We have a React application that builds via npm on Azure DevOps. For the time being I've excluded our package-lock.json from our repository because a few of the packages we use come from private npm registries and this installs and builds fine. However the other day latest version of a package broke our application (it was bound to happen). When running npm install from the npm DevOps task and a package-lock.json file is present it will only ever go to the npm public registry even though the package-lock.json points to a private npm registry. I don't want to lock down my package.json file as that is what package-lock.json is for. How can I get Azure DevOps build to use package-lock.json but also retrieve packages from private npm registries? Do I need to setup an Azure Artifact that points to a private npm registry?
Update:
The following is the error I receive during the install process (when package-lock.json is present):
Error: 404 Not Found - GET https://npm.sencha.com/@sencha%2fext-modern-treegrid/-/@sencha/ext-modern-treegrid-7.0.0.tgz verbose stack at C:\Program Files\nodejs\node_modules\npm\node_modules\npm-registry-fetch\check-response.js:104:15 verbose stack at runMicrotasks () verbose stack at processTicksAndRejections (internal/process/task_queues.js:97:5)
If I run npm install locally works fine.