jdxcode / npm-register Goto Github PK

View Code? Open in Web Editor NEW

481.0 10.0 74.0 939 KB

Your own private npm registry and backup server

License: ISC License

JavaScript 97.66% HTML 0.98% Dockerfile 1.36%

npm-register's Introduction

npm-register

Your own private npm registry and backup server. Designed to be easy to set up and maintain, performant, and stable.

Overview

This project allows you to have your own npm registry. This server works with the necessary npm commands just like the npmjs.org registry. You can use it to not worry about npm going down or to store your private packages. It performs much faster than npmjs.org and can even be matched with a CDN like Cloudfront to be fast globally.

Rather than trying to copy all the data in npm, this acts more like a proxy. While npm is up, it will cache package data locally or in S3. If npm goes down, it will deliver whatever is available in the cache. This means it won't be a fully comprehensive backup of npm, but you will be able to access anything you accessed before. This makes it easy to set up since you don't need to mirror the entire registry. Any packages previously accessed will be available.

The inspiration for this project comes from sinopia. This came out of a need for better cache, CDN, and general performance as well as stability of being able to run multiple instances without depending on a local filesystem.

This is also a 12 Factor app to make it easy to host on a PaaS like Heroku or in a custom Ansible/Chef/Puppet cluster.

Setup

The easiest way to set this up is with the Heroku button (you must use S3 with Heroku):

Alternatively, you can set it up from npm:

$ npm install -g npm-register
$ npm-register

Either way, your registry is now setup and you should be able to test it by updating the packages with it:

$ npm update --registry http://urltomyregistry

See below for how to enable authorization and npm publish.

S3 Storage

Use S3 for storage by setting NPM_REGISTER_STORAGE=s3. Then set AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and AWS_S3_BUCKET to the proper values.

Local Filesystem Storage

Using the local filesystem is the default. You can explicitly set the storage with NPM_REGISTER_STORAGE=fs. Select the location for the files to be stored with NPM_REGISTER_FS_DIRECTORY=/var/npm-register. Defaults to ./tmp.

Google Cloud Storage

Use GCS for storage by setting NPM_REGISTER_STORAGE=gcs. Then set GCS_BUCKET to the proper bucket name. Uses application default credentials.

See https://cloud.google.com/docs/authentication/production

Redis

Redis can optionally be used to cache the etags and package data. Set REDIS_URL to activate it.

How it works

Essentially the goal of the project is to quickly deliver current npm data even when npm is offline. In npm there are 2 main types of requests: package metadata and tarballs.

Package metadata mostly contains what versions of a package are available. These cannot be cached for very long since the package can be updated. By default, it is cached for 60 seconds. You can modify this with CACHE_PACKAGE_TTL. Etags are also supported and cached to further speed up access.

The tarballs are the actual code and never change once they are uploaded (though they can be removed via unpublishing). These are downloaded one time from npmjs.org per package and version, stored locally or in S3 for future requests. These have a very long max-age header.

In the event npmjs.org is offline, npm-register will use the most recent package metadata that was requested from npmjs.org until it comes back online.

Supported npm Commands

npm-register should support most npm commands. There are some exceptions, however:

npm star
npm search

If anything else doesn't work, please submit an issue so we can fix it, or at least note the missing functionality here.

Authentication

npm-register uses an htpasswd file for authentication and stores tokens in S3. To set this up, first create an htpasswd file, then upload it to /htpasswd in your S3 bucket or your local file system:

$ aws s3 cp s3://$AWS_S3_BUCKET/htpasswd ./htpasswd
$ htpasswd -nB YOURUSERNAME >> ./htpasswd
$ aws s3 cp ./htpasswd s3://$AWS_S3_BUCKET/htpasswd

Then you can login with npm. Note that the email is ignored by the server, but the CLI will force you to add one.

$ npm login --registry http://myregistry
Username: jdxcode
Password:
Email: (this IS public) [email protected]
$ npm whoami --registry http://myregistry
jdxcode

This stores the credentials in ~/.npmrc. You can now use npm publish to publish packages.

Configuration via environment variables

By default, all write endpoints (e.g. publish, unpublish) require authentication whereas read endpoints (e.g. install) don't. This default behaviour can be changed by using NPM_REGISTER_AUTH_WRITE and NPM_REGISTER_AUTH_READ environment variables: use true to enable authentication and false to disable it.

Yarn compatibility

Yarn doesn't follow HTTP redirects and so expects all URLs to be HTTPS by default. Pass --always-https to ignore the protocol header and return all responses in a format Yarn understands.

Local Development

To run the tests:

yarn install
yarn test

Prerequisites for running the tests locally:

An s3 Bucket

The s3 bucket needs read/write/delete access. Set the following env variables:

AWS_S3_BUCKET
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY

Non-AWS S3

When not using AWS S3 but another implementation, you can use AWS_S3_PARAMS to set every option the official S3 client support. The Bucket is still read from the environment variable AWS_S3_BUCKET in this case to stay compatible with older configurations.

The following configuration worked fine for the Ceph RGW S3 implementation:

AWS_S3_BUCKET=npm-register
AWS_S3_PARAMS='{"endpoint": "http://ceph-rgw/npm-register", "s3BucketEndpoint": true, "s3DisableBodySigning": true, "accessKeyId": "<redacted>", "secretAccessKey": "<redacted>"}'

You can get a list of parameters and their meaning here: AWS SDK documentation

An htpasswd file

When running the test suite, you will need the following in ./tmp/htpasswd and in the root of your s3 bucket:

test:$2y$05$ZhGKbrjyUbSbiMUeYeRUKOXPKzs9./NIZHsycrQkUKIj1Z2VybqdK

This sets up a test user with password 'test'.

