search

sonatype / nexus-public

Sonatype Nexus Repository Open-source codebase mirror
https://www.sonatype.com/products/repository-oss-download
Eclipse Public License 1.0
1.93k stars 569 forks source link

NEXUS-40287 - Npm Proxy can't connect to Npm Hosted #241

Open luka5 opened 1 year ago

luka5 commented 1 year ago

Hi @nblair

With the latest Sonatype Nexus Repository OSS 3.60.0-02 we've noticed that we still run into a issues formerly known as NEXUS-23618.

TL;DR A Nexus Npm Proxy Repo can't connect to a Npm Hosted Repo.

We've one Nexus (upstream) with a hosted Npm repository and another one (downstream) with a proxy Npm repository to exactly that hosted Npm repository. Everything works fine, as long as there are no new releases. When there is a newer version of a Npm package in the upstream Nexus, that Nexus does update the attribute Npm last_modified but not the Content last_modified. When requesting the npm package metadata now, the downstream Nexus sends it's Content last_modified in the If-Modified-Since: header. Since it is not updated in the upstream Nexus, we receive a 304 Not Modified and a 404 Not Found for the actual package in the end. From what we see it would be fixed, if the npm hosted package updates the package metadata Content last_modified at the moment, when it already updates the Npm last_modified.

In addition, we're a bit confused that there is no way to reset this metadata cache. The only option to solve this right now is to delete the blobs in the blobstore or the blobstore itself. I'd expect the Invalidate cache of the Npm proxy repo to remove these files.

When debugging this, we also did run the Create Repair - Reconcile component database from blob store Task task on the downstream Nexus. As known, it might reset the last_modified timestamps to today. That's why - if the other thing is resolved - we would still run into errors here. Maybe it's worth adding a note somewhere.

As long as the bug is still in Nexus, what workaround can you think of? We are thinking of deleting and recreating the proxy repository and blobstore daily.

Thank you!

luka5 commented 1 year ago

We've just noticed, that a Npm group repository works as expected. Gladly our upstream Nexus has a Npm group repository including the Npm hosted. When running the same curl request against the same Nexus with a Header such as If-Modified-Since: Wed, 14 Jun 2023 14:49:05 GMT, it does return latest version for the Npm group.