0
Fork 0
mirror of https://github.com/verdaccio/verdaccio.git synced 2024-12-30 22:34:10 -05:00

Merge pull request #887 from verdaccio/fix-website-issues

Fix website issues
This commit is contained in:
Juan Picado @jotadeveloper 2018-08-01 23:03:27 +02:00 committed by GitHub
commit a7e882a188
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
37 changed files with 3 additions and 2621 deletions

View file

@ -61,9 +61,9 @@ const users = [
const siteConfig = {
title: 'Verdaccio' /* title for your website */,
tagline: 'Verdaccio · A lightweight private npm proxy registry',
url: 'http://www.verdaccio.org' /* your website url */,
url: 'https://verdaccio.org' /* your website url */,
organizationName: 'verdaccio',
cname: 'www.verdaccio.org',
cname: 'verdaccio.org',
noIndex: false,
baseUrl: '/' /* base url for your project */,
projectName: 'verdaccio',
@ -93,10 +93,7 @@ const siteConfig = {
},
algolia: {
apiKey: 'a8b4d117e513cd8d71d6a95e3d9d4a91',
indexName: 'verdaccio',
algoliaOptions: {
facetFilters: ['language:LANGUAGE', 'version:VERSION'],
}
indexName: 'verdaccio'
},
gaTrackingId: 'UA-2527438-21',
twitter: true,

View file

@ -1,15 +0,0 @@
---
id: version-3.2.0-ansible
title: Ansible
original_id: ansible
---
We have a customised solution for `verdaccio` in our organization.
[https://github.com/verdaccio/ansible-verdaccio](https://github.com/verdaccio/ansible-verdaccio)
#### Other options
* Ansible role for Gentoo users: [jirutka/ansible-role-sinopia](https://github.com/jirutka/ansible-role-sinopia).
* Ansible role for Ubuntu users: [jagregory/sinopia-ansible](https://github.com/jagregory/sinopia-ansible).
* ansible-verdaccio-role [https://github.com/refinery29/ansible-verdaccio-role](https://github.com/refinery29/ansible-verdaccio-role)

View file

@ -1,58 +0,0 @@
---
id: version-3.2.0-authentification
title: Authentification
original_id: authentification
---
The authentification is tied to the auth [plugin](plugins.md) you are using. The package restrictions also is handled by the [Package Access](packages.md).
The client authentification is handled by `npm` client itself. Once you login to the application:
```bash
npm adduser --registry http://localhost:4873
```
A token is generated in the `npm` configuration file hosted in your user home folder. For more information about `.npmrc` read the [official documentation](https://docs.npmjs.com/files/npmrc).
```bash
cat .npmrc
registry=http://localhost:5555/
//localhost:5555/:_authToken="secretVerdaccioToken"
//registry.npmjs.org/:_authToken=secretNpmjsToken
```
#### Anonymous publish
`verdaccio`allows you to enable anonymous publish, to achieve that you will need to set up correctly your [packages access](packages.md).
Eg:
```yaml
'my-company-*':
access: $anonymous
publish: $anonymous
proxy: npmjs
```
As is described [on issue #212](https://github.com/verdaccio/verdaccio/issues/212#issuecomment-308578500) until `npm@5.3.0` and all minor releases **won't allow you publish without a token**. However `yarn` has not such limitation.
## Default htpasswd
In order to simplify the setup, `verdaccio` use a plugin based on `htpasswd`. As of version v3.0.x an [external plugin](https://github.com/verdaccio/verdaccio-htpasswd)
is used by default. The v2.x version of this package still contains the built-in version of this plugin.
```yaml
auth:
htpasswd:
file: ./htpasswd
# Maximum amount of users allowed to register, defaults to "+inf".
# You can set this to -1 to disable registration.
#max_users: 1000
```
Property | Type | Required | Example | Support | Description
--- | --- | --- | --- | --- | ---
file | string | Yes | ./htpasswd | all | file that host the encrypted credentials
max_users | number | No | 1000 | all | set limit of users
In case to decide do not allow user to login, you can set `max_users: -1`.

View file

@ -1,15 +0,0 @@
---
id: version-3.2.0-build
title: Build the source code
original_id: build
---
Verdaccio relies on `yarn` instead `npm` to download dependencies.
*Note: the current build only will build with `➜ yarn@1.x`.
```bash
yarn install
```
To see the complete list of scripts, [click here](https://github.com/verdaccio/verdaccio/wiki/Build-Source-Code).

View file

@ -1,18 +0,0 @@
---
id: version-3.2.0-chef
title: Chef Cookbook
original_id: chef
---
Using Chef Cookbook for Verdaccio
For further information:
* [https://github.com/verdaccio/verdaccio-cookbook](https://github.com/verdaccio/verdaccio-cookbook)
* [https://supermarket.chef.io/cookbooks/verdaccio](https://supermarket.chef.io/cookbooks/verdaccio)
> We are looking for contributors for this repository, if you are interested please notify the author via tickets.
Author: [Keli Grubb](https://github.com/kgrubb) && Barthelemy Vessemont.

View file

@ -1,15 +0,0 @@
---
id: version-3.2.0-ci
title: Continuous Integration
original_id: ci
---
You may use verdaccio with continuous integration while login or publish. When
using NPM to install a private module in a continuous integration environment
for the first time, a brick wall is quickly hit. The NPM login command is
designed to be used interactively. This causes an issue in CI, scripts, etc.
Heres how to use NPM login different continuous integration platforms.
- [Travis CI](https://remysharp.com/2015/10/26/using-travis-with-private-npm-deps)
- [Circle CI 1.0](https://circleci.com/docs/1.0/npm-login/) or [Circle CI 2.0](https://circleci.com/docs/2.0/deployment-integrations/#npm)
- [Gitlab CI](https://www.exclamationlabs.com/blog/continuous-deployment-to-npm-using-gitlab-ci/)

View file

@ -1,27 +0,0 @@
---
id: version-3.2.0-cli
title: Command Line Tool
original_id: cli
---
The verdaccio CLI is your go start the application.
## Commands
```bash
verdaccio --listen 4000 --config ~./config.yaml
```
Command | Default | Example | Description
--- | --- | --- | ---
--listen \ **-l** | 4873 | -p 7000 | http port
--config \ **-c** | ~/.local/verdaccio/config.yaml | ~./config.yaml | the configuration file
## Default config file location
To locate the home directory, we rely on **$XDG_DATA_HOME** as a first choice and Windows environment we look for [APPDATA environment variable](https://www.howtogeek.com/318177/what-is-the-appdata-folder-in-windows/).
## Default storage location
We use **$XDG_DATA_HOME** environment variable as default to locate the storage by default which [should be the same](https://askubuntu.com/questions/538526/is-home-local-share-the-default-value-for-xdg-data-home-in-ubuntu-14-04) as $HOME/.local/share.
If you are using a custom storage, this location is irrelevant.

View file

@ -1,209 +0,0 @@
---
id: version-3.2.0-configuration
title: Configuration File
original_id: configuration
---
This file is the cornerstone of verdaccio where you can modify the default behaviour, enable plugins and extend features.
A default configuration file is created the very first time you run `verdaccio`.
## Default Configuration
The default configuration has support for **scoped** packages and allow any user to access all packages but only **authenticated users to publish**.
```yaml
storage: ./storage
auth:
htpasswd:
file: ./htpasswd
uplinks:
npmjs:
url: https://registry.npmjs.org/
packages:
'@*/*':
access: $all
publish: $authenticated
proxy: npmjs
'**':
proxy: npmjs
logs:
- {type: stdout, format: pretty, level: http}
```
## Sections
The following sections explain what each property means and the different options.
### Storage
Is the location of the default storage. **Verdaccio is by default based on local file system**.
```yaml
storage: ./storage
```
### Plugins
Is the location of the plugin directory. Useful for Docker/Kubernetes based deployments.
```yaml
plugins: ./plugins
```
### Authentification
The authentification set up is done here, the default auth is based on `htpasswd` and is built-in. You can modify this behaviour via [plugins](plugins.md). For more information about this section read the [auth page](auth.md).
```yaml
auth:
htpasswd:
file: ./htpasswd
max_users: 1000
```
### Web UI
This properties allow you to modify the look and feel of the web UI. For more information about this section read the [web ui page](web.md).
```yaml
web:
enable: true
title: Verdaccio
logo: logo.png
```
### Uplinks
Uplinks is the ability of the system to fetch packages from remote registries when those packages are not available locally. For more information about this section read the [uplinks page](uplinks.md).
```yaml
uplinks:
npmjs:
url: https://registry.npmjs.org/
```
### Packages
Packages allow the user to control how the packages are gonna be accessed. For more information about this section read the [packages page](packages.md).
```yaml
packages:
'@*/*':
access: $all
publish: $authenticated
proxy: npmjs
```
## Advanced Settings
### Offline Publish
By default `verdaccio` does not allow to publish when the client is offline, that behavior can be overridden by setting this to *true*.
```yaml
publish:
allow_offline: false
```
<small>Since: `verdaccio@2.3.6` due [#223](https://github.com/verdaccio/verdaccio/pull/223)</small>
### URL Prefix
```yaml
url_prefix: https://dev.company.local/verdaccio/
```
Since: `verdaccio@2.3.6` due [#197](https://github.com/verdaccio/verdaccio/pull/197)
### Max Body Size
By default the maximum body size for a JSON document is `10mb`, if you run in errors as `"request entity too large"` you may increase this value.
```yaml
max_body_size: 10mb
```
### Listen Port
`verdaccio` runs by default in the port `4873`. Changing the port can be done via [cli](cli.md) or in the configuration file, the following options are valid.
```yaml
listen:
# - localhost:4873 # default value
# - http://localhost:4873 # same thing
# - 0.0.0.0:4873 # listen on all addresses (INADDR_ANY)
# - https://example.org:4873 # if you want to use https
# - "[::1]:4873" # ipv6
# - unix:/tmp/verdaccio.sock # unix socket
```
### HTTPS
To enable `https` in `verdaccio` it's enough to set the `listen` flag with the protocol *https://*. For more information about this section read the [ssl page](ssl.md).
```yaml
https:
key: ./path/verdaccio-key.pem
cert: ./path/verdaccio-cert.pem
ca: ./path/verdaccio-csr.pem
```
### Proxy
Proxies are special-purpose HTTP servers designed to transfer data from remote servers to local clients.
#### http_proxy and https_proxy
If you have a proxy in your network you can set a `X-Forwarded-For` header using the following properties.
```yaml
http_proxy: http://something.local/
https_proxy: https://something.local/
```
#### no_proxy
This variable should contain a comma-separated list of domain extensions proxy should not be used for.
```yaml
no_proxy: localhost,127.0.0.1
```
### Notifications
Enabling notifications to third-party tools is fairly easy via web hooks. For more information about this section read the [notifications page](notifications.md).
```yaml
notify:
method: POST
headers: [{'Content-Type': 'application/json'}]
endpoint: https://usagge.hipchat.com/v2/room/3729485/notification?auth_token=mySecretToken
content: '{"color":"green","message":"New package published: * {{ name }}*","notify":true,"message_format":"text"}'
```
> For more detailed configuration settings, please [check the source code](https://github.com/verdaccio/verdaccio/tree/master/conf).
### Audit
<small>Since: `verdaccio@3.0.0`</small>
`npm audit` is a new command released with [npm 6.x](https://github.com/npm/npm/releases/tag/v6.1.0). Verdaccio includes
a built-in middleware plugin to handle this command.
> If you have a new installation it comes by default, otherwise you need to add the following props to your config file
```yaml
middlewares:
audit:
enabled: true
```

