Add support for npm deprecate
What does this MR do and why?
npm deprecate
Adds support for This command will update the npm registry entry for a package, providing a deprecation warning to all who attempt to npm install
it.
It works on version ranges as well as specific versions. CLI examples:
npm deprecate @scope/package_name "All package versions are deprecated"
npm deprecate @scope/package_name@1.0.1 "Only version 1.0.1 is deprecated"
npm deprecate @scope/package_name@"< 1.0.5" "All 1.0.5 prerelease versions are deprecated"
npm deprecate @scope/package_name@1.x "All 1.x versions are deprecated"
we can un-deprecate
a package version by sending the deprecation warning as empty string:
npm deprecate @scope/package_name ""
npm deprecate @scope/package_name@1.0.1 ""
npm deprecate @scope/package_name@"< 1.0.5" ""
npm deprecate @scope/package_name@1.x ""
npm deprecate
work?
How does - When we hit
npm deprecate
, NPM would send aget
request to the package registrymetadata
endpoint i.e:get "/api/v4/projects/:id/packages/npm/:package_name"
- After receiving the metadata endpoint response, npm would attach this response as a request body to a
put
request to the same endpoint that handlesnpm publish
i.eput "/api/v4/projects/:id/packages/npm/:package_name"
- In
npm publish
endpoint, we need to check for the'Npm-Command'
header, and if its value isdeprecate
we can let the deprecation serviceHandlePackageDeprecationService
handle the request. - each npm package has a
npm_metadatum
record inpackages_npm_metadata
table. In order to deprecate a package, we need to add adeprecated
key with the deprecation warning as value to thenpm_metadatum
'spackage_json
jsonb
field.
npm publish
, this command is only supported on the project level.
Since we use the same endpoint of Screenshots or screen recordings
How to set up and validate locally
- Publish multiple versions of an npm package to your local GitLab package registry.
- Run
npm deprecate
from the root of the package and try the variations of deprecate/un-deprecate examples mentioned above. - When deprecating a package version, you should see a deprecation warning when you try to run
npm install
. - You should also see the deprecation warning when you run
npm view
to get the package metadata.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #396763 (closed)
Database Analysis
Edited by Moaz Khalifa