NPM Access

NPM Registry

This registry grants read-only access to @dazn NPM organization. All DAZN staff members have access to this registry.

This registry is a proxy. The NPM user automation-drone is used to communicate with the official NPM registry (registry.npmjs.org).

You read from the proxy (Artifactory) with your own user credentials.

You write to npm registry (registry.npmjs.org) with a npm token that belongs to a single global user.

Index

NPM Login

If a project is using this proxy, you will need to authenticate yourself in order to download private dependencies via npm or yarn.

  1. Go to dazn.jfrog.io.
  2. Click log in to use your staff credentials.
  3. This will be your DAZN email and password, for microsoft authentication:
  4. Once logged in to Jfrog, click your username, and select the 'Set Me Up' option
  5. Select NPM from the options below:
  6. To set up your client, click 'Configure' and select 'Generate Token & Create Instructions' from the options below:
  7. On your machine, add your new credentials using npm login with your artifactory username and api key. Please note that you may also need to remove your global .npmrc file first.
                    rm ~/.npmrc
                    npm login --registry https://npm.daznplatform.com/
                    Username: your.name
                    Password: <api key>
                    Email: (this IS public) your.name@dazn.com
                  
    NOTE: for some versions of npm, the authentication will be done following the regular SSO procedure in DAZN and the .npmrc file will be updated for you when you log in successfully. This means, that you will not need to manually enter the JFrog token
  8. To check, use npm whoami:
    npm whoami --registry https://npm.daznplatform.com/
    your.name
  9. To get information about a package, use: npm show @dazn/YOUR-PACKAGE-NAME--registry https://npm.daznplatform.com/
    npm show @dazn/YOUR-PACKAGE-NAME --registry https://npm.daznplatform.com/
    your.package.info
  10. To list all versions of a package , use: npm show "@dazn/YOUR-PACKAGE-NAME@*" --registry https://npm.daznplatform.com/ version
    npm show @dazn/YOUR-PACKAGE-NAME --registry https://npm.daznplatform.com/
    @dazn/YOUR-PACKAGE-NAME@1.10.0 '1.10.0'
    @dazn/YOUR-PACKAGE-NAME@4.0.2 '4.0.2'
    @dazn/YOUR-PACKAGE-NAME@1.9.3 '1.9.3'

Global Setup

After you npm login, you need to add the dazn registry in your .npmrc. This can be achieved by running the following npm commands:
npm config set @dazn:registry https://npm.daznplatform.com/
The above command should add the following lines in the ~/.npmrc file:

~/.npmrc

@dazn:registry=https://npm.daznplatform.com/

$PROJECT_DIR/{package-lock.json, yarn.lock}

Once .npmrc has been updated and your caches have been cleared, then a fresh npm/yarn install should update your lockfile.

GitHub Actions Setup

The action node/setup-node from getndazn/plat-gha-action can be used to install a specific version of Node and configure the access to private npm packages in DAZN npm (@dazn packages).
Check its documentation for additional information on how to use the action.

$PROJECT_DIR/.github/workflows/workflow-name.yml

          - name: Setup node
            uses: getndazn/plat-gha-action/node/setup-node@main
            with:
              global_artifactory_token: ${{ secrets.GLOBAL_JFROG_ARTIFACTORY_TOKEN }}
              node_version: 16
          

How to publish a package

The only way to publish NPM packages to @dazn is using GitHub Actions.
The NPM packages are always published to registry.npmjs.org, npm.daznplatform.com is only used to pull packages
This section is only relevant if you need to publish a package so that it can be used in other projects.

$PROJECT_DIR/package.json

          {
            "name": "@dazn/YOUR_PACKAGE_NAME",
            // ...
            "publishConfig": {
              "@dazn:registry": "https://registry.npmjs.org/",
              "access": "restricted"
            }
          }
          

$PROJECT_DIR/.github/workflows/workflow-name.yml

Note: This is just an example, there may be other approaches you want to use to publish packages to npm.
The important thing to keep in mind is use publish to registry.npmjs.org using the token available as secret named GLOBAL_NPM_TOKEN in GitHub Actions.

          - name: Setup nodejs
            uses: actions/setup-node@v2
            with:
              node-version: ${{ env.NODE_VERSION }}
          - name: Cache node modules
            uses: actions/cache@v2
            id: npm-cache
            with:
              path: "**/node_modules"
              key: npm-${{ hashFiles('**/package-lock.json') }}
              restore-keys: |
                npm-
          - name: Install
            if: ${{ steps.npm-cache.outputs.cache-hit != 'true' }}
            run: |-
              npm config set //npm.daznplatform.com/:_authToken ${{ secrets.GLOBAL_JFROG_ARTIFACTORY_TOKEN }}
              npm ci
          - name: Build
            run: npm run build
          - name: Release
            run: |-
              npm config set //registry.npmjs.org/:_authToken ${{ secrets.GLOBAL_NPM_TOKEN }}
              npm run release
          

FAQ

Why can't I unpublish my teams' packages??? 😤

You can't directly unpublish an NPM package from npmjs.org as:

  • We use npmjs.org via a proxy Jfrog/Artifactory, your NPM handle is not on npmjs.org.
    Some few people in PLATform are listed as maintainers on npmjs.org
  • Only the maintainers on npmjs.org can request to unpublish a package
  • If a package has multiple maintainers (our case by default) it cannot be unpublished by a single maintainer via the npm command line.
    A support request on npmjs.org has to be raised by one of the maintainers (more info here).

Ok, I got it, I need to unpublish a package, what shall I do?

  • Get in touch with the CoDX team on the CoDX support channel
  • Some of the npmjs.org maintainers are in the CoDX team, so they can issue a "package unpublish" request to NPM support
  • Stay in touch with the CoDX team to get updates on the support request.

👉 If it's an urgent request and you can't get immediate support from the CoDX team please escalate it to other people in PLATform 👈

Why do I install packages via npm.daznplatform.com, but publish directly to registry.npmjs.org?

npm.daznplatform.com (artifactory) is a read-only proxy to npm. Therefore, we can continue to publish packages directly to npm, but we can only read from artifactory. This means you only need the global_npm_token secret for publishing, but you need the global_jfrog_artifactory_token to install.

Why can't I see my package on npmjs.org?

Individual users do not have access to view/install @dazn packages on npmjs.org, so you will not be able to see any packages there. Platform have built an NPM Explorer to help with package discovery.

Why can't I see my package on NPM Explorer npmjs.daznplatform.io?

The NPM Explorer is populated asynchronously through webhooks invoked when the package is published to registry.npmjs.org. Sometimes the webhooks are delayed and it can take few hours for the updated package information to be available in NPM Explorer. If you want to evaluate which versions of a given package are available in Artifactory you can use the command npm view @dazn/package-name versions --json

I’ve migrated my package, but I want existing versions to be moved across to @dazn

Great! We can support you with that, and we highly recommend moving existing versions across - otherwise you’ll force all dependent projects to upgrade. Please contact Rick Burgess.

Still unsure about the ownership of a specific package?

Via Teams: DAZN Platform Support > @dazn npm packages migration

Why do I get a E403 or E401 error when I try to login to npmjs.org?

This is being investigated as a part of ticket: PLAT-7356. As a temporary fix, you can remove your ~/.npmrc file and then run the login steps again.

STILL STILL ISSUES?

Count to 15 first then get in touch with the CoDX Team