search

sholladay / squatter

Check if a namespace on npm is being hogged
Mozilla Public License 2.0
73 stars 2 forks source link

versionPkg() throws "Cannot read property 'latest' of undefined" #1

Open bokub opened 6 years ago

bokub commented 6 years ago

Hi, While running npm-name-cli, I got the following error:

npm-name --version
> 2.3.0

npm-name sunglasses
> TypeError: Cannot read property 'latest' of undefined
>    at versionPkg (/usr/local/lib/node_modules/npm-name-cli/node_modules/squatter/lib/get->package.js:9:36)
>    at squatter (/usr/local/lib/node_modules/npm-name-cli/node_modules/squatter/index.js:42:17)
>    at process._tickCallback (internal/process/next_tick.js:68:7)

which points to the following line of code : 

    const fixed = meta['dist-tags'][version] // version = 'latest'

I logged meta I and I got the following result: 

{ _id: 'sunglasses',
  _rev: '2-120e55f8b26a7ff42558a6baf3f1d868',
  name: 'sunglasses',
  time:
   { modified: '2016-04-28T00:32:39.237Z',
     created: '2016-04-28T00:32:39.237Z',
     '0.0.0-reserved': '2016-04-28T00:32:39.237Z',
     unpublished:
      { name: 'npm',
        time: '2016-06-10T22:41:14.482Z',
        tags: [Object],
        maintainers: [Array],
        versions: [Array] } },
  _attachments: {} }

There is no dist-tags in the meta.

I thinks the package has been unpublished, so it might be good to handle that case

bokub commented 6 years ago

So, I tried to publish a package named sunglasses and it was possible.

That means squatter should return 'NOT SQUATTED'.

sholladay commented 6 years ago

Interesting. I was not aware that packages might lack a dist-tags field. Agreed that we should handle it if this is normal for packages that have been unpublished. We should verify that is the case first, though.

Would you like to make a PR for this? Do you need any help?