Introduction
npmjs.com removed all versions of the Stylus library, replacing them with a security holding page and breaking many builds worldwide. The removal also disrupted clients using Artifactory who were trying to install versions of the package.
According to the latest available information, the Stylus package was removed by the security team by mistake. The package has now been restored and is once again available on npmjs.com.
This article will walk you through the steps to resolve this matter.
Resolution
JFrog’s Artifactory remote repositories cache and track artifacts through metadata. To mitigate the issue, we need to clear the previously cached Stylus package using the following steps.
1. Clear the cache of the “Stylus” package from the remote repository by deleting it. For example, if the remote repository pointing to npmjs.com is called “npmjs-remote”, delete the npmjs-remote-cache/stylus.
2. Clear the metadata of the “Stylus” package from the cache repository by deleting it. Similar to the example above, in this case, delete the npmjs-remote-cache/.npm/stylus.
3. Perform “Zap Cache” on the remote cache repository.
4. Clear the cache from your machine with “npm cache clean --force”.
Lastly, attempt to resolve the package “Stylus” again.
Important articles:
Metadata Retrieval Cache Period
How to resolve packages when it is removed from the upstream remote repository
Zap Cache