Why use a private registry?
Regardless if you are looking for a place to host all your own packages and public packages in one place, reduce business risks, continuously want to monitor packages for vulnerabilities or license issues or require a dependency firewall - using a private registry is the right way to go.
There are different alternatives out there. The benefit of using a hosted service is that you can focus on your code and can get started without having to think of and plan for infrastructure, capacity management, maintenance and such things.
This post describes how you can set up a free private npm registry using Bytesafe in no time.
For me it’s important that the developer experience is great when using a new service. That translates into that the service needs to be well documented, that there is great support if I need it and most importantly that the service needs to be easy to understand and fast to get started. That is why we’ve developed Bytesafe. Btw, I am one of the founders.
How to set up a private registry with minimal effort?
Great! You’ve decided you need a private registry and want to get going. Follow these steps to get your own private registry using Bytesafe
Create workspace. First create your own workspace by signing up. Just select the workspace name that you would like to use. When you have created your account you can access your workspace by using the workspace name you’ve just create: https://<workspace>.bytesafe.dev
Sign in. Use your GitHub or Google login or sign in using email and password. Congratulations! You now have access to your first private registry called "default". It's ready to be used. Adding more registries is quick and easy!
Configure the npm client. Use the client you are used to (npm, yarn, pnpm) with your new private registry using login credentials from Bytesafe.
/* 1. Login to your registry. Credentials are stored in your local .npmrc file*/
$ npm --registry 'https://example.bytesafe.dev/r/default/' login
/* 2. Install your npm packages. Just point out the registry you want to use and install as you normally do*/
$ npm --registry 'https://example.bytesafe.dev/r/default/' install <package>
Don’t see your packages in the registry? You might need to force requests to bypass your local npm cache.
That's it!
Hope you'll enjoy your private registries. You have just added a layer of security with your first hosted private registry where packages are continuously scanned for vulnerabilities and license issues. Any issues will be seen in the Bytesafe Dashboard.
If you'd like to watch a video on how to work with secure private registries, then check out this post as well:
From here you can create more registries, enable plugins and policies to get the right level of control that you require and optionally you can invite new team members which is a premium feature (as you'll have free trial of the Teams plan).
If you’re interested in reading more about best practices, please visit the npm security best practices blog post with a downloadable cheat sheet, our blog or the docs.
Have any questions or suggestions on features that you would like to see? Comment below or contact us on Twitter @bytesafedev.
Want to know more about npm security best practices?
Creating your own Bytesafe workspace is the first step in improving on security. Here are the top 10 npm security best practices you should consider:
Top comments (4)
Great product. Please also consider creating/publishing a docker image that can be used to build and install node based containers in order to support a microservices/devops architecture
@goonerify I am glad you like it and thanks for your feedback regarding docker images! Adding support for more than npm packages in on the roadmap, but first we have a few more things we want to add to bring even more value to the npm ecosystem. 😃
BTW, we've just redesigned Bytesafe with a completely new UX + added new features. Be sure to check it out.
Are you thinking to create a market place for enterprise private packages?
Hey there and thanks for showing interest!
Our current focus is to continue building something that is more than just an ordinary package management tool. We aim to offer a service that provides infrastructure for packages and a “dependency firewall”, analysis and problem management within the same service.
This way you will not need to look elsewhere for securing dependencies, managing security, quality & licenses as well as tracking & remediating issues with your packages.
Your question regarding a market place is interesting and is something that we have discussed, but is currently not planned. Do you have a specific use case or thoughts you would like to share?
Also, if you would like to use Bytesafe for your Open Source projects, it's free! Just reach out to me.