[BUG] Npm opens many connections when installing #7072
Comments
Larsjep
added
Bug
|
I noticed that there is a config option called maxsockets. But the default is 15 and |
|
@Larsjep Just curious what Could also be that's something that's buried in NPM and is somehow overridden in some other way, but it caught my eye when I searched the org for |
|
@MartinFalatic I have also looked in the code base, but I can't find anywhere it refers to the |
|
+1 here. We are using self-hosted runners(ARC) on our own cluster and when using npm 10 we noticed a lot of dropped packets due to NAT ports exhaustion all coming from the arc runner executing npm install with npm 10. We have dynamic port allocation, which means that npm creates a lot of connections in a burst at the same time before the new ports can be allocated to the worker node running the runner pod. Npm 9 does not seem to have this issue. Looks an issue with the new What is also interesting is that the workflow does not fail. npm seems to use whatever number of connections it managed to establish to install all packages. |
|
Hello there, I would like to add that this is actually a bigger issue for very large projects (3000+ dependencies):
|
|
We're affected by the same issue... Two potential workarounds are disabling the proxy (can't do that in corporate environment) or downgrading to npm 9 |
|
It seems the When I run a |
|
+1 here |
|
Same issue encountered on our vm lima. After upgrading to node v20 and npm v10, npm install freezes the entire vm. Downgrading to v9 fixed the issue. |
|
We are seeing about half of our I can reproduce easily so please let me know if I can help debug this somehow |
|
Potentially being looked at under #7272. |
|
My gitlab ci/cd is also very unstable due to this behavior. Often causing time outs due to the large amount of connections. Especially since I have some jobs running in parallel as well. |
|
So... I went into the rabbit hole... It went very very deep... But I finally found the root cause!
|
I didn't look very long at the code. But it seems that This array is increased via: Then there is also something like "max socket count" as well. Which has an easier implementation, the code uses: Anyway there is a lot of complex state keeping going on in the _http_agent.js file. Keep in mind that http_agent.js file is using a local |
|
I recall similar issue npm/make-fetch-happen#59, but in that case it was only for proxied connections, while the current issue affects definitely affects non-proxied connections. |
|
Here is a workaround I just applied to our CI system. I am using the request as a placeholder in the agent-base.patch --- a/dist/index.js
+++ b/dist/index.js
@@ -65,6 +65,8 @@
l.indexOf('node:https:') !== -1);
}
createSocket(req, options, cb) {
+ const sockets = this.sockets[this.getName(options)];
+ sockets.push(req);
const connectOpts = {
...options,
secureEndpoint: this.isSecureEndpoint(options),
\ No newline at end of file
@@ -77,6 +79,7 @@
return socket.addRequest(req, connectOpts);
}
this[INTERNAL].currentSocket = socket;
+ sockets.splice(sockets.indexOf(req), 1);
// @ts-expect-error `createSocket()` isn't defined in `@types/node`
super.createSocket(req, options, cb);
}, cb);
\ No newline at end of fileWe're using Earthly, so I added this to our Earthfile: # patch for https://github.com/npm/cli/issues/7072
COPY agent-base.patch ./
RUN patch -p 1 -d /usr/local/lib/node_modules/npm/node_modules/agent-base/ < agent-base.patch |
|
What is the status of this issue? I see issue #7272 has been closed as duplicate. Not sure how labels work in this project, but I see #7272 has "Priority 1" label, and if that makes any difference and adds priority, could you please add that label in this issue? |
|
@lukekarrys. Cuz #7272 is closed now (as a duplicate of the current issue), could you please take a look at this? |
|
I believe this a big issue in NPM for both individuals, small and large companies alike. Please, consider increasing the priority of this ticket (eg. label as as prio 1:
Priority 1
|
lukekarrys
added
Priority 0
|
Luke has created an issue in the upstream package TooTallNate/proxy-agents#299. If this can't be fixed quickly we may also look into mitigating it somehow from the npm codebase. |
|
Thank you for the help ❤️ |
|
Indeed. Thank you so much! ❤️ Appreciate the prio shift, I know you are very busy. |
|
Updating in Node in nodejs/node#52351 |
|
For all having issues running the workflows in Docker on the GitHub CI, adding these lines to the workflow (which uses Docker) installs the latest NPM version into the Docker container: |
|
I don't understand the down vote of the above workaround, as long as there is no new nodejs version with the latest npm version. There is no other solution to pull in the latest npm package yourself until a new nodejs version is related that fixed this npm issue. Edit: another reason again to split npm from node. But I digress. |
|
You’re supposed to update npm, not just use the version installed with node. Unbundling it would make this problem worse, not better. |
