I'm more familiar with the Python ecosystem at this point and have a question about how I can do something with npm that I'm used to doing with pip.
Let's say I have a wheel for a particular Python package, as well as a wheel file for each of the Python package's dependencies. And let's say I have all these wheel files in a folder called /path/to/wheel/files. To install this package and all of its dependencies, I could run something like pip install /path/to/wheel/files/*.whl --no-deps, where --no-deps keeps me from having to install the various dependencies in the proper order.
Does npm have an equivalent to this? I'm using npm-offline-packager to create a tarball that contains a Node package (as its own tarball) and all of its dependencies (as their own tarballs). I know I can tell npm install to install a particular tarball. However, when I do this, it tries pulling in the required dependencies from the online NPM registry instead of pulling in the dependencies from the tarballs I already have.
Ideally, I'd like npm install to use the tarballs to add the main package to my project's package.json while adding the package's dependencies to my project's package-lock.json. And of course, I'd also like the main package and all its dependencies to be installed to my project's node_modules directory as well.
TL;DR Does npm have something equivalent to pip install /path/to/wheel/files/*.whl --no-deps?
I'm responding to my own question here, but note that my answer is only applicable to my particular use case and may not be applicable in general.
For my use case, I have access to two computers: one that has access to the internet and one that doesn't. For the machine that doesn't have access to the internet, I was attempting to use Verdaccio as a way of creating a self-hosted NPM registry. However, publishing packages to Verdaccio wasn't working because it kept trying to pull in the package's dependencies from the public NPM repository. The solution was to remove all references to "npmjs" in Verdaccio's config file (which, for me, Verdaccio created at ~/.config/verdaccio/config.yaml).
So, in case anyone needs to do development on a machine that doesn't have access to the internet, the process for setting up Verdaccio looks something like this:
On the machine that has access to the internet, create an NPM project using npm init (I called my project "verdaccio_runner"). The reason I did this is because, without already having an NPM registry on the machine that doesn't have access to the internet, it was hard doing a global install of Verdaccio.
Run npm install verdaccio to install Verdaccio to the NPM project that was created in the previous step.
Transfer this project over to the machine that doesn't have access to the internet.
Once it's transferred over, run Verdaccio from the project like this: npx verdaccio.
Quit out of Verdaccio.
Remove all references to "npmjs" from the config file that Verdaccio created (again, mine was at ~/.config/verdaccio/config.yaml).
Run Verdaccio again to pull in those changes.
Tell NPM where your private registry is: npm config set registry http://localhost:4873/.
Add yourself as a user by running npm adduser and by then filling out the information you're prompted for.
And the process for publishing packages to Verdaccio on a machine that doesn't have access to the internet looks like this:
For the package you want to install, on the machine that has access to the internet, run npo fetch <package name> --no-cache (assuming you've already done a global install of npm-offline-packager on the machine that has internet access).
Bring the tarball that npo created for you over to the machine that doesn't have internet access.
Untar the tarball.
From the directory that's created, run for file in ./*.tgz; do npm publish $file; done.
The published packages can now be npm installed to projects on the machine that doesn't have internet access.
Note: in order for Verdaccio to be accessible to other machines on the private network, I also had to add the following to Verdaccio's config file:
listen:
0.0.0.0:4873
Related
I have a project that I'm working on for a client where I have two private packages (which I can't get access to npm install) are inside the package.json.
I do however have access to clone the repos for those said packages. If I simply run an npm install I'll get a permission denied error. Same if I run npm link to the packages.
I've been working around this by removing the packages from the package.json then running npm install ../some-package. This works but isn't a great solution because if I wanted to add a new package I'd have to deal with a bit of a mess with the package.json.
Is there a better way than this?
I have tried running npm link ../some-package but I still get access denied. The only way I've managed to complete an install is by removing the packages then installing them from a local dir.
I don't know the details of your situation, but I see at least two potential solutions to explore.
Option 1: Install the package from the repo
I do however have access to clone the repos for those said packages.
You can install from a git repo and package.json will record that git repo as the source of the package rather than the npm registry.
From the docs at https://docs.npmjs.com/cli/v8/commands/npm-install:
npm install :
Installs the package from the hosted git provider, cloning it with git. For a full git remote url, only that URL will be attempted.
Option 2: Install from the local file system with --no-save
If that approach doesn't work for you, you can try npm install --no-save ../some-package as a build step. The --no-save makes it so it doesn't modify package.json.
I'm working on creating a local repository that will contain all packages I use in my project, so I can have those packages installed on a machine that does not have access to the internet. I think of the repository that I could clone on the machine and run yarn install to have all the packages available in the project from the local repository. How can I do that? Similar question was asked here Using npm how can I download a package as a zip with all of its dependencies included in the package
There's not enough information in your question to fully understand your situation, but if you commit your node_modules directory to the repository, the modules will be there without the user having to run npm or yarn to install them. This assumes the user will run code from the repo workspace and that there aren't any modules that require a compilation step or other build step that may be platform-specific. But if they're all plain ol' JavaScript modules, you should be fine.
If you want to have all the modules as a separate repo rather than checking in node_modules, I can offhand think of two ways this might work.
Have the packages repo be a check-in of a fully installed node_modules directory. Then make that repo a Git submodule of the main repo that gets cloned as node_modules in the main repo.
