Setting Up a Private NPM Registry

While open source is great, sometimes it is not possible to make your code public and publish it to the official NPM registry. In this situation you may want to set up a private NPM registry and publish your packages there, for re-use by your internal applications. This article explains how to do this.

Setting up the registry server

We will be using the Verdaccio server and we will run the server inside a Docker container.

Download this Makefile into the directory that will house your registry on your Docker host.

Inspect the file to see what it will do (always a good idea) and then run:

make run

Your container will mount conf/ and storage/ directories for persistent state.

Refer to Verdaccio's excellent documentation for more information.

Using your private registry

To make life super easy you should scope your private packages (TLDR: prefix the name with @something/ in the package's package.json).

Run:

npm config set @something:registry http://your-docker-host:4873/
npm login --scope=@something

After this NPM will use your private registry for publishing and downloading your scoped packages and use the official registry for everything else.

Using SSL

It is possible to configure HTTPS access to the repository as long as you are using proper certificates, or your clients implicitly trust your internal CA. If this is not the case then NPM will cause you many headaches.

Add the following configuration:

https:
  key: /verdaccio/conf/key.pem
  cert: /verdaccio/conf/cert.pem
  ca: /verdaccio/conf/ca.pem

Copy the relevant certificate files into the conf/ directory and replace the run target in your Makefile with this:

run: $(VOLUMES) $(CONFIG) stop
    PROTOCOL=https docker run \
        --env PROTOCOL \
        -dt \
        --restart always \
        --name $(NAME) \
        -p 4873:4873 \
        -v $(CONF):/verdaccio/conf \
        -v $(STORAGE):/verdaccio/storage \
        $(IMG)