Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Can I run a private npm repository without replicating the public repository?

I'm writing a number of pieces of code (for internal use) using node.js and want to store the modules (packaged up for npm) in a package repository for each distribution to the various machines they will be installed on.

Ideally, I'd like a solution similar to Debian's apt repositories in which I can run a private repository server and configure npm to use a list of repositories to install from (When installing "foo", if "foo" is known by my private server install it from there, otherwise install it from the public server).

However, it looks like the npm registry configuration key only accepts a single URL.

Is there a way to achieve what I want?

The closest I've been able to find have been:

  • Mirroring the public repository locally and adding my packages on top of it… but I don't want to keep that amount of data (2.5G and still downloading) replicated on AWS.
  • Hosting all my packages in git repositories and installing from there (which is more of a hassle).
  • Hosting static packages on HTTP (as far as I can tell, this would prevent me from automatically getting "the latest version". I suppose I could do something with symlinks, but that is still less flexible than git, requires full URLs (which need to be kept up to date), and doesn't give a searchable repository.
like image 399
Quentin Avatar asked Jan 30 '13 16:01

Quentin


People also ask

How do private npm packages work?

With npm private packages, you can use the npm registry to host code that is only visible to you and chosen collaborators, allowing you to manage and use private code alongside public code in your projects. Private packages always have a scope, and scoped packages are private by default.

Where can I host npm private packages?

If you want to host a private NPM package but do not want to pay US$ 7 per user, per month to host it directly at https://www.npmjs.com/ this post is for you.


1 Answers

I just set this up for my work. Here's what I did:

  1. Setup empty NPM registry: I followed the instructions from this fork of npmjs.org, which adds much improved documentation.

  2. Setup Kappa: I used Kappa, a great npm proxy from Paypal. (I'm guessing they have a very similar use case to most people who want a private repository; this was exactly what I wanted).

  3. Setup npm_lazy (optional): I wanted a nice cache of frequently used packages in case npmjs.org went down, so I added npm_lazy in front of the whole thing, as a caching layer.

Whole thing took two days(ish) to get up and running. As a side note, if you're worried about people pushing to the public registry by accident, I recommend adding this to your package.json:

"publishConfig": { "registry": "http://my-registry.example.com" },

This really is just a bit of paranoia; once you setup your npm to point to your Kappa/npm_lazy instance, Kappa handles publishing to your private repository for you.

Note: Kappa will only every publish to the first repository in it's config. If you need to publish to both your private registry, and the public, you will need to work out your own solution.

like image 76
Chris Case Avatar answered Sep 30 '22 03:09

Chris Case