I can't seem to be able to install gauge.js from github, i get an error about an invalid tar file.
I tried adding debugging statements to see what file was downloaded, and I can download the tar and extract it just fine.

$ jspm install github:bernii/gauge.js
     Looking up github:bernii/gauge.js
     Creating registry cache...
     Downloading github:bernii/[email protected]

warn Error on download for github:bernii/gauge.js, retrying (1).
     Error: invalid tar file
         at Extract.Parse._startEntry (/home/gu1/xx/node_modules/jspm/node_modules/jspm-github/node_modules/tar/lib/parse.js:145:13)
         at Extract.Parse._process (/home/gu1/xx/node_modules/jspm/node_modules/jspm-github/node_modules/tar/lib/parse.js:127:12)
         at BlockStream.<anonymous> (/home/gu1/xx/node_modules/jspm/node_modules/jspm-github/node_modules/tar/lib/parse.js:47:8)
         at BlockStream.emit (events.js:107:17)
         at BlockStream._emitChunk (/home/gu1/xx/node_modules/jspm/node_modules/jspm-github/node_modules/tar/node_modules/block-stream/block-stream.js:145:10)
         at BlockStream.write (/home/gu1/xx/node_modules/jspm/node_modules/jspm-github/node_modules/tar/node_modules/block-stream/block-stream.js:45:10)
         at Extract.Parse.write (/home/gu1/xx/node_modules/jspm/node_modules/jspm-github/node_modules/tar/lib/parse.js:81:23)
         at IncomingMessage.ondata (_stream_readable.js:540:20)
         at IncomingMessage.emit (events.js:129:20)
         at readableAddChunk (_stream_readable.js:163:16)

warn Error on download for github:bernii/gauge.js, retrying (2).
     Error: invalid tar file
         at Extract.Parse._startEntry (/home/gu1/xx/node_modules/jspm/node_modules/jspm-github/node_modules/tar/lib/parse.js:145:13)
         at Extract.Parse._process (/home/gu1/xx/node_modules/jspm/node_modules/jspm-github/node_modules/tar/lib/parse.js:127:12)
         at BlockStream.<anonymous> (/home/gu1/xx/node_modules/jspm/node_modules/jspm-github/node_modules/tar/lib/parse.js:47:8)
         at BlockStream.emit (events.js:107:17)
         at BlockStream._emitChunk (/home/gu1/xx/node_modules/jspm/node_modules/jspm-github/node_modules/tar/node_modules/block-stream/block-stream.js:145:10)
         at BlockStream.write (/home/gu1/xx/node_modules/jspm/node_modules/jspm-github/node_modules/tar/node_modules/block-stream/block-stream.js:45:10)
         at Extract.Parse.write (/home/gu1/xx/node_modules/jspm/node_modules/jspm-github/node_modules/tar/lib/parse.js:81:23)
         at IncomingMessage.ondata (_stream_readable.js:540:20)
         at IncomingMessage.emit (events.js:129:20)
         at readableAddChunk (_stream_readable.js:163:16)

warn Error on download for github:bernii/gauge.js, retrying (3).
     Error: invalid tar file
         at Extract.Parse._startEntry (/home/gu1/xx/node_modules/jspm/node_modules/jspm-github/node_modules/tar/lib/parse.js:145:13)
         at Extract.Parse._process (/home/gu1/xx/node_modules/jspm/node_modules/jspm-github/node_modules/tar/lib/parse.js:127:12)
         at BlockStream.<anonymous> (/home/gu1/xx/node_modules/jspm/node_modules/jspm-github/node_modules/tar/lib/parse.js:47:8)
         at BlockStream.emit (events.js:107:17)
         at BlockStream._emitChunk (/home/gu1/xx/node_modules/jspm/node_modules/jspm-github/node_modules/tar/node_modules/block-stream/block-stream.js:145:10)
         at BlockStream.write (/home/gu1/xx/node_modules/jspm/node_modules/jspm-github/node_modules/tar/node_modules/block-stream/block-stream.js:45:10)
         at Extract.Parse.write (/home/gu1/xx/node_modules/jspm/node_modules/jspm-github/node_modules/tar/lib/parse.js:81:23)
         at IncomingMessage.ondata (_stream_readable.js:540:20)
         at IncomingMessage.emit (events.js:129:20)
         at readableAddChunk (_stream_readable.js:163:16)

