I am not sure weather it is possible or not.
Is it possible to prevent publish when npm publish ran directly and make it accessible only via scripts.
User must be denied when npm publish is executed directly. i.e. User mush be able to publish via any scripts or npm run <script>
or
is there a way to tell npm only to publish <folder>/ or to look for a tarball when published.
If I mark it private I won't be able to publish at all. My main intention was to prevent accidental publishes.
NPM team gave a simple workaround which is awsome.
package.json
{
"prepublishOnly": "node prepublish.js",
"release": "RELEASE_MODE=true npm publish"
}
prepublish.js
const RELEASE_MODE = !!(process.env.RELEASE_MODE)
if (!RELEASE_MODE) {
console.log('Run `npm run release` to publish the package')
process.exit(1) //which terminates the publish process
}
Mark the package as private:
If you set "private": true in your package.json, then npm will refuse
to publish it.
This is a way to prevent accidental publication of private
repositories. If you would like to ensure that a given package is only
ever published to a specific registry (for example, an internal
registry), then use the publishConfig dictionary described below to
override the registry config param at publish-time.
{
"name": "some",
"version": "1.0.0",
"private": true
}
If you are trying to force something to happen before publishing, leverage the prepublish or prepublishOnly npm-script.
Yes, we can restrict npm to prevent accidental publish by making private: true in package.json
You can have script for publish also
In your package.json
{
"scripts": {
"publish:mypackages": "npm publish folder1/file1.tgz --registry http://custom-registry..."
}
}
Now in cmd: npm run publish:mypackages
It publishes the given tarball to the registry you have given.
Related
My frontend Reactjs app is stored in one repository.
My backend Node.js app is stored in another repository.
There are some functions used by both. Where should store those functions so that both repositories can access them?
You can create a library that exports all of the functions you'll be needing, then publish it to NPM and add it to the dependencies of both projects' package.json. With NPM you can set your packages as private, too, in case you don't want your code/package to be publicly available.
The starting point would be to create a directory with all the functions you need, export them all in an index.js, and run npm init to create a package.json for your new project. You'll be guided for naming and assigning a version number, then publish with npm publish (you may need to create an account and run npm login first). Then in your frontend and backend projects you simply npm install <your-package> like any other npm package.
Your project directory may be as simple as...
myFunctions.js
index.js
package.json
myFunctions.js:
export const functionA = () => {
return "a"
}
export const functionB = () => {
return "b"
}
index.js:
export * from './myFunctions.js'
package.json (can be created with npm init:
{
"name": "my-functions",
"version": "1.0.0",
"description": "",
"main": "index.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
"author": "",
"license": "ISC"
}
Then in the directory run npm publish, and in your other projects you can run npm install my-functions.
And finally, in your other projects:
import { functionA } from 'my-functions';
// ...
functionA() // returns "a"
Creating a separate NPM package for your helper functions can certainly be a good solution, but I find them somewhat annoying to maintain across different repositories. I tend to try and avoid them.
There are certainly some functions in your application that do have purpose on both the front- and backend, but I would encourage you to look at these carefully to see if that logic can be the responsibility of one or the other (backend or frontend).
For example; if you have a function to parse a date and format it in a very specific way for your app then you can have that function live solely in the backend and leverage it to pass back the already converted value to the frontend - avoiding the burden of maintaining it in 2 places or in a separate package that then needs to be updated in 2 repositories.
Sometimes there's just no getting around it though, but I found that in most cases I can split them accordingly.
I try to publish my angular library on npm.
But i get error
npm ERR! This package has been marked as private. Remove the 'private' field from the package.json to publish it.
But i don't have any private field in my package.json file
My package.json file of my library looks like this:
{
"name": "#myfirst_mylastname/testlib123",
"version": "0.0.1",
"peerDependencies": {
"#angular/common": "^11.1.2",
"#angular/core": "^11.1.2"
},
"dependencies": {
"tslib": "^2.0.0"
},
"description": "Test library",
"author": {"name":"test name"},
"keywords": ["test library"],
}
what i tried
I thought that private is always by default and i added
"private":"false" to my package.json file but i get same error on npm publish.
I googled and i found answers where they say - make private field true or false in the package.json file. I tried that but without success
Why is that ? How can be solved ?
In case this is a problem for anyone else, the error thrown by NPM when publishing a scoped package is misleading.
There may be no "private" field in your package.json file, however scoped packages have their access property set to restricted by default, whereas normal packages are public by default (https://docs.npmjs.com/cli/v8/commands/npm-publish#access).
To be able to publish your scoped package, ensure first that your terminal is in the root of the package - the publish command only affects the directory that you are in.
