I'm using a private npm registry for one of my npm packages and I also have a couple of other packages referenced from the default npm registry. What I'm doing at the moment is:
npm config set registry https://private.registry.endpoint
However, this changes the registry globally. I can manually create a .npmrc at the root of my project and set the registry manually inside. This does not replace my global registry and uses the private registry only for the specific project. However, I want to do this with a command, instead of having to manually create the .npmrc and set the registry.
In case you're wondering why I need this, I know how to do it myself, however I have to guide other users how to do it, and it would be simpler to just provide a command for them. I need to know if there is a way to do something of the sort:
npm config --local set registry https://private.registry.endpoint
We solved this problem by scoping our private packages, which allows us to add the private registry only for the specific #scope instead of changing the entire default registry to download the private packages.
E.g.
If we have a package named package-name, in our private registry we publish it as #company/package-name and then set the private registry scope to be #company.
npm config set #company:registry https://private.registry.endpoint
I was facing the issue. Solved it by putting a .npmrc file in the project root and assign the desired registry.
Related
I'm not able to install packages from npm, since I have placed a .npmrc file for install a private library.
This library is hosted by azure work space.
So i just placed the new config file to install. And it works fine in localhost.
How can i keep 2 registry in nprmc file, one for private and another one of npm registry?
error 404 Not Found - GET https://registry.npmjs.org/mm-core - Not found
mm-core is my private library hosted in azure, without my .npmrc file i receive this error.
With .npmrc file npm packages can't be installed.
any help?
It actually should work if you follow the official documents correctly. And we don't need to keep 2 registry in nprmc file, one for private and another one of npm registry.
Solution:
Keep the .npmrc file which presents the azure devops artifacts feed. And sign-in the azure devops web portal to configure the feed settings:
In feed settings, go Upstream sources and make sure you have npmjs as Upstream source. If it not exists, click the Add upstream source to add npmjs.
Then you only need to hold one registry for private library. If the package is not found in your private feed, since we've configured npmjs as upstream source, it will fetch the missing package there automatically!
More details about magic upstream source please refer to this document.
I have created a private typings npm module that I am using for my firebase functions and app projects. When I went to deploy firebase functions, I get a big error for every function that basically says ERR! remote: Invalid username or password.
For what I have read, it looks like I need to create a .npmrc file and put it in the /functions directory. (https://cloud.google.com/functions/docs/writing/specifying-dependencies-nodejs#using_private_modules)
I cannot however find proper instructions on how to do this anywhere. From what I found, I have done the following:
ran npm login
ran npm token create --read-only
This then gave me a token that looks like this: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX.
I then create a file called .npmrc in my functions directory, and placed //registry.npmjs.org/:_authToken=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX in it.
Additionally, I saw that the error message was trying to use ssh to install my private repo package, I have not setup ssh and am using https instead, because of this I changed my package file to git+https://github.com/accounts-name/repo#commit-num so that it uses HTTPS.
However, I still get the same error message. What am I missing? The above is what I have strung together from lots of google searching.
It seems that you have made too many different changes while trying to make it work, so let's just go through the whole process step by step.
Check the package.json of your npm module and publish it:
Remove "private" property or set it to false because private modules in the npm are meant to be never published. That is not obvious but that is true.
Next step is to apply restricted access to the package. In order to do that, add such property in the package.json file:
"publishConfig": {
"access": "restricted"
},
Make sure that npm account you use for publishing supports private packages.
Now open the terminal in the root directory of your package, type npm login then sign in to npm. Check if you put the proper version in the package.json.
Run npm publish. The package should be published in few seconds. No worries, thanks to publishConfig property nobody can access it.
Now it is time to allow package installation in your project
Go to the directory of the project and open package.json file
Check that you have the name and version of your package in the dependencies list
Open browser, navigate to https://npmjs.com, login to your account, navigate to settings page of your account and open the tokens tab
Create new token and copy it
Now again go to the directory of your project, on same level where package.json file is situated (that is important!) and create .npmrc file there.
Put such string in the .npmrc file:
//registry.npmjs.org/:_authToken=TOKEN_HERE
You are done!
Deployment with remote CI/CD services
The easiest approach is not add .npmrc into .gitignore. In such case the file will be always in repository, so npm install will run smoothly on any machine where project was cloned
If you don't want to have token string in the repository, you can move it to the environment variable of your CI/CD service and then link .npmrc file to that variable. For example, you can put generated token into the NPM_TOKEN env variable (Just token from npmjs, not the whole string from .npmrc!)
