To resolve packages by name and version, npm talks to a registry website that
implements the CommonJS Package Registry specification for reading package
Additionally, npm's package registry implementation supports several write APIs
as well, to allow for publishing packages and managing user account
The official public npm registry is at https://registry.npmjs.org/.
powered by a CouchDB database, of which there is a public mirror at
The code for the couchapp is available at
The registry URL used is determined by the scope of the package (see npm help 7
). If no scope is specified, the default registry is used,
which is supplied by the registry
config parameter. See npm help
, npm help 5 npmrc
, and npm help 7 npm-config
for more on managing npm's configuration.
Does npm send any information about me back to the registry?¶
When making requests of the registry npm adds two headers with information about
- Npm-Scope – If your project is scoped, this header will
contain its scope. In the future npm hopes to build registry features that
use this information to allow you to customize your experience for your
- Npm-In-CI – Set to "true" if npm believes this
install is running in a continous integration environment,
"false" otherwise. This is detected by looking for the following
environment variables: CI, TDDIUM, JENKINS_URL,
bamboo.buildKey. If you'd like to learn more you may find the
original PR https://github.com/npm/npm-registry-client/pull/129
interesting. This is used to gather better metrics on how npm is used by
humans, versus build farms.
The npm registry does not to correlate the information in these headers with any
authenticated accounts that may be used in the same requests.
Can I run my own private registry?¶
The easiest way is to replicate the couch database, and use the same (or
similar) design doc to implement the APIs.
If you set up continuous replication from the official CouchDB, and then set
your internal CouchDB as the registry config, then you'll be able to read any
published packages, in addition to your private ones, and by default will only
If you then want to publish a package for the whole world to see, you can simply
override the --registry
option for that publish
I don't want my package published in the official registry. It's private.¶
Set "private": true
in your package.json to prevent it from
being published at all, or
to force it to be published only to your internal registry.
See npm help 5 package.json
for more info on what goes in the
Will you replicate from my registry into the public one?¶
No. If you want things to be public, then publish them into the public registry
using npm. What little security there is would be for nought otherwise.
Do I have to use couchdb to build a registry that npm can talk to?¶
No, but it's way easier. Basically, yes, you do, or you have to effectively
implement the entire CouchDB API anyway.
Is there a website or something to see package docs and such?¶
Yes, head over to https://npmjs.com/
- npm help config
- npm help 7 config
- npm help 5 npmrc
- npm help 7 developers
- npm help 7 disputes