I have searches for internet, but I am not sure:
I have installed NodeJS on my machine inside private network. I need npm install command to be working on private network. Security teem is asking me exact destinations in internet that are needed to be opened in order for npm install command to be working.
What are these destinations?
P.S. Ideally I would like all npm commands to be working. What destinations are needed in this case?
Thank you
https://registry.npmjs.org, this is the default registry for all the npm packages but you can change it by configuring ".npmrc" file.
NPM (Node Package Manager) uses by default the public repository https://registry.npmjs.org/ so if you will use public packages as dependencies that's the domain from where it resolves the dependencies to download them. Here is the documentation about NPM: https://docs.npmjs.com/cli/v8/using-npm/registry
Although, your projects could require private packages as dependencies, and those could be stored in private repositories (GPM, Artifactory, etc.). In that scenario you will need to know from where your project is downloading those dependencies.
There are two places where you can see the registry used in your case:
.npmrc file located at you user directory with the global configuration.
.npmrc file located at the root of your project managed by NPM.
// .npmrc
registry=https://registry.npmjs.org/
Scenario
I have a configured nexus repository working as npm registry with redeploy enabled. I know that enable redeploy is a bad practice, but we are in stabilization stage.
Problem
When I try to install my private module into local nodejs project, I always get the previous version:
npm install acme-module --save
Validations
I deleted the folder in nexus repository and perform a new npm publish without any errors.
I can see the new folder, with correct .tgz and if I download it (right click and save) I can see my latest version of source code, which is good.
I tried to uninstall all npm modules, but always the previous version is downloaded.
Possible cause
If I disconnect from the internet, npm install is still working without any error. So I guess, my npm private module acme-module, is cached in some folder, and this prevent the download of latest version.
Question
Why npm install works without internet connection and how force the download of exact versions, located in my nexus registry instead local modules.
Similar questions
Force npm download from private registry (without response :S)
npm config set registry - can we use registry to point to local node_modules folder i.e node_modules on filesytem instead of a url.
I have all required artifacts under node_modules local to my application. When I deploy over private cloud it fails as it tries to download node oracledb binary.
No is not for that.
That option was used some time ago to use another registry different from the official npm registry. Mostly enterprise installations needs their own private registry. This option was very useful, rigth now Im not sure if it is used or it was deprecated due the new infra of npm
To solve the installation of oracledb you'll need build tools installed on the server so npm install could compile binaries.
I'm very new to npm, and I need to work with NPM packages like express, express-generator, ejs, mysql, etc on a server with no Internet access. This means that simply using npm install express will not work since I won't be able to connect to the NPM registry.
Do I go to the GitHub pages of each of the packages and download the zip files (e.g. https://github.com/strongloop/express/archive/master.zip), then do a npm install ./master.zip?
What I'm worried is that each of these packages in turn require a ton of other dependencies, which I have to then download individually.
One possible solution is setting up your own private NPM registry. Some of the advantages are:
NPM will work as it meant to
You will have a central place inside your company that can serve other developers/CI servers
It can be used to deploy your private NPM packages
Governance and security
You will need to deploy the packages you require into the private registry, or if possible have it proxy the public NPM registry.
There are multiple solutions available for setting up a private registry. For example you can use the npm-registry-couchapp or a Binary repository manager which supports NPM such as Artifactory (disclaimer - I'm affiliated).
I've taken some shared code and put it in an NPM module, one I don't want to upload to the central registry. The question is, how do I install it from other projects?
The obvious way is probably to set up my own NPM registry, but according to the documentation, that involves a lot of hassle.
Can I just install an NPM module that sits on the local filesystem, or perhaps even from git?
npm install --from-git git#server:project
In your private npm modules add
"private": true
to your package.json
Then to reference the private module in another module, use this in your package.json
{
"name": "myapp",
"dependencies": {
"private-repo": "git+ssh://git#github.com:myaccount/myprivate.git#v1.0.0",
}
}
cd somedir
npm install .
or
npm install path/to/somedir
somedir must contain the package.json inside it.
It knows about git too:
npm install git://github.com/visionmedia/express.git
Can I just install an NPM package that sits on the local filesystem, or perhaps even from git?
Yes you can! From the docs https://docs.npmjs.com/cli/install
A package is:
a) a folder containing a program described by a package.json file
b) a gzipped tarball containing (a)
c) a url that resolves to (b)
d) a <name>#<version> that is published on the registry with (c)
e) a <name>#<tag> that points to (d)
f) a <name> that has a "latest" tag satisfying (e)
g) a <git remote url> that resolves to (b)
Isn't npm brilliant?
Update January 2016
In addition to other answers, there is sometimes the scenario where you wish to have private modules available in a team context.
Both Github and Bitbucket support the concept of generating a team API Key. This API key can be used as the password to perform API requests as this team.
In your private npm modules add
"private": true
to your package.json
Then to reference the private module in another module, use this in your package.json
{
"name": "myapp",
"dependencies": {
"private-repo":
"git+https://myteamname:aQqtcplwFzlumj0mIDdRGCbsAq5d6Xg4#bitbucket.org/myprivate.git",
}
}
where team name = myteamname, and API Key = aQqtcplwFzlumj0mIDdRGCbsAq5d6Xg4
Here I reference a bitbucket repo, but it is almost identical using github too.
