npm metadata endpoint not returing all available versions
Summary
In !67427 (merged), we updated the npm validation for packages following the naming convention. Basically, for those packages, the backend will check for duplicates in all projects within a given root namespace.
The problem is that we need to do the same for the metadata endpoints that return the available versions: they should look for all the package versions existing within a given root namespace.
Right now, they will get the most recent project and use that as a base for the search.
Steps to reproduce
- Create a group
G
- Create a project
P1
withinG
- Create a project
P2
withinG
- Upload an npm package to
P1
. (use theG
path as the package scope!) - Upload an npm package with same name but different version to
P2
. (use theG
path as the package scope!) -
$ npm view
the package - Only a single version is reported, the one from
P2
💥
What is the current bug behavior?
For npm packages following the naming convention, the npm metadata endpoints use only the most recent project as a base for getting all the versions
What is the expected correct behavior?
For npm packages following the naming convention, the npm metadata endpoints should use the given root namespace and get all available versions
Possible fixes
At the instance level, the npm package finder should be used with a namespace
not a project
.