preventing npm from downloading over github - node.js

this might be a weird question, but I am trying to install some npm packages in a restricted network.
All packages from npmjs.com works and downloads fine. Problem is that some of the dependencies have dependencies towards other packages that are downloaded through github.
And unfortunately github is blocked on my network, and there doesn't seem to be much I can do about it.
So my question is: Can one force npm to not go to github and try to resolve packages from npm instead?

Related

Why do I receive deprecated package warnings when using npm install

I hope you are doing well!
I got asked about why should I use -f to force npm install packages to install. In the documentation it states that
force npm to fetch remote resources even if a local copy exists on disk.
But does this mean that it redownloads global packages for the local project or what does it solve exactly?
Another thing happens is when I use npm install, I see a lot of warnings in the console that
WARNING: X package is deprecated
But when I run npm outdated I see that all packages are all fairly up to date (all match the recommended version to download), so I assume this might be a dependency for a certain package. But does it affect our work negatively? Why does this happen?
For the packages I download, I generally look for packages that have in the 6 digits Weekly Downloads from npm so I don't think we are using unfamiliar packages.
I am asking these questions because they have been asked to me but I don't have a straight answer to them.
Thank You!
I don't understand how npm install -f works

How to prevent npm from resolving devDependencies on production install

I'm building a microservice app in a monorepo containing a bunch of microservices and a commons package. This commons package is never published to npm. (packages are managed with yarn workspaces)
Using parcel, the commons package is bundled into the production code, so I don't need to install it at run time.
Each microservice runs in its own docker container. So, when I build the docker container, Ideally, I'd want to ignore this "commons" dependency and install all the other ones. AFAIK, the only way to do this is to place the "commons" package in devDependencies.
However, it seems that even if I add it only to devDependencies and run npm i --only=production, npm still tries to resolve the package and still throws an ETARGET error.
Is there some way to completely ignore the devDependencies? My only other Idea is to write a script that removes the devDependencies field from the package.json before running npm install, but I wanted to ask here first to make sure I'm not missing anything.
There is a GitHub issue on the npm/cli repo tracking this issue here (#4967), where this behaviour is categorized as a bug.
So to answer your question, as far as the current status of the GitHub issue indicates, the intended behaviour is that devDependencies don't get attempted to be resolved in --production mode, and you shouldn't need to do anything extra to get this behaviour once the fix is made. I don't think you are missing anything.
The workaround you have thought of sounds reasonable to me.
On the GitHub issue, you can indicate "me too" with a thumbs up reaction (please don't spam the comments with "me too" comments).
To install packages only at production without devDependencies,
npm install --production
Docs about npm install is here.

Problem in installing handlebar npm package in Node.js

I have tried to install the package but it is showing a lot of vulnerabilities and I cannot fix it properly even after using npm audit fix
enter image description here
If you are doing it for your personal projects then no need to worry about the vulnerabilities and all. The packages have already been installed in your projects.

How to install/download packages without using npm install <package_name> or yarn install

I work in a banking domain company so here many link and websites are blocked. Currently I am working on a project where I am using react and Node.js as tech stack.
So whenever I want to install any new dependency or just npm install I get access problem.
Is there any other solution to download the dependencies from package.json file apart from npm install
It'll be really tough not having yarn or npm do dependency management for you but there are options.
I highly recommend you set up a private npm registry just for your company. There are many paid and free services that can do this as well as open source self-hosted solutions. Once set up, all you have to do is edit your npm or yarn configurations and you're good to go.
Here is a link with plenty of options to get this going. A few that come to mind of the top of my head are Artifactory and npm itself.
If none of these work for you, you can always just manually download npm packages from their Github repositories but this will be very tedious and time consuming (maybe you can write your custom package manager?) but I definitely don't recommend this route.

Create an offline installer of npm package

Problem:
I have a very flaky internet connection at my place.
Due to this when I try to do
npm install -g glup
it stops the download before completion.
I have tried downloading several times but all in vain.
Thinking about my options
I have a friend in other city with high speed internet, I can ask him to somehow package the glup and provided it to me using dropbox, then i can use any download manager to download it partially with my flaky connection.
But the sad thing is he doesn't know how to do it. (help on this front is also appreciated)
Can anyone help me out with this situation?
P.S: I am doing a course from Udacity and due to my flaky internet connection I am kind of facing lot of issues.
According to the docs, npm install supports installing from a tarball file sitting on your filesystem. So, as long as your friend can create and supply you a tarball of the npm package you are looking for - you should be good to go.
Below is a quote from the docs.
UPDATE: To create a tarball file from an npm package, you can just run npm pack package_name. For example,
npm pack underscore
will create a .tgz file for the latest version of underscore.js npm package. See the documentation for npm pack here.
Not answering directly your question, but I was just struggling with network connection behind a corporate firewall with npm for hours. Then I tried yarn, the package manager from Facebook. Wow, it worked like a charm, install of the package I needed plus deps. done within a minute.

Resources