0
Fork 0
mirror of https://github.com/verdaccio/verdaccio.git synced 2025-01-20 22:52:46 -05:00
verdaccio/website/versioned_docs/version-6.x/plugins.md

184 lines
6.2 KiB
Markdown
Raw Normal View History

2023-10-10 18:54:30 +02:00
---
id: plugins
title: 'Plugins'
---
Verdaccio is a pluggable application. It can be extended in many ways, either new authentication methods, adding endpoints or using a custom storage.
There are 5 types of plugins:
- [Authentication](plugin-auth.md)
- [Middleware](plugin-middleware.md)
- [Storage](plugin-storage.md)
- [Theme UI](plugin-theme.md)
- [Filters](plugin-filter.md)
## Usage {#usage}
### Installation {#installation}
```bash
$> npm install --global verdaccio-activedirectory
```
`verdaccio` as a sinopia fork it has backward compatibility with plugins that are compatible with `sinopia@1.4.0`. In such case the installation is the same.
```
$> npm install --global sinopia-memory
```
### Configuration {#configuration}
Open the `config.yaml` file and update the `auth` section as follows:
The default configuration looks like this, due we use a build-in `htpasswd` plugin by default that you can disable just commenting out the following lines.
### Naming convention {#naming-convention}
Since version `2.0.0` until version plugins must start with the following convention:
- `sinopia-xxx` (deprecated and will be removed on 6.x.x)
- `verdaccio-xxx`
After version `5.12.0` scoped plugins are supported, for example:
```yaml
auth:
'@my-org/auth-awesome-plugin':
foo: some value
bar: another value
store:
'@my-org/store-awesome-plugin':
foo: some value
bar: another value
middleware:
'@my-org/middleware-awesome-plugin':
foo: some value
bar: another value
```
### Authentication Configuration {#authentication-configuration}
```yaml
auth:
htpasswd:
file: ./htpasswd
# max_users: 1000
```
and replacing them with (in case you decide to use a `ldap` plugin.
```yaml
auth:
activedirectory:
url: 'ldap://10.0.100.1'
baseDN: 'dc=sample,dc=local'
domainSuffix: 'sample.local'
```
#### Multiple Authentication plugins {#multiple-authentication-plugins}
This is technically possible, making the plugin order important, as the credentials will be resolved in order.
```yaml
auth:
htpasswd:
file: ./htpasswd
#max_users: 1000
activedirectory:
url: 'ldap://10.0.100.1'
baseDN: 'dc=sample,dc=local'
domainSuffix: 'sample.local'
```
### Middleware Configuration {#middleware-configuration}
Example how to set up a middleware plugin. All middleware plugins must be defined in the **middlewares** namespace.
```yaml
middlewares:
audit:
enabled: true
```
> You might follow the [audit middle plugin](https://github.com/verdaccio/verdaccio-audit) as base example.
### Storage Configuration {#storage-configuration}
:::caution
If the `store` property is defined in the `config.yaml` file, the `storage` property is being ignored.
:::caution
Example how to set up a storage plugin. All storage plugins must be defined in the **store** namespace.
```yaml
store:
memory:
limit: 1000
```
### Theme Configuration {#theme-configuration}
```bash
npm install --global verdaccio-theme-dark
```
You can load only one theme at a time and pass through options if you need it.
```yaml
theme:
dark:
option1: foo
option2: bar
```
### Filter Configuration (Experimental) {#filter-configuration}
A real example from [npm i -g verdaccio-plugin-secfilter](https://github.com/Ansile/verdaccio-plugin-secfilter) filter plugin.
```yaml
filters:
plugin-secfilter:
block:
- scope: @evil # block all packages in scope
- package: semvver # block a malicious package
- package: @coolauthor/stolen
versions: '>2.0.1' # block some malicious versions of previously ok package
# uses https://www.npmjs.com/package/semver syntax
```
## Legacy plugins {#legacy-plugins}
### Sinopia Plugins {#sinopia-plugins}
:::caution
After version 6 sinopia plugins are not longer supported due the naming convention.
:::caution
> If you are relying on any sinopia plugin, remember are deprecated and might no work in the future.
- [sinopia-npm](https://www.npmjs.com/package/sinopia-npm): auth plugin for sinopia supporting an npm registry.
- [sinopia-memory](https://www.npmjs.com/package/sinopia-memory): auth plugin for sinopia that keeps users in memory.
- [sinopia-github-oauth-cli](https://www.npmjs.com/package/sinopia-github-oauth-cli).
- [sinopia-crowd](https://www.npmjs.com/package/sinopia-crowd): auth plugin for sinopia supporting atlassian crowd.
- [sinopia-activedirectory](https://www.npmjs.com/package/sinopia-activedirectory): Active Directory authentication plugin for sinopia.
- [sinopia-github-oauth](https://www.npmjs.com/package/sinopia-github-oauth): authentication plugin for sinopia2, supporting github oauth web flow.
- [sinopia-delegated-auth](https://www.npmjs.com/package/sinopia-delegated-auth): Sinopia authentication plugin that delegates authentication to another HTTP URL
- [sinopia-altldap](https://www.npmjs.com/package/sinopia-altldap): Alternate LDAP Auth plugin for Sinopia
- [sinopia-request](https://www.npmjs.com/package/sinopia-request): An easy and fully auth-plugin with configuration to use an external API.
- [sinopia-htaccess-gpg-email](https://www.npmjs.com/package/sinopia-htaccess-gpg-email): Generate password in htaccess format, encrypt with GPG and send via MailGun API to users.
- [sinopia-mongodb](https://www.npmjs.com/package/sinopia-mongodb): An easy and fully auth-plugin with configuration to use a mongodb database.
- [sinopia-htpasswd](https://www.npmjs.com/package/sinopia-htpasswd): auth plugin for sinopia supporting htpasswd format.
- [sinopia-leveldb](https://www.npmjs.com/package/sinopia-leveldb): a leveldb backed auth plugin for sinopia private npm.
- [sinopia-gitlabheres](https://www.npmjs.com/package/sinopia-gitlabheres): Gitlab authentication plugin for sinopia.
- [sinopia-gitlab](https://www.npmjs.com/package/sinopia-gitlab): Gitlab authentication plugin for sinopia
- [sinopia-ldap](https://www.npmjs.com/package/sinopia-ldap): LDAP auth plugin for sinopia.
- [sinopia-github-oauth-env](https://www.npmjs.com/package/sinopia-github-oauth-env) Sinopia authentication plugin with github oauth web flow.
> All sinopia plugins should be compatible with all future verdaccio versions. Anyhow, we encourage contributors to migrate them to the
> modern verdaccio API and using the prefix as _verdaccio-xx-name_.