PUT to npm package registry results in 400


We have a pipeline stage that’s trying to do a npm publish to another our our projects’ registry but it’s receiving back 400 from the registry. This is something that has started to happen in the last couple/few days only. It was working fine for about a year with and we haven’t changed the code of the pipeline itself since we’ve gotten it up and running.

I intercepted the traffic and was able to gander that the actual request is to:


And the body response from the registry is (code 400):

    "message": "Validation failed: Package json structure is too large"

Our package is small, see the npm output before publishing:

npm notice === Tarball Details ===
npm notice name:          @article17/harpocrates-client
npm notice version:       2.44.1-17-g360e
npm notice package size:  278.2 kB
npm notice unpacked size: 3.1 MB

Anyway, we wonder if this has to do with a recent gitlab update? Our pipelines are completely broken right now because of this. We’re not sure how we can resolve the problem anymore.



we are running into the same issue as of now

So… we found (don’t ask how) that by removing our README.md file from the npm package, it solves the problem. I have no idea why, or how but it is consistent and reproducible.

gitlab may want to look into what it is they’re actually validating on the backend as it’s likely not what they intended.

1 Like

that’s crazy but it did work for us as well, thanks @AlexRoman for sharing your solution!

1 Like

Thanks for raising awareness of this issue!

The Support team is investigating similar situations and we believe the recent rollout of this feature flag on GitLab.com may be related with the problem you’re reporting:

Support has reproduced this behavior and verified it was caused by the feature flag rollout. We’ve since rolled-back the change that introduced this problem. Please test your pipelines and verify whether this resolves the issue.

1 Like