2020-06-23 00:09:42 +05:30
---
stage: Package
group: Package
2021-02-22 17:27:13 +05:30
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
2020-06-23 00:09:42 +05:30
---
2021-03-11 19:13:27 +05:30
# npm packages in the Package Registry **(FREE)**
2019-12-04 20:38:33 +05:30
2021-03-11 19:13:27 +05:30
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/5934) in GitLab Premium 11.7.
> - [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/221259) to GitLab Free in 13.3.
2019-12-04 20:38:33 +05:30
2021-03-11 19:13:27 +05:30
Publish npm packages in your project's Package Registry. Then install the
2021-01-29 00:20:46 +05:30
packages whenever you need to use them as a dependency.
2019-12-04 20:38:33 +05:30
2021-02-22 17:27:13 +05:30
Only [scoped ](https://docs.npmjs.com/misc/scope/ ) packages are supported.
2019-12-04 20:38:33 +05:30
2021-06-08 01:23:25 +05:30
For documentation of the specific API endpoints that the npm package manager
client uses, see the [npm API documentation ](../../../api/packages/npm.md ).
2021-03-11 19:13:27 +05:30
## Build an npm package
2019-12-04 20:38:33 +05:30
2021-03-11 19:13:27 +05:30
This section covers how to install npm or Yarn and build a package for your
2021-01-29 00:20:46 +05:30
JavaScript project.
2019-12-04 20:38:33 +05:30
2021-03-11 19:13:27 +05:30
If you already use npm and know how to build your own packages, go to
2021-01-29 00:20:46 +05:30
the [next section ](#authenticate-to-the-package-registry ).
2019-12-04 20:38:33 +05:30
2021-03-11 19:13:27 +05:30
### Install npm
2019-12-04 20:38:33 +05:30
2021-03-11 19:13:27 +05:30
Install Node.js and npm in your local development environment by following
2021-02-22 17:27:13 +05:30
the instructions at [npmjs.com ](https://docs.npmjs.com/downloading-and-installing-node-js-and-npm/ ).
2019-12-04 20:38:33 +05:30
2021-03-11 19:13:27 +05:30
When installation is complete, verify you can use npm in your terminal by
2020-03-13 15:44:24 +05:30
running:
```shell
npm --version
2020-01-01 13:55:28 +05:30
```
2020-03-13 15:44:24 +05:30
2021-03-11 19:13:27 +05:30
The npm version is shown in the output:
2020-03-13 15:44:24 +05:30
2020-04-08 14:13:33 +05:30
```plaintext
2020-03-13 15:44:24 +05:30
6.10.3
2020-01-01 13:55:28 +05:30
```
2021-01-29 00:20:46 +05:30
### Install Yarn
2020-01-01 13:55:28 +05:30
2021-03-11 19:13:27 +05:30
As an alternative to npm, you can install Yarn in your local environment by following the
2021-06-08 01:23:25 +05:30
instructions at [classic.yarnpkg.com ](https://classic.yarnpkg.com/en/docs/install ).
2020-01-01 13:55:28 +05:30
2021-01-29 00:20:46 +05:30
When installation is complete, verify you can use Yarn in your terminal by
running:
2019-12-26 22:10:19 +05:30
2020-03-13 15:44:24 +05:30
```shell
yarn --version
```
2021-01-29 00:20:46 +05:30
The Yarn version is shown in the output:
2020-03-13 15:44:24 +05:30
2020-04-08 14:13:33 +05:30
```plaintext
2020-03-13 15:44:24 +05:30
1.19.1
```
2021-01-29 00:20:46 +05:30
### Create a project
2020-03-13 15:44:24 +05:30
2021-01-29 00:20:46 +05:30
To create a project:
2020-03-13 15:44:24 +05:30
2021-01-29 00:20:46 +05:30
1. Create an empty directory.
1. Go to the directory and initialize an empty package by running:
2020-03-13 15:44:24 +05:30
2021-01-29 00:20:46 +05:30
```shell
npm init
```
2020-03-13 15:44:24 +05:30
2021-01-29 00:20:46 +05:30
Or if you're using Yarn:
```shell
yarn init
```
1. Enter responses to the questions. Ensure the **package name** follows
the [naming convention ](#package-naming-convention ) and is scoped to the
project or group where the registry exists.
A `package.json` file is created.
