nexus-public
nexus-public copied to clipboard
Hosted npm repository: Endpoint /{package}/{version} does not return information about specific package version
- What problem are you trying to solve?
I have a hosted npm repository my-npm
and published an npm package @foo/bar
with version 1.0.0
to it. According to the npm registry API documentation the endpoint /{package}/{version}
should return information about that specific version, but http://localhost:8081/repository/my-npm/@foo%2Fbar/1.0.0
returned 400 Bad Request
.
If I publish an unscoped package (e.g. foo
), http://localhost:8081/repository/my-npm/foo/1.0.0
does not respond with HTTP Code 400
but with 404
and body
{"success":false,"error":"Package 'foo-1.0.0' not found"}
- Do you have a workaround you are using at present?
No
- What feature or behavior is this required for?
GitHub's dependabot uses the /{package}/{version}
endpoint to request specific package versions from npm registries. Without this endpoint dependabot cannot check nexus hosted npm repositories for updated packages.
- How could we solve this issue? (Not knowing is okay!)
Implement the /{package}/{version}
endpoint and return version specific package information like npmjs.com does (e.g. https://registry.npmjs.com/semver/6.3.1)
- Tell us about your Nexus Repository deployment: what version, operating system, and database are you using?
I used the latest sonartype/nexus3 docker image (which should be version 3.58.1) to verify this issue.
docker run -d -p 8081:8081 --name nexus sonatype/nexus3