GitHub Community
Replies: 0 comments 4 replies
-
|
hey @arcanis thanks for bringing this up. Documentation of the registry API surface is definitely something I myself had asked for many moons ago around the time the doc you referred to was written. I've pinged the registry team and @ethomson to discuss what next steps here could look like. |
Beta Was this translation helpful? Give feedback.
-
|
I maintain a private registry and would like to support npm's security endpoints |
Beta Was this translation helpful? Give feedback.
-
|
If folks are looking for answers now, here is what I found a bit ago: https://github.com/unifiedjs/npm-tools/blob/main/npm.md. And: seconded, would indeed be good to have official docs! |
Beta Was this translation helpful? Give feedback.
-
|
I think this will ultimately go hand in hand with doing npm/feedback#46 |
Beta Was this translation helpful? Give feedback.
-
The npm registry endpoints are fairly opaque: the last doc that can be found on the topic is here, and it's not the most comprehensive one. While reverse engineering can usually work, some formal documentation would be nice.
I thought about this in large part because of the audit endpoint. Not only it is undocumented, its payload is connected to the tree that npm builds in memory, making it annoying to generate for other clients (but that can be the subject of a separate topic), and difficult to implement for other security providers.
Beta Was this translation helpful? Give feedback.
All reactions