2021-03-11 19:13:27 +05:30
## Use the GitLab endpoint for npm packages
2021-01-29 00:20:46 +05:30
2021-03-11 19:13:27 +05:30
To use the GitLab endpoint for npm packages, choose an option:
2021-01-29 00:20:46 +05:30
2021-03-11 19:13:27 +05:30
- **Project-level**: Use when you have few npm packages and they are not in
2021-04-17 20:07:23 +05:30
the same GitLab group. The [package naming convention ](#package-naming-convention ) is not enforced at this level.
2021-09-30 23:02:18 +05:30
Instead, you should use a [scope ](https://docs.npmjs.com/cli/v6/using-npm/scope/ ) for your package.
2021-04-17 20:07:23 +05:30
When you use a scope, the registry URL is [updated ](#authenticate-to-the-package-registry ) only for that scope.
2021-03-11 19:13:27 +05:30
- **Instance-level**: Use when you have many npm packages in different
2021-01-29 00:20:46 +05:30
GitLab groups or in their own namespace. Be sure to comply with the [package naming convention ](#package-naming-convention ).
2020-03-13 15:44:24 +05:30
2021-01-29 00:20:46 +05:30
Some features such as [publishing ](#publish-an-npm-package ) a package is only available on the project-level endpoint.
2020-03-13 15:44:24 +05:30
2021-01-29 00:20:46 +05:30
## Authenticate to the Package Registry
2019-12-04 20:38:33 +05:30
2021-03-08 18:12:59 +05:30
You must authenticate with the Package Registry when the project
is private. Public projects do not require authentication.
To authenticate, use one of the following:
2019-12-04 20:38:33 +05:30
2021-01-29 00:20:46 +05:30
- A [personal access token ](../../../user/profile/personal_access_tokens.md )
(required for two-factor authentication (2FA)), with the scope set to `api` .
- A [deploy token ](../../project/deploy_tokens/index.md ), with the scope set to `read_package_registry` , `write_package_registry` , or both.
- It's not recommended, but you can use [OAuth tokens ](../../../api/oauth2.md#resource-owner-password-credentials-flow ).
2021-03-11 19:13:27 +05:30
Standard OAuth tokens cannot authenticate to the GitLab npm Registry. You must use a personal access token with OAuth headers.
2021-01-29 00:20:46 +05:30
- A [CI job token ](#authenticate-with-a-ci-job-token ).
2021-09-04 01:27:46 +05:30
- Your npm package name must be in the format of [`@scope/package-name` ](#package-naming-convention ).
It must match exactly, including the case.
2019-12-04 20:38:33 +05:30
2021-01-29 00:20:46 +05:30
### Authenticate with a personal access token or deploy token
2019-12-04 20:38:33 +05:30
2021-02-22 17:27:13 +05:30
To authenticate with the Package Registry, you need a [personal access token ](../../profile/personal_access_tokens.md ) or [deploy token ](../../project/deploy_tokens/index.md ).
2019-12-04 20:38:33 +05:30
2021-03-11 19:13:27 +05:30
#### Project-level npm endpoint
2021-01-29 00:20:46 +05:30
2021-03-11 19:13:27 +05:30
To use the [project-level ](#use-the-gitlab-endpoint-for-npm-packages ) npm endpoint, set your npm configuration:
2019-12-04 20:38:33 +05:30
2020-03-13 15:44:24 +05:30
```shell
# Set URL for your scoped packages.
# For example package with name `@foo/bar` will use this URL for download
2021-01-29 00:20:46 +05:30
npm config set @foo:registry https://gitlab.example.com/api/v4/projects/< your_project_id > /packages/npm/
2019-12-04 20:38:33 +05:30
2021-01-29 00:20:46 +05:30
# Add the token for the scoped packages URL. Replace <your_project_id>
# with the project where your package is located.
2021-04-29 21:17:54 +05:30
npm config set -- '//gitlab.example.com/api/v4/projects/< your_project_id > /packages/npm/:_authToken' "< your_token > "
2019-12-04 20:38:33 +05:30
```
2021-01-29 00:20:46 +05:30
- `<your_project_id>` is your project ID, found on the project's home page.
- `<your_token>` is your personal access token or deploy token.
- Replace `gitlab.example.com` with your domain name.
2019-12-04 20:38:33 +05:30
2021-03-11 19:13:27 +05:30
You should now be able to publish and install npm packages in your project.
2019-12-04 20:38:33 +05:30
2021-01-29 00:20:46 +05:30
If you encounter an error with [Yarn ](https://classic.yarnpkg.com/en/ ), view
[troubleshooting steps ](#troubleshooting ).
