Use npm Registry to Restric Installing Client

Time:2019-12-3

Background

npm and yarn are not sharing lock file. A lock file is necessary for maintaining the stability of the project.

How can we make sure the developers are using the same client in our project?

Some approaches make use of preinstall hook. See:

  • How to force package installs to use yarn not npm
  • use-yarn
  • use-yarn-instead

But this is not working when the project is an npm package. When an npm package publishing, npm publish will invoke preinstall hook too.

Custom npm registry

Maybe we can do it by custom npm registry.

See npm-registry-proxy for source codes.

We can add registry="https://npm-registry-proxy.vivaxy.now.sh/yarn/https%3A%2F%2Fregistry.npmjs.org%2F/" to .npmrc.

Result

In project .npmrc, we have registry="https://npm-registry-proxy.vivaxy.now.sh/yarn/https%3A%2F%2Fregistry.npmjs.org%2F/".

  • When using yarn add, dependencies installed successfully.
  • When using npm i, install error occurred.

It works fine. But when we publishing packages, PUT requests are not successfully forwarded to the target registry. It does not apply to npm packages as well.

Recommended Today

JS interview related questions

catalogue closure Class inheritance and creation How to solve callback hell Event delegation Let’s talk about lazy loading and preloading of pictures The difference between mouseover and mouseenter What does the new operator of JS do Change the pointing function of this pointer inside the function (the difference between bind, apply and call) JS, such […]