warn Error on download for github:bernii/gauge.js
     Error: invalid tar file
         at Extract.Parse._startEntry (/home/gu1/xx/node_modules/jspm/node_modules/jspm-github/node_modules/tar/lib/parse.js:145:13)
         at Extract.Parse._process (/home/gu1/xx/node_modules/jspm/node_modules/jspm-github/node_modules/tar/lib/parse.js:127:12)
         at BlockStream.<anonymous> (/home/gu1/xx/node_modules/jspm/node_modules/jspm-github/node_modules/tar/lib/parse.js:47:8)
         at BlockStream.emit (events.js:107:17)
         at BlockStream._emitChunk (/home/gu1/xx/node_modules/jspm/node_modules/jspm-github/node_modules/tar/node_modules/block-stream/block-stream.js:145:10)
         at BlockStream.write (/home/gu1/xx/node_modules/jspm/node_modules/jspm-github/node_modules/tar/node_modules/block-stream/block-stream.js:45:10)
         at Extract.Parse.write (/home/gu1/xx/node_modules/jspm/node_modules/jspm-github/node_modules/tar/lib/parse.js:81:23)
         at IncomingMessage.ondata (_stream_readable.js:540:20)
         at IncomingMessage.emit (events.js:129:20)
         at readableAddChunk (_stream_readable.js:163:16)

err  Error downloading github:bernii/gauge.js.

warn Installation changes not saved.

I'm currently getting:

warn GitHub rate limit reached.

I've followed the guide here https://github.com/jspm/jspm-cli/wiki/Registries#auto-configuring-registries and run jspm registry export github and grabbed the token ran it through travis' encrypt tool.

That wasn't working, and after adding the token to environment variables via the web interface I still am hitting rate limit.

I also echoed out the token during the before_install step and it was visible.

For the life of me I just can't work out what's going on :(

jsPlumb has a branch called 1.7.0. This is the development branch, and gets detected as a stable version.

We need some way to filter out or mark semver branches as unstable.

From jspm/jspm-cli#362

This just started happening. The strange thing is that it was just working fine.

$ jspm install github:mrdoob/three.js@r70
     Looking up github:mrdoob/three.js
     Updating registry cache...
     Downloading github:mrdoob/three.js@r70

err  Error downloading github:mrdoob/three.js
     Response too large.

warn Installation changes not saved.

The maxRepoSize is still set to 100.

If you uninstall a GitHub repo named x/y, then the y folder is removed, but not the empty x folder.

Hi

I'd be interested in a Location Service that uses git+ssh instead of https downloads.
This would allow for authentication using a running ssh-agent which I prefer over storing credentials or generating tokens for all packages.
Additionally this would make it possible to install packages from any git repository and not just Github.

As far as I get it, one idea behind using https is to be able to load this directly from the browser, which for git+ssh doesn't work. I'm I mistaken here?

I'm willing to put some work into this, but wanted to ask for other opinions first. Do you think this would be useful? Should it be another Location Service or somehow merged/integrated with this github one?

It should be possible to easily detect if a version target looks like a hash, and when not found, the GitHub endpoint here can show a warning that commit references are not supported.

As discussed in #31 (comment).

When attempting to do a jspm install on any of the github components - I get the error -

Error: tunneling socket could not be established, cause=write EPROTO 101057795:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:openssl\ssl\s23_clnt.c:782

         at ClientRequest.onError (c:\dev\node_modules\jsp
m\node_modules\jspm-github\node_modules\request\node_modules\tunnel-agent\index.
js:174:17)
         at ClientRequest.g (events.js:199:16)
         at ClientRequest.emit (events.js:107:17)
         at TLSSocket.socketErrorListener (_http_client.js:271:9)
         at TLSSocket.emit (events.js:129:20)
         at onwriteError (_stream_writable.js:317:10)
         at onwrite (_stream_writable.js:335:5)
         at WritableState.onwrite (_stream_writable.js:105:5)
         at fireErrorCallbacks (net.js:456:13)
         at TLSSocket.Socket._destroy (net.js:495:3)

I've set the https_proxy, http_proxy variables and strictSSL=false

I'm also behind a corporate proxy - I think it has to do with jspm not recognizing the strictSSL=false variable. Any thoughts on how I can resolve this error?

