@cchamberlain and @zpao have both commented on npm/www#3 as having some README publish issues. I believe it falls more under the registry purview rather than the website.

Hi,

We are encountering a lot of hang connections to registry.npmjs.org in the last few days. We are working extensively with npm distributed packages and we are currently testing the @angular packages. However the requests to registry.npmjs.org hang at some point (different package every time). We've investigated this issue a lot. It first occurred in the middle of August, after that we've changed our configurations to use http://registry.npmjs.org instead of https://registry.npmjs.org as a registry and this improved the situation. However in the last few days we encounter tons of hanging requests. It's really strange that the connection is in ESTABLISHED state, but it's just hang (checked with TcpView on Windows). If we kill it, the process continues.
NOTE: The error is reproducible on Mac OS X, Windows and Linux.
After a lot of investigations we can confirm it's not a problem in our internal network. However we've noticed some peaks in our requests when the hang occurs. So we kindly ask for information - is there some limitations of the registry.npmjs.org. For example is there a limitation of the number of requests to registry.npmjs.org from a single public IP?
In case there are no limitations, is there some issue that the registry experience in the last few days?

Do you have any idea what might cause such issues?

I'm attempting to npm publish a package with "name": "@shinymayhem/binary", according to this article, but getting the following error

npm publish --access=public
npm ERR! publish Failed PUT 402
npm ERR! Linux 4.2.0-34-generic
npm ERR! argv "/usr/bin/nodejs" "/usr/local/bin/npm" "publish" "--access=public"
npm ERR! node v4.2.6
npm ERR! npm  v3.8.0
npm ERR! code E402

npm ERR! You need a paid account to perform this action. For more info, visit: https://www.npmjs.com/private-modules : @shinymayhem/binary

The first time I attempted to publish it, I ran into this issue, but after relogging in, I attempted again, but I forgot --access=public, and this issue suggests that the package was created with incorrect permissions.

(npm version 3.8.0)

i am reliably seeing 403 error messages on npm publish --access=public for scoped packages. despite the error, the package is successfully published.

npm: 2.15.0
node: 4.4.2

to reproduce

1. npm init --scope=
2. npm publish --access=public

you will see a 403 error in the terminal, however, the package will be successfully published to the registry and appear on the website.

may be related to on-going issues re: npm/registry#2

The CouchDB replication protocol describes a limit query parameter to limit the number of changes served in response to a request. However

curl -H "Accept: application/json" "https://replicate.npmjs.com/_changes?limit=5"

and similar stream all available records, without limit.

My goal was to try replication in a "pull" style, rather than the default "push" style. The "pull" style would be useful for followers that do a lot of work per change.

Does replicate.npmjs.com support limited queries?

Forgive me if I'm missing something obvious. This is maybe my second or third time dealing with CouchDB replication directly.

Root cause here: I want the small gravatar on this page https://www.npmjs.com/package/@types/jquery to show up correctly.

The NPM website is using the Gravatar for the initial email address I made the 'types' account with. You can see this in the NPM package details:

From https://registry.npmjs.org/@types%2Fjquery
{  
   "_id":"@types/jquery",
   "_rev":"16-ebc5d39f0c5937f95e2e40653fc7a4a9",
   "name":"@types/jquery",
   "description":"TypeScript definitions for jQuery 1.10.x / 2.0.x",
   "dist-tags":{  
      "latest":"2.0.32"
   },
   "versions":{  
      "1.10.8-alpha":{  
         /* snip snip */
         "_npmUser":{  
            "name":"types",
            "email":"[email protected]" <------- wrong
         },

However, this is not the email address we've been publishing with (this has been true for months), and the NPM website itself reports the correct email address ([email protected]) https://www.npmjs.com/~types

This just seems like a bug; if not, how do I correctly publish the package such that the new email address is reported in the email field? We're using the NPM Client API if it matters (https://github.com/Microsoft/types-publisher/blob/master/src/lib/package-publisher.ts#L20)

It would be ideal if when getting a list of packages the status (active vs. deprecated) would be identified in the results.

The use case for me is that I am building a dynamic list of 'version options' for a user to select when choosing versions to be used in their project. I would love to be able to show only the versions that are NOT deprecated by making a single call. As it stands today, we need to first make a call to get the list of all versions, then, make another call to each version and find out if it has the deprecated node in the result or not.

