Comments (16)
Yes, this is known issue, it is fixed in the upcoming 3.71.0 release, which is currently targeted to come out on August 6th.
Direct quote from Sonatype.
from corepack.
A quick test shows that unfortunately, the issue persists. I cannot see any difference between Nexus 3.70.1 and 3.71.0. There is also no mention of the issue in the 3.71.0 release notes
I'll reopen the Sonatype support ticket.
I guess we're stuck on [email protected]
for at least another couple weeks.
Update: reply from Sonatype:
I do apologize, but there appears to have been some slippage in the release schedule for this fix.
It is actually marked as being released with the 3.72.0 version.
from corepack.
Is this reported to Sonatype as well? It seems like the incompatiblity lies on Nexus itself rather than the Corepack implementation.
from corepack.
Possibly a duplicate of #498. Can you test with Corepack 0.29.x?
from corepack.
Sonatype changed behavior in NEXUS-42854 , mentioned in the release notes , but it doesn't seem to be a sufficient fix.
from corepack.
Sonatype changed behavior in NEXUS-42854 , mentioned in the release notes , but it doesn't seem to be a sufficient fix.
Indeed NXRM 3.70.0 has changed this behavior, but it is still not compatible with corepack.
https://registry.npmjs.com/@yarnpkg/cli-dist/4.3.1
{
"name": "@yarnpkg/cli-dist",
"version": "4.3.1",
"license": "BSD-2-Clause",
"_id": "@yarnpkg/[email protected]",
"bin": {
"yarn": "bin/yarn.js",
"yarnpkg": "bin/yarn.js"
},
"dist": {
"shasum": "409cdab09b1f792d4e6bad5aa687320943b0d4cc",
"tarball": "https://registry.npmjs.org/@yarnpkg/cli-dist/-/cli-dist-4.3.1.tgz",
"fileCount": 5,
"integrity": "sha512-Vpi/Nbu2SLXGRdKvuxhT0WNe3jOL/LM0Wl58yxUN9WcaQnCYyuIILNS3R35lujao1ZXoAN35d9vAsevzStDreQ==",
"signatures": [
{
"sig": "MEYCIQDXpotyvZmuMzXobmJiotkmf/yvk+2IcPLdleVWTjZHlAIhAJA1Lh0fuNvB6nRSi5GzocTWyNej/F346E7HhuUGefSD",
"keyid": "SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA"
}
],
"unpackedSize": 2747220
},
"engines": {
"node": ">=18.12.0"
},
"_npmUser": {
"name": "yarnbot",
"email": "[email protected]"
},
"repository": {
"url": "ssh://[email protected]/yarnpkg/berry.git",
"type": "git",
"directory": "packages/yarnpkg-cli"
},
"directories": {},
"_hasShrinkwrap": false,
"_npmOperationalInternal": {
"tmp": "tmp/cli-dist_4.3.1_1718952731591_0.6413408756169847",
"host": "s3://npm-registry-packages"
}
}
https://nexus.megacorp.com/repository/npmjs-proxy/%40yarnpkg/cli-dist/4.3.1
{
"_id": "@yarnpkg/[email protected]",
"maintainers": [
{
"name": "daniel15",
"email": "[email protected]"
},
{
"name": "bestander",
"email": "[email protected]"
},
{
"name": "cpojer",
"email": "[email protected]"
},
{
"name": "arcanis",
"email": "[email protected]"
},
{
"name": "yarnbot",
"email": "[email protected]"
}
],
"license": "BSD-2-Clause",
"dist-tags": {
"v3": "3.8.3",
"latest": "4.3.1"
},
"versions": {
huge list of versions
},
"_rev": "66-3a3158dea3a016d10f8c72876b5d7be4",
"name": "@yarnpkg/cli-dist",
"time": {
"created": "2021-04-09T11:18:13.039Z",
"modified": "2024-07-25T12:13:04.535Z",
"2.4.1": "2021-04-09T11:18:13.374Z",
"3.0.0-rc.1": "2021-04-12T08:37:17.751Z",
"3.0.0-rc.2": "2021-04-12T14:54:14.320Z",
"3.0.0-rc.3": "2021-06-03T14:55:53.984Z",
"3.0.0-rc.4": "2021-06-03T15:35:43.365Z",
"2.4.2": "2021-06-03T16:01:55.314Z",
"3.0.0": "2021-07-26T16:10:51.916Z",
"3.0.1": "2021-08-22T21:01:32.655Z",
"3.0.2": "2021-09-03T12:25:05.172Z",
"3.1.0": "2021-10-25T14:57:38.351Z",
"3.1.1": "2021-11-26T13:36:24.297Z",
"3.2.0": "2022-02-21T13:04:45.372Z",
