debian-mirror-gitlab/doc/user/packages/npm_registry/index.md

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

355 lines
14 KiB
Markdown
Raw Normal View History

2020-06-23 00:09:42 +05:30
---
stage: Package
2023-01-13 00:05:48 +05:30
group: Package Registry
2022-11-25 23:54:43 +05:30
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
2020-06-23 00:09:42 +05:30
---
2021-03-11 19:13:27 +05:30
# npm packages in the Package Registry **(FREE)**
2019-12-04 20:38:33 +05:30
2023-03-04 22:38:38 +05:30
For documentation of the specific API endpoints that the npm package manager client uses, see the [npm API documentation](../../../api/packages/npm.md).
2022-01-26 12:08:38 +05:30
2023-01-13 00:05:48 +05:30
Learn how to build an [npm](../workflows/build_packages.md#npm) or [yarn](../workflows/build_packages.md#yarn) package.
2021-01-29 00:20:46 +05:30
2023-03-04 22:38:38 +05:30
Watch a [video demo](https://youtu.be/yvLxtkvsFDA) of how to publish npm packages to the GitLab Package Registry.
2021-01-29 00:20:46 +05:30
2023-03-04 22:38:38 +05:30
## Publish to GitLab Package Registry
2020-03-13 15:44:24 +05:30
2023-03-04 22:38:38 +05:30
### Authentication to the Package Registry
2020-03-13 15:44:24 +05:30
2023-03-04 22:38:38 +05:30
You need an token to publish a package. There are different tokens available depending on what you're trying to achieve. For more information, review the [guidance on tokens](../../../user/packages/package_registry/index.md#authenticate-with-the-registry).
2019-12-04 20:38:33 +05:30
2023-03-04 22:38:38 +05:30
- If your organization uses two factor authentication (2FA), you must use a personal access token with the scope set to `api`.
- If you are publishing a package via CI/CD pipelines, you must use a CI job token.
2021-03-08 18:12:59 +05:30
2023-03-04 22:38:38 +05:30
Create a token and save it to use later in the process.
2019-12-04 20:38:33 +05:30
2023-03-04 22:38:38 +05:30
### Naming convention
2019-12-04 20:38:33 +05:30
2023-04-23 21:23:45 +05:30
Depending on how the package is installed, you may need to adhere to the naming convention.
2019-12-04 20:38:33 +05:30
2023-03-04 22:38:38 +05:30
You can use one of two API endpoints to install packages:
2019-12-04 20:38:33 +05:30
2023-03-04 22:38:38 +05:30
- **Instance-level**: Use when you have many npm packages in different GitLab groups or in their own namespace.
- **Project-level**: Use when you have few npm packages and they are not in the same GitLab group.
2021-01-29 00:20:46 +05:30
2023-03-04 22:38:38 +05:30
If you plan to install a package through the [project level](#install-from-the-project-level), then you do not have to adhere to the naming convention.
2019-12-04 20:38:33 +05:30
2023-03-04 22:38:38 +05:30
If you plan to install a package through the [instance level](#install-from-the-instance-level), then you must name your package with a [scope](https://docs.npmjs.com/misc/scope/). Scoped packages begin with a `@` have the format of `@owner/package-name`. You can set up the scope for your package in the `.npmrc` file and by using the `publishConfig` option in the `package.json`.
2019-12-04 20:38:33 +05:30
2023-04-23 21:23:45 +05:30
- The value used for the `@scope` is the root of the project that is hosting the packages and not the root
2023-03-04 22:38:38 +05:30
of the project with the source code of the package itself. The scope should be lowercase.
- The package name can be anything you want
2019-12-04 20:38:33 +05:30
2023-03-04 22:38:38 +05:30
| Project URL | Package Registry in | Scope | Full package name |
| ------------------------------------------------------- | ------------------- | --------- | ---------------------- |
| `https://gitlab.com/my-org/engineering-group/analytics` | Analytics | `@my-org` | `@my-org/package-name` |
2019-12-04 20:38:33 +05:30
2023-03-04 22:38:38 +05:30
Make sure that the name of your package in the `package.json` file matches this convention:
2019-12-21 20:55:43 +05:30
2020-03-13 15:44:24 +05:30
```shell
2023-03-04 22:38:38 +05:30
"name": "@my-org/package-name"
2019-12-26 22:10:19 +05:30
```
2019-12-21 20:55:43 +05:30
2023-03-04 22:38:38 +05:30
## Publishing a package via the command line
2019-12-04 20:38:33 +05:30
2023-03-04 22:38:38 +05:30
### Authenticating via the `.npmrc`
2019-12-04 20:38:33 +05:30
2023-03-04 22:38:38 +05:30
Create or edit the `.npmrc` file in the same directory as your `package.json`. Include the following lines in the `.npmrc` file:
2019-12-04 20:38:33 +05:30
2020-03-13 15:44:24 +05:30
```shell
2023-03-04 22:38:38 +05:30
@scope:registry=https://your_domain_name/api/v4/projects/your_project_id/packages/npm/
//your_domain_name/api/v4/projects/your_project_id/packages/npm/:_authToken="${NPM_TOKEN}"
2019-12-04 20:38:33 +05:30
```
2023-03-04 22:38:38 +05:30
- Replace `@scope` with the [root level group](#naming-convention) of the project you're publishing to the package to.
