Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.
If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!
ProGet: NPM-Package-Promotion loses Tags
-
Hi all,
we noticed that some of our npm packages are missing its tags.
Having a closer look at that issue we noticed that the tags are lost during promotion.
Usually, we upload our packages with the tag "latest" to a testfeed. After testing we promote the package to our live feed. In the testfeed we can see the tag, in the live feed the tag is missing.Testfeed:
LiveFeed:
We usually promote packages using the api but it also happens when we manually promote packages.
We also noticed that manually adding a npm package is not saving the tag. In the upload window you already suggest the tag "latest" so we just leave it:
But the tags are empty after the upload:
We noticed this behavior because we are using "npm outdated" to check if there are newer versions of installed npm packages. This command scans registries for the package with the tag "latest" but we never got any suggestions for our packages.
Can you verify this behavior?
Thanks,
Caterina
-
Hi @caterina ,
This behavior is expected as only the package itself is promoted, not repository metadata.
I'm not an npm developer, but one concern I have is that the
latesttag doesn't always refer to the most recent version of a package? It's a little confusing to be honest, but I read that developers will sometimes uselatestto "pin" what they feel is the most stable version?I don't understand why this is a practice in npm, but I think this is probably an exception. So, we will change the behavior via PG-3057 such that the "latest" tag is set on the new feed when promoting latest-tagged npm package.
This will be in the next maintenance release of ProGet 2025.
Cheers,
Alana
-
Hi @atripp,
so as far as I understood it, one should not tag packages with the latest Tag themself, npm handels that tag.
If no specific tag is given, "npm publish" gives the latest tag to the last uploaded version. And if a new version is uploaded without a specific tag, this version gets the latest tag and it is being removed from the former package.But we would also lose the tags if we manually tag them. Maybe we want to separate between testversions and productionversions with tags. Just a thought. We also lose this tag during promotion.
So maybe you can not only promote the latest tag but all tags? To lose information about a package is always bad I guess.
Tanks,
Caterina
-
Hi @caterina ,
I agree and there doesn't seem to be any good usecases or official guidance from npm tags command, but we do not recommend using them: https://blog.inedo.com/npm/smarter-npm-versioning-with-semver/
From the api/technical standpoint, npm tags are a little weird -- a package themselves doesn't contain tags. Instead, the registry has a key/value tag store. By convention, the store has keys like
latestand values like4.8.1, but it seems to allow anything? At least from data we've seen on npmjs.orgIn any case, the npm client seems to set a latest tag, so we'll just support that use case then.
FYI here is the logic/code I added:
var tags = await this.GetPackageTagsAsync(purl.Name, false, cancellationToken: cancellationToken); if (tags.TryGetValue("latest", out var latestVersion) && latestVersion == PackageVersion<SemanticVersion2>.Parse(purl.Version)) await DB.Npm_SetTagVersionAsync(toFeed.FeedId, purl.Name.Id, "latest", purl.Version, DateTime.UtcNow);It sets the
latesttag on the other feed if the current feed'slatesttag points to the package you are promoting.Thanks,
Alana
