Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

nph

Package Overview
Dependencies
Maintainers
1
Versions
1
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

nph

nph: Node Package Hub - Private npm package served from private GitHub repositories

  • 0.0.0
  • latest
  • Source
  • npm
  • Socket score

Version published
Maintainers
1
Created
Source

NPH

Node Package Hub also known as nph. It's based around a really simple but effective idea. The private packages that I want to have access to are already in Github and tagged with semver ranges. So we already got everything we need.

  1. A data storage layer for the private packages. It's Github.
  2. Semver ranges, we can apply this to git tags.
  3. Access to public packages, the public npm.
  4. Download stats, supported by the releases API.

If we combine this, we have everything we need to create a public/private npm proxy process in node and roll with that. This approach has a lot of benefits:

  1. Central management, if you have push access on GitHub you can publish if you have only read access, you can only deploy.
  2. Deleting releases is as easy as removing tags.
  3. Semver is optional you can tag everything you want.
  4. Overriding public packages. Create a fork of the package change code and you're done.
  5. npm will only be used for installation, everything else is done through git making you less dependent on npm.
  6. No longer dependent on npm, the transparent API supports multiple replica's of the registry.
  7. One simple requirement: node

Installation

To install the proxy simply run the following command on your CLI.

npm install --save nph

API

nph.configure

The nph.configure allows you to configure the whole proxy using one simple definition file.

nph.register

The nph.register allows you to register a new npm account in your private npm server. If you supply it with an optional github account, it will use the privileges of the given GitHub account. The API accepts 3 arguments:

  1. The npm username that needs to get access.
  2. Object with the GitHub information and credentials. If it's missing it will default to the root token you passed in.
  3. Completion callback, we've validated the existence of both user names.
nph.register('V1', { github: '3rd-Eden', token: '' })
   .register('swaagie', { github: 'swaagie', token: '' });

nph.repository

Add a new private repository which will be used as source for the private npm package. The API accepts 2 arguments:

  1. A forward slash separated string where the first part is the GitHub username or Organisation and second part the name of the repository.
  2. Completion callback, we've validated all the things.
nph.repository('unshiftio/unshift')
   .repository('3rd-Eden/another-private');

Example

Now that you know how the whole API works, we can easily setup a proxy by running the following example:

'use strict';

var nph = require('nph').createServer({
  token: process.env.GITHUB_TOKEN
});

nph.register('V1')
   .register('isz');

nph.repository('3rd-Eden/private')
   .repository('unshiftio/transport-layer');

nph.listen(80, function listen(err) {

});

License

MIT

Keywords

FAQs

Package last updated on 15 Nov 2014

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc