npm search is very slow #3812

rveerd · 2023-05-12T11:41:58Z

rveerd
May 12, 2023

Your Environment

verdaccio version: v5.20.1
node version: v12.22.3
package manager: npm@6.14.13
os: linux
platform: vm

I have Verdaccio set up as a proxy to the npm registry.

If I perform an npm search directly to the npm registry it takes less then a second. If I perform the same search through Verdaccio, it is very slow and can take up to a minute.

If I take the request to the upstream server from the logs and perform it with curl from the Verdaccio server, it takes less than a second. So the communication with the upstream server is fast.

What is Verdaccio doing with the search result before it is returned to the client? And why does it take so long?

To Reproduce

Perform npm search through Verdaccio.

Expected behavior

I expect npm seach through Verdaccio to be almost as fast as npm search directly to the npm registry.

Screenshots, server logs, package manager log

May 12 13:14:08 ****** verdaccio[12122]: {"level":25,"time":1683890048533,"pid":12122,"hostname":"******","req":{"method":"GET","url":"/-/v1/search?text=chalk&size=20&from=0&quality=0.65&popularity=0.98&maintenance=0.5","query":{"text":"chalk","size":"20","from":"0","quality":"0.65","popularity":"0.98","maintenance":"0.5"},"params":{},"headers":{"authorization":"<Classified>","npm-auth-type":"web","npm-command":"search","user-agent":"npm/9.5.1 node/v18.16.0 win32 x64 workspaces/false","if-none-match":"W/\"2d8d-F0Ikh7VWAmWpTnu4Ab4DD7CFQBo\"","connection":"keep-alive","accept":"*/*","accept-encoding":"gzip,deflate","host":"******.vb.local:4873"},"remoteAddress":"10.99.66.161","remotePort":2557},"ip":"10.99.66.161","msg":"@{ip} requested '@{req.method} @{req.url}'"}
May 12 13:14:08 ****** verdaccio[12122]: {"level":30,"time":1683890048549,"pid":12122,"hostname":"******","msg":"Active Directory authentication succeeded"}
May 12 13:14:08 ****** verdaccio[12122]: {"level":30,"time":1683890048552,"pid":12122,"hostname":"******","msg":"search for uplink npmjs"}
May 12 13:14:08 ****** verdaccio[12122]: {"level":30,"time":1683890048553,"pid":12122,"hostname":"******","method":"GET","headers":{"Accept":"application/json;","Accept-Encoding":"gzip","User-Agent":"npm/9.5.1 node/v18.16.0 win32 x64 workspaces/false","x-forwarded-for":"10.99.66.161","via":"1.1 c2763bdc5029 (Verdaccio)"},"uri":"https://registry.npmjs.org/-/v1/search?text=chalk&size=20&from=0&quality=0.65&popularity=0.98&maintenance=0.5","msg":"making request: '@{method} @{uri}'"}
May 12 13:14:46 ****** verdaccio[12122]: {"level":30,"time":1683890086048,"pid":12122,"hostname":"******","remote":"******","msg":"auth/allow_action: access granted to: @{user}"}
May 12 13:14:46 ****** verdaccio[12122]: {"level":30,"time":1683890086051,"pid":12122,"hostname":"******","packageName":"chalk","msg":"allowed access for @{packageName}"}
May 12 13:14:46 ****** verdaccio[12122]: {"level":30,"time":1683890086051,"pid":12122,"hostname":"******","remote":"******","msg":"auth/allow_action: access granted to: @{user}"}
May 12 13:14:46 ****** verdaccio[12122]: {"level":30,"time":1683890086051,"pid":12122,"hostname":"******","packageName":"ansi-colors","msg":"allowed access for @{packageName}"}
May 12 13:14:46 ****** verdaccio[12122]: {"level":30,"time":1683890086052,"pid":12122,"hostname":"******","remote":"******","msg":"auth/allow_action: access granted to: @{user}"}
May 12 13:14:46 ****** verdaccio[12122]: {"level":30,"time":1683890086052,"pid":12122,"hostname":"******","packageName":"chalk-pipe","msg":"allowed access for @{packageName}"}
May 12 13:14:46 ****** verdaccio[12122]: {"level":30,"time":1683890086052,"pid":12122,"hostname":"******","remote":"******","msg":"auth/allow_action: access granted to: @{user}"}
May 12 13:14:46 ****** verdaccio[12122]: {"level":30,"time":1683890086052,"pid":12122,"hostname":"******","packageName":"chalk-animation","msg":"allowed access for @{packageName}"}
May 12 13:14:46 ****** verdaccio[12122]: {"level":30,"time":1683890086052,"pid":12122,"hostname":"******","remote":"******","msg":"auth/allow_action: access granted to: @{user}"}
May 12 13:14:46 ****** verdaccio[12122]: {"level":30,"time":1683890086052,"pid":12122,"hostname":"******","packageName":"chalk-template","msg":"allowed access for @{packageName}"}
May 12 13:14:46 ****** verdaccio[12122]: {"level":30,"time":1683890086052,"pid":12122,"hostname":"******","remote":"******","msg":"auth/allow_action: access granted to: @{user}"}
