Problem with node-gyp not using the npm configured private registry

Question

The server this is running on is behind a corporate firewall, and only has access out to this specific private registry, which also acts as a proxy out to the public npm registry (for packages that we don't have).

NPM itself is working fine; but when the node-gyp module is used, it tries to do a GET out to nodejs.org - gyp http GET https://nodejs.org/download/release/v9.11.2/node-v9.11.2-headers.tar.gz. That fails, because the system doesn't have access to reach that. Question is why isn't node-gyp using the registry that was defined in the npm config? Or do I have to setup a separate config for the headers to use a separate source?

Here is my npm config settings:

; cli configs
metrics-registry = "https://corporate/registry/"
scope = ""
user-agent = "npm/5.6.0 node/v9.11.2 linux x64"

; userconfig /home/user123/.npmrc
always-auth = true
cafile = "/home/user123/pub-cert.crt"
registry = "https://corporate/registry/"
sass_binary_path = "/root/linux-x64-59_binding.node"
strict-ssl = false

Hi, did you found a solution ? – Georges Petrov Apr 12 '21 at 11:03 — Georges Petrov, Apr 12 '21 at 11:03
Hi, @xil3. Do you have any news about this problem? – Mikhail_Sam Aug 03 '22 at 10:53 — Mikhail_Sam, Aug 03 '22 at 10:53

score 0 · Answer 1 · answered May 31 '23 at 22:47

After reading the node-gyp docs, I was able to eventually get it working for my situation by doing the following before performing a node build:

npm config set disturl <url>

(in your case, <url> would be https://corporate/registry/, assuming that is the root url of your private npm registry.
In your .npmrc, that would likely look like:

disturl = "https://corporate/registry/"

I originally tried doing the equivalent via setting an environment variable, but the frustrating part is that the node-gyp docs linked above specifically say

Use the form npm_config_OPTION_NAME for any of the command options listed above (dashes in option names should be replaced by underscores)

Given that their docs refer to the corresponding flag as --dist-url, you would assume the env var would be npm_config_dist_url, but that is wrong. It's actually npm_config_disturl.

With either of the above approaches, however, you will need to assure your registry also contains the SHASUM256.txt file which can be obtained via the following command: curl -O https://nodejs.org/dist/vx.y.z/SHASUMS256.txt, replacing x.y.z with the version in question, in your case 9.11.2.

A third option would be to download the headers tgz from your private registry ahead of time using wget or a similar tool, then setting the tarball setting with npm config set tarball <path/to/downloaded/headers.tgz> (or the .npmrc/env var equivalent approaches). This method does not enforce verifying checksums.

Problem with node-gyp not using the npm configured private registry

1 Answers1