When downloading an npm package, Artifactory analyzes the list of dependencies required by the package.
If any of the dependencies are hosted on external resources (e.g. on
github.com), and those resources are specified in the Allow List,
Artifactory will download the dependency from the external resource.
Artifactory will cache the dependency in the remote repository configured to cache the external dependency.
Artifactory will then modify the dependency's entry in the package's package .json file indicating its new location in the Artifactory remote repository cache before returning it to the Npm client.
Consequently, every time the npm client needs to access the dependency, it will be provisioned from its new location in the Artifactory remote repository cache.
The external dependency rewrite feature for the npm virtual repository supports additional SemVer expressions, such as semver:4.x.0.
If you encounter SemVer issues, you can revert the changes using the new feature flag,
artifactory.npm.semver4j.enabled, by changing its value to false.