npm requests through the GitLab proxy to rewrite the tarball url to point to the GitLab Package Registry

Release notes

You can use the GitLab npm request forwarding feature to automatically look for packages not found in your GitLab instance on npmjs.com. But, since the request is simply forwarded, GitLab does not have access and cannot display the metadata you need to find and validate your Node packages.

As part of epic &3608 we will give you the ability to proxy and cache npm packages from external remotes like npmjs.com. This issue is a key step in unlocking that capability.

Problem to solve

It's important that GitLab dogfood it's own features. But we are not yet dogfooding Packages for the front end. The issue is that the lockfile has resolved url pointing to npmjs.org meaning that when yarn install will use that to resolve the package file = it will not go through the GitLab package registry.

Proposal

After a small investigation, it appears that yarn will simply use the url of the tarball (along with the shasum) and put it in the resolved field of the lock file. This tarball url is returned by the "metadata" endpoint.

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.