Infrastructure/verdaccio
0
Fork 0
mirror of https://github.com/verdaccio/verdaccio.git synced 2025-01-20 22:52:46 -05:00
Code Issues Activity
verdaccio/website/docs/protect-your-dependencies.md

49 lines
1.4 KiB
Markdown
Raw Normal View History

chore: website scaffolding (#1843) * chore: upload gatsby website * chore: update header * chore: add background header * chore: add ci for website * Update ci-website.yml * chore: update patch mach ci * chore: update ci settings * chore: update docker version
2020-06-24 12:28:00 +02:00
---
id: protect-your-dependencies
build: configure prettier as formatter for json, yaml and markdown (#1930) * build: configure pretter as formatter for most files * chore: reformat code (#1931) * chore: re-format all files * chore: force run quality anaylsis test Co-authored-by: Juan Picado @jotadeveloper <juanpicado19@gmail.com> Co-authored-by: Juan Picado @jotadeveloper <juanpicado19@gmail.com>
2020-09-03 21:15:29 +02:00
title: 'Protecting packages'
chore: website scaffolding (#1843) * chore: upload gatsby website * chore: update header * chore: add background header * chore: add ci for website * Update ci-website.yml * chore: update patch mach ci * chore: update ci settings * chore: update docker version
2020-06-24 12:28:00 +02:00
---
`verdaccio` allows you protect publish, to achieve that you will need to set up correctly your [packages access](packages).
<div id="codefund">''</div>
### Package configuration
Let's see for instance the following set up. You have a set of dependencies what are prefixed with `my-company-*` and you need to protect them from anonymous or another logged user without right credentials.
```yaml
build: configure prettier as formatter for json, yaml and markdown (#1930) * build: configure pretter as formatter for most files * chore: reformat code (#1931) * chore: re-format all files * chore: force run quality anaylsis test Co-authored-by: Juan Picado @jotadeveloper <juanpicado19@gmail.com> Co-authored-by: Juan Picado @jotadeveloper <juanpicado19@gmail.com>
2020-09-03 21:15:29 +02:00
'my-company-*':
access: admin teamA teamB teamC
publish: admin teamA
proxy: npmjs
chore: website scaffolding (#1843) * chore: upload gatsby website * chore: update header * chore: add background header * chore: add ci for website * Update ci-website.yml * chore: update patch mach ci * chore: update ci settings * chore: update docker version
2020-06-24 12:28:00 +02:00
```
build: configure prettier as formatter for json, yaml and markdown (#1930) * build: configure pretter as formatter for most files * chore: reformat code (#1931) * chore: re-format all files * chore: force run quality anaylsis test Co-authored-by: Juan Picado @jotadeveloper <juanpicado19@gmail.com> Co-authored-by: Juan Picado @jotadeveloper <juanpicado19@gmail.com>
2020-09-03 21:15:29 +02:00
With this configuration, basically we allow to groups **admin** and **teamA** to _publish_ and **teamA** **teamB** **teamC** _access_ to such dependencies.
chore: website scaffolding (#1843) * chore: upload gatsby website * chore: update header * chore: add background header * chore: add ci for website * Update ci-website.yml * chore: update patch mach ci * chore: update ci settings * chore: update docker version
2020-06-24 12:28:00 +02:00
### Use case: teamD try to access the dependency
So, if I am logged as **teamD**. I shouldn't be able to access all dependencies that match with `my-company-*` pattern.
```bash
➜ npm whoami
teamD
```
build: configure prettier as formatter for json, yaml and markdown (#1930) * build: configure pretter as formatter for most files * chore: reformat code (#1931) * chore: re-format all files * chore: force run quality anaylsis test Co-authored-by: Juan Picado @jotadeveloper <juanpicado19@gmail.com> Co-authored-by: Juan Picado @jotadeveloper <juanpicado19@gmail.com>
2020-09-03 21:15:29 +02:00
chore: website scaffolding (#1843) * chore: upload gatsby website * chore: update header * chore: add background header * chore: add ci for website * Update ci-website.yml * chore: update patch mach ci * chore: update ci settings * chore: update docker version
2020-06-24 12:28:00 +02:00
I won't have access to such dependencies and also won't be visible via web for user **teamD**. If I try to access the following will happen.
```bash
➜ npm install my-company-core
npm ERR! code E403
npm ERR! 403 Forbidden: webpack-1@latest
```
build: configure prettier as formatter for json, yaml and markdown (#1930) * build: configure pretter as formatter for most files * chore: reformat code (#1931) * chore: re-format all files * chore: force run quality anaylsis test Co-authored-by: Juan Picado @jotadeveloper <juanpicado19@gmail.com> Co-authored-by: Juan Picado @jotadeveloper <juanpicado19@gmail.com>
2020-09-03 21:15:29 +02:00
chore: website scaffolding (#1843) * chore: upload gatsby website * chore: update header * chore: add background header * chore: add ci for website * Update ci-website.yml * chore: update patch mach ci * chore: update ci settings * chore: update docker version
2020-06-24 12:28:00 +02:00
or with `yarn`
```bash
➜ yarn add my-company-core
yarn add v0.24.6
info No lockfile found.
[1/4] 🔍 Resolving packages...
error An unexpected error occurred: "http://localhost:5555/webpack-1: unregistered users are not allowed to access package my-company-core".
```
Reference in a new issue Copy permalink