Fix wildcard package.json search in npm upload
What does this MR do and why?
In Fix publishing npm package with custom root fol... (!155842 - merged), we wanted to fix a situation where users can deviate from NPM standard way of uploading packages and use custom root directory names. So instead of looking for the package.json file using the search path package/packag.json
, we update it to be */package.json
.
That worked, but caused another issue: */package.json
is a wildcard search term. So if we have a package with multiple nested package.json
files, */package.json
search term will pick the first one, regardless of whether it's the root package.json
or not. So we might end up having the incorrect package.json
that belongs to a nested directory, while what we want is the main package.json
which should be in the root of the uploaded package.
This caused this incident on gitlab.com. To fix it, we revert to the strict matching using package/packag.json
. This will make the uploading of the packages with custom root directory not work, but we will address this in another fix. The priority now is to fix the production issue, and that's why we go back to the strict matching.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
N/A
How to set up and validate locally
- Create a testing NPM package with another nested NPM package.
- Make sure the nested package has a
package.json
file too. - Publish it to the npm Registry.
- The package should be published successfully
Related to #471629 (closed)