I am trying to get jspm working with a private npm registry (which mirrors the public registry).
I used the endpoint config tool to configure jspm from .npmrc appears to work successfully
GAVINJ:jspm-test gavinj$ jspm endpoint config npm
npmrc found, would you like to use these settings? [yes]:
npm registry [http://registry.npm.ourcompanyname.net/]:
Would you like to test these credentials? [yes]:
ok npm authentication is working successfully.
ok Endpoint npm configured successfully.
Installing our package 'michelangelo' (which is not in the public npm registry) works just fine
GAVINJ:jspm-test gavinj$ npm install michelangelo
highstock-release#2.0.4 node_modules/highstock-release
jquery#2.1.3 node_modules/jquery
d3#3.5.5 node_modules/d3
lodash#3.3.1 node_modules/lodash
michelangelo#2.0.1641 node_modules/michelangelo
Attempting to install the same npm package via jspm does not work.
GAVINJ:jspm-test gavinj$ jspm install michelangelo=npm:michelangelo
Looking up npm:michelangelo
err Repo michelangelo not found!
warn Installation changes not saved.
Attempting to install lodash via jspm works perfectly
GAVINJ:jspm-test gavinj$ jspm install lodash=npm:lodash
Looking up npm:lodash
Updating registry cache...
Looking up github:jspm/nodelibs-process
Looking up npm:process
ok Up to date - lodash as npm:lodash#^3.3.1 (3.3.1)
ok Install tree has no forks.
ok Install complete.
Here's what my jspm config file looks like
{
"registry": "jspm",
"endpoints": {
"github": {
"timeouts": {
"lookups": 60
},
"handler": "jspm-github",
"remote": "https://github.jspm.io"
},
"npm": {
"timeouts": {
"lookups": 60
},
"registry": "http://registry.npm.ourcompanyname.net/",
"remote": "https://npm.jspm.io",
"auth": "PRIVATE_HERE_BUT_SAME_AS_NPMRC_FILE",
"handler": "jspm-npm"
},
"jspm": {
"timeouts": {
"lookups": 60
},
"handler": "jspm-registry",
"remote": "https://registry.jspm.io"
}
}
}
Any idea why I am unable to install the npm pacakge via jspm? Or, any advice on how I could track down the problem?
It turns out that the registry url cannot end with a /.
Once I removed the trailing slash it worked like a charm.
Related
How can I override binary-host in node-canvas package.json so it fetches pre-built binariy tarballs from my Jenkins-allowlisted corp server instead of GitHub?
"binary": {
"module_name": "canvas",
"module_path": "build/Release",
"host": "https://github.com/Automattic/node-canvas/releases/download/",
"remote_path": "v{version}",
"package_name": "{module_name}-v{version}-{node_abi}-{platform}-{libc}-{arch}.tar.gz"
},
Otherwise it goes to GitHub.com and errors our since GitHub is not permitted.
npm install canvas --canvas_binary_host_mirror="https://www.makarovcomedy.com" Works, but it doesn't work in yarn.
This works for all:
npm config set canvas_binary_host_mirror https://www.makarovcomedy.com
Source: https://github.com/mapbox/node-pre-gyp/pull/170/files
I am not sure weather it is possible or not.
Is it possible to prevent publish when npm publish ran directly and make it accessible only via scripts.
User must be denied when npm publish is executed directly. i.e. User mush be able to publish via any scripts or npm run <script>
or
is there a way to tell npm only to publish <folder>/ or to look for a tarball when published.
If I mark it private I won't be able to publish at all. My main intention was to prevent accidental publishes.
NPM team gave a simple workaround which is awsome.
package.json
{
"prepublishOnly": "node prepublish.js",
"release": "RELEASE_MODE=true npm publish"
}
prepublish.js
const RELEASE_MODE = !!(process.env.RELEASE_MODE)
if (!RELEASE_MODE) {
console.log('Run `npm run release` to publish the package')
process.exit(1) //which terminates the publish process
}
Mark the package as private:
If you set "private": true in your package.json, then npm will refuse
to publish it.
This is a way to prevent accidental publication of private
repositories. If you would like to ensure that a given package is only
ever published to a specific registry (for example, an internal
registry), then use the publishConfig dictionary described below to
override the registry config param at publish-time.
{
"name": "some",
"version": "1.0.0",
"private": true
}
If you are trying to force something to happen before publishing, leverage the prepublish or prepublishOnly npm-script.
Yes, we can restrict npm to prevent accidental publish by making private: true in package.json
You can have script for publish also
In your package.json
{
"scripts": {
"publish:mypackages": "npm publish folder1/file1.tgz --registry http://custom-registry..."
}
}
Now in cmd: npm run publish:mypackages
It publishes the given tarball to the registry you have given.
I have a private npm registry with npmjs.org which contains several private npm packages. We are moving to a private npm registry in-house (verdaccio). Long-story short, with our AWS infrastructure, the verdaccio server could be rebuilt for many reasons and the main issue is that when a new server is spun up with a fresh verdaccio install, It won't have any packages published, obviously. I'm trying to create a script that will run when the server is created that will do a few things:
1. Ask the user what the previous npm registry is along with an authToken for a user (is our case, a service user that only the server uses)
2. Query the previous npm registry to get a list of all private scoped packages with all its versions
3. Copy/Migrate/Publish all previously existing packages and versions to the new verdaccio registry so the first person to run "npm install" will get them.
