[BUG] ETARGET No matching version found after version update; cache clear helps

[mo22]

Is there an existing issue for this?

• I have searched the existing issues

This issue exists in the latest npm version

• I am using the latest npm

Current Behavior

npm --version: 10.8.1
node --version: v22.3.0
mac intel 14.5

when updating to newer versions of packages:

npm install @radix-ui/react-accordion@1.2.0

the result is:

npm error code ETARGET
npm error notarget No matching version found for @radix-ui/react-accordion@1.2.0.
npm error notarget In most cases you or one of your dependencies are requesting
npm error notarget a package version that doesn't exist.

npm log:

15 silly fetch manifest @radix-ui/react-accordion@1.2.0
16 silly packumentCache full:https://registry.npmjs.org/@radix-ui%2freact-accordion cache-miss
17 http fetch GET 200 https://registry.npmjs.org/@radix-ui%2freact-accordion 213ms (cache stale)
18 silly packumentCache full:https://registry.npmjs.org/@radix-ui%2freact-accordion set size:506624 disposed:false
[...]
91 silly placeDep ROOT @radix-ui/react-accordion@ REPLACE for: project@0.1.29 want: 1.2.0
[...]
127 verbose stack @radix-ui/react-accordion: No matching version found for @radix-ui/react-accordion@1.2.0.

after running npm cache clear --force the command runs through fine.

Expected Behavior

npm command succeeding without cache clear

Steps To Reproduce

npm init
npm install some-package
# wait for some-package to be updated
npm install some-package@new-version

Environment

npm --version: 10.8.1
node --version: v22.3.0
mac intel 14.5

npm config:

//registry.npmjs.org/:_authToken = (protected)
legacy-peer-deps = false
prefer-offline = true
prefix = "/usr/local"

[mo22]

I will check if that is caused by prefer-offline = true. Still it should fall back to online in that case.

[milaninfy]

@mo22 works fine for me. Is it happening for any packages or just this specific one ?

~/workarea/rep/temp $ npm install @radix-ui/react-accordion@1.1.0 --prefer-offline

added 21 packages, and audited 22 packages in 3s

found 0 vulnerabilities
~/workarea/rep/temp $ npm install @radix-ui/react-accordion@1.2.0 --prefer-offline

removed 2 packages, changed 14 packages, and audited 20 packages in 1s

found 0 vulnerabilities

[mo22]

@milaninfy it happens to all packages; if the version is not yet released at the time of install (independent of the version to be installed) and later upgraded it happens to me, often when I run npm-check -u in a project.

Strangely I have tested it right now with an npm package published by me - clear npm cache, install version, release newer version and run npm-check -u and upgrade the package, worked without issues right now.

I will investigate further

[mo22]

I can confirm that it only happens if I have prefer-offline=true in my .npmrc file or use the --prefer-offline flag.

I believe that setting causes npm-registry-fetch/lib/index.js to use force-cache when retrieving https://registry.npmjs.org/package-name, which in turn uses the offline cached version of it, which is of course not the new version.

So npm install package-name@10.0.0 will see the cached state wich does not include version 10.0.0.

[milaninfy]

@mo22 then it's not an issue, if the cache is already there and you are using --prefer-offline flag then it would use from cache if available and would be unaware of latest publish/version.

[mo22]

I assume you are right.
In theory that means you will not be able to update packages to versions that are released after the package info has been retrieved and cached.