A test of the riffiewobble notification system follows. If your riffiewobbles are secured, or if you lack riffiewobbles, please ignore this message.

Me and my team are using the private packages feature NPM offers. The feature is extremely useful, but the setup is rough.

Like most modern dev teams, we use CI for testing and deploying our code. In order to continue using our CI we created a new NPM user and extracted an auth token for that user. Then we created a .npmrc in the root each of our projects using private packages. This .npmrc contains a template reference to an enviroment variable, NPM_TOKEN, in the location where the auth token would normally go. We then set the NPM_TOKEN environment variable to the value of the extracted auth token from the CI user. This seems to be the recommended method as stated in the documentation on npmjs.org.

In addition to the above, we also had to ask each developer to set a NPM_TOKEN environment variable in their shell when working with projects containing private modules. Otherwise npm fails to run within the directory of these projects because the templated .npmrc requires the environment variable to be present. If the user updates their npm token via npm login, they must also remember to copy the new auth token out of their .npmrc present in their home directory, and update the value of the NPM_TOKEN environment variable in their shell.

This all works, but it's an extremely rough experience. I'd like to suggest some improvements, and I'm happy to help contribute if need be.

Firstly, when one needs to obtain a token for their CI or other automated systems, there should be a location on npmjs.com to create deploy keys for your organization. Having to create a CI user to generate an auth token is a clunky experience.

Lastly, once I have my deploy token I should be able to set it as an environment variable that the NPM cli looks for and uses if found, overriding the .npmrc if present. An alternative to this might be the ability to set the authentication token via a command; npm config set auth-token $NPM_TOKEN. This removes the need for dev to set the NPM_TOKEN environment variable; devs won't need to be concerned with the setup of CI.

So there's my feedback.

Thanks for all of your hard work, NPM is a super bad ass package manager and it's awesome to see you all continuing to improve it. Cheers 🍻

I assume a hook failed or something got lost. See Raynos/min-document#44.

https://skimdb.npmjs.com/_utils/document.html?registry/min-document latest is '2.18.1'
https://registry.npmjs.org/min-document latest is '2.19'

Is the npm registry still open source? I was looking around the npm org and couldn't find out what was powering it, except for https://github.com/npm/npm-registry-couchapp which is marked as deprecated.

npm/npm#10767 npm/npm#10380

Running on a slightly older kernel, when I installed npme, one of the first installs is a new kernel. There is no prompting that this will occur and goes immediately ahead.

If the server is being used for something else other than NPME, this is very hostile and potentially damaging to the software running.

reported by @gmurphy on twitter and verified. fix on the way.

Some folks are seeing issues (lodash/lodash#2326 and npm/npm#12680)
with lodash._basetostring not reporting 4.12.0+ as its latest.

Based on user feedback, we're hearing it would be nice for users to republish/refresh their readme without bumping their package version.

See example feedback:
https://twitter.com/mrvautin/status/767184966564274176

Thoughts?

right now the first publish of a new module gets a package:change event type. it should be publish.

cc @danmactough

I have the user wes on our npm enterprise and published a new package today on our internal namespace. When the publish was successful I took a look at its page in the onsite install and it was published by andrew. As far as I can tell that is just the last person to create an account via npm adduser --registry="our.onsite.com:8080" --scope="@ournamepsace".

Let me know if there is any more information I can provide to help debug.

npm i -g json && curl https://registry.npmjs.com 2>/dev/null | json update_seq produces markedly different values. Running just today, I've seen values in the 3-million-plus, 2-million-plus, and sub-one-million ranges.

Judging by the corresponding instance_start_time values, this is because registry.npmjs.com balances requests across multiple back-end processes that aren't perfectly in sync. A few recent samples:

An observation and a question:

1. One of the instances seems to be really far behind, with update_seq < 1,000,000.
2. Will all back-end processes eventually report the same updates, in the order, with corresponding .seq values?

Hi,

I'm really happy about this feature, thanks for working on it 😄

I'm not sure if what I'm noticing is a bug, but when publishing a package the event payload consistently is of the format {"event":"package:change","name":"@scope/name","type":"package","version":"1.0.0", ... regardless of what version has actually been published. The version in the payload is always 1.0.0.

