I'm very new to npm, and I need to work with NPM packages like express, express-generator, ejs, mysql, etc on a server with no Internet access. This means that simply using npm install express will not work since I won't be able to connect to the NPM registry.
Do I go to the GitHub pages of each of the packages and download the zip files (e.g. https://github.com/strongloop/express/archive/master.zip), then do a npm install ./master.zip?
What I'm worried is that each of these packages in turn require a ton of other dependencies, which I have to then download individually.
One possible solution is setting up your own private NPM registry. Some of the advantages are:
NPM will work as it meant to
You will have a central place inside your company that can serve other developers/CI servers
It can be used to deploy your private NPM packages
Governance and security
You will need to deploy the packages you require into the private registry, or if possible have it proxy the public NPM registry.
There are multiple solutions available for setting up a private registry. For example you can use the npm-registry-couchapp or a Binary repository manager which supports NPM such as Artifactory (disclaimer - I'm affiliated).
Related
I have searches for internet, but I am not sure:
I have installed NodeJS on my machine inside private network. I need npm install command to be working on private network. Security teem is asking me exact destinations in internet that are needed to be opened in order for npm install command to be working.
What are these destinations?
P.S. Ideally I would like all npm commands to be working. What destinations are needed in this case?
Thank you
https://registry.npmjs.org, this is the default registry for all the npm packages but you can change it by configuring ".npmrc" file.
NPM (Node Package Manager) uses by default the public repository https://registry.npmjs.org/ so if you will use public packages as dependencies that's the domain from where it resolves the dependencies to download them. Here is the documentation about NPM: https://docs.npmjs.com/cli/v8/using-npm/registry
Although, your projects could require private packages as dependencies, and those could be stored in private repositories (GPM, Artifactory, etc.). In that scenario you will need to know from where your project is downloading those dependencies.
There are two places where you can see the registry used in your case:
.npmrc file located at you user directory with the global configuration.
.npmrc file located at the root of your project managed by NPM.
// .npmrc
registry=https://registry.npmjs.org/
Scenario
I have a configured nexus repository working as npm registry with redeploy enabled. I know that enable redeploy is a bad practice, but we are in stabilization stage.
Problem
When I try to install my private module into local nodejs project, I always get the previous version:
npm install acme-module --save
Validations
I deleted the folder in nexus repository and perform a new npm publish without any errors.
I can see the new folder, with correct .tgz and if I download it (right click and save) I can see my latest version of source code, which is good.
I tried to uninstall all npm modules, but always the previous version is downloaded.
Possible cause
If I disconnect from the internet, npm install is still working without any error. So I guess, my npm private module acme-module, is cached in some folder, and this prevent the download of latest version.
Question
Why npm install works without internet connection and how force the download of exact versions, located in my nexus registry instead local modules.
Similar questions
Force npm download from private registry (without response :S)
I work in a banking domain company so here many link and websites are blocked. Currently I am working on a project where I am using react and Node.js as tech stack.
So whenever I want to install any new dependency or just npm install I get access problem.
Is there any other solution to download the dependencies from package.json file apart from npm install
It'll be really tough not having yarn or npm do dependency management for you but there are options.
I highly recommend you set up a private npm registry just for your company. There are many paid and free services that can do this as well as open source self-hosted solutions. Once set up, all you have to do is edit your npm or yarn configurations and you're good to go.
Here is a link with plenty of options to get this going. A few that come to mind of the top of my head are Artifactory and npm itself.
If none of these work for you, you can always just manually download npm packages from their Github repositories but this will be very tedious and time consuming (maybe you can write your custom package manager?) but I definitely don't recommend this route.
We'd like to use Node on our build server but would prefer to archive modules in a repository. (As we do with maven and artifactory.)
My question is: What is the node repository equivalent of artifactory for maven?
Artifactory also support hosting NPM repositories. Artifactory support for npm provides:
The ability to provision npm packages from Artifactory to the npm command line tool from all repository types
Calculation of Metadata for npm packages hosted in Artifactory's local repositories
Access to remote npm registries (such as https://registry.npmjs.org)
through Remote Repositories which provide the usual proxy and
caching functionality
The ability to access multiple npm registries from a single URL by
aggregating them under a Virtual Repository. This overcomes the
limitation of the npm client which can only access a single registry
at a time.
Compatibility with the npm command line tool to deploy and remove
packages and more.
Support for flexible npm repository layouts that allow you to
organize your npm packages and assign access privileges according to
projects or development teams.
A good article at : https://blog.theodo.com/2016/01/speed-up-npm-install-with-a-nexus-proxy-to-cache-packages/
It mention the Nexus can do it. There is a free and open source version of Nexus Repository at https://www.sonatype.com/download-oss-sonatype. It can support Maven, NPM and many other repositories types.
At work we have an internal NPM Registry that houses our internal modules and passes through to npmjs.org for modules that are not in the registry. In order to use it I've added the following line to my ~/.npmrc file
registry=http://**privateurl**
Which works great while I'm at work or connected to the VPN but when I'm working on other stuff at home and not on the VPN running npm install fails because the private repository cannot be reached.
Is there a way I can add a timeout and a fallback to npmjs.org if the private npm repository cannot be found?
You could run npm install with --reg option from home forcing to fetch from npmjs.org
npm install express --reg https://registry.npmjs.org
... as mentioned in this SO Answer.