Npm cannot find package that appears to exist in a private repository on our Nexus server

Hello Community!

I’ve hit a wall debugging an issue with npm and a repository hosted in our Nexus server. The package I’m trying to download cannot be seen by the npm command. It’s clearly visible in the Nexus UI:

But npm shows nothing for that version when I try to view it:

~/src/tmp
❯ npm view mq-graphql-utils@1.9.0

~/src/tmp
❯

If I try to view the 1.9.1 version that’s also in the repository it works:

~/src/tmp
❯ npm view mq-graphql-utils@1.9.1

mq-graphql-utils@1.9.1 | ISC | deps: 7 | versions: 32
Schema, mocks and other utilities for GraphQL in Marqeta

dist
.tarball: https://nexus3.company.com/repository/mq-npm/mq-graphql-utils/-/mq-graphql-utils-1.9.1.tgz
.shasum: fc5e261c4bc0e87497cfab452bab27936932685c
.integrity: sha512-VhxTra5fL7PWGerNFXxJm6p4lgMlQ5NFrQm9VEgRFALPf6Y04SdaxUVnXExQzphqwR5mYvsJ4KZpNvT7TkPHuw==

dependencies:
apollo-cache-inmemory: 1.5.1 apollo-link-schema: 1.2.2    graphql-tag: 2.10.1          graphql: 14.2.1
apollo-client: 2.5.1         casual-browserify: 1.5.19-2  graphql-tools: 4.0.4

maintainers:
- releasedeploy <person@company.com>

dist-tags:
latest: 1.9.1

published 2 days ago by releasedeploy <person@company.com>

I’ve rebuilt the repository index and it hasn’t changed the problem.

We’ve deleted and re-published the 1.9.0 version of the package to no avail as well.

I’ve also verified that the .npmrc file is correct:

~/src/tmp
❯ cat ~/.npmrc
registry=https://nexus3.company.com/repository/mq-npm

An interesting observation is that if I curl the /repository endpoint that npm is calling, I don’t see the package version 1.9.0 listed in the output either, but 1.9.1 is there. In fact, a large number of versions are missing from that output and I see know way to paginate the call to query for more.

~/src/tmp
❯ curl -s https://nexus3.company.com/repository/mq-npm/mq-graphql-utils  | jq .time
{
  "created": "2019-11-04T17:32:34.247Z",
  "modified": "2020-10-01T23:26:20.918Z",
  "1.15.0": "2019-11-04T17:32:34.247Z",
  "1.16.0": "2019-11-04T17:48:42.290Z",
  "1.17.0": "2019-11-15T04:07:18.096Z",
  "1.18.0": "2019-12-04T20:53:50.773Z",
  "1.19.0": "2019-12-09T16:46:04.482Z",
  "1.20.0": "2019-12-13T23:43:14.720Z",
  "1.21.0": "2020-01-02T18:44:03.475Z",
  "1.25.0": "2020-02-10T18:29:36.106Z",
  "1.26.0": "2020-02-19T23:40:19.046Z",
  "1.27.0": "2020-03-02T22:29:26.668Z",
  "1.28.0": "2020-03-02T23:53:18.861Z",
  "1.30.0": "2020-03-10T01:14:58.603Z",
  "1.29.0": "2020-03-12T20:12:32.029Z",
  "1.29.1": "2020-03-12T20:13:44.228Z",
  "1.34.0": "2020-03-19T16:48:26.474Z",
  "1.35.0": "2020-03-23T17:21:18.974Z",
  "1.39.0": "2020-03-29T18:07:23.073Z",
  "1.40.0": "2020-03-30T02:47:53.315Z",
  "1.41.0": "2020-04-19T20:27:35.943Z",
  "1.42.0": "2020-05-01T23:34:42.116Z",
  "1.43.0": "2020-05-09T00:37:05.046Z",
  "1.44.0": "2020-05-11T21:13:16.965Z",
  "1.45.0": "2020-05-18T21:25:33.495Z",
  "1.49.0": "2020-06-01T22:06:38.279Z",
  "1.52.1": "2020-06-19T19:48:09.666Z",
  "1.53.0": "2020-06-25T20:18:40.647Z",
  "1.55.0": "2020-06-27T05:58:50.027Z",
  "1.56.0": "2020-08-10T21:18:59.932Z",
  "1.58.0": "2020-09-14T22:56:45.133Z",
  "1.59.0": "2020-09-21T22:43:48.079Z",
  "1.60.0": "2020-09-29T18:10:23.002Z",
  "1.9.1": "2020-10-01T23:26:20.918Z"
}

It really does have me stumped and, unfortunately, I’m neither an npm user or a nexus admin in any regard.

Are there any suggestions for trying to to debug this further? I’d very much appreciate any breadcrumbs anyone can suggest that might lead me towards a fix here.

Thank you!

I can provide more information. I have a package version I know does not exist when I browser the web UI. If I try and download that package version with a curl call I get an error response:

~/src/tmp
❯ curl -O https://nexus3.company.com/repository/mq-npm-prod/voltron/-/voltron-1.19.10.tgz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    55  100    55    0     0     79      0 --:--:-- --:--:-- --:--:--    79

~/src/tmp
❯ cat voltron-1.19.10.tgz
{"success":false,"error":"Package 'voltron' not found"}

But if I ask the /registry/voltron API to list all versions it SHOWS THIS VERSION in the output! So what’s in the repository and what that /registry API knows to be true are misaligned:

~/src/tmp
❯ curl -s https://nexus3.company.com/repository/mq-npm-prod/voltron | jq . | grep 1.19.10
    "1.19.10": {
      "version": "1.19.10",
      "_id": "voltron@1.19.10",
        "tarball": "https://nexus3.marqeta.com/repository/mq-npm-prod/voltron/-/voltron-1.19.10.tgz"
    "1.19.10": "2019-06-18T18:12:49.152Z",

I do not know what serves as the data source for the /registry calls – I’m flat out stumped on what can cause reality to drift for this end point and how to realign reality. I’ve rebuilt the index for the mq-npm-prod already with no change this to mis-match in reality.