Open In App

How to Set Up a Private NPM Registry

Last Updated : 24 Apr, 2024
Improve
Improve
Like Article
Like
Save
Share
Report

In this article we will learn how to install and configure a private NPM registry, and control authentication and access controls to users, also we will learn how to publish packages to npm and download and use them in our project. In this article, we will use Verdaccio, a lightweight and easy-to-use software. We will also learn how to create user accounts, and securely push and download packages from our server.

Table of Content

What is NPM Registry?

An NPM registry is a centralized repository for storing and distributing JavaScript packages, accessible to developers for dependency management in their projects. There are two main types of NPM registries

Public NPM Registry:

A public registry is a network accessible to all users of NPM. This means that anyone can download the library and incorporate it into their codebase. Public registries are ideal for open-source projects with many contributors. To install a package from a public registry, simply use the command. This command will download the latest version of lodash library from the public registry in NPM, which will be stored in the node_modules folder of the project.

npm install lodash

Private NPM Registry :

A private registry is a private place where only selected people can only access the library and use in their codebase. Private registry is often used by companies which are developing some commercial software, A good example is Spotify, It utilizes some opensource libraries and while also uses some libraries which are private withing their development team.

Choosing a Registry Solution

Verdaccio is one of the best solution for hosting private NPM registry due to several reasons

  • Ease of Usage : It is very easy to install and configure it, It has a straightforward setup process allows users to quickly setup their NPM registry to manage their packages.
  • Offline Usage : If we are using Verdaccio, we can maintain offline cache of NPM packages, so they are they are available even in network restricted area.
  • Customization : Verdaccio can be customized in many ways for teams to meet their needs, This includes user auth methods, plugin support and access control.
  • More Focus on Software Building : If NPM registry requires the least time to setup, then it will help the team to get to built and publish libraries faster, So they will not waste their time in setting up the registry but rather focus more of building libraries.

Installation Steps

Step 1: First install the Verdaccio a local private npm registry. We will install Verdaccio globally on the system using the -g flag indicating that the package should be installed globally. We are installing it globally to increase ease of use when working on different projects.

npm install -g verdaccio
npm-registry

The output after installing.

Step 2: After that we will execute the following command 

verdaccio
  • If you are using Windows, Many of the system throw the error like this : 
cannot be loaded because running scripts is disabled on this system. 
For more information, see about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170
  • To resolve this issue, Firstly run the PowerShell as the Administrator and then run the following code : 
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope LocalMachine
  • And then type Y for yes, And this will resolve this issue. After that if we again run the same command in the terminal window, We will get the following output.
terminal

The output of the command.

Step 3: This command will launch a local server http://localhost:4873/

webview

The URL leads to this website.

Step 4 : Configuration of NPM to utilize private registry. To set the registry for all your local projects in any terminal window run :

npm set registry http://localhost:4873/

In order to set the registry for a specific project run.

npm set registry http://localhost:4873/ --location project

Step 5 : Prevent NPM from publishing your package to other registries. To set this up, we will setup the publishConfig in the package.json file :

{
  "publishConfig": {
    "registry": "http://localhost:4873"
  }
}

User Access Control

To add a user to this registry, we will run the following command. This will provide a prompt asking for your username, password, email address. Next we will login into the admin panel through the login page.

npm adduser --registry http://localhost:4873

user

The process of adding the user.

login

The login page of the panel.

Publishing Packages

To publish our package to our private registry, we will use a sample package as an example with the following file structure.

file

The file structure of the package.

  • The above is the file structure of our package, that will push it to our server, To do so we will run :
npm login --registry=http://localhost:4873/ 
npm publish --registry=http://localhost:4873/
npm-login

The output of the command.

  • After publishing the package to the local server, The same will be reflected on the website.
output

The changes are reflected onto the website also.

Note: As we can see that, we just published our own packages to our private npm registry. And this is how we can utilize Verdaccio for creating our own NPM registry.

Securing Your Registry

No want their private repository / registry full of their code to get breached, so Verdaccio also offers many ways to secure our NPM registry, many of them are listed below :

  • Disable User Registration: Prevent unauthorized users from registering by setting max_user: -1 in the full.yaml file, ensuring only authorized users can access and contribute to the registry.
  • Setting Rate Limits: Control access to critical endpoints by implementing rate limits, ensuring that requests are limited to prevent abuse or overload. Adjust limits as needed with the userRateLimit configuration option.
  • JSON Web Token (JWT): Utilize JWT features to manage token expiration, enhancing security by automatically invalidating tokens after a specified period. This improves authentication performance and reduces overhead for authentication plugins.

Conclusion

In this article we saw how to set up a private NPM registry using Verdaccio which can help us manage proprietary software packages safely. A private registry can sometimes offer more flexibility when dealing with private data like API keys, Tokens and environment variables. And we can easily download them, the only change will be to change the registry with the –registry flag to download a package from the registry. Verdaccio also caches all dependencies on demand and seep up installation in local and private network, We can also use a variety of plugins to customize our needs.



Like Article
Suggest improvement
Previous
How to Add Third Party Library Deno.js ?
Next
How to create a Popup Form using Vue.js & Tailwind CSS ?
Share your thoughts in the comments

Similar Reads

How to Set Up a Private NPM Registry using Verdaccio ?
How to Publish NPM Packages in the Package Registry ?
Difference between npm i and npm ci in Node.js
Difference between npm install and npm update in Node.js
How to Get a List of Globally Installed NPM Packages in npm ?
Axios npm - How to Install Axios npm in Terminal?
npm cache clean - How to Clear the Cache in NPM ?
Remove NPM - npm uninstall
Difference between private keyword and private fields in TypeScript
Steps to Create and Publish NPM packages
author
condorone
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox