Secure, efficient private npm registries with Cloudsmith and Deno
In Deno 1.44, we landed private npm registry support to allow development teams to easily share internal modules. Managing npm registries — private or public — presents challenges such as security vulnerabilities, lack of visibility into package usage, and availabilities.
Which is why we’re thrilled to announce support for using npm registries with Cloudsmith, a secure, cloud-native artifact management platform. Cloudsmith offers secure, controlled, and efficient package management for all formats including private in-house modules and public npm packages.
Why Cloudsmith?
Cloudsmith offers a powerful solution for managing npm packages, whether private or sourced from public registries. Here are some reasons to consider Cloudsmith:
- Enhanced Security: Cloudsmith not only permits authorized users to access your npm packages, but also verifies and scans every npm package in your project for security and compliance threats.
- Visibility: Cloudsmith provides full transparency into all packages used in your projects, letting you track, audit, and manage all dependencies.
- Efficiency: Cloudsmith’s caching speeds up builds and ensures your projects are not dependent on the availability of public registries.
Cloudsmith makes it simple to securely manage your software supply chain, leading to faster development cycles, more reliable deployments, and greater peace of mind.
Managing a Private Module with Cloudsmith
Here’s how to manage private modules using Cloudsmith.
1. Setup your Cloudsmith repository
First, create a private repository in Cloudsmith to store your npm modules.
2. Create and publish your npm module
Create your npm module and publish it to your Cloudsmith repository. For
example, if you have a module called my-fave-npm-package
, you can publish it
with npm:
npm publish --registry https://npm.cloudsmith.io/ciara-demo/npm-repo
3. Configure Deno to use your private npm registry
Create a .npmrc
file to point to your Cloudsmith repo with the necessary
authentication:
@cloudsmith:registry=https://npm.cloudsmith.io/YOUR_ORG/YOUR_REPO
///npm.cloudsmith.io/YOUR_ORG/YOUR_REPO/:_authoToken=YOUR_TOKEN_HERE
- Replace
YOUR_TOKEN_HERE
with your Cloudsmith API key or entitlement token - Replace
YOUR_ORG
with your Cloudsmith organization - Replace
YOUR_REPO
with your Cloudsmith repository
Next, configure your deno.json
file to import your private module:
{
"imports": {
"@cloudsmith/my-fave-npm-package": "npm:my-fave-npm-package@1.0.0"
}
}
4. Use your private module in Deno
In your main.ts
file, you can import and use the private module:
import helloWorld from "@cloudsmith/my-fave-npm-package";
console.log(helloWorld());
5. Run your Deno project
You can run your project:
deno run --allow-net main.ts
And there you have it — your project is now pulling private modules from Cloudsmith!
What’s next
There are many other ways to use Cloudsmith with Deno. A more advanced use case would be to pull public npm modules into your secure Cloudsmith repository using their upstream proxies, which allows Cloudsmith to scan, vet, and cache your dependencies in one place.
🚨️ Deno 2 is right around the corner 🚨️
You can install the Deno 2 Release Candidate today by using
deno upgrade rc
or theDENO_FUTURE=1
environment variable.For details on breaking changes between 1.x and 2, please refer to our migration guide.