I’ve came across an interesting issue. Here’s the situation:
I’m trying to install a package of which’s one or more of dependencies or devDependencies use
rimraf package’s 2.2.6 and 2.2.8 versions, which are quire outdated AND they can’t be downloaded from the default NPM registry because they’re
email@example.com are blocked by a corporate firewall (while, for example,
rimraf latest version can be easily installed).
Thus, the only [theoretical] solution I’ve found so far is:
- Download firstname.lastname@example.org or email@example.com tar.gz from the package’s Github releases page
npm cache add $rimraf_pkg_name.tar.gzto add it to
- Verify NPM cache with
npm cache verify
However, this doesn’t work. If I attempt to install the package X (which has dependencies which use rimraf’s 2.2.6 and 2.2.8 versions), NPM still attemps to download rimraf versions 2.2.6 & 2.2.8 from Github.com and, since there’s a corpo firewall, it can’t.
My primary question — is there any way to tell NPM (via config or whatever) to cache or use a locally downloaded tar.gz for any package and its selected versions, so whenever any package (or any package’s dependency) tries to install
firstname.lastname@example.org, it’d use a tar.gz referenced on my local machine or use
email@example.com from npm-cache (and would never try to download it from registry) ?
P.S. yes, I’ve tried to install firstname.lastname@example.org package globally referencing a tar.gz on my machine, but of course it didn’t work. Also, I’ve tried running something like
npm i -g email@example.com --no-registry. It didn’t help much.
npm config get registry is the default NPM registry, there’s no custom registry being in play here.