Use npm pack to create .tgz files for each package you need. Store those files in the packages repo. Clone that repo into a known path on your target machine. Have the main repo install via path names. For example, if you run npm install /var/packages/foo-1.0.0.tgz, it will add a line to your package.json that might look something like this: "foo": "file:../../../var/packages/foo-1.0.0.tgz". In that case, npm install will install from that path rather than over the network.
I would like to install repos to a parent repo and specify by branch name.
I have tried the following:
npm install username/repo#branchName --save
npm install username/repo#branchName --save
npm install username/repo#tag --save
npm install username/repo#tag --save
I'm getting an error that says:
Could not install from {theRepoWithBranch} as it does not contain a package.json file.
The repo definitely contains a package.json file.
I'm wondering if this is a permissions issue given I'm using an enterprise npm registry.
npm/npm issue 19788 does mention:
Currently, npm does not support installation of modules from git services hosted on private domain names.
That includes both Github for Enterprise on custom domains as well as instances of gitlab, gitea, gogs, bitbucket and many others, basically anything hosted on a custom domain name.
With the comment:
So, obviously you reference installing via an http(s):// URL directly, but just as an fyi, our GitLab Enterprise instance allows us to install using a slightly different format.
We have 2FA enabled, so it requires SSH to be used.
From the docs.
npm install <git-host>:<git-user>/<repo-name>
npm install <git repo url>
We were able to actually install our repos like this:
npm install git+ssh://git#gitlab.mydomain.com:user/repo.git
So this is more a URL format combined with permission issue.
Regarding the branch, as seen here, your syntax is correct.
And:
if I prepend git+ on the HTTPS URL it works (I run gitea which accepts basic auth)
See also npm/hosted-git-info PR 30
For a company project, I'd like to set up a private npm registry using Artifactory or Nexus, so packages can be shared with everyone without publishing them on https://registry.npmjs.org/
In maven I would set up a release and a snapshot repo. For resolving I would put them in a group alongside a proxy of maven central.
How does a setup for npm look like? npm's semver is able to differentiate release and prerelease, but I assume that routing them to different registries could be quite a difficult task.
On the other hand one might want to be able to have control over what gets pushed to the "release registry", implementing permissions accordingly. For this you would have to use a "prerelease" and a "release" registy.
according this link. How to set up a free private npm registry… for Windows
you can use the Verdaccio.follow this:
Download the ‘Current’ version of NodeJS .
Install Python. Open Powershell as an Admin and run
npm i -g --production windows-build-tools
then Run
npm i -g node-gyp.
Get the Python.exe file path.
Verify where Python was installed, typically it is stored in the following folder
C:\Users\user-name.windows-build-tools\python27
copy the path + \python.exe.
Add a new Environment Variable.
open the File Explorer and right-click on Computer and select Properties.
Select Advanced system settings and then select Environment Variables.
If PYTHON is not listed under System Variables select New.
Add PYTHON as the variable name and the saved path from Step 3 as the variable value -> Select OK.
Installing / Configure Verdaccio
Open up a command prompt and run npm i -g verdaccio.
Verify the install for Verdaccio was successful.
Open up a new command prompt and run verdaccio You should see the following output.
Open up your favorite browser to localhost:4873
more info:
www.verdaccio.org/docs/en/installation
www.npmjs.com/package/verdaccio
I hope is useful.
If I understood you correctly you would like to have the ability to have a "release" and "snapshot" repository for NPM same as you have now for Maven.
If this is indeed the case then what you can do in Artifactory is to set 2 repositories, one for the "prerelease" and another one for the "release" and aggregate both under one virtual NPM repository. As you mentioned you can have a different set of permissions for each repository and therefore control who can deploy/resolve dependencies and also have the ability to move artifacts from one another.
Hope that answers your question.
In terms of how to do this in Nexus Repository if you really need to, I'd suggest setting up:
npm-release (npm hosted)
npm-prerelease (npm hosted)
npm-all (npm group)
Make the group include both members (so you can install using one URL), and then in your build script or whatever you are using to publish into Nexus Repository, just use the --registry flag to specify which repository you want to publish in to, something akin to this for a "release":
npm publish --registry http://localhost:8081/repository/npm-release/
And this for a "prerelease":
npm publish --registry http://localhost:8081/repository/npm-prerelease/
Here are the npm docs for Nexus Repository 3.x if you need some more help: https://books.sonatype.com/nexus-book/reference3/npm.html
When I deploy my app to AWS, it's copied into a new directory, so NPM will install all the same packages, during each deploy, which can take a lot of time. Most of these packages haven't changed between builds (if at all), so having it do a full npm-install seems like a waste.
My app server runs a bunch of different Node apps, so installing globally isn't an option. Instead I'd like to have the app store it's node packages in a location that isn't wiped out during deployment, but have the option to update packages as necessary during npm install.
Does NPM have a concept of an app-specific module directory that isn't located in a subfolder of an app? That way I can delete the app folder, and not have to reinstall the same packages over and over again.
I could achieve this by using symlinks, or migrating the current node_module directory.
If you lock down your dependencies versions, NPM is likely to cache the packages. So the installation wouldn't take much longer.
If you prefer not to do this, you can install dependencies globally and link them with the npm link command (which is basically creating a symlink yourself!). Then, it'll be up to you update the globally installed packages regularly.