2019-12-04 20:38:33 +05:30
2021-03-11 19:13:27 +05:30
#### Instance-level npm endpoint
2019-12-21 20:55:43 +05:30
2021-03-11 19:13:27 +05:30
To use the [instance-level ](#use-the-gitlab-endpoint-for-npm-packages ) npm endpoint, set your npm configuration:
2019-12-21 20:55:43 +05:30
2020-03-13 15:44:24 +05:30
```shell
2021-01-29 00:20:46 +05:30
# Set URL for your scoped packages.
# For example package with name `@foo/bar` will use this URL for download
npm config set @foo:registry https://gitlab.example.com/api/v4/packages/npm/
2019-12-21 20:55:43 +05:30
2021-01-29 00:20:46 +05:30
# Add the token for the scoped packages URL. This will allow you to download
# `@foo/` packages from private projects.
2021-04-29 21:17:54 +05:30
npm config set -- '//gitlab.example.com/api/v4/packages/npm/:_authToken' "< your_token > "
2021-01-29 00:20:46 +05:30
```
2019-12-21 20:55:43 +05:30
2021-01-29 00:20:46 +05:30
- `<your_token>` is your personal access token or deploy token.
- Replace `gitlab.example.com` with your domain name.
2019-12-21 20:55:43 +05:30
2021-04-17 20:07:23 +05:30
You should now be able to install npm packages in your project.
2019-12-21 20:55:43 +05:30
2021-01-29 00:20:46 +05:30
If you encounter an error with [Yarn ](https://classic.yarnpkg.com/en/ ), view
[troubleshooting steps ](#troubleshooting ).
2020-01-01 13:55:28 +05:30
2021-01-29 00:20:46 +05:30
### Authenticate with a CI job token
2019-12-26 22:10:19 +05:30
2021-01-29 00:20:46 +05:30
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/9104) in GitLab Premium 12.5.
2021-03-11 19:13:27 +05:30
> - [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/221259) to GitLab Free in 13.3.
2019-12-26 22:10:19 +05:30
2021-03-11 19:13:27 +05:30
If you're using npm with GitLab CI/CD, a CI job token can be used instead of a personal access token or deploy token.
2020-10-24 23:57:45 +05:30
The token inherits the permissions of the user that generates the pipeline.
2019-12-26 22:10:19 +05:30
2021-03-11 19:13:27 +05:30
#### Project-level npm endpoint
2021-01-29 00:20:46 +05:30
2021-03-11 19:13:27 +05:30
To use the [project-level ](#use-the-gitlab-endpoint-for-npm-packages ) npm endpoint, add a corresponding section to your `.npmrc` file:
2019-12-26 22:10:19 +05:30
```ini
2021-01-29 00:20:46 +05:30
@foo:registry =https://gitlab.example.com/api/v4/projects/${CI_PROJECT_ID}/packages/npm/
//gitlab.example.com/api/v4/projects/${CI_PROJECT_ID}/packages/npm/:_authToken=${CI_JOB_TOKEN}
2019-12-26 22:10:19 +05:30
```
2019-12-21 20:55:43 +05:30
2021-03-11 19:13:27 +05:30
#### Instance-level npm endpoint
2019-12-04 20:38:33 +05:30
2021-03-11 19:13:27 +05:30
To use the [instance-level ](#use-the-gitlab-endpoint-for-npm-packages ) npm endpoint, add a corresponding section to your `.npmrc` file:
2019-12-04 20:38:33 +05:30
2021-01-29 00:20:46 +05:30
```ini
@foo:registry =https://gitlab.example.com/api/v4/packages/npm/
//gitlab.example.com/api/v4/packages/npm/:_authToken=${CI_JOB_TOKEN}
2019-12-04 20:38:33 +05:30
```
2021-01-29 00:20:46 +05:30
#### Use variables to avoid hard-coding auth token values
2019-12-04 20:38:33 +05:30
2021-01-29 00:20:46 +05:30
To avoid hard-coding the `authToken` value, you may use a variable in its place:
2019-12-04 20:38:33 +05:30
2020-03-13 15:44:24 +05:30
```shell
2021-04-29 21:17:54 +05:30
npm config set -- '//gitlab.example.com/api/v4/projects/< your_project_id > /packages/npm/:_authToken' "${NPM_TOKEN}"
npm config set -- '//gitlab.example.com/api/v4/packages/npm/:_authToken' "${NPM_TOKEN}"
2019-12-04 20:38:33 +05:30
```
2021-01-29 00:20:46 +05:30
Then, you can run `npm publish` either locally or by using GitLab CI/CD.