"3.2.1": "2022-05-13T10:35:13.285Z",
"3.2.2": "2022-07-21T12:52:26.715Z",
"3.2.3": "2022-08-24T18:35:28.355Z",
"3.2.4": "2022-10-05T16:44:57.592Z",
"3.3.0": "2022-11-16T09:06:30.157Z",
"3.3.1": "2022-12-20T16:05:09.449Z",
"4.0.0-rc.35": "2023-01-09T01:13:52.390Z",
"4.0.0-rc.36": "2023-01-18T16:59:29.806Z",
"4.0.0-rc.37": "2023-01-29T12:51:45.270Z",
"3.4.0": "2023-02-01T09:28:36.780Z",
"3.4.1": "2023-02-01T16:15:20.181Z",
"4.0.0-rc.38": "2023-02-04T13:11:54.127Z",
"4.0.0-rc.39": "2023-02-08T07:53:10.481Z",
"4.0.0-rc.40": "2023-03-05T16:51:01.498Z",
"3.5.0": "2023-03-16T21:30:03.314Z",
"4.0.0-rc.41": "2023-03-27T11:28:58.453Z",
"4.0.0-rc.42": "2023-03-30T07:49:51.073Z",
"3.5.1": "2023-05-01T18:58:44.561Z",
"4.0.0-rc.43": "2023-05-01T20:13:10.935Z",
"4.0.0-rc.44": "2023-05-17T14:51:46.551Z",
"3.6.0": "2023-06-01T21:15:42.274Z",
"4.0.0-rc.45": "2023-06-01T21:56:27.007Z",
"3.6.0-git.20230603.hash-45f6ecc9": "2023-06-03T17:11:27.541Z",
"3.6.0-git.20230603.hash-9645df4d": "2023-06-03T17:32:48.119Z",
"3.6.0-git.20230603.hash-3c8237cb": "2023-06-03T17:38:39.424Z",
"4.0.0-rc.46": "2023-06-22T08:20:11.007Z",
"4.0.0-rc.47": "2023-06-29T09:12:39.333Z",
"3.6.1": "2023-06-30T22:12:43.702Z",
"4.0.0-rc.48": "2023-07-02T15:01:11.596Z",
"4.0.0-rc.49": "2023-08-17T09:34:15.045Z",
"3.6.2": "2023-08-17T19:10:10.089Z",
"3.6.3": "2023-08-23T22:14:03.188Z",
"4.0.0-rc.50": "2023-08-23T22:46:04.799Z",
"4.0.0-rc.51": "2023-09-17T14:22:43.249Z",
"4.0.0-rc.52": "2023-09-29T22:02:14.739Z",
"3.6.4": "2023-10-03T22:19:02.653Z",
"4.0.0-rc.53": "2023-10-03T23:34:15.182Z",
"4.0.0": "2023-10-22T16:56:59.265Z",
"4.0.1": "2023-10-28T15:26:56.339Z",
"4.0.2": "2023-11-14T09:22:36.270Z",
"3.7.0": "2023-11-14T18:04:35.535Z",
"4.1.0": "2024-01-30T15:49:15.231Z",
"3.8.0": "2024-02-01T20:19:11.188Z",
"3.8.1": "2024-03-04T22:24:18.570Z",
"4.1.1": "2024-03-04T23:11:57.106Z",
"4.2.0": "2024-05-02T16:22:33.560Z",
"3.8.2": "2024-05-02T17:04:36.111Z",
"4.2.1": "2024-05-02T17:51:55.024Z",
"4.2.2": "2024-05-08T17:50:42.768Z",
"4.3.0": "2024-06-10T18:52:21.867Z",
"4.3.1": "2024-06-21T06:52:11.814Z",
"3.8.3": "2024-06-21T15:32:33.189Z"
},
"readme": "",
"readmeFilename": "",
"repository": {
"url": "ssh://[email protected]/yarnpkg/berry.git",
"type": "git",
"directory": "packages/yarnpkg-cli"
}
}
I've opened a support ticket at Sonatype in the hopes that they change the version-specific metadata to include a singlar version
instead of a versions
object containing all versions.
from corepack.
We got the same issue with our organization, we can not update corepack
from corepack.
Is this still an issue?
from corepack.
Yes, this is known issue, it is fixed in the upcoming 3.71.0 release, which is currently targeted to come out on August 6th.
Direct quote from Sonatype.
3.71.0 was released last week. Can anyone who has already upgraded confirm that the release fixed this issue for them?
from corepack.
Thanks @PayBas for the update.
I'm having the mismatch hash issue (which is solved in issue 296) with [email protected]
, so I have to update to [email protected]
, and now I'm stuck with this issue.
Any suggestion to work around?
from corepack.
Thanks @PayBas for the update. I'm having the mismatch hash issue (which is solved in issue 296) with
[email protected]
, so I have to update to[email protected]
, and now I'm stuck with this issue. Any suggestion to work around?
As long as your CI server and all your developers use the exact same COREPACK_NPM_REGISTRY
value, then the "packageManager": "yarn@..."
hash should be stable.