Is this expected? If so, should I be matching on the dist-tags: { "latest" } prop?

Is there a way to track npm update windows that may cause 504's for incoming requests during that time? We are seeing pockets of 5 to 10 minutes at random where all we receive is 504 from the npm registry.

Example:

16:31:09 npm ERR! argv "node" "/jobvolume/workingcapitalnodeweb-ci-5633/workspace/workingcapitalnodeweb-ci-5633_pullrequest/.nvm/v0.10.44/bin/npm" "install" "buildorch-inc@~0.1.0"
16:31:09 npm ERR! node v0.10.44
16:31:09 npm ERR! npm  v2.15.3
16:31:09 npm ERR! code E504
16:31:09 
16:31:09 npm ERR! Gateway Timeout : shortstop-handlers
16:31:09 npm ERR! 
16:31:09 npm ERR! If you need help, you may report this error at:
16:31:09 npm ERR!     <https://github.com/npm/npm/issues>

e.g. https://registry.npmjs.org/@financial-times%2Fn-express/latest?json=true and https://registry.npmjs.org/@financial-times%2Fn-handlebars/latest?json=true both fail, but https://registry.npmjs.org/@financial-times%2Fn-express?json=true, https://registry.npmjs.org/@financial-times%2Fn-express/^16.0.0?json=true and https://registry.npmjs.org/fetch-mock/latest?json=true are all OK

Documenting here for @bcoe.

If you require a publicly-scoped module like https://www.npmjs.com/package/@kadira/storybook as a dependency (not devDependency), in a module published to npme, consumers of that npme module will see an error when trying to install it. It requires either:

1. Moving the publicly-scoped package to devDependencies, or
2. Explicitly install it after the fact.

Like @angular/platform-server package was published today, but I can't found it on http://registry.npmjs.org/-/all/static/today.json .

Hi registry wombats 👋😆

I couldn't unpublish my scoped packages so far when I did publish them once without --acess=public and payment information as well, in spite of I registered payment information later.

Reproduce steps:

$ node -v
v5.5.0
$ npm -v
3.8.9
$ npm adduser
// ^login as a user who don't register payment information yet
$ mkdir test && cd test
$ npm init --scope=@watilde --yes
// ^should be your name
$ npm publish

Then you can't unpublish the package. I could only remove versions correctly:

$ npm unpublish @watilde/[email protected]
$ npm unpublish @watilde/[email protected]

, but eventually I still can not do anything on the empty module, you can see it 👉 @watilde/testtest

Related issue(in Japanese): watilde/npm#13

Let me know if you need more information. Thanks!

Been seeing lots of npm ERR! network read ECONNRESET when invoking npm install.

Does this indicate a CDN issue on npm's side? This is from multiple AWS instances in the us-west-1 and us-west-2 regions.

npm ERR! network read ECONNRESET
npm ERR! network This is most likely not a problem with npm itself
npm ERR! network and is related to network connectivity.
npm ERR! network In most cases you are behind a proxy or have bad network settings.
npm ERR! network
npm ERR! network If you are behind a proxy, please make sure that the
npm ERR! network 'proxy' config is set properly.  See: 'npm help config'
npm ERR! Linux 3.13.0-48-generic
npm ERR! argv "node" "/home/node/.nvm/versions/node/v0.12.7/bin/npm" "install" "--production"
npm ERR! node v0.12.7
npm ERR! npm  v2.14.3
npm ERR! code ECONNRESET
npm ERR! errno ECONNRESET
npm ERR! syscall read

At some point npm stopped allowing uppercase in the package names, this is referenced here: #3914 (comment)

However, it is still possible to do so by simply changing the name in the package.json yourself. I just published this: https://www.npmjs.com/package/Underscore-1

Had I named it "Underscore" instead of "Underscore-1" it would have successfully overlapped twice and been a potential for people to install the wrong package. I first noticed something was up trying to figure out the Q vs q situation (outlined here: https://tonicdev.com/tolmasky/why-does-require-q-not-work ). I figured Q was a very old package, but then noticed it was actually published just 2 months ago.

I believe this is a security issue because if people had previously gotten it by doing npm install Q, now as long as a version of Q is published with a matching version, on deploys people will mistakenly get the wrong Q (which could be malicious).

