single-spa / self-hosted-shared-dependencies Goto Github PK

I am using a private registry which I enabled with the command npm config set registry <url-to-registry>. The self-hosted-shared-dependencies tool always seems to use registry.npmjs.org regardless of what is configured locally. Is it possible to make the tool respect the configured npm registry?

When putting a package with a slash into the shared-deps.conf.mjs file (like @company/my-lib), the tool crashes with an exception, since it does not create subdirectories recursively. It needs to create first @company and then my-lib as a subdirectory, but this won't happen because the recursive option of the command fs.mkdir is not used.

Hi! 👋

Firstly, thanks for your work on this project! 🙂

I've noticed that lib was only using npm fetch to fetch metadata, but tarball should also be fetched using npmFetch so that private packages are working? It also slightly simplifies code (in my patch i assume i am not handling errors)

Here is the diff that solved my problem:

diff --git a/node_modules/self-hosted-shared-dependencies/lib/self-hosted-shared-dependencies.js b/node_modules/self-hosted-shared-dependencies/lib/self-hosted-shared-dependencies.js
index c09225d..8879a03 100644
--- a/node_modules/self-hosted-shared-dependencies/lib/self-hosted-shared-dependencies.js
+++ b/node_modules/self-hosted-shared-dependencies/lib/self-hosted-shared-dependencies.js
@@ -335,27 +335,8 @@ export async function build({
         });
 
         const tarballUrl = metadata.versions[matchedVersion].dist.tarball;
-        const requestStream = (
-          tarballUrl.startsWith("http://") ? http : https
-        ).request(tarballUrl);
 
-        requestStream.on("response", (responseStream) => {
-          responseStream.pipe(untarStream);
-        });
-
-        requestStream.on("timeout", () => {
-          reject(
-            Error(
-              `Request timed out to download tarball for ${p.name}@${matchedVersion}`
-            )
-          );
-        });
-
-        requestStream.on("error", (err) => {
-          reject(err);
-        });
-
-        requestStream.end();
+        npmFetch(tarballUrl, npmFetchOptions).then((res) => res.body.pipe(untarStream)).catch(reject);
 
         untarStream.on("end", () => {
           resolve();

It appears npmRegistry doesn't do anything. Running with and without the option gave me the same error for a private package.

--> @vmware/some-private-lib
HttpErrorGeneral: 404 Not Found - GET https://registry.npmjs.org/@vmware/some-private-lib - Not found
    at <project-dir>/node_modules/npm-registry-fetch/check-response.js:134:15
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at async buildPackage (file:///<project-dir>/node_modules/self-hosted-shared-dependencies/lib/self-hosted-shared-dependencies.js:235:18)
    at async build (file:///<project-dir>/node_modules/self-hosted-shared-dependencies/lib/self-hosted-shared-dependencies.js:208:20)
    at async file:///<project-dir>/node_modules/self-hosted-shared-dependencies/bin/self-hosted-shared-dependencies-cli.js:29:9 {
  headers: [Object: null prototype] {
    date: [ 'Wed, 11 Aug 2021 20:46:42 GMT' ],
    'content-type': [ 'application/json' ],
    'content-length': [ '21' ],
    connection: [ 'keep-alive' ],
    'expect-ct': [
      'max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"'
    ],
    vary: [ 'Accept-Encoding' ],
    server: [ 'cloudflare' ],
    'cf-ray': [ '67d450987ea7cab4-YYZ' ],
    'x-fetch-attempts': [ '1' ]
  },
  statusCode: 404,
  code: 'E404',
  method: 'GET',
  uri: 'https://registry.npmjs.org/@vmware/some-private-lib',
  body: { error: 'Not found' },
  pkgid: 'some-private-lib'
}

Hey there, I'm wondering why we are downloading things from npm "again".

Especially in the case of using the usePackageJSON option, after installing the dependencies for a project, all those dependencies are already available in the local file system.

What would it take to just use those files?
Or is there a good reason not to do that?

Include/exclude per version is not working.
From README

{
      versions: [
        // When the version is a string, the package's include and exclude lists
        // are applied
        ">= 17",

        // When the version is an object, the version's include and exclude lists
        // take priority over the package's include and exclude lists
        {
          version: "16.14.0",
          include: ["umd/**", "cjs/**"],
        },
      ],
}

The problem is at self-hosted-shared-dependencies.js in lines 310 and 310

In that context matchedVersion is always a string as it comes from npm's metadata. Line 247

The line import(path.resolve(process.cwd(), configFile)) in bin/self-hosted-shared-dependencies-cli.js is not compatible with windows since you need correct URLs for the import command that start with file://.

I followed the instructions in the README.md and used the same content for the file shared-deps.conf.mjs. When I execute the command npm run build-shared-deps I get the following error:

import-im6.q16: unable to open X server `' @ error/import.c/ImportImageCommand/358.
import-im6.q16: unable to open X server `' @ error/import.c/ImportImageCommand/358.
import-im6.q16: unable to open X server `' @ error/import.c/ImportImageCommand/358.
/node_modules/.bin/shared-deps: 5: /node_modules/.bin/shared-deps: Syntax error: "(" unexpected

I am using node with version 14.16.1.

You can also reproduce this issue by executing docker run -it node:14 bash and copying all scripts from README.md. Or by just cloning polyglot-microfrontends/shared-dependencies and running npm run build.

Hi folks!

After some long debugging I was able to retrieve the metadata from the private package registry:

 registryFetchOptions: {
        "//registry.npmjs.org/@mycompany/mypackage:_authToken": "npm_my-auth-token"
    },

// OR

 registryFetchOptions: {
       forceAuth: {
         token: "npm_my-auth-token"
      }
    },

these are the ways that I found to allow successfully retrieve the package metadata. But it fails when trying to download the tar file. Reviewing the code I can't see in this line

Just wondering if this is something that happens in another place or is not working at all at this version (2.0.0).

Regards,
Leonardo Monge García.

Many organizations have private packages hosted on the public registry. I think npm-registry-fetch has a way to handle that. But I'm not sure if this package does so. It would be an easy addition with options, but if there is already a way what would it be?