1

I am trying to npm publish my package https://github.com/kofifus/HyperappComponent

In windows cmd I cloned the package, login to npm then try npm publish

I get:

C:\Temp\HyperappComponent>npm publish
npm notice
npm notice package: hyperappcomponent@0.1.0
npm notice === Tarball Contents ===
npm notice 11.6kB LICENSE
npm notice 3.7kB  index.js
npm notice 235B   package.json
npm notice 4.2kB  README.md
npm notice === Tarball Details ===
npm notice name:          hyperappcomponent
npm notice version:       0.1.0
npm notice package size:  6.8 kB
npm notice unpacked size: 19.7 kB
npm notice shasum:        48dab5ae762c43ae9afe3a24df79edf07942082c
npm notice integrity:     sha512-Xgf3YoCRPd68v[...]eLWhg8GH2wqWg==
npm notice total files:   4
npm notice
npm ERR! code E429
npm ERR! 429 Too Many Requests - PUT https://registry.npmjs.org/hyperappcomponent

What is wrong here ?

kofifus
  • 17,260
  • 17
  • 99
  • 173
  • https://github.com/npm/cli/issues/836#issuecomment-589404272 – morganney Apr 12 '23 at 02:31
  • @morganney are you saying it's a temporary outage ? I've been trying for a week and so no outage reports for npm online – kofifus Apr 12 '23 at 03:35
  • I’m saying it could be something similar. A proxy like CF could be interpreting the HTTP spec in a way that forbids the request from `npm` due to the `Referer` header it sends. I’m not sure if npm is still using `install` as the value but if I were you I would check. – morganney Apr 12 '23 at 13:02
  • What version of npm are you using? https://github.com/npm/cli/issues/930 – morganney Apr 12 '23 at 13:07
  • @morganney indeed the problem was my version was too old, if you want to post an answer I'll mark it – kofifus Apr 14 '23 at 22:03

2 Answers2

4

You need to npm login first.

The error (429 Too Many Requests) is misleading.

t0staky
  • 61
  • 4
1

Try updating your npm version to one that uses a version of npm-registry-fetch >= 8.0.0. The reason being, that version of npm-registry-fetch removes the use of a non-standard Referer header value while making requests that certain proxies like CloudFare may deem as a violation of the HTTP spec, and thus block based on their own custom heuristic.

Looks like versions of npm >= 7.0.0 have the necessary dependency on npm-registry-fetch.

In this case, according to Roy Fielding:

Instead, npm sent a special value without a special scheme, and Cloudflare marked that for rate limiting based on incorrect assumptions of bad behavior rather than the actual specification. Excuses happen.

morganney
  • 6,566
  • 1
  • 24
  • 35