A local redis instance

When you have it running you should set the port number or url as the following env variable:

REDIS_URL

npm-register's People

Contributors

Stargazers

Watchers

npm-register's Issues

Error: Can't set headers after they are sent

We are seeing this randomly on our npm-register server:

logging error with Opbeat: { uuid: '9fa0244a-aa03-4cb4-aef8-9a6a992e3ad0' }
 Error: Can't set headers after they are sent.
     at ServerResponse.OutgoingMessage.setHeader (_http_outgoing.js:356:11)
     at Object.set (/usr/lib/node_modules/npm-register/node_modules/koa/lib/response.js:434:16)
     at Object.proto.(anonymous function) [as set] (/usr/lib/node_modules/npm-register/node_modules/delegates/index.js:40:31)
     at Object.<anonymous> (/usr/lib/node_modules/npm-register/routes/packages.js:45:8)
     at next (native)
     at Object.next (/usr/lib/node_modules/npm-register/node_modules/koa-timeout/node_modules/co/index.js:74:21)
     at Object.<anonymous> (/usr/lib/node_modules/npm-register/node_modules/koa-timeout/node_modules/co/index.js:93:18)
     at Immediate.<anonymous> (/usr/lib/node_modules/npm-register/node_modules/koa-timeout/node_modules/co/index.js:52:14)
     at runCallback (timers.js:672:20)
     at tryOnImmediate (timers.js:645:5)
     at processImmediate [as _immediateCallback] (timers.js:617:5)

Whenever this error is logged, the corresponding npm install logs an error:

npm ERR! registry error parsing json\nnpm ERR!

(often there are several of these in a row)

After we restart npm-register, the install may succeed. But after a while, it will begin having the same issue again.

Console.error being used for more things that only errors.

It was a bit confusing for me seeing information being displayed as an error (with console.error)

Shouldn't it be a console.info or console.log?

I'd love to throw a PR for it

cant run simple system

Missing something obvious no doubt

npm install -g npm-register
npm-register

get this error:

npm-register start
Opbeat agent is inactive due to configuration
Saving files to local filesystem at /Users/dhenton/node-proj/identity-ws/tmp
/usr/local/lib/node_modules/npm-register/routes/tarballs.js:9
  let {scope, name, filename, sha} = this.params
      ^

SyntaxError: Unexpected token {
    at exports.runInThisContext (vm.js:53:16)
    at Module._compile (module.js:387:25)
    at Object.Module._extensions..js (module.js:422:10)
    at Module.load (module.js:357:32)
    at Function.Module._load (module.js:314:12)
    at Module.require (module.js:367:17)
    at require (internal/module.js:16:19)
    at load (/usr/local/lib/node_modules/npm-register/routes/index.js:21:13)
    at Object.<anonymous> (/usr/local/lib/node_modules/npm-register/routes/index.js:27:1)
    at Module._compile (module.js:413:34)
    at Object.Module._extensions..js (module.js:422:10)
    at Module.load (module.js:357:32)
    at Function.Module._load (module.js:314:12)
    at Module.require (module.js:367:17)
    at require (internal/module.js:16:19)
    at Object.<anonymous> (/usr/local/lib/node_modules/npm-register/server.js:8:16)

Running on MAC Sierra

Any help appreciated

Alternative for env variables

Is it possible to add an alternative to environment variables? I want to build a docker container with this project but the idea of passing environment variables is not very safe.

Published packages fail to download eventually

After some amount of time (not sure exactly, maybe a day or so) packages that have been published fail to be downloaded. Is there some form of caching/mapping that is expiring? maybe redis? The files are being stored in S3 and there is a corresponding version tarball on the bucket.
The example below is for a scoped package but also had the issue with non-scoped packages.

$ npm install
npm ERR! fetch failed http://private-registry/@scope/pacakage/-/@scope/package-0.0.3/e4e40cc32eeaf250a9353243f3f6863fc7813331.tgz
npm WARN retry will retry, error on last attempt: Error: fetch failed with status code 404

Only solution I have found is to bump version and republish and then it starts to work again for awhile

Tag Docker images per version

Hi!

We just started using our own private registry by using dickeyxxx/npm-register Docker image. However, we noticed that there is only latest tag in Dockerhub which worried our admins a little bit 'cause we can't ensure specific versions during our environment (re-)installations in future.

Could it be possible to start creating version tags per release to Dockerhub? If you see no problem in this setup, I can send a PR having e.g. postpublish script that does the Docker push and all necessary tagging based on project version found from package.json.

Any thoughts?

Configuring npm CLI to use new registry URL

The README says to do this:

npm update --registry http://urltomyregistry

But npm help update says:

This command will update all the packages listed to the latest version (specified by the tag config), respecting semver.

Shouldn't the command be something like this instead?

npm config set registry https://my-thing.herokuapp.com

Can't authenticate (Windows edited htpasswd file)

Can there be more than one user in the .htpasswd file?? There's a very strange behavior with authentication. Users can't seem to login, but I added a test user to the end of .htpasswd and that magically worked.

Just says invalid credentials : -/user/org.couchdb.user:username

SSL/HTTPS Support

Passing our user credentials to the npm server in cleartext over HTTP poses a security concern for us. Also, any npm modules downloaded from the server are transmitted over HTTP.

Would like to see support for SSL/HTTPS so that we could address these security concerns. Is this on the roadmap?

Failing to find `npm view @...` packages

Some packages (e.g. @types/react and @storybook/react) aren't found when doing npm view. Seems like it needs to handle @ signs.

Current workaround is to add an .npmrc file with

@types:registry=https://registry.npmjs.org/
@storybook:registry=https://registry.npmjs.org/

But this isn't ideal as the purpose for us using this is to cache npm libs outside of the official npm registry.

Possibility to login from other source than htpasswd

Hi,

I check your project and I think, it's really good if we can login from external services (github, gitlab, ...) insteadof htpasswd file.

It's possible to add this with plugin or other part ?

multiple registries and replication

Looking for a replacement for sinopia. One issue I am having his how to managed multiple private registries. Developers are publishing private packages in one location ( AWS staging VPC) and I want those new packages available in 2 other location ( AWS PROD VPC, AWS Failover VPC )

Is there a way to do this with npm-register. rsync of the data directory kind of works with sinopia.

