Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Howto publish private projects to Sinopia (npm adduser for private registry fails)

Tags:

Ok so I finally managed to get a private npm registry using Sinopia. But I cannot publish anything to it.

TL;DR: Sinopia does not support npm adduser, but has its own user management. Also npm needs a valid user created before npm publish through npm adduser, which fails because the internal Sinopia server throws an error at the unsupported command....

How does one use Sinopia as a private registry with proper users and passwords

  1. create a global user in npmjs.org, and then another with the same password in Sinopia?
  2. Or is there an easier way to tell npm to just use a fixed user/pass.
  3. Or even better prompt me somehow for username and password?
  4. something else?

Synopsis:

Sinopia does not depend on Couch.DB and will hapilly fetch packages it does not already have from a master (default is the global npmjs.org).

Sinopia starts perfectly and is configured to listen on all interfaces. It works wonders in serving packages to

npm install

I even configured ~/.npmrc to always point to the internal registry.

All projects' package.json file is set to

  ....
  "publishConfig" : {
     "registry" : "http://internal-npm:4873"
  },
  ....

Also I managed to add custom users in sinopia by manipulating the config.yaml with the help of js-yaml

crypto.createHash('sha1').update('theBigPassword').digest('hex')

Now I am stuck at

npm --registry=http://internal-npm:4873 --ca=null publish

After a long wait I get:

npm ERR! need auth auth and email required for publishing
npm ERR! need auth You need to authorize this machine using `npm adduser`

npm ERR! System Linux 3.11.0-18-generic
npm ERR! command "/usr/bin/nodejs" "/usr/bin/npm" "--registry=http://internal-npm:4873" "--ca=null" "publish"
npm ERR! cwd /home/ciprian/workspace/netop-npm
npm ERR! node -v v0.10.15
npm ERR! npm -v 1.2.18
npm ERR! code ENEEDAUTH
npm ERR! 
npm ERR! Additional logging details can be found in:
npm ERR!     /home/ciprian/workspace/netop-npm/npm-debug.log
npm ERR! not ok code 0

The business end of the log file tells me that the user is not optional

86 error need auth auth and email required for publishing
86 error need auth You need to authorize this machine using `npm adduser`
87 error System Linux 3.11.0-18-generic
88 error command "/usr/bin/nodejs" "/usr/bin/npm" "--registry=http://internal-npm:4873" "--ca=null" "publish"
89 error cwd /home/ciprian/workspace/netop-npm
90 error node -v v0.10.15
91 error npm -v 1.2.18
92 error code ENEEDAUTH
93 verbose exit [ 1, true ]

Now, the chicken and egg issue is that Sinopia does not support npm adduser, but has its own user management like I mentioned above. Also npm needs a valid user created through npm adduser, which fails because the internal Sinopia server throws an error at the unsupported command.

like image 763
cdanea Avatar asked Mar 25 '14 14:03

cdanea


People also ask

How to publish to the private npm registry?

After the creation of the package, you can publish to the private npm registry using below command, Note: You can check the published package from the registry browser by navigating to http://localhost:4873. Now the same procedure you following to resolve package from the npm.org, you can resolve from your private npm server.

How do I publish private user-scoped packages?

Note: Before you can publish private user-scoped npm packages, you must sign up for a paid npm user account. Additionally, to publish private organization-scoped packages, you must create an npm user account, then create a paid npm organization.

Where can I find a private NPM server to manage packages?

In the market you can find several private npm servers to manage packages. So far the best solution is the Verdaccio. Since Verdaccio was forked based on Sinopia and 100% backward compatible and it supports with Docker for deployments as well as plug-ins. Alternatives: NPM-Register, DIY NPM, Git, Sinopia etc.

How do I test my package before publishing it to NPM?

To reduce the chances of publishing bugs, we recommend testing your package before publishing it to the npm registry. To test your package, run npm install with the full path to your package directory: By default, scoped packages are published with private visibility. On the command line, navigate to the root directory of your package.


2 Answers

First of all, it is not "chicken and egg" problem.

"npm adduser" does two things:

  1. it creates a new user on the remote server, or verifies that it exists
  2. it adds _auth to your .npmrc

Sinopia will complain if user doesn't exist, but if it does, it'll happily report success.


So, what you have to do is this:

  1. add user/pass to config.yaml (see josh's answer) and restart sinopia server
  2. run npm adduser --registry http://internal-npm:4873/

Yes, "adduser" command is confusing, because it won't actually add a new user. It'll just verify that user exists in config.

If you want, you can use "npm login" command. It is less confusing even though it does exactly the same thing. :)


Second of all, add this to your package.json:

"publishConfig": {
  "registry": "http://internal-npm:4873/"
}

This way npm won't publish it to the public registry anymore, even if it's a default one.


And lastly, you can't use two registries (npmjs and your private one) at the same time with the same npmrc. It's even less secure than you think.

It's okay in most cases, but if you have to use both of them (for example, you maintain public and private packages at the same time), use yapm instead of npm and write something like this to your .npmrc:

[registries."https://registry.npmjs.org/"]
_auth = (your auth string for public registry)

[registries."http://internal-npm:4873/"]
_auth = (your auth string for private registry)
always-auth = true

It'll prevent exposing your passwords to public registry in all cases.

like image 166
alex Avatar answered Sep 17 '22 14:09

alex


The Sinopia README tells you exactly what to do.

Adding a new user

There is no utility to add a new user but you can at least use node on the command-line to generate a password. You will need to edit the config and add the user manually.

Start node and enter the following code replacing 'newpass' with the password you want to get the hash for.

$ node
> crypto.createHash('sha1').update('newpass').digest('hex')
'6c55803d6f1d7a177a0db3eb4b343b0d50f9c111'
> [CTRL-D]

Insert the new user into your config.yaml file.

You then run npm adduser to login. (adduser is the command used for both account creation and login; sinopia does not support the creation part.)

like image 25
josh3736 Avatar answered Sep 16 '22 14:09

josh3736