Nexus, npm and proxies.. oh my

Question

Ok, so I am working in an environment whereby access to download archive files from external sites is restricted to certain users by the corporate firewall.

What I want to achieve is to setup a local npm repository and have "approved" repositories available for all the developers.

I looked at nexus and see that it is possible to add a proxy repo to https://registry.npmjs.org, and I can see that I can add HTTP proxy credentials.

This gets me partially there, as developers can now access anything they want from npmjs as its proxied through a user that has the required access. The problem is, I don't want to allow anyone to get anything, I only want nexus to go to npmjs and keep a local copy for a select few users, everyone else should be able to get the packages form the local cache, but if it ain't there then not proxy to npmjs.

Any ideas how I can achieve this?

Answer 1

I have this exact same issue. The problem is that Nexus proxies aren't very smart - there's no privilege that has "read-only" access to a proxyrepo (the 'read' privilege will allow you to retrieve missing dependencies from the proxied 3rd party repo).

The way I've "solved" it is to keep the NPMJS proxy private, and create a "curated" private repo that anyone within the network can see. I then have a script that downloads an NPM module from the NPMJS proxy, and publishes it to the curated private NPM repo. The script also publishes transitive dependencies (found with 'npm list')

This has it's own problems as well - if a third-party module has "publishConfig" defined in package.json, you won't be able to publish it to your internal curated repo.