- Replace `your_domain_name` with your domain name, for example, `gitlab.com`.
- Replace `your_project_id` is your project ID, found on the project's home page.
2023-04-23 21:23:45 +05:30
- `"${NPM_TOKEN}"` is associated with the token you created later in the process.
2019-12-04 20:38:33 +05:30
2023-03-04 22:38:38 +05:30
WARNING:
Never hardcode GitLab tokens (or any tokens) directly in `.npmrc` files or any other files that can
be committed to a repository.
2019-12-04 20:38:33 +05:30
2023-03-04 22:38:38 +05:30
### Publishing a package via the command line
2021-12-11 22:18:48 +05:30
2023-03-04 22:38:38 +05:30
Associate your [token](#authentication-to-the-package-registry) with the `"${NPM_TOKEN}"` in the `.npmrc`. Replace `your_token` with a deploy token, group access token, project access token, or personal access token.
2021-12-11 22:18:48 +05:30
```shell
2023-03-04 22:38:38 +05:30
NPM_TOKEN=your_token npm publish
2020-03-13 15:44:24 +05:30
```
2023-03-04 22:38:38 +05:30
Your package should now publish to the Package Registry.
2020-03-13 15:44:24 +05:30
2023-03-04 22:38:38 +05:30
## Publishing a package via a CI/CD pipeline
2022-04-04 11:22:00 +05:30
2023-03-04 22:38:38 +05:30
### Authenticating via the `.npmrc`
2020-03-13 15:44:24 +05:30
2023-03-04 22:38:38 +05:30
Create or edit the `.npmrc` file in the same directory as your `package.json` in a GitLab project. Include the following lines in the `.npmrc` file:
2020-03-13 15:44:24 +05:30
```shell
2023-03-04 22:38:38 +05:30
@scope:registry=https://your_domain_name/api/v4/projects/your_project_id/packages/npm/
//your_domain_name/api/v4/projects/${CI_PROJECT_ID}/packages/npm/:_authToken=${CI_JOB_TOKEN}
2020-03-13 15:44:24 +05:30
```
2023-03-04 22:38:38 +05:30
- Replace `@scope` with the [root level group](#naming-convention) of the project you're publishing to the package to.
- The `${CI_PROJECT_ID}` and `${CI_JOB_TOKEN}` are [predefined variables](../../../ci/variables/predefined_variables.md) that are available in the pipeline and do not need to be replaced.
2020-03-13 15:44:24 +05:30
2023-03-04 22:38:38 +05:30
### Publishing a package via a CI/CD pipeline
2021-04-29 21:17:54 +05:30
2023-03-04 22:38:38 +05:30
In the GitLab project that houses your `.npmrc` and `package.json`, edit or create a `.gitlab-ci.yml` file. For example:
2021-01-29 00:20:46 +05:30
```yaml
image: node:latest
stages:
- deploy
deploy:
stage: deploy
script:
2021-09-04 01:27:46 +05:30
- echo "//${CI_SERVER_HOST}/api/v4/projects/${CI_PROJECT_ID}/packages/npm/:_authToken=${CI_JOB_TOKEN}">.npmrc
2021-01-29 00:20:46 +05:30
- npm publish
2020-03-13 15:44:24 +05:30
```
2023-03-04 22:38:38 +05:30
Your package should now publish to the Package Registry when the pipeline runs.
2021-06-08 01:23:25 +05:30
2023-03-04 22:38:38 +05:30
## Install a package
2021-06-08 01:23:25 +05:30
2023-03-04 22:38:38 +05:30
If multiple packages have the same name and version, when you install a package, the most recently-published package is retrieved.
2021-06-08 01:23:25 +05:30
2023-03-04 22:38:38 +05:30
You can install a package from a GitLab project or instance:
2021-06-08 01:23:25 +05:30
2023-03-04 22:38:38 +05:30
- **Instance-level**: Use when you have many npm packages in different GitLab groups or in their own namespace.