2019-12-04 20:38:33 +05:30
2021-01-29 00:20:46 +05:30
- **Locally:** Export `NPM_TOKEN` before publishing:
2019-12-04 20:38:33 +05:30
2021-01-29 00:20:46 +05:30
```shell
NPM_TOKEN=< your_token > npm publish
```
2019-12-04 20:38:33 +05:30
2021-09-30 23:02:18 +05:30
- **GitLab CI/CD:** Set an `NPM_TOKEN` [CI/CD variable ](../../../ci/variables/index.md )
2021-01-29 00:20:46 +05:30
under your project's **Settings > CI/CD > Variables** .
2019-12-04 20:38:33 +05:30
2020-03-13 15:44:24 +05:30
## Package naming convention
2021-04-17 20:07:23 +05:30
When you use the [instance-level endpoint ](#use-the-gitlab-endpoint-for-npm-packages ), only the packages with names in the format of `@scope/package-name` are available.
2021-01-29 00:20:46 +05:30
2021-04-17 20:07:23 +05:30
- The `@scope` is the root namespace of the GitLab project. To follow npm's convention, it should be
lowercase. However, the GitLab package registry allows for uppercase. Before GitLab 13.10, the
`@scope` had to be a case-sensitive match of the GitLab project's root namespace. This was
problematic because the npm public registry does not allow uppercase letters. GitLab 13.10 relaxes
this requirement and translates uppercase in the GitLab `@scope` to lowercase for npm. For
example, a package `@MyScope/package-name` in GitLab becomes `@myscope/package-name` for npm.
2021-01-29 00:20:46 +05:30
- The `package-name` can be whatever you want.
For example, if your project is `https://gitlab.example.com/my-org/engineering-group/team-amazing/analytics` ,
the root namespace is `my-org` . When you publish a package, it must have `my-org` as the scope.
2020-03-13 15:44:24 +05:30
| Project | Package | Supported |
| ---------------------- | ----------------------- | --------- |
2021-01-29 00:20:46 +05:30
| `my-org/bar` | `@my-org/bar` | Yes |
| `my-org/bar/baz` | `@my-org/baz` | Yes |
2021-04-17 20:07:23 +05:30
| `My-Org/Bar/baz` | `@my-org/Baz` | Yes |
| `My-Org/Bar/baz` | `@My-Org/Baz` | Yes |
2021-01-29 00:20:46 +05:30
| `my-org/bar/buz` | `@my-org/anything` | Yes |
2020-03-13 15:44:24 +05:30
| `gitlab-org/gitlab` | `@gitlab-org/gitlab` | Yes |
| `gitlab-org/gitlab` | `@foo/bar` | No |
2021-01-29 00:20:46 +05:30
In GitLab, this regex validates all package names from all package managers:
2020-03-13 15:44:24 +05:30
2020-04-22 19:07:51 +05:30
```plaintext
2020-03-13 15:44:24 +05:30
/\A\@?(([\w\-\.\+]*)\/)*([\w\-\.]+)@?(([\w\-\.\+]*)\/)*([\w\-\.]*)\z/
```
2021-03-11 19:13:27 +05:30
This regex allows almost all of the characters that npm allows, with a few exceptions (for example, `~` is not allowed).
2021-01-29 00:20:46 +05:30
2021-04-17 20:07:23 +05:30
The regex also allows for capital letters, while npm does not.
2020-03-13 15:44:24 +05:30
2021-02-22 17:27:13 +05:30
WARNING:
2021-01-29 00:20:46 +05:30
When you update the path of a user or group, or transfer a subgroup or project,
2021-03-11 19:13:27 +05:30
you must remove any npm packages first. You cannot update the root namespace
of a project with npm packages. Make sure you update your `.npmrc` files to follow
2021-01-29 00:20:46 +05:30
the naming convention and run `npm publish` if necessary.
2020-03-13 15:44:24 +05:30
2021-03-11 19:13:27 +05:30
## Publish an npm package
2020-03-13 15:44:24 +05:30
2021-01-29 00:20:46 +05:30
Prerequisites:
2020-03-13 15:44:24 +05:30
2021-01-29 00:20:46 +05:30
- [Authenticate ](#authenticate-to-the-package-registry ) to the Package Registry.
2021-03-11 19:13:27 +05:30
- Set a [project-level npm endpoint ](#use-the-gitlab-endpoint-for-npm-packages ).
2020-03-13 15:44:24 +05:30
2021-03-11 19:13:27 +05:30
To upload an npm package to your project, run this command:
2020-03-13 15:44:24 +05:30
```shell
2021-01-29 00:20:46 +05:30
npm publish
2020-03-13 15:44:24 +05:30
```
2021-01-29 00:20:46 +05:30
To view the package, go to your project's **Packages & Registries** .
