In this article we will look at the pros and cons of these two ways of publishing and sharing our private packages.

Npm Private

Npm private is a service offered by npm in which it is possible to publish packages privately. Thus, it is possible to control the read and write access (update in the case) of our packages.

Requirements

• Create a npm account organization

• Update to a paid organization plan (currently - the price is 7 euros per member per month )

• Login into your user organization account using command line (run npm login)

Pros

The main advantage lies in the simplicity of the setup. Register, publish, and consume. The workflow is similar to that of a public package with the exception of having to login (just once).

Cons

The main disadvantages are two: the price and the services decentralization.

The price, being 7 euros per member, per month, represents a high amount at the end of the month for the usefulness that it would have for your team.

Decentralization can be a problem in case your team is already using aws services. The option for the npm private would make it necessary to duplicate control by having a billing and access control system specific to this service.

AWS CodeArtifact

CodeArtifact is a service offered by aws that allows you to have a private repository of artifacts (packages). In short, it allows you to do the same as private npm.

Requirements

• Create a aws account

• Install aws cli

• Provision an IAM User

• Inside CodeArtifact service console create domain and a repo

• Modify client app’s package.json and indirectly .npmrc (npm configuration file in your machine).

For more info about how to consume packages in your app from code artifact go here and to know what happens under the hood go here .

Pros

The main advantage of this tool relates to the centralization of resources and the price.

Regarding centralization, if your team is already using aws, the use of this tool allows you to maintain centralized access control and billing.

Regarding the price, the service does not have a fixed cost, basing its price mainly on two factors (on monthly basis): storage and requests. There is also a free tier for these two components, which means that your team could have the storage of their packages for free.

Cons

As the main disadvantage to the service, the service can be considered complex and intrusive.

The service is complex because it involves getting used to aws, and because the service architecture itself causes duplication in the storage of packages. For more detail here.

Likewise, the service becomes very intrusive because it requires codeArtifact to replace npm in everything that concerns the consumption of packages (even if they are public).

Whenever we run npm install, our npm will target codeartifact, our .npmrc registry will change . If the code artifact does not have the package, it will be fetched at npm. Subsequently, the package will be saved in codeArtifact (twice) - once in the npm store - repo that has a connection with npm and in our private repository that only has connection with the npm store. For more detail check.

Conclusion

• The AWS Code Artifact service will work if your team already uses aws and / our your team wants to publish and share your private packages very cheaply (or even for free). Also, the probable complexity of implementing the solution does not represent a problem.

• The Npm private service should be your choice if your team wants a simple solution to implement and the price is not a problem.