Reputation: 9032
Publishing Node.js Packages Other Than To NPM
I've been using Node.js for a few years now but only for small self-contained projects.
I've been recently looking into how packages are created and included ('require') into a larger project. From what I can understand, either these packages are local (part of the project) or published/pulled to and from the NPM web site.
But if I create a self-contained package and DO NOT want to publish it to NPM since it contains proprietary code, I fail to see how I can properly create, manage and publish (to an internal server), such packages.
I've used Java and Maven for the last decade and this stack has worked exceptionally well for me. You'd package your modules/libs into JAR files and then publish them to local servers (ie: Artifactory, Nexus or other). When a DEV would "require" a dependency/package, it would search our local repository manager and if not found at that level, look on a Maven central repository (on the internet). Works exceptionally well.
How would we go about doing the same with Node.js + packages + NPM? I've searched but found there is very limited information out there.
Any links to tutorials, articles or anything would be appreciated.
UPDATE: 2018.01.29 14:45
I found this literature which seems to indicate that you can run your own NPM registry!! Can I Run My Own Private Registery?
Also, I found the following interesting at the Dependencies section of 'package.json', which shows:
{ "dependencies" :
{ "foo" : "1.0.0 - 2.9999.9999"
, "bar" : ">=1.0.2 <2.1.2"
, "baz" : ">1.0.2 <=2.3.4"
, "boo" : "2.0.1"
, "qux" : "<1.0.0 || >=2.3.1 <2.4.5 || >=2.5.2 <3.0.0"
, "asd" : "http://asdf.com/asdf.tar.gz"
, "til" : "~1.2"
, "elf" : "~1.2.3"
, "two" : "2.x"
, "thr" : "3.3.x"
, "lat" : "latest"
, "dyl" : "file:../dyl"
}
}
Of which the following is interesting.
"asd" : "http://asdf.com/asdf.tar.gz"
May indicate that you can pull the package from your own servers. I will definitely give that a try and report back.
UPDATE: 2018.01.30 16:17
Ok, although I'm pretty confident that you can actually configure NPM to selectively publish locally or to your own registry (server), I'm quite satisfied with the following:
First, create individual NPM packages (ie: npm init) and implement it.
Second, set your version with npm version 1.2.3. As you add to and maintain your code, you will adjust the version with one of npm version major, npm version minor or npm version patch.
Third, when ready to publish, from inside your NPM package you invoke npm pack. This will create a compressed tarball (tgz) file (ie: foo-bar-1.2.3.tgz).
Fourth, you can now independently manage such files such as copying them to your own server or even a repository manager such as Artifactory.
Fifth, when you need your private package, from each project, simply type npm install --save foo-bar-1.2.3.4.tgz if you have manually downloaded the package, or npm install --save https://repo-server.com/some/path/foo-bar. Which version is downloaded will depend on which environment you work in (dev, test, stage or prod). Or you can even force a version number in the URL (your repository server should support all sorts of API calls).
By installing your private package, NPM should download and install all dependencies automatically. I say 'should' because I have not confirmed this.
Upvotes: 1
Views: 448
Answers (2)
Reputation: 11378
Private repository:
If you want something to host your private packages which also proxy requests to npmjs.org you can use either of:
Nexus OSS 3.x has the advantage of being a universal repository (i.e. supporting npm, maven, etc.).
Self-contained packages:
As you already mentioned npm pack generates tarballs which can directly be included as dependencies to other packages. But you also have the possibility of creating tarballs containing all the dependencies by using bundledProperties of package.json. This way you wouldn't need to call npm install when you extract the tarball. The only caveat with this method is that native modules might not work if you development and production machines have different architectures.
Upvotes: 1
Reputation: 504
Maybe what you can do is to publish it on GitHub and in your package.json you can call directly from the repository something like this:
"dependencies": {
"mongoose-cipher": "git+ssh://[email protected]:estrada9166/mongoose-
cipher.git"
}
or
"dependencies": {
"mongoose-cipher": "git+https://[email protected]:estrada9166/mongoose-
cipher.git"
}
also you can specify the release, in case your repository has one, something like:
"dependencies": {
"mongoose-cipher": "git+ssh://[email protected]:estrada9166/mongoose-
cipher.git#v0.0.7"
}
you can create a private repository with your package and by this way it is safe!
Upvotes: 3
Related Questions
- How can I publish an npm package with distribution files?
- npm - can I publish npm package to my server?
- Publishing large NPM packages
- Publish development version of NPM package
- Is npm the right place to publish a standalone app
- How publish and use the npm packages
- Publishing scoped npm package for free?
- Can I have a package.json but avoid my project from getting published to npm servers?
- Define small named packages in your node application without having to publish them to npm
- How to include other NPM modules when publishing to NPM?