Hosted npm repository: Endpoint /{package}/{version} does not return information about specific package version

[WIStudent]

• What problem are you trying to solve?

I have a hosted npm repository my-npm and published an npm package @foo/bar with version 1.0.0 to it. According to the npm registry API documentation the endpoint /{package}/{version} should return information about that specific version, but http://localhost:8081/repository/my-npm/@foo%2Fbar/1.0.0 returned 400 Bad Request.

If I publish an unscoped package (e.g. foo), http://localhost:8081/repository/my-npm/foo/1.0.0 does not respond with HTTP Code 400 but with 404 and body

{"success":false,"error":"Package 'foo-1.0.0' not found"}

• Do you have a workaround you are using at present?

No

• What feature or behavior is this required for?

GitHub's dependabot uses the /{package}/{version} endpoint to request specific package versions from npm registries. Without this endpoint dependabot cannot check nexus hosted npm repositories for updated packages.

• How could we solve this issue? (Not knowing is okay!)

Implement the /{package}/{version} endpoint and return version specific package information like npmjs.com does (e.g. https://registry.npmjs.com/semver/6.3.1)

• Tell us about your Nexus Repository deployment: what version, operating system, and database are you using?

I used the latest sonartype/nexus3 docker image (which should be version 3.58.1) to verify this issue.

docker run -d -p 8081:8081 --name nexus sonatype/nexus3

[nblair]

Hi @WIStudent thanks for opening an issue. Our support for NPM is geared towards supporting the NPM client, and it does not appear this API you've identified is required to support the NPM client. We'll leave this issue open to gauge interest from the community.

[KagurazakaNyaa]

However, the lack of this API will cause errors in some clients that are compatible with the official registry API. Can you reconsider adding this API to ensure compatibility with the official registry?