Skip to content

Draft: Remove npm_allow_packages_in_multiple_projects feature flag

Radamanthus Batnag requested to merge 391692-rollout-npm_allow_packages_in_multiple_projects into master

What does this MR do and why?

This rolls out the bugfix in !111775 (merged) which was behind the npm_allow_packages_in_multiple_projects feature flag.

Feature Flag Rollout issue: #391692

Screenshots or screen recordings

Results of testing on staging.

With npm_allow_packages_in_multiple_projects disabled:

rad@mjolnirv3 ~/p/t/foo> npm i @radsgroup/foo@2.0.0

added 1 package, removed 2 packages, and audited 2 packages in 2s

found 0 vulnerabilities
rad@mjolnirv3 ~/p/t/foo> npm i @radsgroup/foo@1.0.0
npm ERR! code ETARGET
npm ERR! notarget No matching version found for @radsgroup/foo@1.0.0.
npm ERR! notarget In most cases you or one of your dependencies are requesting
npm ERR! notarget a package version that doesn't exist.

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/rad/.npm/_logs/2023-03-06T06_56_05_820Z-debug-0.log

foo@2.0.0 installs, foo@1.0.0 fails as expected.

With feature flag enabled:

rad@mjolnirv3 ~/p/t/foo> npm i @radsgroup/foo@2.0.0

up to date, audited 2 packages in 3s

found 0 vulnerabilities
rad@mjolnirv3 ~/p/t/foo> npm i @radsgroup/foo@1.0.0

changed 1 package, and audited 2 packages in 3s

found 0 vulnerabilities
rad@mjolnirv3 ~/p/t/foo>

Both package versions install successfully.

How to set up and validate locally

Note: These have already been setup in the staging environment

  1. Setup
  • create a group named radsgroup
  • create a project named project1 under radsgroup with public visibility
  • create a project named project2 under radsgroup with public visibility
  • publish an npm package named @radsgroup/foo version 1.0.0 under project1
  • publish an npm package named @radsgroup/foo version 2.0.0 under project2
  • create a personal access token
  • add the instance endpoint with the personal access token to .npmrc
  1. Test
npm i @radsgroup/foo@2.0.0 
npm i @radsgroup/foo@1.0.0

Both packages should install successfully.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #391692

Edited by Radamanthus Batnag

Merge request reports