Re-allow updates to pre-existing "invalid" named packages

[isaacs]

See fb55/css-what#7 (comment)

If folks would like to push updates to packages that have mixed-case names, or even deprecate those packages in favor of lower-case ones, we're blocking them from doing so because of our well-intended data cleanup bits and bobs.

Probably that should just rely on server-side validation? I'm not 100% sure of the right course of action here, but it feels like we inadvertently left some folks stuck and unable to do the right thing.

[othiym23]

This is making @dominictarr sad over on #7260. I'm investigating whether a change to npm or normalize-package-data will be sufficient to handle this without making any server-side changes.

[dominictarr]

not me, so much as the ???? of people who use JSONStream and need to used a better version of it. ;)

[okv]

Any update on this? (still waiting for JSONStream update ;)

[othiym23]

No, alas, we haven't had time to come up with a plan for this. It's probably sufficient to relax the restrictions in npm / normalize-package-data to allow mixed case in and then start enforcing the restrictions on the server side (and maybe warning / erroring in npm init, to help prevent this from being an issue in the future, but it hasn't risen to the top of the stack for the core team yet.

[dominictarr]

this did work previously, may I ask what broke it?

[shakty]

I add myself to the queue.. cannot publish new versions of JSUS ... I cannot even go lowercase, because in the meantime some dude has published a package named jsus ! So I am really stuck!

JSUS is a dependency of many other packages of mine, so this is a very bad situation for me.

I tried to use an older version of npm 1.5.x, but I get other errors and I cannot even login.

Please re-enable publishing names with upper case characters. Thanks!

[othiym23]

It's on the list of things to do, but hasn't made it to the top of the list yet. If somebody wanted to submit a patch to normalize-package-data that relaxes this restriction, it would probably get merged and published pretty quickly.

[dominictarr]

@othiym23 can you give us a hit as to what fix is necessary?

[othiym23]

@dominictarr normalize-package-data currently errors on package names with capital letters, blocking publishes. It should be a warning again. As far as I know, the registry will allow the publishes, even though the client won't (right now).

[rodneyrehm]

Having the same problem with URIjs and npm 1.7.5 just now. changing the name to uri.js is not an option, because an incomplete and inactive project took the name. I could go with urijs, but I can't say I want to.

What's the plan here?

[zertosh]

browserify versions 5.0.0 - 10.1.1 (10.1.2 is the latest) can't be installed because of JSONStream vs jsonstream on OS X and windows. It's related to the issue described in this issue. From browserify/browserify#1247 (comment):

JSONStream has been stuck on 0.10.1 because #7195 won't allow @dominictarr to update it to 1.0.3. As a workaround, he published it as jsonstream (lowercase) (see dominictarr/JSONStream#59) - which is an entirely new package.

browserify, browser-pack, deps-sort, insert-module-globals, and module-deps, each depend on "JSONStream". I updated each of them so they used jsonstream@^1.0.3 instead of JSONStream@~0.10.0. The updates were all semver patch.

If someone tries to install a browserify that uses "JSONStream@~0.10.0", but has a dep that uses jsonstream@^1.0.3 (because the sub deps fall within the allowed semver range), npm will crap out. It seems that once it sees "JSONStream@~0.10.0" it tries to install "jsonstream@^1.0.3" as "JSONStream@^1.0.3" - which doesn't exist. It must be something with case nature of the fs because this doesn't happen on linux.

[stevengill]

cordova has a dependency on browserify 7.1.0 and now all of our published versions are failing to install. What changed?

[zertosh]

@stevengill the explanation is in browserify/browserify#1247 (comment). Your best bet is to update to 10.1.2. Because of how versions float, this seems to only affect v5.0.0-v10.1.1.

[muratsu]

Hmm, even if we release a new version of Cordova the last few major releases are going to remain broken.

[stevengill]

All downstreams of cordova are breaking too (phonegap, etc). Ugh

[jwhitehorn]

Yes, this breaks many of my dependencies and I can no longer npm install.

[TheSharpieOne]

Yeah, when browserify made this change, $#!t hit the fan. Having something like JSONString == jsonstring seems like a larger issue.

[ashleahhill]

+1

[stevengill]

Looks like the issue got fixed by using an old version of npm to publish JSONStream. dominictarr/JSONStream#68

[dominictarr]

@stevengill hey i think it's fixed can you try installing cordova again (I can't reproduce because I'm on linux)

[stevengill]

@dominictarr it is fixed. Thanks!

[muratsu]

@dominictarr thanks!

[dblotsky]

@dominictarr, great work. Many thanks!

[othiym23]

This is closed by 1da9b04 and e926783, which will be included in npm@2.11.0. So sorry it took us this long to get this addressed!