- **Project-level**: Use when you have few npm packages and they are not in the same GitLab group.
2021-06-08 01:23:25 +05:30
2023-03-04 22:38:38 +05:30
### Install from the instance level
2021-06-08 01:23:25 +05:30
2023-03-04 22:38:38 +05:30
WARNING:
2023-04-23 21:23:45 +05:30
To install a package from the instance level, the package must have been published following the scoped [naming convention](#naming-convention).
2021-06-08 01:23:25 +05:30
2023-03-04 22:38:38 +05:30
1. Authenticate to the Package Registry
2021-01-29 00:20:46 +05:30
2023-04-23 21:23:45 +05:30
If you would like to install a package from a private project, you would have to authenticate to the Package Registry. Skip this step if the project is not private.
2021-01-29 00:20:46 +05:30
2023-03-04 22:38:38 +05:30
```shell
npm config set -- //your_domain_name/api/v4/packages/npm/:_authToken=your_token
```
2021-10-27 15:23:28 +05:30
2023-03-04 22:38:38 +05:30
- Replace `your_domain_name` with your domain name, for example, `gitlab.com`.
- Replace `your_token` with a deploy token, group access token, project access token, or personal access token.
2021-10-27 15:23:28 +05:30
2023-03-04 22:38:38 +05:30
1. Set the registry
2021-01-29 00:20:46 +05:30
2023-03-04 22:38:38 +05:30
```shell
npm config set @scope:registry https://your_domain_name.com/api/v4/packages/npm/
```
2021-12-11 22:18:48 +05:30
2023-03-04 22:38:38 +05:30
- Replace `@scope` with the [root level group](#naming-convention) of the project you're installing to the package from.
- Replace `your_domain_name` with your domain name, for example `gitlab.com`.
- Replace `your_token` with a deploy token, group access token, project access token, or personal access token.
2021-12-11 22:18:48 +05:30
2023-03-04 22:38:38 +05:30
1. Install the package
2021-01-29 00:20:46 +05:30
2023-03-04 22:38:38 +05:30
```shell
npm install @scope/my-package
```
2021-04-17 20:07:23 +05:30
2023-03-04 22:38:38 +05:30
### Install from the project level
2021-01-29 00:20:46 +05:30
2023-03-04 22:38:38 +05:30
1. Authenticate to the Package Registry
2021-11-18 22:05:49 +05:30
2023-04-23 21:23:45 +05:30
If you would like to install a package from a private project, you would have to authenticate to the Package Registry. Skip this step if the project is not private.
2021-01-29 00:20:46 +05:30
```shell
2023-03-04 22:38:38 +05:30
npm config set -- //your_domain_name/api/v4/projects/your_project_id/packages/npm/:_authToken=your_token
2021-01-29 00:20:46 +05:30
```
2023-03-04 22:38:38 +05:30
- Replace `your_domain_name` with your domain name, for example, `gitlab.com`.
- Replace `your_project_id` is your project ID, found on the project's home page.
- Replace `your_token` with a deploy token, group access token, project access token, or personal access token.
2022-07-23 23:45:48 +05:30
2023-03-04 22:38:38 +05:30
1. Set the registry
2021-11-18 22:05:49 +05:30
```shell
2023-03-04 22:38:38 +05:30
npm config set @scope:registry=https://your_domain_name/api/v4/projects/your_project_id/packages/npm/
2021-11-18 22:05:49 +05:30
```
2023-03-04 22:38:38 +05:30
- Replace `@scope` with the [root level group](#naming-convention) of the project you're installing to the package from.
- Replace `your_domain_name` with your domain name, for example, `gitlab.com`.
- Replace `your_project_id` is your project ID, found on the project's home page.
2020-04-08 14:13:33 +05:30
2023-03-04 22:38:38 +05:30
1. Install the package
2021-01-29 00:20:46 +05:30
```shell
2023-03-04 22:38:38 +05:30
npm install @scope/my-package
2021-01-29 00:20:46 +05:30
```
2023-03-04 22:38:38 +05:30
## Helpful hints
2021-01-29 00:20:46 +05:30
2023-03-04 22:38:38 +05:30
### Package forwarding to npmjs.com
2021-01-29 00:20:46 +05:30
2023-03-04 22:38:38 +05:30
When an npm package is not found in the Package Registry, the request is forwarded to [npmjs.com](https://www.npmjs.com/).
