Outdated packages on the NodeBB Package Manager
-
Relevant to: @3rd-Party-Developers
tl;dr
- nbbpm can't update its list
- Temporary workaround: After publishing to npm, call
curl -X PUT https://packages.nodebb.org/api/v1/plugins/nodebb-plugin-{yourplugin}
to trigger a refresh for your plugin.
Long version
Due to an upstream API change that seems to have removed a route on npm that the nbbpm uses to refresh its internal directory of plugins and themes, we can no longer keep the nbbpm up to date with the latest versions of each published plugin.
We used to ping this route hourly: https://registry.npmjs.com/-/_list/index/modified?startkey=1439480888643, and it used to return a JSON string containing an array of packages published within the last hour, and its latest version number. Any packages matching the schema (that is, it starts with
nodebb-{plugin|theme|widget}
) gets added to the nbbpm.Now it returns nothing at all
One workaround we could do is to do an "initial sync" with nbbpm every hour. We grab any packages with the
nodebb
tag, and ping npm again for each package to get its data/versions/etc. Downside is I'd be making 300+ hits against npm when I used to be making 1, so from a bandwidth POV, it's kind of mean for me to do that every hour.Until another workaround is discovered, if @3rd-Party-Developers want to keep their packages relevant via nbbpm, they can ping nbbpm directly to trigger a refresh for their plugin. The command to do so is:
$ curl -X PUT https://packages.nodebb.org/api/v1/plugins/nodebb-plugin-{yourplugin}
Note: nbbpm still caches the API return for about an hour, so it won't show up right away.
I'll keep you up to date as I discover more.
Relevant github issue: npm/npm#9263
-
Fuck the World right
-
My official stance on this development is that the good folks at npm have not made it easy to discover what routes are available to query.
The two routes that I do use were scraped from various bits and pieces of blogs, StackOverflow questions, and some diving through the npm repo itself. The very fact that I had to search so hard for it, and that npm doesn't publish any API documentation, suggests that it's for internal use and thus I really cannot hold them accountable for having removed the route completely.
It's a disappointment, but we'll see what happens over the next couple days.
-
Update
As of August 20th @ 1500 EDT, nbbpm is back in business :shipit:
After asking around and getting absolutely zero results, I realised that there had to be a way replicants of npm kept themselves up to date.
Some further digging led me to the CouchDB guide for the Changes Feed. Seems to be stable and isn't likely to be removed without plenty of notice, so now we check that every hour.
If by now your plugin is still showing an outdated version on nbbpm, please send a
PUT
to the package manager (as detailed in OP) to tell nbbpm to refresh your plugin. -
My installation shows all of the new new upgrades to the packages, but when I update through the ACP, if I do a hard restart, I get the following:
24/8 22:10 [20442] - info: Initializing NodeBB v0.7.3 [outdated] nodebb-plugin-composer-default v1.0.11, requires 1.0.9 24/8 22:10 [20442] - warn: One or more of NodeBB's dependent packages are out-of-date. Please run the following command to update them: 24/8 22:10 [20442] - warn: ./nodebb upgrade [cluster] Child Process (20442) has exited (code: 0, signal: null)
The installed version is higher than the one noted as out-of-date and forces me to roll back through ./nodebb upgrade before it will start again.
-
@glitch @lombisi Yes, this will happen because those specific dependencies (composer-default being one) are now defined with an exact version number, and not a range.
Your specific version of NodeBB requires v1.0.9 of composer-default, and any later versions might be incompatible (though it is unlikely).
However, you raise a good point, in that the suggested versions for bundled packages should always match what is defined in
package.json
, and not what nbbpm recommends.