|
Wait, so each time I run my CICD jobs in docker (github/gitlab) I need to first update npm?? That doesn't make sense. |
|
Yep. Or, you do it in your docker image periodically so your jobs don’t have to also do it. |
|
We got a bit off-topic now with this discussion. But it's important nonetheless. But isn't that whole point of docker tags that you version already your docker image to a specific version, the whole point of tagging a version of Docker images. Updating Yes, you could create a new docker image based on the official node image, instead of directly using the official node image. Where you manually periodically update your npm version :. But nobody is really gonna create a separate Maybe making |
|
I maintain 500+ open source projects, each that have 200+ CI jobs, and they all upgrade npm in every CI run. It's not that big a deal. |
|
I see. OK, I think it's a bad practice to do it like that. But I understand now fully how it should be done, thanks for sharing your insides. Also don't get me wrong, I love all your open-source projects ;), including Node & npm, qs and more. I'm just thinking out loud here and understand the full context, I hope you didn't mind. Hopefully others will follow and now update npm as well in all their CI/CD runs as their first step. EDIT: I checked your CI jobs. I noticed you run EDIT EDIT: |
|
Yes, that's true, you need npm to install npm, but I wouldn't expect it to fail installing npm itself. If it does, then you are indeed stuck using the install.sh script upthread. |
|
Wouldn't just installing the project with |
This updates the minimum required node version to Node 20. The latest version of Node 18 still contains the npm bug (npm/cli#7072) whereas Node 20 got updated to a npm version that contains a fix. Node 20 is known to work with our current code, so this change updates to that as an intermediate step before we investigate if we can update to Node 22 as discussed for Keyman 18.
This updates the minimum required node version to Node 20. The latest version of Node 18 still contains the npm bug (npm/cli#7072) whereas Node 20 got updated to a npm version that contains a fix. Node 20 is known to work with our current code, so this change updates to that as an intermediate step before we investigate if we can update to Node 22 as discussed for Keyman 18.
This updates the minimum required node version to Node 20. The latest version of Node 18 still contains the npm bug (npm/cli#7072) whereas Node 20 got updated to a npm version that contains a fix. Node 20 is known to work with our current code, so this change updates to that as an intermediate step before we investigate if we can update to Node 22 as discussed for Keyman 18.
Upgrade the project to use nodejs-20 in the `Dockerfile`,
and package.json engine block. More specific entries
for `.dockerignore` will help keep the `COPY` step quick.
Reasoning:
- nodejs-18 is in LTS until May 2025, but nodejs-20 will
be in LTS until May 2026. [^1]
- node and npm are distributed together, and the
`ubi9/nodejs-20` container has a newer version of
npm included (10.7.0) than the current `ubi9/nodejs-18`
container (10.5.0)
- Given github issues [^2] and [^3], we can assume that
the only versions of npm that will be stable in CI
during the `npm install` phase are `npm@9` and `npm@>=10.5.2`.
Any npm version <10.5.2 is at severe risk of encountering
network errors when installing packages, especially when
running in a qemu environment for non-native architecture
builds.
- Being very specific in the `package.json` `engines` block
will help keep everyone on working versions of npm.
[1]: https://nodejs.org/en/about/previous-releases
[2]: npm/cli#7231
[3]: npm/cli#7072
Signed-off-by: Scott J Dickerson <[email protected]>
Upgrade the project to use nodejs-20 in the `Dockerfile`,
and package.json engine block. More specific entries
for `.dockerignore` will help keep the `COPY` step quick.
Reasoning:
- nodejs-18 is in LTS until May 2025, but nodejs-20 will
be in LTS until May 2026. [^1]
- node and npm are distributed together, and the
`ubi9/nodejs-20` container has a newer version of
npm included (10.7.0) than the current `ubi9/nodejs-18`
container (10.5.0)
- Given github issues [^2] and [^3], we can assume that
the only versions of npm that will be stable in CI
during the `npm install` phase are `npm@9` and `npm@>=10.5.2`.
Any npm version <10.5.2 is at severe risk of encountering
network errors when installing packages, especially when
running in a qemu environment for non-native architecture
builds.
- Being very specific in the `package.json` `engines` block
will help keep everyone on working versions of npm.
[^1]: https://nodejs.org/en/about/previous-releases
[^2]: npm/cli#7231
[^3]: npm/cli#7072
Signed-off-by: Scott J Dickerson <[email protected]>
Upgrade the project to use nodejs-20 in the `Dockerfile`,
and package.json engine block. More specific entries
for `.dockerignore` will help keep the `COPY` step quick.
