NPM proxy does not download new versions



We have deployed Nexus 3.15.2-01 OSS using the docker container. It is using Azure BLOB Storage.

There is a group NPM repository called npm-all with 2 repositories, a hosted and a proxy.
Users have the following privilege: nx-repository-npm-view--

I’m not sure when it started (with 3.15.2 or before), if a version of package is not already mirrored then requesting it fails.

If the user has the nx-all role then the new version is downloaded and available for all users with their existing privileges.

Is there a specific privilege that should be attributed to users so that a request to a new version of an proxied npm package is automatically downloaded?



After creating a new proxy repository and replacing the old one in the group, the packages seem to be downloaded again automatically.
We’ll see when we upgrade one of our dependency for a newer version not yet released if it still works.


FWIW, should not require enhanced permission (your permission model seems fine). I’d suspect caching but it’d depend on how fast you did your check.


I did my tests over several days and tried several times to clear the cache of the repository using the button in the admin UI.

Thank you for the confirmation about the expected behavior of the access rights.


I’m hitting the same problem. The only solution for now is hitting the invalidate cache button in the UI.

I’m also not sure if this is 3.15.2 related, but my colleges first saw this problem around 14 days ago.

I’m waiting for them to report again when the problem occur to check it out. Is there anything special I could try so it would help confirm the problem?


There was an issue with the npm registry’s CDN provider last week that caused npm packages and metadata retrieved from the npm registry to be corrupted. It seems it may be resolved now.


I have this issue in 3.15. Moreover now npm GROUP-repository if linked to separate blob store place items in it. At 3.14 it was empty.


Facing the same issue here. I am able to download the packages directly from NPM, but when using the Sonatype proxy, the latest versions are not found.


We found a recent regression with NPM and metadata max age. May be the cause of some problems here:
Please follow that JIRA for updates if that seems plausable; it’s high on our priority list.


is the Docker image going to get this fix? I’m facing the same issue


We generally deploy our docker images right after we deploy our download binaries to the site. They have the same fixes. Stay tuned for a release announcement on this site=) Thanks for your patience.