I think the server should be disallowing case sensitive packages instead of the client app.

Something like Tonic. Are there docs for accessing a given registry programmatically (presumably read-only)?

Is it possible to programmatically publish an npm package via GitHub services, Travis/Jenkins, webhooks, etc?

Reports and context:

• @davglass's tweet: https://twitter.com/davglass/status/728681870628556800
• npm/npm#12521
• npm/npm#12610

This one in particular is still not found.

npm ERR! fetch failed https://registry.npmjs.org/mocha-junit-reporter/-/mocha-junit-reporter-1.11.0.tgz npm WARN retry will retry, error on last attempt: Error: fetch failed with status code 404

Currently, the procedure most commonly is this, for public packages.

1. Develop on GitHub.
2. Commit.
3. Tag releases.
4. publish to npm registry.

However, npm also supports directly from Github. However, publishing to npmjs has the advantage of discovery through the registry. Since a major percent of it is on GitHub anyway, why not allow package to be aliased?

The Proposal (TL;DR)

• npm registry will show the package and everything will behave exactly the same way.
• I can search npm, find history-next - install.
• Under the covers, it simply does npm install prasannavl/history-next (which uses GitHub).

What gets better:

• No more double publishing (One to GitHub, one to npm). npm tracks GitHub.
• Any GitHub repo can be discovered through npm with just possibly just a simple single publish command with an alias.
• No more out of sync READMEs between GitHub, and npms.
• The publishing step becomes a one-time process. Publish once and forget. GitHub tags are release versions. (These mechanisms are already in place).

Explanation:

Now, I have a package prasannavl/history-next. Its on GitHub. And its published on npm. I can install from npm with npm install history-next. I can also install with prasannavl/history-next to do the same from GitHub. GitHub tags also serve the versioning process nicely.

My point is, the maintenance of both GitHub, and then replicating it to npmjs, is highly repetitive, and painful when not using a build system to automate it. Again, adding more complexity. I really want to unpublish my package now, and simply just use npm install prasannavl/history-next. But the reason I don't is because it would serve the discovery through npm.

Now, if npm just allowed alias to GitHub, all these goals are accomplished without replicating, making the whole process simpler. And as an added advantage, if many projects are simply directly aliased, relives a huge load off npm servers.

The only downside is possibly the single point of failure - GitHub. (Which honestly, I don't think is a huge problem for a huge number of projects on npm). And even so, practically, with all due respects, GitHub servers have historically been a lot more reliable than npm. And let's face it - if GitHub is down, the OSS world comes to down to a halting stop (well, not really, but I think the exaggeration is justified in credit to GitHub :)) And when that's a concern, there's also nothing stopping the authors for doing the exact same model that exists today - Everybody wins (rarely does this statement ever fit so aptly)

This leads to situations where packages like Q are reporting download stats for q.

My package has 2 readme files - one for npm called npm.md, and another for my GitHub repository, called README.md. When I package my app and publish it, I have a script that renames these readme files, so npm.md becomes README.md and the original README.md becomes ORIGINAL.md. npm should display the README.md in my package, as opposed to displaying the README.md from my GitHub repo, since they're different in this case. This was working correctly until about 6 months ago. My packages where I see this issue are:

• forcedroid
• forceios

I had originally filed this issue here, but was asked to re-file it here.

See npm/npm#12633.

mb % npm whoami
prometheusresearch
mb % npm publish --access public
npm ERR! publish Failed PUT 402
npm ERR! Darwin 15.5.0
npm ERR! argv "/Users/andreypopp/.nvm/versions/node/v5.1.0/bin/node" "/Users/andreypopp/.nvm/versions/node/v5.1.0/bin/npm" "publish" "--access" "public"
npm ERR! node v5.1.0
npm ERR! npm  v3.3.12
npm ERR! code E402

npm ERR! You need a paid account to perform this action. For more info, visit: https://www.npmjs.com/private-modules : @prometheusresearch/react-ui
npm ERR!
npm ERR! If you need help, you may report this error at:
npm ERR!     <https://github.com/npm/npm/issues>

npm ERR! Please include the following file with any support request:
npm ERR!     /Users/andreypopp/Workspace/prometheusresearch/react-ui/npm-debug.log

I'm trying out the new replication service, but for some reason I'm not getting all the packages.