Then use a flag to set its access property when publishing:
npm publish --access=public
You should also be able to set the default access value for your package using the command
npm access public #myfirst_mylastname/testlib123
which would allow you to publish without specifying the flag. (https://docs.npmjs.com/cli/v8/commands/npm-access#details)
I have a private npm registry with npmjs.org which contains several private npm packages. We are moving to a private npm registry in-house (verdaccio). Long-story short, with our AWS infrastructure, the verdaccio server could be rebuilt for many reasons and the main issue is that when a new server is spun up with a fresh verdaccio install, It won't have any packages published, obviously. I'm trying to create a script that will run when the server is created that will do a few things:
1. Ask the user what the previous npm registry is along with an authToken for a user (is our case, a service user that only the server uses)
2. Query the previous npm registry to get a list of all private scoped packages with all its versions
3. Copy/Migrate/Publish all previously existing packages and versions to the new verdaccio registry so the first person to run "npm install" will get them.
There are several utility packages out there for helping with type of task, but none deal with private packages. I've tried using the authToken from the .npmrc file that gets generated when a user is logged in, from within a curl command, but nothing gets returned. I've tried using the npm search function. I've tried all of these utility packages. I've tried the npm v2 api, but nothing seems to return private packages.
https://www.npmjs.com/package/registry-migrate
https://www.npmjs.com/package/npm-migrate
https://github.com/finn-no/migrate-npm-registry
https://github.com/npm/npm-registry-client
https://api-docs.npms.io/#api-Package-GetMultiPackageInfo
Anyone have any ideas?? Thanks!
You need to add the NPM_TOKEN in the npm registry API.
I found 2 endpoints that can help you perform any necessary logic with the versions of the private npm packages
List all private npm packages names and access
curl -H "Authorization: Bearer $NPM_TOKEN" "https://registry.npmjs.org/-/user/[NPM_USERNAME]/package"
Example response:
{ "my-package": "write" }
** NPM_USERNAME can be the organization's scope.
Fetch npm package details
curl -H "Authorization: Bearer $NPM_TOKEN" "https://registry.npmjs.org/[NPM_PACKAGE_NAME]"
Example response:
{
"_id": "my-package",
"name": "my-package",
"dist-tags": { "latest": "1.0.0" },
"versions": {
"1.0.0": {
"name": "my-package",
"version": "1.0.0"
//...
}
//...
}
}
I am trying to get jspm working with a private npm registry (which mirrors the public registry).
I used the endpoint config tool to configure jspm from .npmrc appears to work successfully
GAVINJ:jspm-test gavinj$ jspm endpoint config npm
npmrc found, would you like to use these settings? [yes]:
npm registry [http://registry.npm.ourcompanyname.net/]:
Would you like to test these credentials? [yes]:
ok npm authentication is working successfully.
ok Endpoint npm configured successfully.
Installing our package 'michelangelo' (which is not in the public npm registry) works just fine
GAVINJ:jspm-test gavinj$ npm install michelangelo
highstock-release#2.0.4 node_modules/highstock-release
jquery#2.1.3 node_modules/jquery
d3#3.5.5 node_modules/d3
lodash#3.3.1 node_modules/lodash
michelangelo#2.0.1641 node_modules/michelangelo
Attempting to install the same npm package via jspm does not work.
GAVINJ:jspm-test gavinj$ jspm install michelangelo=npm:michelangelo
Looking up npm:michelangelo
err Repo michelangelo not found!
warn Installation changes not saved.
Attempting to install lodash via jspm works perfectly
GAVINJ:jspm-test gavinj$ jspm install lodash=npm:lodash
Looking up npm:lodash
Updating registry cache...
Looking up github:jspm/nodelibs-process
Looking up npm:process
ok Up to date - lodash as npm:lodash#^3.3.1 (3.3.1)
ok Install tree has no forks.
ok Install complete.
Here's what my jspm config file looks like
{
"registry": "jspm",
"endpoints": {
"github": {
"timeouts": {
"lookups": 60
},
"handler": "jspm-github",
"remote": "https://github.jspm.io"
},
"npm": {
"timeouts": {
"lookups": 60
},
"registry": "http://registry.npm.ourcompanyname.net/",
"remote": "https://npm.jspm.io",
"auth": "PRIVATE_HERE_BUT_SAME_AS_NPMRC_FILE",
"handler": "jspm-npm"
},
"jspm": {
"timeouts": {
"lookups": 60
},
"handler": "jspm-registry",
"remote": "https://registry.jspm.io"
}
}
}
Any idea why I am unable to install the npm pacakge via jspm? Or, any advice on how I could track down the problem?
It turns out that the registry url cannot end with a /.
Once I removed the trailing slash it worked like a charm.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
How does one deploy a production MeteorJS app to Windows Azure?
