I have set my default registry to use a remote Artifactory repository using npm config set registry {registry-url}, so when I run npm install my dependencies are cached in the specified registry.
My issue is that it only seems to be caching package.json files with URLs to the dependency's repo, and not the actual Tarballs. Is there a way to configure it to cache the Tarballs as well?
An Artifactory NPM remote repo pointing to https://registry.npmjs.org should cache .tgz packages in the remote-cache:
When you set up the client make sure you are using the correct URL with the /api/npm part:
http://:8081/artifactory/api/npm/npm-repo/
Also make sure the repository is, in fact, an NPM repository and not a generic type and make sure the remote advanced configuration is using the "store artifacts locally" option.
Related
I have a situation where there was an update in one of npm packages I use in my project, but author didn't publish it on npmjs registry, so up to date code sits in gitlab only.
What would be the best solution to get updated version of code? I believe there is a way to add dependency to project which will be downloaded from gitlab or github public repository directly? Is it possible to compile it like in npmjs as well?
Yes, you could install a dependency from a git repository directly. As can be seen in the npm docs. You can straight install a Git Remote repository like this:
npm install <git remote url>
e.g.
npm install git://github.com/npm/cli.git
But beware that installing directly from the source git might have unintended side effects (missing build files, additional documentation files in general changes to the npmjs Version).
Also installing from the repository I would recommend you install from a specific commit/Tag.
My company only can use the Intranet, so I set up a Nexus and create a proxy registry to npm install, but I found there are some modules need pull from github. How can I get these modules from Intranet?
I have a configured npm proxy repository on my artifactory. Still, when I execute npm shrinkwrap, some of the dependencies get resolved from https://registry.npmjs.org.
this cause my build to fail when the build server does not have internet access.
Is there a way to force npm shrinkwrap to resolve all dependencies (including transitive) to be resolved from my artifactory repository?
(note: each npm module in my project has .npmrc file with a registry key that points to artifactory)
If I understood you correctly, the issue is that some dependencies are being resolved directly from the NPM.org repo. Is that correct?
If so, have you tried using NPM virtual repository in Artifactory and check the "Enable Dependency Rewrite" checkbox under the virtual repository configuration --> Advance tab?
Checking Enable Dependency Rewrite on the Artifactory Virtual repository's advanced tab definitely works.
We executed a shrinkwrap prior to setting this and saw registry.npmjs.org in the shrinkwrap file
We repeated after setting Enable Dependency Rewrite and see our artifactory host and uri in the shrinkwrap file
(I would have commented but presently lack the rep to do so)
I'm working in an environment where artifactory does not have internet access. We would like to use artifactory as a npm registry and host. Is it possible to upload external dependencies and their transitive dependencies?
For example: I'm on a computer with internet access and downloaded webpack and all its dependencies using npm install. Now I go to a different network with artifactory access and want to upload my node_modules Folder. Does that work somehow?
In addition to Artifactory's proxy/caching features, it can also host multiple local repositories (such as npm repositories) in it. This basically means that you can create an npm local repository in Artifactory and deploy any npm *.tgz packages (your dependencies) into this repository and Artifactory will generate the relevant metadata for your client. All you'll need to do is to deploy the relevant packages and configur your npm clients to resolve from Artifactory.
I have recently made an node module that should help with this problem.
You give it a list of packages that you want downloaded and it will download the packages with all dependencies as a tar.gz. It will then save them in the original npm folder structure, and create a tar.gz with everything inside.
You can then take the tar.gz with all your dependencies and deploy it to Artifactory using the deploy wizard.
When you deploy, select the checkbox "Deploy as Bundle Artifact". This will extract the tar.gz of packages and load them into the npm repository. Artifactory will read the package.json of all packages, and will load the relevant information, allowing you to pull packages with npm.
The package is called package-bundle, and can be downloaded from npm using npm install -g package-bundle
To download packages you can run the command pb bluebird express#1.0.1, which will fetch the specified packages, and all the required dependencies.
I've setup an Nexus (2.10.0) NPM repository and administrate an user with full access to this repo.
By setting the "_auth" and "always-auth" param in my local .npmrc the publishing and reading of npm artifacts are working well. But if i try to unpublish or deprecate an npm artifact i get still an error "...This request requires auth credentials. Run npm login and repeat the request...".
What is the preferred way to remove artifacts from an nexus npm repository?
thx,
David
Unpublish is currently not supported. Details see https://issues.sonatype.org/browse/NEXUS-6892
Also keep in mind that is not considered good practice to use unpublish as you can see from the npm documentation itself linked in the issue.
Unfortunately, Nexus 2.11 doesn't support npm unpublish or npm deprecate.
If the goal is to make your previously published versions of npm-packages inaccessible:
You can delete the packages from Nexus by manually removing the tarballs from .../nexus/storage/<your_npm_repo>/<your_package>/-/ on your Nexus server and creating a scheduled task to 'rebuild hosted npm metadata':
The npm metadata for a hosted repository
can be rebuilt based on the components found in the storage of a
hosted repository. The task can serve as a recovery tool in cases
where the npm metadata database got corrupted or the component storage
was created manually or via some external process like e.g. an rsync
copying.
This also works great for injecting old versions of packages into your npm-repo. (To get these tarballs, use npm pack.)