NuGet and npm package download with source code returning Internal Server Error

[emisand]

ABP Version: 10.0.1
Solution template: app
UI framework: Angular
UI theme: Basic

I am trying to download the Basic Theme source code into my new ABP solution, however when using the abp add-package @abp/ng.theme.basic --with-source-code command, I am getting this error:

PS C:\Users\esandler\Repos\ECeGates\angular> abp add-package @abp/ng.theme.basic --with-source-code
[14:09:21 INF] Installing '@abp/ng.theme.basic' package to the project 'C:\Users\esandler\Repos\ECeGates\angular\package.json'...
[14:09:21 INF] '@abp/ng.theme.basic' is already installed.
[14:09:22 INF] Downloading source code of @abp/ng.theme.basic
[14:09:22 INF] Version: Latest
[14:09:22 INF] Output folder: C:\Users\esandler\Repos\ECeGates\angular\projects\abp-ng.theme.basic
[14:09:23 INF] Downloading npmPackage: @abp/ng.theme.basic, version: 10.0.1
Error occured while downloading source-code from https://abp.io/api/download/npmPackage/ : StatusCode: 500, ReasonPhrase: 'Internal Server Error', Version: 1.1, Content: System.Net.Http.HttpConnectionResponseContent, Headers:
{
  Date: Fri, 19 Dec 2025 17:08:44 GMT
  Transfer-Encoding: chunked
  Connection: keep-alive
  Cache-Control: no-cache,no-store
  Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=aNXY66v4ubk9b8IB7udiKONEw262TfwZg7nU4Ih9iyLIA6lKsJKR49bH%2F%2FhSjEuLyH7MyHfr6fwUIxttETzdI522yQ%3D%3D"}]}
  Pragma: no-cache
  Set-Cookie: .AspNetCore.Antiforgery.-6OvtTX3HwI=CfDJ8LZ25cUODxNJlhFKFfBBxQs_8E8JMXlpKkrqIoINfzk3nHZaSbfGvMLoKdjBNzqr2fZ4xGA8FxvLqJ6ReV14KwSMbIb7aUimtGbgo1UmdEDp3rkl1jSEuGp9aow-ScgwyU-jBNlKQuBzHNjex7VJ1X8; path=/; samesite=strict; httponly, XSRF-TOKEN=CfDJ8LZ25cUODxNJlhFKFfBBxQubDtgYn7R5kyqZhcPg8yTCBXP6WODNB6hSKtPC06CHh8bthM1n-HLw0hSFe94hSg1u04eulmz6d6EAJqnXVP3sHXmMtVc_IbrjeOzxi_rDKiEQbsgNiN5eL8slViNhNO8AxJLwPbOF14XOwRHThxeMTAbIz9h-N_odor3A81m8ig; expires=Sat, 19 Dec 2026 17:08:43 GMT; path=/; secure; samesite=none
  Vary: Accept-Encoding
  Strict-Transport-Security: max-age=31536000; includeSubDomains
  X-Content-Type-Options: nosniff
  X-XSS-Protection: 1; mode=block
  X-Frame-Options: SAMEORIGIN
  x-correlation-id: d30820cd14d04e42a1a50f4227629f32
  cf-cache-status: DYNAMIC
  Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
  Server-Timing: cfCacheStatus;desc="DYNAMIC", cfEdge;dur=8,cfOrigin;dur=335
  Server: cloudflare
  CF-RAY: 9b0880ecfa792025-EZE
  Content-Type: text/html; charset=utf-8
  Expires: -1
}

Same error with the NuGet package command abp add-package Volo.Abp.AspNetCore.Mvc.UI.Theme.Basic --with-source-code --add-to-solution-file

