Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News VS Code Breaks NPM Registry

VS Code Breaks NPM Registry

This item in japanese


Microsoft has launched VS Code 1.7.1, after breaking npm registry with its 1.7 release.

VS Code 1.7 featured Automatic Type Acquisition (ATA), intended to watch developers' package.json files and automatically install type declaration files of all dependencies in a cache on the file system, rather than relying on developers manually installing type declaration files to light up IntelliSense for the dependencies in package.json.

According to project manager Wade Anderson in Microsoft's 1.7 Rollback Incident Report, after the team shipped ATA live in v1.7:

Nov 2 at ~4:12 pm PST We were contacted by npm. They were seeing a huge spike in registry activity from clients attempting to access non-existent packages under the @types scope. At its peak, these requests accounted for roughly 10% of all traffic (Fun fact: VS Code users were sending approximately the same amount of requests npm sees from the country of India) and briefly overwhelmed their service.

The npm dev ops acted quickly to mitigate the unintentional DDoS and diagnosed the issue as coming from the VS Code 1.7 release. The key issue was a flood of requests for non-existent packages.

Anderson explains that the TypeScript language server would check modules listed in package.json against its application cache, before making a request to npm requesting @types/{module} for any module not in the application cache, adding any that didn't exist.

"Anticipating that new type declaration files will be added to @types scope, modules that didn't exist were requested each time a project or folder is opened, which caused npm to respond with a 404. Given the number of modules that do not exist under the @types scope, a large volume of 404s briefly impacted npm's availability," Anderson said.

Aside from the ATA's unintentional DDoS, the 1.7 release comes with a number of significant updates, including CSS completions in HTML, with developers now able to see CSS language features like code completion, validation and colour annotation for CSS styles embedded within their HTML, as shown below.

According to Microsoft's blog post, the release also includes an early implementation of 'multi target debugging', multiple debug sessions that can be active at the same time within a single instance of VS Code. The update allows developers to debug an extension and its debug adapter and/or language server at the same time, as well as debug a client and a server from a single project folder, and debug a clustered program.

1.7 also brings Node.js debugging, rendering required but rarely changed attributes in grey, removing less frequently used attributes, adding rewritten and improved documentation along with comments and a link to online documentation.

Anderson says the VS Code team will work with the Typescript team to find a "satisfactory fix" for ATA.

Rate this Article