node.jsnpmverdaccio

How does verdaccio work when you try to publish to a proxied packaged?


It's not clear from the documentation what a Verdaccio proxy is.

If I set up a proxy for @acme/foo and someone targets Verdaccio trying to publish @acme/foo how do I configure the behavior and what is the default? There are three obvious possibilities but none of them are covered in the docs,

  1. The publish is reject
  2. The publish is proxied.
  3. The publish is done locally, and further requests are not proxied.

I would prefer the third option but when I try to publish to a package that is proxied I get this in npm,

npm ERR! code EPUBLISHCONFLICT
npm ERR! publish fail Cannot publish over existing version.
npm ERR! publish fail Update the 'version' field in package.json and try again.
npm ERR! publish fail 
npm ERR! publish fail To automatically increment version numbers, see:
npm ERR! publish fail     npm help version

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/ecarroll/.npm/_logs/2021-11-11T18_45_39_813Z-debug.log

Solution

  • The publish happens locally but only after the local Verdaccio server reaches out to the remote server and validates that there is no conflicting version.

    When you are trying to publish a package@version and you have uplinks defined (by default is npmjs) it will:

    1. Ask to the defined uplink (in case you have the proxy: npmjs in your package access`) and download the manifest if exist, if does not will just don't persist anything (jump to step 3)
    2. Will verify if in that manifest (in case step 1 is positive) if the version already exist.
    3. If exist, will return 409 http status (http conflict) <-- what npmjs will display is EPUBLISHCONFLICT if not, will publish the package. Here more info: https://verdaccio.org/docs/best#override-public-packages

    In a nutshell, if the package access section has proxy it will always double check with the uplink and won't allow you have duplications.

    This is taken from Juan Picado on GitHub from a discussion that I opened up