Finally, as an alternative, if you really don't mind paying $7 per month (as of writing) then you can now have private NPM modules out of the box.
FWIW: I had problems with all of these answers when dealing with a private organization repository.
The following worked for me:
npm install -S "git+https://username#github.com/orgname/repositoryname.git"
For example:
npm install -S "git+https://blesh#github.com/netflix/private-repository.git"
I'm not entirely sure why the other answers didn't work for me in this one case, because they're what I tried first before I hit Google and found this answer. And the other answers are what I've done in the past.
Hopefully this helps someone else.
Structure your code in an accessible fashion like below. If this is possible for you.
NodeProjs\Apps\MainApp\package.json
NodeProjs\Modules\DataModule\package.json
Within MainApp # NodProjs\Apps\MainApp\
npm install --S ../../Modules/DataModule
You may need to update package.json as:
"dependencies": {
"datamodule": "../../Modules/DataModule"
}
This worked for my situation.
I had this same problem, and after some searching around, I found Reggie (https://github.com/mbrevoort/node-reggie). It looks pretty solid. It allows for lightweight publishing of NPM modules to private servers. Not perfect (no authentication upon installation), and it's still really young, but I tested it locally, and it seems to do what it says it should do.
That is... (and this just from their docs)
npm install -g reggie
reggie-server -d ~/.reggie
then cd into your module directory and...
reggie -u http://<host:port> publish
reggie -u http://127.0.0.1:8080 publish
finally, you can install packages from reggie just by using that url either in a direct npm install command, or from within a package.json... like so
npm install http://<host:port>/package/<name>/<version>
npm install http://<host:port>/package/foo/1.0.0
or..
dependencies: {
"foo": "http://<host:port>/package/foo/1.0.0"
}
Npm now provides unlimited private hosted modules for $7/user/month used like so
cd private-project
npm login
in your package json set "name": " #username/private-project"
npm publish
then to require your project:
cd ../new-project
npm install --save #username/private-project
This was what I was looking for - get the latest from "private repo" :
GitHub :
$ npm install git+https://token:x-oauth-basic#github.com/username/my-new-project.git
$ npm install git+ssh://git#github.com/username/my-new-project.git
Bitbucket :
$ npm install git+https://username:password#bitbucket.org/username/my-new-project.git
$ npm install git+ssh://git#bitbucket.org/username/my-new-project.git
Starting with arcseldon's answer, I found that the team name was needed in the URL like so:
npm install --save "git+https://myteamname#aQqtcplwFzlumj0mIDdRGCbsAq5d6Xg4#bitbucket.org/myteamname/myprivate.git"
And note that the API key is only available for the team, not individual users.
I use the following with a private github repository:
npm install github:mygithubuser/myproject
Very simple -
npm config set registry https://path-to-your-registry/
It actually sets registry = "https://path-to-your-registry" this line to /Users/<ur-machine-user-name>/.npmrc
All the value you have set explicitly or have been set by default can be seen by - npm config list
You can use Verdaccio for this purpose which is a lightweight private npm proxy registry built in Node.js. Also it is free and open-source. By using Verdaccio it does not involve that much hassle as a plain private npm registry would.
You can find detailed information about how to install and run it on their website but here are the steps:
It requires node >=8.x.
// Install it from npm globally
npm install -g verdaccio
// Simply run with the default configuration that will host the registry which you can reach at http://localhost:4873/
verdaccio
// Set the registry for your project and every package will be downloaded from your private registry
npm set registry http://localhost:4873/
// OR use the registry upon individual package install
npm install --registry http://localhost:4873
It also has a docker so you can easily publish it to your publicly available docker and voila you have a private npm repository that can be distributed to others in a way as you configure it!
Config to install from public Github repository, even if machine is under firewall:
dependencies: {
"foo": "https://github.com/package/foo/tarball/master"
}
Obviously, setting up the private npm registry is the most scalable and long-term solution, although it's a bit of hassle in the beginning.
Also, you can install using the git+https/ssh as mentioned in the other answers. But if you have the private repo, and you're building the image in the cloud, let's say using google cloud build, you have to set up the GitHub ssh connection.
The simplest solution for one-off case like this can be solved using the following approach.
Clone and modify or create your own library from scratch.
Generate the archive file(package code along with its dependencies), using
yarn install && yarn pack
this will produce file like
rich-markdown-editor-v11.13.117.tgz
move this file to libs folder and add this entry in dependencies object of package.json.
"rich-markdown-editor": "file:libs/rich-markdown-editor-v11.13.117.tgz",
Now, install the package.
yarn install
Make sure to add that file in your vcs and the installation process in docker image creation should work in cloud as well.
Note: if you frequently update the package and commit in your vcs, it will increase your repo size(while cloning with full history).
Publish your module under an organization name using the standard "#my-org/my-module" (by default all organization modules are private).
From your npm profile create a read-only access token under "Access Tokens"
Next in your project directory root create a .npmrc file, and inside the file write the following:
//registry.npmjs.org/:_authToken=${Your_Access_Token}
Note: this also should work for others packaging services that follow the same standard.