PS C:\Users\esandler\Repos\ECeGates\src\ECeGates.HttpApi.Host> abp add-package Volo.Abp.AspNetCore.Mvc.UI.Theme.Basic --with-source-code --add-to-solution-file
[14:16:02 INF] Package 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Basic' is already installed to the project 'ECeGates.HttpApi.Host'.
[14:16:02 INF] Downloading source code of Volo.Abp.AspNetCore.Mvc.UI.Theme.Basic
[14:16:02 INF] Version: 10.0.1
[14:16:02 INF] Output folder: C:\Users\esandler\Repos\ECeGates\packages\Volo.Abp.AspNetCore.Mvc.UI.Theme.Basic
[14:16:06 INF] Downloading nugetPackage: Volo.Abp.AspNetCore.Mvc.UI.Theme.Basic, version: 10.0.1
Error occured while downloading source-code from https://abp.io/api/download/nugetPackage/ : StatusCode: 500, ReasonPhrase: 'Internal Server Error', Version: 1.1, Content: System.Net.Http.HttpConnectionResponseContent, Headers:
{
  Date: Fri, 19 Dec 2025 17:15:27 GMT
  Transfer-Encoding: chunked
  Connection: keep-alive
  Cache-Control: no-cache,no-store
  Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=pxH6QEEcQIjZ8h0orKG0nlFV2fuePI77y2aY9A2sCojrx5El4rzuiuF8tPQ6Iiu1ZV22XejIrFdqjXa6lxsDR0YE56Yo"}]}
  Pragma: no-cache
  Set-Cookie: .AspNetCore.Antiforgery.-6OvtTX3HwI=CfDJ8LZ25cUODxNJlhFKFfBBxQvuiNY0GzAC_-IEQ1dBB8Vd47-4ofeWohdoazfZw8-jQkB7HCCNaPXtcqJa3Z5CqMA9DaC--Gi9lt9yrVbVSWoI3zuwxoKLFxiKzUODLI60KI0H-8JDCeQAgV87y8B-IQ8; path=/; samesite=strict; httponly, XSRF-TOKEN=CfDJ8LZ25cUODxNJlhFKFfBBxQv5Vx8nSB8T8VcHvYx6HDaeVohpq66zhq1h-RboKK6StuLl3wI3xhGel-GGqczKrbinnfbjWTPPQLYSvVtYCUdCUqhbIhyZ75GsTS3ZZnPc_v3eMavreR1-oHgH7STOzk83277HE0PMZsFjX-5CjN9Qe-fBFjvpSvivbM7B0vuJEQ; expires=Sat, 19 Dec 2026 17:15:27 GMT; path=/; secure; samesite=none
  Vary: Accept-Encoding
  Strict-Transport-Security: max-age=31536000; includeSubDomains
  X-Content-Type-Options: nosniff
  X-XSS-Protection: 1; mode=block
  X-Frame-Options: SAMEORIGIN
  x-correlation-id: 10e792b5fc154868bc098fd00e13e286
  cf-cache-status: DYNAMIC
  Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
  Server-Timing: cfCacheStatus;desc="DYNAMIC", cfEdge;dur=6,cfOrigin;dur=294
  Server: cloudflare
  CF-RAY: 9b088ac82c6535c2-EZE
  Content-Type: text/html; charset=utf-8
  Expires: -1
}

[ismcagdas]

@skoc10 could you check logs on our side ?

[skoc10]

@emisand Thank you for sharing the details and logs.

We checked our nuget.abp.io / abp.io logs and Grafana monitoring data for the reported time window and did not observe any service-side errors, outages, or abnormal behavior.

The “Package not found” entries appear at an information level and typically occur when the requested package/version is not available for source download or when --with-source-code is retried on an already installed package. This does not indicate a platform-wide issue.

Based on similar cases, this may be related to a temporary network/CDN issue, local cache artifacts, or authentication context during the request.

Please let us know if the issue persists, and we’ll be happy to investigate further.

[emisand]

@skoc10 Thank you for your reply.
As of today, this issue still persists, I've tried with two different computers using a VPN connected to the United States and Tukey to verify if this could be a CloudFlare regional issue, but it still persists.

As a workaround I did the manual procedure to copy theme-basic as documented here

I did some reasearch and the zip at Volo.Abp.BasicTheme.SourceCode refers to v9.3.5 and not v10.0.1, not sure if that could be the culprit.

I debugged the CLI project locally and it fails with HTTP 500 when posting to https://abp.io/api/download/npmPackage/ in this line, called from this other line

Please try checking for HTTP 500 errors on that endpoint, and replicating with the following commands:

abp new AngularThemeSourcesDemo -u angular -m none --theme basic -csf
cd AngularThemeSourcesDemo/angular
abp add-package @abp/ng.theme.basic --with-source-code

[skoc10]

Hi @emisand,

One quick check from our side: in the logs it looks like the organization context may not be resolved for the request.
Could you please try logging in again to abp.io (abp login) and then rerun the command?

