npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

CloudFlare serving incomplete package [Ireland edge node: 4afa07acae65a6e3-DUB]


We’re experiencing an issue with your CloudFlare caching, in which we’re being served different content between your 4afa07acae65a6e3-DUB and 4afa08bfdf7abfef-MAN edge servers.

The package in question is acorn@5.4.1, available at the following URL:

When this file is requested from our AWS eu-west-1 instance we’re seeing a sha1sum hash of 7c4ce67442805b218f2ae412244ebb559582662a, instead of the (correct) fdc58d9d17f4a4e98d102ded826a9b9759125102 when served from us-east-1. I’ve also verified this locally outside of AWS itself.

Can you provide clarity on why this would be happening? This is rather urgent, as it’s preventing our build process from occurring successfully on our AWS infra.

This appears to be the case for others, too, though they are seeing different symptoms of the same underling issue:


For those of you waiting for this to be resolved, we worked around it by setting up a CloudFront distribution as a reverse proxy to the main domain, and ensuring it used the Use U.S., Canada, Europe, Asia and Africa price class.

We then updated your yarn.lock/package-lock.json files to point the broken package(s) to that URL in the resolved section.

We have a similar problem since the weekend with json returned at
Temporarily worked around problem by redirecting traffic through a proxy server in Frankfurt

The problem only occurs with CF servers located in Dublin, * -AMS * -FRA * -WAW locations return uncut json …

I also talked to a CF employee this morning and someone from the NPM team needs to clear the cache for the * -DUB location

JSON returned by 4af7585b1a40a66b-DUB for

{"_id":"protoduck","_rev":"12-f055a178db3959d03406b3994f0226c8","name":"protoduck","description":"Fancy duck typing for the most serious of ducks.","dist-tags":{"latest":"5.0.1"},"versions":{"3.0.0":{"name":"protoduck","version":"3.0.0","description":"Fancy duck typing for the most serious of ducks.","main":"index.js","files":["index.js"],"scripts":{"preversion":"npm t","test":"standard && nyc -- mocha --reporter spec"},"repository":{"type":"git","url":"git+"},"keywords":["oop","util","object oriented","duck type","ducktype","ducktyping","protocols","multimethod","clojure","generic","functions","clos","polymorphism","impl","typeclass","traits"],"author":{"name":"Kat Marchán","email":""},"license":"CC0-1.0","bugs":{"url":""},"homepage":"","dependencies":{"genfun":"^3.0.0"},"devDependencies":{"mocha":"^3.0.2","nyc":"^8.1.0","standard":"^8.0.0"},"gitHead":"95477e4e91ca44ebeddcb3ea3a32ba5d77211665","_id":"protoduck@3.0.0","_shasum":"0d63c91d635b99bd3ef85c8e03fa0e92b92b2ac0","_from":".","_npmVersion":"3.10.8","_nodeVersion":"4.5.0","_npmUser":{"name":"zkat","email":""},"dist":{"shasum":"0d63c91d635b99bd3ef85c8e03fa0e92b92b2ac0","tarball":""},"maintainers":[{"name":"zkat","email":""}],"_npmOperationalInternal":{"host":"","tmp":"tmp/protoduck-3.0.0.tgz_1473473845590_0.6719098137691617"},"directories":{}},"3.0.1":{"name":"protoduck","version":"3.0.1","description":"Fancy duck typing for the most serious of ducks.","main":"index.js","files":["index.js"],"scripts":{"preversion":"npm t","postversion":"npm publish && git push --follow-tags","pretest":"standard","test":"nyc -- mocha --reporter spec"},"repository":{"type":"git","url":"git+"},"keywords":["oop","util","object oriented","duck type","ducktype","ducktyping","protocols","multimethod","clojure","generic","functions","cl

We have similar issues with AWS Ireland region where we use Sonatype Nexus3 proxy repo to All the other regions are working fine. However as per npm documentation there is a public mirror at Can we use this instead of until this issue is resolved. Any suggestions are welcome.

The npm public registry is powered by a CouchDB database, of which there is a public mirror at The code for the couchapp is available at


I believe the mirror doesn’t have scoped packages. Anyway, there’s a status message now.

Thank you @larsgw. I will follow the incident status.