I'm using Verdaccio as my NPM proxy for a long time. However, recently I realized that the following .npmrc configuration that makes the npm proxy to work:
registry=http://localhost:4873/
also causes the package-lock.json files generated with localhost:4873 entries instead of the original package addresses. For example:
"ms": {
"version": "2.0.0",
- "resolved": "http://localhost:4873/ms/-/ms-2.0.0.tgz",
- "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g="
+ "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+ "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
},
The original package address (https://registry.npmjs.org/ms/-/ms-2.0.0.tgz for example) is a crucial data when the application is being installed on another machine.
How can I keep using my npm proxy and still keep the original package addresses in package-lock.json so any other user who doesn't use a local proxy still have a valid package-lock.json?
