Ways to have your private npm registry — and a final DIY solution

So you need to create private npm packages. This is a common situation when your company is becoming big and needs to standardize and/or reutilize some pieces of code, like an UI framework. This happened to us.

After you searched by "npm private registry" in the web, you have found some options and felt different emotions about them:

Paid alternatives

MyGet (https://www.myget.org) —which costs US$ 9/month for starter plan and you only would have 2 contributors and 1GB storage.

NPM Org (https://www.npmjs.com) — which costs US$ 7 per user per month.

Free alternatives

DIY NPM (https://docs.npmjs.com/misc/registry)— Build your own registry at your own risk, you would need a CouchDB instance and a Node.js server.

Git! You sure could point your packages to private Git repositories, using URLs in package.json (http://fiznool.com/blog/2015/05/20/an-alternative-to-npm-private-modules/). It is very nice when the repository is public, but, when you have a private Git repository, you will need HTTPS or SSH credentials, and you often cannot have a per-team credential.

Sinopia (https://www.npmjs.com/package/sinopia) — Which is a handsome DIY registry, but it has some community problems, such it seems it will be abandoned (https://github.com/rlidwka/sinopia/issues/376). It also requires a Node.js server.

Cnpmjs.org (https://github.com/cnpm/cnpmjs.org) — Which requires a Node.js server, a MySQL instance and a Simple File Store Service, like qiniu, aliyun-oss, tfs, upyun.

Npm-register (https://github.com/jdxcode/npm-register) — which seems to be a better option than Sinopia, with CDN and caching things, but it will require an Amazon AWS S3 bucket and a Redis instance for doing that. It also has an option to easily deploy to Heroku.

And finally, Verdaccio

Verdaccio is a fork from Sinopia and is a very nice solution if you have an evolution from its parent repository and good things such as plug-ins and an easy way to deploy it with Docker.

Like Sinopia, it allows you to have a local npm private registry with zero configuration, and if a package doesn’t exist there, it asks any other registry (npmjs.org) for it keeping only those packages you use.

With Verdaccio, you can:

  • Use private packages
  • Cache npmjs.org registry
  • Override public packages

If you want to deploy it in Microsoft Azure using its Docker image, follow my next tutorial:

And here is a Medium post from Verdaccio's author you should also read: https://medium.com/@jotadeveloper/five-use-cases-where-a-npm-private-proxy-fits-in-your-workflow-632a81779c14

Good luck!