npm view/npm install can't find latest package version

registry
priority:critical
triaged

(Tyler Brandt) #1

What I Wanted to Do

I wanted to find the latest version of the package “@lerna/clean”, in order to debug an issue I was having with npm install -g lerna (this is in a directory with no package.json or node_modules). I expected both npm view and npm search to return the current version 3.1.3 which is on npm.

What Happened Instead

npm view @lerna/clean version can’t see the 3.1.3 version (which is marked as “latest” on npm):

$ npm view @lerna/clean version
3.1.2

npm search @lerna/clean can see it:

$ npm search @lerna/clean
NAME                      | DESCRIPTION          | AUTHOR          | DATE       | VERSION  | KEYWORDS
@lerna/clean              | Remove the…          | =evocateur…     | 2018-08-21 | 3.1.3    | lerna command
@0x-lerna-fork/clean      | TODO                 | =albrow…        | 2018-07-24 | 3.0.0-b… | lerna command

Reproduction Steps

See above (npm view @lerna/clean/npm search @lerna/clean)

Details

I needed to do this in order to debug this issue with npm install -g lerna:

$ npm --version
6.0.1
$ node --version
v8.11.2
$ npm install -g lerna
npm ERR! code ETARGET
npm ERR! notarget No matching version found for @lerna/clean@^3.1.3
npm ERR! notarget In most cases you or one of your dependencies are requesting
npm ERR! notarget a package version that doesn't exist.
npm ERR! notarget
npm ERR! notarget It was specified as a dependency of '@lerna/cli'
npm ERR! notarget

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/tbrandt/.npm/_logs/2018-08-21T18_54_57_108Z-debug.log

2018-08-21T18_54_57_108Z-debug.log (9.7 KB)

Platform Info

$ npm --versions
{ npm: '6.0.1',
  ares: '1.10.1-DEV',
  cldr: '32.0',
  http_parser: '2.8.0',
  icu: '60.1',
  modules: '57',
  napi: '3',
  nghttp2: '1.29.0',
  node: '8.11.2',
  openssl: '1.0.2o',
  tz: '2017c',
  unicode: '10.0',
  uv: '1.19.1',
  v8: '6.2.414.54',
  zlib: '1.2.11' }
$ node -p process.platform
darwin

(Lars Willighagen) #2

Could this be the caching issue? Maybe the search request requests a different resource?

It works fine on my machine.


(Tyler Brandt) #3

Thanks for pointing at that issue! It definitely seems like it could be related, since @lerna/clean is a scoped package. I wonder if the problem was fixed but only for the “search” functionality, not view/install.

More evidence for that: I just ran the npm view @lerna/clean command again, and it now can see the 3.1.3 version (I did try npm cache clean --force before I filed the issue and it had no effect).


(Rhys Arkins) #4

If the scoped package expiry is causing the problem, it’s likely because it’s in a http cache not npm cache, e.g. inside the dependency make-fetch-happen which is included by npm's dependency pacote. So this would explain why cleaning the npm cache has no effect on that http cache.

Also, an explanation of why npm view might return old data while npm search does not:

  • npm view is likely just looking up the registry entry for @lerna/clean, which was in http cache and not revalidated
  • npm search is hitting a different endpoint/URL (i.e. the search one) that was not in cache and so a fresh result returned

(Kat Marchán) #5

Note: the npm http cache is bypassed if the current cached data doesn’t find the requested version. I was able to reproduce the OP for an hour or so. There’s some active issues with scoped packages right now that are being addressed, but the CLI is really not this aggressive about caching. It’ll even do this if you --prefer-offline.


(Jorge Valdez) #6

Just wanted to report that I’m currently experiencing a similar issue, except in my case I’m publishing my own scoped packages and I am not able to install the latest versions after publishing.

npm view and npm list both show updated information for my package @realgeeks/sassquanch, but attempting to install the package version 0.0.3 as of now keeps resulting in an error.

I was also having an issue where I initially published the package and by default it was set to private. After changing visibility to public, it was still not visible without logging in. It now seems like the visibility has been updated, but I haven’t experienced this issue with unscoped packages, so it may be a related issue.


(Guycreate) #7

FYI I am also having this issue today.

tl;dr; workaround: Use a VPN to bypass the http cache.

I am publishing my own scoped packages and I am not able to install the latest versions after publishing. I am using lerna publish.

npm view and npm list both show updated information, as does the website. But npm install and yarn cannot find the latest version.

I am not behind any enterprise gateway, but am using xfinity comcast in the US. When I switch my Internet connection to a VPN provider, I am able to get all the latest packages. So it appears either Xfinity or Cloudflare is caching old versions of the package. The NPMJS caching record is set to “cache-control: public, max-age=300”, but my understanding was that a publish followed by an install would not use the external cache.