'digest' namespace reserved but digest-0.0.1 still installable

rich's Avatar

rich

08 May, 2018 03:47 PM

Hi,

I recently had to troubleshoot an issue where a Gemfile mistakenly installed a digest gem rather than using the stdlib Digest class. This caused digest-0.0.1 to be installed, which is a rubygems-distributed gem that has no code in it.

I noticed here that rubygems.org reserves the digest namespace, presumably to prevent the kind of problem I ran into, but as you can see in this search, digest-0.0.1 is still available.

:) rlafferty:digest-test$ cat Gemfile
source 'https://rubygems.org'

gem 'digest'
:) rlafferty:digest-test$ bundle install --path=.bundle
Fetching gem metadata from https://rubygems.org/.
Fetching version metadata from https://rubygems.org/
Resolving dependencies...
Fetching digest 0.0.1
Installing digest 0.0.1
Using bundler 1.15.0
Bundle complete! 1 Gemfile dependency, 2 gems now installed.
Bundled gems are installed into ./.bundle.

but

:) rlafferty:digest-test$ cat $(bundle exec gem which digest)
require "digest/version"
module Digest
  # Your code goes here...
end
That's all -- I just wanted to point out that there's a gem on rubygems.org in a reserved namespace, in hopes that maybe one of the support folks could clean it up to prevent others running into the same problem I encountered.

Rich

  1. Support Staff 1 Posted by kerrizor on 19 May, 2018 11:19 PM

    kerrizor's Avatar

    Thanks for pointing it out! I've removed the gem from the index, and it should soon disappear from searches.

  2. kerrizor closed this discussion on 19 May, 2018 11:19 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac