This is the second part of a series of posts on Sonatype Nexus 3 and how to use it as repository for several technologies. Also available is “Part 1, Maven Artifacts” by Rafael Eyng.
NOTE: We are constantly improving Sonatype Nexus Repository. This blog may no longer be accurate. You can find the latest instructions here.
npm install can take too long sometimes, so it might be a good idea to have a proxy in your own network. And if you can’t just pay the 7 dollars/month to host your packages in the official npm private registry, then you’ll probably benefit from this post.
Installation
Check out the first part of this series to see how we installed and ran Sonatype Nexus 3 using a single docker command. Just do that and the installation is done.
Configuring Sonatype Nexus as a npm repo
What we will do:
– create a private (hosted) repository for our own packages
– create a proxy repository pointing to the official registry
– create a group repository to provide all the above repos under a single URL
I suggest you to create a new blob store for each new repo you want to create. That way, the data for every repo will be in a different folder in /nexus-data (inside the Docker container). But this is not mandatory for it to work.
private repo
A repository for npm packages that your team develops.
Create a new npm (hosted) repository and configure it like:
The deployment policy “Allow redeploy” above might look somewhat polemic, so you might want to set it to “Disable redeploy”. In my use case, it makes sense to use “Allow redeploy”, since we keep a latest version on Sonatype Nexus always updated with the status of the master branch, that is redeployed in our CI flow.
proxy repo
A repository that proxies everything you download from the official npm registry. Next time you download the same dependency, it will be cached in your Sonatype Nexus.
Create a new npm (proxy) repository and configure it like:
group repo
This will group all the above repos and provide you a single URL to configure your clients to download from/deploy to.
Create a new npm (group) repository and configure it like:
You can create as many repos as you need and group them all in the group repo, but for npm I don’t think that you will need more than 1 proxy and 1 private repos.
Configuring your clients and projects to use your Sonatype Nexus repos
For npm, we will configure the repository per project (unlike Maven, that have some global configs, for instance). I believe that you can configure the authentication globally in your machine, with npm addUser, but I didn’t went that way for simplicity.
If you have a project where you only want to download dependencies from Sonatype Nexus, create a .npmrc file at your project’s root with:
registry=http://your-host:8081/repository/npm-group/
_auth=YWRtaW46YWRtaW4xMjM=
_auth=YWRtaW46YWRtaW4xMjM= is the base64 hash for the credentials (admin/admin123). If you use a different set of credentials, you should compute your own hash with:
echo -n 'myuser:mypassword' | openssl base64
You have to set a user so you can publish packages. If you do this from your local machine, npm publish will use your user configured in ~/.npmrc (in your home, not in your project). If you don’t have this configuration, or if you want to publish from CI, you can set an email=any@email.com configuration in your project’s .npmrc. Really, any email.
If you have a project that you want to publish to your Sonatype Nexus, put this in package.json:
{
...
"publishConfig": {
"registry": "http://your-host:8081/repository/npm-private/"
}
}
Note that you publish to your private repo, but when you download, you can point to your group repo, so both your own packages and the packages from the official repo will be available from a single URL.
Now if you run in your projects:
npm install
# or
npm publish
your npm will point to your Sonatype Nexus instance.
Installing npm packages globally
Run:
npm --registry http://your-host:8081/repository/npm-group/ install -g your-pac
