Quick Start

Get nproxy protecting your package installs in under five minutes.

1. Sign up and create an organization

Visit nproxy.app/signup and create an account. Then create an organization -- this gives you a unique registry URL at https://your-slug.nproxy.app/.

Your organization slug must be lowercase alphanumeric with optional hyphens (e.g. acme, my-company).

2. Generate an API token

In the dashboard, go to API Tokens and create a new token. Copy the token -- it starts with nproxy_ and is shown only once.

Tokens are used to authenticate your package manager with the proxy. On the Free plan, token authentication is optional for read requests. Pro and Enterprise plans can require tokens for all requests.

3. Configure your package manager

Using the CLI (recommended)

The fastest way to configure your local environment:

npx nproxy setup acme

This writes the registry URL to your project's .npmrc. To write to the global ~/.npmrc instead:

npx nproxy setup acme --global

To include your auth token:

npx nproxy setup acme --token nproxy_your_token_here

Manual configuration

npm / pnpm (.npmrc)

Create or edit .npmrc in your project root (or ~/.npmrc for global config):

registry=https://acme.nproxy.app/
//acme.nproxy.app/:_authToken=nproxy_your_token_here

Yarn (.yarnrc.yml)

npmRegistryServer: "https://acme.nproxy.app/"

pnpm (.npmrc)

pnpm uses the same .npmrc format as npm:

registry=https://acme.nproxy.app/
//acme.nproxy.app/:_authToken=nproxy_your_token_here

GitHub Actions

- uses: actions/setup-node@v4
  with:
    node-version: 20
    registry-url: "https://acme.nproxy.app/"

Set the NODE_AUTH_TOKEN secret in your repository settings to your nproxy API token.

4. Install packages as usual

Run npm install as you normally would. nproxy applies your security rules transparently:

npm install express

Safe packages install normally. If a package version is blocked by a security rule, nproxy strips that version from the metadata and your package manager resolves to the latest safe version.

Running npm audit also benefits from nproxy -- the proxy enriches audit results with additional vulnerability data from OSV.dev, giving you more comprehensive security reporting.

5. Check protection status

Confirm everything is working:

npx nproxy status

Inspect the active contract when you need details:

npx nproxy inspect contract

Full npm CLI support

Once your registry is configured, all npm CLI commands work through nproxy:

• npm install / npm ci -- Packages are scanned by your security rules
• npm audit -- Enriched with additional OSV.dev vulnerability data
• npm login -- Authenticates with npm through the proxy
• npm whoami -- Returns your nproxy identity (with nproxy token) or npm identity (with npm token)
• npm publish / npm deprecate / npm star / npm owner -- Forwarded to the upstream npm registry
• npm search / npm dist-tag / npm access / npm team / npm org -- Forwarded to npm

Code signing (optional)

nproxy can sign internal packages at publish time and attest public packages as they pass through the proxy using Ed25519 keys. Generate a signing key in the dashboard or via CLI:

nproxy keys generate acme

Then configure the signing policy in the dashboard under Settings (off / warn / internal / all). Available on all plans.

Other ecosystems

nproxy also proxies PyPI, Go, Cargo, Maven, and RubyGems. Each ecosystem is configured similarly -- point your package manager at your nproxy endpoint and installs flow through the same security rules. See the PyPI setup guide for a Python-specific walkthrough, and the Configuration guide for other ecosystems.

Next steps

• Configure security rules in the dashboard
• Set up CI/CD configuration for your pipelines
• Set up PyPI proxying for Python projects
• Read about the architecture to understand how nproxy works