docs: document special meaning of registry.npmjs.com #3784
Conversation
docs/content/using-npm/registry.md
Outdated
| npm will install packages from the new registry, but if you create a lock | ||
| file while using a custom registry packages will be installed from that | ||
| registry even after you change to another registry. To update the registry in a | ||
| lock file you can remove the file or remove or modify the resolved key. |
There was a problem hiding this comment.
The package-lock is not something we want folks editing, it's assumed that the cli "owns" this. As such we should not suggest modifying the key directly.
There was a problem hiding this comment.
Hows this? Or delete the sentence?
You should delete the file if you would like to change the custom registry.
There was a problem hiding this comment.
Just delete "or modify the resolved key"
There was a problem hiding this comment.
Or perhaps yes just deleting the sentence for now. Best to add something more clarifying later than put something in now that's not right.
This behavior has been present in npm for a while, but I haven't found where it's documented. This is my attempt at documenting the behavior based on my understanding of it. I think a SME should contribute to this so the documentation is correct. npm/feedback#544 npm#3783 https://github.com/npm/arborist/blob/478871bf0a44a8ec516b9057585b8707e60b0349/lib/arborist/reify.js#L687-L693 PR-URL: npm#3784 Credit: @everett1992 Close: npm#3784 Reviewed-by: @wraithgar
Note that this doesn't seem to apply when using a registry scope with and then try to npm install while having a scoped package with resolved value If anyone knows if that is intended let me know and I'll make a PR to update the documentation. |
| @@ -201,7 +202,8 @@ Dependency objects have the following fields: | |||
|
|
|||
| * resolved: For registry sources this is path of the tarball relative to | |||
| the registry URL. If the tarball URL isn't on the same server as the | |||
| registry URL then this is a complete URL. | |||
| registry URL then this is a complete URL. `registry.npmjs.org` is a magic | |||
| value meaning "the currently configured registry". | |||
This behavior has been present in npm for a while, but I haven't found
where it's documented. This is my attempt at documenting the behavior
based on my understanding of it. I think a SME should contribute to this
so the documentation is correct.
npm/feedback#544
#3783
https://github.com/npm/arborist/blob/478871bf0a44a8ec516b9057585b8707e60b0349/lib/arborist/reify.js#L687-L693
I'd really like to discus improving this behavior. Packages should have more control over the resolved url, at-least packages using a custom registry should be able to record a resolved value in the lockfile that means 'the currently configured registry'. An easy and compatible option may be a configuration for the registry to record. npm would replace NPM_CONFIG_REGISTRY with NPM_CONFIG_REGISTRY_TO_RECORD when writing the lock. The comment in arborist suggests a plan to remove the special behavior of registry.npmjs.org which I support but I think it would require a new lock file format.