Q44 — AWS DOP-C02 Ch.1
Question 44 of 100 | ← Chapter 1
A company’s DevOps team uses Node Package Manager (NPM) open-source libraries to build applications. The DevOps team runs application builds in an AWS CodeBuild project. The company downloads NPM libraries from the public NPM registry. The company wants to host NPM libraries in a private NPM repository. The company also needs to validate new library versions before the DevOps team uses them.
- A. Create an AWS CodeArtifact repository with an upstream repository named npmjs.org. Configure the application build process to use the CodeArtifact repository as the default NPM source. Create an AWS CodePipeline pipeline to perform required checks on package versions in the CodeArtifact repository. If checks fail, set the package status to unlisted. ✓
- B. Enable Amazon S3 caching in the CodeBuild project configuration. Add a step in the buildspec.yaml file to perform required checks on package versions in the cache.
- C. Create an AWS CodeCommit repository for each library. Clone the required NPM libraries into the appropriate CodeCommit repositories. Modify the CodeBuild appspec.yaml configuration file to use the private CodeCommit repositories. Add a step to perform required checks on package versions.
- D. Create an AWS CodeCommit repository for each library. Clone the required NPM libraries into the appropriate CodeCommit repositories. Modify the CodeBuild buildspec.yaml configuration file so that NPM uses the private CodeCommit repositories. Add an AWS CodePipeline pipeline to check each new package version committed to the repositories. Configure the pipeline to revert to the most recent commit if checks fail.
Correct Answer: A. Create an AWS CodeArtifact repository with an upstream repository named npmjs.org. Configure the application build process to use the CodeArtifact repository as the default NPM source. Create an AWS CodePipeline pipeline to perform required checks on package versions in the CodeArtifact repository. If checks fail, set the package status to unlisted.
Explanation
This question tests implementing a private NPM repository in AWS with version validation. AWS documentation states CodeArtifact supports hosting private repositories and upstream configuration to public npm registries. Option A uses CodeArtifact to host the private repository and CodePipeline to automate validation, marking packages as unlisted on failure—requiring no additional infrastructure management. Option B relies on S3 caching, which cannot host a private repository. Options C and D misuse CodeCommit as a package repository, requiring manual per-library management and violating npm protocol standards, increasing complexity. Option A leverages native CodeArtifact functionality with minimal operational overhead.