Secure, efficient private npm registries with Cloudsmith and Deno

In Deno 1.44, we landed private npm registry support to allow development teams to easily share internal modules. Managing npm registries — private or public — presents challenges such as security vulnerabilities, lack of visibility into package usage, and availabilities.

Which is why we’re thrilled to announce support for using npm registries with Cloudsmith, a secure, cloud-native artifact management platform. Cloudsmith offers secure, controlled, and efficient package management for all formats including private in-house modules and public npm packages.

Why Cloudsmith?

Cloudsmith offers a powerful solution for managing npm packages, whether private or sourced from public registries. Here are some reasons to consider Cloudsmith:

• Enhanced Security: Cloudsmith not only permits authorized users to access your npm packages, but also verifies and scans every npm package in your project for security and compliance threats.
• Visibility: Cloudsmith provides full transparency into all packages used in your projects, letting you track, audit, and manage all dependencies.
• Efficiency: Cloudsmith’s caching speeds up builds and ensures your projects are not dependent on the availability of public registries.

Cloudsmith makes it simple to securely manage your software supply chain, leading to faster development cycles, more reliable deployments, and greater peace of mind.

Managing a Private Module with Cloudsmith

Here’s how to manage private modules using Cloudsmith.

1. Setup your Cloudsmith repository

First, create a private repository in Cloudsmith to store your npm modules.

2. Create and publish your npm module

Create your npm module and publish it to your Cloudsmith repository. For example, if you have a module called my-fave-npm-package, you can publish it with npm:

npm publish --registry https://npm.cloudsmith.io/ciara-demo/npm-repo

3. Configure Deno to use your private npm registry

Create a .npmrc file to point to your Cloudsmith repo with the necessary authentication:

@cloudsmith:registry=https://npm.cloudsmith.io/YOUR_ORG/YOUR_REPO
///npm.cloudsmith.io/YOUR_ORG/YOUR_REPO/:_authoToken=YOUR_TOKEN_HERE

• Replace YOUR_TOKEN_HERE with your Cloudsmith API key or entitlement token
• Replace YOUR_ORG with your Cloudsmith organization
• Replace YOUR_REPO with your Cloudsmith repository

Next, configure your deno.json file to import your private module:

{
  "imports": {
    "@cloudsmith/my-fave-npm-package": "npm:[email protected]"
  }
}

4. Use your private module in Deno

In your main.ts file, you can import and use the private module:

import helloWorld from "@cloudsmith/my-fave-npm-package";
console.log(helloWorld());

5. Run your Deno project

You can run your project:

deno run --allow-net main.ts

And there you have it — your project is now pulling private modules from Cloudsmith!

What’s next

There are many other ways to use Cloudsmith with Deno. A more advanced use case would be to pull public npm modules into your secure Cloudsmith repository using their upstream proxies, which allows Cloudsmith to scan, vet, and cache your dependencies in one place.

🚨️ Deno 2 is right around the corner 🚨️

You can install the Deno 2 Release Candidate today by using deno upgrade rc or the DENO_FUTURE=1 environment variable.

For details on breaking changes between 1.x and 2, please refer to our migration guide.