# ssb-npm-registry Serve an npm registry server backed by SSB. ## Install As a scuttlebot plugin: ``` git clone ssb://#ssb-npm-registry ~/.ssb/node_modules/ssb-npm-registry sbot plugins.enable ssb-npm-registry # restart sbot ``` Or run standalone with [ssb-party](%bS/WGqQrhQfH8eoyWieK+9M56DjJ8Q4ulkvb6sXZwPo=.sha256): ``` git clone ssb://#ssb-npm-registry ssb-party \#ssb-npm-registry ``` To make bootstrapping easier, this module does not `require()` any external modules, so you do not have to run `npm install` on it. Set ssb-npm-registry as your default registry server: ``` npm config set registry http://localhost:8043 ``` ## Config `~/.ssb/config` example: ``` { "npm": { "host": "localhost", "port": 8043, "autoAuth": true } } ``` - `config.npm.host`: hostname to listen on. default is "localhost" - `config.npm.port`: hostname to listen on. default is 8043 - `config.npm.autoAuth`: whether to automatically update `~/.npmrc` to add auth information for the server which the npm client expects. default is `true`. ## API ``` var Registry = require('ssb-npm-registry') ``` ### `var serve = Registry.respond(sbot, config)` Embed ssb-npm-registry into other applications using the `respond` method which returns a `(req, res)` HTTP handler function, which can be passed to a HTTP server: ``` var server = require('http').createServer(serve) ``` When using this method, the config properties `npm.host`, `npm.port` and `npm.autoAuth` do not have an effect, and `~/.npmrc` is not modified. ### `Registry.publishPkgMentions(sbot, mentions, cb(err, msgs))` Publish the given npm package mentions as one or more messages ## Routes In addition to the npm registry routes, ssb-npm-registry's web server (and `respond` method) serve the following additional routes: ### `/-/prebuild/:name` - Prebuild blobs `name` should be the name of a blob in the format `{name}-v{version}-{runtime}-v{abi}-{platform}{libc}-{arch}.tar.gz`. This route looks up mentions for blobs with the given name prefixed by `"prebuild:"`. If the name maps to exactly one blob, the route redirects to the local ssb-ws URL for that blob. Example: - npm installs leveldown v1.9.0 on node v57 on linux, arm - [`prebuild-install`][] fetches `http://localhost:8043/-/prebuild/leveldown-v1.9.0-node-v57-linux-arm.tar.gz` - `ssb-npm-registry` queries mentions of name `prebuild:leveldown-v1.9.0-node-v57-linux-arm.tar.gz` and then redirects to `http://localhost:8989/blobs/get/&wSehVYRREEqZhZgpMk82CHcXVNcPqXDacgj3Tit7TMc=.sha256` [`prebuild-install`]: https://github.com/prebuild/prebuild-install ## Bootstrapping This plugin includes a script for securely bootstrapping an npm-installation of scuttlebot from your machine to a peer's machine. Steps for bootstrapping: - Find your local IP. - In your web browser, go to your IP, port 8043 (or other port, if you set `config.npm.port`). - Click the "bootstrap" link. - Send that URL to your peer. - Check that your peer sees the same hash on the bootstrap page as you do. - While you are still online, have your peer run the script on that page. - When your peer's sbot is running, verify that they have the same hash at their `http://localhost:8043/bootstrap` page. - Proceed with gossip/pub onboarding. Note about prebuilds: the bootstrap npm registry server script serves prebuilds as blobs from your npm prebuilds cache directory at `~/.npm/_prebuilds/`. Therefore, if you use the bootstrap script to install scuttlebot to a machine with a different architecture or node API, it might not fetch all of the host's prebuilds. In this case, the new node may have to compile modules, and it may result in a different bootstrap hash from the node that served the bootstrap sript. ## License Copyright (C) 2017 Secure Scuttlebutt Consortium This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. You should have received a copy of the GNU Affero General Public License along with this program. If not, see .