Cache packages requested from the npm public registry

Problem to solve

Currently, when a package is requested from the GitLab registry and not found, the request is forwarded, by default, to the public npm registry. If the package is found, it will be downloaded.

However, we do not currently cache recently downloaded packages for future use. This would help improve reliability, by ensuring that a version of the package is available when the public registry is down. In addition, it would help drive faster builds.

Intended users

• Delaney (Development Team Lead)
• Sasha (Software Developer)
• Devon (DevOps Engineer)
• Sidney (Systems Administrator)

User experience goal

As this feature will only be enabling the cache, the user experience goal will be zero degradation in performance and experience when fetching packages from npmjs.com.

Proposal

When a package is downloaded through the Dependency Proxy, it will be cached and stored for 30-days. If a dependency in the cache has not been accessed in the past 30-days, it will automatically be removed.

Further details

Permissions and Security

• There are no permissions changes required for this change

Documentation

• NPM request forwarding
• Dependency Proxy

What does success look like, and how can we measure that?

Success looks like packages are added to the cache when fetched from nmpjs.com.

Measure

• Number of packages added to the cache
• Number of duplicates uploaded
• Size of cache
• Number of packages that failed to be added to the cache

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.