hi @dan-brown_0128,
ProGet simply does not support case-sensitive npm package names. This is a 10+ year old design decision (back from ProGet v3), which we made because npm package were always supposed to be lower-cased: https://docs.npmjs.com/creating-a-package-json-file#required-name-and-version-fields
JSONPath
is an invalid package that entered the public registry due to an npmjs.org bug. It's an old package -- latest version version 0.1.2, is 8+ years old -- and according to the package page says that it's "moved to jsonpath-plus
to avoid npm problems in dealing with upper-case packages."
ProGet permits these packages, but there are just going to be quirks if you have them in your feed. For example, if you have both jsonpath-1.1.1
and JSONPath-0.1.2
in your feed, then they will generally show up as jsonpath
, but in some API queries you may see JSONPath
.
We understand this is different than how the npmjs.org registry behaves, but as I mentioned, this was a "day 1" choice that we can't change today. No one's mentioned this as an issue until now.
If npm audit is crashing because sometimes JSONPath
is returned in results, that sounds like a bug in npm audit to me? We obviously can't add support for case-sensitive npm packages nor change how ProGet returns data in npm API calls just to work-around an npm audit bug like this.
The easiest solution is to stop using JSONPath
and remove from your feed, which it sounds like you already have. It's a really old package, and there are only a handful like this on the public registry.
Best,
Steve