How to publish NPM packages to Nexus

• [ blog , npm , sonatype , nexus , tutorial ]

If you want to publish your own NPM repositories to your Nexus, this guideline contains a set of collected resources for you. Just follow the steps below. The first step includes the setup of your Nexus. If you have already done this you can start reading at step 4 where we’re going into NPM.

Step 1: Nexus as NPM repository

First of all you need to setup an NPM repository on Nexus. We are going to create a group repository which provides the private repository (your own hosted repository) and a proxy repository (pointing to the official registry) under a single URL.

To create it we have to do the following things:

  1. create the private repo
  2. create the proxy repo
  3. finally create the group repo

A more detailed description on how you have to do this can be found in this article: https://blog.sonatype.com/using-nexus-3-as-your-repository-part-2-npm-packages

I recommend to check out the first part “Configuring Nexus as an npm repo”. In some of the upcoming parts we will also refer to other resources which are needed to get started.

Step 2: Add a user to get the Nexus repository

In this step we are going to add a new user to our Nexus repository. For this you can follow the “User Management” instructions here:

https://levelup.gitconnected.com/deploying-private-npm-packages-to-nexus-a16722cc8166

At this point you can also create a hash for the user which is later used for authentication. Just use the following command in your terminal.

echo -n 'myuser:mypassword' | openssl base64

Dealing with the Bearer Token Realm

It is also important to deal correctly with the bearer token realm. You can read the instructions here: https://levelup.gitconnected.com/deploying-private-npm-packages-to-nexus-a16722cc8166 Just search for the section “Pushing Binaries to Nexus” and read that.

Step 3: Give roles to the user

Now we have to give the Nexus user our specific roles. This is perfectly described in the official guide provided by Sonatype. https://help.sonatype.com/learning/repository-manager-3/security-model—users%2C-roles%2C-and-privileges/lesson-3—-creating-and-managing-roles

Testing login

You can now test your login with your credentials created in the first steps. With the given URL (just modify it for your purposes) you can test your global or local repositories. You can get your specific URL in the section Repositories > Your specific repository and then take the URL given in the settings.

npm login --registry=https://{your-domain}/nexus/repository/{your-npm-repo}/ --always-auth

Step 4: Modify the .npmrc file

The .npmrc file sets your config settings for NPM. You can locate it on your local machine with typing npm config ls -l in your terminal. Now you should see an output, where you can find the line “userconfig = {path}” mostly at the end of it. Go to the given path and open the .npmrc file. Now you can edit this file with your settings.

*Note: It is also possible to create a .npmrc file directly for one specific project. Just create a .npmrc file directly in your project root folder. The next steps for it are the same.

Registry

To resolve packages by name, we need a registry. We are going to add two lines to be able to publish a repo and download a repo. The first one makes sure that you can download other repos via your own registry without issues and the second one is to publish your repository.

registry=https://{your-domain}/nexus/repository/npm-group/ @{your-scope}:registry=https://{your-domain}/nexus/repository/{your-private-repo}/

*Group- & private repositories: You have to take your private repository to upload because it is not possible to upload to a group repo.

E-Mail

We found on some Stackoverflow posts a line to add your email to the settings because it should help in some issues related to the user auth process. Our result is that it is not necessary!

email={your-email}

_auth & other authentication possibilities

Here you need the hash token we created earlier for the {your-token} field.{your-domain} is just your domain without https:// or http:// .

_auth={your-echo-token}

The next line you get automatically in the .npmrc file when you login to your repo from the command line. If you have not done that yet you can do it in this way:

npm login --registry=https://{your-domain}/nexus/repository/npm-group/ --always-auth

Of course, you have to modify your domain and possibly the path to the “npm-group” if you have another name for it. The line you get:

//{your-domain}/nexus/repository/{your-private-repo}/:_authToken={your-given-token}

*Note: The so called _authToken is not the same as your token in the _auth line.

If you want to connect directly to a private repo you can leave the _auth line with your token generated via the echo command in step 2. But now you have to assign your repo directly in the url.

registry=https://{your-domain}/nexus/repository/npm-group/ @diamant:registry=https://devel.data-in-motion.biz/nexus/repository/dim-npm //devel.data-in-motion.biz/nexus/repository/dim-npm/:_authToken={your-given-token}

There is also a third possibility but it is very similar to the second one. If you get your auth token with the echo command but you have not done the npm login you can go with the following settings:

registry=https://{your-domain}/nexus/repository/npm-group/ @diamant:registry=https://{your-domain}/nexus/repository/dim-npm _auth=“{your-echo-token}”

Our Complete file as an example (we are using the _auth way)

registry=https://{your-domain}/nexus/repository/npm-group/ @diamant:registry=https://{your-domain}/nexus/repository/{your-private-repo}/ _auth=“{your-echo-token}” //{your-domain}/nexus/repository/{your-group-repo}/:_authToken={your-given-token}

Step 6: Publish & download NPM repositories

First you have to modify your package.json in your project folder and set the line “private” to “false”. This is needed to publish your repo correctly later.

To publish with a scope and repository you have to go to your project folder and run:

npm publish --scope=@{your-scope}

To download a repo via your registry you don’t need any change to the common way:

npm install {repository}

All settings for that have already been adjusted in our .npmrc file.

Scoped public packages

In order for you to publish your NPM repository with a scope flag you must set this flag directly on the project initialisation.

npm init --scope=@my-username

You can read more about how to create and publish scoped public packages in the official NPM docs. https://docs.npmjs.com/creating-and-publishing-scoped-public-packages

Troubleshooting

Some troubleshooting can be a bad request (400) which means that your are not allowed to publish to a group repo.

npm ERR! code E400 npm ERR! 400 Bad Request - PUT https://{your-domain}/nexus/repository/npm-group/{project-folder}

To fix this you have to use a private repo instead of a group repository.

Workaround: Issue with creating a new Angular application

At first it is very important to check if the the Angular version on your Nexus is the same as you on your local machine via the Angular CLI. To update the version on both systems use:

npm i @angular/cli

If it don’t help here is a small a small workaround to deal with this problem.

I discovered that when you create a new angular app using the Angular CLI you can get dependency errors. At the moment it is a common problem. I fixed it with the steps below. Just follow them ones and you erros should not occur anymore.

  • install the package without the given version npm install
    • now it should download an older version instead of the required one
  • now install the package again without version
    • now you should have the required version of the package
  • do the two steps as long as angular throws dependencies erros

Sources:

https://blog.sonatype.com/using-nexus-3-as-your-repository-part-2-npm-packages

https://levelup.gitconnected.com/deploying-private-npm-packages-to-nexus-a16722cc8166

https://docs.npmjs.com/cli/adduser

https://docs.npmjs.com/misc/config

by Moritz Weber