I have published a scoped npm package in an npm-local repo on Artifactory. For example let's say it's #scope/packagename in the package.json. The path it creates on Artifactory seems to have an extra #scope in the path: https://artifacts.company.com/artifactory/webapp/#/artifacts/browse/tree/General/npm-local/#scope/packagename/-/#scope/packagename-version.tgz
Is this correct? Is there a problem with the publish? This is related to another question: Installing scoped npm packages from Artifactory. When I try to install this package I just published I get a 404 error leading me to believe there might be something wrong with the path?
Edit:
To publish my scoped package I edited my .npmrc:
#scope:registry=https://artifacts.company.com/artifactory/api/npm/npm-local/
//artifacts.company.com/artifactory/api/npm/npm-local/:_password=Q......
//artifacts.company.com/artifactory/api/npm/npm-local/:username=dgriner
//artifacts.company.com/artifactory/api/npm/npm-local/:email=d.griner#company.com
//artifacts.company.com/artifactory/api/npm/npm-local/:always-auth=true
In my package.json file I have the following:
"name": "#scope/packagename",
I then ran npm publish and it created the above path.
The path seems to be OK and should not lead to a resolution error.
The physical location of the NPM package does not effect the way it is being resolved. When resolving an NPM package, Artifactory is using the package metadata and not its path (as opposed to other supported package managers such as Maven which relies on the repository layout and artifact path).
As you have seen, Artifactory does have a layout for storing NPM packages. While it is not used for resolution it can be used for other concerns such as configuring fine grained access permission.
Related
I am using a package that used to be available on NPM but since then it has been removed from NPM and GitHub.
I still have the package downloaded in my node_modules folder.
Is there a way to save that package and keep it in my node_modules? I am okay with maintaining the package myself.
It would also be great if I could sync just this specific package with Git so I can share it with my teammates.
You can use that package as a local module and install it as a package in your application.
Check this out: Local dependency in package.json
I have searches for internet, but I am not sure:
I have installed NodeJS on my machine inside private network. I need npm install command to be working on private network. Security teem is asking me exact destinations in internet that are needed to be opened in order for npm install command to be working.
What are these destinations?
P.S. Ideally I would like all npm commands to be working. What destinations are needed in this case?
Thank you
https://registry.npmjs.org, this is the default registry for all the npm packages but you can change it by configuring ".npmrc" file.
NPM (Node Package Manager) uses by default the public repository https://registry.npmjs.org/ so if you will use public packages as dependencies that's the domain from where it resolves the dependencies to download them. Here is the documentation about NPM: https://docs.npmjs.com/cli/v8/using-npm/registry
Although, your projects could require private packages as dependencies, and those could be stored in private repositories (GPM, Artifactory, etc.). In that scenario you will need to know from where your project is downloading those dependencies.
There are two places where you can see the registry used in your case:
.npmrc file located at you user directory with the global configuration.
.npmrc file located at the root of your project managed by NPM.
// .npmrc
registry=https://registry.npmjs.org/
I'm trying to find a way to retrieve information about a npm compatible node package programmatically - specifically its name and peerDependencies.
I'm building a command line tool that accepts a package name that will be directly passed to npm install. Therefore a normal npm package name (like lodash) works, GitHub URLs like lodash/lodash#1234567 work and local file paths like /my/path/to/a/package also work.
This makes it hard to retrieve the name of the package that is installed, since the input is first resolved by npm and the resulting dependency name that is written to the package.json file.
I wanted to ask if there is a programmatic way to retrieve information about an npm package that is compatible with the user running npm install package from their command line, i.e. that offers the following functionality:
Resolving npm packages from the public and private registry (with all sorts of tag variants such as package#next)
Resolving GitHub dependencies (with all variants, such as commit hashes or tags)
Resolving tarball URLs
Resolving local packages in folders or tarballs
Things I have already tried:
Using pacote -> By default it does not use the authentication stored in ~/.npmrc
It also would be a very costly dependency in terms of package & dependency size
Parsing npm's install log (with --json) -> Not documented and appears to change with v7 to no longer contain the name of the installed dependency
Trying to use npm directly by importing the global module
No parseable information about the install process
Importing the global module also could be flaky and a local npm dependency would be very costly in terms of size
Using/Parsing npm show -> Does not work for GitHub URLs or local packages/tarballs
What I'm doing right now:
I'm parsing the package.json before the install and after the install and get the difference in dependencies (there should only be one). This dependency is then the resolved name that I can use to import the package.json and retrieve the list of peerDependencies.
But this feels very hacky and I still have to install the package before getting the info I need.
Therefore I wanted to ask if someone has a better idea to approach this problem.
What is the difference between installing a npm package via https and ssh? My expectation is that the downloaded package would be the same but this is not the case. For example:
// package.json
"dependencies": {
"lodash": "^4.17.19"
// vs
"lodash": "git#github.com:lodash/lodash.git#semver:^4.17.19"
}
When I use the first option, the actual npm package gets installed.
When I install via the second option, I get only the files that are whitelisted from the repo but not the actual package itself.
I don't see a good explanation in the npm documentation. Why aren't these installing the same thing? Is there a way to install the actual package via ssh and not the commit itself?
Two ways of installing dependencies.
From NPM repository itself (specify the version)
From github (specify a branch OR commit and tag)
It is advisable to publish to the registry the minified/compiled version of the library than the source unless it is necessary. So, it is possible that what you get from the NPM is different than the source repository itself.
It is really question of the "place" (npm or github) than the method (http or ssh)
The problem drove me crazy, there is a package in npm database, but it has some bugs, which are already fixed in github, how could I make use of the fixed version(github version)?
Edit:
You can install directly from the GitHub repository, even just using the GitHub username and the repository name:
npm install LearnBoost/socket.io
You can also add a <commit-ish>, specifying e.g. a commit hash or a version tag, like so:
npm install LearnBoost/socket.io#1.7.x
Without a protocol, this will be interpreted as git://github.com/LearnBoost/socket.io. You can also prefix the repo with gitlab:, gist: or bitbucket:, respectively. For more information, see Using git URLs as dependencies.
You can install directly from a URL, example:
npm install https://github.com/LearnBoost/socket.io/tarball/master
You can find the URL on Github under "Downloads" on any project page. Select the "Download as tar.gz" link.
Or you can install a tarball:
npm install foo.tar.gz
See npm install(1).
Edit:
I should mention that this works equally well in package.json files. Specify the URL instead of the version in your dependencies, like so:
...
"dependencies": {
"foo": "http://example.com/foo.tar.gz",
"bar": "1.2.x",
...
}
Other temporary solution, get the github project and use npm link (http://npmjs.org/doc/link.html) to link the local folder obtained through git to your node_modules folder in your own project. Anyway in the end, you'll have to wait for the project maintainer to do a npm publish.
Either add the module as a git sub-module (using git submodule) to your project or tell the module maintainer to update the version and trigger a npm publish to update the npm repository.
When using the sub-module way, be aware that you cannot update the reference using npm-commands.