Define private registry in package.json

Asked 23/7, 2017 at 8:17 Answered 7/4 at 7:18

Solved node.js npm package.json npm-private-modules

We have a private npm repository based on Sinopia

What should I define in package.json that some packages will be installed from Synopia rather then from global npm repository?

If I install it from command line I can run: npm install <package_name> --registry <http://<server:port>

P.S. tried to google and looked in official NPM documentation but have found nothing.

Ivied answered 23/7, 2017 at 8:17 Comment(1)

what about adding the path to your private library in the dependencies in package.json. "dependencies": { <youre_repo_name>:"git+ssh://[email protected]<path_to_your_repo>" } – Cramer 23/7, 2017 at 8:25

One of the method i know that is by .npmrc You can also use .npmrc also inside the project

set configuration like this

registry = http://10.197.142.28:8081/repository/npm-internal/
init.author.name = Himanshu sharma
init.author.email = [email protected]
init.author.url = http://blog.example.com
# an email is required to publish npm packages
[email protected]
always-auth=true
_auth=YWRtaW46YWRtaW4xMjM=

auth can be generate by username:password echo -n 'admin:admin123' | openssl base64

output YWRtaW46YWRtaW4xMjM=

Tymes answered 23/7, 2017 at 10:22 Comment(3)

Can i create an npmrc file in my source code folder? – Assiduous 29/1, 2019 at 16:39

Yes . Its .npmrc file dot is also there . When i worked i placed it, side by package.json . – Tymes 30/1, 2019 at 5:28

Be careful. Using this, you store the credentials in plain text in your repository. Encoding the credentials in base64 is the same as plain text – Selfinductance 20/2, 2023 at 12:33

The whole point of sinopia is a private registry and a proxy at the same time. You can use uplinks install all your packages from one registry entry point. Sinopia is able to route to any registry if the local storage is not able to resolve the dependency. By default, he points to npmjs .

So, if you set your configuration like

   # a list of other known repositories we can talk to
uplinks:
  npmjs:
    url: https://registry.npmjs.org/

packages:
  '@*/*':
    # scoped packages
    access: $all
    publish: $authenticated
    proxy: npmjs

  '**':
    # allow all users (including non-authenticated users) to read and
    # publish all packages
    #
    # you can specify usernames/groupnames (depending on your auth plugin)
    # and three keywords: "$all", "$anonymous", "$authenticated"
    access: $all

    # allow all known users to publish packages
    # (anyone can register by default, remember?)
    publish: $authenticated

    # if package is not available locally, proxy requests to 'npmjs' registry
    proxy: npmjs

You should be able to resolve all your dependencies independently of the source of each of them

btw: sinopia has no longer maintained.

Bracteate answered 2/8, 2017 at 8:53 Comment(0)

In case anyone has the same question in 2024, you can use Verdaccio (a Sinopia fork maintained by Juan Picado among others, see his answer here). Himanshu sharma's answer works fine using Verdaccio as well. You don't have to provide your auth credentials in the .npmrc file in your project folder, you can authenticate with npm adduser --registry http://localhost:4873 and store the credentials in .npmrc in your home folder.

Raja answered 7/4 at 7:18 Comment(0)

Recommended topics

Hot tags