2020-04-08 14:13:33 +05:30
Administrators can disable this behavior in the [Continuous Integration settings](../../admin_area/settings/continuous_integration.md).
2023-03-04 22:38:38 +05:30
Group owners can disable this behavior in the group Packages and Registries settings.
2021-03-11 19:13:27 +05:30
### Install npm packages from other organizations
2021-01-03 14:25:43 +05:30
You can route package requests to organizations and users outside of GitLab.
2023-03-04 22:38:38 +05:30
To do this, add lines to your `.npmrc` file. Replace `@my-other-org` with the namespace or group that owns your project's repository,
2021-01-29 00:20:46 +05:30
and use your organization's URL. The name is case-sensitive and must match the name of your group or namespace exactly.
2021-01-03 14:25:43 +05:30
```shell
2023-03-04 22:38:38 +05:30
@scope:registry=https://my_domain_name.com/api/v4/packages/npm/
@my-other-org:registry=https://my_domain_name.example.com/api/v4/packages/npm/
2021-01-03 14:25:43 +05:30
```
2021-12-11 22:18:48 +05:30
### npm metadata
The GitLab Package Registry exposes the following attributes to the npm client.
These are similar to the [abbreviated metadata format](https://github.com/npm/registry/blob/9e368cf6aaca608da5b2c378c0d53f475298b916/docs/responses/package-metadata.md#abbreviated-metadata-format):
- `name`
- `versions`
- `name`
- `version`
- `deprecated`
- `dependencies`
- `devDependencies`
- `bundleDependencies`
- `peerDependencies`
- `bin`
- `directories`
- `dist`
- `engines`
- `_hasShrinkwrap`
2020-03-13 15:44:24 +05:30
2023-03-04 22:38:38 +05:30
### Add npm distribution tags
2020-03-13 15:44:24 +05:30
2021-02-22 17:27:13 +05:30
You can add [distribution tags](https://docs.npmjs.com/cli/dist-tag/) to newly-published packages.
2021-01-29 00:20:46 +05:30
Tags are optional and can be assigned to only one package at a time.
2020-03-13 15:44:24 +05:30
2021-01-29 00:20:46 +05:30
When you publish a package without a tag, the `latest` tag is added by default.
When you install a package without specifying the tag or version, the `latest` tag is used.
Examples of the supported `dist-tag` commands:
```shell
npm publish @scope/package --tag # Publish a package with new tag
npm dist-tag add @scope/package@version my-tag # Add a tag to an existing package
npm dist-tag ls @scope/package # List all tags under the package
npm dist-tag rm @scope/package@version my-tag # Delete a tag from the package
npm install @scope/package@my-tag # Install a specific tag
2020-03-13 15:44:24 +05:30
```
2021-01-29 00:20:46 +05:30
You cannot use your `CI_JOB_TOKEN` or deploy token with the `npm dist-tag` commands.
View [this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/258835) for details.
2021-03-11 19:13:27 +05:30
Due to a bug in npm 6.9.0, deleting distribution tags fails. Make sure your npm version is 6.9.1 or later.
2020-07-28 23:09:34 +05:30
2023-03-04 22:38:38 +05:30
### Supported CLI commands
2019-12-04 20:38:33 +05:30
2023-03-04 22:38:38 +05:30
The GitLab npm repository supports the following commands for the npm CLI (`npm`) and yarn CLI
(`yarn`):
2019-12-21 20:55:43 +05:30
2023-03-04 22:38:38 +05:30
- `npm install`: Install npm packages.
- `npm publish`: Publish an npm package to the registry.
- `npm dist-tag add`: Add a dist-tag to an npm package.
- `npm dist-tag ls`: List dist-tags for a package.
- `npm dist-tag rm`: Delete a dist-tag.
- `npm ci`: Install npm packages directly from your `package-lock.json` file.
- `npm view`: Show package metadata.
2021-01-03 14:25:43 +05:30
2023-03-04 22:38:38 +05:30
## Troubleshooting
2021-01-03 14:25:43 +05:30
2023-04-23 21:23:45 +05:30
### `404 Not Found` errors are happening on `npm install` or `yarn`
Using `CI_JOB_TOKEN` to install npm packages with dependencies in another project gives you 404 Not Found errors. A fix for this problem is proposed in [issue 352962](https://gitlab.com/gitlab-org/gitlab/-/issues/352962).