View file

@ -1,85 +0,0 @@
---
id: version-3.2.0-contributing
title: Contributing Verdaccio
original_id: contributing
---
First of all 👏👏 thanks for visiting this page, for us means you are willing contribute to `verdaccio` and we are happy for that. Jumping into an unfamiliar code base is not easy but we are here to help you.
## Comunication Channels
If you are willing for asking, we use two channels for discussions:
* [Public Gitter channel](https://gitter.im/verdaccio/)
* [Contributors Slack channel](https://verdaccio-npm.slack.com) (unfortunately only by email invitation, you might ask in **Gitter** to be included)
## Getting started
As a first glance verdaccio is a single repository, but there are many ways you might contribute and a variety of technologies to practice.
### Finding my spot
All we have different skills, so, let's see where you might feel comfortable.
### I know or I want to learn Node.js
Node.js is the base of `verdaccio`, we use libraries as `express`, `commander`, `request` or `async`. Verdaccio is basically a Rest API that create a communication with `npm` clients compatible, as `yarn`.
We have a long [list of plugins](plugins.md) ready to be used and improved but at the same time [you might create your own](dev-plugins.md).
### I would prefer to work in the User Interface
Recently we have moved to modern techonologies as `React` and `element-react`. We are looking forward to see new ideas how to improve the UI.
### I feel more confortable improving the stack
Of course, we will be happy to help us improving the stack, you can upgrade dependencies as `eslint`, `stylelint`, `webpack`. You migt merely improve the `webpack` configuration would be great. Any suggestion is very welcome. Furthermore whether you have experience with **Yeoman** you might help us with the [verdaccio generator](https://github.com/verdaccio/generator-verdaccio-plugin).
Here some ideas:
* Create a common eslint rules to be used across all dependencies or plugins
* Improve Flow types definitions delivery
* Moving to Webpack 4
* Improve hot reload with Webpack
* We use babel and webpack across all dependencies, why not a common preset?
* Improve continous integration delivery
### I do great Documentation
Many contributors find typos and grammar issues, that also helps to improve the overall experience for troubleshooting.
### I am a Designer
We have a frontend website [http://www.verdaccio.org/](http://www.verdaccio.org/) that will be happy to see your ideas.
Our website is based on [Docusaurus](https://docusaurus.io/).
### I am a DevOps
We have a widely popular Docker image [https://hub.docker.com/r/verdaccio/verdaccio/](https://hub.docker.com/r/verdaccio/verdaccio/) that need maintenance and pretty likely huge improvements, we need your knowledge for the benefits of all users.
We have support for **Kubernetes**, **Puppet**, **Ansible** and **Chef** and we need help in those fields, feel free to see all repositories.
### I can do translations
Verdaccio aims to be multilingual, in order to achieve it **we have the awesome support** of [Crowdin](https://crowdin.com) that is an amazing platform for translations.
<img src="https://d3n8a8pro7vhmx.cloudfront.net/uridu/pages/144/attachments/original/1485948891/Crowdin.png" width="400px"/>
We have setup a project where you can choose your favourite language, if you do not find your language feel free to request one [creating a ticket](https://github.com/verdaccio/verdaccio/issues/new).
[Go to Crowdin Verdaccio](https://crowdin.com/project/verdaccio)
## I'm ready to contribute
If you are thinking *"I've seen already the [repositories](repositories.md) and I'm willing to start right away"* then I have good news for you, that's the next step.
You will need learn how to build, [we have prepared a guide just for that](build.md).
Once you have played around with all scripts and you know how to use them, we are ready to go to the next step, run the [**Unit Test**](test.md).
## Full list of contributors. We want to see your face here !
<a href="graphs/contributors"><img src="https://opencollective.com/verdaccio/contributors.svg?width=890&button=false" /></a>

View file

@ -1,162 +0,0 @@
---
id: version-3.2.0-dev-plugins
title: Developing Plugins
original_id: dev-plugins
---
There are many ways to extend `verdaccio`, currently we support `authentication plugins`, `middleware plugins` (since `v2.7.0`) and `storage plugins` since (`v3.x`).
## Authentication Plugin
This section will describe how it looks like a Verdaccio plugin in a ES5 way. Basically we have to return an object with a single method called `authenticate` that will recieve 3 arguments (`user, password, callback`). Once the authentication has been executed there is 2 options to give a response to `verdaccio`.
### API
```js
function authenticate (user, password, callback) {
...more stuff
}
```
##### OnError
Either something bad happened or auth was unsuccessful.
```
callback(null, false)
```
##### OnSuccess
The auth was successful.
`groups` is an array of strings where the user is part of.
```
callback(null, groups);
```
### Example
```javascript
function Auth(config, stuff) {
var self = Object.create(Auth.prototype);
self._users = {};
// config for this module
self._config = config;
// verdaccio logger
self._logger = stuff.logger;
// pass verdaccio logger to ldapauth
self._config.client_options.log = stuff.logger;
return self;
}
Auth.prototype.authenticate = function (user, password, callback) {
var LdapClient = new LdapAuth(self._config.client_options);
....
LdapClient.authenticate(user, password, function (err, ldapUser) {
...
var groups;
...
callback(null, groups);
});
};
module.exports = Auth;
```
And the setup
```yaml
auth:
htpasswd:
file: ./htpasswd
```
Where `htpasswd` is the sufix of the plugin name. eg: `verdaccio-htpasswd` and the rest of the body would be the plugin configuration params.
## Middleware Plugin
Middleware plugins have the capability to modify the API layer, either adding new endpoints or intercepting requests.
> A pretty good example
of middleware plugin is the [sinopia-github-oauth](https://github.com/soundtrackyourbrand/sinopia-github-oauth) and [verdaccio-audit](https://github.com/verdaccio/verdaccio-audit).
### API
```js
function register_middlewares(expressApp, authInstance, storageInstance) {
/* more stuff */
}
```
To register a middleware we need an object with a single method called `register_middlewares` that will recieve 3 arguments (`expressApp, auth, storage`).
*Auth* is the authentification instance and *storage* is also the main Storage instance that will give you have access to all to the storage actions.
## Storage Plugin
Verdaccio by default uses a file system storage plugin [local-storage](https://github.com/verdaccio/local-storage) but, since `verdaccio@3.x` you can plug in a custom storage.
### API
The storage API is a bit more complex, you will need to create a class that return a `ILocalData` implementation. Please see details bellow.
```js
class LocalDatabase<ILocalData>{
constructor(config: Config, logger: Logger): ILocalData;
}
declare interface verdaccio$ILocalData {
add(name: string, callback: verdaccio$Callback): void;
remove(name: string, callback: verdaccio$Callback): void;
get(callback: verdaccio$Callback): void;
getSecret(): Promise<string>;
setSecret(secret: string): Promise<any>;
getPackageStorage(packageInfo: string): verdaccio$IPackageStorage;
}
declare interface verdaccio$ILocalPackageManager {
writeTarball(name: string): verdaccio$IUploadTarball;
readTarball(name: string): verdaccio$IReadTarball;
readPackage(fileName: string, callback: verdaccio$Callback): void;
createPackage(name: string, value: verdaccio$Package, cb: verdaccio$Callback): void;
deletePackage(fileName: string, callback: verdaccio$Callback): void;
removePackage(callback: verdaccio$Callback): void;
updatePackage(pkgFileName: string,
updateHandler: verdaccio$Callback,
onWrite: verdaccio$Callback,
transformPackage: Function,
onEnd: verdaccio$Callback): void;
savePackage(fileName: string, json: verdaccio$Package, callback: verdaccio$Callback): void;
}
interface IUploadTarball extends stream$PassThrough {
abort(): void;
done(): void;
}
interface IReadTarball extends stream$PassThrough {
abort(): void;
done(): void;
}
```
> The Storage API is still experimental and might change in the next minor versions. For further information about Storage API please follow the [types
definitions in our official repository](https://github.com/verdaccio/flow-types).
### Storage Plugins Examples
The following list of plugins are implementing the Storage API and might be used them as example.
* [verdaccio-memory](https://github.com/verdaccio/verdaccio-memory)
* [local-storage](https://github.com/verdaccio/local-storage)
* [verdaccio-google-cloud](https://github.com/verdaccio/verdaccio-google-cloud)
* [verdaccio-s3-storage](https://github.com/Remitly/verdaccio-s3-storage/tree/s3)
> Are you willing to contribute with new Storage Plugins? [Click here.](https://github.com/verdaccio/verdaccio/issues/103#issuecomment-357478295)

