Installing private npm modules

Once you have signed up for a Gemfury account and uploaded a few npm packages, you can install them via command-line or as package.json dependencies.

Setting up your npm registry

To start using your npm registry, you will need to update your npm config:

npm config set registry

At this point, you can start to npm install public packages from your account. To publish and install private packages, you will first authenticate with your Gemfury credentials:

npm login

Logged in, you can npm publish and npm install private packages from your Gemfury account.

Combining Gemfury with default index

The repository only enables access to your packages, however, we also offer a blended-index proxy to allow you to install packages from both your Gemfury account and from the public index:

You can activate the blended repo by running these commands:

npm config set registry
npm login

When you install an individual package or a project’s dependencies, this endpoint will serve named packages from Gemfury, if available, falling back on the public index for those that are not found in your account.

Building and uploading packages

There are a few guides on the web about creating an npm package - they will work with Gemfury. Once you’ve configured your private registry and prepared your package, just publish as usual:

npm publish

Or you can use any of the other upload method, such as Git:

git remote add fury
git push fury master

Install packages via command-line

You can use your private Registry URL to install packages individually via the following command:

npm install my-module --registry

Install packages via package.json

Once you’ve configured npm to use your Gemfury account, specifying dependencies and installing packages from package.json is the same as usual. Remember to use the blended index to seamlessly mix public and private dependencies in your project.

Working with scoped packages

Uploading a scoped package to Gemfury is no different from a regular package. Once you’ve updated its package.json with the scoped name, you can push the package via the Dashboard, cURL, CLI or Git.

  "name": "@myorg/js-example"

Use the --scope option to configure a Gemfury-backed scope:

npm config set registry --scope=@myorg
npm login --scope=@myorg

Once you’re logged-in, you can publish and install packages from your scope:

npm install @myorg/js-example

And include them in your project’s dependencies:

  "dependencies": {
    "@myorg/js-example": ">=1.0.0"
Tip: the scope of your package does not need to match the account username.

Keep your privates private

To keep up with the best practices, it’s important to keep your Gemfury credentials out of your source code, particularly your project’s .npmrc and package.json files. Furthermore, we encourage each developer to use only individual credentials to access shared accounts.

When using Gemfury with npm, rather than placing your private Repo-URL in the configuration file, you can specify it via the environment without explicitly placing any secrets into your source code.


Thus, in production, you can use the facilities of your platform to define NPM_CONFIG_REGISTRY in a secure manner. While in development, each developer will use npm login to save their credentials in ~/.npmrc.

Fixing “Error: CERT_UNTRUSTED”

When installing from your Gemfury npm registry, you may see the following error:


This happens because legacy versions of npm trust only their own self-signed certificate. So despite being valid, our SSL certificate may raise this error by npm. To work around this issue, please run the following command:

npm config set ca ""
To keep your Gemfury registry secure, please do not disable SSL by switching to http://