Can't make depfu work with private NPM package

[MilosMosovsky]

We are trying to make depfu work with one of our private NPM packages. But it seems it's having some problem (or maybe we are missing something).

Current behaviour

1. We release new package to npmjs.com which is privately scoped
2. Depfu has npmjs token to AUTH with that namespace and correctly parses the version change
3. Depfu marks the update as Queued
4. After some time it goes to Waiting state in the dashboard
5. After some time it goes to Running state in the dashboard
6. Nothing happens

Current behaviour 2 Steps 1-2 are same

3. I click manually button Run now in the dependency list Steps 3-5 are repeated

Current behaviour 3 Steps 1-2 are same

3. I click manually button Create a PR in the dependency list Steps 3-5 are repeated

Additional findings

• I found out that every npm package has small changelog icon in the list
• Our package

This leads me to a conclusion that depfu can't in any way communicate with our github repository (as it is private) to parse CHANGELOG.md maybe it even crash because of that ??

The current setup is:

• Private organizational repo for our npm package which is stored on github
• Private npmjs.com scope package
• Access token in depfu (verified as it parses the latest version correctly)
• Our package.json has fields

  "repository": {
  "type": "git",
  "url": "git+https://github.com/toptal/<redacted>.git"
  }

• Our repository is correctly generating CHANGELOG.md on every release, it is correctly creating Release also on GH so it's parsable even by GH API for releases

@theflow Any thought on this? Are we missing some magical thing to make it work :) /cc: @anym0us

If you need more sensitive info feel free to reach me on

[theflow]

Hi @MilosMosovsky,

So I've checked and everything is working fine with the private npm package.

The problem here is that right now Depfu ignores pre-releases. That has been on our list for a while but we haven't gotten to it yet: basically if you're on a pre-release version, it should also send you new pre-release updates. I'll have a look this tomorrow to see what I can do, maybe as a first step it should at least send you the update if you explicitly trigger it from the UI.

Cheers, Florian

[MilosMosovsky]

@theflow Awesome, that explains a lot, the trigger from UI would be awesome, I will try to fix it to make normal release instead of pre-release 👍 Thanks!

[MilosMosovsky]

@theflow I am not sure if you implemented something but we just received PR from depfu :) Only the last part is missing, we don't have changelog parsed properly (there is no section for that) is there any standard format which is used for that?

[theflow]

@MilosMosovsky yes, I've fixed a few issues today around pre-release versions. There is still work left, so if possible I would recommend to use stable version numbers for private packages.

Getting the list of commits and changelog showing up in the PR for private packages is another thing we're actively working on, that should be working soon.

[MilosMosovsky]

@theflow Is there any possible workaround for that for now ? (e.g. packing CHANGELOG.md to npm) package so it could be read by node_modules/@org/package/CHANGELOG.md ? 🤔

And thanks for the great job!

[theflow]

No, unfortunately not, at least we couldn't think of any workaround. It would need to be part of the response from registry.npmjs.org for your package and there is no extra info you can store there for each version.

[theflow]

Hi @MilosMosovsky, I've did some more work on this and please take a look at the open PR for your private package, it should have the changelog in there now.

[MilosMosovsky]

@theflow AWESOME! It works like a charm :)