2020-03-13 15:44:24 +05:30
2021-04-29 21:17:54 +05:30
You can also define `"publishConfig"` for your project in `package.json` . For example:
```json
{
"publishConfig": { "@foo:registry":" https://gitlab.example.com/api/v4/projects/< your_project_id > /packages/npm/" }
}
```
This forces the package to publish only to the specified registry.
2021-01-29 00:20:46 +05:30
If you try to publish a package [with a name that already exists ](#publishing-packages-with-the-same-name-or-version ) within
a given scope, you get a `403 Forbidden!` error.
2020-03-13 15:44:24 +05:30
2021-03-11 19:13:27 +05:30
## Publish an npm package by using CI/CD
2020-03-13 15:44:24 +05:30
2021-01-29 00:20:46 +05:30
Prerequisites:
2020-03-13 15:44:24 +05:30
2021-01-29 00:20:46 +05:30
- [Authenticate ](#authenticate-to-the-package-registry ) to the Package Registry.
2021-03-11 19:13:27 +05:30
- Set a [project-level npm endpoint ](#use-the-gitlab-endpoint-for-npm-packages ).
2021-09-04 01:27:46 +05:30
- Your npm package name must be in the format of [`@scope/package-name` ](#package-naming-convention ).
2021-03-11 19:13:27 +05:30
It must match exactly, including the case. This is different than the
npm naming convention, but it is required to work with the GitLab Package Registry.
2021-01-29 00:20:46 +05:30
2021-09-30 23:02:18 +05:30
To work with npm commands within [GitLab CI/CD ](../../../ci/index.md ), you can use
2021-01-29 00:20:46 +05:30
`CI_JOB_TOKEN` in place of the personal access token or deploy token in your commands.
2021-03-11 19:13:27 +05:30
An example `.gitlab-ci.yml` file for publishing npm packages:
2021-01-29 00:20:46 +05:30
```yaml
image: node:latest
stages:
- deploy
deploy:
stage: deploy
script:
2021-09-04 01:27:46 +05:30
- echo "//${CI_SERVER_HOST}/api/v4/projects/${CI_PROJECT_ID}/packages/npm/:_authToken=${CI_JOB_TOKEN}">.npmrc
2021-01-29 00:20:46 +05:30
- npm publish
2020-03-13 15:44:24 +05:30
```
2021-02-22 17:27:13 +05:30
See the
2021-03-11 19:13:27 +05:30
[Publish npm packages to the GitLab Package Registry using semantic-release ](../../../ci/examples/semantic-release.md )
2021-02-22 17:27:13 +05:30
step-by-step guide and demo project for a complete example.
2021-06-08 01:23:25 +05:30
## Configure the GitLab npm registry with Yarn 2
2021-09-30 23:02:18 +05:30
You can get started with Yarn 2 by following the [Yarn documentation ](https://yarnpkg.com/getting-started/install/ ).
2021-06-08 01:23:25 +05:30
To publish and install with the project-level npm endpoint, set the following configuration in
`.yarnrc.yml` :
```yaml
npmScopes:
foo:
npmRegistryServer: "https://gitlab.example.com/api/v4/projects/< your_project_id > /packages/npm/"
npmPublishRegistry: "https://gitlab.example.com/api/v4/projects/< your_project_id > /packages/npm/"
npmRegistries:
//gitlab.example.com/api/v4/projects/< your_project_id > /packages/npm/:
npmAlwaysAuth: true
npmAuthToken: "< your_token > "
```
For the instance-level npm endpoint, use this Yarn 2 configuration in `.yarnrc.yml` :
```yaml
npmScopes:
foo:
npmRegistryServer: "https://gitlab.example.com/api/v4/packages/npm/"
npmRegistries:
//gitlab.example.com/api/v4/packages/npm/:
npmAlwaysAuth: true
npmAuthToken: "< your_token > "
```
In this configuration:
- Replace `<your_token>` with your personal access token or deploy token.
- Replace `<your_project_id>` with your project's ID, which you can find on the project's home page.
- Replace `gitlab.example.com` with your domain name.
- Your scope is `foo` , without `@` .
2021-01-29 00:20:46 +05:30
## Publishing packages with the same name or version
You cannot publish a package if a package of the same name and version already exists.
You must delete the existing package first.
2021-10-27 15:23:28 +05:30
This rule has a different impact depending on the package name:
- For packages following the [naming convention ](#package-naming-convention ), you can't publish a
package with a duplicate name and version to the root namespace.
- For packages not following the [naming convention ](#package-naming-convention ), you can't publish
a package with a duplicate name and version to the project you target with the upload.
