8

I have a private npm registry with npmjs.org which contains several private npm packages. We are moving to a private npm registry in-house (verdaccio). Long-story short, with our AWS infrastructure, the verdaccio server could be rebuilt for many reasons and the main issue is that when a new server is spun up with a fresh verdaccio install, It won't have any packages published, obviously. I'm trying to create a script that will run when the server is created that will do a few things: 1. Ask the user what the previous npm registry is along with an authToken for a user (is our case, a service user that only the server uses) 2. Query the previous npm registry to get a list of all private scoped packages with all its versions 3. Copy/Migrate/Publish all previously existing packages and versions to the new verdaccio registry so the first person to run "npm install" will get them.

There are several utility packages out there for helping with type of task, but none deal with private packages. I've tried using the authToken from the .npmrc file that gets generated when a user is logged in, from within a curl command, but nothing gets returned. I've tried using the npm search function. I've tried all of these utility packages. I've tried the npm v2 api, but nothing seems to return private packages.

https://www.npmjs.com/package/registry-migrate

https://www.npmjs.com/package/npm-migrate

https://github.com/finn-no/migrate-npm-registry

https://github.com/npm/npm-registry-client

https://api-docs.npms.io/#api-Package-GetMultiPackageInfo

Anyone have any ideas?? Thanks!

Saveen
  • 4,120
  • 14
  • 38
  • 41
Dan Scrima
  • 81
  • 1
  • 2
  • I'm also seeing this post, which says that registry.npmjs.org doesn't accept any auth headers... which would definitely suck. https://www.jfrog.com/jira/browse/RTFACT-12910 – Dan Scrima May 21 '18 at 19:23

1 Answers1

11

You need to add the NPM_TOKEN in the npm registry API.

I found 2 endpoints that can help you perform any necessary logic with the versions of the private npm packages

  1. List all private npm packages names and access
curl -H "Authorization: Bearer $NPM_TOKEN" "https://registry.npmjs.org/-/user/[NPM_USERNAME]/package"

Example response:

{ "my-package": "write" }

** NPM_USERNAME can be the organization's scope.

  1. Fetch npm package details
curl -H "Authorization: Bearer $NPM_TOKEN" "https://registry.npmjs.org/[NPM_PACKAGE_NAME]"

Example response:

{
  "_id": "my-package",
  "name": "my-package",
  "dist-tags": { "latest": "1.0.0" },
  "versions": {
    "1.0.0": {
      "name": "my-package",
      "version": "1.0.0"
      //...
    }
  //...
  }
}
miguel savignano
  • 1,109
  • 13
  • 9
  • This answer is incredible, I've looked everywhere for this. Can't beileve I'm the first person to upvote this. Thanks!!! – Yaron Idan Jun 11 '21 at 05:50
  • I have been hunting for this endpoint for hours. You are a lifesaver. Is this documented anywhere? How did you find the endpoint? – kingsfoil Feb 08 '22 at 01:46