www.LinuxHowtos.org howtos, tips&tricks and tutorials for linux

from small one page howto to huge articles all in one place

Other .linuxhowtos.org sites:toolsntoys.linuxhowtos.org
gentoo.linuxhowtos.org

poll results

Last additions:

using iotop to find disk usage hogs

words:

887

views:

187354

userrating:

average rating: 1.7 (102 votes) (1=very good 6=terrible)

May 25th. 2007:

Words

486

Views

250584

why adblockers are bad

Workaround and fixes for the current Core Dump Handling vulnerability affected kernels

words:

161

views:

137943

userrating:

average rating: 1.4 (42 votes) (1=very good 6=terrible)

April, 26th. 2006:

Words

Views

99336

New subdomain: toolsntoys.linuxhowtos.org

You are here: manpages

NPM\-REGISTRY

Section: (7)
Updated: December 2016
Index Return to Main Contents

NAME

npm-registry - The JavaScript Package Registry

DESCRIPTION

To resolve packages by name and version, npm talks to a registry website that implements the CommonJS Package Registry specification for reading package info. Additionally, npm's package registry implementation supports several write APIs as well, to allow for publishing packages and managing user account information. The official public npm registry is at https://registry.npmjs.org/. It is powered by a CouchDB database, of which there is a public mirror at https://skimdb.npmjs.com/registry. The code for the couchapp is available at https://github.com/npm/npm-registry-couchapp. The registry URL used is determined by the scope of the package (see npm help 7 npm-scope). If no scope is specified, the default registry is used, which is supplied by the registry config parameter. See npm help npm-config, npm help 5 npmrc, and npm help 7 npm-config for more on managing npm's configuration.

Does npm send any information about me back to the registry?

Yes. When making requests of the registry npm adds two headers with information about your environment:

*: Npm-Scope – If your project is scoped, this header will contain its scope. In the future npm hopes to build registry features that use this information to allow you to customize your experience for your organization.
*: Npm-In-CI – Set to "true" if npm believes this install is running in a continous integration environment, "false" otherwise. This is detected by looking for the following environment variables: CI, TDDIUM, JENKINS_URL, bamboo.buildKey. If you'd like to learn more you may find the original PR https://github.com/npm/npm-registry-client/pull/129 interesting. This is used to gather better metrics on how npm is used by humans, versus build farms.

The npm registry does not to correlate the information in these headers with any authenticated accounts that may be used in the same requests.

Can I run my own private registry?

Yes! The easiest way is to replicate the couch database, and use the same (or similar) design doc to implement the APIs. If you set up continuous replication from the official CouchDB, and then set your internal CouchDB as the registry config, then you'll be able to read any published packages, in addition to your private ones, and by default will only publish internally. If you then want to publish a package for the whole world to see, you can simply override the --registry option for that publish command.

I don't want my package published in the official registry. It's private.

Set "private": true in your package.json to prevent it from being published at all, or "publishConfig":{"registry":"http://my-internal-registry.local"} to force it to be published only to your internal registry. See npm help 5 package.json for more info on what goes in the package.json file.

Will you replicate from my registry into the public one?

No. If you want things to be public, then publish them into the public registry using npm. What little security there is would be for nought otherwise.