The registry under the npm command does not work
Sometimes, switching the source of npm packages in a project is necessary due to network or security issues. The general practice is to switch the source in npmrc, but after switching and installing packages, you will find that the install still goes through the old source, primarily when a lock file has already been generated.
Here, we analyze the issue of the registry not working.
Version Information
For verification, I am using the following versions:
npm v9.5.1
node v18.16.1
Current lock file information
Reviewing the lock file, taking the @babel/plugin-proposal-private-property-in-object
package as an example, you will find that the lock file directly records the address under the corresponding package version, here being https://registry.npmjs.org/.
npmrc
I tried updating the source via the npmrc file configuration as follows.
1 | registry=https://registry.npmmirror.com |
In practical testing, executing npm i
does not download the package from the new source address.
install –registry
Since the RC configuration source does not work, try directly overriding the source with npm install –registry.
1 | npm i @babel/plugin-proposal-private-property-in-object --registry=https://registry.npmmirror.com |
Actual test executing the install command: --registry
can override installation.
What about installing all the packages?
npm i –registry=https://registry.npmmirror.com
Tests show no change.
What if the lock file is deleted
With the lock file deleted and a re-execution of the npm install, the packages are still cached.
Deleting node_modules
After deleting node_modules and re-executing the npm install, the resolved packages are not configured via npmrc.
Deleting node_modules, lock file, then executing install –registry
It is found that all the package download addresses are https://registry.npmmirror.com. At this time, installing a new package, such as npm install antd
. There is no need to set the registry manually; it will follow the source configured in npmrc.
At the end
From the above tests, it is understood that when installing npm packages, the priority processing of the registry is as follows:
- Command parameter
--registry
- Resolved in the lock file/cache
npmrc
or default registry
Based on this priority, when we need to change the package source in a project for existing packages, we either need to delete node_modules, package-lock.json and re-execute the package installation, or we need to edit the lock file to replace all registry manual addresses directly. I prefer the latter, as it does not affect the package version.