View file

@ -1,171 +0,0 @@
---
id: version-3.2.0-docker
title: Docker
original_id: docker
---
<div class="docker-count">
![alt Docker Pulls Count](http://dockeri.co/image/verdaccio/verdaccio "Docker Pulls Count")
</div>
To pull the latest pre-built [docker image](https://hub.docker.com/r/verdaccio/verdaccio/):
```bash
docker pull verdaccio/verdaccio
```
![Docker pull](/svg/docker_verdaccio.gif)
## Tagged Versions
Since version `v2.x` you can pull docker images by [tag](https://hub.docker.com/r/verdaccio/verdaccio/tags/), as follows:
For a major version:
```bash
docker pull verdaccio/verdaccio:3
```
For a minor version:
```bash
docker pull verdaccio/verdaccio:3.0
```
For a specific (patch) version:
```bash
docker pull verdaccio/verdaccio:3.0.1
```
For the next major release using the `beta` (master branch) version.
```bash
docker pull verdaccio/verdaccio:beta
```
> If you are interested on a list of tags, [please visit the Docker Hub website](https://hub.docker.com/r/verdaccio/verdaccio/tags/).
## Running verdaccio using Docker
To run the docker container:
```bash
docker run -it --rm --name verdaccio -p 4873:4873 verdaccio/verdaccio
```
The last argument defines which image to use.
The above line will pull the latest prebuilt image from dockerhub, if you haven't done that already.
If you have [build an image locally](#build-your-own-docker-image) use `verdaccio` as the last argument.
You can use `-v` to bind mount `conf`, `storage` and `plugins` to the hosts filesystem:
```bash
V_PATH=/path/for/verdaccio; docker run -it --rm --name verdaccio -p 4873:4873 \
-v $V_PATH/conf:/verdaccio/conf \
-v $V_PATH/storage:/verdaccio/storage \
-v $V_PATH/plugins:/verdaccio/plugins \
verdaccio/verdaccio
```
>Note: Verdaccio runs as a non-root user (uid=100, gid=101) inside the container, if you use bind mount to override default, you need to make sure the mount directory is assigned to the right user. In above example, you need to run `sudo chown -R 100:101 /opt/verdaccio` otherwise you will get permission errors at runtime. [Use docker volume](https://docs.docker.com/storage/volumes/) is recommended over using bind mount.
### Plugins
Plugins can be installed in a separate directory and mounted using Docker or Kubernetes, however make sure you build plugins with native dependencies using the same base image as the Verdaccio Dockerfile.
### Docker and custom port configuration
Any `host:port` configured in `conf/config.yaml` under `listen` is currently ignored when using docker.
If you want to reach verdaccio docker instance under different port, lets say `5000`
in your `docker run` command replace `-p 4873:4873` with `-p 5000:4873`.
In case you need to specify which port to listen to **in the docker container**,
since version 2.?.? you can do so by providing additional arguments to `docker run`: `--env PORT=5000`
This changes which port the docker container exposes and the port verdaccio listens to.
Of course the numbers you give to `-p` paremeter need to match,
so assuming you want them to all be the same this is what you could copy, paste and adopt:
```bash
PORT=5000; docker run -it --rm --name verdaccio \
--env PORT -p $PORT:$PORT
verdaccio/verdaccio
```
### Using HTTPS with Docker
You can configure the protocol verdaccio is going to listen on, similarly to the port configuration.
You have to overwrite the default value("http") of the `PROTOCOL` environment variable to "https", after you specified the certificates in the config.yaml.
```bash
PROTOCOL=https; docker run -it --rm --name verdaccio \
--env PROTOCOL -p 4873:4873
verdaccio/verdaccio
```
### Using docker-compose
1. Get the latest version of [docker-compose](https://github.com/docker/compose).
2. Build and run the container:
```bash
$ docker-compose up --build
```
You can set the port to use (for both container and host) by prefixing the above command with `PORT=5000 `.
Docker will generate a named volume in which to store persistent application data. You can use `docker inspect` or `docker volume inspect` to reveal the physical location of the volume and edit the configuration, such as:
```
$ docker volume inspect verdaccio_verdaccio
[
{
"Name": "verdaccio_verdaccio",
"Driver": "local",
"Mountpoint": "/var/lib/docker/volumes/verdaccio_verdaccio/_data",
"Labels": null,
"Scope": "local"
}
]
```
## Build your own Docker image
```bash
docker build -t verdaccio .
```
There is also an npm script for building the docker image, so you can also do:
```bash
npm run build:docker
```
Note: The first build takes some minutes to build because it needs to run `npm install`,
and it will take that long again whenever you change any file that is not listed in `.dockerignore`.
If you want to use the docker image on a rpi or a compatible device there is also a dockerfile available.
To build the docker image for raspberry pi execute:
```bash
npm run build:docker:rpi
```
Please note that for any of the above docker commands you need to have docker installed on your machine and the docker executable should be available on your `$PATH`.
## Docker Examples
There is a separate repository that hosts multiple configurations to compose Docker images with `verdaccio`, for instance, as reverse proxy:
[https://github.com/verdaccio/docker-examples](https://github.com/verdaccio/docker-examples)
## Docker Custom Builds
* [docker-verdaccio-gitlab](https://github.com/snics/docker-verdaccio-gitlab)
* [docker-verdaccio](https://github.com/deployable/docker-verdaccio)
* [docker-verdaccio-s3](https://github.com/asynchrony/docker-verdaccio-s3) Private NPM container that can backup to s3
* [docker-verdaccio-ldap](https://github.com/snadn/docker-verdaccio-ldap)
* [verdaccio-ldap](https://github.com/nathantreid/verdaccio-ldap)
* [verdaccio-compose-local-bridge](https://github.com/shingtoli/verdaccio-compose-local-bridge)
* [docker-verdaccio](https://github.com/Global-Solutions/docker-verdaccio)
* [verdaccio-docker](https://github.com/idahobean/verdaccio-docker)
* [verdaccio-server](https://github.com/andru255/verdaccio-server)
* [coldrye-debian-verdaccio](https://github.com/coldrye-docker/coldrye-debian-verdaccio) docker image providing verdaccio from coldrye-debian-nodejs.

View file

@ -1,114 +0,0 @@
---
id: version-3.2.0-iss-server
title: Installing on IIS server
original_id: iss-server
---
These instructions were written for Windows Server 2012, IIS 8, [Node.js 0.12.3](https://nodejs.org/), [iisnode 0.2.16](https://github.com/tjanczuk/iisnode) and [verdaccio 2.1.0](https://github.com/verdaccio/verdaccio).
* Install IIS Install [iisnode](https://github.com/tjanczuk/iisnode).
Make sure you install prerequisites (Url Rewrite Module & node) as explained in the instructions for iisnode.
* Create a new folder in Explorer where you want to host verdaccio.
For example `C:\verdaccio`.
Save [package.json](#packagejson),
[start.js](#startjs)
and [web.config](#webconfig) in this folder.
* Create a new site in Internet Information Services Manager. You can name it whatever you want.
I'll call it verdaccio in these [instructions](http://www.iis.net/learn/manage/configuring-security/application-pool-identities). Specify the path to where you saved all files and a port number.
* Go back to Explorer and give the user that runs the application pool modify rights to the folder you just created. If you've named the new site verdaccio and did not change the app pool, it's running under an ApplicationPoolIdentity and you should give the user IIS AppPool\verdaccio modify rights see instructions if you need help. (You can restrict access later if you want so that it only has modify rights on the iisnode and verdaccio\storage)
* Start a command prompt and execute the commands below to download verdaccio:
````
cd c:\verdaccio
npm install
````
* Make sure you have an inbound rule accepting TCP traffic to the port in Windows Firewall
* Thats it! Now you can navigate to the host and port that you specified
I wanted the `verdaccio` site to be the default site in IIS so I did the following:
* I made sure the .npmrc file in `c:\users{yourname}\` had the registry set to `"registry=http://localhost/"`
* I stopped the "Default Web Site" and only start the site "verdaccio" site in IIS
* I set the bindings to "http", ip address "All Unassigned" on port 80, ok any warning or prompts
These instructions are based on [Host Sinopia in IIS
on Windows](https://gist.github.com/HCanber/4dd8409f79991a09ac75). I had to tweak my web config as per below but you may find the original from the
for mentioned link works better
A default configuration file will be created `c:\verdaccio\verdaccio\config.yaml`
### package.json
````json
{
"name": "iisnode-verdaccio",
"version": "1.0.0",
"description": "Hosts verdaccio in iisnode",
"main": "start.js",
"dependencies": {
"verdaccio": "^2.1.0"
}
}
````
### start.js
````bash
process.argv.push('-l', 'unix:' + process.env.PORT);
require('./node_modules/verdaccio/src/lib/cli.js');
````
### web.config
````xml
<configuration>
<system.webServer>
<modules>
<remove name="WebDAVModule" />
</modules>
<!-- indicates that the start.js file is a node.js application
to be handled by the iisnode module -->
<handlers>
<remove name="WebDAV" />
<add name="iisnode" path="start.js" verb="*" modules="iisnode" resourceType="Unspecified" requireAccess="Execute" />
<add name="WebDAV" path="*" verb="*" modules="WebDAVModule" resourceType="Unspecified" requireAccess="Execute" />
</handlers>
<rewrite>
<rules>
<!-- iisnode folder is where iisnode stores it's logs. These should
never be rewritten -->
<rule name="iisnode" stopProcessing="true">
<match url="iisnode*" />
<action type="None" />
</rule>
<!-- Rewrite all other urls in order for verdaccio to handle these -->
<rule name="verdaccio">
<match url="/*" />
<action type="Rewrite" url="start.js" />
</rule>
</rules>
</rewrite>
<!-- exclude node_modules directory and subdirectories from serving
by IIS since these are implementation details of node.js applications -->
<security>
<requestFiltering>
<hiddenSegments>
<add segment="node_modules" />
</hiddenSegments>
</requestFiltering>
</security>
</system.webServer>
</configuration>
````
### Troubleshooting
- **The web interface does not load when hosted with https as it tries to download scripts over http.**
Make sure that you have correctly mentioned `url_prefix` in verdaccio config. Follow the [discussion](https://github.com/verdaccio/verdaccio/issues/622).

View file

@ -1,51 +0,0 @@
---
id: version-3.2.0-installation
title: Installation
original_id: installation
---
Verdaccio is a multiplatform web application. To install it, you need a few prerequisites.
#### Prerequisites
1. Node higher than
- For version `verdaccio@2.x` Node `v4.6.1` is the minimum supported version.
- For version `verdaccio@latest` Node `6.12.0` is the minimum supported version.
2. npm `>=3.x` or `yarn`
3. The web interface supports the `Chrome, Firefox, Edge, and IE9` browsers.
## Installing the CLI
`verdaccio` must be installed globaly using either of the following methods:
Using `npm`
```bash
npm install -g verdaccio
```
or using `yarn`
```bash
yarn global add verdaccio
```
![install verdaccio](/svg/install_verdaccio.gif)
## Basic Usage
Once it has been installed, you only need to execute the CLI command:
```bash
$> verdaccio
warn --- config file - /home/.config/verdaccio/config.yaml
warn --- http address - http://localhost:4873/ - verdaccio/3.0.1
```
![](https://cdn-images-1.medium.com/max/720/1*jDHnZ7_68u5s1lFK2cygnA.gif)
For more information about the CLI, please [read the cli section](cli.md).
## Docker Image
`verdaccio` has an official docker image you can use, and in most cases, the default configuration is good enough. For more information about how to install the official image, [read the docker section](docker.md).

