Be smarter about when to use git+https and when to use git+ssh for hosted git repos

[isaacs]

Tracking issue: npm/cli#2610 (comment)

[isaacs]

Plan: https://docs.google.com/spreadsheets/d/1C3aOFtUeanUoFOJQFRGqfL5j6jRiIBYBKEMCacoom0w/edit?usp=sharing

• fail CDN fast, no exponential backoff retrying, fixes GitLab
• save same sort of thing to package-lock and package.json (but with sha in package-lock, with ref in package.json)
• tell git+ssh to accept new keys, but fail on changed keys
• principle: CDN is suggested by git+https working for rev-list
• don't try to clone over a strategy that failed rev-list (except as a final fallback)
• priority: CDN as long as git+https hasn't failed yet. then what the user told us, unless we saw that fail on rev-list, in which case the other one, then whichever one we haven't tried yet
• never send auth to CDN
• track all CDN failures by user/project in pacote.Git (static/module-local list)
• track all rev-list strategies by user/project in pacote.Git (static/module-local list)

[majidkhan12]

Please help me I also have the same problem.

[raineorshine]

@majidkhan12 This isn't an appropriate comment for an open source repository. We're all waiting for this to be fixed, and I'm sure the developers have a lot of different priorities. Saying you also have the problem doesn't help anyone and spams all subscribers to the issue.