Hi,
when trying to do npm i @salesforce-ux/design-system we get the following logs at Nexus Repo (proxy to https://registry.npmjs.org) and it isn’t working:
*UNKNOWN com.sonatype.nexus.repository.npm.internal.orient.OrientNpmProxyFacet - Exception com.fasterxml.jackson.core.exc.StreamConstraintsException: String length (5046272) exceeds the maximum length (5000000) checking remote for update, proxy repo <proxy> failed to fetch @salesforce-ux%2fdesign-system, content not in cache.
*UNKNOWN com.sonatype.nexus.repository.npm.internal.orient.OrientNpmProxyFacet - Exception com.fasterxml.jackson.core.exc.StreamConstraintsException: String length (5046272) exceeds the maximum length (5000000) checking remote for update, proxy repo <proxy> failed to fetch @salesforce-ux%2fdesign-system, content not in cache.
We tried also with “cataloged only”, but no difference.
Is there a setting to extend the limits?
Is there a setting to restrict download into the proxy for only requested versions?
I’m not aware of one - the issue here is that the string is too long, if this were unbound then it could be used as a Denial of Service attack to run the systems out of memory.
com.sonatype.nexus.repository.npm.internal.orient.OrientNpmGroupDataFacet - Unable to use Cooperation to merge @salesforce-ux/design-system for repository npm
com.fasterxml.jackson.core.exc.StreamConstraintsException: String length (5046272) exceeds the maximum length (5000000)
I’m also getting this error. I’m unable to execute my pipelines that uses this library.
This log on nexus still. no matter which version of @salesforce-ux/design-system I use
2023-11-15T12:11:05.02015874Z stdout F 2023-11-15 12:11:05,019+0000 WARN [qtp1816948741-1585] *UNKNOWN com.sonatype.nexus.repository.npm.internal.orient.OrientNpmProxyFacet - Exception com.fasterxml.jackson.core.exc.StreamConstraintsException: String length (5039106) exceeds the maximum length (5000000) checking remote for update, proxy repo npmjs failed to fetch @salesforce-ux%2fdesign-system, content not in cache.
They might fix it in the next versions, that’s why we can used it when using npmjs registry, but as far as I could understand, I think when nexus is looking up for this package, it searchs for the version you want in to the general package url and not the specific version url.
making a test with curl test and as you can see below, the general url will have this broken readme (see on 2.1) and the specific curl (see on 2.2) doesn’t have this broken readme on the json file it gets.
run ‘npm i --registry=http://registry.npmjs.org --package-lock-only’ to generate a package-lock.json with @salesforcedx/design-system info, integrity and dependencies etc.
rename this package-lock.json to package-lock-2.json
copy this package-lock-2.json to the project folder
install ‘npm install -g package-json-merge’ in order to safely merge both package-lock.json
merge both package-lock with command: ‘package-json-merge package-lock.json package-lock-2.json > package-lock-merged.json’
delete both package-lock.json and package-lock-2.json
rename package-lock-merged.json to package-lock.json
FINAL test:
16. test it running ‘npm ci --verbose’
Conclusion:
I opened an issue in @salesforcedx/design-system github project to see if they can fix it:
Maybe I made a wrong interpretation of nexus way of work or maybe there was a easier way to do this, but this was my solution. The thing is, if nexus really uses the general url to get all version, it should maybe change the way it reads this json file? what are your thoughts? At least salesforce could fix the readme’s on this url since it is their side that has the bug still.