Nexus Repository Manager for npm

Overview

Feature availability This feature is available with Enterprise plans. See pricing plans for more details.
Snyk can use Nexus Repository Manager with npm and Yarn projects imported from Git.
This enables Snyk to regenerate lockfiles with the correct URLs when creating Pull/Merge Requests.
You can add configuration to tell Snyk where your private Nexus Repository Manager Node.js packages are hosted and what scope they are under.
This is the same information you would normally add in your .yarnrc or .npmrc
This guide is relevant for Snyk Web UI integrations only, the Snyk CLI already supports Yarn and npm projects with private Nexus Repository Manager registries.

JavaScript Language Settings

Go to settings
> Languages > JavaScript and either the npm or yarn settings depending on your project types.
If you have not previously connected to Nexus Repository Manager you will be asked to configure an integration first, see Nexus Repository Manager setup
Now follow the steps below, according to your version of Nexus.
Nexus 3
Nexus 2
  1. 1.
    Select “Add registry configuration”
  2. 2.
    Select "Nexus" as the Package source
  3. 3.
    If you want to configure this registry as default registry url, then leave scope blank.
  4. 4.
    If you want to configure only scoped packages to use this registry then add a scope.
  5. 5.
    If you want to add a mix of default registry url and scoped packages, add multiple configurations - one for the default and one per scope.
  6. 6.
    The Repository section should be set as whatever comes after repository/ in the internal repository URL. For example if the URL is http://nexus.company.io/repository/npm-group, Repository should be set as npm-group
  7. 7.
    When you have added all the registries and scopes you want, click Update settings.
  1. 1.
    Select “Add registry configuration”
  2. 2.
    Select "Nexus" as the Package source
  3. 3.
    If you want to configure this registry as default registry url, then leave scope blank.
  4. 4.
    If you want to configure only scoped packages to use this registry then add a scope.
  5. 5.
    If you want to add a mix of default registry url and scoped packages, add multiple configurations - one for the default and one per scope.
  6. 6.
    The Repository section should be set as whatever comes after nexus/content/ in the internal repository URL. For example if the URL is http://nexus.company.io/nexus/content/groups/npm-group, Repository should be set as groups/npm-group . Or http://nexus.company.io/nexus/content/repositories/npm-hosted, Repository should be set as repositories/npm-hosted
  7. 7.
    When you have added all the registries and scopes you want, click Update settings.

Test it out

Open a Pull/Merge Request on a project that contains private dependencies that are hosted in Nexus to see a lockfile updated and included in the Snyk Fix Pull Request with the correct URL to your repository.
Export as PDF
Copy link
Edit on GitHub