Just replace the hash in your package.json
with the one in your error message. That's how we fixed it.
from corepack.
Just replace the hash in your package.json with the one in your error message. That's how we fixed it.
Awesome. This works for me with [email protected]
. Thank you so much!
from corepack.
This error regrading Sonatype Nexus reminds me of a similar issue when trying to download a package manager using Corepack, starting with Yarn:
Internal Error: Server answered with HTTP 404 when performing the request to
https://****/repository/proxy_npm_official/@yarnpkg/cli-dist/4.3.1; for troubleshooting help, see https://github.com/nodejs/corepack#troubleshooting
at fetch (/home/containeruser/lib/node_modules/corepack/dist/lib/corepack.cjs:21616:11)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async fetchAsJson (/home/containeruser/lib/node_modules/corepack/dist/lib/corepack.cjs:21623:20)
at async fetchTarballURLAndSignature (/home/containeruser/lib/node_modules/corepack/dist/lib/corepack.cjs:21571:27)
at async installVersion (/home/containeruser/lib/node_modules/corepack/dist/lib/corepack.cjs:21833:52)
at async Engine.ensurePackageManager (/home/containeruser/lib/node_modules/corepack/dist/lib/corepack.cjs:22310:32)
at async InstallGlobalCommand.installFromDescriptor (/home/containeruser/lib/node_modules/corepack/dist/lib/corepack.cjs:22707:5)
at async Promise.all (index 0)
at async InstallGlobalCommand.execute (/home/containeruser/lib/node_modules/corepack/dist/lib/corepack.cjs:22685:5)
at async InstallGlobalCommand.validateAndExecute (/home/containeruser/lib/node_modules/corepack/dist/lib/corepack.cjs:19835:22)
The issue appears as soon as we switch to Corepack 0.24.0 or later. I guess it's all related to this decision.
That's pretty strange because we don't have any install/download issues at all for packages coming from Nexus V3.66 using npm, pnpm or yarn. So Corepack does something special which leads to a 404 error instead.
Of course, you could remove the COREPACK_NPM_REGISTRY env variable so it fetches the tool from the original yarn source like before 0.24.0. But that way other package managers like pnpm can't be installed because without COREPACK_NPM_REGISTRY the original npm registry is requested, which is not available for us.
So COREPACK_NPM_REGISTRY has to be enabled or disabled depending on which package manager you are going to install? That's kind of ridiculous, isn't it? I guess that's why Corepack is still described as experimental in the NodeJS docs.
So switching back to 0.23.0 is the best and easiest solution for us so far.
from corepack.
3.72.0 release notes mention:
NEXUS-43608 : Requests for version-specific scoped npm metadata return the expected metadata.
This should be the fix. Haven't had the opportunity to test it yet though.
from corepack.
3.72.0 includes a partial fix it seems - the version-specific metadata is there...but the .dist.tarball
property still points at the upstream feed URL instead of pointing back into the Nexus Repository server 🤦
from corepack.
3.72.0 includes a partial fix it seems - the version-specific metadata is there...but the
.dist.tarball
property still points at the upstream feed URL instead of pointing back into the Nexus Repository server 🤦
Sigh. I'll open another ticket...
Update: Sonatype has acknowledged the issue and are tracking it under internal ticket NEXUS-44175
. Whether this will result in a 3.72.1 or if we have to wait for 3.73.0 remains to be seen. It probably depends on whether the issue breaks current deployments.
from corepack.
Related Issues (20)
- Tools hardcoded to run scripts with npm fail when using corepack-managed npm HOT 3
- When using "COREPACK_NPM_REGISTRY", corepack still fetches pnpm from npmjs.org HOT 3
- Corepack install -g doesn't update known good releases
- Corepack strips empty lines from package.json when inserting `packageManager` HOT 1
- `corepack project install` command? HOT 4
- `corepack enable` exits successfully (exit code 0), but isn't actually enabled HOT 2
- [Question]How the 'COREPACK_ENABLE_UNSAFE_CUSTOM_URLS=1` use ? HOT 2
- feature request: support configuration via config file
- Remove undici dependency when minimum supported Node.js version is 22.3.0 HOT 1
- cannot install pnpm HOT 4
- corepack documentation: ??= nullish-coalescing-assignment not supported in node 14 HOT 1
- Corepack breaks when `integrity` key is missing from metadata, from artifactory HOT 1
- Feature request: `COREPACK_NPM_REGISTRY ` defaults to `$(npm config get registry)` HOT 6
- Set npm registry to fetch dependence error HOT 2
- Corepack failed to install yarn when yarnPath is set HOT 3
- Stop developing corepack (from a happy user) HOT 6
- Cannot bypass "Corepack is about to download" prompt HOT 1
- How to List All PNPM Versions Installed via Corepack HOT 4
- `parseURL` failed when installing pnpm
- Corepack not adding `packageManager` field to `package.json` HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from corepack.