Installing private npm modules

Once you have signed up for a Gemfury account and uploaded a few npm packages, you can install them via command-line or as package.json dependencies.

Setting up your npm registry

To start using your npm registry, you will need to update your npm config:

npm config set registry https://npm.fury.io/USERNAME/

It is important to include a trailing slash in the registry URL, otherwise npm may have trouble connecting to your Gemfury registry.

At this point, you can start to npm install public packages from your account.

To publish and install private packages, you will first authenticate with your Gemfury credentials:

npm login

Once logged in, you can npm publish and npm install private packages from your Gemfury account.

Combining Gemfury with default index

The npm.fury.io repository only enables access to your packages, however, we also offer a blended-index proxy to allow you to install packages from both your Gemfury account and from the public index:

https://npm-proxy.fury.io/USERNAME/

You can activate the blended repo by running these commands:

npm config set registry https://npm-proxy.fury.io/USERNAME/
npm login

It is important to include a trailing slash in the registry URL, otherwise npm may have trouble connecting to your Gemfury registry.

When you install an individual package or a project’s dependencies, if available, this endpoint will serve named packages from your Gemfury account, and falling back on the public index (https://registry.npmjs.org/) for those that are not found.

Building and uploading packages

There are a few guides on the web about creating an npm package - they will work with Gemfury.

Once you have configured npm to work with your private registry and prepared your package, just publish as usual:

npm publish

Or you can use any of the other upload method, such as Git:

git remote add fury https://git.fury.io/username/pkg-name.git
git push fury master

Install packages via command-line

You can use your Registry URL to install packages individually. First, you need to configure npm authentication to enable access to your private packages.

To configure it manually, append the following line to ~/.npmrc:

//npm.fury.io/USERNAME/:_authToken=SECRET-TOKEN

Or use the CLI and enter your Gemfury credentials:

npm login --registry https://npm.fury.io/USERNAME/

You can now install individual packages by running:

npm install my-module --registry https://npm.fury.io/USERNAME/

Install packages via package.json

Once you have configured npm to use your Gemfury account, specifying dependencies and installing packages from package.json is the same as usual.

Remember to use the blended index to seamlessly mix public and private dependencies in your project.

Working with scoped packages

Uploading a scoped package to Gemfury is no different from a regular package. Once you’ve updated its package.json with the scoped name, you can push the package via the Dashboard, cURL, CLI or Git.

{
  "name": "@myorg/js-example"
}

Use the --scope option to configure a Gemfury-backed scope:

npm config set registry https://npm.fury.io/USERNAME/ --scope=@myorg
npm login --scope=@myorg

Once you’re logged-in, you can publish and install packages from your scope:

npm install @myorg/js-example

And include them in your project’s dependencies:

{
  "dependencies": {
    "@myorg/js-example": ">=1.0.0"
  }
}
Tip: the scope of your package does not need to match the account username.

Keep your privates private

To keep up with the best practices, it’s important to keep your Gemfury credentials out of your source code, particularly your project’s .npmrc, package.json, and package-lock.json files. Furthermore, we encourage each developer to use only individual credentials to access shared accounts.

Rather than explicitly placing your authentication token in the .npmrc configuration file, you can use an environment variable as a placeholder, and npm will expand the variable at runtime.

In this case, you will append the following to your .npmrc:

//npm-proxy.fury.io/USERNAME/:_authToken=${FURY_AUTH}

You can then authenticate via the environment when running npm commands:

FURY_AUTH="5f..03C" npm install

Thus, in production, you can use the facilities of your platform to define FURY_AUTH in a secure manner. While in development, each developer can set FURY_AUTH to their personal token in their shell startup file.

Fixing “Error: CERT_UNTRUSTED”

When installing from your Gemfury npm registry, you may see the following error:

npm ERR! Error: CERT_UNTRUSTED

This happens because legacy versions of npm trust only their own self-signed certificate. So despite being valid, our SSL certificate may raise this error by npm. To work around this issue, please run the following command:

npm config set ca ""

To keep your Gemfury registry secure, please do not disable SSL by switching to http://