2021-01-29 00:20:46 +05:30
This aligns with npmjs.org's behavior. However, npmjs.org does not ever let you publish
the same version more than once, even if it has been deleted.
## Install a package
2021-03-11 19:13:27 +05:30
npm packages are commonly-installed by using the `npm` or `yarn` commands
2021-04-17 20:07:23 +05:30
in a JavaScript project. You can install a package from the scope of a project or instance.
If multiple packages have the same name and version, when you install a package, the most recently-published package is retrieved.
2021-01-29 00:20:46 +05:30
2021-11-18 22:05:49 +05:30
1. Set the URL for scoped packages.
For [instance-level endpoints ](#use-the-gitlab-endpoint-for-npm-packages ) run:
2021-01-29 00:20:46 +05:30
```shell
npm config set @foo:registry https://gitlab.example.com/api/v4/packages/npm/
```
2021-11-18 22:05:49 +05:30
- Replace `@foo` with your scope.
- Replace `gitlab.example.com` with your domain name.
For [project-level endpoints ](#use-the-gitlab-endpoint-for-npm-packages ) run:
```shell
npm config set @foo:registry https://gitlab.example.com/api/v4/projects/< your_project_id > /packages/npm/
```
- Replace `@foo` with your scope.
- Replace `gitlab.example.com` with your domain name.
- Replace `<your_project_id>` with your project ID, found on the project's home page.
2020-04-08 14:13:33 +05:30
2021-01-29 00:20:46 +05:30
1. Ensure [authentication ](#authenticate-to-the-package-registry ) is configured.
2020-04-08 14:13:33 +05:30
2021-03-11 19:13:27 +05:30
1. To install a package in your project, run:
2021-01-29 00:20:46 +05:30
```shell
2021-03-11 19:13:27 +05:30
npm install @my -scope/my-package
2021-01-29 00:20:46 +05:30
```
Or if you're using Yarn:
```shell
2021-03-11 19:13:27 +05:30
yarn add @my -scope/my-package
2021-01-29 00:20:46 +05:30
```
In [GitLab 12.9 and later ](https://gitlab.com/gitlab-org/gitlab/-/issues/55344 ),
2021-03-11 19:13:27 +05:30
when an npm package is not found in the Package Registry, the request is forwarded to [npmjs.com ](https://www.npmjs.com/ ).
2020-04-08 14:13:33 +05:30
Administrators can disable this behavior in the [Continuous Integration settings ](../../admin_area/settings/continuous_integration.md ).
2021-03-11 19:13:27 +05:30
### Install npm packages from other organizations
2021-01-03 14:25:43 +05:30
You can route package requests to organizations and users outside of GitLab.
2021-01-29 00:20:46 +05:30
To do this, add lines to your `.npmrc` file. Replace `my-org` with the namespace or group that owns your project's repository,
and use your organization's URL. The name is case-sensitive and must match the name of your group or namespace exactly.
2021-01-03 14:25:43 +05:30
```shell
@foo:registry =https://gitlab.example.com/api/v4/packages/npm/
2021-01-29 00:20:46 +05:30
//gitlab.example.com/api/v4/packages/npm/:_authToken= "< your_token > "
//gitlab.example.com/api/v4/projects/< your_project_id > /packages/npm/:_authToken= "< your_token > "
2021-01-03 14:25:43 +05:30
@my -other-org:registry=https://gitlab.example.com/api/v4/packages/npm/
2021-01-29 00:20:46 +05:30
//gitlab.example.com/api/v4/packages/npm/:_authToken= "< your_token > "
//gitlab.example.com/api/v4/projects/< your_project_id > /packages/npm/:_authToken= "< your_token > "
2021-01-03 14:25:43 +05:30
```
2021-03-11 19:13:27 +05:30
### npm dependencies metadata
2020-03-13 15:44:24 +05:30
2021-01-29 00:20:46 +05:30
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/11867) in GitLab Premium 12.6.
2021-03-11 19:13:27 +05:30
> - [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/221259) to GitLab Free in 13.3.
2020-03-13 15:44:24 +05:30
2021-03-11 19:13:27 +05:30
In GitLab 12.6 and later, packages published to the Package Registry expose the following attributes to the npm client:
2020-03-13 15:44:24 +05:30
2021-01-29 00:20:46 +05:30
- name
- version
- dist-tags
- dependencies
- dependencies
- devDependencies
- bundleDependencies
- peerDependencies
- deprecated
2020-03-13 15:44:24 +05:30
2021-03-11 19:13:27 +05:30
## Add npm distribution tags
2020-03-13 15:44:24 +05:30
2021-01-29 00:20:46 +05:30
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/9425) in GitLab Premium 12.8.
