Use packages from npmjs.com

Azure DevOps Services | Azure DevOps Server 2020 | Azure DevOps Server 2019 | TFS 2018

The npm client is designed to work with a single primary registry (what Azure Artifacts calls a feed). It also supports secondary scoped registries. Scoped registries can only be used to install packages whose names begin with the scope prefix, so their usage is more restrictive. If you want to use both private packages you've created and public packages from npmjs.com, we recommend using upstream sources.

The npmjs.com upstream source allows you to merge the contents of npmjs.com into your feed such that the npm client can install packages from both locations. Enabling upstream sources also automatically enables saving of packages you use from the upstream source. This is the recommended way to use Azure Artifacts with npm. Upstreams give you the most flexibility to use a combination of scoped- and non-scoped packages in your feed, as well as scoped- and non-scoped packages from npmjs.com.

Enable npmjs.com as an upstream

You can use npmjs.com as an upstream source with new and existing feeds.

On a new feed

  • Create a new feed. Make sure you check the Include packages from common public sources checkbox.

    Screenshot showing how to enable upstream sources

On an existing feed

  1. Select Artifacts, and then select your feed.

  2. Navigate to Feed settings by selecting the gear icon gear icon button.

  3. Select Upstream sources, and then select Add Upstream.

    A screenshot showing how to add an upstream source

  4. Select Public source, and then select npmjs from the dropdown menu.

  5. Select Save when you are done.

  6. Select Save to save your changes.

    A screenshot showing how to save changes in upstream sources

Filter to saved packages

You can view the packages you saved from upstreams by selecting your Source from the dropdown menu.

Screenshot of the filtered npm packages

Screenshot of the filtered npm packages in TFS

Scopes

Using scopes instead of upstream sources limit your private package consumption to those with the @scope prefix e.g. @fabrikam/core but enable you to consume public packages directly from npmjs.com, see npm scopes for more details.