Skip to content

npm: Include package version id in ExtID manifest

In at least one occurence, replicate.npmjs.com shows the exact same tarball for two different versions.

As we only used the shasum to identify a release (formerly revision) when loading incrementally, this causes two ExtIDs to be created for the same target, which causes a crash when re-loading incrementally (formerly, this caused duplicate branches' revision to be replaced by the other one).

For example, https://archive.softwareheritage.org/swh:1:snp:9fe3ba7515a9b567ab7f66e20d1f4ff7f9f5cf23;origin=https://www.npmjs.com/package/koreanbots has a branch named "releases/3.0.0-alpha3" which points to a revision with the right date and directory, but "3.0.0-beta" as commit message. This may have been caused by both revisions having the same directory.

This seems to have confused the next load of the loader, whose result can be seen at https://archive.softwareheritage.org/swh:1:snp:e9dca2ee671f8d12a0163fe4cacfc61eabf7d8fe;origin=https://www.npmjs.com/package/koreanbots as it used the revision in the "releases/3.0.0-alpha3" branch as the target of the "releases/3.0.0-beta" branch.


Migrated from D7469 (view on Phabricator)

Merge request reports

Loading