2021-03-11 19:13:27 +05:30
> - [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/221259) to GitLab Free in 13.3.
2020-03-13 15:44:24 +05:30
2021-02-22 17:27:13 +05:30
You can add [distribution tags ](https://docs.npmjs.com/cli/dist-tag/ ) to newly-published packages.
2021-01-29 00:20:46 +05:30
Tags are optional and can be assigned to only one package at a time.
2020-03-13 15:44:24 +05:30
2021-01-29 00:20:46 +05:30
When you publish a package without a tag, the `latest` tag is added by default.
When you install a package without specifying the tag or version, the `latest` tag is used.
Examples of the supported `dist-tag` commands:
```shell
npm publish @scope/package --tag # Publish a package with new tag
npm dist-tag add @scope/package@version my-tag # Add a tag to an existing package
npm dist-tag ls @scope/package # List all tags under the package
npm dist-tag rm @scope/package@version my-tag # Delete a tag from the package
npm install @scope/package@my -tag # Install a specific tag
2020-03-13 15:44:24 +05:30
```
2021-01-29 00:20:46 +05:30
You cannot use your `CI_JOB_TOKEN` or deploy token with the `npm dist-tag` commands.
View [this issue ](https://gitlab.com/gitlab-org/gitlab/-/issues/258835 ) for details.
2021-03-11 19:13:27 +05:30
Due to a bug in npm 6.9.0, deleting distribution tags fails. Make sure your npm version is 6.9.1 or later.
2020-07-28 23:09:34 +05:30
2019-12-04 20:38:33 +05:30
## Troubleshooting
2021-04-29 21:17:54 +05:30
When troubleshooting npm issues, first run the same command with the `--verbose` flag to confirm
what registry you are hitting.
2021-09-30 23:02:18 +05:30
To improve performance, npm caches files related to a package. Note that npm doesn't remove data by
itself. The cache grows as new packages are installed. If you encounter issues, clear the cache with
this command:
```shell
npm cache clean --force
```
2021-03-11 19:13:27 +05:30
### Error running Yarn with the Package Registry for npm registry
2019-12-04 20:38:33 +05:30
2021-03-11 19:13:27 +05:30
If you are using [Yarn ](https://classic.yarnpkg.com/en/ ) with the npm registry, you may get
2019-12-04 20:38:33 +05:30
an error message like:
2020-03-13 15:44:24 +05:30
```shell
2019-12-04 20:38:33 +05:30
yarn install v1.15.2
warning package.json: No license field
info No lockfile found.
warning XXX: No license field
[1/4] 🔍 Resolving packages...
[2/4] 🚚 Fetching packages...
2021-01-29 00:20:46 +05:30
error An unexpected error occurred: "https://gitlab.example.com/api/v4/projects/XXX/packages/npm/XXX/XXX/-/XXX/XXX-X.X.X.tgz: Request failed \"404 Not Found\"".
2019-12-04 20:38:33 +05:30
info If you think this is a bug, please open a bug report with the information provided in "/Users/XXX/gitlab-migration/module-util/yarn-error.log".
2020-04-22 19:07:51 +05:30
info Visit https://classic.yarnpkg.com/en/docs/cli/install for documentation about this command
2019-12-04 20:38:33 +05:30
```
2020-03-13 15:44:24 +05:30
In this case, try adding this to your `.npmrc` file (and replace `<your_token>`
2020-05-24 23:13:21 +05:30
with your personal access token or deploy token):
2019-12-04 20:38:33 +05:30
2020-05-24 23:13:21 +05:30
```plaintext
2021-01-29 00:20:46 +05:30
//gitlab.example.com/api/v4/projects/:_authToken=< your_token >
2019-12-04 20:38:33 +05:30
```
2019-12-21 20:55:43 +05:30
2021-01-03 14:25:43 +05:30
You can also use `yarn config` instead of `npm config` when setting your auth-token dynamically:
```shell
2021-01-29 00:20:46 +05:30
yarn config set '//gitlab.example.com/api/v4/projects/< your_project_id > /packages/npm/:_authToken' "< your_token > "
yarn config set '//gitlab.example.com/api/v4/packages/npm/:_authToken' "< your_token > "
2021-01-03 14:25:43 +05:30
```
2021-03-11 19:13:27 +05:30
### `npm publish` targets default npm registry (`registry.npmjs.org`)
2019-12-21 20:55:43 +05:30
Ensure that your package scope is set consistently in your `package.json` and `.npmrc` files.
