To preface, the project is using lerna with yarn workspaces and we are pulling in an internal NPM package from our private npm registry (not hosted with npm).
I currently understand how .yarnrc and .npmrc files can authenticate to private registries but our current project has settings already changed in these files. A developer could add credentials in these files but then they cannot commit the file to github.
I was hoping to find a solution where a developer on the project can add the private registry credentials in a .env file and then auth with said credentials somehow in a hook before lerna runs "install"
My main goal was to make it easy to work with the project and not rely on having each developer run 'npm login' or some other commands besides just including the correct credentials in their .env file. This also makes it easy for CI/deployment pipelines.
Are there any specific lifecycle hooks that can run before install in a lerna package?
Related
I'm working on creating a local repository that will contain all packages I use in my project, so I can have those packages installed on a machine that does not have access to the internet. I think of the repository that I could clone on the machine and run yarn install to have all the packages available in the project from the local repository. How can I do that? Similar question was asked here Using npm how can I download a package as a zip with all of its dependencies included in the package
There's not enough information in your question to fully understand your situation, but if you commit your node_modules directory to the repository, the modules will be there without the user having to run npm or yarn to install them. This assumes the user will run code from the repo workspace and that there aren't any modules that require a compilation step or other build step that may be platform-specific. But if they're all plain ol' JavaScript modules, you should be fine.
If you want to have all the modules as a separate repo rather than checking in node_modules, I can offhand think of two ways this might work.
Have the packages repo be a check-in of a fully installed node_modules directory. Then make that repo a Git submodule of the main repo that gets cloned as node_modules in the main repo.
Use npm pack to create .tgz files for each package you need. Store those files in the packages repo. Clone that repo into a known path on your target machine. Have the main repo install via path names. For example, if you run npm install /var/packages/foo-1.0.0.tgz, it will add a line to your package.json that might look something like this: "foo": "file:../../../var/packages/foo-1.0.0.tgz". In that case, npm install will install from that path rather than over the network.
I'm using a scoped package in my application, some modules from it are stored on GitHub packages and the rest are in npm registry. Till now I was using only one module that is stored on GitHub, but now I need to install another one stored on npm.
Currently my .npmrc file looks like this:
registry=https://registry.npmjs.org/
#custompackage:registry=https://npm.pkg.github.com/
I want to inform npm to install specific scoped module from npm registry and keep installing others from GitHub packages. Updating .npmrc like this doesn't work (it continues looking the subpackage on GitHub):
registry=https://registry.npmjs.org/
#custompackage:registry=https://npm.pkg.github.com/
#custompackage/module1:registry=https://registry.npmjs.org/
Is it possible at all to configure .npmrc to get a part of scoped package modules from npm and the rest from GitHub pages?
I have some local modules which are inhouse developed and I copy to my node_modules folder manually.
When I do this they work fine but after I install some other stuff via ng add or npm install the folder is removed. My question is how can I prevent this from happening so I don't have to copy the files again ?
You need to specify your dependencies in package.json or else you cannot rely on them being in node_modules. Various npm commands might remove it, notably npm ci but also others.
If your package is not publicly published, some options are:
Use a non-public registry and publish it there.
Publish it as a scoped package with limited visibility. You will need a paid or organization account on npm for this. Individual accounts are US$7 a month.
Use npm link to "install" it from your local file system.
Use a postinstall or other life cycle script to have npm copy in your packages for you each time after npm ci or npm install is run.
There are likely other options, but those are the ones that come to mind immediately.
For a company project, I'd like to set up a private npm registry using Artifactory or Nexus, so packages can be shared with everyone without publishing them on https://registry.npmjs.org/
In maven I would set up a release and a snapshot repo. For resolving I would put them in a group alongside a proxy of maven central.
How does a setup for npm look like? npm's semver is able to differentiate release and prerelease, but I assume that routing them to different registries could be quite a difficult task.
On the other hand one might want to be able to have control over what gets pushed to the "release registry", implementing permissions accordingly. For this you would have to use a "prerelease" and a "release" registy.
according this link. How to set up a free private npm registry… for Windows
you can use the Verdaccio.follow this:
Download the ‘Current’ version of NodeJS .
Install Python. Open Powershell as an Admin and run
npm i -g --production windows-build-tools
then Run
npm i -g node-gyp.
Get the Python.exe file path.
Verify where Python was installed, typically it is stored in the following folder
C:\Users\user-name.windows-build-tools\python27
copy the path + \python.exe.
Add a new Environment Variable.
open the File Explorer and right-click on Computer and select Properties.
