Get Started with private npm packages

Get Started with private npm packages

Get Started with private npm packages

Bytesafe Community Edition (CE) is a free, robust security platform designed to protect organizations from open source software supply chain attacks. It’s an ideal tool to manage your JavaScript projects and packages securely. Here’s a simple guide to get you started with Bytesafe CE and JavaScript.

Setting Up Bytesafe CE

Bytesafe CE is configured to use PostgreSQL for data management and Redis for efficient caching. It stores package artifacts on the local file system, making it a convenient solution for many use cases. For more information on configurable options in Bytesafe CE, see the docs.

Quickstart Using Docker Compose

Bytesafe CE can be installed quickly using Docker Compose, as explained in the following step-by-step guide:

  1. Download the sample docker-compose.yml file to your host from the Bytesafe Community Edition Git repository.
  2. Create an .env file with a unique and secret value for the DATA_ENCRYPTION_KEY environment variable.
  3. Use Docker Compose to start Bytesafe Community Edition, PostgreSQL, and Redis.

$ curl -O https://raw.githubusercontent.com/bitfront-se/bytesafe-ce/master/docker-compose.yml

$ echo "DATA_ENCRYPTION_KEY='$(cat /dev/urandom | LC_ALL=C tr -dc 'a-zA-Z0-9' | fold -w 50 | head -n 1)'" > .env

$ docker compose up

You can then open a web browser and create your workspace owner account at http://localhost:8081/.

After creating the workspace owner account, go ahead and create your first npm registry. Let’s call it “npm-firewall”.

Working with JavaScript Packages

Once you have Bytesafe CE installed and running, you can start managing your JavaScript projects and packages. Bytesafe offers full support for the JavaScript ecosystem with private npm registries for your packages and dependencies. You can interact with Bytesafe using your regular tools, such as npm for installing and npm publish for uploading JavaScript packages.

Note: This post provides a general overview of getting started with Bytesafe CE and JavaScript. For more detailed information, see the JavaScript packages | Bytesafe documentation.

Specify a default npm registry

To remove the need for explicitly stating which registry to use for each request, you can add the configuration to your npm configuration file.

To configure npm, edit the .npmrc file in your project’s directory or the user-level .npmrc file:

# access token for a registry is stored in .npmrc file

registry=http://localhost:8081/r/npm-firewall/

always-auth=true

//localhost:8081/r/npm-firewall/:_authToken={TOKEN}

Publish a JavaScript package using npm

Note: If you have previously installed a package you might want to run npm cache clean --force to make sure packages are downloaded from Bytesafe and avoid using the local cache.

To publish (upload) packages using npm, you need to set up your .npmrc file (see above).

You can then publish (a built package) with:

$ npm publish

Install a JavaScript package using npm

To install JavaScript packages using npm, use the following command. The syntax below assumes you have added the user, token, and registry in your npm configuration file:

$ npm install {PACKAGE}

Using yarn

Bytesafe is compatible with yarn. To add or publish npm packages using yarn, see the examples below.

# publish a package to Bytesafe using yarn publish

$ yarn --registry https://localhost:8081/r/npm-firewall/ publish {PACKAGE}

...

Note: If you have previously installed a package you may want to run yarn cache clean [<module_name...>] to make sure packages are downloaded from Bytesafe and avoid using the local cache.

Tags: using-bytesafe community-edition
Niclas Gustafsson

Niclas Gustafsson

Founder

Stay Updated!
We’ll keep you up to date on supply chain security and send you the latest information.