[emisand]

Hey @skoc10

I did check I am properly logged in, however I am using ABP open-source so I am not assigned to any organization, could that be the issue?
I understand the --with-source-code parameter is available for open-source developers when working with regular packages like theme-basic

See full log:

PS C:\Users\esandler\Repos\AngularThemeSourcesDemo\angular> abp login
[10:33:33 INF] Press Enter to open your browser to login...

[10:33:41 INF] Successfully logged in as 'esandler-ec'
PS C:\Users\esandler\Repos\AngularThemeSourcesDemo\angular> abp login-info
[10:33:47 INF]
Login info:
Name: Emiliano
Surname: Sandler
Username: esandler-ec
Email Address: <<redacted>>
Organization:

PS C:\Users\esandler\Repos\AngularThemeSourcesDemo\angular> abp add-package @abp/ng.theme.basic --with-source-code
[10:33:51 INF] Installing '@abp/ng.theme.basic' package to the project 'C:\Users\esandler\Repos\AngularThemeSourcesDemo\angular\package.json'...
[10:33:51 INF] '@abp/ng.theme.basic' is already installed.
[10:33:51 INF] Downloading source code of @abp/ng.theme.basic
[10:33:51 INF] Version: Latest
[10:33:51 INF] Output folder: C:\Users\esandler\Repos\AngularThemeSourcesDemo\angular\projects\abp-ng.theme.basic
[10:33:52 INF] Downloading npmPackage: @abp/ng.theme.basic, version: 10.0.1
Error occured while downloading source-code from https://abp.io/api/download/npmPackage/ : StatusCode: 500, ReasonPhrase: 'Internal Server Error', Version: 1.1, Content: System.Net.Http.HttpConnectionResponseContent, Headers:
{
  Date: Tue, 23 Dec 2025 13:33:08 GMT
  Transfer-Encoding: chunked
  Connection: keep-alive
  Cache-Control: no-cache,no-store
  Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=G3Wv2w66NB2TYCjmieWy5SMGJS9YmaxxeUJki6OIdEHI9acoShAOAGcYiewqx2SF0Wbo2a4yGlbJKEWH9R3ecKHh2Q%3D%3D"}]}
  Pragma: no-cache
  Set-Cookie: .AspNetCore.Antiforgery.-6OvtTX3HwI=CfDJ8LZ25cUODxNJlhFKFfBBxQu8VPZHdrT2SfyOOCPKSY2dOvPJRW67B9xb5s8fgsBgRYG1v0gNJ-jqG0SLVUym6ioH7vjBRMythfHrrL_aXWbFgzYQSDf4i8vAFjrzPCxWP-T9z8oBWdpj9oodYKJyMME; path=/; samesite=strict; httponly, XSRF-TOKEN=CfDJ8LZ25cUODxNJlhFKFfBBxQt8hwakLb7BcU7gEeN5JeP2rcZpwWFj8DXLfDuUm6T3um25RBtvG0Yi20ap5SS_R8VNFE5mUhX9DvQ36FAEsnAx4b-qct5d9uceJ_JzWHECQJAWJdJMBb3lhk6xgxBSmozPmX6_XSrLnAXtE08maG-aWIeng0lPTQ1xt6tBI_Eawg; expires=Wed, 23 Dec 2026 13:33:08 GMT; path=/; secure; samesite=none
  Vary: Accept-Encoding
  Strict-Transport-Security: max-age=31536000; includeSubDomains
  X-Content-Type-Options: nosniff
  X-XSS-Protection: 1; mode=block
  X-Frame-Options: SAMEORIGIN
  x-correlation-id: 6a45e1ca37f8449a90d32779a389b6d4
  cf-cache-status: DYNAMIC
  Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
  Server-Timing: cfCacheStatus;desc="DYNAMIC", cfEdge;dur=7,cfOrigin;dur=314
  Server: cloudflare
  CF-RAY: 9b283a9d794457e9-EZE
  Content-Type: text/html; charset=utf-8
  Expires: -1
}
'<' is an invalid start of a value. Path: $ | LineNumber: 0 | BytePositionInLine: 0.
System.Text.Json.JsonException: '<' is an invalid start of a value. Path: $ | LineNumber: 0 | BytePositionInLine: 0.
     System.Text.Json.JsonReaderException: '<' is an invalid start of a value. LineNumber: 0 | BytePositionInLine: 0.
       at void System.Text.Json.ThrowHelper.ThrowJsonReaderException(ref Utf8JsonReader json, ExceptionResource resource
          , byte nextByte, ReadOnlySpan<byte> bytes)
