I have a package in a private registry. I know it is there as I can pull it into some projects, but I can't pull it into one. I have the correct .npmrc one directory up but am still getting a 404 error.
Is there a way to check all registries that npm would use on install?
You can show the registry of a specific package with the npm view command.
> npm view angular
angular#1.7.5 | MIT | deps: none | versions: 136
HTML enhanced for web apps
http://angularjs.org
keywords: angular, framework, browser, client-side
dist
.tarball: https://registry.npmjs.org/angular/-/angular-1.7.5.tgz
.shasum: d1c1c01c6f5dc835638f3f9aa51012857bdac49e
.integrity: sha512-760183yxtGzni740IBTieNuWLtPNAoMqvmC0Z62UoU0I3nqk+VJuO3JbQAXOyvo3Oy/ZsdNQwrSTh/B0OQZjNw==
.unpackedSize: 2.1 MB
maintainers:
- angular <devops+npm#angular.io>
- angularcore <angular-core+npm#google.com>
- petebd <pete#bacondarwin.com>
dist-tags:
latest: 1.7.5 old: 1.2.32 previous_1_4: 1.4.14 previous_1_5: 1.5.11
published 4 weeks ago by petebd <pete#bacondarwin.com>
When you use npm config get registry you will see the default registry.
> npm config get registry
https://registry.npmjs.org/
With npm config list you can see custom configurations. When you have registered a registry for different scopes you will see them here
#polymer:registry=<url register A>
Related
I'm using a scoped package in my application, some modules from it are stored on GitHub packages and the rest are in npm registry. Till now I was using only one module that is stored on GitHub, but now I need to install another one stored on npm.
Currently my .npmrc file looks like this:
registry=https://registry.npmjs.org/
#custompackage:registry=https://npm.pkg.github.com/
I want to inform npm to install specific scoped module from npm registry and keep installing others from GitHub packages. Updating .npmrc like this doesn't work (it continues looking the subpackage on GitHub):
registry=https://registry.npmjs.org/
#custompackage:registry=https://npm.pkg.github.com/
#custompackage/module1:registry=https://registry.npmjs.org/
Is it possible at all to configure .npmrc to get a part of scoped package modules from npm and the rest from GitHub pages?
I have a custom .npmrc file as follows
#foo:registry=https://gitlab.com/api/v4/packages/npm/
// This works and it returns the latest dist tag from the registry as configured in .npmrc
npm view --json #foo/my-package dist-tags
// This fails with a 404
npm access ls-collaborators #foo/my-package
// npm ERR! 404 Not Found - GET https://registry.npmjs.org/-/package/%40foo%2Fmy-package/collaborators?format=cli - Package not found
Some more context:
I am trying to publish an npm package to a private package registry on gitlab using the np module. These commands seem to be executing as part of one of its steps for user authentication.
What am I missing?
Make sure "private": true is in your package.json file. I was running into a similar problem as you, and adding this fixed it for me.
I have installed node js and npm on my windows But when I try to install npm modules(packages) using
command>>npm install -g xxxx(package name)
It doesn't get installed, and it asked me to check proxy setting. As I am working on private network, so may be it doesn't allow me to access the url from which npm packages get downloaded.
Please tell me what is url for such npm packages from where it gets downloaded so that I can ask my network provider to give access for that site.
NPM packages are downloaded from https://registry.npmjs.org unless otherwise configured.
You can get the download URL for a package with npm view, for example JQuery:
npm view jquery dist.tarball
returns: https://registry.npmjs.org/jquery/-/jquery-3.5.1.tgz
You can change the default registry with npm set registry <new url>; this is typically used in large institutions or corporations with an internal registry mirror.
All npm packages are in fact downloaded from GitHub. However, npm resolves those GitHub dependencies via https://www.npmjs.com.
For example, express https://github.com/expressjs/express is the download link.
npm install -g express (or without -g).
The system does not know the GitHub location of the express package. So it must first lookup https://www.npmjs.com to get GitHub url. Then it will clone the package.
We've started using Nexus OSS 3 as a standalone NPM server and so far it's working great but there's one thing that makes little sense to me, and that is the requirement to do the npm login before being able to npm install self published packages.
We're following the proposed repository structure:
npm_proxy - to use as proxy toward npm public repo
npm_private_internal - to use to upload self created internal packages
npm_private_external - to use to upload 3rd party packages
npm_group - to wrap all of them together so they're reachable with one URL
Now I understand that npm login should be required when publishing a new package, but why is it required when doing npm install of one of the self published packages, and can it be avoided ?
It's not required if you allow anonymous read privileges to your npm repositories. But I guess you've not given these privileges to the anonymous user?
If so, the alternative would be to base64 encode the needed credentials in your .npmrc file as described here:
https://books.sonatype.com/nexus-book/reference/npm-deploying-packages.html
But using npm login would be preferable.
I've setup an Nexus (2.10.0) NPM repository and administrate an user with full access to this repo.
By setting the "_auth" and "always-auth" param in my local .npmrc the publishing and reading of npm artifacts are working well. But if i try to unpublish or deprecate an npm artifact i get still an error "...This request requires auth credentials. Run npm login and repeat the request...".
What is the preferred way to remove artifacts from an nexus npm repository?
thx,
David
Unpublish is currently not supported. Details see https://issues.sonatype.org/browse/NEXUS-6892
Also keep in mind that is not considered good practice to use unpublish as you can see from the npm documentation itself linked in the issue.
Unfortunately, Nexus 2.11 doesn't support npm unpublish or npm deprecate.
If the goal is to make your previously published versions of npm-packages inaccessible:
You can delete the packages from Nexus by manually removing the tarballs from .../nexus/storage/<your_npm_repo>/<your_package>/-/ on your Nexus server and creating a scheduled task to 'rebuild hosted npm metadata':
The npm metadata for a hosted repository
can be rebuilt based on the components found in the storage of a
hosted repository. The task can serve as a recovery tool in cases
where the npm metadata database got corrupted or the component storage
was created manually or via some external process like e.g. an rsync
copying.
This also works great for injecting old versions of packages into your npm-repo. (To get these tarballs, use npm pack.)