Skip to content
This repository has been archived by the owner on Aug 11, 2021. It is now read-only.

Publish new NPM package version simultaneously may cause bad result #121

Open
lijunle opened this issue Oct 15, 2015 · 1 comment
Open

Publish new NPM package version simultaneously may cause bad result #121

lijunle opened this issue Oct 15, 2015 · 1 comment

Comments

@lijunle
Copy link

lijunle commented Oct 15, 2015

Hi, this may be a corner case, but I want to share my story.

I use Travis CI pipeline to publish my package to NPM repo when the pipeline is trigger by a tag. It means, when a new git tag push to GitHub, Travis CI will pick that commit, build and publish the package to NPM with Travis deployment configuration.

Besides, I test my package with node matrix on different versions - 0.10, 0.12, 3.x and 4.x. So, Travis will trigger four jobs for me. Each job will run the NPM publish deployment script. In other words, the npm publish command will run four times - once for one job. Anyway, the first job to hit npm publish should win and others should fail. The pacakge should be good.

However, today, I tag a new version and push it to GitHub, Travis CI triggered a build to build, test and publish my package to NPM. Of course, it will run npm publish four times - one succeed and other three should fail.

  • 1st time failed with message malformed token : depcheck-es6
  • 2nd time succeed.
  • 3rd time failed with message You cannot publish over the previously published version 0.5.4.
  • 4th time failed with message You cannot publish over the previously published version 0.5.4.

The error message for the third and forth time request is easy to understand, while the first time error message looks different. Anyway, the second request reports secceed. The publish job should be good, the new version should be good.

Really?

After the package is published, my package cannot be installed any more. It fails with:

> npm i depcheck-es6
npm ERR! Darwin 14.5.0
npm ERR! argv "/Users/dgreene/.nvm/versions/node/v4.2.1/bin/node" "/Users/dgreene/.nvm/versions/node/v4.2.1/bin/npm" "i" "depcheck-es6"
npm ERR! node v4.2.1
npm ERR! npm  v3.3.6

npm ERR! shasum check failed for /var/folders/hl/c611mdq92fd6q6_rf_mj33cr0000gp/T/npm-34889-dad6951d/registry.npmjs.org/depcheck-es6/-/depcheck-es6-0.5.4.tgz
npm ERR! Expected: 7cfa907d49a6db295acfd0da89b326d9e8a5a071
npm ERR! Actual:   a4e35e665e4d13d749edddeb1419dd4621175c4a
npm ERR! From:     https://registry.npmjs.org/depcheck-es6/-/depcheck-es6-0.5.4.tgz
npm ERR!
npm ERR! If you need help, you may report this error at:
npm ERR!     <https://github.com/npm/npm/issues>

npm ERR! Please include the following file with any support request:
npm ERR!     /private/var/folders/hl/c611mdq92fd6q6_rf_mj33cr0000gp/T/node_modules/package-json/npm-debug.log

It seems like, the installation error shasum check failed is related to my first request error malformed token. But I am not sure.

Finally, I unpublish my version and re-publish a new version to resolve this.

There may be a very corner case for npm publish senario. But I hope some experts could take a look.

Thanks in advance!
@lijunle lijunle mentioned this issue Oct 15, 2015
Merged
@tjwebb
Copy link

tjwebb commented Dec 5, 2015

also seeing this issue

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tjwebb @lijunle