Use npm Registry to Restric Installing Client

Background

npm and yarn are not sharing lock file. A lock file is necessary for maintaining the stability of the project.

How can we make sure the developers are using the same client in our project?

Some approaches make use of preinstall hook. See:

But this is not working when the project is an npm package. When an npm package publishing, npm publish will invoke preinstall hook too.

Custom npm registry

Maybe we can do it by custom npm registry.

See npm-registry-proxy for source codes.

We can add registry="https://npm-registry-proxy.vivaxy.now.sh/yarn/https%3A%2F%2Fregistry.npmjs.org%2F/" to .npmrc.

Result

In project .npmrc, we have registry="https://npm-registry-proxy.vivaxy.now.sh/yarn/https%3A%2F%2Fregistry.npmjs.org%2F/".

It works fine. But when we publishing packages, PUT requests are not successfully forwarded to the target registry. It does not apply to npm packages as well.