[Pkg-javascript-devel] Bug#999792: npm publish and npm pack broken
Nicolas Riesco
enquiries at nicolasriesco.net
Tue Nov 16 18:50:22 GMT 2021
Package: npm
Version: 7.5.2+ds-2
Severity: important
X-Debbugs-Cc: enquiries at nicolasriesco.net
Dear Maintainer,
`npm publish` fails with error E415 complaining about missing
`package.json` in the package to be published.
I also run `npm pack` to check the package to be published and I noticed
`package.json` was stored as `package//package.json`.
The issue is actually caused by Debian's `node-tar`. Here's i how I got
to reproduce it:
```
$ npm i tar at 6.0.5
[...]
$ ls -la
total 32
drwxr-xr-x 3 nriesco nriesco 4096 Nov 16 17:57 .
drwxrwxr-x 17 nriesco nriesco 4096 Nov 16 18:34 ..
-rw-r--r-- 1 nriesco nriesco 457 Nov 16 17:57 index.js
drwxr-xr-x 10 nriesco nriesco 4096 Nov 16 17:53 node_modules
-rw-r--r-- 1 nriesco nriesco 4867 Nov 16 17:53 package-lock.json
-rw-r--r-- 1 nriesco nriesco 48 Nov 16 17:53 package.json
-rw-r--r-- 1 nriesco nriesco 335 Nov 16 18:25 test.tgz
$ cat index.js
test("tar").then(_ => test("/usr/share/nodejs/tar"));
function test(module) {
console.log("Using", require.resolve(module));
const tar = require(module);
return tar.c({
file: 'test.tgz',
cwd: '.',
prefix: 'package/',
portable: true,
gzip: true,
}, ["index.js"]).then( _ =>
tar.t({
file: 'test.tgz',
onentry: entry => console.log(entry.path),
})
);
}
$ node index.js
Using /home/nriesco/tmp/node_modules/tar/index.js
package/index.js
Using /usr/share/nodejs/tar/index.js
package//index.js
$
```
Hope this helps,
Nico
-- System Information:
Debian Release: 11.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.4.0-90-generic (SMP w/4 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: unable to detect
Versions of packages npm depends on:
ii ca-certificates 20210119
ii node-abbrev 1.1.1-2
ii node-agent-base 6.0.2-2
ii node-ajv 6.12.6-2
ii node-ansi 0.3.1-1
ii node-ansi-regex 5.0.1-1~deb11u1
ii node-ansi-styles 4.2.1-1
ii node-ansistyles 0.1.3-2
ii node-aproba 2.0.0-1
ii node-archy 1.0.0-3
ii node-are-we-there-yet 1.1.5-1
ii node-asap 2.0.6-2
ii node-asn1 0.2.3-2
ii node-assert-plus 1.0.0-2
ii node-asynckit 0.4.0-3
ii node-aws-sign2 0.7.1-2
ii node-aws4 1.11.0-1
ii node-balanced-match 1.0.0-1
ii node-bcrypt-pbkdf 1.0.2-1
ii node-brace-expansion 2.0.0-1
ii node-builtins 1.0.3-2
ii node-cacache 15.0.5+~cs13.9.21-1
ii node-caseless 0.12.1-1
ii node-chalk 4.1.0-1
ii node-chownr 1.1.3-5
ii node-clone 2.1.2-2
ii node-color-convert 1.9.3-1
ii node-color-name 1.1.4+~1.1.1-1
ii node-colors 1.4.0-1
ii node-columnify 1.5.4-3
ii node-combined-stream 1.0.8-1
ii node-concat-map 0.0.1-2
ii node-console-control-strings 1.1.0-2
ii node-core-util-is 1.0.2-2
ii node-dashdash 2.0.0-1
ii node-debug 4.3.1+~cs4.1.5-1
ii node-defaults 1.0.3-2
ii node-delayed-stream 1.0.0-4
ii node-delegates 1.0.0-2
ii node-depd 2.0.0-1
ii node-ecc-jsbn 0.2.0-2
ii node-encoding 0.1.13-1
ii node-err-code 2.0.3+dfsg-1
ii node-extend 3.0.2-1
ii node-extsprintf 1.4.0-1
ii node-fast-deep-equal 3.1.3-1
ii node-forever-agent 0.6.1-2
ii node-form-data 3.0.0-2
ii node-fs.realpath 1.0.0-1.1
