undefined | Better HN

0 pointscratermoon5y ago0 comments

We have a private local package repo at my company. Some developers set up their npm registry, or had it set up for them, with registry=https://.. Others have registry=http://...

Regardless of whether or not Strict-Transport-Security is enabled on the server, npm will still record the protocol as-is in the package-lock.json file.

Half the time a PR will include a package-lock.json with every "resolved" field having the protocol gratuitously changed to the other protocol.

0 comments

janaagaard5y ago

We have a pretty similar issue at work where our package-lock file switches URLs between npmjs.com and our own npm registry. Can you elaborate a bit on what the issue is and how to solve it?

lhorie5y ago

The issue is that some developers have configured the registry field in their .npmrc file incorrectly. Ideally, sending out a memo telling everyone to fix it should do it. If not, one way to fix it is to commit the .npmrc with the correct configuration (assuming it doesn't include secrets). If all else fails, an ugly hack is to make a preinstall hook that fixes the .npmrc file.

twobuy5y ago

This is likely referring to the .npmrc registry field.

cratermoonOP5y ago

Yep.

bluefirebrand5y ago

This seems like a problem that could be solved with one email.

cratermoonOP5y ago

I think the story we're all commenting on demonstrates how unlikely a single email is going to fix it.

j / k navigate · click thread line to collapse

0 comments

janaagaard5y ago

We have a pretty similar issue at work where our package-lock file switches URLs between npmjs.com and our own npm registry. Can you elaborate a bit on what the issue is and how to solve it?

lhorie5y ago

twobuy5y ago

This is likely referring to the .npmrc registry field.

cratermoonOP5y ago

Yep.

bluefirebrand5y ago

This seems like a problem that could be solved with one email.

cratermoonOP5y ago

I think the story we're all commenting on demonstrates how unlikely a single email is going to fix it.

j / k navigate · click thread line to collapse