View file

@ -1,100 +0,0 @@
---
id: version-3.2.0-kubernetes
title: Kubernetes
original_id: kubernetes
---
You can find instructions to deploy Verdaccio on a Kubernetes cluster on the
[verdaccio/docker-example](https://github.com/verdaccio/docker-examples/tree/master/kubernetes-example)
repository. However, the recommended method to install Verdaccio on a Kubernetes
cluster is to use [Helm](https://helm.sh). Helm is a
[Kubernetes](https://kubernetes.io) package manager which bring multiple
advantages.
## Helm
### Setup Helm
If you haven't used Helm before, you need to setup the Helm controller called
Tiller:
```bash
helm init
```
### Install
Deploy the Helm [stable/verdaccio](https://github.com/kubernetes/charts/tree/master/stable/verdaccio)
chart. In this example we use `npm` as release name:
```bash
helm install --name npm stable/verdaccio
```
### Deploy a specific version
```bash
helm install --name npm --set image.tag=2.6.5 stable/verdaccio
```
### Upgrading Verdaccio
```bash
helm upgrade npm stable/verdaccio
```
### Uninstalling
```bash
helm del --purge npm
```
**Note:** this command delete all the resources, including packages that you may
have previously published to the registry.
### Custom Verdaccio configuration
You can customize the Verdaccio configuration using a Kubernetes *configMap*.
#### Prepare
Copy the [existing configuration](https://github.com/verdaccio/verdaccio/blob/master/conf/full.yaml)
and adapt it for your use case:
```bash
wget https://raw.githubusercontent.com/verdaccio/verdaccio/master/conf/full.yaml -O config.yaml
```
**Note:** Make sure you are using the right path for the storage that is used for
persistency:
```yaml
storage: /verdaccio/storage/data
auth:
htpasswd:
file: /verdaccio/storage/htpasswd
```
#### Deploy the configMap
Deploy the `configMap` to the cluster
```bash
kubectl create configmap verdaccio-config --from-file ./config.yaml
```
#### Deploy Verdaccio
Now you can deploy the Verdaccio Helm chart and specify which configuration to
use:
```bash
helm install --name npm --set customConfigMap=verdaccio-config stable/verdaccio
```
## Rancher Support
[Rancher](http://rancher.com/) is a complete container management platform that makes managing and using containers in production really easy.
* [verdaccio-rancher](https://github.com/lgaticaq/verdaccio-rancher)

View file

@ -1,26 +0,0 @@
---
id: version-3.2.0-logger
title: Logger
original_id: logger
---
As any web application, verdaccio has a customisable built-in logger. You can define multiple types of outputs.
```yaml
logs:
# console output
- {type: stdout, format: pretty, level: http}
# file output
- {type: file, path: verdaccio.log, level: info}
```
Use `SIGUSR2` to notify the application, the log-file was rotated and it needs to reopen it.
### Configuration
Property | Type | Required | Example | Support | Description
--- | --- | --- | --- | --- | ---
type | string | No | [stdout, file] | all | define the output
path | string | No | verdaccio.log | all | if type is file, define the location of that file
format | string | No | [pretty, pretty-timestamped] | all | output format
level | string | No | [fatal, error, warn, http, info, debug, trace] | all | verbose level

View file

@ -1,43 +0,0 @@
---
id: version-3.2.0-node-api
title: Node API
original_id: node-api
---
Verdaccio can be invoqued programmatically. The node API was introduced after version `verdaccio@3.0.0-alpha.10`.
## Usage
#### Programmatically
```js
import startServer from 'verdaccio';
startServer(configJsonFormat, 6000, store, '1.0.0', 'verdaccio',
(webServer, addrs, pkgName, pkgVersion) => {
webServer.listen(addr.port || addr.path, addr.host, () => {
console.log('verdaccio running');
});
});
```
## Other implementations
* [verdaccio-server](https://github.com/boringame/verdaccio-server) local npm registry proxy server
```js
// js
import * as verdaccioServer from "verdaccio-server";
verdaccioServer.start();
verdaccioServer.stop();
verdaccioServer.list();
verdaccioServer.stopAll();
verdaccioServer.show();
verdaccioServer.cli();
// windows .net2
verdaccioServer.serviceInstall();
verdaccioServer.serviceUninstall();
verdaccioServer.serviceStart();
verdaccioServer.serviceStop();
verdaccioServer.serviceRestart();
```

View file

@ -1,169 +0,0 @@
---
id: version-3.2.0-notifications
title: Notifications
original_id: notifications
---
Notify was built primarily to use with Slack's Incoming
webhooks, but will also deliver a simple payload to
any endpoint. Currently only active for `npm publish`
command.
## Usage
An example with a **HipChat**, **Stride** and **Google Hangouts Chat** hook:
> Verdaccio supports any API, feel free to ad more examples.
#### Single notification
```yaml
notify:
method: POST
headers: [{'Content-Type': 'application/json'}]
endpoint: https://usagge.hipchat.com/v2/room/3729485/notification?auth_token=mySecretToken
content: '{"color":"green","message":"New package published: * {{ name }}*","notify":true,"message_format":"text"}'
```
#### Multiple notification
```yaml
notify:
'example-google-chat':
method: POST
headers: [{'Content-Type': 'application/json'}]
endpoint: https://chat.googleapis.com/v1/spaces/AAAAB_TcJYs/messages?key=myKey&token=myToken
content: '{"text":"New package published: `{{ name }}{{#each versions}} v{{version}}{{/each}}`"}'
'example-hipchat':
method: POST
headers: [{'Content-Type': 'application/json'}]
endpoint: https://usagge.hipchat.com/v2/room/3729485/notification?auth_token=mySecretToken
content: '{"color":"green","message":"New package published: * {{ name }}*","notify":true,"message_format":"text"}'
'example-stride':
method: POST
headers: [{'Content-Type': 'application/json'}, {'authorization': 'Bearer secretToken'}]
endpoint: https://api.atlassian.com/site/{cloudId}/conversation/{conversationId}/message
content: '{"body": {"version": 1,"type": "doc","content": [{"type": "paragraph","content": [{"type": "text","text": "New package published: * {{ name }}* Publisher name: * {{ publisher.name }}"}]}]}}'
```
## Template
We use [Handlebars](https://handlebarsjs.com/) as main template engine.
### Format Examples
```
# iterate all versions
{{ name }}{{#each versions}} v{{version}}{{/each}}`"}
# publisher and `dist-tag` package published
{{ publisher.name }} has published {{publishedPackage}}"}
```
### Properties
List of properties accesible via template
* Metadata
* Publisher (who is publishing)
* Package Published (package@1.0.0)
### Metadata
Package metadata that the template has access
```
{
"_id": "@test/pkg1",
"name": "@test/pkg1",
"description": "",
"dist-tags": {
"beta": "1.0.54"
},
"versions": {
"1.0.54": {
"name": "@test/pkg1",
"version": "1.0.54",
"description": "some description",
"main": "index.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
"keywords": [],
"author": {
"name": "Author Name",
"email": "author@domain.com"
},
"license": "MIT",
"dependencies": {
"webpack": "4.12.0"
},
"readmeFilename": "README.md",
"_id": "@ test/pkg1@1.0.54",
"_npmVersion": "6.1.0",
"_nodeVersion": "9.9.0",
"_npmUser": {},
"dist": {
"integrity": "sha512-JlXWpLtMUBAqvVZBvH7UVLhXkGE1ctmXbDjbH/l0zMuG7wVzQ7GshTYvD/b5C+G2vOL2oiIS1RtayA/kKkTwKw==",
"shasum": "29c55c52c1e76e966e706165e5b9f22e32aa9f22",
"tarball": "http://localhost:4873/@test/pkg1/-/@test/pkg1-1.0.54.tgz"
}
}
},
"readme": "# test",
"_attachments": {
"@test/pkg1-1.0.54.tgz": {
"content_type": "application/octet-stream",
"data": "H4sIAAAAAAAAE+y9Z5PjyJIgOJ ...",
"length": 33112
}
},
"time": {}
}
```
### Publisher
You can access to the package publisher information in the `content` of a webhook using the `publisher` object.
See below the `publisher` object type:
```
{
name: string,
groups: string[],
real_groups: string[]
}
```
An example:
```
notify:
method: POST
headers: [{'Content-Type': 'application/json'}]
endpoint: https://usagge.hipchat.com/v2/room/3729485/notification?auth_token=mySecretToken
content: '{"color":"green","message":"New package published: * {{ name }}*. Publisher name: * {{ publisher.name }} *.","notify":true,"message_format":"text"}'
```
**Note:** it's not possible to get the publisher information if the `package.json` file already has the `publisher` property.
### Package Published
You can acces to the package is being published with the keyword `{{publishedPackage}}` as follows.
```
{{ publisher.name }} has published {{publishedPackage}}"}
```
## Configuration
Property | Type | Required | Support | Default | Description
--- | --- | --- | --- | --- | ---
method| string | No | all | | HTTP verb
packagePattern| string | No | all | | Only run this notification if the package name matches the regular expression
packagePatternFlags| string | No | all | | Any flags to be used with the regular expression
headers| array/object | Yes | all | | If this endpoint requires specific headers, set them here as an array of key: value objects.
endpoint| string | Yes | all | | set the URL endpoint for this call
content| string | Yes | all | | any [Handlebar](https://handlebarsjs.com/) expressions

