npm i failed because of dependency in private registry - npm

I published a private npm package for internal usage (to npm.pkg.github.com).
then i created another private npm package in the same registry which uses the first private package as a dependency. all the other packages are from the default npm registry.
when I try to install the second npm package to a new project, the install fails, because npm i tries to install the dependency (my first private package) from the default npm registry (i assume the .npmrc of my package gets ignored)
how can i fix that ?
what i have tried so far:
install the dependency package before adding the second package (still 404 after the second step)

Use the information from the npmrc file (where you scope the package to a specific registry) in your global .npmrc file on the device you want to install the private dependency package

Related

yarn workspace has problem with private npm registry

I'm trying yarn workspaces with modules that have private dependencies - so that there's a line like this specified in .npmrc:
//npm.pkg.github.com/:_authToken=this-is-some-fake-token
Token is obviously different. So when I run yarn from inside that module it grabs private modules just fine, however when I try to run it from the workspaces root, it fails with the error that it cannot find given private module on npm registry (but of course it can't - it probably shouldn't even be looking there):
error Couldn't find package "#namespace/module#1.1.4" required by "one-of-workspaces#0.0.1" on the "npm" registry.
Obviously in this case yarn doesn't respect .npmrc that I've dropped in the workspaces root, but why? Or it is not even supposed to? And doesn't support private registries in workspaces mode?
Yarn will respect .npmrc from your home directory (not 100% sure about monorepo root).
What you are for sure missing in your .npmrc is the line that mentions that #namespace packages should be picked from GPR:
//npm.pkg.github.com/:_authToken=this-is-some-fake-token
#namespace:registry=https://npm.pkg.github.com/

NPM local dependency WITHOUT copying

To make development easier it's possible to specify local NPM dependency:
{
"dependencies": {
"mylib": "file:/projects/mylib"
}
}
The problem is that you required to do npm install and the mylib will be COPIED to the node_modules. So if you change mylib you need to run npm install again.
I wonder if there's a way to do the same but as a link not as a copy, so it will be the live version of the package and any change would be instantly visible?
To avoid using the npm link command, which works creating a symlink in the global npm folder, you can try using the npm-file-link package. It works modifying the original dependency by one to the local package using the "file:" npm feature, and you can link or unlink at a time all packages you want, whenever they are all under the same folder.

npm install of private package fails when package has public dependencies

Lets say I have a private npm repository, hosted within JFrog artifactory:
https://my-domain.com/artifactory/api/npm/my-repo.
In this repository I published one npm package: my-package, which builds fine. my-package has a dependency (or more) to public npm packages e.g. lodash.
However, when I create a new project and attempt to install my-package I get the following error:
$ npm install my-package --registry https://my-domain.com/artifactory/api/npm/my-repo
npm ERR! code E404
npm ERR! 404 Not Found - GET https://my-domain.com/artifactory/api/npm/my-repo/lodash - not_found
npm ERR! 404
npm ERR! 404 'lodash^4.17.11' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404 It was specified as a dependency of 'my-package'
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\<username>\AppData\Roaming\npm-cache\_logs\2019-04-29T12_47_51_647Z-debug.log
It appears as though npm is searching within my private repository for all the dependencies my-package requires when I specify the --registry option when running an npm install. However, my-package is dependent upon public dependencies, which are not in my private registry.
My Question
How to install an npm package from a private registry that has public dependencies? Perhaps this is also just a JFrog issue?
Any help would be greatly appreciated!
By specifying a registry with: --registry https://my-domain.com/artifactory/api/npm/my-repo npm is attempting to resolve all necessary packages, by name and version, from your private repository location:
domain.com/artifactory/api/npm/my-repo.
To resolve these public dependencies which your private library depends upon you have two options:
Set up a Virtual Npm Registry. (Recommend this approach)
Package all necessary dependencies within your private repository.
A Virtual Repository defined in Artifactory aggregates packages from both local and remote repositories. This allows you to access both locally hosted npm packages and remote proxied npm registries from a single URL defined for the virtual repository.
By setting up a virtual repository which references both your private repository location and the default public npmjs location you will be able to download your private libraries as well as any public npm package by specifying your above mentioned registry.
Since you mentioned JFrog take a look at their confluence page which walks you through the process of creating a virtual repository.
However, if you decide to use option 2 you will have to package all the necessary dependencies within your private repository. Then your private library will be able to properly pull the dependencies it's dependent upon. I would advise against this approach since you will be duplicating work already provided by npmjs and you will additionally have to keep updating your private repository to include new libraries or newer versions of existing libraries.
Hopefully that helps!
My solution...
involved updating my .npmrc file:
I changed registry=https://npm.pkg.my-domain.com
to #my-private-scope:registry=https://npm.pkg.my-domain.com
Here's why
In it, I had specified that registry=https://npm.pkg.my-domain.com (followed by my auth token) so that I could import a private package from the #my-private-scope scope. However since i left at the #my-private-scope: part, I was changing the URL for all decencies, not just the ones that are part of my private organization. I made the change to specify the my-domain URL for only the dependencies at that scope.

How to install npm own local packages?

I have 2 projects(packages) in npm, I want to inject package_A as dependency to package_B. In package_A root folder, I run npm install -g, then npm install it to C:\Users\Myuser\AppData\Roaming\npm\node_moduls\package_A folder. Now in packages.json in package_B I add "package_A": "1.0.0" in dependencies. When in package_B root file I run npm install, its failed package_A#1.0.0 not found.
How can I identified npm to its my own local package?
Notes:
We are a team, then I don't want to address package_A explicitly.
We are using nexus repository manager.
I don't want to publish my projects to http://registry.npmjs.org/.
I'm not 100% clear what you have tried. If you are going to use a custom module for another application you are developing, installing globally won't do the trick. You have to publish that module in npm.
Check this link for more info on publishing in npm
If you have completed the steps correctly, and still no good happens, please check your naming of the module in package.json file.
Instead of typing in the name and version number in package.json file and then npm install, try directly installing in the terminal with --save so that it will automatically be added to package.json file with correct spelling.

Where does the NPM package come from?

I have question about npm. When I writing 'npm install' npm packages are installing in folder 'node_modules'.
Where does the NPM package come from? Is it git repository?
NPM (Node Package Manager) can install a node module (i.e., a package) from any number of locations. In many cases, npm-install installs all the packages listed in the package.json file associated with your application and by default stores them in your local node_modules folder.
If it reads the package to be installed from your package.json, then typically, the package is retrieved from https://registry.npmjs.org/.
However, you can install packages from git, other servers, or even a local NPM package that you create and name.