This should be added as a trigger for the rate limit message.

This improves the install experience over the full stalling we have currently.

The API issue to handle is allowing configuration to be saved at any point in time via any hook. It may be worth having a constructor option provided for "saveConfig", or something to that effect.

I'm trying to install Aurelia Skeleton Navigation from github.

https://github.com/aurelia/skeleton-navigation/releases

I ran the jspm registry config github command and the test for my credentials (via a token) was successful. Prior to that, I got the warning about the rate limit.

When I run jspm install -y, it starts downloading and installing but eventually gets an error similar to the following:

err Error: EPERM, rename 'C:\Users\ttrentham.jspm\packages\github\[email protected]'

I actually opened an issue with Aurelia which they closed.

aurelia/skeleton-navigation#65

I tried the last suggestion which was to execute it from my home instead of at work behind our firewall. I get the same issue.

This is on a Windows 8.1 machine. I'm running my command prompt as an administrator. I've got GitHub for Windows installed.

Any other help would be appreciated.

Because caching.

jspm version: 0.15.6
jspm-github version: 0.11.6

Have setup and tested Github credentials, and they have repo permission.

jspm says:

warn Error on download for github:<organization>/<repo-name>, retrying (1).
     Download: Bad response code 406

found out that jspm fails for this:

jspm install github:FortAwesome/[email protected]

even if the git tag is v4.2.0 https://github.com/FortAwesome/Font-Awesome/releases

I personally don't like the v prefixes, but just wanted to give a note.

jspm install github:FortAwesome/[email protected] works fine

From jspm/jspm-cli#256

https://developer.github.com/v3/enterprise/

Basically, add a configuration option allowing the hostname to be something other than github.com

May help with windows CPU and memory use.

Should be possible to implement remote-ls through https://github.com/creationix/js-git.

We could provide an option in https://github.com/jspm/github/blob/master/github.js#L131 to select between SSH or HTTP auth when setting up GitHub credentials.

I have been experimenting with jspm for several months now with the hopes of evangelizing it to a wider audience at my company, but there are a few concerns that are holding me back, this is one of them

why does the github registry require both the git client and the github api?

In case my reason for concern isn't obvious, each point of coupling increases the surface area for something to go wrong.

It appears that the git client is used to lookup available versions (git tags).

It appears that you can also do this with the github api

curl  https://api.github.com/repos/webdriverio/webdriverio/git/refs/tags

Is there a good reason the git client is needed? If not, should I start a pull request or is this already in the works?

When they land - https://developer.github.com/changes/2015-04-17-preview-repository-redirects/

When jspm didn't provide a local cache, it was useful to clone repos to the tmp dir and use that as a sort of cache.

This shouldn't be necessary any more and will improve overall download times.

Isn't there a race conditions in this module?

I see that the download method makes two calls to request that are intentionally run in parallel. But in getVersions, the request response handler is dependent upon versions, but versions is not set until the exec finishes. Exec is async, isn't it? Even if it is sync, how the code is expected to work isn't very clear.

I'd like to fix this issue, as it is causing me some trouble, but I need to fully understand the intent of the code. Is the request simply to see if there is a redirect? If there is a redirect, what is supposed to happen? I assume the git ls-remote exec is where the actual versions are retrieved.

Any chance you could please explain the high-level logic that is supposed to take place not only in getVersions, but in download as well?

See jspm/jspm-cli#91

The rate limit response looks like:

{
  "server": "GitHub.com",
  "date": "Wed, 07 Jan 2015 14:55:25 GMT",
  "content-type": "application/json; charset=utf-8",
  "status": "403 Forbidden",
  "x-ratelimit-limit": "60",
  "x-ratelimit-remaining": "0",
  "x-ratelimit-reset": "1420644334",
  "x-github-media-type": "unknown",
  "x-xss-protection": "1; mode=block",
  "x-frame-options": "deny",
  "content-security-policy": "default-src 'none'",
  "content-length": "246",
  "access-control-allow-credentials": "true",
  "access-control-expose-headers": "ETag, Link, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval",
  "access-control-allow-origin": "*",
  "x-github-request-id": "C59B0418:6AE3:7AA50:54AD48DC",
  "strict-transport-security": "max-age=31536000; includeSubdomains; preload",
  "x-content-type-options": "nosniff"
}

Do a ls-remote without a full clone.

