Github Packages not proxying requests - npm

I'm using Github Packages as my npm registry and have some private packages hosted there. I want all npm install requests to proxy through Github Packages. According to this blog post and these docs this should happen by default. However, when I run npm install on my project, I get a package-lock.json file that uses Github Packages registry for my custom private package, but the default npm registry for others.
Example snippet from package-lock.json:
{
"name": "linting",
"version": "1.0.0",
"lockfileVersion": 1,
"requires": true,
"dependencies": {
"#babel/code-frame": {
"version": "7.10.4",
"resolved": "https://registry.npmjs.org/#babel/code-frame/-/code-frame-7.10.4.tgz",
"integrity": "sha512-8765asdf7865sadf+asdfsdfsdf/sfadsfg876675safsfsdfsdf678==",
"dev": true,
"requires": {
"#babel/highlight": "^7.10.4"
}
},
"#my-org/prettier-config": {
"version": "2.0.1",
"resolved": "https://npm.pkg.github.com/download/#my-org/prettier-config/2.0.1/sdg8765dsfg8675sdfg8765dsfg7685",
"integrity": "sha512-dsfgdfgdfgsdg56456ftg656h6h+sdfg876sdfg7865sdfg765675sdfg7865==",
"dev": true
}
}
}
I'm wondering whether my .npmrc file is setup incorrectly. In the project root it looks like this:
registry=https://npm.pkg.github.com/my-org
And the .npmrc in my home folder looks like this:
//npm.pkg.github.com/:_authToken=dsfg8765sdfg765dsfg685
Are my configs wrong, or is something else happening here that appears to be stopping the proxy?
Note all org names and keys changed to nonsense for the sake of this question.

Try adding a "/" to the end to make it like this
registry=https://npm.pkg.github.com/my-org/

Related

When I run an `npm install`, my package-lock.json removes `bundled: true`

Not sure if I've changed my npm version recently, but I looked at my diffs for pull requests and noticed that my package-lock.json has updated. Now it looks something like this in which the bundle:true is removed and is replaced with a resolved and integrity property.
package-lock.json
"#mydep": {
"dependencies": {
"dep": {
"version": "2.0.0",
// "bundled": true, // this is removed
"resolved": "mynpmregistry",
"integrity": "sha-190"
}
}
}
My main question is, why is bundled: true removed?

what is difference between npm install vs npm install --save?

when I installed node_module on my project.
with npm install
I changed
"dependencies": { "own_module": "github:own_module#v1.0"}
to
"dependencies": { "own_module": "github:own_module#v2.0"}
on package.json.
and execute npm install then, package-lock.json file changed.
but, it's hash value not changed..
"own_module": {
"version": "1.0",
"resolved": "git+ssh://git#github.com/own_module.git#diakvjj"}
to
"own_module": {
"version": "2.0",
"resolved": "git+ssh://git#github.com/own_module.git#diakvjj"}
with npm install --save github:own_module#v2.0"
this changed package.json automatically
"dependencies": { "own_module": "github:own_module#v1.0"}
to
"dependencies": { "own_module": "github:own_module#v2.0"}
and then, package-lock.json file correctly.
"own_module": {
"version": "1.0",
"resolved": "git+ssh://git#github.com/own_module.git#diakvjj"}
to
"own_module": {
"version": "2.0",
"resolved": "git+ssh://git#github.com/own_module.git#awerfd"}
why npm install could not change package-lock.json file automatically?
Now, I use npm#8.3.1 (meaning, version 8)
–save or -S: When the following command is used with npm install this will save all your installed core packages into the dependency section in the package.json file. Core dependencies are those packages without which your application will not give desired results. But as mentioned earlier, it is an unnecessary feature in the npm 5.0.0 version onwards.
read more on this link

How to use scoped packages in NPM workspaces?

My top package.json:
{
"name": "foo",
"version": "0.0.0",
"private": true,
"workspaces": [
"apps/*",
"packages/*"
],
"devDependencies": {
"#foo/eslint-config": "*"
},
"engines": {
"npm": ">=7.0.0",
"node": ">=14.0.0"
},
"dependencies": {},
"packageManager": "npm#8.18.0"
}
and I have a package in packages/#foo/eslint-config.
However, when I do npm install, I get an error saying that #foo/eslint-config is not in the registry.
I am assuming that I have either wrong directory structure.
Figured it out.
The package should have gone directly to packages/eslint-config directory.
The package name still needs to have the scope, i.e. #foo/eslint-config.
It appears that workspaces do not use the same convention of nesting scoped packages under a sub-directory as node_modules do.
It also appears that the folder name has no significance, as long as it is directly in the directory defined in workspaces configuration and has the correct package name.
Alternatively, you can also just update your workspaces configuration to read from packages/#foo/*.

Use local folder as package.json repository

Is there a way to setup a local folder to be used as package.json repository. The goal is to be able to use the cloud repository (https://www.npmjs.com/package) but the modules which are not found there to be searched and installed from a local folder.
Example package.json:
{
"name": "myproject",
"version": "0.0.0",
"dependencies": {
"standard-npm-module": "1.0.0", // installed from https://www.npmjs.com/package/standard-npm-module
"local-module": "1.0.0", // installed from local folder because it wont be found in https://www.npmjs.com/package/local-module
}
}
PS Yarn or npm any solution will be OK.
you can use local paths. for instance, see the package.json snippet below.
{
"name": "baz",
"dependencies": {
"bar": "file:../foo/bar"
}
}
you can also leverage npm, for instance:
npm install --save /path/to/module

package.json: Just download dependency but do not install it

I'm about to write a yeoman generator where the whole template is hosted on a git repository. So the package.json of my yeoman generator looks like
{
"name": "generator-foo",
"version": "0.1.0",
"description": "",
"files": [
"generators"
],
"keywords": [
"yeoman-generator"
],
"dependencies": {
"foo-template": "git://somewhere-in-the-world/foo-template.git#0.1.0",
"chalk": "^1.1.3",
"yeoman-generator": "^1.1.1",
"yosay": "^2.0.0"
}
}
Is there any way to prevent npm install from installing the foo-template package, i.e. running any postinstall script just for this package? Instead, it should be just downloaded to node_modules.
As describe here, postinstall scripts can be disabled globally for npm using --ignore-scripts flag.
As a complete solution, I would move your explicit dependency to foo-template to your local postinstall section with ignore scripts enabled:
{
"name": "generator-foo",
...
"postinstall": "npm install --ignore-scripts git://somewhere-in-the-world/foo-template.git#0.1.0",
"peerDependencies": {
"foo-template": "git://somewhere-in-the-world/foo-template.git#0.1.0"
}
}
Note that to make sure the dependency is explicitly described, we should mark it as a peerDependency (e.g. prevents package removal on prune).