Workspace packages or packages from private repos produce a 'failed to fetch' #5
Comments
|
The NPM registry has misconfigured CORS for error responses for nearly a year which means I can't actually distinguish a network error from a 404. I've sent a few emails to them but there seems to be no one willing to get that corrected anytime soon. For now, the onus will be on uploaders to correctly limit the packages they feed into the tool. |
|
Ah, that is unfortunate. Is there a way to skip the package in question in case the request fails;? Does deptree always need every dependency, even if it can't be reached? |
|
Skipping dependencies due to unknown errors (be it 404 or network errors) would result in unpredictability -- you'd have absolutely no idea if you're looking at your full dep tree or not. Once NPM addresses their CORS issue I can better address the 404-flow, but until then, my hands are tied. |
|
It looks like NPM has now fixed CORS for bare packages ( Edit: I've also revised the error messages a bit, message should hopefully be clearer at least. Edit 2: NPM engineering has re-confirmed the bug, and re-added it to their todo list, but it's not a priority so who knows when they'll get to it. |
I wanted to run our package list through DepTree and had to remove packages within our monorepo workspace (makes sense that they don't exist), as well as the FontAwesome Pro and TipTap Pro licensed packages (since they require a different package registry).
I guess the best way would be to just exclude packages that cannot be found from the tree? Right now it errors out with a "failed to fetch" message.
The text was updated successfully, but these errors were encountered: