Can npm be used AWS CodeArtifact for private packages, while all npm.org is used with public packages?
The docs read a bit like the developer is supposed to give over all "package registry duties" to AWS CodeArtifact. But I want to continue using npm.org for some packages.
Given a javascript app that uses private and public packages, can I setup npm/AWS so:
- privately scoped packages (my code) are pulled from AWS CodeArtifact, and
- publically scoped packages (e.g. lodash) are pulled npm.org?
I was also confused by this, but after much reading, aws codeartifact wants you to do a one to one mapping of public packages. What this means is if you want lodash from the public npm repository, you'll need to add it to your codeartifact repository. Luckily aws made this easy, there're 2 solutions to accomplish this
Solution 1:
Setup an upstream on your codeartifact repository to the npm registry.
This will automatically create a codeartifact repository named "npm-store", when you npm install public packages (after logging in of course) from your package.json it'll add packages not already installed on "npm-store", then your codeartifact repository (the one you upstreamed npm-store to) will download it from there, which will then be used in your build. You can also setup another upstream to say pypi on the same repository. Will work the same way
Solution 2:
Use associate-external-connection - there can only be one external connection per codeartifact repository. What you do is create a codeartifact repository, lets named it "my-external-repo". Now I could be wrong, but I dont see any place in the UI to set this up, but if you're using the aws cli you can run a command similar to this
aws codeartifact associate-external-connection \ --domain "my-org" --domain-owner "account-id" \ --repository "my-external-repo" --external-connection public:npmjs
Then set "my-external-repo" as an upstream to your codeartifact repositories that'll use public npm packages. Now when you npm install (after logging in of course), public packages not on "my-external-repo" will be added, then the various repositories you upstreamed "my-external-repo" to will download the packages