May 12 13:14:46 ****** verdaccio[12122]: {"level":30,"time":1683890086052,"pid":12122,"hostname":"******","packageName":"typo-chalk","msg":"allowed access for @{packageName}"}
May 12 13:14:46 ****** verdaccio[12122]: {"level":30,"time":1683890086052,"pid":12122,"hostname":"******","remote":"******","msg":"auth/allow_action: access granted to: @{user}"}
May 12 13:14:46 ****** verdaccio[12122]: {"level":30,"time":1683890086052,"pid":12122,"hostname":"******","packageName":"ansi-html","msg":"allowed access for @{packageName}"}
May 12 13:14:46 ****** verdaccio[12122]: {"level":30,"time":1683890086052,"pid":12122,"hostname":"******","remote":"******","msg":"auth/allow_action: access granted to: @{user}"}
May 12 13:14:46 ****** verdaccio[12122]: {"level":30,"time":1683890086052,"pid":12122,"hostname":"******","packageName":"chalk-rainbow","msg":"allowed access for @{packageName}"}
May 12 13:14:46 ****** verdaccio[12122]: {"level":30,"time":1683890086052,"pid":12122,"hostname":"******","remote":"******","msg":"auth/allow_action: access granted to: @{user}"}
May 12 13:14:46 ****** verdaccio[12122]: {"level":30,"time":1683890086053,"pid":12122,"hostname":"******","packageName":"cli-format","msg":"allowed access for @{packageName}"}
May 12 13:14:46 ****** verdaccio[12122]: {"level":30,"time":1683890086053,"pid":12122,"hostname":"******","remote":"******","msg":"auth/allow_action: access granted to: @{user}"}
May 12 13:14:46 ****** verdaccio[12122]: {"level":30,"time":1683890086053,"pid":12122,"hostname":"******","packageName":"chalk-log","msg":"allowed access for @{packageName}"}
May 12 13:14:46 ****** verdaccio[12122]: {"level":30,"time":1683890086053,"pid":12122,"hostname":"******","remote":"******","msg":"auth/allow_action: access granted to: @{user}"}
May 12 13:14:46 ****** verdaccio[12122]: {"level":30,"time":1683890086053,"pid":12122,"hostname":"******","packageName":"chalksay","msg":"allowed access for @{packageName}"}
May 12 13:14:46 ****** verdaccio[12122]: {"level":30,"time":1683890086053,"pid":12122,"hostname":"******","remote":"******","msg":"auth/allow_action: access granted to: @{user}"}
May 12 13:14:46 ****** verdaccio[12122]: {"level":30,"time":1683890086053,"pid":12122,"hostname":"******","packageName":"chalkercli","msg":"allowed access for @{packageName}"}
May 12 13:14:46 ****** verdaccio[12122]: {"level":30,"time":1683890086053,"pid":12122,"hostname":"******","remote":"******","msg":"auth/allow_action: access granted to: @{user}"}
May 12 13:14:46 ****** verdaccio[12122]: {"level":30,"time":1683890086053,"pid":12122,"hostname":"******","packageName":"@types/chalk","msg":"allowed access for @{packageName}"}
May 12 13:14:46 ****** verdaccio[12122]: {"level":30,"time":1683890086053,"pid":12122,"hostname":"******","remote":"******","msg":"auth/allow_action: access granted to: @{user}"}
May 12 13:14:46 ****** verdaccio[12122]: {"level":30,"time":1683890086053,"pid":12122,"hostname":"******","packageName":"ansi-html-community","msg":"allowed access for @{packageName}"}
May 12 13:14:46 ****** verdaccio[12122]: {"level":30,"time":1683890086054,"pid":12122,"hostname":"******","msg":"search endpoint ok results @{total}"}
May 12 13:14:46 ****** verdaccio[12122]: {"level":25,"time":1683890086064,"pid":12122,"hostname":"******","request":{"method":"GET","url":"/-/v1/search?text=chalk&size=20&from=0&quality=0.65&popularity=0.98&maintenance=0.5"},"user":"******","remoteIP":"10.99.66.161","status":200,"bytes":{"in":0,"out":3025},"msg":"@{status}, user: @{user}(@{remoteIP}), req: '@{request.method} @{request.url}', bytes: @{bytes.in}/@{bytes.out}"}

Configuration File (cat ~/.config/verdaccio/config.yaml)

#
# This is the default config file. It allows all users to do anything,
# so don't use it on production systems.
#
# Look here for more config file examples:
# https://github.com/verdaccio/verdaccio/tree/master/conf
#

# path to a directory with all packages
storage: /var/lib/verdaccio/.config/verdaccio/storage
# path to a directory with plugins to include
plugins: /var/lib/verdaccio/.config/verdaccio/plugins

web:
  title: Company NPM
  logo: company.png
  primary_color: "#213978"
  # comment out to disable gravatar support
  # gravatar: false
  # by default packages are ordercer ascendant (asc|desc)
  # sort_packages: asc

auth:
  activedirectory:
    url: "******"
    baseDN: '******'
    domainSuffix: '******'

