# npm Virtual Registry GA ## Overview This epic tracks the progression of npm Virtual Registry from beta to General Availability (GA), ensuring we meet GitLab's standard of "production-ready at any scale with a complete feature set." After the beta release of the npm virtual registry in Q1, we are planning to announce GA for all the available virtual registry formats in Q2. This effort builds on the learnings from Maven and Docker Virtual Registry GA implementations. ## Why This is Important This feature is critical for enterprise customers migrating from JFrog Artifactory to GitLab. npm package management requires enterprise-grade features including cloud provider integrations, comprehensive lifecycle management, advanced filtering, and production-ready observability - all tailored specifically for npm package management workflows and ecosystem requirements. ## Acceptance Criteria for GA Release ### Complete Product Feature Set **✅ Already Implemented (from Beta)** * Basic virtual registry configuration * Upstream repository management * Package caching functionality * Basic npm package resolution **🔄 In Progress / Planned** * **Production-Ready UI/API Features** * Complete UI for registry and upstream configuration * UI for searching and managing cache with npm-specific metadata * Version resolution explanations (why a specific version was chosen) * Metadata freshness indicators and refresh capabilities * Scoped routing and pattern-based access controls * **Lifecycle Policies Implementation** * Rule-based policies: Delete cache records not pulled in last X days * Audit logs and notifications for policy-driven actions * **Allow/Deny Filtering** * Flexible rule-based filtering for package inclusion/exclusion * Pattern matching for scoped packages (@org/\*, package@^1) * Version-specific filtering capabilities * Audit logs for blocked package requests * **Root-Group Dashboards and Analytics** * Root-group-level view of upstreams and connection status * Cache performance metrics * **Shareable Upstreams Functionality** * Optimize storage by allowing multiple virtual registries to share upstreams * Efficient caching and storage optimization * Reduce duplicate storage of identical packages * **Locally-Hosted Registry Support** * Target GitLab projects/groups to expose package registry items * **Authentication and Configuration** * Enhanced .npmrc configuration guidance * Streamlined authentication setup flows * Clear error messaging for authentication issues ### Data & Observability Requirements * **Files pulled from upstreams** - Shows upstream usage and potential cost/bandwidth implications * **Files pulled from cache** - Demonstrates cache efficiency and user benefit * **Root groups with virtual registry enabled** - Adoption at the organizational level * **Organizations with at least one virtual registry** - Overall feature adoption across the customer base ### Market Validation Requirements * **Customer feedback analysis from Beta program completed** * All critical performance issues identified in Beta resolved * Documentation of specific customer use cases and value delivered * **Performance concerns from Beta addressed and validated** * Metadata URL rewriting latency under 200ms for 95th percentile * Cache hit ratio above 70% for established registries * **Clear evidence of customer value and adoption patterns** * Evidence of customers migrating production workloads from JFrog Artifactory or other solutions * **Customer readiness for GA usage** * Minimum 5 enterprise customers committed to production usage within 30 days of GA * At least 2 customers with \>1000 packages actively using npm virtual registry * Customer reference agreements secured for public case studies ### Technical Readiness Requirements * Metadata URL rewriting performance optimizations validated * npm-specific caching strategies proven at scale * Feature flags removed completely * Feature available on Dedicated (platform parity achieved) ## Success Metrics ### Adoption Rate * Number of groups using npm virtual registries in production * Percentage of npm virtual registries utilizing shared upstreams * Migration rate from JFrog Artifactory to GitLab npm virtual registries ### Performance & Efficiency * Metadata rewriting operation response times * Cache hit ratios for npm packages * Storage optimization from shared upstreams * Reduction in duplicate package storage ### User Satisfaction * Customer feedback scores from Beta program * Time-to-resolution for npm dependency management * Support ticket reduction for npm-related issues ## Engineering Assessment **Resource Requirements:** * Estimated 2 backend engineers plus partial frontend support for 3 milestones * Additional investigation effort from Package Registry team for metadata URL rewriting optimization **Technical Challenges:** * npm requires different technical solution for metadata URL rewriting compared to Maven/Docker * Performance optimization for dynamic metadata handling * Scoped package routing complexity * Semver range resolution at scale **Risk Mitigation:** * Performance concerns from Beta are being addressed through ongoing Package Registry team investigation * Leveraging proven patterns from Maven and Docker Virtual Registry GA implementations * Incremental rollout with feature flags during transition ## Design and UX Considerations **Design Complexity:** Most existing design foundation from Maven Virtual Registry applies to npm, with enhancements for: * Version resolution explanations * Metadata freshness indicators * Scoped routing configuration UI * Deprecation and mutability handling * Cross-format consistency maintenance **User Experience Requirements:** * Clear version selection reasoning * Confidence in package data freshness and reliability * Predictable routing and precedence logic * Intuitive configuration and authentication flows * Consistent mental model across package formats * Actionable feedback about system state and errors **Important** This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc. --- ## <!-- triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION --> > [!important] > This page may contain information related to upcoming products, features and functionality. > It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. > Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc. <!-- triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION -->