Do not include licenseText field in npm metadata (!115846) · Merge requests · GitLab.org / GitLab

Radamanthus Batnag requested to merge 345759-npm-disallow-field-licenseText into master Mar 27, 2023

Context

Publishing an npm package with yarn fails when the package includes a license text that exceeds 20kb. (ZD link, internal only)

We have a check constraint that limits the package json metadata size to less than 20k.

We don't really need to include the license text in the metadata, so we can skip this field when storing the package metadata.

What does this MR do and why?

Ignore the licenseText field when creating the npm package metadata.

How to set up and validate locally

Scenario 1: Publish an npm package that has a LICENSE file smaller than 20kb

Create an npm package that includes a LICENSE file smaller than 20kb.
Publish the package using yarn.
Expected results

master: The package was published. The contents of the LICENSE file is in the licenseText field in the packages_json column of the packages_npm_metadata table.
MR: The package was published. The contents of the LICENSE file should not be stored in the packages_npm_metadata record in the database.

Scenario 2: Publish an npm package that has a LICENSE file larger than 20kb

Create an npm package that includes a LICENSE file larger than 20kb.
Publish the package using yarn.
Expected results

master: There is no error with the yarn publish operation, but the package was not published.
MR: The package was published. The contents of the LICENSE file should not be stored in the packages_npm_metadata record in the database.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #345759 (closed)

Edited Mar 29, 2023 by Radamanthus Batnag

Do not include licenseText field in npm metadata