       at bool System.Text.Json.Utf8JsonReader.ConsumeValue(byte marker)
       at bool System.Text.Json.Utf8JsonReader.ReadFirstToken(byte first)
       at bool System.Text.Json.Utf8JsonReader.ReadSingleSegment()
       at bool System.Text.Json.Utf8JsonReader.Read()
       at bool System.Text.Json.Serialization.JsonConverter`1.ReadCore(ref Utf8JsonReader reader, out T value,
          JsonSerializerOptions options, ref ReadStack state)
  at void System.Text.Json.ThrowHelper.ReThrowWithPath(ref ReadStack state, JsonReaderException ex)
  at bool System.Text.Json.Serialization.JsonConverter`1.ReadCore(ref Utf8JsonReader reader, out T value,
     JsonSerializerOptions options, ref ReadStack state)
  at T System.Text.Json.Serialization.Metadata.JsonTypeInfo`1.Deserialize(ref Utf8JsonReader reader, ref ReadStack state
     )
  at TValue System.Text.Json.JsonSerializer.ReadFromSpan<TValue>(ReadOnlySpan<byte> utf8Json, JsonTypeInfo<TValue>
     jsonTypeInfo, int? actualByteCount)
  at TValue System.Text.Json.JsonSerializer.ReadFromSpan<TValue>(ReadOnlySpan<char> json, JsonTypeInfo<TValue>
     jsonTypeInfo)
  at TValue System.Text.Json.JsonSerializer.Deserialize<TValue>(string json, JsonSerializerOptions options)
  at T Volo.Abp.Json.SystemTextJson.AbpSystemTextJsonSerializer.Deserialize<T>(string jsonString, bool camelCase)
  at async Task<string> Volo.Abp.Cli.ProjectBuilding.RemoteServiceExceptionHandler.GetAbpRemoteServiceErrorAsync(
     HttpResponseMessage responseMessage)
  at async Task Volo.Abp.Cli.ProjectBuilding.RemoteServiceExceptionHandler.EnsureSuccessfulHttpResponseAsync(
     HttpResponseMessage responseMessage)
  at async Task<byte[[]]> Volo.Abp.Cli.ProjectBuilding.AbpIoSourceCodeStore.rG6nWPPcOa(SourceCodeDownloadInputDto  )
  at async Task<TemplateFile> Volo.Abp.Cli.ProjectBuilding.AbpIoSourceCodeStore.GetAsync(string name, string type,
     string version, string templateSource, bool includePreReleases, bool skipCache, bool trustUserVersion)
  at async Task<ProjectBuildResult> Volo.Abp.Cli.ProjectBuilding.NpmPackageProjectBuilder.BuildAsync(ProjectBuildArgs
     args)
  at async Task Volo.Abp.Cli.Commands.Services.SourceCodeDownloadService.DownloadNpmPackageAsync(string packageName,
     string outputFolder, string version)
  at async Task<bool> Volo.Abp.Cli.ProjectModification.ProjectNpmPackageAdder.DownloadAngularSourceCode(string
     angularDirectory, NpmPackageInfo package, string version)
  at async Task Volo.Abp.Cli.ProjectModification.ProjectNpmPackageAdder.AddNpmPackageAsync(string directory,
     NpmPackageInfo npmPackage, string version, bool withSourceCode)
  at async Task Volo.Abp.Cli.ProjectModification.ProjectNpmPackageAdder.AddNpmPackageAsync(string directory, string
     npmPackageName, string version, bool withSourceCode)
  at async Task Volo.Abp.Cli.Commands.AddPackageCommand.ExecuteAsync(CommandLineArgs commandLineArgs)
  at async Task Volo.Abp.Studio.Cli.StudioCliService.RunInternalAsync(CommandLineArgs commandLineArgs)
  at async Task Volo.Abp.Studio.Cli.StudioCliService.RunAsync(string[] args)
Unhandled exception. System.Text.Json.JsonException: '<' is an invalid start of a value. Path: $ | LineNumber: 0 | BytePositionInLine: 0.
 ---> System.Text.Json.JsonReaderException: '<' is an invalid start of a value. LineNumber: 0 | BytePositionInLine: 0.