Yes it is. See http://www.meteorpedia.com/read/Deploying_to_a_PaaS
In most cases this is as simple as using "meteor bundle",
demeteorizer, and then uploading the resulting files with your PaaS
provider's CLI deploy tool.
Demeteorizer wraps and extends Meteor’s bundle command by creating
something that more closely resembles a standard looking Node.js
application, complete with a package.json file for dependency
management.
$ cd /my/meteor/app
$ demeteorizer -o /my/node/app
$ cd /my/node/app
$ npm install
$ export MONGO_URL='mongodb://user:password#host:port/databasename?autoReconnect=true&connectTimeout=60000'
$ export PORT=8080
$ forever start main.js
Forever keeps your app running after a disconnect or crash, but not a reboot unless you manually add a boot entry.
The whole deploy is much easier using Meteor Up instead. Or maybe mups, though that doesn't even have updated docs.
To run a Meteor app in an Azure web app:
Azure Web App
Python 2.7
Websockets ON (optional)
WEBSITE_NODE_DEFAULT_VERSION 0.10.32 (default)
ROOT_URL http://webapp.azurewebsites.net
MONGO_URL mongodb://username:password#instance.mongolab.com:36648/dbname (For advanced apps. Request log should say if you need it.)
Dev Machine
Install Visual Studio Community 2015
Install Node 0.12.6
Install Meteor MSI
app> demeteorizer -o ..\app-dem
app-dem\programs\server\packages\webapp.js change .PORT line to "var localPort = process.env.PORT"
app-dem\package.json change "node": "0.10.36" to "node": "0.12.6"
app-dem> npm install
app-dem> git init
app-dem> git add -A .
app-dem> git commit -m "version 1.0 demeteorized Meteor + tweaks"
app-dem> git remote add azure https://username#webapp-slot.scm.azurewebsites.net:443/webapp.git
app-dem> git config http.postBuffer 52428800
app-dem> git push azure master
Instead of demeteorizer -o, perhaps you could use meteor build and create a package.json in the output root:
{
"name": "App name",
"version": "0.0.1",
"main": "main.js",
"scripts": {
"start": "node main.js"
},
"engines": {
"node": "0.12.6"
}
}
If bcrypt doesn't compile, make sure to use a more recent version:
"dependencies": {
"bcrypt": "https://registry.npmjs.org/bcrypt/-/bcrypt-0.8.4.tgz"
}
Before starting make sure your have install'd a 32 bit version of nodejs and have run "npm -g install fibers" on your windows build machine. Default nodejs on azure is running 32 bit only!
Note: this will not work if you'r using for example the spiderable package which relays on PhantomJS. PhantomJS can not be executed in a webapp on azure?
In your project "meteor build ..\buildOut" and extract the .tar.gz file located in "..\buildOut".
Place/create in "..\buildOut\bundle" a "package.json" containing:
{
"name": "AppName",
"version": "0.0.1",
"main": "main.js",
"scripts": {
"start": "node main.js"
},
"engines": {
"node": "0.12.6"
}
}
Note: Make sure "name" doesn't contain spaces, the deploy on azure will fail.
On your favorite shell, goto "..\buildOut\bundle\programs\server" and run "npm install". This will pre download all the requirements and build them.
Now open the file "..\buildOut\bundle\programs\server\packages\webapp.js" and search for "process.env.PORT".
it looks like this:
var localPort = parseInt(process.env.PORT) || 0;
alter this line into:
var localPort = process.env.PORT || 0;
This is needed so your meteor project can accept a named socket as soon as it runs in node. The function "parseInt" will not let a string go thru, the named socket is a string located in your webapp's environment. This my be done for a reason, a warning here! Now save this change an we are almost done...
Solve the bcrypt issue: Download this file and extract it somewhere: https://registry.npmjs.org/bcrypt/-/bcrypt-0.8.4.tgz
Extract it.
Now replace the files located: "..\buildOut\bundle\programs\server\npm\npm-bcrypt\node_modules\bcrypt*"
with the directory's and file's located somewhere: ".\bcrypt-0.8.4\package*"
Now go on the shell in the directory "..\buildOut\bundle\programs\server\npm\npm-bcrypt\node_modules\bcrypt\" and make sure you remove the "node_modules" directory. If the node_modules directory is not removed npm will not build the package for some reason.
Run on the shell "npm install".
Make sure you set the "Environment" variables: "MONGO_URL" and "ROOT_URL" in the portal for you webapp.
If everything worked without an error, you can deploy your app to the git repository on the deployment slot for your webapp. Go to "..\buildOut\bundle" and commit the files there to the deployment slot's repository. This will course the deploy on the deployment slot and create the needed iis configuration file(s).
Now wait a little and your app should fire after some time... Your app should be running and you can access it on the *.azuresites.net
Thanks to all that made this possible.