And then change the .npmrc file in the next way:
//registry.npmjs.org/:_authToken=${NPM_TOKEN}.
So, with those steps you should be able to install your restricted packages without any issues. Good luck!
If you are trying to deploy you functions with firebase deploy from a CI and your .npmrc file looks like this.
#acmecorp:registry=https://npm.pkg.github.com/
//npm.pkg.github.com/:_authToken=${NPM_REGISTRY_TOKEN}
You will run into the problem even if you have the env var set.
Build failed: Error: Failed to replace env in config: ${NPM_REGISTRY_TOKEN}
Firebase for some reason needs access to that private repo. But the env var is not sent over to firebase.
Solution I've implemented was to replace ${NPM_REGISTRY_TOKEN} in the .npmrc file on every run of the CI pipeline.
sed -i.bak "s/\${NPM_REGISTRY_TOKEN}/${NPM_REGISTRY_TOKEN}/g" .npmrc
This breaks if you use Yarn. Took me a while to find a thread pointing to npm install in the firebase cli predeploy step. If there's no package-lock.json and you only use yarn, this will break. Remove yarn.lock and install using npm to resolve the issue.
I have a private registry configured in my global .npmrc file. Now I want to configure a fallback registry also in the same npmrc file. When npm is not able to find module in my private repository, I want it to download it from npm global registry i.e. https://registry.npmjs.org
Below are the two repositories I want to configure:
http://devint:9999/nexus/content/groups/NPM-Release //npm should first look into this
https://registry.npmjs.org // fallback registry
I know there is a solution available on StackOverflow for this similar problem, but those solution is suggesting to used scoped package approach. I don't want to use the scoped package approach for configuring multiple repositories in a npmrc file.
I have already gone through the solution available on
Is there any way to configure multiple registries in a single npmrc file
But I am looking for a different approach, where I can define multiple repositories with its priority in npmrc file.
I request not to mark this question as closed without giving a satisfactory correct answer.
Thanks.
As far as I know you can not define multiple NPM registry URLs in .npmrc , on the CLI, or anywhere else, and have NPM check them based on priority.
Configure your NPM server to check for a requested package locally first and fall back to the public NPM registry if not found. This can be done with Nexus, and I believe Sinopia/Verdaccio do this out of the box.
Does anyone know how to configure location of global repository?
My global repo is somewhere under $HOMEDRIVE/$HOMEPATH/blahblahblah
and all my packages are being installed under that place fopr global reference
but I want to park it somewhere specific and secret like the docroot of my appserver ? so I can operate demos and proof-of-concepts and prototypes ands show them off
can you tell me how I can configure the path to my global repository? I am on windows7 which is thoroughly supported and chmod chown issues are not as prevalent on linux
is this directory anchor controlled by a designated variable within NPM?
is this variable ever referenced by javascript modules indiscriminantly? i would hope not
I assume this variable is within the NPM tool itself.
what about bower... would bower operate the same configurable? or is bower a different animal and place.
is bower a subset of npm? anmd of so does it operate the same configuration as npm?
thank you
See the npm docs about the folders. It states that the global modules are installed under a configured prefix. You can get it from the npm config comand:
npm config get prefix
And you may change it with a similar command:
npm config set prefix /path/to/my/global/folder
However, modules are usually installed globally if want to use some command line command they provide. For using in some node.js application, prefer to install them locally. If you still want to use the globally installed modules inside the application, you should use the link command (though I'm not sure if it works in a Windows environment).
Bower is another thing completely. Looking at the api documentation, you will see that there is no option to install modules globally (which makes sense, as Bower is intended for front-end dependencies).
You could change the default folder using the directory parameter of your .bowerrc file (see the documentation). This way you would be able to set all projects to use the same folder, but notice that's not the way it's intended to use and you would need to set it in all projects.
npm config set registry <registry url>
once this command is run, check in ~/.npmrc, it must show your changes.
Basically the thing is I'm working on a project that uses grunt for build tasks and as I have a few dependencies here and there I thought it was a good idea to declare those on a package.json so that my co-workers can npm install without being required to manually install every package at the correct version.
Now the thing is, what if someone "accidentally" runs npm publish? Is there a way to have the package.json while keeping my stuff private?
Yes, set private to true.
If you set "private": true in your package.json, then npm will refuse
to publish it.
This is a way to prevent accidental publication of private
repositories. If you would like to ensure that a given package is only
ever published to a specific registry (for example, an internal
registry), then use the publishConfig hash described below to override
the registry config param at publish-time.
You can set "private" : true in your package.json file
Your CoWorkers will get an error if they try to publish it