View file

@ -1,151 +0,0 @@
---
id: version-3.2.0-packages
title: Package Access
original_id: packages
---
It's a series of contraints that allow or restrict access to the local storage based in specific criteria.
The security constraints remain on the shoulders of the plugin being used, by default `verdaccio` uses the [htpasswd plugin](https://github.com/verdaccio/verdaccio-htpasswd). If you use a different plugin the behaviour might be different. The default plugin does not handle `allow_access` and `allow_publish` by itself, it uses an internal fallback in case the plugin is not ready for it.
For more information about permissions visit [the authentification section in the wiki](auth.md).
### Usage
```yalm
packages:
# scoped packages
'@scope/*':
access: all
publish: all
proxy: server2
'private-*':
access: all
publish: all
proxy: uplink1
'**':
# allow all users (including non-authenticated users) to read and
# publish all packages
access: all
publish: all
proxy: uplink2
```
if none is specified, the default one remains
```yaml
packages:
'**':
access: all
publish: $authenticated
```
The list of valid groups according the default plugins are
```js
'$all', '$anonymous', '@all', '@anonymous', 'all', 'undefined', 'anonymous'
```
All users recieve all those set of permissions independently of is anonymous or not plus the groups provided by the plugin, in case of `htpasswd` return the username as a group. For instance, if you are logged as `npmUser` the list of groups will be.
```js
// groups without '$' are going to be deprecated eventually
'$all', '$anonymous', '@all', '@anonymous', 'all', 'undefined', 'anonymous', 'npmUser'
```
If you want to protect specific set packages under your group, you need to do something like this. Let's use a `Regex` that covers all prefixed `npmuser-` packages. We recomend using a prefix for your packages, in that way it will be easier to protect them.
```yaml
packages:
'npmuser-*':
access: npmuser
publish: npmuser
```
Restart `verdaccio` and in your console try to install `npmuser-core`.
```bash
$ npm install npmuser-core
npm install npmuser-core
npm ERR! code E403
npm ERR! 403 Forbidden: npmuser-core@latest
npm ERR! A complete log of this run can be found in:
npm ERR! /Users/user/.npm/_logs/2017-07-02T12_20_14_834Z-debug.log
```
You can change the existing behaviour using a different plugin authentication. `verdaccio` just checks whether the user that tried to access or publish a specific package belongs to the right group.
#### Set multiple groups
Defining multiple access groups is fairly easy, just define them with a white space between them.
```yaml
'company-*':
access: admin internal
publish: admin
proxy: server1
'supersecret-*':
access: secret super-secret-area ultra-secret-area
publish: secret ultra-secret-area
proxy: server1
```
#### Blocking access to set of packages
If you want to block the acccess/publish to a specific group of packages. Just do not define `access` and `publish`.
```yaml
packages:
'old-*':
'**':
access: all
publish: $authenticated
```
#### Blocking proxying a set of specific packages
You might want to block one or several packages from fetching from remote repositories., but, at the same time, allow others to access different *uplinks*.
Let's see the following example:
```yaml
packages:
'jquery':
access: $all
publish: $all
'my-company-*':
access: $all
publish: $authenticated
'@my-local-scope/*':
access: $all
publish: $authenticated
'**':
access: all
publish: $authenticated
proxy: npmjs
```
Let's describe what we want with the above example:
* I want to host my own `jquery` dependency but I need to avoid proxying it.
* I want all dependencies that match with `my-company-*` but I need to avoid proxying them.
* I want all dependencies that are in the `my-local-scope` scope but I need to avoid proxying them.
* I want proxying for all the rest of the dependencies.
Be **aware that the order of your packages definitions is important and always use double wilcard**. Because if you do not include it `verdaccio` will include it for you and the way that your dependencies are resolved will be affected.
### Configuration
You can define mutiple `packages` and each of them must have an unique `Regex`.
Property | Type | Required | Example | Support | Description
--- | --- | --- | --- | --- | ---
access | string | No | $all | all | define groups allowed to access the package
publish | string | No | $authenticated | all | define groups allowed to publish
proxy | string | No |npmjs | all | limit look ups for specific uplink
storage | boolean | No | [true,false] | all | TODO
> We higlight that we recommend to not use **allow_access**/**allow_publish** and **proxy_access** anymore, those are deprecated and will soon be removed, please use the short version of each of those (**access**/**publish**/**proxy**).

View file

@ -1,144 +0,0 @@
---
id: version-3.2.0-plugins
title: Plugins
original_id: plugins
---
Verdaccio is an plugabble aplication. It can be extended in many ways, either new authentication methods, adding
endpoints or using a custom storage.
> If you are interested to develop your own plugin, read the [development](dev-plugins.md) section.
## Usage
### Installation
```bash
$> npm install --global verdaccio-activedirectory
```
`verdaccio` as a sinopia fork it has backward compability with plugins that are compatible with `sinopia@1.4.0`. In such case the installation is the same.
```
$> npm install --global sinopia-memory
```
### Configuration
Open the `config.yaml` file and update the `auth` section as follows:
The default configuration looks like this, due we use a build-in `htpasswd` plugin by default that you can disable just commenting out the following lines.
### Auth Plugin Configuration
```yaml
htpasswd:
file: ./htpasswd
#max_users: 1000
```
and replacing them with (in case you decide to use a `ldap` plugin.
```yaml
auth:
activedirectory:
url: "ldap://10.0.100.1"
baseDN: 'dc=sample,dc=local'
domainSuffix: 'sample.local'
```
#### Multiple Auth plugins
This is tecnically possible, the plugins order becames important, the the credentials will resolved in order.
```yaml
auth:
htpasswd:
file: ./htpasswd
#max_users: 1000
activedirectory:
url: "ldap://10.0.100.1"
baseDN: 'dc=sample,dc=local'
domainSuffix: 'sample.local'
```
### Middleware Plugin Configuration
This is an example how to set up a middleware plugin. All middleware plugins must be defined in the **middlewares** namespace.
```yaml
middlewares:
audit:
enabled: true
```
### Store Plugin Configuration
This is an example how to set up a storage plugin. All storage plugins must be defined in the **store** namespace.
```yaml
store:
memory:
limit: 1000
```
> If you define a custom store, the property **storage** in the configuration file will be ignored.
## Legacy plugins
### Sinopia Plugins
(compatible all versions)
* [sinopia-npm](https://www.npmjs.com/package/sinopia-npm): auth plugin for sinopia supporting an npm registry.
* [sinopia-memory](https://www.npmjs.com/package/sinopia-memory): auth plugin for sinopia that keeps users in memory.
* [sinopia-github-oauth-cli](https://www.npmjs.com/package/sinopia-github-oauth-cli).
* [sinopia-crowd](https://www.npmjs.com/package/sinopia-crowd): auth plugin for sinopia supporting atlassian crowd.
* [sinopia-activedirectory](https://www.npmjs.com/package/sinopia-activedirectory): Active Directory authentication plugin for sinopia.
* [sinopia-github-oauth](https://www.npmjs.com/package/sinopia-github-oauth): authentication plugin for sinopia2, supporting github oauth web flow.
* [sinopia-delegated-auth](https://www.npmjs.com/package/sinopia-delegated-auth): Sinopia authentication plugin that delegates authentication to another HTTP URL
* [sinopia-altldap](https://www.npmjs.com/package/sinopia-altldap): Alternate LDAP Auth plugin for Sinopia
* [sinopia-request](https://www.npmjs.com/package/sinopia-request): An easy and fully auth-plugin with configuration to use an external API.
* [sinopia-htaccess-gpg-email](https://www.npmjs.com/package/sinopia-htaccess-gpg-email): Generate password in htaccess format, encrypt with GPG and send via MailGun API to users.
* [sinopia-mongodb](https://www.npmjs.com/package/sinopia-mongodb): An easy and fully auth-plugin with configuration to use a mongodb database.
* [sinopia-htpasswd](https://www.npmjs.com/package/sinopia-htpasswd): auth plugin for sinopia supporting htpasswd format.
* [sinopia-leveldb](https://www.npmjs.com/package/sinopia-leveldb): a leveldb backed auth plugin for sinopia private npm.
* [sinopia-gitlabheres](https://www.npmjs.com/package/sinopia-gitlabheres): Gitlab authentication plugin for sinopia.
* [sinopia-gitlab](https://www.npmjs.com/package/sinopia-gitlab): Gitlab authentication plugin for sinopia
* [sinopia-ldap](https://www.npmjs.com/package/sinopia-ldap): LDAP auth plugin for sinopia.
* [sinopia-github-oauth-env](https://www.npmjs.com/package/sinopia-github-oauth-env) Sinopia authentication plugin with github oauth web flow.
> All sinopia plugins should be compatible with all future verdaccio versions. Anyhow, we encourage contributors to migrate them to the
modern verdaccio API and using the prefix as *verdaccio-xx-name*.
## Verdaccio Plugins
(compatible since 2.1.x)
### Authorization Plugins
* [verdaccio-bitbucket](https://github.com/idangozlan/verdaccio-bitbucket): Bitbucket authentication plugin for verdaccio.
* [verdaccio-ldap](https://www.npmjs.com/package/verdaccio-ldap): LDAP auth plugin for verdaccio.
* [verdaccio-active-directory](https://github.com/nowhammies/verdaccio-activedirectory): Active Directory authentication plugin for verdaccio
* [verdaccio-gitlab](https://github.com/bufferoverflow/verdaccio-gitlab): use GitLab Personal Access Token to authenticate
* [verdaccio-htpasswd](https://github.com/verdaccio/verdaccio-htpasswd): Auth based on htpasswd file plugin (built-in) for verdaccio
* [verdaccio-github-oauth](https://github.com/aroundus-inc/verdaccio-github-oauth): Github oauth authentication plugin for verdaccio.
### Middleware Plugins
* [verdaccio-audit](https://github.com/verdaccio/verdaccio-audit): verdaccio plugin for *npm audit* cli support (built-in) (compatible since 3.x)
* [verdaccio-profile-api](https://github.com/ahoracek/verdaccio-profile-api): verdacci plugin for *npm profile* cli support and *npm profile set password* for *verdaccio-htpasswd* based authentificaton
### Storage Plugins
(compatible since 3.x)
* [verdaccio-memory](https://github.com/verdaccio/verdaccio-memory) Storage plugin to host packages in Memory
* [verdaccio-s3-storage](https://github.com/remitly/verdaccio-s3-storage) Storage plugin to host packages **Amazon S3**
* [verdaccio-google-cloud](https://github.com/verdaccio/verdaccio-google-cloud) Storage plugin to host packages **Google Cloud Storage**
## Caveats
> Not all these plugins are been tested continuously, some of them might not work at all.
Please if you found any issue feel free to notify the owner of each plugin.

View file

@ -1,45 +0,0 @@
---
id: version-3.2.0-protect-your-dependencies
title: Protecting packages
original_id: protect-your-dependencies
---
`verdaccio` allows you protect publish, to achieve that you will need to set up correctly your [packages acces](packages).
### Package configuration
Let's see for instance the following set up. You have a set of dependencies what are prefixed with `my-company-*` and you need to protect them from anonymous or another logged user without right credentials.
```yaml
'my-company-*':
access: admin teamA teamB teamC
publish: admin teamA
proxy: npmjs
```
With this configuration, basically we allow to groups **admin** and **teamA** to * publish* and **teamA** **teamB** **teamC** *access* to such dependencies.
### Use case: teamD try to access the dependency
So, if I am logged as **teamD**. I shouldn't be able to access all dependencies that match with `my-company-*` pattern.
```bash
➜ npm whoami
teamD
```
I won't have access to such dependencies and also won't be visible via web for user **teamD**. If I try to access the following will happen.
```bash
➜ npm install my-company-core
npm ERR! code E403
npm ERR! 403 Forbidden: webpack-1@latest
```
or with `yarn`
```bash
➜ yarn add my-company-core
yarn add v0.24.6
info No lockfile found.
[1/4] 🔍 Resolving packages...
error An unexpected error occurred: "http://localhost:5555/webpack-1: unregistered users are not allowed to access package my-company-core".
```

View file

@ -1,29 +0,0 @@
---
id: version-3.2.0-puppet
title: Puppet
original_id: puppet
---
Install verdaccio for Debian, Ubuntu, Fedora, and RedHat.
# Usage
There are two variants to install verdaccio using this Puppet module:
* Apply-mode (with puppet-apply and no puppetmaster setup needed)
* Master-Agent-mode (with puppet-agent accessing your configuration through the puppetmaster).
In both variants you have to explicitely call "class nodejs {}" in your puppet script because
the puppet-verdaccio module only defines this as a requirement, so you have all the flexibility you want when installing nodejs.
Scroll down for details about Master-Agent-mode variant.
For further information:
[https://github.com/verdaccio/puppet-verdaccio](https://github.com/verdaccio/puppet-verdaccio)
> We are looking for active contributors for this integration, if you are interested
[refers to this ticket](https://github.com/verdaccio/puppet-verdaccio/issues/11).

