Hard coding NPM dependency URLs is not best practice and shrinkwrap URLs are known to have issues when interacting with proxies. Engaging in either practice can result in the following errors:
- Npm install -ddd will show resolution ignoring .npmrc configurations
- Usually going to registry.npmjs.org
- Resolution results in a 400 error
- One possible error is "418 I'm a teapot"
- If registry.npmjs.org is unavailable the resolution can time out
Although Artifactory does not support shrinkwrapped URLs for npm dependencies and hard-coded URLs are outside of Artifactory’s control, there are several ways to address these issues:
- Ignore shrinkwrap, using the argument:
- npm install <package-name> --no-shrinkwrap
- Note: This introduces a risk that a version of a dependency install will be a different version than the one defined in shrinkwrap
- Change dependencies
- Change registry.npmjs.org to <artifactory:port>/artifactory/api/npm/npmjs in package.json
- Note: This can be a tedious process especially with a large number of dependencies.
- Sideload the artifact
- Users resolve to a virtual Repository
- Periodically copy the contents of the remote cache to the local repository
- Note: This approach may cause a delay in your getting the latest artifacts.