I have created node application and in my application I am using some third party libraries say for example Express. It all works well without any issues if I install it from https://registry.npmjs.org.
But because of some security reason I don't want to download it from npm registery, Instead I want that it should be downloaded from my private repository ( We are using Nexus OSS as private repository ).
The problem is I am not able to find way to upload Express module in Nexus Registery. I found one way using Npm proxy but for security reasons we can not use it.
Do any one know how to upload third party libraries to Nexus npm Registry?
Related
I'm a web developer and I work for a secret electronics facility. All our computers are connected to the secret internal network, with no internet access. I'm allowed to transfer-in files using an 18 terabyte hard drive from an "internet computer".
Creating a Python PiPy server was no problem, I just used "bandersnatch", all versions of all pip packages ever are only 13.9 terabytes.
I want to do the same with NPM, but I read the the CouchDB database that used to be clonable, is deprecated, and verdaccio doesn't actually provide a mechanism to clone the real NPM registry, so you end up with an empty NPM registry.
Just a simple React project has more than 800 dependencies, and I have no way to name them all, or manually input the required versions. I need the whole entire thing.
Okay, so I get it that I might be looking for a totally unexpected behavior.
My current company has nothing for me to do for a few weeks, so I would like to start a side project. The problem is, the firewall is really strong here, so I cannot download anything with Git or Npm. I also am not allowed to do any request to the IT support, since I am not in my company's office but some offices owned by a client (that applies said strict policy). In short, I am stuck with firewall and proxy policies that I cannot modify.
I may download a module's zipped archive through the browser, and install it from there. However, it has multiple dependencies, that themselves have dependencies, and so forth. And since I cannot run npm install to retrieve the dependencies, I'm stuck.
I saw multiple possible solutions in order to solve those dependencies issues:
make NPM run all requests and downloads through the browser, since browsers are allowed to access to the network. I don't see any options for that so far.
Download all required dependencies as tarball and step-by-step install each of them. Because of the potential number of dependencies being huge, I am looking for a huge bulk of modules commonly used to download once.
Most solutions I find make the assumption that I may use npm install properly, while my proxy doesn't allow it.
I wouldn't like to spend days on Chrome's built in game. Any idea?
maybe you can create the project somewhere else, and then "import" it on your office local machine:
npm init
edit package.json with your dependecies
npm install
put everything on usb stick and put it on your local computer at work.
or
send an archive of the code via email and download the tarball from email at office.
I am from the NodeJS/JavaScript world where I have npm and dependencies written down in the package.json. When I deploy it, I know that I just need to run npm install and all the dependencies consumed by the app will be installed.
How is it supposed to be done for a Go project? Suppose I have a source code of the app which I deploy remotely by, say, running git pull. Now, how do I make sure the dependencies are present? What I see is I need to install a package manager manually then install dependencies using it?
What's a standard way of deploying a Go app on a server?
First of all, you're indeed thinking like a JS developer. Go is compiled, and thus the proper way to deploy a Go app is not to use the source code at all - you build it on your build server, and deploy a binary. So on the server level you simply don't care anymore, the only place where you need dependencies is the build system.
Now, the standard way to do this in go is to vendor dependencies with your source, that is make sure they are included in the git repo. Another approach is the express them in a manifest file and fetch them with an external tool. These are both more reliable than the naive approach, of simply using go get in build time, fetching the current version of your dependencies (this requires no manifest file).
There are many tools for vendoring management, to name two: Godep and gb
Say I'm developing a large Node.js framework geared towards a specific market. People would use this framework to write and share their software, just like they would with NPM. The problem is I don't want to pollute the default NPM registry and I also want to control my own. I also want a clean repository where only modules relating to my framework would be stored.
My question, because NPM is flexible enough to let us override the default repository, what are my options for setting up an empty public NPM repository? Is there a managed host I can pay and have them set everything up for me? Is it better to manage it myself? Can I use a service like Digital Ocean or Linode? or perhaps I can just leverage a service like GitHub and bypass NPM altogether?
I'm using nTwitter to access twitter api using node.
However, there is a bug in the search utility, and someone already forked and fixed it, but it wasn't pulled yet.
How can I use the fixed version s.t all my team will have the fixed version (meaning, just fixing it locally won't do the trick), but still use it as an npm module? can it be done at all?
Install that commit like this:
npm install git://github.com/AvianFlu/ntwitter#e496bc07b9d0138f65902a43bc267796ab1a74d1
Or install using package.json:
{
....
"dependencies": {
....
"ntwitter" : "git://github.com/AvianFlu/ntwitter#e496bc07b9d0138f65902a43bc267796ab1a74d1"
}
}
You can set up a private npm repository and upload your package there under a unique version, something like 1.2.5-yourcompanyname, so it'll be installed instead for everyone who is using this registry.
Pros: it works just like npm registry for everyone who is using it
Cons: it is usable only in closed groups, i.e. within a team or a company
You can set up a git dependency as damphat pointed out.
Pros: it will work for most of the people out of the box
Cons: it will require git to be installed on every user's machine
You can check it to your git repository either as a submodule or just like regular files. Use bundleDependencies when you're publishing it.
Pros: faster to install, and usually work for everyone
Cons: takes up space in git repository, longer checkouts, etc.
We went for the first solution, and usually are trying to avoid second one because we don't have git on production. Third one is quite popular as well.