Can't logout

npm logout
Results in

13:48:16 Fennec@VERGIL testpublish: npm logout
npm ERR! Darwin 15.6.0
npm ERR! argv "/usr/local/bin/node" "/usr/local/bin/npm" "logout"
npm ERR! node v6.9.1
npm ERR! npm  v3.10.2
npm ERR! code E404

npm ERR! 404 Not found : -/user/token/191c8da2-07c5-43de-ac98-c8704cd915cd

npm ERR! Please include the following file with any support request:
npm ERR!     /Users/Fennec/testpublish/npm-debug.log

Is this api just not supported?

Add support of LDAP authentication?

It would be great to add LDAP authentication option in addition to the current password file option. In our case, we need LDAP authentication to cover the human users and password file for the service account for CI/CD etc.

"Error: write after end" followed by npm-register crashing

Just started seeing this error on our npm-register server (running version 2.5.2) last night:

Error: write after end
at writeAfterEnd (_stream_writable.js:236:12)
at PassThrough.Writable.write (_stream_writable.js:287:5)
at IncomingMessage.ondata (_stream_readable.js:642:20)
at emitOne (events.js:115:13)
at IncomingMessage.emit (events.js:210:7)
at addChunk (_stream_readable.js:266:12)
at readableAddChunk (_stream_readable.js:253:11)
at IncomingMessage.Readable.push (_stream_readable.js:211:10)
at HTTPParser.parserOnBody (_http_common.js:140:22)
at TLSSocket.socketOnData (_http_client.js:454:20)
at emitOne (events.js:115:13)
at TLSSocket.emit (events.js:210:7)
at addChunk (_stream_readable.js:266:12)
at readableAddChunk (_stream_readable.js:253:11)
at TLSSocket.Readable.push (_stream_readable.js:211:10)
at TLSWrap.onread (net.js:585:20)

After this error, the app dies.

Does not support npm upgrade

Hey,

Nice module, but this module has the same problem as sinopia. It does not handle npm upgrade correctly.

Lets say i publish [email protected] and then later i upload [email protected].

If i do a npm upgrade in a package that has a myapp dependency, it does not think there is a newer version. Maybe you are not generating etag using info from latest package.json file.

Authentication issues

Hey there,

I'm trying to authenticate on the elephant register so I can publish a private package but getting the following error:

npm login --registry http://<IP_ADDRESS>

---
npm WARN adduser Incorrect username or password
npm WARN adduser You can reset your account by visiting:
npm WARN adduser
npm WARN adduser     https://npmjs.org/forgot
npm WARN adduser
npm ERR! Windows_NT 10.0.14366
npm ERR! argv "C:\\Program Files\\nodejs\\node.exe" "C:\\Program Files\\nodejs\\node_modules\\npm\\bin\\npm-cli.js" "login" "--registry" "http://<IP_ADDRESS>"
npm ERR! node v6.2.2
npm ERR! npm  v3.9.5
npm ERR! code E401

npm ERR! invalid credentials : -/user/org.couchdb.user:<user>
npm ERR!
npm ERR! If you need help, you may report this error at:
npm ERR!     <https://github.com/npm/npm/issues>

npm ERR! Please include the following file with any support request:
npm ERR!     C:\dev\npm-debug.log

I tried a using my NPM account as well as creating a new one via npm adduser --registry http://<IP_ADDRESS> but that also fails with same error. Any ideas whats going wrong?
Thanks!

npm unpublish support ?

Hi there,

I have trouble with npm unpublish command.
It returns me something like the following (traces of npm-register included):

npm unpublish [email protected]
measure#request=724ms method=GET user-agent="npm/3.10.6 node/v6.4.0 darwin x64" status=200 path=/npm-package-example request_id=0.9583168642941595
measure#request=1ms method=PUT user-agent="npm/3.10.6 node/v6.4.0 darwin x64" status=404 path=/npm-package-example/-rev/undefined request_id=0.38865073216712553
npm ERR! unpublish Failed to update data
npm ERR! Darwin 16.3.0
npm ERR! argv "/usr/local/bin/node" "/usr/local/bin/npm" "unpublish" "[email protected]"
npm ERR! node v6.4.0
npm ERR! npm  v3.10.6
npm ERR! code E404

npm ERR! 404 Not found : npm-package-example
npm ERR! 404 
npm ERR! 404  'npm-package-example' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404 
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.

npm ERR! Please include the following file with any support request:
npm ERR!     /home/myhome/npm-register/npm-debug.log

Of course, the version exists...

npm view [email protected] version
0.14.0-dev.945

Is this command supported ?

Thanks !

Release v2.0.3

@dickeyxxx could you release a new version with the latest PR that I've made? I kinda need that :P

npm publish fails

It would be nice if this registry could forward/proxy publish commands to the main registry.

Otherwise it looks like I'll have to change my npm config every time I want to publish something.

Command failed: npm publish
npm ERR! Darwin 15.6.0
npm ERR! argv "/usr/local/bin/node" "/usr/local/bin/npm" "publish"
npm ERR! node v6.4.0
npm ERR! npm  v3.10.3
npm ERR! code ENEEDAUTH

npm ERR! need auth auth required for publishing
npm ERR! need auth You need to authorize this machine using `npm adduser`

npm ERR! Please include the following file with any support request:
npm ERR!     /Users/zeke/zeke/electron-docs-linter/npm-debug.log

koa-timeout has a static timeout configured

The server uses koa-timeout which is configured with a hard 10 second request timeout rather than using the config limit.

I was expecting it to follow config.timeout/env.TIMEOUT when running with TIMEOUT=20000 node start.js

Unable to publish under same name as public registry packages

For example, with this package.json:

{
  "name": "react",
  "version": "99.99.99",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "author": "",
  "license": "ISC"
}

Basically I:

Created a new folder called "react"
Ran npm init + created a silly noop index.js file
Updated the version number to something big
Ran npm publish --registry my-registry.com

The npm cli tells me version 99.99.99 was added and indeed I see the tarball in s3.

However, when I go to install this package, it cannot be found. E.g. npm install [email protected] --registry my-registry.com fails because the specified version cannot be found. When I inspect my package information in s3, sure enough version 99.99.99 is not listed as available.