For example, if your project name in GitLab is `foo/my-package` , then your `package.json` file
should look like:
```json
{
"name": "@foo/my-package",
"version": "1.0.0",
2021-03-11 19:13:27 +05:30
"description": "Example package for GitLab npm registry",
2019-12-21 20:55:43 +05:30
}
```
And the `.npmrc` file should look like:
```ini
2021-01-29 00:20:46 +05:30
//gitlab.example.com/api/v4/projects/< your_project_id > /packages/npm/:_authToken=< your_token >
//gitlab.example.com/api/v4/packages/npm/:_authToken=< your_token >
@foo:registry =https://gitlab.example.com/api/v4/packages/npm/
2019-12-21 20:55:43 +05:30
```
2020-01-01 13:55:28 +05:30
2021-03-11 19:13:27 +05:30
### `npm install` returns `Error: Failed to replace env in config: ${npm_TOKEN}`
2020-03-13 15:44:24 +05:30
2021-09-30 23:02:18 +05:30
You do not need a token to run `npm install` unless your project is private. The token is only required to publish. If the `.npmrc` file was checked in with a reference to `$npm_TOKEN` , you can remove it. If you prefer to leave the reference in, you must set a value prior to running `npm install` or set the value by using [GitLab CI/CD variables ](../../../ci/variables/index.md ):
2020-03-13 15:44:24 +05:30
```shell
NPM_TOKEN=< your_token > npm install
```
2020-05-24 23:13:21 +05:30
### `npm install` returns `npm ERR! 403 Forbidden`
2021-01-29 00:20:46 +05:30
If you get this error, ensure that:
2021-01-03 14:25:43 +05:30
2021-01-29 00:20:46 +05:30
- Your token is not expired and has appropriate permissions.
2021-03-11 19:13:27 +05:30
- A package with the same name or version doesn't already exist within the given scope.
2021-04-29 21:17:54 +05:30
- Your NPM package name does not contain a dot `.` . This is a [known issue ](https://gitlab.com/gitlab-org/gitlab-ee/issues/10248 )
in GitLab 11.9 and earlier.
2021-01-29 00:20:46 +05:30
- The scoped packages URL includes a trailing slash:
- Correct: `//gitlab.example.com/api/v4/packages/npm/`
- Incorrect: `//gitlab.example.com/api/v4/packages/npm`
2021-02-22 17:27:13 +05:30
### `npm publish` returns `npm ERR! 400 Bad Request`
2021-09-30 23:02:18 +05:30
If you get this error, one of the following problems could be causing it.
#### Package name does not meet the naming convention
Your package name may not meet the
2021-09-04 01:27:46 +05:30
[`@scope/package-name` package naming convention ](#package-naming-convention ).
2021-02-22 17:27:13 +05:30
Ensure the name meets the convention exactly, including the case.
Then try to publish again.
2021-03-08 18:12:59 +05:30
2021-09-30 23:02:18 +05:30
#### Package already exists
Your package has already been published to another project in the same
root namespace and therefore cannot be published again using the same name.
This is also true even if the prior published package shares the same name,
but not the version.
2021-03-08 18:12:59 +05:30
### `npm publish` returns `npm ERR! 500 Internal Server Error - PUT`
This is a [known issue ](https://gitlab.com/gitlab-org/gitlab/-/issues/238950 ) in GitLab
13.3.x and later. The error in the logs will appear as:
```plaintext
>NoMethodError - undefined method `preferred_language' for #< Rack::Response
```
This might be accompanied by another error:
```plaintext
>Errno::EACCES","exception.message":"Permission denied
```
This is usually a permissions issue with either:
- `'packages_storage_path'` default `/var/opt/gitlab/gitlab-rails/shared/packages/` .
- The remote bucket if [object storage ](../../../administration/packages/#using-object-storage )
is used.
2021-04-29 21:17:54 +05:30
In the latter case, ensure the bucket exists and GitLab has write access to it.
## Supported CLI commands
The GitLab npm repository supports the following commands for the npm CLI (`npm`) and yarn CLI
(`yarn`):
- `npm install` : Install npm packages.
- `npm publish` : Publish an npm package to the registry.
- `npm dist-tag add` : Add a dist-tag to an npm package.
- `npm dist-tag ls` : List dist-tags for a package.
- `npm dist-tag rm` : Delete a dist-tag.
- `npm ci` : Install npm packages directly from your `package-lock.json` file.
- `npm view` : Show package metadata.
- `yarn add` : Install an npm package.
- `yarn update` : Update your dependencies.