Select Advanced system settings and then select Environment Variables.
If PYTHON is not listed under System Variables select New.
Add PYTHON as the variable name and the saved path from Step 3 as the variable value -> Select OK.
Installing / Configure Verdaccio
Open up a command prompt and run npm i -g verdaccio.
Verify the install for Verdaccio was successful.
Open up a new command prompt and run verdaccio You should see the following output.
Open up your favorite browser to localhost:4873
more info:
www.verdaccio.org/docs/en/installation
www.npmjs.com/package/verdaccio
I hope is useful.
If I understood you correctly you would like to have the ability to have a "release" and "snapshot" repository for NPM same as you have now for Maven.
If this is indeed the case then what you can do in Artifactory is to set 2 repositories, one for the "prerelease" and another one for the "release" and aggregate both under one virtual NPM repository. As you mentioned you can have a different set of permissions for each repository and therefore control who can deploy/resolve dependencies and also have the ability to move artifacts from one another.
Hope that answers your question.
In terms of how to do this in Nexus Repository if you really need to, I'd suggest setting up:
npm-release (npm hosted)
npm-prerelease (npm hosted)
npm-all (npm group)
Make the group include both members (so you can install using one URL), and then in your build script or whatever you are using to publish into Nexus Repository, just use the --registry flag to specify which repository you want to publish in to, something akin to this for a "release":
npm publish --registry http://localhost:8081/repository/npm-release/
And this for a "prerelease":
npm publish --registry http://localhost:8081/repository/npm-prerelease/
Here are the npm docs for Nexus Repository 3.x if you need some more help: https://books.sonatype.com/nexus-book/reference3/npm.html
My node.js app uses a number of private shared modules hosted in git repos. I use git URLs like below in the dependencies block in package.json:
"xxx-accountMgr": "git+ssh://git#github.xxx.ibm.com:xxx/lib-account-mgr.git",
when "cf push" this errors during npm install on ssh:
npm ERR! git clone --template=/home/vcap/.npm/_git-remotes/_templates --mirror ssh://git#github.xxx.ibm.com/ipaas/lib-account-mgr.git /home/vcap/.npm/_git-remotes/ssh-git-github-xxx-ibm-com-xxx-lib-account-mgr-git-bf65c10c: ssh: Could not resolve hostname github.xxx.ibm.com: Name or service not known
i expected this as I haven't configured the ssh key in bluemix. is that possible? if not, what's the alternative to install modules from a private repo in bluemix?
If you are downloading a private module hosted on Git, you should be able to use https protocol (with creds) to access it.
There is a trick that could help avoid this issue if that is not an option for you:
1) Package private modules with your application (in node_modules)
2) Move the private modules to devDependencies in package.json, rather than dependencies, so that your local dev workflow is unaffected.
npm install will install dependencies and devDependencies. By
default, Bluemix will only install dependencies
Step 2 is necessary because even if you package the private node_modules with your application, staging for your application will fail because npm still tries to access your private repo to validate the dependency.
Also, if you had a .cfignore file ignoring the entire node_modules directory, that would have to be changed to ignore only the public modules.
If the private repo requires Github authentication to access the shared mdoules, Bluemix won't be able to access them. You can use a command such as git clone https://github.com/repo/etc but that will require the files to be accessible without authentication.
An alternative could be to manual install the files in your repo prior to using cf push so they are available. This is not a great solution but it will solve the problem in the short term.
The problem here is that Bluemix cannot reach back into the corporate network which is apparently where your github repo lives.
It has nothing to do with authentication, although what the others say here is accurate for publically accessible git repositories
This is a workaround what works for me is to use npmjs private modules. On one hand it will work and on the other hand it is really easy to manange versions, and reuse code. Of course you'll need to make some minor changes, but is totally worth it.
Upgrade your npmjs account to use private modules: https://www.npmjs.com/private-modules
On your computer log in to npmjs:
npm login
Publish your modules
Copy your npmrc file to your project:
cp ~/.npmrc /path/to/your/project
npm install your_module --save
Enjoy!
Be aware that if you ever change your password the token inside .npmrc will be revocated.
The token is not derived from your password password, but changing
your password will invalidate all tokens. The token will be valid
until the password is changed. You can also invalidate a single token
by logging out on a machine that is logged in with that token.
Source: https://docs.npmjs.com/private-modules/ci-server-config#checking-in-your-npmrc
You can also use cfnpm module (https://www.npmjs.com/package/cfnpm) it is designed to deal with private package in cliud foundry