Managing npm packages

This page describes the following tasks:

  • Viewing and deleting packages and package versions
  • Viewing, creating, updating, and deleting tags

Package management is in alpha. It is only available to alpha users, and might not include all features available for container management. To apply for the alpha, complete the sign up form.

Before you begin

  1. If the target repository does not exist, create a new repository.
  2. Verify that you have the required permissions for the repository.
  3. Configure authentication for npm.
  4. (Optional) Configure defaults for gcloud commands.

Adding packages

You can only publish a specific version of a package once. This is an npm restriction to ensure that the contents of a published package version are always the same. As a result, you cannot:

  • Overwrite a package version by publishing it again to the repository
  • Remove a package or its version from the repository, and then publish a package with the same name and version number

To add a package:

  1. Refresh the access token for connecting to the repository. google-artifactregistry-auth is a client library that updates credentials for Artifact Registry repositories.

    To refresh credentials, use one of these options:

    • Use npx directly to refresh the access token. If you are using npm 5.2.0 or newer, it is included with npm.

      1. Ensure that credentials for connecting to the public npm registry are in your user npm configuration file, ~/.npmrc.

      2. Run the following command in the folder above your npm project.

      npx google-artifactregistry-auth PROJECT-NPMRC

      Where PROJECT-NPMRC is the path to the .npmrc file in your project directory.

      You must run the command outside of your project directory so that npx uses your public npm registry credentials in ~/.npmrc to download google-artifactregistry-auth.

    • Add a script to the package.json file in your project.

      "scripts": {
  "artifactregistry-login": "npx google-artifactregistry-auth"
}

      npm run artifactregistry-login PROJECT-NPMRC --registry https://registry.npmjs.org/

      Where PROJECT-NPMRC is the path to the .npmrc file in your project directory.

    • For versions of npm older than 5.2.0, perform the following steps:

      1. Run the command:
      npm install google-artifactregistry-auth --save-dev --registry https://registry.npmjs.org/
      1. Add it to an authentication script:
      "scripts": {
    "artifactregistry-login": "./node_modules/.bin/artifactregistry-auth",
}

      Run the script

      npm run artifactregistry-login PROJECT-NPMRC

      Where PROJECT-NPMRC is the path to the .npmrc file in your project directory.

  2. Add packages to the repository. You can use npm commands and yarn commands to add packages or to get package information.

    Use the appropriate command:

    • npm - npm publish, npm install, and npm view
    • yarn - yarn publish, yarn add, and yarn info

Viewing packages and versions

To view packages and package versions using the Google Cloud Console or gcloud:

Console

  1. Open the Repositories page in the Google Cloud Console.

    Open the Repositories page

  2. In the repository list, click the appropriate repository.

    The Packages page lists the packages in the repository.

  3. Click a package to view versions of the package.

gcloud

To list packages in a repository, run the following command:

gcloud beta artifacts packages list [--repository=REPOSITORY] [--location=LOCATION]

Where

  • REPOSITORY is the name of the repository. If you configured a default repository, you can omit this flag to use the default.
  • LOCATION is a regional or multi-regional location. Use this flag to view repositories in a specific location. If you configured a default location, you can omit this flag to use the default.

To view versions of a package, run the following command:

gcloud beta artifacts versions list --package=PACKAGE [--repository=REPOSITORY] [--location=LOCATION]

Where

  • PACKAGE is the ID of the package or fully qualified identifier for the package.
  • REPOSITORY is the name of the repository. If you configured a default repository, you can omit this flag to use the default.
  • LOCATION is a regional or multi-regional location. Use this flag to view repositories in a specific location. If you configured a default location, you can omit this flag to use the default.

Tagging packages

You can view, add, update, and delete tags.

Viewing tags

To view tags for a package:

Console

  1. Open the Repositories page in the Cloud Console.

    Open the Repositories page

  2. Click the package to view versions and the associated tags.

  3. Select the package version to tag.

  4. In the row of the selected version, click More actions (More actions), and then click Edit tags.

  5. Type new tags into the field and then click SAVE.

gcloud

Run the command:

gcloud beta artifacts tags list --package=PACKAGE \
[--repository=REPOSITORY] [--location=LOCATION]

Where

  • PACKAGE is the name of the package in the repository.
  • REPOSITORY is the name of the repository. If you configured a default repository, you can omit this flag to use the default.
  • LOCATION is a regional or multi-regional location. Use this flag to view repositories in a specific location. If you configured a default location, you can omit this flag to use the default.

For example, to view tags for the package my-package in the repository my-repo in the default location, run the command:

gcloud beta artifacts tags list --package=my-pkg --repository=my-repo

Creating tags

You can create a tag for a specific version of a package.

To tag an existing image in a repository:

Console

  1. Open the Repositories page in the Cloud Console.

    Open the Repositories page

  2. Click the package to view versions of the package.

  3. Select the package version to tag.

  4. In the row of the selected version, click More actions (More actions), and then click Edit tags.

  5. Type new tags into the field and then click SAVE.

gcloud

Run the following command:

gcloud beta artifacts tags create TAG --package=PACKAGE \
version=VERSION [--location=LOCATION] [--repository=REPOSITORY]

Where

  • TAG is the tag you want to apply to the package.
  • PACKAGE is the name of the package in the repository.
  • VERSION is version of the package that you want to tag.
  • LOCATION is a regional or multi-regional location. Use this flag to view repositories in a specific location. If you configured a default location, you can omit this flag to use the default.
  • REPOSITORY is the name of the repository. If you configured a default repository, you can omit this flag to use the default.