Shadowing an existing module name may not be a supported use case, that's cool, but what's not so great is that there's nothing stopping someone from installing a module on the public registry that clobbers one of my private package names. When this happens any time I install a new version of my private module all it's prior meta information gets clobbered with whatever is on the public registry.

Allow alternative storage options like filesystem

We have a specific use case of self hosting the registry on-demand on our server itself . I think it would be easy to create a pluggable system of switching storage backends. I can contribute with a pull request with a sample implementation.

module.parent not null when run from npm-register.cmd

The server will not start under windows after global installation. Poking around, it's due to module.parent:

if (!module.parent) {
  app.listen(app.port, function () {
    console.error(`${app.name} listening on port ${app.port} [${app.env}]`)
  })
}

When you install under windows, you get a npm-register.cmd which then runs npm-register\bin\npm-register, which becomes the parent. I was able to get it working by skipping all that and running node path/to/start.js start. That works for me, for now.

Here's a dump of module.parent, in case its useful:

Module {
  id: '.',
  exports: {},
  parent: null,
  filename: 'C:\\Program Files\\nodejs\\node_modules\\npm-register\\bin\\npm-reg
ister',
  loaded: false,
  children:
   [ Module {
       id: 'C:\\Program Files\\nodejs\\node_modules\\npm-register\\node_modules\
\yargs\\index.js',
       exports: [Object],
       parent: [Circular],
       filename: 'C:\\Program Files\\nodejs\\node_modules\\npm-register\\node_mo
dules\\yargs\\index.js',
       loaded: true,
       children: [Object],
       paths: [Object] },
     Module {
       id: 'C:\\Program Files\\nodejs\\node_modules\\npm-register\\server.js',
       exports: [Object],
       parent: [Circular],
       filename: 'C:\\Program Files\\nodejs\\node_modules\\npm-register\\server.
js',
       loaded: false,
       children: [Object],
       paths: [Object] } ],
  paths:
   [ 'C:\\Program Files\\nodejs\\node_modules\\npm-register\\bin\\node_modules',

     'C:\\Program Files\\nodejs\\node_modules\\npm-register\\node_modules',
     'C:\\Program Files\\nodejs\\node_modules',
     'C:\\Program Files\\node_modules',
     'C:\\node_modules' ] }

tarball url must follow package.json

router path of tarball is '/:scope?/:name/-/:scope2?/:filename/:sha'

But there is no document about this.

In fact, some npm cdn do not use this uri ( they modified package file )

example: http://registry.npm.taobao.org/

npm-register doesn't work offline

npm-register is configured to work with fs storage
Then I'm turning off internet connection by disabling default gateway and trying to install webpack I got an error (http://localhost:5984 is localy running npm-register):
% npm install --verbose --registry=http://localhost:5984 webpack
npm info it worked if it ends with ok
npm verb cli [ '/opt/node-v4.5.0-linux-x64/bin/node',
npm verb cli '/opt/node-v4.5.0-linux-x64/bin/npm',
npm verb cli 'install',
npm verb cli '--verbose',
npm verb cli '--registry=http://localhost:5984',
npm verb cli 'webpack' ]
npm info using [email protected]
npm info using [email protected]
npm verb config Skipping project config: /home/infotecs/.npmrc. (matches userconfig)
npm verb install initial load of /home/infotecs/package.json
npm WARN package.json [email protected] No repository field.
npm WARN package.json [email protected] No README data
npm verb readDependencies loading dependencies from /home/infotecs/package.json
npm verb cache add spec webpack
npm verb addNamed "latest" is being treated as a dist-tag for webpack
npm info addNameTag [ 'webpack', 'latest' ]
npm verb addNameTag registry:http://localhost:5984/webpack not in flight; fetching
npm verb request uri http://localhost:5984/webpack
npm verb request no auth needed
npm info attempt registry request try #1 at 2:53:45 PM
npm verb request id 1b310242ea8da95b
npm http request GET http://localhost:5984/webpack
npm info retry will retry, error on last attempt: Error: socket hang up

npm-register logs:
% docker-compose up
Recreating npmregister_npm-register_1
Attaching to npmregister_npm-register_1
npm-register_1 | Opbeat agent is inactive due to configuration
npm-register_1 | Saving files to local filesystem at /fs
npm-register_1 | npm-register listening on port 5984 [production]
npm-register_1 | **error downloading webpack: RequestError: Connection timed out on request to registry.npmjs.**org
npm-register_1 | at ClientRequest.req.once.err (/opt/npm-register/node_modules/got/index.js:66:21)
npm-register_1 | at ClientRequest.g (events.js:286:16)
npm-register_1 | at emitOne (events.js:101:20)
npm-register_1 | at ClientRequest.emit (events.js:188:7)
npm-register_1 | at Timeout.timeoutHandler (/opt/npm-register/node_modules/timed-out/index.js:12:7)
npm-register_1 | at tryOnTimeout (timers.js:228:11)
npm-register_1 | at Timer.listOnTimeout (timers.js:202:5)
npm-register_1 | measure#request=122430ms method=GET user-agent="npm/2.15.9 node/v4.5.0 linux x64" status=200 path=/webpack request_id=0.0379182220247527

But the webcak package is already downloaded:
% ls fs/tarballs/webpack/webpack-1.12.14/
fs/tarballs/webpack/webpack-1.12.14/365517443abfb3cb43299ea444655be89aff91d5.tgz

Python >= v2.5.0 & < 3.0.0 is required

Readme fails to identify Python is required as a dependency

Error: Cannot find module 'ioredis'

I just deployed an app using the "deploy to heroku" button, and I'm getting this error from the web process:

