npm Enterprise

Run your own on-premises npm registry

npm Enterprise is an on-premises solution for securely sharing and distributing JavaScript modules within your organization, from the team that maintains npm and the public npm registry. It's designed for teams that need:

Features

See it in action

npm Enterprise is a private npm registry

npm Enterprise is an npm registry that works with the same standard npm client you already use, but provides the features needed by larger organizations who are now enthusiastically adopting node. It's built by npm, Inc., the sponsor of the npm open source project and the host of the public npm registry.

Private, scoped modules

Lots of companies using Node.js love the "many small modules" pattern that is part of the Node culture. However, splitting internal applications and private code up into small modules has been inconvenient, requiring git dependencies or other workarounds to avoid publishing sensitive code to the public registry. npm Enterprise makes private modules a first-class citizen. Just log in to your registry:

npm login --registry=http://myreg.mycompany.com --scope=myco

Now you can install private modules without any additional work, the same way you do with public modules:

npm install @myco/somepackage

npm automatically knows that any package with the @myco scope should be installed from your npm Enterprise installation. Scoped packages will be installed into your node_modules folder and can be used in your JavaScript just like any other module:

require('@myco/somepackage');

Publishing private modules is similarly easy. Simply give your package name a scope in package.json:

{
  "name": "@myco/anypackage"
}

Then publish as usual:

npm publish

npm will automatically publish to your npm Enterprise, and will refuse to publish scoped packages to the public registry.

Eliminate conflicts with public modules

By their nature, the existence of scopes means you cannot create a module that accidentally conflicts with an existing public package.

In addition, when you register a scope with npm Enterprise, we reserve that scope across all npm Enterprise users and the public registry. This will allow you to publish your modules publicly without needing to rename them when this feature becomes available in the public registry.

Works in concert with the public npm registry

Depending on your security preferences, you can work with npm Enterprise in two ways:

  1. use it to host only your private modules, and use the public npm registry for any un-scoped modules, or
  2. configure npm to use your local npm Enterprise server for all modules, and use npm Enterprise to mirror the public packages you have approved for internal use

This can be configured per-client, so your developers and your build server can apply different levels of strictness about where they can install packages from.

Selectively mirror the public registry

npm Enterprise goes beyond a simple local cache of the registry. It allows you to selectively mirror the public registry, automatically inspecting every new and updated package available in the public registry and applying a security policy to determine if it should be made available locally. You can use pre-built filters, or you can write your own, which is as simple as writing an npm module and publishing it to your local registry. Some possible filters:

npm install npme

npm Enterprise runs locally, on a server you control, with no external dependencies (mirroring the public registry of course requires external internet access, but mirroring is optional). Many organizations want this for security, regulatory, or operational reasons.

As you would expect, npm Enterprise is installed using npm! Our installation process asks you a series of simple questions about your local environment, and sets up all the services it needs to run.

npm Enterprise has been extensively tested on CentOS 6.5 and Ubuntu 14, and is supported on most recent public Linux distributions. It can run inside a virtual machine or on standard hardware. Since it can be configured to only selectively mirror the public registry in addition to your private packages, its disk space requirements are significantly lighter than other private registry solutions.

Integrates with GitHub and GitHub Enterprise

If your organization uses GitHub or GitHub Enterprise, npm Enterprise can be configured to automatically use them for login and access control. Simply add a repository field to your package.json that points to your repo:

{
  "repository": {
    "url": "git://github.mycompany.com/myco/mypackage.git"
  }
}

Depending on your configuration, npm Enterprise can restrict installation of your package to users who have access to the repo for that package, and restrict publishing of that package to users who have commit access to the repo.

npm Enterprise uses OAuth to interact with GitHub, and will support any other OAuth2 providers. A standalone solution for authentication and authorization is coming soon.

Pricing

npm Enterprise is priced very simply. There are two price points:

  1. Standard pricing is $20/active user/month, with no limit on the number of users.
  2. A "Starter Pack" for internal pilots and small teams is $25/month, and allows up to five active users (no per-user cost).

An "active user" is any user who authenticated with the server over the last 30 days, for instance to install or publish a package. You can upgrade or downgrade your license at any time.

Try npm Enterprise for free

Get a trial license for npm Enterprise instantly by supplying some basic information:

This email will be the username for your trial license