Configure an NPM registry
npm config set registry <url> command to set the NPM registry for your system.
This command will create an
.npmrc file with the custom registry url in the current user's home directory.
url should be a fully-qualified url to a packagecloud repository and must include the trailing
For example, to set the NPM registry to
example-user's repository named
you would run the following command:
npm config set registry
Follow the directions in the next sections to set up read-only access or
read and write access to the repository.
Read only access to NPM repositories
Public NPM repositories
If the repostory is a public repository, your system will have read access to the repository after running
npm config set registry <url>
as described in the previous section.
You can install packages by simply running
npm install [packagename].
Private NPM repositories
To configure read only access to a private NPM registry, use the repository installation scripts which can be found
in the Installation section on a repository page.
Alternatively, you can create a read token and and set the
_authToken manually by editing the
in your user's home directory.
_authToken must be a valid read token generated from a repository master token. Learn more about read tokens in these docs.
always-auth field is required when using Yarn with a private repository.
Read and write access to NPM repositories
You should only follow these instructions on systems and environments where you need write access to your repository. If you just need
npm install to install packages, you should follow the read only access guide above.
After you have set your repository URL by following the guide above, you
are ready to use
npm login to give yourself write access to the repository.
Start by using the
npm login command. Running this command
will modify the
.npmrc file in your home directory to include an authentication token that has write access.
When running the
npm login command, you will be prompted for a username, password, and email address.
Use your packagecloud account name, your packagecloud account password, and packagecloud account email address, respectively.
For example, if your packagecloud username is
example-user and the email address registered to your account is
firstname.lastname@example.org, you would run
npm login and respond like this:
~/Projects/example-project $ npm login
Email: (this IS public) email@example.com
Logged in as example-user on https://packagecloud.io/example-user/example-repo/npm/.
After you have followed the npm login section above, you
are ready to use
npm cli to publish packages to your packagecloud registry.
npm publish <tarball> or
from inside a project root containing a
package.json to publish
packages to a configured registry.
You can also use the packagecloud CLI, API, or web
interface to upload packages to the NPM registry.
Scoped packages are supported on packagecloud. Install scoped packages by including the scope in the package name.
npm install @example/package
Publishing scoped packages is also supported. Use the
npm publish command, packagecloud CLI, or web UI to upload packages.
Ensure the scope is included in the package name field inside the
npm publish example-package-v0.1.0.tgz
Remove / unpublish packages from the registry
To remove packages from your packagecloud registry, you can use the packagecloud CLI or the API directly to delete the package.
package_cloud yank example-user/example-repository/node example-1.0.tgz
To remove scoped packages from your packagecloud registry, you pass the scope to the CLI, like so:
package_cloud yank example-user/example-repository/node @myuser/example-1.0.tgz
You can also delete packages from the web UI by visiting the repository page, selecting the package you want to delete, and choosing delete from the options presented. Deleting the package will trigger a reindex of the registry metadata.
When you install a package using
npm install, the
npm program will automatically
attempt to install any dependencies required by the package. If those dependencies are not found in your
packagecloud repository, packagecloud will automatically forward requests for those missing dependencies to the official
NPM public registry.
This is the default behavior and is recommended for most users.
If you do not want to rely on the official NPM public registry at all, you can disable the automatic forwarding
of requests. However, once this behavior is disabled, you will need to upload your packages and all
required dependencies to your packagecloud repository. To disable automatic proxying to the
official NPM public registry for missing dependencies, visit the settings page for the repository and
uncheck the "Enable proxying from the official NPM registry" checkbox.
If you decide to disable this behavior, you will have to upload every
dependency for every package you upload.
npm install commands
will fail if any dependencies are missing from your packagecloud repository
npm install will no longer be able to rely on the
official NPM public registry.
Once a system is configured to use a packagecloud repository as an NPM registry, either by following the manual installation instructions, or by using the repository install scripts provided by packagecloud, it can install packages via Yarn by using
yarn add <packagename>. No other configuration is necessary.
yarn add firstname.lastname@example.org
NPM dist tags
NPM supports a useful feature called distribution tags (or dist tags) for short. You can learn about
dist tags by reading the NPM documentation.
Please read the important notes about dist tags in the sections that follow. The behavior of dist tags with
package publish, promote, and delete may not be what you expect!
In short, NPM dist tags allow NPM package owners to associate arbitrary strings with NPM package versions.
All packages have at least one dist tag: the "latest" dist tag. The "latest" dist tag is automatically
set to the most recently uploaded version of a package. When you run
npm install package, your npm
command line client automatically installs the version tagged with "latest".
You can create arbitrary dist tags (for example: alpha, beta, testing, stable, etc) that map to
particular versions of a package. A user can then use that dist tag to install the version of a package mapped
to that tag.
For example: you may decide that version 2.0 of example-package is the current beta version, so you create
a dist tag mapping "beta" to version 2.0. Any user who wants to install the beta, can simply run
npm install example-package@beta.
The NPM API for adding, removing, and listing dist tags
is fully supported by packagecloud. This means you can run commands like:
npm dist-tag ls package-name or
npm dist-tag add email@example.com beta to list or add dist tags, respectively.
Publishing a package and distribution tags (dist tags)
In order to maintain API compatibility with the official NPM registry and its API you should be be aware that
when uploading a Node.js package with the:
- Web-based graphical upload dialog, the package uploaded will be marked as
the latest version regardless of its version string.
- package_cloud command
line client, the package uploaded will be marked as the latest version regardless of its version string.
npm publish command without specifying a distribution tag,
the newly published package will be marked as the latest version regardless of its version string.
npm publish command and also specifying a distribution tag
--tag option, the newly published package will be marked with the specified dist tag. The "latest"
distribution tag will remain unchanged and will be set to whichever version it was set to (if any).
You can add, remove, or list dist tags using the
npm dist-tags command
to modify the dist tags, manually.
Node package promotion and distribution tags (dist tags)
When you promote a package, the package is removed from the source repository and exists
only in the destination repository at the completion of the command.
When a Node.js package is promoted, the follow things occur:
- All distribution tags associated with that package are deleted.
- The remaining versions of the package in the original repository (where the package was moved from) will be sorted
according to the version. The most recent version string is marked as the latest (even if it already has another dist tag).
- Once the package reaches the destination repository, it will be marked as latest if (and only if) no other versions of the same package
exist at the destination. If other versions exist, the version that was just moved has no dist tag associated with it, even if the
semantic version is the latest.
This is done to mimic the official NPM repository as closely as possible. You can use the
npm dist-tags command
to create, remove, or adjust any dist tags you need after promoting a package.
Node package deletion and distribution tags (dist tags)
When you delete (or yank) a Node.js package the version strings of all remaining
versions for that package are sorted and the most recent version is marked as "latest" even if there is already another dist tag associated
with that version. This is done to maintain API compatibility with the official NPM registry and its API.