❯ heroku logs -t -a npm-register-zeke
2016-08-22T00:07:38.256658+00:00 app[web.1]: Error: Cannot find module 'ioredis'
2016-08-22T00:07:38.256659+00:00 app[web.1]:     at Function.Module._resolveFilename (module.js:455:15)
2016-08-22T00:07:38.256659+00:00 app[web.1]:     at Function.Module._load (module.js:403:25)
2016-08-22T00:07:38.256661+00:00 app[web.1]:     at require (internal/module.js:20:19)
2016-08-22T00:07:38.256660+00:00 app[web.1]:     at Module.require (module.js:483:17)
2016-08-22T00:07:38.256661+00:00 app[web.1]:     at Object.<anonymous> (/app/lib/redis.js:6:17)
2016-08-22T00:07:38.256662+00:00 app[web.1]:     at Module._compile (module.js:556:32)
2016-08-22T00:07:38.256663+00:00 app[web.1]:     at Object.Module._extensions..js (module.js:565:10)
2016-08-22T00:07:38.256664+00:00 app[web.1]:     at tryModuleLoad (module.js:432:12)
2016-08-22T00:07:38.256663+00:00 app[web.1]:     at Module.load (module.js:473:32)
2016-08-22T00:07:38.256665+00:00 app[web.1]:     at Function.Module._load (module.js:424:3)
2016-08-22T00:07:38.256665+00:00 app[web.1]:     at Module.require (module.js:483:17)
2016-08-22T00:07:38.256666+00:00 app[web.1]:     at Object.<anonymous> (/app/lib/npm.js:7:13)
2016-08-22T00:07:38.256666+00:00 app[web.1]:     at require (internal/module.js:20:19)
2016-08-22T00:07:38.256667+00:00 app[web.1]:     at Module._compile (module.js:556:32)
2016-08-22T00:07:38.256668+00:00 app[web.1]:     at Object.Module._extensions..js (module.js:565:10)
2016-08-22T00:07:38.256668+00:00 app[web.1]:     at Module.load (module.js:473:32)
2016-08-22T00:07:38.265694+00:00 app[web.1]: 
2016-08-22T00:07:38.272683+00:00 app[web.1]: npm ERR! Linux 3.13.0-85-generic
2016-08-22T00:07:38.272857+00:00 app[web.1]: npm ERR! argv "/app/.heroku/node/bin/node" "/app/.heroku/node/bin/npm" "start"
2016-08-22T00:07:38.273101+00:00 app[web.1]: npm ERR! npm  v3.10.3
2016-08-22T00:07:38.272992+00:00 app[web.1]: npm ERR! node v6.4.0
2016-08-22T00:07:38.273219+00:00 app[web.1]: npm ERR! code ELIFECYCLE
2016-08-22T00:07:38.273319+00:00 app[web.1]: npm ERR! [email protected] start: `node server.js`
2016-08-22T00:07:38.273396+00:00 app[web.1]: npm ERR! Exit status 1
2016-08-22T00:07:38.273579+00:00 app[web.1]: npm ERR! Failed at the [email protected] start script 'node server.js'.
2016-08-22T00:07:38.273489+00:00 app[web.1]: npm ERR! 
2016-08-22T00:07:38.273661+00:00 app[web.1]: npm ERR! Make sure you have the latest version of node.js and npm installed.
2016-08-22T00:07:38.273743+00:00 app[web.1]: npm ERR! If you do, this is most likely a problem with the npm-register package,
2016-08-22T00:07:38.273823+00:00 app[web.1]: npm ERR! not with npm itself.
2016-08-22T00:07:38.273993+00:00 app[web.1]: npm ERR!     node server.js
2016-08-22T00:07:38.274070+00:00 app[web.1]: npm ERR! You can get information on how to open an issue for this project with:
2016-08-22T00:07:38.273912+00:00 app[web.1]: npm ERR! Tell the author that this fails on your system:
2016-08-22T00:07:38.274151+00:00 app[web.1]: npm ERR!     npm bugs npm-register
2016-08-22T00:07:38.274231+00:00 app[web.1]: npm ERR! Or if that isn't available, you can get their info via:
2016-08-22T00:07:38.274308+00:00 app[web.1]: npm ERR!     npm owner ls npm-register
2016-08-22T00:07:38.274388+00:00 app[web.1]: npm ERR! There is likely additional logging output above.

heroku and s3 login failure

Hoping I made a dumb mistake and this is easily resolved.

I'm having trouble logging into the registry I stood up on heroku. Here are the steps I've taken:

I've created an htpasswd file and uploaded it to my s3 instance in the root directory. The htpasswd file was created using the steps in the readme.
I then try to authenticate with npm login --registry https://my-thing.herokuapp.com
I receive a 401 response with the following error:

invalid credentials : -/user/org.couchdb.user:myusername

Did I miss something obvious?

Thanks for the help.

Timeout set on the command line via TIMEOUT=20000 causes error

Setting TIMEOUT=10000 node start.js on the command line fails on an incoming request with

timers.js:293
    throw new TypeError('"msecs" argument must be a number');
    ^

TypeError: "msecs" argument must be a number
    at Object.exports.enroll (timers.js:293:11)
    at TLSSocket.Socket.setTimeout (net.js:322:12)
    at ClientRequest.<anonymous> (_http_client.js:636:10)
    at ClientRequest.g (events.js:291:16)
    at emitOne (events.js:101:20)
    at ClientRequest.emit (events.js:188:7)
    at tickOnSocket (_http_client.js:562:7)
    at onSocketNT (_http_client.js:574:5)
    at _combinedTickCallback (internal/process/next_tick.js:74:11)
    at process._tickCallback (internal/process/next_tick.js:98:9)

Add a Dockerfile

It would be great to have an official Docker image :)

Timeouts and shasum errors with fs storage

There seems to be some weirdness when koa-timeouts occur.

The error seems to work well for /package requests which occasionally go wrong and don't get a response for a long time. A 408 error is thrown, npm fails to parse the non JSON response and tries again. All good.

