Describe the bug
JFrog CLI version
2.71.4 and above
Setup / Environment
- Project type: npm monorepo with root workspaces
- Node.js version: 22.14.0
- Npm version: 10.9.2
- Workspace configuration from the project's root package.json:
"workspaces": [
"containers/frontend",
"containers/backend",
"containers/cms",
"containers/jobs"
]
- Workspace package names: frontend, backend, jobs, cms
- OS: Ubuntu 24.04.4 LTS (
Linux 6.17.0-22-generic)
- JFrog CLI: reproduced with
2.71.4 and also observed on newer local CLI (2.103.0)
- Registry: Artifactory npm virtual repository (resolver configured via
jf npm-config)
JFrog setup command
jf config add <server-id> --url=<artifactory-url> --user=<user> --password=<token> --interactive=false --overwrite
jf npm-config --server-id-resolve=<server-id> --repo
Command
jf ca
Running jf ca at the repo root in an npm workspace monorepo causes JFrog CLI to treat local workspace packages as external registry packages, attempting to resolve them from Artifactory/NPM.
Because these workspace packages are local-only and not published, resolution fails with 404/not-found behaviour.
Current behavior
-jf cascans from repo root.
- Local workspace package names are treated as registry dependencies.
- CLI attempts to fetch them from configured Artifactory npm repo.
- Fetch fails (404/not-found style resolution failure).
Example: Attached is the image. I have removed the repository name and the workspace name for privacy reasons, but the error message is shown.
Reproduction steps
- Create an npm monorepo with workspaces in root
package.json.
- Add local workspace packages (not published) as shown in the setup.
- Configure JFrog CLI and npm resolver (
jf config add, jf npm-config).
- Run
jf ca from repo root.
- Observe local workspace package names being resolved as remote dependencies and failing.
Expected behavior
When running at the workspace root, jf ca should recognise local workspaces as local packages and not attempt registry resolution for those workspace package names.
Impact
This blocks root-level curation audit for npm workspace monorepos and forces non-standard CI/local workarounds (per-workspace scripted execution with npm version <9.2).
Additional notes
The problem is reproducible in CI and local environments.
JFrog CLI version
2.103.0
Operating system type and version
Linux 6.17.0-22-generic (Ubuntu 24.04.4 LTS)
JFrog Artifactory version
No response
JFrog Xray version
No response
Describe the bug
JFrog CLI version
2.71.4 and aboveSetup / Environment
Linux 6.17.0-22-generic)2.71.4and also observed on newer local CLI (2.103.0)jf npm-config)JFrog setup command
Command
jf caRunning
jf caat the repo root in an npm workspace monorepo causes JFrog CLI to treat local workspace packages as external registry packages, attempting to resolve them from Artifactory/NPM.Because these workspace packages are local-only and not published, resolution fails with 404/not-found behaviour.
Current behavior
-
jf cascans from repo root.Example: Attached is the image. I have removed the repository name and the workspace name for privacy reasons, but the error message is shown.
Reproduction steps
package.json.jf config add, jf npm-config).jf cafrom repo root.Expected behavior
When running at the workspace root,
jf cashould recognise local workspaces as local packages and not attempt registry resolution for those workspace package names.Impact
This blocks root-level curation audit for npm workspace monorepos and forces non-standard CI/local workarounds (per-workspace scripted execution with npm version <9.2).
Additional notes
The problem is reproducible in CI and local environments.
JFrog CLI version
2.103.0
Operating system type and version
Linux 6.17.0-22-generic (Ubuntu 24.04.4 LTS)
JFrog Artifactory version
No response
JFrog Xray version
No response