For example, to create the tag release-candidate for version 1.0.0 of package my-package in the repository my-repo in the default location, run the command:

gcloud beta artifacts tags create release-candidate --version=1.0.0 \
--package=my-pkg --repository=my-repo

Updating tags

You can change a tag associated with a package version.

To change an existing tag:

Console

  1. Open the Repositories page in the Cloud Console.

    Open the Repositories page

  2. Click the package to view versions of the package.

  3. Select the package version with the tag to change.

  4. In the row of the selected version, click More actions (More actions), and then click Edit tags.

  5. Edit the tag and then click SAVE.

gcloud

Run the following command:

gcloud beta artifacts tags update TAG --package=PACKAGE \
version=VERSION [--location=LOCATION] [--repository=REPOSITORY]

Where

  • TAG is the tag you want to apply to the package.
  • PACKAGE is the name of the package in the repository.
  • VERSION is version of the package that you want to tag.
  • LOCATION is a regional or multi-regional location. Use this flag to view repositories in a specific location. If you configured a default location, you can omit this flag to use the default.
  • REPOSITORY is the name of the repository. If you configured a default repository, you can omit this flag to use the default.

For example, to change the tag for version 1.0.0 of package my-package to production in the repository my-repo in the default location, run the command:

gcloud beta artifacts tags update production --version=1.0.0 \
--package=my-pkg --repository=my-repo

Untagging package versions

You can remove an existing tag from a package version.

To remove a tag:

Console

  1. Open the Repositories page in the Cloud Console.

    Open the Repositories page

  2. Click the image to view versions of the image.

  3. Select the image version to untag.

  4. In the row of the selected version, click More actions (More actions), and then click Edit tags.

  5. Delete the tag and then click SAVE.

gcloud

Run the following command:

gcloud beta artifacts tags delete TAG --package=PACKAGE \
[--location=LOCATION] [--repository=REPOSITORY]

Where

  • TAG is the tag you want to apply to the package.
  • PACKAGE is the name of the package in the repository.
  • LOCATION is a regional or multi-regional location. Use this flag to view repositories in a specific location. If you configured a default location, you can omit this flag to use the default.
  • REPOSITORY is the name of the repository. If you configured a default repository, you can omit this flag to use the default.

For example, to remove the tag release-candidate from package my-package in the repository my-repo in the default location, run the command:

gcloud beta artifacts tags delete release-candidate --package=my-pkg \
--repository=my-repo

Installing packages

To install a package from the npm repository, use the npm install command.

For unscoped packages, run the command:

npm install PACKAGE

For scoped packages, include the scope in the command:

npm install @SCOPE/PACKAGE

Where

  • SCOPE is the scope associated with the repository
  • PACKAGE is the name of the package in the repository

Deleting packages

Before you delete a package or package version, verify that any you have communicated or addressed any important dependencies on it.

After a package version is published, you cannot republish a package with the same name and version combination, even after deleting the version. This is an npm restriction to ensure that the contents of a published package version are always the same.

If you want to encourage users to install an updated package version, use the npm deprecate command to mark the old version of the package as deprecated. When a user tries to install the deprecated package, Artifact Registry returns a deprecation warning.

To delete a package:

Console

  1. Open the Repositories page in the Google Cloud Console.

    Open the Repositories page

  2. In the repository list, click the appropriate repository.

    The Packages page lists the packages in the repository.

  3. Select the package that you want to delete.

  4. Click DELETE.

  5. In the confirmation dialog box, click DELETE.

gcloud

Run the following command:

gcloud beta artifacts packages delete PACKAGE \
[--repository=REPOSITORY] [--location=LOCATION] [--async]

Where

  • REPOSITORY is the name of the repository. If you configured a default repository, you can omit this flag to use the default.
  • LOCATION is a regional or multi-regional location. Use this flag to view repositories in a specific location. If you configured a default location, you can omit this flag to use the default.
  • --async Return immediately, without waiting for the operation in progress to complete.

To delete versions of a package:

Console

  1. Open the Repositories page in the Google Cloud Console.

    Open the Repositories page

  2. In the repository list, click the appropriate repository.

    The Packages page lists the packages in the repository.

  3. Click a package to view versions of that package.

  4. Select versions that you want to delete.

  5. Click DELETE.

  6. In the confirmation dialog box, click DELETE.

gcloud

Run the following command:

gcloud beta artifacts versions delete VERSION \
[--repository=REPOSITORY] [--location=LOCATION] [--async]

Where

  • REPOSITORY is the name of the repository. If you configured a default repository, you can omit this flag to use the default.
  • LOCATION is a regional or multi-regional location. Use this flag to view repositories in a specific location. If you configured a default location, you can omit this flag to use the default.
  • --async returns immediately, without waiting for the operation in progress to complete.

What's next