Private npm Registry With Artifactory
The main reason for Node‘s explosive popularity is its thriving ecosystem. Likewise, it’s well understood that the main reason for that ecosystem’s growth is npm, Node’s package manager. npmjs.org usage has skyrocketed with statistics showing over 4 Million packages downloaded a day, and over 68,000 packages publicly available, and the numbers just keep going up. In fact, node.js and npm are now growing at twice the rate of any other software platform today.
With great power, comes great responsibility
NPMJS.ORG NEVER GOES DOWN!
I wish that was true, but I’m afraid like any other big growing system, you should expect growing pains.
Which means that if your builds are relying on npmjs.org, you are entering a world of pain.
The solution should be easy enough:
“The easiest way is to replicate the couch database, and use the same (or similar) design doc to implement the APIs.” (npmjs.org).
Personally, I wouldn’t call that easy, not to mention that it’s a waste of resources:
- Why would you want to periodically replicate the entire CouchDB when you only need the packages your build uses. Those packages should be lazy-cached on demand!
- You now need someone to administer this CouchDB instead of using an out-of-the-box solution.
- What about aggregating multiple registries? You’re out of luck there since npm doesn’t currently support multiple registries.
- What about the security model? You should be able to control who has access to what, and the current security model doesn’t allow you to do that.
Meet Artifactory, with npm support!
So to answer the needs detailed above, here is what Artifactory can offer:
The basic stuff:
- Remote repositories to proxy remote npm registries – The most important one would be the npmjs.org registry, but this can be applied to any compatible npm registry. Provides lazy on-demand caching for packages and metadata.
- Local repositories to store private npm packages –Easily store and share private npm packages using what we call “Local Repositories”. These packages can be shared easily and safely among internal teams that need them.
But that’s not all. There’s much more to it when using a smart binary repository manager:
- Virtual Repositories – No need for the npm client to support multiple registries. Simply define a virtual repository which aggregates the local repositories that contain your in-house packages, and the remote repositories that proxy npmjs.org or any other compatible npm repository.
- Authentication and authorization – An enhanced security model which gives you full control over who can download or publish what to where.
- Searches (including npm search) – Use the inherent npm search command, or utilize Artifactory’s powerful search capabilities such as searching by property or checksum and more.
- Powerful custom user plugins platform – Enormous flexibility to customize how you work with npm packages. The sky’s the limit.