From 71d8fb4a94d65e1855f6d0c5f2ad2b7c3202e3c4 Mon Sep 17 00:00:00 2001
From: Jacob <jakeincanada@icloud.com>
Date: Mon, 26 Nov 2018 11:05:56 -0500
Subject: [PATCH] publish: Close the file descriptor if exiting upload via an
 error. (#80)

This fixes https://npm.community/t/unhelpful-error-message-when-publishing-without-logging-in-error-eperm-operation-not-permitted-unlink/1377/3 and the other dozen or so issues that that link references, and possibly many more involving poor error messages from errors thrown by the upload function.

@zkat you mentioned you could take a look at any fixes / answer any questions, if you could look this over and let me know if this is a good / valid approach that would be fantastic, thanks! (it wasn't a race condition, luckily :P).

it may also be helpful to add something like
```
    if (!auth.token || !(auth.username && auth.password)) {
      log.warn('publish', 'not logged in')
    }
```
just before we even open the first file descriptor to make sure that even if the error message is completely wrong something in the log will give users a clue what may be going on. I took the method of looking for login creds from the logout method, I'm not sure that's valid or if alternatives to npm exist that don't require credentials but users could still publish to.

Triage of the issue:

1. The upload function throws an error
2. As that error bubbles through [cacache](https://www.npmjs.com/package/cacache#with-tmp) it tries to delete the tmpdir as it should
3. It can't delete the temp dir as the upload function's readFileStream to the tar it was trying to upload is still open.
4. [cacache](https://www.npmjs.com/package/cacache#with-tmp) throws an error about it's inability to remove the dir, which suppresses the upload function's error.

Fixes: https://npm.community/t/unhelpful-error-message-when-publishing-without-logging-in-error-eperm-operation-not-permitted-unlink/1377/3
PR-URL: https://github.com/npm/cli/pull/80
Credit: @macdja38
Reviewed-By: @zkat
---
 lib/publish.js | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/lib/publish.js b/lib/publish.js
index 1ae87d7900fa1..25f2134b1b16d 100644
--- a/lib/publish.js
+++ b/lib/publish.js
@@ -167,6 +167,12 @@ function upload (arg, pkg, isRetry, cached) {
       auth: auth
     }
 
+    function closeFile () {
+      if (!npm.config.get('dry-run')) {
+        params.body.close()
+      }
+    }
+
     // registry-frontdoor cares about the access level, which is only
     // configurable for scoped packages
     if (config.get('access')) {
@@ -195,6 +201,8 @@ function upload (arg, pkg, isRetry, cached) {
         return BB.fromNode((cb) => {
           npm.commands.unpublish([pkg._id], cb)
         }).finally(() => {
+          // close the file we are trying to upload, we will open it again.
+          closeFile()
           // ignore errors.  Use the force.  Reach out with your feelings.
           return upload(arg, pkg, true, cached).catch(() => {
             // but if it fails again, then report the first error.
@@ -202,6 +210,8 @@ function upload (arg, pkg, isRetry, cached) {
           })
         })
       } else {
+        // close the file we are trying to upload, all attempts to resume will open it again
+        closeFile()
         throw err
       }
     })