4.7 KiB
| id | title |
|---|---|
| cli-registry | Using a private registry |
Setting up a private registry can be achieved in a few ways, let's review all of them. The following commands might be different based on the package manager you are using.
npm (5.x, 6.x)
To set the registry in the .npmrc file use the following:
npm set registry http://localhost:4873/
If you want one single use --registry after the required command.
npm install --registry http://localhost:4873
Write it yourself by defining in your .npmrc a registry field.
registry=http://localhost:4873
Since
npm@5.xignores theresolvefield in defined in the lock files, whilepnpm@4.xandyarn@1.xdoes the opposite.
Or a publishConfig in your package.json
{
"publishConfig": {
"registry": "http://localhost:4873"
}
}
By using the
publishConfigthe previous two options would be ignored, only use this option if you want to ensure the package is not being published anywhere else.
If you are using either npm@5.4.x or npm@5.5.x, there are known issues with tokens, please upgrade to either 6.x or downgrade to npm@5.3.0.
SSL and certificates
When using Verdaccio under SSL without a valid certificate, defining strict-ssl in your config file is required otherwise you will get SSL Error: SELF_SIGNED_CERT_IN_CHAIN errors.
npm does not support invalid certificates anymore since 2014.
npm config set ca ""
npm config set strict-ssl false
npm (7.x)
npm v7.0.0 is more strict with the new v2 lockfile. If you have mixed resolved fields in your lockfile, for instance, having this in your lockfile:
{
"name": "npm7",
"version": "1.0.0",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"version": "1.0.0",
"license": "ISC",
"dependencies": {
"lodash": "4.17.20",
"underscore": "^1.11.0"
}
},
..... // removed for simplicity
},
"dependencies": {
"lodash": {
"version": "4.17.20",
"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz",
"integrity": "sha512-PlhdFcillOINfeV7Ni6oF1TAEayyZBoZ8bcshTHqOYJYlrqzRK5hagpagky5o4HfCzzd1TRkXPMFq6cKk9rGmA=="
},
"underscore": {
"version": "1.11.0",
"resolved": "http://localhost:4873/underscore/-/underscore-1.11.0.tgz",
"integrity": "sha512-xY96SsN3NA461qIRKZ/+qox37YXPtSBswMGfiNptr+wrt6ds4HaMw23TP612fEyGekRE6LNRiLYr/aqbHXNedw=="
}
}
}
Either running npm i --registry https://registry.npmjs.org or using .npmrc will fail your installation.
yarn
Yarn (1.x)
Be aware npm configurations are valid on the classic version
The classic version is able to regonize the .npmrc file, but also provides their own configuration file named .yarnrc.
To set up a registry, create a file and define a registry.
// .yarnrc
registry "http://localhost:4873"
By using this version you should enable always-auth in your configuration running:
npm config set always-auth true
yarn@1.x does not send the authorization header on yarn install if your packages requires authentication, by enabling always-auth will force yarn do it on each request.
Yarn Berry (>=2.x)
Yarn berry does not recognize
--registryor.npmrcfile anymore.
For defining a registry you must use the .yarnrc.yml located in the root of your project or global configuration.
When you publish a package the ``must be used, keep on mind thepublishConfig.registryin thepackage.json will override this configuration.
// .yarnrc.yml
npmRegistryServer: "http://localhost:4873"
unsafeHttpWhitelist:
- localhost
unsafeHttpWhitelistis only need it if you don't usehttpswith a valid certificate.
Using scopes is also possible and more segmented, you can define a token peer scope if is required.
npmRegistries:
"https://registry.myverdaccio.org":
npmAlwaysAuth: true
npmAuthToken: <TOKEN>
npmScopes:
my-company:
npmRegistryServer: https://registry.myverdaccio.org
npmPublishRegistry: https://registry.myverdaccio.org
for logging via CLi use:
yarn npm login --scope my-company
pnpm
This includes 4.x and 5.x series.
pnpm recognize by default the configuration at .npmrc and also the --registry value, there is no difference in the implementation.