It's pretty straight forward to install a package from a private registry:
npm install my-package --registry https://<private-registry-url>
This will add an entry to the package-lock.json:
"my-package": {
"version": "1.0.0",
"resolved": "https://<private-registry-url>/<some_path>/my-package-1.0.0.tgz",
"integrity": "sha1-Pjs/y9sEp49/OC8+8eEZFdwT3BQ="
},
So far so good, everything as expected.
The problem now is when you want to install all npm packages from a different device using npm install. This will fail with following error:
npm ERR! code E404
npm ERR! 404 Not Found - GET https://registry.npmjs.org/my-package - Not found
npm ERR! 404
npm ERR! 404 'my-package@1.0.0' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404 It was specified as a dependency of 'app'
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\<user>\AppData\Roaming\npm-cache\_logs\2019-08-06T08_33_05_103Z-debug.log
So it tries to fetch my-package from the public npm registry (https://registry.npmjs.org/my-package), but of course fails because my-package is located in the private registry.
Now this really breaks my understanding of package-lock.json..
Shouldn't npm look in the package-lock.json to see where the packages were resolved before? Instead it just assumes that it has to be in the public registry..
The other funny thing is, that it works once you manually installed the package with the --registry flag again:
npm install my-package --registry https://<private-registry-url> && npm i
And after that it will work everytime until you upgrade the version of my-package or switch the device..
I also tried npm ci command but without success (same error).
So how to properly install packages from private registries, so they can easily be installed on any other device using npm install?