When a tarball takes a while to load, the koa-timeout will timeout the client request and send a 408 but then the npm request continues to run in the background until it finishes writing the file (most of the time)

  Error: Request timeout
      at Timeout._onTimeout (/srv/npm-register/node_modules/koa-timeout/index.js:11:19)
      at tryOnTimeout (timers.js:232:11)
      at Timer.listOnTimeout (timers.js:202:5)

When the response completes npm-register tries to respond to the client after the 408 has been sent and produces an error

2016-10-05T06:47:58.795Z - /@angular/core/-/core-2.0.1/c0cd8287bbaf367b350c189ac010aee443f4a3c8.tgz Error: Can't set headers after they are sent.
    at ServerResponse.OutgoingMessage.setHeader (_http_outgoing.js:356:11)
    at Object.set (/Users/matt/docker/npm-register/node_modules/koa/lib/response.js:434:16)
    at Object.proto.(anonymous function) [as set] (/Users/matt/docker/npm-register/node_modules/delegates/index.js:40:31)
    at Object.<anonymous> (/Users/matt/docker/npm-register/routes/tarballs.js:28:8)
    at next (native)
    at Object.allowedMethods (/Users/matt/docker/npm-register/node_modules/koa-router/lib/router.js:374:12)
    at next (native)
    at Object.allowedMethods (/Users/matt/docker/npm-register/node_modules/koa-router/lib/router.js:374:12)
    at next (native)
    at Object.allowedMethods (/Users/matt/docker/npm-register/node_modules/koa-router/lib/router.js:374:12)
    at next (native)
    at Object.allowedMethods (/Users/matt/docker/npm-register/node_modules/koa-router/lib/router.js:374:12)
    at next (native)
    at Object.allowedMethods (/Users/matt/docker/npm-register/node_modules/koa-router/lib/router.js:374:12)
    at next (native)
    at Object.dispatch (/Users/matt/docker/npm-register/node_modules/koa-router/lib/router.js:336:14)

What I'm seeing then is an occasional error after the request has been timed out and retried by the npm client. The tarball response that is saved to the file system appears to be cut off and fails the shasum check when delivered to the client

npm ERR! shasum check failed for /tmp/npm-15-05e9c7df/10.8.8.8_4874/bower/-/bower-1.7.9/b7296c2393e0d75edaa6ca39648132dd255812b0.tgz
npm ERR! Expected: b7296c2393e0d75edaa6ca39648132dd255812b0
npm ERR! Actual:   712ae1e8088b628c9bccfbb0d31dac0c89926245
npm ERR! From:     http://10.8.8.8:4874/bower/-/bower-1.7.9/b7296c2393e0d75edaa6ca39648132dd255812b0.tgz

The file needs to be removed from the file system to fix the issue. It happens with various packages.

My initial thought was that the file was being written to by two requests at once (the original and the rerty), so I added some logic to write the file to a tmp file with a random extension, then move the file into place after the download is complete. I can still produce the shasum errors with the extra logic though.

Does this ever crop up with the S3 storage?

support private packages

Originally this project was needed to ensure that only authenticated users could publish packages, but they needed to be installable by anyone. For most projects, however, you would want only authenticated users to be able to publish or install packages.

This will have to be a configurable option.

How are packages stored?

I got this thing working! So hard to set up S3 credentials. 😱

I see the packages pouring in:

I don't see any version info, though. How are different versions of the same package cached?

local system fs htpasswd validation auth

Hi there

my idea is: custom docker container

i have tried dickeyxxx/npm-register and my custom one that i can easily debug

on each i see response from npm-register in the browser however can't get through login

can you explain where to put htpasswd and is there any way to check if it see the file

for exaple for dickeyxxx/npm-register i should attach volume with file to

$HOME
/data
/ (root)
or ??

maybe you could put example working oneliner with docker run dickeyxxx/npm-register and volumes

thanx!

my results:

0 info it worked if it ends with ok
1 verbose cli [ '/usr/bin/nodejs',
1 verbose cli   '/usr/bin/npm',
1 verbose cli   'login',
1 verbose cli   '--registry',
1 verbose cli   'http://192.168.16.2:3000' ]
2 info using [email protected]
3 info using [email protected]
4 verbose adduser before first PUT { _id: 'org.couchdb.user:im',
4 verbose adduser   name: 'im',
4 verbose adduser   password: 'XXXXX',
4 verbose adduser   email: '[email protected]',
4 verbose adduser   type: 'user',
4 verbose adduser   roles: [],
4 verbose adduser   date: '2017-02-15T03:38:10.085Z' }
5 verbose request uri http://192.168.16.2:3000/-/user/org.couchdb.user:im
6 verbose request new user, so can't send auth
7 info attempt registry request try #1 at 4:38:10 AM
8 verbose request id a470a9ff8ccfcdde
9 http request PUT http://192.168.16.2:3000/-/user/org.couchdb.user:im
10 http 401 http://192.168.16.2:3000/-/user/org.couchdb.user:im
11 verbose headers { vary: 'Accept-Encoding',
11 verbose headers   'content-type': 'application/json; charset=utf-8',
11 verbose headers   'content-length': '31',
11 verbose headers   date: 'Wed, 15 Feb 2017 03:38:10 GMT',
11 verbose headers   connection: 'keep-alive' }
12 verbose request invalidating /home/md/.npm/192.168.16.2_3000/-/user/org.couchdb.user_3Aim on PUT
13 verbose adduser back [ { Error: invalid credentials : -/user/org.couchdb.user:im
13 verbose adduser       at makeError (/usr/lib/node_modules/npm/node_modules/npm-registry-client/lib/request.js:302:12)
13 verbose adduser       at CachingRegistryClient.<anonymous> (/usr/lib/node_modules/npm/node_modules/npm-registry-client/lib/request.js:290:14)
13 verbose adduser       at Request._callback (/usr/lib/node_modules/npm/node_modules/npm-registry-client/lib/request.js:210:14)
13 verbose adduser       at Request.self.callback (/usr/lib/node_modules/npm/node_modules/request/request.js:187:22)
13 verbose adduser       at emitTwo (events.js:106:13)
13 verbose adduser       at Request.emit (events.js:191:7)
13 verbose adduser       at Request.<anonymous> (/usr/lib/node_modules/npm/node_modules/request/request.js:1048:10)
13 verbose adduser       at emitOne (events.js:96:13)
13 verbose adduser       at Request.emit (events.js:188:7)
13 verbose adduser       at IncomingMessage.<anonymous> (/usr/lib/node_modules/npm/node_modules/request/request.js:969:12) statusCode: 401, code: 'E401' },
13 verbose adduser   { error: 'invalid credentials' },
13 verbose adduser   '{"error":"invalid credentials"}' ]
14 warn adduser Incorrect username or password
14 warn adduser You can reset your account by visiting:
14 warn adduser
14 warn adduser     https://npmjs.org/forgot
15 verbose stack Error: invalid credentials : -/user/org.couchdb.user:im
15 verbose stack     at makeError (/usr/lib/node_modules/npm/node_modules/npm-registry-client/lib/request.js:302:12)
15 verbose stack     at CachingRegistryClient.<anonymous> (/usr/lib/node_modules/npm/node_modules/npm-registry-client/lib/request.js:290:14)
15 verbose stack     at Request._callback (/usr/lib/node_modules/npm/node_modules/npm-registry-client/lib/request.js:210:14)
15 verbose stack     at Request.self.callback (/usr/lib/node_modules/npm/node_modules/request/request.js:187:22)
15 verbose stack     at emitTwo (events.js:106:13)
15 verbose stack     at Request.emit (events.js:191:7)
15 verbose stack     at Request.<anonymous> (/usr/lib/node_modules/npm/node_modules/request/request.js:1048:10)
15 verbose stack     at emitOne (events.js:96:13)
15 verbose stack     at Request.emit (events.js:188:7)
15 verbose stack     at IncomingMessage.<anonymous> (/usr/lib/node_modules/npm/node_modules/request/request.js:969:12)
16 verbose statusCode 401
17 verbose cwd /opt/innovativemedia/dockers/npm_register/npm_register
18 error Linux 4.4.0-62-generic
19 error argv "/usr/bin/nodejs" "/usr/bin/npm" "login" "--registry" "http://192.168.16.2:3000"
20 error node v6.9.5
21 error npm  v3.10.10
22 error code E401
23 error invalid credentials : -/user/org.couchdb.user:im
24 error If you need help, you may report this error at:
24 error     <https://github.com/npm/npm/issues>
25 verbose exit [ 1, true ]

