Hi, this may be a corner case, but I want to share my story.
I use Travis CI pipeline to publish my package to NPM repo when the pipeline is trigger by a tag. It means, when a new git tag push to GitHub, Travis CI will pick that commit, build and publish the package to NPM with Travis deployment configuration.
Besides, I test my package with node matrix on different versions - 0.10, 0.12, 3.x and 4.x. So, Travis will trigger four jobs for me. Each job will run the NPM publish deployment script. In other words, the npm publish command will run four times - once for one job. Anyway, the first job to hit npm publish should win and others should fail. The pacakge should be good.
However, today, I tag a new version and push it to GitHub, Travis CI triggered a build to build, test and publish my package to NPM. Of course, it will run npm publish four times - one succeed and other three should fail.
1st time failed with message malformed token : depcheck-es6
3rd time failed with message You cannot publish over the previously published version 0.5.4.
4th time failed with message You cannot publish over the previously published version 0.5.4.
The error message for the third and forth time request is easy to understand, while the first time error message looks different. Anyway, the second request reports secceed. The publish job should be good, the new version should be good.
Really?
After the package is published, my package cannot be installed any more. It fails with:
> npm i depcheck-es6
npm ERR! Darwin 14.5.0
npm ERR! argv "/Users/dgreene/.nvm/versions/node/v4.2.1/bin/node" "/Users/dgreene/.nvm/versions/node/v4.2.1/bin/npm" "i" "depcheck-es6"
npm ERR! node v4.2.1
npm ERR! npm v3.3.6
npm ERR! shasum check failed for /var/folders/hl/c611mdq92fd6q6_rf_mj33cr0000gp/T/npm-34889-dad6951d/registry.npmjs.org/depcheck-es6/-/depcheck-es6-0.5.4.tgz
npm ERR! Expected: 7cfa907d49a6db295acfd0da89b326d9e8a5a071
npm ERR! Actual: a4e35e665e4d13d749edddeb1419dd4621175c4a
npm ERR! From: https://registry.npmjs.org/depcheck-es6/-/depcheck-es6-0.5.4.tgz
npm ERR!
npm ERR! If you need help, you may report this error at:
npm ERR! <https://github.com/npm/npm/issues>
npm ERR! Please include the following file with any support request:
npm ERR! /private/var/folders/hl/c611mdq92fd6q6_rf_mj33cr0000gp/T/node_modules/package-json/npm-debug.log
It seems like, the installation error shasum check failed is related to my first request error malformed token. But I am not sure.
Finally, I unpublish my version and re-publish a new version to resolve this.
There may be a very corner case for npm publish senario. But I hope some experts could take a look.
tjwebb
commented
8 years ago
Hi, this may be a corner case, but I want to share my story.
I use Travis CI pipeline to publish my package to NPM repo when the pipeline is trigger by a tag. It means, when a new git tag push to GitHub, Travis CI will pick that commit, build and publish the package to NPM with Travis deployment configuration.
Besides, I test my package with node matrix on different versions - 0.10, 0.12, 3.x and 4.x. So, Travis will trigger four jobs for me. Each job will run the NPM publish deployment script. In other words, the
npm publishcommand will run four times - once for one job. Anyway, the first job to hitnpm publishshould win and others should fail. The pacakge should be good.However, today, I tag a new version and push it to GitHub, Travis CI triggered a build to build, test and publish my package to NPM. Of course, it will run
npm publishfour times - one succeed and other three should fail.The error message for the third and forth time request is easy to understand, while the first time error message looks different. Anyway, the second request reports secceed. The publish job should be good, the new version should be good.
Really?
After the package is published, my package cannot be installed any more. It fails with:
It seems like, the installation error shasum check failed is related to my first request error malformed token. But I am not sure.
Finally, I unpublish my version and re-publish a new version to resolve this.
There may be a very corner case for
npm publishsenario. But I hope some experts could take a look.Thanks in advance!