Querying information about specific version of scoped npm package

Question

I can successfully query meta information for a specific version of a specific NPM package like this:

GET https://registry.npmjs.org/<name>/<version>

for example: https://registry.npmjs.org/camelcase/2.1.1

But for scoped packages like @angular/core this doesn't work. I tried all of the following, but they all fail:

https://registry.npmjs.org/@angular/core/6.1.10 - 401 Unauthorized
https://registry.npmjs.org/@angular%2Fcore/6.1.10 - 401 Unauthorized
https://registry.npmjs.org/%40angular%2Fcore/6.1.10 - 401 Unauthorized
https://registry.npmjs.org/%40angular%2Fcore%2F6.1.10 - 404 Not Found

What is the correct way for querying a specific version of a scoped package?

Jim B. · Accepted Answer · 2018-11-08T20:14:07.183

3

You can do this from a bash command:

npm view @angular/core/6.1.10

So npm is adding some authentication to the request for scoped packages. For this to work you have to have a valid package.json in the local directory.

Of course, worst case, you can do a process.spawn() to run the npm command.

FYI, I tried using the npm-registry-client package, with my npm credentials:

var RegClient = require('npm-registry-client')
var client = new RegClient({
    username: 'mememe',
    password: 'xxxxx'
})
var uri = "https://registry.npmjs.org/@angular/core/6.1.10"
var params = {timeout: 1000}

client.get(uri, params, function (error, data, raw, res) {
  console.log(data);
})

and I got this:

info attempt registry request try #1 at 09:52:09
http request GET https://registry.npmjs.org/@angular/core/6.1.10
http 401 https://registry.npmjs.org/@angular/core/6.1.10
WARN notice ERROR: you cannot fetch versions for scoped packages

It appears they don't allow specific version querying, but per @RobC's comments below, they do allow grabbing the entire repository's information, so you can do this client-side:

url = 'https://registry.npmjs.org/@angular%2fcore';

const fetch = require('node-fetch');

fetch(url).then(response => response.json()).then(results => {
    console.log(results.versions['6.1.10']);
});

edited Nov 08 '18 at 20:14

answered Nov 08 '18 at 17:29

Jim B.

4,512
3
25
53

Thanks for your investigations! The correct way to use "npm view" for a specific version seems to be `npm view @angular/core@6.1.10`, which will work whether you have a 'package.json' in your local directory or not. If you run `npm view @angular/core@6.1.10 -dd`, which enables logging, you can see that that it actually executes a 'GET https://registry.npmjs.org/@angular%2fcore', which returns the details for all available versions. So it looks to me like the "npm view" tool extracts the info for the specified version on client side... – Robert Hegner Nov 08 '18 at 18:05
This seems to be a strange and arbitrary limitation. But I guess I'll just do the same... Thanks again for your help! – Robert Hegner Nov 08 '18 at 18:11
2

Yes, they do seem to utilize [npm-package-arg](https://github.com/npm/npm-package-arg) to extract the info for the specified version client side. You can shell out the `npm view @angular/core --json` command, from your node app using `child_process.exec` or `child_process.execSync` in a similar way to [this](https://github.com/npm/npm/issues/21055#issuecomment-399667993) - then `JSON.parse` the resultant JSON to get the info for the version you want. – RobC Nov 08 '18 at 19:11

Querying information about specific version of scoped npm package

1 Answers1