View file

@ -1,10 +0,0 @@
---
id: version-3.2.0-source-code
title: Source Code
original_id: source-code
---
`verdaccio` is composed or multiple repositories you might contribute. Look into the **issues** tab whether there is a ticket waiting for you 🤠.
To see the complete list of repositories, [click here](https://github.com/verdaccio/verdaccio/wiki/Repositories).

View file

@ -1,91 +0,0 @@
---
id: version-3.2.0-reverse-proxy
title: Reverse Proxy Setup
original_id: reverse-proxy
---
## Apache
Apache and mod_proxy should not decode/encode slashes and leave them as they are:
````
<VirtualHost *:80>
AllowEncodedSlashes NoDecode
ProxyPass /npm http://127.0.0.1:4873 nocanon
ProxyPassReverse /npm http://127.0.0.1:4873
</VirtualHost>
````
### Configuration with SSL
config.yaml
```yaml
url_prefix: https://npm.your.domain.com
```
Apache virtual server configuration
````
apacheconfig
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName npm.your.domain.com
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/npm.your.domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/npm.your.domain.com/privkey.pem
SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
ProxyPass / http://127.0.0.1:4873 nocanon
ProxyPassReverse / http://127.0.0.1:4873
</VirtualHost>
</IfModule>
````
## Nginx
````
server {
listen 80 default_server;
location / {
proxy_pass http://127.0.0.1:4873/;
proxy_set_header Host $host;
}
}
````
## Run behind reverse proxy with different domain and port
If you run verdaccio behind reverse proxy, you may noticed all resource file served as relaticve path, like `http://127.0.0.1:4873/-/static`
To resolve this issue, you should send real domain and port to verdaccio with `Host` heade
Nginx configure should look like this:
```nginx
location / {
proxy_pass http://127.0.0.1:4873/;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
```
For this case, `url_prefix` should NOT set in verdaccio config
---
or a sub-directory installation:
```nginx
location ~ ^/verdaccio/(.*)$ {
proxy_pass http://127.0.0.1:4873/$1;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
```
For this case, `url_prefix` should set to `/verdaccio/`
> Note: There is a Slash after install path (`https://your-domain:port/vardaccio/`)!

View file

@ -1,76 +0,0 @@
---
id: version-3.2.0-server-configuration
title: Server Configuration
original_id: server-configuration
---
This is mostly basic linux server configuration stuff but I felt it important to document and share the steps I took to get verdaccio running permanently on my server. You will need root (or sudo) permissions for the following.
## Running as a separate user
First create the verdaccio user:
```bash
$ sudo adduser --disabled-login --gecos 'Verdaccio NPM mirror' verdaccio
```
You create a shell as the verdaccio user using the following command:
```bash
$ sudo su verdaccio
$ cd ~
```
The 'cd ~' command send you to the home directory of the verdaccio user. Make sure you run verdaccio at least once to generate the config file. Edit it according to your needs.
## Listening on all addresses
If you want to listen to every external address set the listen directive in the config to:
```yaml
# you can specify listen address (or simply a port)
listen: 0.0.0.0:4873
```
If you are running `verdaccio` in a Amazon EC2 Instance, [you will need set the listen in change your config file](https://github.com/verdaccio/verdaccio/issues/314#issuecomment-327852203) as is described above.
> Apache configure? Please check out the [Reverse Proxy Setup](reverse-proxy.md)
## Keeping verdaccio running forever
We can use the node package called 'forever' to keep verdaccio running all the time.
https://github.com/nodejitsu/forever
First install forever globally:
```bash
$ sudo npm install -g forever
```
Make sure you've started verdaccio at least once to generate the config file and write down the created admin user. You can then use the following command to start verdaccio:
```bash
$ forever start `which verdaccio`
```
You can check the documentation for more information on how to use forever.
## Surviving server restarts
We can use crontab and forever together to restart verdaccio after a server reboot.
When you're logged in as the verdaccio user do the following:
```bash
$ crontab -e
```
This might ask you to choose an editor. Pick your favorite and proceed.
Add the following entry to the file:
```
@reboot /usr/bin/forever start /usr/lib/node_modules/verdaccio/bin/verdaccio
```
The locations may vary depending on your server setup. If you want to know where your files are you can use the 'which' command:
```bash
$ which forever
$ which verdaccio
```

View file

@ -1,53 +0,0 @@
---
id: version-3.2.0-ssl
title: Set up the SSL Certificates
original_id: ssl
---
Follow this instructions to configure a SSL certificate to serve NPM registry under HTTPS.
* Update the listen property in your `~/.config/verdaccio/config.yaml`:
````
listen: 'https://your.domain.com/'
````
Once you update the listen and try to run verdaccio again will ask for certificates.
* Generate your certificates
````
$ openssl genrsa -out /Users/user/.config/verdaccio/verdaccio-key.pem 2048
$ openssl req -new -sha256 -key /Users/user/.config/verdaccio/verdaccio-key.pem -out /Users/user/.config/verdaccio/verdaccio-csr.pem
$ openssl x509 -req -in /Users/user/.config/verdaccio/verdaccio-csr.pem -signkey /Users/user/.config/verdaccio/verdaccio-key.pem -out /Users/user/.config/verdaccio/verdaccio-cert.pem
````
* Edit your config file `/Users/user/.config/verdaccio/config.yaml` and add the following section
````
https:
key: /Users/user/.config/verdaccio/verdaccio-key.pem
cert: /Users/user/.config/verdaccio/verdaccio-cert.pem
ca: /Users/user/.config/verdaccio/verdaccio-csr.pem
````
Alternatively, if you have a certificate as `server.pfx` format, you can add the following configuration section. The passphrase is optional and only needed, if your certificate is encrypted.
````
https:
pfx: /Users/user/.config/verdaccio/server.pfx
passphrase: 'secret'
````
More info on the `key`, `cert`, `ca`, `pfx` and `passphrase` arguments on the [Node documentation](https://nodejs.org/api/tls.html#tls_tls_createsecurecontext_options)
* Run `verdaccio` in your command line.
* Open the browser and load `https://your.domain.com:port/`
This instructions are mostly valid under OSX and Linux, on Windows the paths will vary but, the steps are the same.
## Docker
If you are using the Docker image, you have to set the `PROTOCOL` environment variable to `https` as the `listen` argument is provided on the [Dockerfile](https://github.com/verdaccio/verdaccio/blob/master/Dockerfile#L43), and thus ignored from your config file.
You can also set the `PORT` environment variable if you are using a different port than `4873`.

View file

@ -1,8 +0,0 @@
---
id: version-3.2.0-unit-testing
title: Unit Testing
original_id: unit-testing
---
Verdaccio has strong focus on unit testing and end to end testing. If you are willing to contribute,
please refer to the following [guide for more information](https://github.com/verdaccio/verdaccio/wiki/Developing-new-tests).

View file

@ -1,87 +0,0 @@
---
id: version-3.2.0-uplinks
title: Uplinks
original_id: uplinks
---
An *uplink* is a link with an external registry that provides acccess to external packages.
![Uplinks](/img/uplinks.png)
### Usage
```yaml
uplinks:
npmjs:
url: https://registry.npmjs.org/
server2:
url: http://mirror.local.net/
timeout: 100ms
server3:
url: http://mirror2.local.net:9000/
baduplink:
url: http://localhost:55666/
```
### Configuration
You can define mutiple uplinks and each of them must have an unique name (key). They can have two properties:
Property | Type | Required | Example | Support | Description | Default
--- | --- | --- | --- | --- | --- | ---
url | string | Yes | https://registry.npmjs.org/ | all | The registry url | npmjs
ca | string | No | ~./ssl/client.crt' | all | SSL path certificate | No default
timeout | string | No | 100ms | all | set new timeout for the request | 30s
maxage | string | No |10m | all | limit maximun failure request | 2m
fail_timeout | string | No |10m | all | defines max time when a request becomes a failure | 5m
max_fails | number | No |2 | all | limit maximun failure request | 2
cache | boolean | No |[true,false] | >= 2.1 | cache all remote tarballs in storage | true
auth | list | No | [see below](uplinks.md#auth-property) | >= 2.5 | assigns the header 'Authorization' [more info](http://blog.npmjs.org/post/118393368555/deploying-with-npm-private-modules) | disabled
headers | list | No | authorization: "Bearer SecretJWToken==" | all | list of custom headers for the uplink | disabled
strict_ssl |boolean | No | [true,false] | >= 3.0 | If true, requires SSL certificates be valid. | true
#### Auth property
The `auth` property allows you to use an auth token with an uplink. Using the default environment variable:
```yaml
uplinks:
private:
url: https://private-registry.domain.com/registry
auth:
type: bearer
token_env: true # defaults to `process.env['NPM_TOKEN']`
```
or via a specified environment variable:
```yaml
uplinks:
private:
url: https://private-registry.domain.com/registry
auth:
type: bearer
token_env: FOO_TOKEN
```
`token_env: FOO_TOKEN `internally will use `process.env['FOO_TOKEN']`
or by directly specifying a token:
```yaml
uplinks:
private:
url: https://private-registry.domain.com/registry
auth:
type: bearer
token: "token"
```
> Note: `token` has priority over `token_env`
### You Must know
* Verdaccio does not use Basic Authentication since version `v2.3.0`. All tokens generated by verdaccio are based on JWT ([JSON Web Token](https://jwt.io/))
* Uplinks must be registries compatible with the `npm` endpoints. Eg: *verdaccio*, `sinopia@1.4.0`, *npmjs registry*, *yarn registry*, *JFrog*, *Nexus* and more.
* Setting `cache` to false will help to save space in your hard drive. This will avoid store `tarballs` but [it will keep metadata in folders](https://github.com/verdaccio/verdaccio/issues/391).
* Exceed with multiple uplinks might slow down the lookup of your packages due for each request a npm client does, verdaccio does 1 call for each uplink.
* The (timeout, maxage and fail_timeout) format follow the [NGINX measurement units](http://nginx.org/en/docs/syntax.html)

View file

@ -1,33 +0,0 @@
---
id: version-3.2.0-use-cases
title: Use Cases
original_id: use-cases
---
## Using private packages
You can add users and manage which users can access which packages.
It is recommended that you define a prefix for your private packages, for example "local", so all your private things will look like this: `local-foo`. This way you can clearly separate public packages from private ones.
## Using public packages from npmjs.org
If some package doesn't exist in the storage, server will try to fetch it from npmjs.org. If npmjs.org is down, it serves packages from cache pretending that no other packages exist. Verdaccio will download only what's needed (= requested by clients), and this information will be cached, so if client will ask the same thing second time, it can be served without asking npmjs.org for it.
Example: if you successfully request express@3.0.1 from this server once, you'll able to do that again (with all it's dependencies) anytime even if npmjs.org is down. But say express@3.0.0 will not be downloaded until it's actually needed by somebody. And if npmjs.org is offline, this server would say that only express@3.0.1 (= only what's in the cache) is published, but nothing else.
## Override public packages
If you want to use a modified version of some public package `foo`, you can just publish it to your local server, so when your type `npm install foo`, it'll consider installing your version.
There's two options here:
1. You want to create a separate fork and stop synchronizing with public version.
If you want to do that, you should modify your configuration file so verdaccio won't make requests regarding this package to npmjs anymore. Add a separate entry for this package to *config.yaml* and remove `npmjs` from `proxy` list and restart the server.
When you publish your package locally, you should probably start with version string higher than existing one, so it won't conflict with existing package in the cache.
2. You want to temporarily use your version, but return to public one as soon as it's updated.
In order to avoid version conflicts, you should use a custom pre-release suffix of the next patch version. For example, if a public package has version 0.1.2, you can upload 0.1.3-my-temp-fix. This way your package will be used until its original maintainer updates his public package to 0.1.3.

