The registry under the npm command does not work

Sometimes, switching the source of npm packages in a project is necessary due to network or security issues. The general practice is to switch the source in npmrc, but after switching and installing packages, you will find that the install still goes through the old source, primarily when a lock file has already been generated.

Here, we analyze the issue of the registry not working.

https://static.1991421.cn/2024/2024-09-17-153822.jpeg

Version Information

For verification, I am using the following versions:

  • npm v9.5.1

  • node v18.16.1

Current lock file information

https://static.1991421.cn/2024/2024-09-17-153847.jpeg

Reviewing the lock file, taking the @babel/plugin-proposal-private-property-in-object package as an example, you will find that the lock file directly records the address under the corresponding package version, here being https://registry.npmjs.org/.

npmrc

I tried updating the source via the npmrc file configuration as follows.

1
registry=https://registry.npmmirror.com

In practical testing, executing npm i does not download the package from the new source address.

install –registry

Since the RC configuration source does not work, try directly overriding the source with npm install –registry.

1
npm i @babel/plugin-proposal-private-property-in-object --registry=https://registry.npmmirror.com

Actual test executing the install command: --registry can override installation.

What about installing all the packages?

npm i –registry=https://registry.npmmirror.com

Tests show no change.

What if the lock file is deleted

With the lock file deleted and a re-execution of the npm install, the packages are still cached.

Deleting node_modules

After deleting node_modules and re-executing the npm install, the resolved packages are not configured via npmrc.

Deleting node_modules, lock file, then executing install –registry

It is found that all the package download addresses are https://registry.npmmirror.com. At this time, installing a new package, such as npm install antd. There is no need to set the registry manually; it will follow the source configured in npmrc.

At the end

From the above tests, it is understood that when installing npm packages, the priority processing of the registry is as follows:

  1. Command parameter --registry
  2. Resolved in the lock file/cache
  3. npmrc or default registry

Based on this priority, when we need to change the package source in a project for existing packages, we either need to delete node_modules, package-lock.json and re-execute the package installation, or we need to edit the lock file to replace all registry manual addresses directly. I prefer the latter, as it does not affect the package version.