  # htpasswd:
    # file: ./htpasswd
    # Maximum amount of users allowed to register, defaults to "+inf".
    # You can set this to -1 to disable registration.
    # max_users: 1000

# a list of other known repositories we can talk to
uplinks:
  npmjs:
    url: https://registry.npmjs.org/
    maxage: 30m

packages:
  '@company/*':
    access: $all
    publish: $authenticated
    # unpublish: $authenticated
  'local-*':
    access: $all
    publish: $authenticated
    # unpublish: $authenticated
  '@*/*':
    # scoped packages
    access: $all
    publish: $authenticated
    # unpublish: $authenticated
    proxy: npmjs

  '**':
    # allow all users (including non-authenticated users) to read and
    # publish all packages
    #
    # you can specify usernames/groupnames (depending on your auth plugin)
    # and three keywords: "$all", "$anonymous", "$authenticated"
    access: $all

    # allow all known users to publish/publish packages
    # (anyone can register by default, remember?)
    # publish: $authenticated
    # unpublish: $authenticated

    # if package is not available locally, proxy requests to 'npmjs' registry
    proxy: npmjs

# You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections.
# A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout.
# WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.
server:
  keepAliveTimeout: 60

listen:
  0.0.0.0:4873              # listen on all addresses (INADDR_ANY)

middlewares:
  audit:
    enabled: true

# log settings
logs: { type: stdout, format: pretty, level: http }

#experiments:
#  # support for npm token command
#  token: false

Environment information

  System:
    OS: Linux 4.18 CentOS Linux 8 (Core)
    CPU: (1) x64 Common KVM processor
  Binaries:
    npm: 6.14.13 - /usr/bin/npm
  npmGlobalPackages:
    verdaccio: 5.20.1

Answered by juanpicado

Jun 3, 2023

Time is relative, I ignore your environment, but to mee looks just fine and is not a minute. Anyhow if you find any piece of code proves is causing the issue I'll be happy to dive more and improve it, or feel free to PR enhancements if you find something fixable.

View full answer

juanpicado · 2023-05-13T07:30:30Z

juanpicado
May 13, 2023
Maintainer

Not much to be honest, you can see the code here:

https://github.com/verdaccio/verdaccio/blob/5.x/src/lib/up-storage.ts#L524

Anyhow, you are using very old versions of Node.js, npm6 and not sure what effect that causes on it but probably something to consider, I dont think is slow but this has already been refactored in the version 6.x and still being tested, so next major will change anyway.

2 replies

rveerd May 15, 2023
Author

You don't think waiting for up to a minute for the search results is slow? Or you don't see this delay in your installation?

juanpicado Jun 3, 2023
Maintainer

Time is relative, I ignore your environment, but to mee looks just fine and is not a minute. Anyhow if you find any piece of code proves is causing the issue I'll be happy to dive more and improve it, or feel free to PR enhancements if you find something fixable.

Answer selected by juanpicado

rveerd · 2023-06-07T07:10:11Z

rveerd
Jun 7, 2023
Author

I have rolled out a new Verdaccio server using RHEL 9, Node 18.14.2, npm 9.5.0 and Verdaccio 5.25.0.

npm search through Verdaccio is no longer slow.

0 replies

mixecan · 2023-12-28T14:10:41Z

mixecan
Dec 28, 2023

Hi. I'm facing the same problem when using npm search --registry=https://myrepo @mycompany/package
In my repo there are around 3200 packages and my request takes around 30s even thought it returns only one package.

Verdaccio is running on kubernetes using the official image, version 5.29.0. During the request I see it using 2 full cores and I don't understand why. Giving it more cores doesn't change the usage nor the performance (blue line in the picture is the cores limit)

This is my config

storage: /verdaccio/storage

auth:
  htpasswd:
    file: /verdaccio/conf/htpasswd
    max_users: -1

middlewares:
  audit:
    enabled: true

uplinks:
  npmjs:
    url: https://registry.npmjs.org/

packages:
  "@mycompany/*":
    access: $authenticated
    publish: <list of users>
  "**":
    access: $authenticated
    publish: <list of users>
    proxy: npmjs

max_body_size: 128mb

server:
  keepAliveTimeout: 60

logs:
  type: stdout
  format: json
  level: http

plugins: /verdaccio/plugins/

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Verdaccio

npm search is very slow #3812

{{title}}

Replies: 3 comments 2 replies

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

Select a reply

Verdaccio

npm search is very slow #3812

rveerd May 12, 2023

Replies: 3 comments · 2 replies

juanpicado May 13, 2023 Maintainer

rveerd May 15, 2023 Author

juanpicado Jun 3, 2023 Maintainer

rveerd Jun 7, 2023 Author

mixecan Dec 28, 2023

rveerd
May 12, 2023

Replies: 3 comments 2 replies

juanpicado
May 13, 2023
Maintainer

rveerd May 15, 2023
Author

juanpicado Jun 3, 2023
Maintainer

rveerd
Jun 7, 2023
Author

mixecan
Dec 28, 2023