Here's a repo to demonstrate the issue: https://github.com/zeke/replicate-npm-test/tree/master

When I use https://skimdb.npmjs.com/registry:

var registry = require('package-stream')()

I get this output:

count 297349
scoped? false

But when I change to the new db:

var registry = require('package-stream')({
  db: 'https://replicate.npmjs.com'
})

I see fewer packages:

count 282353
scoped? true

Any ideas?

cc @soldair

e.g. http://registry.npmjs.org/hello!, or http://registry.npmjs.org/hellohellohelllo returns {}

however, if you pass a character like ~, it replies resource not found

i think it'd be great to have a consistent, meaningful response for packages that are non-existent

After forking a repo recently and updating the package.json within, I felt inauthentic replacing the author prop with my own name. Sure it was my repo now but I hadn't really changed anything yet, so the vast majority of code was not mine. I asked my partner @OscarGodson if he had heard of any kind of 'fork-author' prop, that I could add to respect the original author's work. We couldn't find anything and @rockbot suggested recommending here.

Basically the idea would be some sort of 'fork-author' prop, that would be added instead of replacing the 'author' prop. That way you could link back to the parent repo, and potentially further down the line track the whole tree of forks. It could be a nice way for package.json to reflect all of the past and present authors of a project.

tl;dr

expected: if i accidentally try to publish privately at one version number and it fails because i dont have permissions, i should be able to publish at that version publicly

what happens instead: while publishing a private scoped package @ version 1.0 fails, an attempt to publish with --access=public @ version 1.0 fails with error ""You cannot publish over the previously published version 1.0.1." : private-to-public-scoped".

steps to reproduce

1. fork and clone https://github.com/ashleygwilliams/is-npm-working
2. cd is-npm-working
3. ./test.sh

the third test will demo the 403 error

I was logged in as the wrong npm user and instead of getting the expected 403 error I got a 404:

npm ERR! code E404

npm ERR! 404 Not found : @streammedev/flyout
npm ERR! 404
npm ERR! 404  '@streammedev/flyout' is not in the npm registry.

Logging in as the correct owner successfully published the module.

The end point would look like:

PUT /-/npm/anon-metrics/v1/:metricId

Where metricId would be a uniqueid to this set of metrics. If the server sees the same uniqueid more than once then the latter version will supersede the former. This means that if one PUT fails, we can try
again later with newer data and not end up double counting.

This end point expects a JSON object and ignores any keys it doesn't understand. The initial keys would be:

from: 'W3CDTF',
to: 'W3CDTF',
successfulInstalls: #,
failedInstalls: #

The cli issue for this: npm/npm#12529

The npm-registry-client issue for this: npm/npm-registry-client#138

Hi @soldair and @ashleygwilliams!

I want to make a thing that watches the registry for changes, looking for specific dependencies and devDependencies in the packages.

@bcoe directed me to https://github.com/jcrugzz/changes-stream, which I have working with https://skimdb.npmjs.com/registry

repo: https://github.com/zeke/ch-ch-ch-changes

const ChangesStream = require('changes-stream')

var changes = new ChangesStream({
  db: 'https://fullfatdb.npmjs.com/registry',
  include_docs: true
})

changes
  .on('readable', function () {
    var change = changes.read()
    console.log('\n\n\n')
    console.dir(change)
  })
  .on('error', function (err) {
    console.error(err)
  })

However I don't see any dependencies in those objects. Here's some sample output: https://gist.github.com/zeke/052cb82efbd578a8fd9abf66b60311a3

I tried changing the URL to https://fullfatdb.npmjs.com/registry thinking that might yield more metadata, but that host doesn't seem to work:

{ Error: getaddrinfo ENOTFOUND fullfatdb.npmjs.com fullfatdb.npmjs.com:443
    at errnoException (dns.js:28:10)
    at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:79:26)
  code: 'ENOTFOUND',
  errno: 'ENOTFOUND',
  syscall: 'getaddrinfo',
  hostname: 'fullfatdb.npmjs.com',
  host: 'fullfatdb.npmjs.com',
  port: 443 }

According to npm/npm#9701, 'recently'(?) the npm client started to correct semver versions on publish. For versions published previous to that date, it appears that the registry docs were updated and sanitized. This sanitization step does not appear to have happened for the skimdb registry, resulting in the fact that the databases are advertising different versions.

