source

How to setup private npm registry

Why we might need one?

How to setup Verdaccio

We would be setting this up on AWS Ubuntu EC2 instance. We will be using docker version for ease of installation. Install git, docker on the instance.

Install docker compose
install vim on ubuntu
docker-compose file for Verdaccio
Verdaccio home screen

How to use private npm registry

Now we can go to any of our code repository, create a new file at the root of the folder called .npmrc and have its content as follows

How do I know if my private registry is used and not a public one

Good point! There are many ways:

  1. npm config get registry will give the url of the registry it is going to use
  2. We can look at the docker logs to verify we are getting request when we do npm install
  3. We can look at myVerdaccio/storage/data in the ec2 instance and we will find packages that we have just installed.

There is nothing private about it!

Some of the astute reader would have already spotted that. There is no authentication. Verdaccio has documentation on setting up authentication and a bunch of plugins as well. We will use htpasswd which is built into Verdaccio. Here are the requirements for which we are building

  • Only authorised users should be able to read and write the packages.
  • User creation can only be done by admin.
  • Line 22 has max_users: -1 which means users cannot be created
  • Line 45 and 49 : mentions that only authenticated users can read and write to this registry
  • restart docker
  • rm -rf node modules and rm package-lock.json in the repo source repo
  • npm install
Verdaccio authentication failed error
npm login --registry http://ec2-ip.ap-south-1.compute.amazonaws.com
Username: verdaccio
Password:
Email: (this IS public) test@test.com
Logged in as verdaccio on http://ec2-ip.ap-south-1.compute.amazonaws.com/.
//ec2-ip.ap-south-1.compute.amazonaws.com/:_authToken=<authtoken>

How to publish?

It’s actually pretty simple. Just install np. It does all the magic. As long as we are logged in, there is nothing we have to do. Heck, it will push the code for us in the source repo as well.

How to handle high availability and increased workloads?

Now what happens if this docker goes down? What if docker image is not able to handle the load? Let’s horizontally scale our system. However there are few challenges:

  • Each docker images writes to its local mounted space. We want to share the storage across ec2 machines.
  • How to make sure when login happens on one machine, it persists for all the systems behind the load balancer.
High availability for npm registry
mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport fs-<number>.efs.ap-south-1.amazonaws.com:/ /home/ubuntu/myVerdaccio/efs-storage
fs-<number>.efs.ap-south-1.amazonaws.com:/ /home/ubuntu/myVerdaccio/efs-storage nfs4 nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport 0 0

--

--

Senior Staff Engineer @freshworks. Ex-McKinsey/Microsoft/Slideshare/SAP, Tech Enthusiast, Passionate about India. Opinions are mine

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Abhinav Dhasmana

Senior Staff Engineer @freshworks. Ex-McKinsey/Microsoft/Slideshare/SAP, Tech Enthusiast, Passionate about India. Opinions are mine