   at System.Text.Json.ThrowHelper.ThrowJsonReaderException(Utf8JsonReader& json, ExceptionResource resource, Byte nextByte, ReadOnlySpan`1 bytes)
   at System.Text.Json.Utf8JsonReader.ConsumeValue(Byte marker)
   at System.Text.Json.Utf8JsonReader.ReadFirstToken(Byte first)
   at System.Text.Json.Utf8JsonReader.ReadSingleSegment()
   at System.Text.Json.Utf8JsonReader.Read()
   at System.Text.Json.Serialization.JsonConverter`1.ReadCore(Utf8JsonReader& reader, T& value, JsonSerializerOptions options, ReadStack& state)
   --- End of inner exception stack trace ---
   at System.Text.Json.ThrowHelper.ReThrowWithPath(ReadStack& state, JsonReaderException ex)
   at System.Text.Json.Serialization.JsonConverter`1.ReadCore(Utf8JsonReader& reader, T& value, JsonSerializerOptions options, ReadStack& state)
   at System.Text.Json.Serialization.Metadata.JsonTypeInfo`1.Deserialize(Utf8JsonReader& reader, ReadStack& state)
   at System.Text.Json.JsonSerializer.ReadFromSpan[TValue](ReadOnlySpan`1 utf8Json, JsonTypeInfo`1 jsonTypeInfo, Nullable`1 actualByteCount)
   at System.Text.Json.JsonSerializer.ReadFromSpan[TValue](ReadOnlySpan`1 json, JsonTypeInfo`1 jsonTypeInfo)
   at System.Text.Json.JsonSerializer.Deserialize[TValue](String json, JsonSerializerOptions options)
   at Volo.Abp.Json.SystemTextJson.AbpSystemTextJsonSerializer.Deserialize[T](String jsonString, Boolean camelCase)
   at Volo.Abp.Cli.ProjectBuilding.RemoteServiceExceptionHandler.GetAbpRemoteServiceErrorAsync(HttpResponseMessage responseMessage)
   at Volo.Abp.Cli.ProjectBuilding.RemoteServiceExceptionHandler.EnsureSuccessfulHttpResponseAsync(HttpResponseMessage responseMessage)
   at Volo.Abp.Cli.ProjectBuilding.AbpIoSourceCodeStore.rG6nWPPcOa(SourceCodeDownloadInputDto  )
   at Volo.Abp.Cli.ProjectBuilding.AbpIoSourceCodeStore.GetAsync(String name, String type, String version, String templateSource, Boolean includePreReleases, Boolean skipCache, Boolean trustUserVersion)
   at Volo.Abp.Cli.ProjectBuilding.NpmPackageProjectBuilder.BuildAsync(ProjectBuildArgs args)
   at Volo.Abp.Cli.Commands.Services.SourceCodeDownloadService.DownloadNpmPackageAsync(String packageName, String outputFolder, String version)
   at Volo.Abp.Cli.ProjectModification.ProjectNpmPackageAdder.DownloadAngularSourceCode(String angularDirectory, NpmPackageInfo package, String version)
   at Volo.Abp.Cli.ProjectModification.ProjectNpmPackageAdder.AddNpmPackageAsync(String directory, NpmPackageInfo npmPackage, String version, Boolean withSourceCode)
   at Volo.Abp.Cli.ProjectModification.ProjectNpmPackageAdder.AddNpmPackageAsync(String directory, String npmPackageName, String version, Boolean withSourceCode)
   at Volo.Abp.Cli.Commands.AddPackageCommand.ExecuteAsync(CommandLineArgs commandLineArgs)
   at Volo.Abp.Studio.Cli.StudioCliService.RunInternalAsync(CommandLineArgs commandLineArgs)
   at Volo.Abp.Studio.Cli.StudioCliService.RunAsync(String[] args)
   at Volo.Abp.Studio.Cli.StudioCliService.RunAsync(String[] args)
   at Volo.Abp.Studio.Cli.StudioCliService.RunAsync(String[] args)
   at Volo.Abp.Studio.Cli.StudioCliService.RunAsync(String[] args)
   at Volo.Abp.Studio.Cli.Program.OpulycyBM(Object  )
   at Volo.Abp.Studio.Cli.Program.<Main>(String[] args)

[skoc10]

Hi @emisand,

We’ve identified this as a gap in the open-source flow and will be working on an improvement on our side.
We’ll follow up with you here as soon as we have an update.

Thanks for your patience.