一般而言,当Github中的Javascript依赖项消失时,开发人员/ DevOps应该采取什么措施来防止npm构建被杀死?软件包维护者为什么要从Npm 删除标记的工件?
以下是一个示例
[exec] Downloading binary from https://github.com/sass/node-sass/releases/download/v4.9.3/win32-x64-67_binding.node
[exec] Cannot download "https://github.com/sass/node-sass/releases/download/v4.9.3/win32-x64-67_binding.node":
[exec]
[exec] HTTP error 404 Not Found
我是在问以下问题:1)迫切需要发布依赖于npm软件包的软件,以及2)在更改/更新Javascript依赖项时需要重新运行手动质量检查。
发生这些问题时,我知道我必须升级依赖项。我只是想知道如何防止这些问题被阻止和升级,尤其是当我必须完成紧急发布时。
我们的软件与其他软件一起由gulp
构建任务组成。很久以前,我们唯一的Javascript developer 专家制作了构建脚本。他最近离开了,所以我只剩下一些我能胜任但不是专家的东西。
一段时间前,我们遇到了上述问题,并遇到了另一个我不记得的软件包。请注意,我们没有正确地维护 Javascript依赖项。我们的packages.json
一年内没有更新(在评论安全性之前请阅读约束#2),然后有一天突然,当我们需要发布影响生产客户的错误修正版本时,Gulp停止工作我无法建立。
当我们显然使用了过时的软件包时,我花了半天的时间来修复依赖关系。
我的问题是我有约束条件:1)根据管理政策,不允许使用通配符依赖版本来构建我们的软件,而只能使用固定的依赖版本; 2)我们的客户不提供资金我们足以维持脆弱的依赖关系;他们可以运行遗留依赖性。
我选择将时间的前半小时用于研究并在这里询问。
我们的package.json文件为:
{
"name": "Phoenix3",
"version": "0.0.2",
"config": {
"unsafe-perm": true
},
"dependencies": {
"font-awesome": "4.7.0",
"@flowjs/flow.js": "2.13.0",
"@flowjs/ng-flow": "2.7.8",
"angular": "1.7.2",
"angular-animate": "1.7.2",
"angular-aria": "1.7.4",
"angular-chart.js": "1.1.1",
"angular-cookies": "1.7.2",
"angular-fancybox-plus": "1.0.3",
"angular-i18n": "1.7.2",
"angular-material": "1.1.10",
"angular-messages": "1.7.2",
"angular-resource": "1.7.2",
"angular-sanitize": "1.7.2",
"angular-smart-table": "2.1.11",
"angular-timeago": "0.4.6",
"angular-timer": "1.3.5",
"angular-touch": "1.7.2",
"angular-ui-bootstrap": "2.5.6",
"angular-ui-codemirror": "0.3.0",
"angular-ui-mask": "1.8.7",
"angular-ui-tree": "2.22.6",
"angular-ui-utils": "0.1.1",
"angularjs-toaster": "2.2.0",
"bootstrap": "3.3.7",
"bootstrap-sass": "3.3.7",
"chart.js": "2.7.2",
"checklist-model": "1.0.0",
"codemirror": "5.32.0",
"file-saver": "1.3.3",
"humanize-duration": "3.15.1",
"jquery": "3.3.1",
"jquery-fancybox": "3.1.0",
"jquery-ui": "1.12.1",
"jquery.browser": "0.1.0",
"lr-sticky-header": "1.1.0",
"matchmedia-polyfill": "0.3.0",
"ng-tags-input": "3.2.0",
"ngstorage": "0.3.11",
"node-sass": "4.9.3",
"npm-font-source-sans-pro": "0.0.3",
"pivottable": "2.1.0",
"screenfull": "3.0.2",
"simple-line-icons": "2.4.1",
"ui-select": "0.19.8",
"underscore": "1.8.3"
},
"devDependencies": {
"@babel/core": "7.1.0",
"ajv": "6.5.3",
"ajv-keywords": "3.2.0",
"autoprefixer": "6.2.3",
"babel-loader": "8.0.2",
"babel-preset-es2015-without-strict": "0.0.2",
"bless-webpack-plugin": "1.0.0",
"bower-webpack-plugin": "0.1.9",
"clean-webpack-plugin": "0.1.9",
"css-loader": "0.23.1",
"del": "2.1.0",
"exports-loader": "0.6.2",
"expose-loader": "0.7.1",
"extract-text-webpack-plugin": "3.0.2",
"file-loader": "0.8.5",
"gulp": "4.0.0",
"gulp-bless": "3.0.1",
"gulp-concat": "2.6.0",
"gulp-copy": "4.0.0",
"gulp-data": "1.2.0",
"gulp-eslint": "5.0.0",
"gulp-flatten": "0.4.0",
"gulp-footer": "1.0.5",
"gulp-git": "1.11.3",
"gulp-header": "1.7.1",
"gulp-if": "2.0.0",
"gulp-inject": "3.0.0",
"gulp-jscs": "4.1.0",
"gulp-jshint": "2.1.0",
"gulp-minify-css": "1.2.1",
"gulp-ng-annotate": "1.1.0",
"gulp-ngdocs": "0.3.0",
"gulp-protractor": "4.1.0",
"gulp-rename": "1.2.2",
"gulp-sass": "4.0.1",
"gulp-strip-debug": "1.1.0",
"gulp-template": "5.0.0",
"gulp-uglify": "1.5.1",
"gulp-util": "3.0.7",
"html-webpack-plugin": "3.2.0",
"import-glob-loader": "1.1.0",
"imports-loader": "0.6.5",
"istanbul-instrumenter-loader": "3.0.1",
"jshint": "2.9.6",
"merge-stream": "1.0.1",
"minimatch": "3.0.4",
"moment": "2.22.2",
"null-loader": "0.1.1",
"phantomjs": "2.1",
"postcss-loader": "0.8.0",
"protractor": "5.4.1",
"raw-loader": "0.5.1",
"resolve-url-loader": "1.4.3",
"run-sequence": "1.1.5",
"sass-loader": "7.1.0",
"style-loader": "0.13.0",
"ts-helpers": "1.1.1",
"ts-loader": "0.8.2",
"ts-node": "0.7.1",
"tslint": "3.7.1",
"tslint-loader": "2.1.3",
"typedoc": "0.12.0",
"typescript": "1.8.10",
"url-loader": "1.1.1",
"webpack": "4.19.1",
"webpack-dev-server": "3.1.8"
},
"scripts": {
"tslint": "tslint",
"typedoc": "typedoc",
"typings": "typings",
"pnxdev": "gulp dev",
"pnxprod": "gulp prod",
"pnxdoc": "gulp doc",
"pnxinstall": "npm --cache-min 9999999 install ",
"pnxwatch": "gulp watch",
"test": "gulp webdriver_update && gulp test",
"webpack-dev": "npm install && gulp webdriver_update && ./node_modules/.bin/webpack",
"webpack-prod": "npm install && gulp webdriver_update && NODE_ENV=production ./node_modules/.bin/webpack",
"webpack-start": "./node_modules/.bin/webpack-dev-server"
}
}
所以直到上周一切都很好,今天node-sass
版本4.9.3
不再存在于GitHub(really?)上,或者至少根据我发布的日志无法访问。
为什么工件被释放后,它们从Github中消失了吗?
我习惯于Maven和NuGet保留工件的永久历史。我们公司使用Artifactory服务器缓存Java资源,但是我们还没有购买Artifactory Pro来永久存储Npm资源
在不切换到通配符版本的情况下,考虑到构建停滞不前肯定会更改计划,开发人员/开发人员可以做什么以防止将来发生这些问题?