Private Package Management - Complete Guide
Published: September 25, 2024 | Reading time: 19 minutes
Private Package Overview
Private package management provides secure, controlled access to proprietary packages:
Private Package Benefits
# Private Package Benefits
- Secure package distribution
- Access control
- Enterprise compliance
- Internal package sharing
- Version control
- Dependency management
- Team collaborationNPM Private Packages
NPM Private Registry Setup
NPM Private Packages
# NPM Private Packages
# 1. NPM Private Registry Authentication
npm login --registry=https://npm.company.com
npm whoami --registry=https://npm.company.com
# 2. Configure Private Registry
npm config set registry https://npm.company.com
npm config set @company:registry https://npm.company.com
# 3. Publish Private Package
npm publish --registry=https://npm.company.com
npm publish --access restricted
# 4. Install Private Package
npm install @company/private-package
npm install @company/private-package@1.0.0
# 5. Private Package Configuration
# package.json
{
"name": "@company/private-package",
"version": "1.0.0",
"private": true,
"publishConfig": {
"registry": "https://npm.company.com"
}
}
# 6. Scoped Package Configuration
# .npmrc
@company:registry=https://npm.company.com
//npm.company.com/:_authToken=${NPM_TOKEN}
# 7. Private Package Authentication
# Environment variables
export NPM_TOKEN="your-auth-token"
export NPM_REGISTRY="https://npm.company.com"
# 8. Private Package Installation
npm install @company/private-package --registry=https://npm.company.com
# 9. Private Package Updates
npm update @company/private-package
npm install @company/private-package@latest
# 10. Private Package Unpublish
npm unpublish @company/private-package@1.0.0 --registry=https://npm.company.comYarn Private Packages
Yarn Private Registry Configuration
Yarn Private Packages
# Yarn Private Packages
# 1. Yarn Private Registry Authentication
yarn login --registry https://npm.company.com
yarn whoami --registry https://npm.company.com
# 2. Configure Private Registry
yarn config set registry https://npm.company.com
yarn config set @company:registry https://npm.company.com
# 3. Publish Private Package
yarn publish --registry https://npm.company.com
yarn publish --access restricted
# 4. Install Private Package
yarn add @company/private-package
yarn add @company/private-package@1.0.0
# 5. Private Package Configuration
# package.json
{
"name": "@company/private-package",
"version": "1.0.0",
"private": true,
"publishConfig": {
"registry": "https://npm.company.com"
}
}
# 6. Scoped Package Configuration
# .yarnrc
"@company:registry" "https://npm.company.com"
"//npm.company.com/:_authToken" "${NPM_TOKEN}"
# 7. Private Package Authentication
# Environment variables
export NPM_TOKEN="your-auth-token"
export NPM_REGISTRY="https://npm.company.com"
# 8. Private Package Installation
yarn add @company/private-package --registry https://npm.company.com
# 9. Private Package Updates
yarn upgrade @company/private-package
yarn add @company/private-package@latest
# 10. Private Package Unpublish
yarn unpublish @company/private-package@1.0.0 --registry https://npm.company.comEnterprise Registry Solutions
Private Registry Platforms
Enterprise Registry Solutions
# Enterprise Registry Solutions
# 1. GitHub Packages
# Configure GitHub Packages
npm config set @company:registry https://npm.pkg.github.com
npm config set //npm.pkg.github.com/:_authToken ${GITHUB_TOKEN}
# Publish to GitHub Packages
npm publish --registry https://npm.pkg.github.com
# Install from GitHub Packages
npm install @company/private-package
# 2. GitLab Package Registry
# Configure GitLab Packages
npm config set @company:registry https://gitlab.company.com/api/v4/projects/123/packages/npm
npm config set //gitlab.company.com/api/v4/projects/123/packages/npm/:_authToken ${GITLAB_TOKEN}
# Publish to GitLab Packages
npm publish --registry https://gitlab.company.com/api/v4/projects/123/packages/npm
