npm's package registry implementation supports several write APIs as well, to allow for publishing packages and managing user account information.
The npm public registry is powered by a CouchDB database, of which there is a public mirror at https://skimdb.npmjs.com/registry.
The registry URL used is determined by the scope of the package (see npm help scope. If no scope is specified, the default registry is used, which is supplied by the registry config parameter. See npm help config, npm help npmrc, and npm help config for more on managing npm's configuration.
When the default registry is used in a package-lock or shrinkwrap is has the special meaning of "the currently configured registry". If you create a lock file while using the default registry you can switch to another registry and npm will install packages from the new registry, but if you create a lock file while using a custom registry packages will be installed from that registry even after you change to another registry.
When making requests of the registry npm adds two headers with information about your environment:
The npm registry does not try to correlate the information in these headers with any authenticated accounts that may be used in the same requests.
See npm help package.json for more info on what goes in the package.json file.