Can I run a private npm repository without replicating the public repository?

node.js package npm package-managers
Quentin picture Quentin · Jan 30, 2013 · Viewed 17.6k times · Source

I'm writing a number of pieces of code (for internal use) using node.js and want to store the modules (packaged up for npm) in a package repository for each distribution to the various machines they will be installed on.

Ideally, I'd like a solution similar to Debian's apt repositories in which I can run a private repository server and configure npm to use a list of repositories to install from (When installing "foo", if "foo" is known by my private server install it from there, otherwise install it from the public server).

However, it looks like the npm registry configuration key only accepts a single URL.

Is there a way to achieve what I want?

The closest I've been able to find have been:

  • Mirroring the public repository locally and adding my packages on top of it… but I don't want to keep that amount of data (2.5G and still downloading) replicated on AWS.
  • Hosting all my packages in git repositories and installing from there (which is more of a hassle).
  • Hosting static packages on HTTP (as far as I can tell, this would prevent me from automatically getting "the latest version". I suppose I could do something with symlinks, but that is still less flexible than git, requires full URLs (which need to be kept up to date), and doesn't give a searchable repository.

Answer

Chris Case picture Chris Case · Mar 4, 2014

I just set this up for my work. Here's what I did:

  1. Setup empty NPM registry: I followed the instructions from this fork of npmjs.org, which adds much improved documentation.

  2. Setup Kappa: I used Kappa, a great npm proxy from Paypal. (I'm guessing they have a very similar use case to most people who want a private repository; this was exactly what I wanted).

  3. Setup npm_lazy (optional): I wanted a nice cache of frequently used packages in case npmjs.org went down, so I added npm_lazy in front of the whole thing, as a caching layer.

Whole thing took two days(ish) to get up and running. As a side note, if you're worried about people pushing to the public registry by accident, I recommend adding this to your package.json:

"publishConfig": { "registry": "http://my-registry.example.com" },

This really is just a bit of paranoia; once you setup your npm to point to your Kappa/npm_lazy instance, Kappa handles publishing to your private repository for you.

Note: Kappa will only every publish to the first repository in it's config. If you need to publish to both your private registry, and the public, you will need to work out your own solution.

Related questions

Find the version of an installed npm package

How to find the version of an installed node.js/npm package? This prints the version of npm itself: npm -v <package-name> This prints a cryptic error: npm version <package-name> This prints the package version on …

Read More
How to clean node_modules folder of packages that are not in package.json?

Assume I install project packages with npm install that looks into package.json for modules to be installed. After a while I see that I don't need some specific module and remove its dependency from package.json. Then I remove …

Read More
What is the difference between --save and --save-dev?

What is the difference between: npm install [package_name] and: npm install [package_name] --save and: npm install [package_name] --save-dev What does this mean? And what is really the effect of --save and -dev keywords?

Read More