Example below, note that the registry publishes versions 1.0.2-beta, vs skimdb's publishing of 1.0.2beta.

> curl https://registry.npmjs.org/handlebars > handlebars_registry.json
> curl https://skimdb.npmjs.com/registry/handlebars > handlebars_skimdb.json

-------------------------

> var h1 = require('./handlebars_registry.json');
undefined
> var h2 = require('./handlebars_skimdb.json');
undefined
> Object.keys(h1.versions);
[ '1.0.6',
  '1.0.6-2',
  '1.0.7',
  '1.0.8',
  '1.0.9',
  '1.0.10',
  '1.0.11',
  '1.0.12',
  '1.1.0',
  '1.1.1',
  '1.1.2',
  '1.2.0',
  '1.2.1',
  '1.3.0',
  '2.0.0-alpha.1',
  '2.0.0-alpha.2',
  '2.0.0-alpha.3',
  '2.0.0-alpha.4',
  '2.0.0-beta.1',
  '2.0.0',
  '3.0.0',
  '3.0.1',
  '3.0.2',
  '3.0.3',
  '4.0.0',
  '4.0.1',
  '4.0.2',
  '4.0.3',
  '4.0.4',
  '4.0.5',
  '1.0.2-beta',
  '1.0.4-beta',
  '1.0.5-beta' ]
> Object.keys(h2.versions);
[ '1.0.2beta',
  '1.0.4beta',
  '1.0.5beta',
  '1.0.6',
  '1.0.6-2',
  '1.0.7',
  '1.0.8',
  '1.0.9',
  '1.0.10',
  '1.0.11',
  '1.0.12',
  '1.1.0',
  '1.1.1',
  '1.1.2',
  '1.2.0',
  '1.2.1',
  '1.3.0',
  '2.0.0-alpha.1',
  '2.0.0-alpha.2',
  '2.0.0-alpha.3',
  '2.0.0-alpha.4',
  '2.0.0-beta.1',
  '2.0.0',
  '3.0.0',
  '3.0.1',
  '3.0.2',
  '3.0.3',
  '4.0.0',
  '4.0.1',
  '4.0.2',
  '4.0.3',
  '4.0.4',
  '4.0.5' ]

Is there a view for getting the size of a package? The view that npm-stats was using isn't there anymore.

hughsk/npm-stats#13

it will break third-party installer like pnpm and npminstall

$ curl -I https://registry.npmjs.com/@bigfunger%2Fdecompress-zip/0.2.0-stripfix2

HTTP/1.1 401 Unauthorized
npm-notice: ERROR: you cannot fetch versions for scoped packages
Cache-Control: max-age=0
Transfer-Encoding: chunked
Accept-Ranges: bytes
Date: Tue, 24 May 2016 03:05:26 GMT
Via: 1.1 varnish
Connection: keep-alive
X-Served-By: cache-nrt6123-NRT
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1464059126.382787,VS0,VE484

https://registry.npmjs.org/csslint-stylish/-/csslint-stylish-0.0.5.tgz

Returns:

{
  code: "InternalError",
  message: "Cannot read property '0.0.5' of undefined"
}

Hi!
I think it would be awesome if we could detect if a package was published with a gypfile signaling binary module presence. Some versions of npm-cli added a flag to the package.json but it's not consistent. It would help to be able to know this to aid in binary precompilation.

Thanks!

-Francis

Receiving currently a lot of:

npm info retry will retry, error on last attempt: SyntaxError: Unexpected token <
npm info retry 
npm info retry <?xml version="1.0" encoding="utf-8"?>
npm info retry <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
npm info retry  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
npm info retry <html>
npm info retry   <head>
npm info retry     <title>503 first byte timeout</title>
npm info retry   </head>
npm info retry   <body>
npm info retry     <h1>Error 503 first byte timeout</h1>
npm info retry     <p>first byte timeout</p>
npm info retry     <h3>Guru Mediation:</h3>
npm info retry     <p>Details: cache-fra1236-FRA 1469453479 3563911984</p>
npm info retry     <hr>
npm info retry     <p>Varnish cache server</p>
npm info retry   </body>
npm info retry </html>