Hosted npm repository: Endpoint /{package}/{version} does not return information about specific package version

[WIStudent]

• What problem are you trying to solve?

I have a hosted npm repository my-npm and published an npm package @foo/bar with version 1.0.0 to it. According to the npm registry API documentation the endpoint /{package}/{version} should return information about that specific version, but http://localhost:8081/repository/my-npm/@foo%2Fbar/1.0.0 returned 400 Bad Request.

If I publish an unscoped package (e.g. foo), http://localhost:8081/repository/my-npm/foo/1.0.0 does not respond with HTTP Code 400 but with 404 and body

{"success":false,"error":"Package 'foo-1.0.0' not found"}

• Do you have a workaround you are using at present?

No

• What feature or behavior is this required for?

GitHub's dependabot uses the /{package}/{version} endpoint to request specific package versions from npm registries. Without this endpoint dependabot cannot check nexus hosted npm repositories for updated packages.

• How could we solve this issue? (Not knowing is okay!)

Implement the /{package}/{version} endpoint and return version specific package information like npmjs.com does (e.g. https://registry.npmjs.com/semver/6.3.1)

• Tell us about your Nexus Repository deployment: what version, operating system, and database are you using?

I used the latest sonartype/nexus3 docker image (which should be version 3.58.1) to verify this issue.

docker run -d -p 8081:8081 --name nexus sonatype/nexus3