Comments (9)
My workaround/safeguard (which feels fine) is to only publish scoped packages under namespaces I own on the public registry.
from npm-register.
Thanks for the workaround hack @jtrussell!
It does make the whole thing a bit messy if you want to use npm-register
as a public-facing registry for users though.
from npm-register.
This is by design (though maybe there could be better documentation and/or behavior around it). registry.npmjs.org is supposed to be the source of truth with npm-register providing additional packages. @jtrussell mentions the best way around it.
from npm-register.
@dickeyxxx perhaps it would be reasonable for a publish to fail (loudly) if the name in question already exists in the publish registry? I'd be interested in putting a PR together if that sounds reasonable. I'm not sure I'd consider this a breaking change as the "successful" publishes never resulted in usable versions of the package.
from npm-register.
definitely down for that @jtrussell. There is still an outstanding issue of someone later publishing a package, but that's a good first step.
from npm-register.
Haven't forgotten about this but was wondering on a possible solution to the other half of the issue. How about a configurable blacklist of package names/patterns to ignore from the uplink registry? E.g. I could:
- Tell npm-register to ignore
'react'
on the uplink registery so that I can publish my own version here. - Ignore packages matching
/^@acme\/.*$/
so I can safely publish under that scope even if someone else grabbed it on the public registry. - Ignore packages
'lodash'
and'underscore'
because e.g. my my company decided our apps shouldn't use them.
from npm-register.
👍 sounds like a good solution
from npm-register.
@jtrussell good solution, I'll look to add this to a roadmap after the UI is done.
from npm-register.
Hey folks, just got bitten by this today.
We've always published our beta versions <1.0.0
on our own private repository and decided to release a 1.0.0
version and also make that available publicly on the official NPM registry.
To my surprise our existing internal builds started failing when they couldn't find the older versions of our scoped package.
Any ideas on how to force it to accept packages? :)
EDIT:
For posterity, we've managed to work around the issue by renaming our package and publishing that to the NPM registry 👍
from npm-register.
Related Issues (20)
- Heroku Button Deploy not working HOT 1
- Incompatible with node 10
- Docker hub image HOT 2
- Passing authorization details from env vars? HOT 2
- Permission denied when trying to create /data/tarballs
- Unsupported operation: `npm audit` HOT 1
- Unhandled rejection TypeError: Cannot read property '0.0.3' of undefined HOT 5
- heroku build fails because of "Outdated Yarn lockfile" HOT 3
- Circle CI Access Key for AWS causes Failed Integration HOT 6
- How to disable caching? HOT 6
- NPM Installing packages 404's HOT 1
- TypeError: Cannot promisify an API that has normal methods with 'Async'-suffix HOT 5
- Circle CI 2.0 Migration HOT 1
- Add Search to UI
- AWS > 2.304 Breaks Bluebird Promisify in NPM-Register HOT 4
- Support AWS SDK > 2.304 and Bluebird PromisifyAll
- Protect frontend ?
- Dockerfile is broken HOT 1
- Is this project maintained?
- Offering to add free integrity verification
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from npm-register.