Reasoning:
- nodejs-18 is in LTS until May 2025, but nodejs-20 will
be in LTS until May 2026. [^1]
- node and npm are distributed together, and the
`ubi9/nodejs-20` container has a newer version of
npm included (10.7.0) than the current `ubi9/nodejs-18`
container (10.5.0)
- Given github issues [^2] and [^3], we can assume that
the only versions of npm that will be stable in CI
during the `npm install` phase are `npm@9` and `npm@>=10.5.2`.
Any npm version <10.5.2 is at severe risk of encountering
network errors when installing packages, especially when
running in a qemu environment for non-native architecture
builds.
- Being very specific in the `package.json` `engines` block
will help keep everyone on working versions of npm.
[^1]: https://nodejs.org/en/about/previous-releases
[^2]: npm/cli#7231
[^3]: npm/cli#7072
Signed-off-by: Scott J Dickerson <[email protected]>
Upgrade the project to use nodejs-20 in the `Dockerfile`, and
package.json engine block. More specific entries for `.dockerignore`
will help keep the `COPY` step quick (especially for local dev image
builds).
Reasoning:
- nodejs-18 is in LTS until May 2025, but nodejs-20 will be in LTS until
May 2026. [^1]
- node and npm are distributed together, and the `ubi9/nodejs-20`
container has a newer version of npm included (10.7.0) than the current
`ubi9/nodejs-18` container (10.5.0)
- Given github issues [^2] and [^3], we can assume that the only
versions of npm that will be stable in CI during the `npm install` phase
are `npm@9` and `npm@>=10.5.2`. Any npm version <10.5.2 is at severe
risk of encountering network errors when installing packages, especially
when running in a qemu environment for non-native architecture builds.
- Being very specific in the `package.json` `engines` block will help
keep everyone on working versions of npm.
[^1]: https://nodejs.org/en/about/previous-releases
[^2]: npm/cli#7231
[^3]: npm/cli#7072
Signed-off-by: Scott J Dickerson <[email protected]>
Upgrade the project to use nodejs-20 in the `Dockerfile`, and
package.json engine block. More specific entries for `.dockerignore`
will help keep the `COPY` step quick (especially for local dev image
builds).
Reasoning:
- nodejs-18 is in LTS until May 2025, but nodejs-20 will be in LTS until
May 2026. [^1]
- node and npm are distributed together, and the `ubi9/nodejs-20`
container has a newer version of npm included (10.7.0) than the current
`ubi9/nodejs-18` container (10.5.0)
- Given github issues [^2] and [^3], we can assume that the only
versions of npm that will be stable in CI during the `npm install` phase
are `npm@9` and `npm@>=10.5.2`. Any npm version <10.5.2 is at severe
risk of encountering network errors when installing packages, especially
when running in a qemu environment for non-native architecture builds.
- Being very specific in the `package.json` `engines` block will help
keep everyone on working versions of npm.
[^1]: https://nodejs.org/en/about/previous-releases
[^2]: npm/cli#7231
[^3]: npm/cli#7072
Backport-of: konveyor#2062
Signed-off-by: Scott J Dickerson <[email protected]>
Upgrade the project to use nodejs-20 in the `Dockerfile`, and
package.json engine block. More specific entries for `.dockerignore`
will help keep the `COPY` step quick (especially for local dev image
builds).
Reasoning:
- nodejs-18 is in LTS until May 2025, but nodejs-20 will be in LTS until
May 2026. [^1]
- node and npm are distributed together, and the `ubi9/nodejs-20`
container has a newer version of npm included (10.7.0) than the current
`ubi9/nodejs-18` container (10.5.0)
- Given github issues [^2] and [^3], we can assume that the only
versions of npm that will be stable in CI during the `npm install` phase
are `npm@9` and `npm@>=10.5.2`. Any npm version <10.5.2 is at severe
risk of encountering network errors when installing packages, especially
when running in a qemu environment for non-native architecture builds.
- Being very specific in the `package.json` `engines` block will help
keep everyone on working versions of npm.
[^1]: https://nodejs.org/en/about/previous-releases
[^2]: npm/cli#7231
[^3]: npm/cli#7072
Backport-of: #2062
Signed-off-by: Scott J Dickerson <[email protected]>
Is there an existing issue for this?
This issue exists in the latest npm version
Current Behavior
My project needs around 2000 packages. When running "npm install" it starts out by opening 2000 connections and then when all the connections are open it downloads 1 package on each connection.
Is this intended?, because it causes a quite high load on our package proxy. Is there a way to limit the number of connections?
With npm 9.9 it only uses 18/20 connections.
Expected Behavior
"npm install" only opens a few connetions to the package server.
Steps To Reproduce
Environment
The text was updated successfully, but these errors were encountered: