NPM virtual registry: endpoints APIs
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
🗒️ Goal
This issue is for the API endpoints required so that clients ($ npm or $ yarn) can pull objects from the NPM virtual registry.
| Route | Notes |
|---|---|
| GET /api/:version/virtual_registries/packages/npm/:id/*package_name | Metadata endpoint for the given package name |
| GET /api/:version/virtual_registries/packages/npm/:id/*package_name/-/*file_name | Download endpoint |
| POST /api/:version/virtual_registries/packages/npm/:id/*package_name/-/*file_name/upload | Download endpoint |
Optional Routes (to be determined if they are required or not)
| Route | Notes |
|---|---|
| GET /api/:version/virtual_registries/packages/npm/:id/-/package/*package_name/dist-tags | Get all tags for the given package name |
Notes:
- We have mainly two
GETendpoints. - Since we're going to use the
dependencyproxylogic of workhorse, we will need anuploadendpoint to upload the file from the upstream. We don't need any specific suffix here and/uploadwill work well. - Note that, contrary to the dependency proxy for container images, we don't have the
/authorizeendpoint. We will use one recent update from thedependencyproxylogic: the instructions received by workhorse will already include the data that/authorizewould return. - On the
dependencyproxyoptions, make use of theRestrictForwardedResponseHeadersoption to build an allow list of headers that can be forwarded from upstreams. (The precise allow list needs to be investigated). - The metadata endpoint should properly handle the urls update. See #549781.
🔮 Other considerations
Use a feature flag
Edited by 🤖 GitLab Bot 🤖