There are several utility packages out there for helping with type of task, but none deal with private packages. I've tried using the authToken from the .npmrc file that gets generated when a user is logged in, from within a curl command, but nothing gets returned. I've tried using the npm search function. I've tried all of these utility packages. I've tried the npm v2 api, but nothing seems to return private packages.
https://www.npmjs.com/package/registry-migrate
https://www.npmjs.com/package/npm-migrate
https://github.com/finn-no/migrate-npm-registry
https://github.com/npm/npm-registry-client
https://api-docs.npms.io/#api-Package-GetMultiPackageInfo
Anyone have any ideas?? Thanks!
You need to add the NPM_TOKEN in the npm registry API.
I found 2 endpoints that can help you perform any necessary logic with the versions of the private npm packages
List all private npm packages names and access
curl -H "Authorization: Bearer $NPM_TOKEN" "https://registry.npmjs.org/-/user/[NPM_USERNAME]/package"
Example response:
{ "my-package": "write" }
** NPM_USERNAME can be the organization's scope.
Fetch npm package details
curl -H "Authorization: Bearer $NPM_TOKEN" "https://registry.npmjs.org/[NPM_PACKAGE_NAME]"
Example response:
{
"_id": "my-package",
"name": "my-package",
"dist-tags": { "latest": "1.0.0" },
"versions": {
"1.0.0": {
"name": "my-package",
"version": "1.0.0"
//...
}
//...
}
}
I used to publish my NPM projects to Nexus using a DSL pipeline containing a publish stage with this kind of step :
stage ('Publish') {
nodejs(nodeJSInstallationName: 'Node LTS', configId: '123456ab-1234-abcd-1234-f123d45e6789') {
sh 'npm publish'
}
}
I have a NodeJS installation named "Node LTS" on my Jenkins and a npmrc config file with this configId.
Now I want to export this stage into a groovy SharedLib.
According to Declarative Pipeline documentation and this nodejs-plugin issue, I could write this :
stage('Publish') {
tools {
nodejs 'Node LTS'
}
steps {
sh 'npm publish'
}
}
But this does not set authentification configuration that is currently in my npmrc configuration file :
registry=http://my-nexus/repository/npm-private/
_auth="some=base=64=credential=="
always-auth=true
Any idea to retreive this configuration with declarative syntax and prevent this error message ?
npm ERR! code ENEEDAUTH
npm ERR! need auth auth required for publishing
npm ERR! need auth You need to authorize this machine using `npm adduser`
Taking a look to npm log files and reading documentation, I finally find the best solution was to specify the following publish configuration in my package.json file :
{
"name": "#my-company/my-project",
...
"publishConfig": {
"registry": "http://my-nexus/repository/npm-private/"
},
...
}
I leave the .npmrc configuration :
registry=http://my-nexus/repository/npm-private/
_auth="some=base=64=credential=="
always-auth=true
Note : the always-auth is needed, in my case, for automation script : https://docs.npmjs.com/misc/config
I struggled with having an node package published to nexus 3 from jenkins pipeline and here is what worked for me. It might help someone.
pipeline {
agent any
environment {
registryCredentials = "nexus"
registryPrivate = "http://nexus:8081/repository/your-nexus-repo/" // nexus repository
}
stages {
stage('Publish') {
steps {
script {
nodejs('your-jenkins-nodejs-name') {
sh("rm ~/.npmrc || echo 'trying to remove .npmrc'") // remove .npmrc
// this token is copied from ~/.npmrc file after a interactive npm login
// do a npm login to your nexus npm hosted private repo and get the token
sh 'echo "//nexus:8081/repository/vinsystems-npm/:_authToken=NpmToken.302af6fb-9ad4-38cf-bb71-57133295c7ca" >> ~/.npmrc'
sh("cd ./WebClientWorkspace && yarn install")
sh("cd ..")
sh("yarn publish ./path/to/your/js-library --registry=${registryPrivate} --registry=${registryPrivate} --non-interactive --verbose")
}
}
}
}
}
}
In my reactjs project I have a dependency on a module that is in another gitrepo(stash) so I created this in my package.json as a property of dependencies :
"somemodule":{
"name": "somemodule",
"dependencies": {
"private-repo": "https://link_to_the_other_repo"
}
}
This repo contains a minified version and non minified version of the same file. When I run npm install the module does not get installed, there is no error message either. How can I create this dependency?
I have managed to get the dist/minified version of the file from the other repo. How can I refer to this in my package.json?
To add a private git module:
If you have RSA key added to your machine(secure & recommended):
"dependencies": {
"package-name": "git+ssh://git#github.com/project/repo.git"
}
If you want https:
"dependencies": {
"package-name": "git+https://username:password#github.com/project/repo.git"
}
Its not recommended to store username, password in your package.json file, so better add ssh keygen to your machine and use the first one.