NPM Registry
This registry grants read-only access to @dazn NPM organization. All DAZN staff members have access to this registry.
This registry is a proxy. The NPM user automation-drone is used to communicate with the official NPM registry (registry.npmjs.org).
You read from the proxy (Artifactory) with your own user credentials.
You write to npm registry (registry.npmjs.org) with a npm token that belongs to a single global user.
Index
NPM Login
If a project is using this proxy, you will need to authenticate yourself in order to download private dependencies via npm or yarn.
-
Go to dazn.jfrog.io.
- Click log in to use your staff credentials.
-
This will be your DAZN email and password, for microsoft
authentication:
-
Once logged in to Jfrog, click your username, and select the 'Set
Me Up' option
-
Select NPM from the options below:
-
To set up your client, click 'Configure' and select 'Generate
Token & Create Instructions' from the options below:
-
On your machine, add your new credentials using
npm login
with your artifactory username and api key. Please note that you may also need to remove your global.npmrc
file first.rm ~/.npmrc npm login --registry https://npm.daznplatform.com/ Username: your.name Password: <api key> Email: (this IS public) your.name@dazn.com
NOTE: for some versions of npm, the authentication will be done following the regular SSO procedure in DAZN and the .npmrc file will be updated for you when you log in successfully. This means, that you will not need to manually enter the JFrog token -
To check, use
npm whoami
:npm whoami --registry https://npm.daznplatform.com/ your.name
-
To get information about a package, use:
npm show @dazn/YOUR-PACKAGE-NAME--registry https://npm.daznplatform.com/
npm show @dazn/YOUR-PACKAGE-NAME --registry https://npm.daznplatform.com/ your.package.info
-
To list all versions of a package , use:
npm show "@dazn/YOUR-PACKAGE-NAME@*" --registry https://npm.daznplatform.com/ version
npm show @dazn/YOUR-PACKAGE-NAME --registry https://npm.daznplatform.com/ @dazn/YOUR-PACKAGE-NAME@1.10.0 '1.10.0' @dazn/YOUR-PACKAGE-NAME@4.0.2 '4.0.2' @dazn/YOUR-PACKAGE-NAME@1.9.3 '1.9.3'
Global Setup
npm login
, you need to add the dazn registry
in your .npmrc
. This can be achieved by running the
following npm commands:
npm config set @dazn:registry https://npm.daznplatform.com/
~/.npmrc
@dazn:registry=https://npm.daznplatform.com/
$PROJECT_DIR/{package-lock.json, yarn.lock}
Once .npmrc has been updated and your caches have been cleared, then a fresh npm/yarn install should update your lockfile.
GitHub Actions Setup
Check its documentation for additional information on how to use the action.
$PROJECT_DIR/.github/workflows/workflow-name.yml
- name: Setup node uses: getndazn/plat-gha-action/node/setup-node@main with: global_artifactory_token: ${{ secrets.GLOBAL_JFROG_ARTIFACTORY_TOKEN }} node_version: 16
How to publish a package
The only way to publish NPM packages to
@dazn is
using GitHub Actions.
The NPM packages are always published to
registry.npmjs.org,
npm.daznplatform.com is only used to pull
packages
This section is only relevant if you need to publish a package so
that it can be used in other projects.
$PROJECT_DIR/package.json
{ "name": "@dazn/YOUR_PACKAGE_NAME", // ... "publishConfig": { "@dazn:registry": "https://registry.npmjs.org/", "access": "restricted" } }
$PROJECT_DIR/.github/workflows/workflow-name.yml
Note: This is just an example, there may be other
approaches you want to use to publish packages to npm.
The important thing to keep in mind is use publish to
registry.npmjs.org using the token available as
secret named GLOBAL_NPM_TOKEN
in GitHub Actions.
- name: Setup nodejs uses: actions/setup-node@v2 with: node-version: ${{ env.NODE_VERSION }} - name: Cache node modules uses: actions/cache@v2 id: npm-cache with: path: "**/node_modules" key: npm-${{ hashFiles('**/package-lock.json') }} restore-keys: | npm- - name: Install if: ${{ steps.npm-cache.outputs.cache-hit != 'true' }} run: |- npm config set //npm.daznplatform.com/:_authToken ${{ secrets.GLOBAL_JFROG_ARTIFACTORY_TOKEN }} npm ci - name: Build run: npm run build - name: Release run: |- npm config set //registry.npmjs.org/:_authToken ${{ secrets.GLOBAL_NPM_TOKEN }} npm run release
FAQ
Why can't I unpublish my teams' packages??? 😤
You can't directly unpublish an NPM package from npmjs.org as:
-
We use npmjs.org via a proxy Jfrog/Artifactory, your NPM handle is
not on npmjs.org.
Some few people in PLATform are listed as maintainers on npmjs.org - Only the maintainers on npmjs.org can request to unpublish a package
-
If a package has multiple maintainers (our case by default) it
cannot be unpublished by a single maintainer via the npm command
line.
A support request on npmjs.org has to be raised by one of the maintainers (more info here).
Ok, I got it, I need to unpublish a package, what shall I do?
- Get in touch with the CoDX team on the CoDX support channel
- Some of the npmjs.org maintainers are in the CoDX team, so they can issue a "package unpublish" request to NPM support
- Stay in touch with the CoDX team to get updates on the support request.
👉 If it's an urgent request and you can't get immediate support from the CoDX team please escalate it to other people in PLATform 👈
Why do I install packages via npm.daznplatform.com, but publish directly to registry.npmjs.org?
npm.daznplatform.com (artifactory) is a
read-only proxy to npm. Therefore, we can continue
to publish packages directly to npm, but we can only read from
artifactory. This means you only need the
global_npm_token
secret for publishing, but you need
the global_jfrog_artifactory_token
to install.
Why can't I see my package on npmjs.org?
Individual users do not have access to view/install @dazn packages on npmjs.org, so you will not be able to see any packages there. Platform have built an NPM Explorer to help with package discovery.
Why can't I see my package on NPM Explorer npmjs.daznplatform.io?
The NPM Explorer is populated asynchronously through webhooks
invoked when the package is published to
registry.npmjs.org. Sometimes the webhooks are
delayed and it can take few hours for the updated package
information to be available in NPM Explorer. If you want to evaluate
which versions of a given package are available in Artifactory you
can use the command
npm view @dazn/package-name versions --json
I’ve migrated my package, but I want existing versions to be moved across to @dazn
Great! We can support you with that, and we highly recommend moving existing versions across - otherwise you’ll force all dependent projects to upgrade. Please contact Rick Burgess.
Still unsure about the ownership of a specific package?
Via Teams: DAZN Platform Support > @dazn npm packages migration
Why do I get a E403
or E401
error when I
try to login to npmjs.org?
This is being investigated as a part of ticket:
PLAT-7356. As a temporary fix, you can remove your
~/.npmrc
file and then run the login steps again.
STILL STILL ISSUES?
Count to 15 first then get in touch with the CoDX Team