# Install from GitLab Packages
npm install @company/private-package
# 3. Azure Artifacts
# Configure Azure Artifacts
npm config set @company:registry https://pkgs.dev.azure.com/company/_packaging/feed/npm/registry/
npm config set //pkgs.dev.azure.com/company/_packaging/feed/npm/registry/:_authToken ${AZURE_TOKEN}
# Publish to Azure Artifacts
npm publish --registry https://pkgs.dev.azure.com/company/_packaging/feed/npm/registry/
# Install from Azure Artifacts
npm install @company/private-package
# 4. JFrog Artifactory
# Configure Artifactory
npm config set @company:registry https://artifactory.company.com/artifactory/api/npm/npm-local/
npm config set //artifactory.company.com/artifactory/api/npm/npm-local/:_authToken ${ARTIFACTORY_TOKEN}
# Publish to Artifactory
npm publish --registry https://artifactory.company.com/artifactory/api/npm/npm-local/
# Install from Artifactory
npm install @company/private-package
# 5. Nexus Repository
# Configure Nexus
npm config set @company:registry https://nexus.company.com/repository/npm-private/
npm config set //nexus.company.com/repository/npm-private/:_authToken ${NEXUS_TOKEN}
# Publish to Nexus
npm publish --registry https://nexus.company.com/repository/npm-private/
# Install from Nexus
npm install @company/private-packageAuthentication and Security
Security Best Practices
Authentication Methods
- Token-based authentication
- OAuth integration
- SSO integration
- API key management
- Role-based access
- Multi-factor authentication
- Audit logging
Security Best Practices
- Secure token storage
- Regular token rotation
- Access control policies
- Vulnerability scanning
- Encrypted communication
- Audit trail maintenance
- Compliance monitoring
CI/CD Integration
Automated Private Package Management
CI/CD Integration
# CI/CD Integration
# 1. GitHub Actions Private Packages
# .github/workflows/private-packages.yml
name: Private Package Management
on: [push, pull_request]
jobs:
private-packages:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: '18'
- name: Configure Private Registry
run: |
npm config set @company:registry https://npm.company.com
npm config set //npm.company.com/:_authToken ${{ secrets.NPM_TOKEN }}
- name: Install Private Packages
run: npm ci
- name: Publish Package
if: github.ref == 'refs/heads/main'
run: npm publish
# 2. GitLab CI Private Packages
# .gitlab-ci.yml
private_packages:
stage: build
script:
- npm config set @company:registry https://npm.company.com
- npm config set //npm.company.com/:_authToken $NPM_TOKEN
- npm ci
- npm publish
only:
- main
# 3. Jenkins Private Packages
# Jenkinsfile
pipeline {
agent any
stages {
stage('Private Packages') {
steps {
sh 'npm config set @company:registry https://npm.company.com'
sh 'npm config set //npm.company.com/:_authToken $NPM_TOKEN'
sh 'npm ci'
sh 'npm publish'
}
}
}
}
# 4. Azure DevOps Private Packages
# azure-pipelines.yml
trigger:
- main
pool:
vmImage: 'ubuntu-latest'
steps:
- task: NodeTool@0
inputs:
versionSpec: '18.x'
- script: |
npm config set @company:registry https://npm.company.com
npm config set //npm.company.com/:_authToken $(NPM_TOKEN)
npm ci
npm publish
displayName: 'Private Package Management'
# 5. CircleCI Private Packages
# .circleci/config.yml
version: 2
jobs:
private-packages:
docker:
- image: node:18
steps:
- checkout
- run: npm config set @company:registry https://npm.company.com
- run: npm config set //npm.company.com/:_authToken $NPM_TOKEN
- run: npm ci
- run: npm publishSummary
Private package management involves several key components:
- NPM Private Packages: Authentication, configuration, and publishing
- Yarn Private Packages: Yarn-specific private registry setup
- Enterprise Solutions: GitHub, GitLab, Azure, JFrog, Nexus
- CI/CD Integration: Automated private package management
Need More Help?
Struggling with private package management or need help setting up enterprise registries? Our package management experts can help you implement secure private package solutions.
Get Private Package Help