`npm dist-tag` fails on scoped packages

Is this because the / is being covered to %2f?

Similar issues with npm dist-tag ls.

phil@pro ~/s/o/api-js-client> npm dist-tag add @otono/[email protected] beta
npm ERR! Darwin 16.4.0
npm ERR! argv "/usr/local/bin/node" "/usr/local/bin/npm" "dist-tag" "add" "@otono/[email protected]" "beta"
npm ERR! node v6.9.0
npm ERR! npm  v4.0.3
npm ERR! code E500

npm ERR! server error : -/package/@otono%2fajax/dist-tags
npm ERR!
npm ERR! If you need help, you may report this error at:
npm ERR!     <https://github.com/npm/npm/issues>

npm ERR! Please include the following file with any support request:
npm ERR!     /Users/phil/src/otono/api-js-client/npm-debug.log

logging error with Opbeat: { uuid: '82215b91-8265-4539-b625-4eaaac7520d4' }
TypeError: Cannot read property 'dist-tags' of undefined
    at Object.<anonymous> (/srv/npm-register/routes/dist_tags.js:17:20)
    at next (native)
    at Object.next (/srv/npm-register/node_modules/koa-timeout/node_modules/co/index.js:74:21)
    at /srv/npm-register/node_modules/koa-timeout/node_modules/co/index.js:93:18
    at /srv/npm-register/node_modules/koa-timeout/node_modules/co/index.js:224:7
    at tryCatcher (/srv/npm-register/node_modules/bluebird/js/release/util.js:16:23)
    at Promise._settlePromiseFromHandler (/srv/npm-register/node_modules/bluebird/js/release/promise.js:504:31)
    at Promise._settlePromise (/srv/npm-register/node_modules/bluebird/js/release/promise.js:561:18)
    at Promise._settlePromise0 (/srv/npm-register/node_modules/bluebird/js/release/promise.js:606:10)
    at Promise._settlePromises (/srv/npm-register/node_modules/bluebird/js/release/promise.js:685:18)
    at Async._drainQueue (/srv/npm-register/node_modules/bluebird/js/release/async.js:138:16)
    at Async._drainQueues (/srv/npm-register/node_modules/bluebird/js/release/async.js:148:10)
    at Immediate.Async.drainQueues (/srv/npm-register/node_modules/bluebird/js/release/async.js:17:14)
    at runCallback (timers.js:574:20)
    at tryOnImmediate (timers.js:554:5)
    at processImmediate [as _immediateCallback] (timers.js:533:5)

  TypeError: Cannot read property 'dist-tags' of undefined
      at Object.<anonymous> (/srv/npm-register/routes/dist_tags.js:17:20)
      at next (native)
      at Object.next (/srv/npm-register/node_modules/koa-timeout/node_modules/co/index.js:74:21)
      at /srv/npm-register/node_modules/koa-timeout/node_modules/co/index.js:93:18
      at /srv/npm-register/node_modules/koa-timeout/node_modules/co/index.js:224:7
      at tryCatcher (/srv/npm-register/node_modules/bluebird/js/release/util.js:16:23)
      at Promise._settlePromiseFromHandler (/srv/npm-register/node_modules/bluebird/js/release/promise.js:504:31)
      at Promise._settlePromise (/srv/npm-register/node_modules/bluebird/js/release/promise.js:561:18)
      at Promise._settlePromise0 (/srv/npm-register/node_modules/bluebird/js/release/promise.js:606:10)
      at Promise._settlePromises (/srv/npm-register/node_modules/bluebird/js/release/promise.js:685:18)
      at Async._drainQueue (/srv/npm-register/node_modules/bluebird/js/release/async.js:138:16)
      at Async._drainQueues (/srv/npm-register/node_modules/bluebird/js/release/async.js:148:10)
      at Immediate.Async.drainQueues (/srv/npm-register/node_modules/bluebird/js/release/async.js:17:14)
      at runCallback (timers.js:574:20)
      at tryOnImmediate (timers.js:554:5)
      at processImmediate [as _immediateCallback] (timers.js:533:5)

measure#request=2634ms method=GET user-agent="npm/4.0.3 node/v6.9.0 darwin x64" status=500 path=/-/package/@otono%2fajax/dist-tags request_id=0.42078417696968606

minio support

I would like to see minio.io support.

