should feel free to reopen this issue if they experience this issue in other environments / for other NPM proxies. |
|
I work behind an Artifactory proxy, and the IT folks that administer Artifactory are degrees of separation from me. Peer dependencies are fragile due to versioning - what reason are peer dependencies and scoped packages necessary? |
|
Hi @lorenwest , I am sorry to hear that you also have to face an organizational hurdle.
|
|
Hi @analog-nico, Thanks for the update. I will look into request-promise@3 to see if this helps during my quest to have our corporate IT update Artifactory version and configs. As to peer dependencies being fragile, if two packages require a peer dependency of the same module, they're going to get the same version. If their package.json files require incompatible peerDependency versions for a specific package, you're out of luck. Pick one to use and throw the other one away. I'm always leery of packages that use peerDependencies, because I may have to find another package and change a bunch of code when it randomly clashes with an unrelated package with a different version of the same peerDependency. My understanding is peerDependencies was a poor man's solution to the real solution that the latest npm uses - it always installs dependencies as peers unless there's a version clash. If you have to have a peerDependency for a module to work, it's usually because the module being depended on wasn't designed to work with different instances in same vm. |
|
I just published The number of bug reports in this issue and elsewhere piled up way too high so I renamed |
|
Thank you! I don't have any favors to use in our IT department and was -Loren On Mon, Aug 8, 2016 at 4:14 AM, Nicolai Kamenzky [email protected]
|
It looks like since commit 1cc3202 when you added "@request/promise-core" this breaks users using npm through a corporate npm proxy like sinopia or artifactory. I have tried both proxies and both fail with a 404. I think the @ is scoping the dependency to the local proxy which does not resolve it. Is it possible to reference this dependency a different way?
The text was updated successfully, but these errors were encountered: