This is the second part of a series of posts on Sonatype Nexus Repository 3 and how to use it as a repository for several technologies. Also available is Part 1, Maven Artifacts by Rafael Eyng.
NOTE: We are constantly improving Sonatype Nexus Repository. This blog may no longer be accurate. You can find the latest instructions here.
npm install
can take too long sometimes, so it might be a good idea to have a proxy in your own network. And if you can't just pay the seven dollars/month to host your packages in the official npm private registry, then you’ll probably benefit from this post.
Check out the first part of this series to see how we installed and ran Sonatype Nexus Repository 3 using a single Docker command. Just do that and the installation is done.
What we will do:
I suggest you to create a new blob store for each new repository you want to create. That way, the data for every repository will be in a different folder in /nexus-data
(inside the Docker container). But this is not mandatory for it to work.
A private repository in this case is a repository for npm packages that your team develops.
Create a new npm (hosted) repository and configure it like so:
The deployment policy "Allow redeploy" above might look somewhat polemic, so you might want to set it to "Disable redeploy." In my use case, it makes sense to use "Allow redeploy," since we keep a latest
version on Sonatype Nexus Repository always updated with the status of the master branch that is redeployed in our continuous integration (CI) flow.
A proxy repository in this case is a repository that proxies everything you download from the official npm registry. Next time you download the same dependency, it will be cached in your Sonatype Nexus Repository.
Create a new npm (proxy) repository and configure it like so:
This will group all the above repositories and provide you a single URL to configure your clients to download from/deploy to.
Create a new npm (group) repository and configure it like so:
You can create as many repositories as you need and group them all in the group repository, but for npm I don't think that you will need more than one proxy and one private repository.
For npm, we will configure the repository per project (unlike Maven, that have some global configs, for instance). I believe that you can configure the authentication globally in your machine, with npm addUser
, but I didn't went that way for simplicity.
If you have a project where you only want to download dependencies from Sonatype Nexus Repository, create a .npmrc
file at your project's root with:
registry=http://your-host:8081/repository/npm-group/
_auth=YWRtaW46YWRtaW4xMjM=
_auth=YWRtaW46YWRtaW4xMjM=
is the base64 hash for the credentials (admin/admin123). If you use a different set of credentials, you should compute your own hash with:
echo -n 'myuser:mypassword' | openssl base64
You have to set a user so you can publish packages. If you do this from your local machine, npm publish
will use your user configured in ~/.npmrc
(in your home, not in your project). If you don't have this configuration, or if you want to publish from CI, you can set an email=any@email.com
configuration in your project's .npmrc
. Really, any email.
If you have a project that you want to publish to your Sonatype Nexus Repository, put this in package.json
:
{
...
"publishConfig": {
"registry": "http://your-host:8081/repository/npm-private/"
}
}
Note that you publish to your private repo, but when you download, you can point to your group repo, so both your own packages and the packages from the official repo will be available from a single URL.
Now if you run in your projects:
npm install
# or
npm publish
your npm
will point to your Sonatype Nexus Repository instance.
Run:
npm --registry http://your-host:8081/repository/npm-group/ install -g your-pac