Custom npm registry with authentication

Published On: 24. August 2021|By |2.1 min read|416 words|Tags: , , |

If you are working on an enterprise project for a large customer, you are possibly working with scoped and private npm packages. This can be libraries or utility code that is shared across multiple applications. You will not find these packages on the public npm registry at https://registry.npmjs.org/. This kind of private packages are usually published into a custom npm registry like Sonatype Nexus or JFrog’s Artifactory.

While this is a cool feature in general, a slow enterprise registry will not only impact your local npm commands, but also slow down your CI/CD pipelines. This is why you should know how to opt-out the registry for public packages also found at the npm registry!

How to use a private npm registry

A private repository can be set up to be a mirror for the public npm registry aswell. If this is the case, it might be sufficient to use this repository to download all of your packages. To do so, add the following lines in the .npmrc file in your project’s root. If the file does not exist, create it.

registry=https://my.custom.com/npm-repo/

# Depending on the authentication policy, you might also need to add some of these lines:
email=<your-email>
always-auth=true
_auth=<user>:<password> (base64 converted)

# If you have SSL issues, you can either install the certificates (preferred) or simply add:
strict-ssl=false

On you next npm install command the new registry will be used.

Use the private registry for a package scope only

Sometimes a custom registry is not performing the way you want it to. If the company you are working for is hosting it on an old Commodore, you will probably want to use the public npm registry whereever possible and do not use the mirror of the private registry.

Furtunatly, you can also do so by editing you .npmrc file! See the following example:

# We want to use the default registry for everything except our scoped packages
registry=https://registry.npmjs.org/

# Add a custom registry for our scoped packages. Add more options if needed.
@my-scope:registry=https://my.custom.com/npm-repo/
//my.custom.com/npm-repo/:_auth=<token>
//my.custom.com/npm-repo/:strict-ssl=false

This will force npm to load everything from the public npm registry except for packages that have the @my-scope scope! Nice! This way you can combine the advantages of a custom npm registry with the speed and reliability for the public registry.

Microfrontend with Angular and Webpack Module Federation
First lecture at Hochschule Düsseldorf