Skip to content
This repository has been archived by the owner on Aug 11, 2021. It is now read-only.

Insecure tarball URI when publishing package to registry #163

Open
Vrtak-CZ opened this issue Aug 8, 2017 · 1 comment
Open

Insecure tarball URI when publishing package to registry #163

Vrtak-CZ opened this issue Aug 8, 2017 · 1 comment

Comments

@Vrtak-CZ
Copy link

Vrtak-CZ commented Aug 8, 2017

Hello is there any reason for this?

npm-registry-client/lib/publish.js

Line 98 in 690d62c

.replace(/^https:\/\//, 'http://')
our infrastructure with private npm registry running only on secure TLS (HTTPS) connection. So when we try download package it returns error because NPM/Yarn tries download it from insecure URL (because metadata is "deformed" by this code).
@iarna
Copy link
Contributor

iarna commented Sep 21, 2017
edited
Loading

I don't honestly know why this is in there, I presume it's for backwards compatibility with some third party registry. The npm registry products appear to ignore that entirely. You may want to speak with your registry vendor about getting closer compatibility with production npm behavior.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Vrtak-CZ @iarna