1NPM-REGISTRY(7) NPM-REGISTRY(7)
2
3
4
6 npm-registry - The JavaScript Package Registry
7
9 To resolve packages by name and version, npm talks to a registry web‐
10 site that implements the CommonJS Package Registry specification for
11 reading package info.
12
13 npm is configured to use npm, Inc.'s public registry at https://reg‐
14 istry.npmjs.org by default. Use of the npm public registry is subject
15 to terms of use available at https://www.npmjs.com/policies/terms.
16
17 You can configure npm to use any compatible registry you like, and even
18 run your own registry. Use of someone else's registry may be governed
19 by their terms of use.
20
21 npm's package registry implementation supports several write APIs as
22 well, to allow for publishing packages and managing user account infor‐
23 mation.
24
25 The npm public registry is powered by a CouchDB database, of which
26 there is a public mirror at https://skimdb.npmjs.com/registry. The
27 code for the couchapp is available at https://github.com/npm/npm-reg‐
28 istry-couchapp.
29
30 The registry URL used is determined by the scope of the package (see
31 npm help 7 npm-scope). If no scope is specified, the default registry
32 is used, which is supplied by the registry config parameter. See npm
33 help npm-config, npm help 5 npmrc, and npm help 7 npm-config for more
34 on managing npm's configuration.
35
37 Yes.
38
39 When making requests of the registry npm adds two headers with informa‐
40 tion about your environment:
41
42 · Npm-Scope – If your project is scoped, this header will contain its
43 scope. In the future npm hopes to build registry features that use
44 this information to allow you to customize your experience for your
45 organization.
46
47 · Npm-In-CI – Set to "true" if npm believes this install is running in
48 a continuous integration environment, "false" otherwise. This is
49 detected by looking for the following environment variables: CI,
50 TDDIUM, JENKINS_URL, bamboo.buildKey. If you'd like to learn more you
51 may find the original PR https://github.com/npm/npm-reg‐
52 istry-client/pull/129 interesting. This is used to gather better
53 metrics on how npm is used by humans, versus build farms.
54
55
56 The npm registry does not try to correlate the information in these
57 headers with any authenticated accounts that may be used in the same
58 requests.
59
61 Yes!
62
63 The easiest way is to replicate the couch database, and use the same
64 (or similar) design doc to implement the APIs.
65
66 If you set up continuous replication from the official CouchDB, and
67 then set your internal CouchDB as the registry config, then you'll be
68 able to read any published packages, in addition to your private ones,
69 and by default will only publish internally.
70
71 If you then want to publish a package for the whole world to see, you
72 can simply override the --registry option for that publish command.
73
75 Set "private": true in your package.json to prevent it from being pub‐
76 lished at all, or "publishConfig":{"registry":"http://my-internal-reg‐
77 istry.local"} to force it to be published only to your internal reg‐
78 istry.
79
80 See npm help 5 package.json for more info on what goes in the pack‐
81 age.json file.
82
84 No. If you want things to be public, then publish them into the public
85 registry using npm. What little security there is would be for nought
86 otherwise.
87
89 No, but it's way easier. Basically, yes, you do, or you have to effec‐
90 tively implement the entire CouchDB API anyway.
91
93 Yes, head over to https://www.npmjs.com/
94
96 · npm help config
97
98 · npm help 7 config
99
100 · npm help 5 npmrc
101
102 · npm help 7 developers
103
104 · npm help 7 disputes
105
106
107
108
109
110 October 2019 NPM-REGISTRY(7)