Reputation: 6680
Override registry for installed packages in package-lock.json
I have a large, existing package-lock.json and a lot of dependencies that have been resolved via http://registry.npmjs.org/.
e.g.
{
"name": "my-package",
"version": "1.2.3",
"lockfileVersion": 1,
"requires": true,
"dependencies": {
"@babel/cli": {
"version": "7.7.4",
"resolved": "https://registry.npmjs.org/@babel/cli/-/cli-7.7.4.tgz",
"integrity": "sha512-O7mmzaWdm+VabWQmxuM8hqNrWGGihN83KfhPUzp2lAW4kzIMwBxujXkZbD4fMwKMYY9FXTbDvXsJqU+5XHXi4A==",
"dev": true,
"requires": {
"chokidar": "^2.1.8",
"commander": "^4.0.1",
"convert-source-map": "^1.1.0",
"fs-readdir-recursive": "^1.1.0",
"glob": "^7.0.0",
"lodash": "^4.17.13",
"make-dir": "^2.1.0",
"slash": "^2.0.0",
"source-map": "^0.5.0"
},
"dependencies": {
"commander": {
"version": "4.0.1",
"resolved": "https://registry.npmjs.org/commander/-/commander-4.0.1.tgz",
"integrity": "sha512-IPF4ouhCP+qdlcmCedhxX4xiGBPyigb8v5NeUp+0LyhwLgxMqyp3S0vl7TAPfS/hiP7FC3caI/PB9lTmP8r1NA==",
"dev": true
},
"make-dir": {
"version": "2.1.0",
"resolved": "https://registry.npmjs.org/make-dir/-/make-dir-2.1.0.tgz",
"integrity": "sha512-LS9X+dc8KLxXCb8dni79fLIIUA5VyZoyjSMCwTluaXA0o27cCK0bhXkpgw+sTXVpPy/lSO57ilRixqk0vDmtRA==",
"dev": true,
"requires": {
"pify": "^4.0.1",
"semver": "^5.6.0"
}
},
"pify": {
"version": "4.0.1",
"resolved": "https://registry.npmjs.org/pify/-/pify-4.0.1.tgz",
"integrity": "sha512-uB80kBFb/tfd68bVleG9T5GGsGPjJrLAUpR5PZIrhBnIaRTQRjqdJSsIKkOP6OAIFbj7GOrcudc5pNjZ+geV2g==",
"dev": true
},
"source-map": {
"version": "0.5.7",
"resolved": "https://registry.npmjs.org/source-map/-/source-map-0.5.7.tgz",
"integrity": "sha1-igOdLRAh0i0eoUyA2OpGi6LvP8w=",
"dev": true
}
}
},
...
I have my registry configured to be an NPM Enterprise installation that hosts proprietary NPM packages and mirrors the public NPM registry.
registry = "https://custom.registry.tld/path/npm/npm-aggregate"
This works for newly installed packages, but many existing packages still point to the public NPM registry. I tried overwriting the package-lock.json using npm i or npm i --package-lock-only.
How can I force NPM to use my Enterprise NPM registry and write the correct resolved URLs to package-lock.json? I probably could just "find and replace", but I want to make sure that NPM is resolving dependencies correctly.
Upvotes: 22
Views: 17946
Answers (5)
Reputation: 8199
It is possible to force the "resolved" and "integrity" fields to be regenerated by:
- Edit package-lock.json and remove all the "resolved" and "integrity" properties.
- Clear npm cache :
npm cache clean --force - Run
npm install
You should now have a package-lock.json with fresh resolved and integrity properties yet all the dependencies version should be unchanged.
Upvotes: 4
Reputation: 9807
- Find/replace registry in package-lock
- Delete node_modules
- Verify
npm installworks
Upvotes: 1
Reputation: 3867
Unfortunately, the package-lock.json file is meant to hardcode the registry of each package. It is intended.
We could imagine a future option in NPM to force the registry, in combination with an integrity check to make sure the packages are identical. (Feel free to send a feature request to the core team)
As of today, npm does not cover this use case. You are forced to ignore the package-lock.json to bypass this limitation.
(as of today, the latest version of NPM is 8.13.2)
Upvotes: 7
Reputation: 317
I am running npm -v 6.14.15
I simply changed the registry entries manually in the package-lock.json and deleted the node_modules folder, then ran an npm i to solve this issue.
Some solutions that didn't work for me:
When I tried to change the registry simply using the npm CLI by clearing the cache npm cache clear --force, and npm i --registry none of this worked. The registry didn't change at all, and in fact was reverted after running npm i in any form.
I then tried to remove the package-lock.json and node_modules and ran an install. This caused a lot of versions in my package-lock.json to change and caused my particular projects builds to fail.
I found that the steps I followed got what I wanted although it may not be a part of best practices with npm.
Upvotes: 14
Reputation: 103
Overriding the registry will not replace existing "resolved": "https://xxx..." entries in the package-lock.json.
If this one is wrong from a previous creation, you have to delete it, then run again your npm i. It will create a fresh one with the registry previously configured.
Upvotes: 3
Related Questions
- Define private registry in package.json
- How to set npm registry only for the specific project
- How to use different yarn registry regardless of registry in the yarn.lock file?
- How to replace the registry from package-lock.json to a new one?
- NPM registry not updated
- How to force NPM to use a locally hosted registry
- NPM Registry API - Scoped Packages
- How to specify project npm registry inside package.json file
- how to add registry in npm install for scope package
- Change npm registry by project