Currently, when deploying npm packages into Artifactory, Artifactory validates that the version in the package.json and in the destination path filename is correct.
However, if the version in the package.json or the version in the target filename is invalid (e.g. contains leading zeros), Artifactory will reject the deployment.
The npm client is trimming leading zeros and validating a correct package version according to the Semantic Versioning 2.0.0.
This is one of the reasons why we recommend our clients to deploy npm packages using npm publish and not directly from the WEB UI.
It appears that older versions of npm were trimming the version from the package.json but not from the final uploaded tgz file.
We have contacted the npm authors about that, they are saying that we cannot rely on the tgz filename to conclude a package name/version. We have opened an issue to fix that behavior here. But it will not change the fact that Artifactory will not alter the uploaded tgz filename, meaning that if you deploy from the WEB UI a package with a wrong version will still experience issues, unlike deploying from the npm client using npm publish.
To conclude, if you want to deploy this package manually you can either:
Use version [version of the package[ which comply to SemVer2.
Manually edit the tgz file name as well as the package.json inside it and trim leading zeros from the version, then upload it from the WEB UI if this is required.
If you have a specific issue with esprima-fb package, we fixed the issue of the esprima-fb package and we have now a global accessible npmjs cache for your Artifactory Online. You can replace the url of your npmjs remote repo with this: https://repo.jfrog.org/artifactory/api/npm/npmjs
Please note that these instructions are only valid for esprima-fb package, we do not recommend resolving npm packages using our repository at the URL above, since it is not regularly maintained.