how to define fallback registry in global .npmrc file - node.js

I have a private registry configured in my global .npmrc file. Now I want to configure a fallback registry also in the same npmrc file. When npm is not able to find module in my private repository, I want it to download it from npm global registry i.e. https://registry.npmjs.org
Below are the two repositories I want to configure:
http://devint:9999/nexus/content/groups/NPM-Release //npm should first look into this
https://registry.npmjs.org // fallback registry
I know there is a solution available on StackOverflow for this similar problem, but those solution is suggesting to used scoped package approach. I don't want to use the scoped package approach for configuring multiple repositories in a npmrc file.
I have already gone through the solution available on
Is there any way to configure multiple registries in a single npmrc file
But I am looking for a different approach, where I can define multiple repositories with its priority in npmrc file.
I request not to mark this question as closed without giving a satisfactory correct answer.
Thanks.

As far as I know you can not define multiple NPM registry URLs in .npmrc , on the CLI, or anywhere else, and have NPM check them based on priority.
Configure your NPM server to check for a requested package locally first and fall back to the public NPM registry if not found. This can be done with Nexus, and I believe Sinopia/Verdaccio do this out of the box.

Related

Not able to install npm packages after placed the private `.npmrc` file in Azure

I'm not able to install packages from npm, since I have placed a .npmrc file for install a private library.
This library is hosted by azure work space.
So i just placed the new config file to install. And it works fine in localhost.
How can i keep 2 registry in nprmc file, one for private and another one of npm registry?
error 404 Not Found - GET https://registry.npmjs.org/mm-core - Not found
mm-core is my private library hosted in azure, without my .npmrc file i receive this error.
With .npmrc file npm packages can't be installed.
any help?
It actually should work if you follow the official documents correctly. And we don't need to keep 2 registry in nprmc file, one for private and another one of npm registry.
Solution:
Keep the .npmrc file which presents the azure devops artifacts feed. And sign-in the azure devops web portal to configure the feed settings:
In feed settings, go Upstream sources and make sure you have npmjs as Upstream source. If it not exists, click the Add upstream source to add npmjs.
Then you only need to hold one registry for private library. If the package is not found in your private feed, since we've configured npmjs as upstream source, it will fetch the missing package there automatically!
More details about magic upstream source please refer to this document.

Force npm download from private registry

In my nodejs project I had to modify 4 of the node modules and upload them to our private corporate registry so the project will download the modified versions during builds. I did this by changing the resolved field in package-lock.json for each dependency from our virtual npm registry which forwards downloads to the public npm registry to our private registry.
This is working for 3 out of the 4 modules, however 1 module, phantomjs-prebuilt, will not download the one I uploaded. When I view its package.json after installing, its _resolved field shows the correct private registry I entered in package-lock.json, but the module doesn't have my modifications.
If I create a test project with a package.json that has phantomjs-prebuilt as its only dependency and modify the lock file to download from the private registry it will download the correct modified version I uploaded. I'm assuming there must be some transitive dependency overriding it, but I thought I would be able to see that from the lock file and override it. phantomjs-prebuilt only appears once in my lock file and that's where I'm making the change to the resolved field.
I had a similar issue myself, recently. This may not help you in particular if releasing as a different version is not an option, but maybe others who stumble across this answer like I did.
What I did was to release a forked version of a package, under a new version.
So, I forked moddle-xml 10.0.0, and released a package 10.0.1337 into our private registry in Artifactory.
That way, I could replace the transitive package dependencies of a package that we used with the forked version 10.0.1337 (using npm-force-resolutions), not breaking any constraints like ^10.0.0.
EDIT: If you want to replace a particular outside version, I think you can work with exclusion / inclusion filters.
The Artifactory-based registry would then offer a single virtual registry containing both the npm-local packages (including my fork) and npm-remote packages (the normal stuff from the default registry) setup guide.
I would configure my local setup to only download from that virtual registry.
The Artifactory setup comes with a few pitfalls (like, you have to give read permissions to all physical repositories (npm-local AND npm-remote), not just the virtual one, and this one), but it works fine for me now.
(I'm sure something like this is possible with other than the Artifactory implementation, this particular thing is just the stuff I know)

How to set npm registry only for the specific project

I'm using a private npm registry for one of my npm packages and I also have a couple of other packages referenced from the default npm registry. What I'm doing at the moment is:
npm config set registry https://private.registry.endpoint
However, this changes the registry globally. I can manually create a .npmrc at the root of my project and set the registry manually inside. This does not replace my global registry and uses the private registry only for the specific project. However, I want to do this with a command, instead of having to manually create the .npmrc and set the registry.
In case you're wondering why I need this, I know how to do it myself, however I have to guide other users how to do it, and it would be simpler to just provide a command for them. I need to know if there is a way to do something of the sort:
npm config --local set registry https://private.registry.endpoint
We solved this problem by scoping our private packages, which allows us to add the private registry only for the specific #scope instead of changing the entire default registry to download the private packages.
E.g.
If we have a package named package-name, in our private registry we publish it as #company/package-name and then set the private registry scope to be #company.
npm config set #company:registry https://private.registry.endpoint
I was facing the issue. Solved it by putting a .npmrc file in the project root and assign the desired registry.

NPM how to configure location of global repository

Does anyone know how to configure location of global repository?
My global repo is somewhere under $HOMEDRIVE/$HOMEPATH/blahblahblah
and all my packages are being installed under that place fopr global reference
but I want to park it somewhere specific and secret like the docroot of my appserver ? so I can operate demos and proof-of-concepts and prototypes ands show them off
can you tell me how I can configure the path to my global repository? I am on windows7 which is thoroughly supported and chmod chown issues are not as prevalent on linux
is this directory anchor controlled by a designated variable within NPM?
is this variable ever referenced by javascript modules indiscriminantly? i would hope not
I assume this variable is within the NPM tool itself.
what about bower... would bower operate the same configurable? or is bower a different animal and place.
is bower a subset of npm? anmd of so does it operate the same configuration as npm?
thank you
See the npm docs about the folders. It states that the global modules are installed under a configured prefix. You can get it from the npm config comand:
npm config get prefix
And you may change it with a similar command:
npm config set prefix /path/to/my/global/folder
However, modules are usually installed globally if want to use some command line command they provide. For using in some node.js application, prefer to install them locally. If you still want to use the globally installed modules inside the application, you should use the link command (though I'm not sure if it works in a Windows environment).
Bower is another thing completely. Looking at the api documentation, you will see that there is no option to install modules globally (which makes sense, as Bower is intended for front-end dependencies).
You could change the default folder using the directory parameter of your .bowerrc file (see the documentation). This way you would be able to set all projects to use the same folder, but notice that's not the way it's intended to use and you would need to set it in all projects.
npm config set registry <registry url>
once this command is run, check in ~/.npmrc, it must show your changes.

Can I have a package.json but avoid my project from getting published to npm servers?

Basically the thing is I'm working on a project that uses grunt for build tasks and as I have a few dependencies here and there I thought it was a good idea to declare those on a package.json so that my co-workers can npm install without being required to manually install every package at the correct version.
Now the thing is, what if someone "accidentally" runs npm publish? Is there a way to have the package.json while keeping my stuff private?
Yes, set private to true.
If you set "private": true in your package.json, then npm will refuse
to publish it.
This is a way to prevent accidental publication of private
repositories. If you would like to ensure that a given package is only
ever published to a specific registry (for example, an internal
registry), then use the publishConfig hash described below to override
the registry config param at publish-time.
You can set "private" : true in your package.json file
Your CoWorkers will get an error if they try to publish it

Resources