npm: Include package version id in ExtID manifest (!278) · Merge requests · Platform / Development / swh-loader-core

vlorentz requested to merge generated-differential-D7469-source into generated-differential-D7469-target Mar 30, 2022

In at least one occurence, replicate.npmjs.com shows the exact same tarball for two different versions.

As we only used the shasum to identify a release (formerly revision) when loading incrementally, this causes two ExtIDs to be created for the same target, which causes a crash when re-loading incrementally (formerly, this caused duplicate branches' revision to be replaced by the other one).

For example, https://archive.softwareheritage.org/swh:1:snp:9fe3ba7515a9b567ab7f66e20d1f4ff7f9f5cf23;origin=https://www.npmjs.com/package/koreanbots has a branch named "releases/3.0.0-alpha3" which points to a revision with the right date and directory, but "3.0.0-beta" as commit message. This may have been caused by both revisions having the same directory.

This seems to have confused the next load of the loader, whose result can be seen at https://archive.softwareheritage.org/swh:1:snp:e9dca2ee671f8d12a0163fe4cacfc61eabf7d8fe;origin=https://www.npmjs.com/package/koreanbots as it used the revision in the "releases/3.0.0-alpha3" branch as the target of the "releases/3.0.0-beta" branch.

Migrated from D7469 (view on Phabricator)

npm: Include package version id in ExtID manifest

Merge request reports