For NPM packages, the dependency firewall proxies the available package metadata but not the package content. In the returned metadata, the tarball location is pointing at the regular registry.npmjs.org location. If you don't set replace-registry-host, the default value of 'registry.npmjs.org' will cause the NPM CLI to "fix" the URL that we intentionally didn't change, resulting in 404 errors when trying to download the package.
Checklist
[ ] Does this PR have an associated issue (i.e., closes #<issueNum> in description above)?
[ ] Have you ensured that you have met the expected acceptance criteria?
For NPM packages, the dependency firewall proxies the available package metadata but not the package content. In the returned metadata, the tarball location is pointing at the regular registry.npmjs.org location. If you don't set
replace-registry-host
, the default value of'registry.npmjs.org'
will cause the NPM CLI to "fix" the URL that we intentionally didn't change, resulting in 404 errors when trying to download the package.Checklist
closes #<issueNum>
in description above)?