What I Wanted to Do
Run an audit using yarn-audit (proxies to npm-audit) after upgrading a number of dependencies in a yarn workspace project.
What Happened Instead
The audit returned 503. Extracting the payload and manually sending it to https://registry.npmjs.org/-/npm/v1/security/audits results in a 503 with the cryptic message “No frontdoor hosts available”. I tried doing a checkout of the project prior to the dependency upgrade, and this payload works without issue.
The request pretty consistently takes about 13 seconds, so something seems to be happening behind the scenes.
Changing the payload to be invalid JSON or to include a nonsense dependency produces expected errors, so whatever happens appears to be behind any load balancing.
It is not caused by the size of the payload, since the invalid payload is 36 KB smaller than the valid payload.
Analysing the structure of the payloads, the only difference appears to be that the invalid payload has 4 levels of dependency nesting, whereas the valid one only has 3. It seems unlikely that this should cause any problems.
I have an anonymised version of the problematic payload, but I’m not sure where I can upload it. It’s 792 KB, so it’s too large for pastebin. I could email it to someone.