Skip to content

NPM request forward not working if the global registry is set to GitLab

🔥 Problem

Given the following .npmrc:

registry=http://gdk.test:8000/api/v4/projects/<project id>/packages/npm/
//gdk.test:8000/api/v4/projects/<project id>/packages/npm/:_authToken=<pat>

and the GitLab configured to have the npm request forward feature.

Trying to pull a package will end up in an error:

npm install caniuse-lite
npm ERR! code E404
npm ERR! 404 Not Found - GET http://gdk.test:8000/api/v4/projects/305/packages/npm/caniuse-lite/-/caniuse-lite-1.0.30001426.tgz
npm ERR! 404 
npm ERR! 404  'caniuse-lite@http://gdk.test:8000/api/v4/projects/305/packages/npm/caniuse-lite/-/caniuse-lite-1.0.30001426.tgz' is not in this registry.
npm ERR! 404 
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/david/.npm/_logs/2022-10-27T07_38_00_100Z-debug-0.log

Here are the requests:

Screenshot_2022-10-27_at_09.38.39

Obviously, $ npm doesn't want to follow the redirect.

🚒 Solution

I think we hit a security measure here. $ npm doesn't follow the redirect because the final host name (registry.npmjs.org) is not part of the "known" registries (we changed the default registry to the GitLab one).

I don't think there is much we can do here.

Here are the solutions I see:

  1. Document this limitation.
  2. When the request forward will use a true proxy mode, this issue will probably be solved.