At some point most people are going to want to host their own javascript modules in a private repository. Unfortunately npm was never really designed to support multiple repositories like maven does. Fortunately there are good options to do this for hosted private npm modules.

In past years I would have recommended using Sinopia, or something like Nodejitsu. In two years the landscape has changed quite a bit and there are better alternatives now.

While you can pay npm, Inc (i.e. npm the company) $7/month to host your private packages, my recommendation would be to host Nexus 3 yourself. It provides all the functionality of NPM, while giving you more control and flexibility over how you would like to host your private npm modules.

The easiest way to get started is to use the docker image that Sonatype provides. Using the AWS Container Service you’re looking at somewhere between $10-$30/month for hosting depending on your scaling needs.

Whether you use docker, or just download and run the binaries on a server yourself, remember to explicitly store your data somewhere besides the default data directory. Your future upgrade path to newer releases will be much simpler that way.

As for setting up Nexus for npm, the manual is very easy to follow, so I won’t repeat the steps here. It takes about 5-10 minutes to go though the steps of setting up a proxy and hosted repository behind an npm group.

Here are a few tips that will help you avoid common mistakes:

  • In the Nexus Admin UI go to Security -> Realms and add the npm Bearer Token Realm to the active list. Authentication won’t work without it and you won’t be able to pubish packages.
  • When using npm login to get auth credentials set, remember to use your hosted url, not the group or proxy.
  • Remember to set a publishConfig block in your package.json. This will prevent you from accidentally publishing a private package to the public npm registry. Remember to use your hosted url for the registry.