single-spa / self-hosted-shared-dependencies Goto Github PK
View Code? Open in Web Editor NEWA repo for self hosting shared dependencies
License: MIT License
A repo for self hosting shared dependencies
License: MIT License
I am using a private registry which I enabled with the command npm config set registry <url-to-registry>
. The self-hosted-shared-dependencies tool always seems to use registry.npmjs.org
regardless of what is configured locally. Is it possible to make the tool respect the configured npm registry?
When putting a package with a slash into the shared-deps.conf.mjs
file (like @company/my-lib
), the tool crashes with an exception, since it does not create subdirectories recursively. It needs to create first @company
and then my-lib
as a subdirectory, but this won't happen because the recursive
option of the command fs.mkdir
is not used.
Hi! π
Firstly, thanks for your work on this project! π
I've noticed that lib was only using npm fetch to fetch metadata, but tarball should also be fetched using npmFetch so that private packages are working? It also slightly simplifies code (in my patch i assume i am not handling errors)
Here is the diff that solved my problem:
diff --git a/node_modules/self-hosted-shared-dependencies/lib/self-hosted-shared-dependencies.js b/node_modules/self-hosted-shared-dependencies/lib/self-hosted-shared-dependencies.js
index c09225d..8879a03 100644
--- a/node_modules/self-hosted-shared-dependencies/lib/self-hosted-shared-dependencies.js
+++ b/node_modules/self-hosted-shared-dependencies/lib/self-hosted-shared-dependencies.js
@@ -335,27 +335,8 @@ export async function build({
});
const tarballUrl = metadata.versions[matchedVersion].dist.tarball;
- const requestStream = (
- tarballUrl.startsWith("http://") ? http : https
- ).request(tarballUrl);
- requestStream.on("response", (responseStream) => {
- responseStream.pipe(untarStream);
- });
-
- requestStream.on("timeout", () => {
- reject(
- Error(
- `Request timed out to download tarball for ${p.name}@${matchedVersion}`
- )
- );
- });
-
- requestStream.on("error", (err) => {
- reject(err);
- });
-
- requestStream.end();
+ npmFetch(tarballUrl, npmFetchOptions).then((res) => res.body.pipe(untarStream)).catch(reject);
untarStream.on("end", () => {
resolve();
It appears npmRegistry
doesn't do anything. Running with and without the option gave me the same error for a private package.
--> @vmware/some-private-lib
HttpErrorGeneral: 404 Not Found - GET https://registry.npmjs.org/@vmware/some-private-lib - Not found
at <project-dir>/node_modules/npm-registry-fetch/check-response.js:134:15
at processTicksAndRejections (node:internal/process/task_queues:96:5)
at async buildPackage (file:///<project-dir>/node_modules/self-hosted-shared-dependencies/lib/self-hosted-shared-dependencies.js:235:18)
at async build (file:///<project-dir>/node_modules/self-hosted-shared-dependencies/lib/self-hosted-shared-dependencies.js:208:20)
at async file:///<project-dir>/node_modules/self-hosted-shared-dependencies/bin/self-hosted-shared-dependencies-cli.js:29:9 {
headers: [Object: null prototype] {
date: [ 'Wed, 11 Aug 2021 20:46:42 GMT' ],
'content-type': [ 'application/json' ],
'content-length': [ '21' ],
connection: [ 'keep-alive' ],
'expect-ct': [
'max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"'
],
vary: [ 'Accept-Encoding' ],
server: [ 'cloudflare' ],
'cf-ray': [ '67d450987ea7cab4-YYZ' ],
'x-fetch-attempts': [ '1' ]
},
statusCode: 404,
code: 'E404',
method: 'GET',
uri: 'https://registry.npmjs.org/@vmware/some-private-lib',
body: { error: 'Not found' },
pkgid: 'some-private-lib'
}
Hey there, I'm wondering why we are downloading things from npm "again".
Especially in the case of using the usePackageJSON
option, after installing the dependencies for a project, all those dependencies are already available in the local file system.
What would it take to just use those files?
Or is there a good reason not to do that?
Include/exclude per version is not working.
From README
{
versions: [
// When the version is a string, the package's include and exclude lists
// are applied
">= 17",
// When the version is an object, the version's include and exclude lists
// take priority over the package's include and exclude lists
{
version: "16.14.0",
include: ["umd/**", "cjs/**"],
},
],
}
The problem is at self-hosted-shared-dependencies.js
in lines 310 and 310
In that context matchedVersion
is always a string as it comes from npm's metadata. Line 247
The line import(path.resolve(process.cwd(), configFile))
in bin/self-hosted-shared-dependencies-cli.js
is not compatible with windows since you need correct URLs for the import
command that start with file://
.
I followed the instructions in the README.md and used the same content for the file shared-deps.conf.mjs. When I execute the command npm run build-shared-deps
I get the following error:
import-im6.q16: unable to open X server `' @ error/import.c/ImportImageCommand/358.
import-im6.q16: unable to open X server `' @ error/import.c/ImportImageCommand/358.
import-im6.q16: unable to open X server `' @ error/import.c/ImportImageCommand/358.
/node_modules/.bin/shared-deps: 5: /node_modules/.bin/shared-deps: Syntax error: "(" unexpected
I am using node with version 14.16.1.
You can also reproduce this issue by executing docker run -it node:14 bash
and copying all scripts from README.md. Or by just cloning polyglot-microfrontends/shared-dependencies
and running npm run build
.
Hi folks!
After some long debugging I was able to retrieve the metadata from the private package registry:
registryFetchOptions: {
"//registry.npmjs.org/@mycompany/mypackage:_authToken": "npm_my-auth-token"
},
// OR
registryFetchOptions: {
forceAuth: {
token: "npm_my-auth-token"
}
},
these are the ways that I found to allow successfully retrieve the package metadata. But it fails when trying to download the tar file. Reviewing the code I can't see in this line
that you authenticate the request to download the tar file properly from the private registry.Just wondering if this is something that happens in another place or is not working at all at this version (2.0.0).
Regards,
Leonardo Monge GarcΓa.
Many organizations have private packages hosted on the public registry. I think npm-registry-fetch has a way to handle that. But I'm not sure if this package does so. It would be an easy addition with options, but if there is already a way what would it be?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. πππ
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google β€οΈ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.