npm On-Site

Run your own on-premises npm registry

npm On-Site is an on-premises solution for securely sharing and distributing JavaScript modules within your organization, from the team that maintains npm and the public npm registry. It's designed for teams that need:


See it in action

npm On-Site is a private npm registry

npm On-Site is an npm registry that works with the same standard npm client you already use, but provides the features needed by larger organizations who are now enthusiastically adopting Node.js. It's built by npm, Inc., the sponsor of the npm open source project and the host of the public npm registry.

Private, scoped modules

Lots of companies using Node.js love the "many small modules" pattern that is part of the Node.js culture. However, splitting internal applications and private code up into small modules has been inconvenient, requiring git dependencies or other workarounds to avoid publishing sensitive code to the public registry. npm On-Site makes private modules a first-class citizen. Just log in to your registry:

npm login --registry= --scope=myco

Now you can install private modules without any additional work, the same way you do with public modules:

npm install @myco/somepackage

npm automatically knows that any package with the @myco scope should be installed from your npm On-Site installation. Scoped packages will be installed into your node_modules folder and can be used in your JavaScript just like any other module:


Publishing private modules is similarly easy. Simply give your package name a scope in package.json:

  "name": "@myco/anypackage"

Then publish as usual:

npm publish

npm will automatically publish to your npm On-Site, and will refuse to publish scoped packages to the public registry.

Eliminate conflicts with public modules

By their nature, the existence of scopes means you cannot create a module that accidentally conflicts with an existing public package.

In addition, when you register a scope with npm On-Site, we reserve that scope across all npm On-Site users and the public registry. This will allow you to publish your modules publicly without needing to rename them when this feature becomes available in the public registry.

Works in concert with the public npm registry

Depending on your security preferences, you can work with npm On-Site in two ways:

  1. use it to host only your private modules, and use the public npm registry for any un-scoped modules, or
  2. configure npm to use your local npm On-Site server for all modules, and use npm On-Site to mirror the public packages you have approved for internal use

This can be configured per-client, so your developers and your build server can apply different levels of strictness about where they can install packages from.

Selectively mirror the public registry

npm On-Site goes beyond a simple local cache of the registry. It allows you to selectively mirror the public registry, automatically inspecting every new and updated package available in the public registry and applying a security policy to determine if it should be made available locally. You can use pre-built filters, or you can write your own, which is as simple as writing an npm module and publishing it to your local registry. Some possible filters:

npm install npmo

npm On-Site runs locally, on a server you control, with no external dependencies (mirroring the public registry of course requires external internet access, but mirroring is optional). Many organizations want this for security, regulatory, or operational reasons.

As you would expect, npm On-Site is installed using npm! Our installation process asks you a series of simple questions about your local environment, and sets up all the services it needs to run.

npm On-Site has been extensively tested on CentOS 6.5 and Ubuntu 14, and is supported on most recent public Linux distributions. It can run inside a virtual machine or on standard hardware. Since it can be configured to only selectively mirror the public registry in addition to your private packages, its disk space requirements are significantly lighter than other private registry solutions.

Integrates with GitHub and GitHub Enterprise

If your organization uses GitHub or GitHub Enterprise, npm On-Site can be configured to automatically use them for login and access control. Simply add a repository field to your package.json that points to your repo:

  "repository": {
    "url": "git://"

Depending on your configuration, npm On-Site can restrict installation of your package to users who have access to the repo for that package, and restrict publishing of that package to users who have commit access to the repo.

npm On-Site uses OAuth to interact with GitHub, and will support any other OAuth2 providers. A standalone solution for authentication and authorization is coming soon.


npm On-Site is priced very simply:

  1. Standard pricing is $20/active user/month, with no limit on the number of users.
  2. A site license is available for large engineering teams (please contact to discuss).

An "active user" is any user who authenticated with the server over the last 30 days, for instance to install or publish a package. You can upgrade or downgrade your license at any time.

Buy an npm On-Site license now

Try npm On-Site for free

Get a trial license for npm On-Site instantly by supplying some basic information:

This email will be the username for your trial license