The npm community forum has been discontinued.
To discuss usage of npm, visit the GitHub Support Community.
Nginx as NPM proxy
I try to use nginx as npm caching proxy. I’ve got some troubles with obtaining tgz files. Everytime when I try to install packages via npm install --verbose. NPM goes fetch filelist from http:///repository/npm-proxy/angular, but then try fetch tgz files directly from https://registry.npmjs.org. Take a look at log:
npm http fetch GET 200 http://<my_ip>/repository/npm-proxy/angular 66ms npm http fetch GET 200 https://registry.npmjs.org/angular/-/angular-1.6.9.tgz 91ms
I’ve set registry in .npmrc in the next way:
Also, all links to tgz files(tarballs) in response from this link (http:///repository/npm-proxy/angular) has been updated according my ip, using Nginx’s sub_filter, so I’m assuming that npm will use updated links for fetching tgz files. But no, it uses https://registry.npmjs.org. I’ve tested this behaviour with different projects result is identical.
NPM try send audit info to my ip, when it fails, it try use external registry.
npm http fetch POST 404 http://<my_ip>/-/npm/v1/security/audits/quick 16ms npm http fetch POST 200 https://registry.npmjs.org/-/npm/v1/security/audits/quick 316ms
But on nginx side I don’t see any requests which are related to tarballs.
My nginx config here.https://pastebin.com/4m6MMQXk
Why npm tries fetch tarballs from https://registry.npmjs.org?
Well, that should do it. Could you take a look at the output of
in the browser or with cURL or something else, and then check if there are no more references to
If you don’t want the audit, you can turn it off with the
audit option (
audit=false). I don’t know why npm falls back to the external registry, but this seems like an okay workaround.
No, no one reference. Everything replaced with nginx sub_filter.