ii node-function-bind 1.1.1+repack-1
ii node-gauge 2.7.4-1.1
ii node-getpass 0.1.7-1.1
ii node-glob 7.1.6+~7.1.3-1
ii node-graceful-fs 4.2.4+repack-1
ii node-gyp 7.1.2-4
ii node-har-schema 2.0.0-4
ii node-har-validator 5.1.5-1
ii node-has-flag 4.0.0-1
ii node-http-signature 1.3.5-1
ii node-https-proxy-agent 5.0.0-3
ii node-iconv-lite 0.5.1-3
ii node-imurmurhash 0.1.4-1.1
ii node-indent-string 4.0.0-1
ii node-inflight 1.0.6-1.1
ii node-inherits 2.0.4-1
ii node-ini 2.0.0-1
ii node-ip 1.1.5-5
ii node-ip-regex 4.3.0-1
ii node-is-typedarray 1.0.0-3
ii node-isarray 2.0.5-1
ii node-isexe 2.0.0-5
ii node-isstream 0.1.2+dfsg-1.1
ii node-jsbn 1.1.0-1.1
ii node-json-parse-better-errors 1.0.2+~2.3.1-1
ii node-json-schema 0.3.0+~7.0.6-1
ii node-json-schema-traverse 1.0.0-2
ii node-json-stable-stringify 1.0.1+~cs5.1.32-1
ii node-json-stringify-safe 5.0.1+repack-3
ii node-jsonparse 1.3.1-7
ii node-jsonstream 1.3.5-1
ii node-jsprim 2.0.0-1
ii node-leven 3.1.0+~cs1.1.1-1
ii node-lockfile 1.0.4-3
ii node-mime 2.5.0+dfsg+~cs3.90.0-1
ii node-mime-types 2.1.28-1
ii node-minimatch 3.0.4+~3.0.3-1
ii node-mkdirp 1.0.4+~1.0.1-1
ii node-ms 2.1.3+~cs0.7.31-1
ii node-mute-stream 0.0.8-2
ii node-nopt 5.0.0-1
ii node-normalize-package-data 3.0.0+~2.4.0-1
ii node-npm-bundled 1.1.1-1
ii node-npm-package-arg 8.1.0-1
ii node-npmlog 4.1.2-2
ii node-number-is-nan 2.0.0-1
ii node-oauth-sign 0.9.0-2
ii node-object-assign 4.1.1-3
ii node-opener 1.5.2-1
ii node-p-map 4.0.0-1
ii node-path-is-absolute 2.0.0-1
ii node-performance-now 2.1.0+debian-1.1
ii node-process-nextick-args 2.0.0-1
ii node-promise-retry 2.0.1-1
ii node-promzard 0.3.0-1.1
ii node-psl 1.8.0+ds-4
ii node-puka 1.0.1+dfsg-2
ii node-punycode 2.1.1-3
ii node-qs 6.9.4+ds-1
ii node-read 1.0.7-2
ii node-read-package-json 3.0.0-1
ii node-readable-stream 3.6.0-2
ii node-resolve 1.19.0+~cs5.20.8-2
ii node-resolve-from 5.0.0+~3.1.0+~3.3.0+~2.0.0-1
ii node-retry 0.12.0-1
ii node-rimraf 3.0.2-1
ii node-safe-buffer 5.2.1+~cs2.1.2-1
ii node-semver 7.3.4-1
ii node-set-blocking 2.0.0-1.1
ii node-signal-exit 3.0.3-1
ii node-slash 3.0.0-1
ii node-spdx-correct 3.1.1-1
ii node-spdx-exceptions 2.3.0-1
ii node-spdx-expression-parse 3.0.1-1
ii node-spdx-license-ids 3.0.7-1
ii node-sshpk 1.16.1+dfsg-2
ii node-ssri 8.0.1-2
ii node-string-decoder 1.3.0-2
ii node-string-width 4.2.0-1
ii node-strip-ansi 6.0.0-2
ii node-supports-color 8.1.0+~7.2.0-1
ii node-tar 6.0.5+ds1+~cs11.3.9-1+deb11u2
ii node-text-table 0.2.0-2
ii node-tunnel-agent 0.6.1-2
ii node-tweetnacl 1.0.3+dfsg-1
ii node-typedarray-to-buffer 4.0.0-1
ii node-uri-js 4.4.0+dfsg-5
ii node-util-deprecate 1.0.2-1
ii node-uuid 8.3.2+~8.3.0-4
ii node-validate-npm-package-name 3.0.0-1.1
ii node-verror 1.10.0-1.1
ii node-wcwidth.js 1.0.0-1.1
ii node-which 2.0.2+~cs1.3.2-1
ii node-wide-align 1.1.3-1
ii node-wrappy 1.0.2-1.1
ii node-write-file-atomic 3.0.3+~3.0.1-1
ii node-yallist 4.0.0-1
ii nodejs 12.22.5~dfsg-2~11u1
Versions of packages npm recommends:
ii git 1:2.30.2-1
npm suggests no packages.
-- no debconf information
More information about the Pkg-javascript-devel
mailing list