Then see if it is possible to skip the full clone entirely for fetch in case of a large history.

Would remove the unzip child process dependency.

This check can be done in parallel to the download so there is no latency effect by doing this.

Try jspm install github:google/material-design-icons. This downloads from the zip release archive.

Somehow we're stalling after extraction, but the hash info is being written so that cancelling and restarting shows it is up-to-date. This may be something in the post-processing phase, or a timeout.

From jspm/jspm-cli#513. Ideally we can replace the child process call entirely with #25.

This would be a breaking change.

The idea is that most installs from GitHub break because no package has CommonJS or AMD dependencies that properly resolve in place. We should just treat everything as a global, and it will probably give the most luck.

The next mistake users will make then is manually installing global dependencies like jQuery, but perhaps that is the lesser evil to an easier adoption path.

When I have a dependency with an alias in package.json:

  "jspm": {
    "dependencies": {
      "jade-compiler": "github:jadejs/[email protected]"
    }
  }

and I run jspm install jade=github:johnsoftek/[email protected], jspm creates this entry in config.js:

    "jade": "github:johnsoftek/[email protected]",
    "github:johnsoftek/[email protected]": {
      "jade": "github:jadejs/[email protected]"
    }

rather than:

    "jade": "github:johnsoftek/[email protected]",
    "github:johnsoftek/[email protected]": {
      "jade-compiler": "github:jadejs/[email protected]"
    }

The jade-compiler alias is not preserved, so when I require('jade-compiler'), it fails.

I'm guessing that adding a jade-compiler entry to the jspm registry would likely solve the problem. But I think this is a bug that makes it difficult to test a plugin or module before requesting a registry update.

This way, github on its own will be quicker and doesn't need to be critically dependent on API credentials.

[email protected]
[email protected]

Just had a silly problem, I figured I should report it so it's at least documented somewhere.

% jspm registry config github

err  Registry handler`jspm-github` not installed.

In fact the registry is installed, but it crashed at some point because my ~/.netrc is invalid. It started with

//machine localhost

Fixing the file or deleting it ( if you don't need it ) fixes the problem.

//cc @OliverJAsh

Some sort of package.json property perhaps?

Eg:

{
  "useGitHubReleases": false
}

where the default would effectively be true?

This is not always wanted, when something is also published to npm.

Tracking the discussion from jspm/jspm-cli#727.

The following gives me a 404 with "Repo and version matched, but path "leaflet-coverage/renderers/Grid.js" not found.":

https://github.jspm.io/Reading-eScience-Centre/leaflet-coverage@master/leaflet-coverage/renderers/Grid.js

However that file definitely exists: https://github.com/Reading-eScience-Centre/leaflet-coverage/blob/master/leaflet-coverage/renderers/Grid.js

What's wrong here?

See https://github.com/bower/bower/blob/master/lib/core/resolvers/GitHubResolver.js

And if they fail, allow re-entry. Basic usability.

Adding an auth at https://github.com/jspm/github/blob/master/github.js#L380, gives a 400 response:

{"x-amz-request-id":"3C1EEAB7D070942F","x-amz-id-2":"52SF9wE63X2hzL+Vs3TwoLJ/latodEC+lN9po+T6/2ys2HFr81A2ck3EWIWMs/DW6eemz+4yD0w=","content-type":"application/xml","transfer-encoding":"chunked","date":"Wed, 07 Jan 2015 15:26:34 GMT","connection":"close","server":"AmazonS3"}

This is requesting the url provided from the API call in https://developer.github.com/v3/repos/releases/#list-releases-for-a-repository.

I noticed credentials (username/password) are stored in base64, which, really, should be considered equivalent to plaintext ;)