Unhandled rejection error caused by redirect

I am excited about your project. Sinopia seems unmaintained and it doesn't seem to be a stable and maintained fork out there. I will test elephant to my pet projects and promote it in my company if it fits our needs.

I cloned the repo, created a S3 bucket (eu-west), AIM credentials, set up the env vars and run the start npm task.

After replying the 3 npm login questions with the registry option pointing to the port 3000:

Unhandled rejection Error: Error downloading /htpasswd
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>TemporaryRedirect</Code><Message>Please re-send this request to the specified         temporary endpoint. Continue to use the original request endpoint for future requests.</Message>            <Bucket>HIDDENHIDDEN</Bucket><Endpoint>HIDDENHIDDEN.s3-eu-west-1.amazonaws.com</Endpoint>    <RequestId>A66FD56DF0A7DDD6</RequestId><HostId>Cq8jCPIcjKq2yv20euEdOjbZKparRPx62B/M3Jvy8M6vIaH9Wqf0cl/e+Xo8SF+seXOE8FAvonc=</HostId></Error>
at /home/fcanela/sites/npm.aire/elephant/lib/s3.js:19:19
at tryCatcher (/home/fcanela/sites/npm.aire/elephant/node_modules/bluebird/js/release/util.js:16:23)
at Promise._settlePromiseFromHandler (/home/fcanela/sites/npm.aire/elephant/node_modules/bluebird/js/release/promise.js:504:31)
at Promise._settlePromise (/home/fcanela/sites/npm.aire/elephant/node_modules/bluebird/js/release/promise.js:561:18)
at Promise._settlePromise0 (/home/fcanela/sites/npm.aire/elephant/node_modules/bluebird/js/release/promise.js:606:10)
at Promise._settlePromises (/home/fcanela/sites/npm.aire/elephant/node_modules/bluebird/js/release/promise.js:685:18)
at Async._drainQueue (/home/fcanela/sites/npm.aire/elephant/node_modules/bluebird/js/release/async.js:138:16)
at Async._drainQueues (/home/fcanela/sites/npm.aire/elephant/node_modules/bluebird/js/release/async.js:148:10)
at Immediate.Async.drainQueues (/home/fcanela/sites/npm.aire/elephant/node_modules/bluebird/js/release/async.js:17:14)
at runCallback (timers.js:566:20)
at tryOnImmediate (timers.js:546:5)
at processImmediate [as _immediateCallback] (timers.js:525:5)

Am I missing something?

Docker signal handling

The current docker setup does not handle sigint (ctrl-c) or sigterm (docker stop) so the process needs to be killed with a sigkill to stop it.

How are unpublish events handled?

This happened today: https://medium.com/@azerbike/i-ve-just-liberated-my-modules-9045c06be67c#.37j7cvuek

If I was using elephant as my registry, would those unpublished modules stick around, or would they be unpublished just like they are on the registry.npmjs.org ?

Webapp

I'm used to sinopia but looks like that project is not being maintened. I installed npm-register just like your guide but I cannot access a webui with the list of modules.
Does npm-register suports a web UI to search and view the npm modules?

Unable to install: no such file or directory

$ npm install -g npm-register

npm ERR! path /usr/local/lib/node_modules/npm-register/bin/npm-register
npm ERR! code ENOENT
npm ERR! errno -2
npm ERR! syscall chmod
npm ERR! enoent ENOENT: no such file or directory, chmod '/usr/local/lib/node_modules/npm-register/bin/npm-register'
npm ERR! enoent This is related to npm not being able to find a file.
npm ERR! enoent 

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/z/.npm/_logs/2017-08-29T04_22_15_076Z-debug.log

$ node -v
v8.4.0

$ which node
/usr/local/bin/node

$ npm config get prefix
/usr/local

$ uname -a
Darwin Zekes-MBP 16.7.0 Darwin Kernel Version 16.7.0: Thu Jun 15 17:36:27 PDT 2017; root:xnu-3789.70.16~2/RELEASE_X86_64 x86_64

ask a question

whether I can run the project directly use npm-register after npm install?

htpasswd not a command

I've deployed this to heroku, but I'm confused about the htpasswd authentication. When I do

./bin/get-htpasswd > ./htpasswd
htpasswd -nB steve >> ./htpasswd

I get htpasswd: command not found. I'm positive that it is me doing something wrong. Any help would be greatly appreciated!

Properly handle tarball SHA changes in central repository

When there is a SHA mismatch happens due to tarball / SHA changes in the central npm repository, the changes are not reflected in elephant, causing installs / updates to fail with sha mismatch errors.

Scoped dependencies from official npm registry not working

Take this node module for instance - https://github.com/request/core/blob/master/package.json

It references scoped packages (@request) available on npmregistry.org, but not published to the elephant repository.

When requesting them, it seems the tarball isn't created.

README specifies Node 6.x support but the package specifies Node 8.x

I noticed the auth and user files were rewritten from generator functions to use async calls. These will not work with node 6. as far as I know. Does the README need to be updated?

This change happened here 6a8f0f7

support fastly

fastly might be able to provide more granular caching to make elephant faster. Potentially this could also allow us to CDN private packages.

node-gyp permissions issue with installing latest version (2.5.2)

On trying to install the latest version via sudo npm install -g npm-register (Ubuntu 14.04, Node 8.5.0) it hangs with:

**gyp WARN EACCES user "root" does not have permission to access the dev dir "/usr/lib/node_modules/npm-register/node_modules/bcrypt/.node-gyp/8.5.0"
**

This error continues to repeat indefinitely. Had to do a npm config set unsafe-perm true before I could complete the install.

REDIS_URL seems to be required, but docs have it 'optional'

Hey, great tool, we've been wanting something like this for ages

Just an issue we had setting up, the docs mention REDIS_URL as being optional, but we experienced timeouts unless we had a running cluster and this env var set. Is there something we're missing, or is this just a docs bug?

Cheers, Andy