强制 npm 从私有注册表下载
[英]Force npm download from private registry
问题描述
In my nodejs project I had to modify 4 of the node modules and upload them to our private corporate registry so the project will download the modified versions during builds.
在我的 nodejs 项目中,我必须修改 4 个节点模块并将它们上传到我们的私人公司注册表,以便项目将在构建期间下载修改后的版本。 I did this by changing the resolved field in package-lock.json for each dependency from our virtual npm registry which forwards downloads to the public npm registry to our private registry.为此,我通过更改package-lock.json中的每个依赖项的resolved字段,从我们的虚拟 npm 注册表将下载转发到公共 npm 注册表到我们的私有注册表。
This is working for 3 out of the 4 modules, however 1 module, phantomjs-prebuilt , will not download the one I uploaded.这适用于 4 个模块中的 3 个,但是 1 个模块phantomjs-prebuilt不会下载我上传的模块。 When I view its package.json after installing, its _resolved field shows the correct private registry I entered in package-lock.json , but the module doesn't have my modifications.当我在安装后查看它的 package.json 时,它的_resolved字段显示了我在package-lock.json中输入的正确私有注册表,但该模块没有我的修改。
If I create a test project with a package.json that has phantomjs-prebuilt as its only dependency and modify the lock file to download from the private registry it will download the correct modified version I uploaded.如果我创建一个带有package.json的测试项目,将phantomjs-prebuilt作为其唯一依赖项并修改锁定文件以从私有注册表下载,它将下载我上传的正确修改版本。 I'm assuming there must be some transitive dependency overriding it, but I thought I would be able to see that from the lock file and override it.我假设必须有一些传递依赖性覆盖它,但我认为我可以从锁定文件中看到它并覆盖它。 phantomjs-prebuilt only appears once in my lock file and that's where I'm making the change to the resolved field. phantomjs-prebuilt只在我的锁定文件中出现一次,这就是我对已resolved字段进行更改的地方。
1 个解决方案
解决方案1
0 2022-11-26 21:58:22
I had a similar issue myself, recently.我自己也有类似的问题,最近。 This may not help you in particular if releasing as a different version is not an option, but maybe others who stumble across this answer like I did.如果不能选择作为不同版本发布,这可能对您没有帮助,但也许其他人像我一样偶然发现了这个答案。
What I did was to release a forked version of a package, under a new version.我所做的是在新版本下发布 package 的分叉版本。
So, I forked moddle-xml 10.0.0, and released a package 10.0.1337 into our private registry in Artifactory.因此,我分叉了 modle-xml 10.0.0,并将 package 10.0.1337 发布到我们在 Artifactory 中的私有注册表中。
That way, I could replace the transitive package dependencies of a package that we used with the forked version 10.0.1337 (using npm-force-resolutions ), not breaking any constraints like ^10.0.0 .这样,我可以将我们使用的 package 的可传递 package 依赖项替换为分叉版本 10.0.1337(使用npm-force-resolutions ),而不会破坏^10.0.0等任何约束。 EDIT: If you want to replace a particular outside version, I think you can work with exclusion / inclusion filters.编辑:如果您想替换特定的外部版本,我认为您可以使用排除/包含过滤器。
The Artifactory-based registry would then offer a single virtual registry containing both the npm-local packages (including my fork) and npm-remote packages (the normal stuff from the default registry) setup guide .然后,基于 Artifactory 的注册表将提供一个单一的虚拟注册表,其中包含 npm-local 包(包括我的 fork)和 npm-remote 包(来自默认注册表的正常内容) 设置指南。 I would configure my local setup to only download from that virtual registry.我会将我的本地设置配置为仅从该虚拟注册表下载。
The Artifactory setup comes with a few pitfalls (like, you have to give read permissions to all physical repositories (npm-local AND npm-remote), not just the virtual one, and this one ), but it works fine for me now. Artifactory 设置有一些缺陷(例如,您必须授予对所有物理存储库(npm-local 和 npm-remote)的读取权限,而不仅仅是虚拟存储库和这个),但它现在对我来说工作正常。
(I'm sure something like this is possible with other than the Artifactory implementation, this particular thing is just the stuff I know) (我确信除了 Artifactory 实现之外,这样的事情是可能的,这个特殊的事情只是我所知道的)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.