View file

@ -1,26 +0,0 @@
---
id: version-3.2.0-webui
title: Web User Interface
original_id: webui
---
<p align="center"><img src="https://firebasestorage.googleapis.com/v0/b/jotadeveloper-website.appspot.com/o/verdaccio_long_video2.gif?alt=media&token=4d20cad1-f700-4803-be14-4b641c651b41"></p>
Verdaccio has a web user interface to display only the private packges and can be customisable.
```yaml
web:
enable: true
title: Verdaccio
logo: logo.png
```
All access restrictions defined to [protect your packages](protect-your-dependencies.md) will also apply to the Web Interface.
### Configuration
Property | Type | Required | Example | Support | Description
--- | --- | --- | --- | --- | ---
enable | boolean | No | true/false | all | allow to display the web interface
title | string | No | Verdaccio | all | HTML head title description
logo | string | No | http://my.logo.domain/logo.png | all | a URI where logo is located

View file

@ -1,58 +0,0 @@
---
id: version-3.2.0-what-is-verdaccio
title: What is Verdaccio?
original_id: what-is-verdaccio
---
Verdaccio is a **lightweight private npm proxy registry** built in **Node.js**
## What's a registry
* A repository for packages that implements the **CommonJS Compliant Package Registry specification** for reading package info
* Provide an API compatible with npm clients **(yarn/npm/pnpm)**
* Follow the semantic Versioning compatible **(semver)**
```
$> verdaccio
```
![registry](/svg/verdaccio_server.gif)
## Using Verdaccio
Using verdaccio with any node package manager client is quite straightforward.
![registry](/svg/npm_install.gif)
You can use a custom registry either setting globally for all your projects
```
npm set registry http://localhost:4873
```
or by command line as argument `--registry` in npm (slightly different in yarn)
```
npm install lodash --registry http://localhost:4873
```
## Private
All packages that you publish are private and only accessible based in your configuration.
## Proxy
Verdaccio cache all dependencies by demand and speed up installations in local or private networks.
## Verdaccio in a nutshell
* It's a web app based on Node.js
* It's a private npm registry
* It's a local network proxy
* It's a Pluggable application
* It's a fairly easy install and use
* We offer Docker and Kubernetes support
* It is 100% compatible with yarn, npm and pnpm
* It was **forked** based on `sinopia@1.4.0` and 100% **backward compatible**.
* Verdaccio means **A green color popular in late medieval Italy for fresco painting**.

View file

@ -1,58 +0,0 @@
---
id: version-3.2.0-windows
title: Installing As a Windows Service
original_id: windows
---
Loosely based upon the instructions found [here](http://asysadmin.tumblr.com/post/32941224574/running-nginx-on-windows-as-a-service). I crafted the following and it provided me with a fully working verdaccio service installation:
1. Create a directory for verdaccio
* mkdir `c:\verdaccio`
* cd `c:\verdaccio`
2. Install verdaccio locally (I ran into npm issues with global installs)
* npm install verdaccio
3. Create your `config.yaml` file in this location `(c:\verdaccio\config.yaml)`
4. Windows Service Setup
## Using NSSM
ALTERNATIVE METHOD: (WinSW package was missing when I tried to download it)
* Download [NSSM](https://www.nssm.cc/download/) and extract
* Add the path that contains nssm.exe to the PATH
* Open an administrative command
* Run nssm install verdaccio At a minimum you must fill in the Application tab Path,
Startup directory and Arguments fields. Assuming an install with node in the system path and a
location of c:\verdaccio the below values will work:
* Path: `node`
* Startup directory: `c:\verdaccio`
* Arguments: `c:\verdaccio\node_modules\verdaccio\build\lib\cli.js -c c:\verdaccio\config.yaml`
You can adjust other service settings under other tabs as desired. When you are done, click Install service button
* Start the service sc start verdaccio
## Using WinSW
* As of 2015-10-27, WinSW is no longer available at the below location. Please follow the Using NSSM instructions above.
* Download [WinSW](http://repo.jenkins-ci.org/releases/com/sun/winsw/winsw/)
* Place the executable (e.g. `winsw-1.9-bin.exe`) into this folder (`c:\verdaccio`) and rename it to `verdaccio-winsw.exe`
* Create a configuration file in `c:\verdaccio`, named `verdaccio-winsw.xml`
with the following configuration `xml verdaccio verdaccio verdaccio node c:\verdaccio\node_modules\verdaccio\src\lib\cli.js -c c:\verdaccio\config.yaml roll c:\verdaccio\ `.
* Install your service
* `cd c:\verdaccio`
* `verdaccio-winsw.exe install`
* Start your service
* `verdaccio-winsw.exe start`
Some of the above config is more verbose than I had expected, it appears as though 'workingdirectory'
is ignored, but other than that, this works for me and allows my verdaccio instance to
persist between restarts of the server, and also restart itself should there be any crashes of the verdaccio process.
## Repositories
* [verdaccio-deamon-windows](https://github.com/davidenke/verdaccio-deamon-windows)

View file

@ -1,194 +0,0 @@
---
id: version-3.3.0-dev-plugins
title: Developing Plugins
original_id: dev-plugins
---
There are many ways to extend `verdaccio`, the kind of plugins supported are:
* Authentication plugins
* Middleware plugins (since `v2.7.0`)
* Storage plugins since (`v3.x`)
> We recommend developing plugins using our [flow type definitions](https://github.com/verdaccio/flow-types).
## Authentication Plugin
Basically we have to return an object with a single method called `authenticate` that will recieve 3 arguments (`user, password, callback`).
### API
```flow
interface IPluginAuth extends IPlugin {
login_url?: string;
authenticate(user: string, password: string, cb: Callback): void;
adduser(user: string, password: string, cb: Callback): void;
allow_access(user: RemoteUser, pkg: $Subtype<PackageAccess>, cb: Callback): void;
allow_publish(user: RemoteUser, pkg: $Subtype<PackageAccess>, cb: Callback): void;
}
```
> Only `adduser`, `allow_access` and `allow_publish` are optional, verdaccio provide a fallback in all those cases.
#### Callback
Once the authentication has been executed there is 2 options to give a response to `verdaccio`.
###### OnError
Either something bad happened or auth was unsuccessful.
```flow
callback(null, false)
```
###### OnSuccess
The auth was successful.
`groups` is an array of strings where the user is part of.
```
callback(null, groups);
```
### Example
```javascript
function Auth(config, stuff) {
var self = Object.create(Auth.prototype);
self._users = {};
// config for this module
self._config = config;
// verdaccio logger
self._logger = stuff.logger;
// pass verdaccio logger to ldapauth
self._config.client_options.log = stuff.logger;
return self;
}
Auth.prototype.authenticate = function (user, password, callback) {
var LdapClient = new LdapAuth(self._config.client_options);
....
LdapClient.authenticate(user, password, function (err, ldapUser) {
...
var groups;
...
callback(null, groups);
});
};
module.exports = Auth;
```
And the configuration will looks like:
```yaml
auth:
htpasswd:
file: ./htpasswd
```
Where `htpasswd` is the sufix of the plugin name. eg: `verdaccio-htpasswd` and the rest of the body would be the plugin configuration params.
## Middleware Plugin
Middleware plugins have the capability to modify the API layer, either adding new endpoints or intercepting requests.
```flow
interface verdaccio$IPluginMiddleware extends verdaccio$IPlugin {
register_middlewares(app: any, auth: IBasicAuth, storage: IStorageManager): void;
}
```
### register_middlewares
The method provide full access to the authentification and storage via `auth` and `storage`. `app` is the express application that allows you to add new endpoints.
> A pretty good example
of middleware plugin is the [sinopia-github-oauth](https://github.com/soundtrackyourbrand/sinopia-github-oauth) and [verdaccio-audit](https://github.com/verdaccio/verdaccio-audit).
### API
```js
function register_middlewares(expressApp, authInstance, storageInstance) {
/* more stuff */
}
```
To register a middleware we need an object with a single method called `register_middlewares` that will recieve 3 arguments (`expressApp, auth, storage`).
*Auth* is the authentification instance and *storage* is also the main Storage instance that will give you have access to all to the storage actions.
## Storage Plugin
Verdaccio by default uses a file system storage plugin [local-storage](https://github.com/verdaccio/local-storage), but, since `verdaccio@3.x` you can plug in a custom storage replacing the default behaviour.
### API
The storage API is a bit more complex, you will need to create a class that return a `IPluginStorage` implementation. Please see details bellow.
```flow
class LocalDatabase<IPluginStorage>{
constructor(config: $Subtype<verdaccio$Config>, logger: verdaccio$Logger): ILocalData;
}
interface IPluginStorage {
logger: verdaccio$Logger;
config: $Subtype<verdaccio$Config>;
add(name: string, callback: verdaccio$Callback): void;
remove(name: string, callback: verdaccio$Callback): void;
get(callback: verdaccio$Callback): void;
getSecret(): Promise<string>;
setSecret(secret: string): Promise<any>;
getPackageStorage(packageInfo: string): verdaccio$IPackageStorage;
search(onPackage: verdaccio$Callback, onEnd: verdaccio$Callback, validateName: Function): void;
}
interface IPackageStorageManager {
path: string;
logger: verdaccio$Logger;
writeTarball(name: string): verdaccio$IUploadTarball;
readTarball(name: string): verdaccio$IReadTarball;
readPackage(fileName: string, callback: verdaccio$Callback): void;
createPackage(name: string, value: verdaccio$Package, cb: verdaccio$Callback): void;
deletePackage(fileName: string, callback: verdaccio$Callback): void;
removePackage(callback: verdaccio$Callback): void;
updatePackage(pkgFileName: string,
updateHandler: verdaccio$Callback,
onWrite: verdaccio$Callback,
transformPackage: Function,
onEnd: verdaccio$Callback): void;
savePackage(fileName: string, json: verdaccio$Package, callback: verdaccio$Callback): void;
}
class verdaccio$IUploadTarball extends stream$PassThrough {
abort: Function;
done: Function;
_transform: Function;
abort(): void;
done(): void;
}
class verdaccio$IReadTarball extends stream$PassThrough {
abort: Function;
abort(): void;
}
```
> The Storage API is still experimental and might change in the next minor versions. For further information about Storage API please follow the [types
definitions in our official repository](https://github.com/verdaccio/flow-types).
### Storage Plugins Examples
The following list of plugins are implementing the Storage API and might be used them as example.
* [verdaccio-memory](https://github.com/verdaccio/verdaccio-memory)
* [local-storage](https://github.com/verdaccio/local-storage)
* [verdaccio-google-cloud](https://github.com/verdaccio/verdaccio-google-cloud)
* [verdaccio-s3-storage](https://github.com/Remitly/verdaccio-s3-storage/tree/s3)
> Are you willing to contribute with new Storage Plugins? [Click here.](https://github.com/verdaccio/verdaccio/issues/103#issuecomment-357478295)

