Artifactory does not support shrinkwrap URLs for NPM dependencies
Artifactory does not support shrinkwrap URLs for NPM dependencies. The npm client uses checksums in order to verify a package, and using shrinkwrap forces changing the checksum on-the-fly. This is time consuming and will result in a time out.
Additionally hard coding NPM dependency URLs is not best practice and shrinkwrap URLs are known to have issues when interacting with proxies
- Npm install -ddd will show resolution ignoring .npmrc configurations
- Usually going to registry.npmjs.org
- Resolution results in a 400 error
- One possible error is "418 I'm a teapot"
- If registry.npmjs.org is unavailable the resolution can time out
Hard-coded URLs are outside of Artifactory control. There are several ways to address this issue:
- Ignore shrinkwrap, using:
- npm install <package-name> –no-shrinkwrap
- This introduces a risk that a version of a dependency install will be a different version than the one defined in shrinkwrap
- Change dependencies
- Change registry.npmjs.org to <artifactory:port>/artifactory/api/npm/npmjs in package.json
- This can be tedious process especially with large number of dependencies.
- Side load the artifact
- Users resolve to a virtual Repository
- Virtual repository contains remote repository and a local repository (to host cache)
- periodically copy the contents of the remote cache to the local repository
- Note that this approach may have delay the latest getting the latest artifacts.
for more information see https://blog.npmjs.org/post/145724408060/dealing-with-problematic-dependencies-in-a