fix(coding-agent): use npm view for update checks on non-default registries (#3164)

Previously, getLatestNpmVersion() hardcoded a fetch to
registry.npmjs.org, which 404s for packages on alternate
registries (private, Verdaccio, GitHub Packages, etc.).
The error was silently swallowed, so users never saw update
notifications for these packages.

Replace the direct fetch with
via the existing runCommandCapture helper. This uses the same
registry resolution as npm install (reads .npmrc config chain),
respects the npmCommand setting, and runs with this.cwd for
correct .npmrc lookup.
This commit is contained in:
Aliou Diallo
2026-04-14 20:20:14 +02:00
committed by GitHub
parent ac37d4d439
commit 2d3ed0cfa7
3 changed files with 47 additions and 27 deletions

View File

@@ -1317,12 +1317,15 @@ export class DefaultPackageManager implements PackageManager {
}
private async getLatestNpmVersion(packageName: string): Promise<string> {
const response = await fetch(`https://registry.npmjs.org/${packageName}/latest`, {
signal: AbortSignal.timeout(NETWORK_TIMEOUT_MS),
});
if (!response.ok) throw new Error(`Failed to fetch npm registry: ${response.status}`);
const data = (await response.json()) as { version: string };
return data.version;
const npmCommand = this.getNpmCommand();
const stdout = await this.runCommandCapture(
npmCommand.command,
[...npmCommand.args, "view", packageName, "version", "--json"],
{ cwd: this.cwd, timeoutMs: NETWORK_TIMEOUT_MS },
);
const raw = stdout.trim();
if (!raw) throw new Error("Empty response from npm view");
return JSON.parse(raw);
}
private async gitHasAvailableUpdate(installedPath: string): Promise<boolean> {