As a workaround, you can:
1. Create a [personal access token](../../profile/personal_access_tokens.md).
1. Authenticate at both the instance level and project level for each package:
```ini
@foo:registry=https://gitlab.example.com/api/v4/packages/npm/
//gitlab.example.com/api/v4/packages/npm/:_authToken=${MY_TOKEN}
//gitlab.example.com/api/v4/projects/<your_project_id_a>/packages/npm/:_authToken=${MY_TOKEN}
//gitlab.example.com/api/v4/projects/<your_project_id_b>/packages/npm/:_authToken=${MY_TOKEN}
```
2021-03-11 19:13:27 +05:30
### `npm publish` targets default npm registry (`registry.npmjs.org`)
2019-12-21 20:55:43 +05:30
Ensure that your package scope is set consistently in your `package.json` and `.npmrc` files.
2023-03-04 22:38:38 +05:30
For example, if your project name in GitLab is `@scope/my-package`, then your `package.json` file
2019-12-21 20:55:43 +05:30
should look like:
```json
{
2023-03-04 22:38:38 +05:30
"name": "@scope/my-package"
2019-12-21 20:55:43 +05:30
}
```
And the `.npmrc` file should look like:
2020-03-13 15:44:24 +05:30
```shell
2023-03-04 22:38:38 +05:30
@scope:registry=https://your_domain_name/api/v4/projects/your_project_id/packages/npm/
//your_domain_name/api/v4/projects/your_project_id/packages/npm/:_authToken="${NPM_TOKEN}"
2020-03-13 15:44:24 +05:30
```
2020-05-24 23:13:21 +05:30
### `npm install` returns `npm ERR! 403 Forbidden`
2021-01-29 00:20:46 +05:30
If you get this error, ensure that:
2021-01-03 14:25:43 +05:30
2023-03-04 22:38:38 +05:30
- The Package Registry is enabled in your project settings. Although the Package Registry is enabled by default, it's possible to [disable it](../package_registry/index.md#disable-the-package-registry).
2021-01-29 00:20:46 +05:30
- Your token is not expired and has appropriate permissions.
2021-03-11 19:13:27 +05:30
- A package with the same name or version doesn't already exist within the given scope.
2021-01-29 00:20:46 +05:30
- The scoped packages URL includes a trailing slash:
- Correct: `//gitlab.example.com/api/v4/packages/npm/`
- Incorrect: `//gitlab.example.com/api/v4/packages/npm`
2021-02-22 17:27:13 +05:30
### `npm publish` returns `npm ERR! 400 Bad Request`
2021-09-30 23:02:18 +05:30
If you get this error, one of the following problems could be causing it.
2023-03-04 22:38:38 +05:30
### Package name does not meet the naming convention
2021-09-30 23:02:18 +05:30
2023-03-04 22:38:38 +05:30
Your package name may not meet the [`@scope/package-name` package naming convention](#naming-convention).
2021-02-22 17:27:13 +05:30
2023-03-04 22:38:38 +05:30
Ensure the name meets the convention exactly, including the case. Then try to publish again.
2021-03-08 18:12:59 +05:30
2023-03-04 22:38:38 +05:30
### Package already exists
2021-09-30 23:02:18 +05:30
2023-03-04 22:38:38 +05:30
Your package has already been published to another project in the same root namespace and therefore cannot be published again using the same name.
2021-09-30 23:02:18 +05:30
2023-03-04 22:38:38 +05:30
This is also true even if the prior published package shares the same name, but not the version.
2021-09-30 23:02:18 +05:30
2023-03-04 22:38:38 +05:30
### Package JSON file is too large
2021-12-11 22:18:48 +05:30
2023-03-04 22:38:38 +05:30
Make sure that your `package.json` file does not exceed `20,000` characters.
2021-12-11 22:18:48 +05:30
2021-03-08 18:12:59 +05:30
### `npm publish` returns `npm ERR! 500 Internal Server Error - PUT`
2023-04-23 21:23:45 +05:30
This is a [known issue](https://gitlab.com/gitlab-org/gitlab/-/issues/238950) in GitLab 13.3.x and later. The error in the logs appears as:
2021-03-08 18:12:59 +05:30
```plaintext
>NoMethodError - undefined method `preferred_language' for #<Rack::Response
```
This might be accompanied by another error:
```plaintext
>Errno::EACCES","exception.message":"Permission denied
```
This is usually a permissions issue with either:
- `'packages_storage_path'` default `/var/opt/gitlab/gitlab-rails/shared/packages/`.
2023-03-04 22:38:38 +05:30
- The remote bucket if [object storage](../../../administration/packages/index.md#use-object-storage)
2021-03-08 18:12:59 +05:30
is used.
2021-04-29 21:17:54 +05:30
In the latter case, ensure the bucket exists and GitLab has write access to it.