medplum aws update-app hard coded to use public npm registry

[dbryant4-cj]

Background

In our environment, access to the public Internet is very restrictive, meaning access to the public npm registry is not allowed. Instead, we have a Nexus artifact server that serves as the npm registry. This is a requirement of our security posture that we cannot easily change.

Issue

It appears as though the public npm registry is hard coded in the file below which causes the medplum aws update-app to fail. Can this be changed to be configurable, perhaps by an environment variable or a CLI option?

medplum/packages/cli/src/aws/update-app.ts

Lines 69 to 73 in fe7eb44

	async function getNpmPackageMetadata(packageName: string, version: string): Promise<any> {
	const url = `https://registry.npmjs.org/${packageName}/${version}`;
	const response = await fetch(url);
	return response.json();
	}

[dbryant4-cj]

Upon further investigation, it seems as though simply replacing https://registry.npmjs.org/ with our Nexus URL might not work since Nexus does not seem to support latest as a version string. This may only be an issue with Nexus.

As an alternative approach, perhaps it makes more sense to allow users a way to provide the path to the extracted tar for the @medplum/app package. I can easily configure our CI to download and extract a tar from our Nexus server.

https://github.com/medplum/medplum/blob/main/packages/cli/src/aws/update-app.ts#L40

[codyebberson]

Hi @dbryant4-cj - thanks for filing, this is a good issue.