The npm-registry is the npm's JavaScript package registry.


In order to resolve packages by name and version, npm will talk to a registry website that implements the CommonJs package registry specification (a specification that describes a method for identifying package descriptors by a combination of name, version, and registry base URL) for reading package info.

In addition, the npm package registry implementation supports several write APIs as well, which allows us to publish packages and manage user account information.

The official public npm registry can be found at https://registry.npmjs.org/. the registry is powered by a CouchDB database; it has a public mirror at https://skimdb.npmjs.com/registry. The code for the couchapp can be found here: https://github.com/npm/npm-registry-couchapp.

The registry URL that is used is determined by the scope of the package. If there is no specified scope, the default registry will be used, which is supplied by the config parameter of the registry.

Will npm send any information about me back to the registry?


When making requests of the registry, npm will add two headers with information about your environment:

  • Npm-Scope - Where your project is scoped, this header contains its scope. In the future npm intends to build registry features that use this information to enable you to be able to customize your experience for your organization.
  • Npm-In-CI - this is set to "true" if npm believes this install runs in a continous integration environment, otherwise, it will be set to "false". Npm detects this by looking for the following environment variables: CI, TDDIUM, JENKINS_URL, bamboo.buildKey.

The npm registry will not try to correlate the information in these headers with any authenticated accounts that can be used in the same requests.

Can I run my own private registry?


The easiest way will be to replicate the couch database, and use similar (or same) design doc to implement the APIs.

Whenever you set up continuous replication from the official CouchDB, and then set your internal CouchDB to be the registry config, then you will be able to read any published packages, in addition to your private package, and publish internally by default.

Then, when you want to publish a package for the whole world to see, you can override the --registry option for that publish command.

I do not want my package published in the official registry. It's private.

Then you should set "private": true in your package.json in order to prevent it from being published at all, or you set "publishConfig":{"registry":"http://my-internal-registry.local"} to force it to be published only to your internal registry.

Will npm replicate from my registry into the public one?

No. If you need things to be public, then you should publish them into the public registry using npm. The little security there is would be for nought otherwise.

Is the use of couchdb to build a registry that npm can talk to compulsory?

No, but it is a lot easier. Basically, yes, you do, or you will have to effectively implement the entire CouchDB API anyway.

Is there a website or something to see package docs and such?

Yes, go to https://www.npmjs.com/

Previous: npm-orgs
Next: Npm-removal

Follow us on Facebook and Twitter for latest update.