View file

@ -1,49 +0,0 @@
---
id: version-3.3.0-installation
title: Installation
original_id: installation
---
Verdaccio is a multiplatform web application. To install it, you need a few prerequisites.
#### Prerequisites
1. Node higher than
- For version `verdaccio@2.x` Node `v4.6.1` is the minimum supported version.
- For version `verdaccio@latest` Node `6.12.0` is the minimum supported version.
2. npm `>=3.x` or `yarn`
3. The web interface supports the `Chrome, Firefox, Edge, and IE9` browsers.
## Installing the CLI
`verdaccio` must be installed globaly using either of the following methods:
Using `npm`
```bash
npm install -g verdaccio
```
or using `yarn`
```bash
yarn global add verdaccio
```
![install verdaccio](/svg/install_verdaccio.gif)
## Basic Usage
Once it has been installed, you only need to execute the CLI command:
```bash
$> verdaccio
warn --- config file - /home/.config/verdaccio/config.yaml
warn --- http address - http://localhost:4873/ - verdaccio/3.0.1
```
For more information about the CLI, please [read the cli section](cli.md).
## Docker Image
`verdaccio` has an official docker image you can use, and in most cases, the default configuration is good enough. For more information about how to install the official image, [read the docker section](docker.md).

View file

@ -1,146 +0,0 @@
---
id: version-3.3.0-plugins
title: Plugins
original_id: plugins
---
Verdaccio is an plugabble aplication. It can be extended in many ways, either new authentication methods, adding
endpoints or using a custom storage.
> If you are interested to develop your own plugin, read the [development](dev-plugins.md) section.
## Usage
### Installation
```bash
$> npm install --global verdaccio-activedirectory
```
`verdaccio` as a sinopia fork it has backward compability with plugins that are compatible with `sinopia@1.4.0`. In such case the installation is the same.
```
$> npm install --global sinopia-memory
```
### Configuration
Open the `config.yaml` file and update the `auth` section as follows:
The default configuration looks like this, due we use a build-in `htpasswd` plugin by default that you can disable just commenting out the following lines.
### Auth Plugin Configuration
```yaml
htpasswd:
file: ./htpasswd
#max_users: 1000
```
and replacing them with (in case you decide to use a `ldap` plugin.
```yaml
auth:
activedirectory:
url: "ldap://10.0.100.1"
baseDN: 'dc=sample,dc=local'
domainSuffix: 'sample.local'
```
#### Multiple Auth plugins
This is tecnically possible, the plugins order becames important, the the credentials will resolved in order.
```yaml
auth:
htpasswd:
file: ./htpasswd
#max_users: 1000
activedirectory:
url: "ldap://10.0.100.1"
baseDN: 'dc=sample,dc=local'
domainSuffix: 'sample.local'
```
### Middleware Plugin Configuration
This is an example how to set up a middleware plugin. All middleware plugins must be defined in the **middlewares** namespace.
```yaml
middlewares:
audit:
enabled: true
```
> You might follow the [audit middle plugin](https://github.com/verdaccio/verdaccio-audit) as base example.
### Store Plugin Configuration
This is an example how to set up a storage plugin. All storage plugins must be defined in the **store** namespace.
```yaml
store:
memory:
limit: 1000
```
> If you define a custom store, the property **storage** in the configuration file will be ignored.
## Legacy plugins
### Sinopia Plugins
(compatible all versions)
* [sinopia-npm](https://www.npmjs.com/package/sinopia-npm): auth plugin for sinopia supporting an npm registry.
* [sinopia-memory](https://www.npmjs.com/package/sinopia-memory): auth plugin for sinopia that keeps users in memory.
* [sinopia-github-oauth-cli](https://www.npmjs.com/package/sinopia-github-oauth-cli).
* [sinopia-crowd](https://www.npmjs.com/package/sinopia-crowd): auth plugin for sinopia supporting atlassian crowd.
* [sinopia-activedirectory](https://www.npmjs.com/package/sinopia-activedirectory): Active Directory authentication plugin for sinopia.
* [sinopia-github-oauth](https://www.npmjs.com/package/sinopia-github-oauth): authentication plugin for sinopia2, supporting github oauth web flow.
* [sinopia-delegated-auth](https://www.npmjs.com/package/sinopia-delegated-auth): Sinopia authentication plugin that delegates authentication to another HTTP URL
* [sinopia-altldap](https://www.npmjs.com/package/sinopia-altldap): Alternate LDAP Auth plugin for Sinopia
* [sinopia-request](https://www.npmjs.com/package/sinopia-request): An easy and fully auth-plugin with configuration to use an external API.
* [sinopia-htaccess-gpg-email](https://www.npmjs.com/package/sinopia-htaccess-gpg-email): Generate password in htaccess format, encrypt with GPG and send via MailGun API to users.
* [sinopia-mongodb](https://www.npmjs.com/package/sinopia-mongodb): An easy and fully auth-plugin with configuration to use a mongodb database.
* [sinopia-htpasswd](https://www.npmjs.com/package/sinopia-htpasswd): auth plugin for sinopia supporting htpasswd format.
* [sinopia-leveldb](https://www.npmjs.com/package/sinopia-leveldb): a leveldb backed auth plugin for sinopia private npm.
* [sinopia-gitlabheres](https://www.npmjs.com/package/sinopia-gitlabheres): Gitlab authentication plugin for sinopia.
* [sinopia-gitlab](https://www.npmjs.com/package/sinopia-gitlab): Gitlab authentication plugin for sinopia
* [sinopia-ldap](https://www.npmjs.com/package/sinopia-ldap): LDAP auth plugin for sinopia.
* [sinopia-github-oauth-env](https://www.npmjs.com/package/sinopia-github-oauth-env) Sinopia authentication plugin with github oauth web flow.
> All sinopia plugins should be compatible with all future verdaccio versions. Anyhow, we encourage contributors to migrate them to the
modern verdaccio API and using the prefix as *verdaccio-xx-name*.
## Verdaccio Plugins
(compatible since 2.1.x)
### Authorization Plugins
* [verdaccio-bitbucket](https://github.com/idangozlan/verdaccio-bitbucket): Bitbucket authentication plugin for verdaccio.
* [verdaccio-ldap](https://www.npmjs.com/package/verdaccio-ldap): LDAP auth plugin for verdaccio.
* [verdaccio-active-directory](https://github.com/nowhammies/verdaccio-activedirectory): Active Directory authentication plugin for verdaccio
* [verdaccio-gitlab](https://github.com/bufferoverflow/verdaccio-gitlab): use GitLab Personal Access Token to authenticate
* [verdaccio-htpasswd](https://github.com/verdaccio/verdaccio-htpasswd): Auth based on htpasswd file plugin (built-in) for verdaccio
* [verdaccio-github-oauth](https://github.com/aroundus-inc/verdaccio-github-oauth): Github oauth authentication plugin for verdaccio.
### Middleware Plugins
* [verdaccio-audit](https://github.com/verdaccio/verdaccio-audit): verdaccio plugin for *npm audit* cli support (built-in) (compatible since 3.x)
* [verdaccio-profile-api](https://github.com/ahoracek/verdaccio-profile-api): verdacci plugin for *npm profile* cli support and *npm profile set password* for *verdaccio-htpasswd* based authentificaton
### Storage Plugins
(compatible since 3.x)
* [verdaccio-memory](https://github.com/verdaccio/verdaccio-memory) Storage plugin to host packages in Memory
* [verdaccio-s3-storage](https://github.com/remitly/verdaccio-s3-storage) Storage plugin to host packages **Amazon S3**
* [verdaccio-google-cloud](https://github.com/verdaccio/verdaccio-google-cloud) Storage plugin to host packages **Google Cloud Storage**
## Caveats
> Not all these plugins are been tested continuously, some of them might not work at all.
Please if you found any issue feel free to notify the owner of each plugin.

View file

@ -1,26 +0,0 @@
---
id: version-3.3.0-webui
title: Web User Interface2
original_id: webui
---
<p align="center"><img src="https://github.com/verdaccio/verdaccio/blob/master/assets/gif/verdaccio_big_30.gif?raw=true"></p>
Verdaccio has a web user interface to display only the private packges and can be customisable.
```yaml
web:
enable: true
title: Verdaccio
logo: logo.png
```
All access restrictions defined to [protect your packages](protect-your-dependencies.md) will also apply to the Web Interface.
### Configuration
Property | Type | Required | Example | Support | Description
--- | --- | --- | --- | --- | ---
enable | boolean | No | true/false | all | allow to display the web interface
title | string | No | Verdaccio | all | HTML head title description
logo | string | No | http://my.logo.domain/logo.png | all | a URI where logo is located

View file

@ -1,47 +0,0 @@
{
"version-3.2.0-docs": {
"Introduction": [
"version-3.2.0-what-is-verdaccio",
"version-3.2.0-installation",
"version-3.2.0-cli"
],
"Configuration": [
"version-3.2.0-configuration",
"version-3.2.0-uplinks",
"version-3.2.0-packages",
"version-3.2.0-authentification",
"version-3.2.0-notifications",
"version-3.2.0-logger",
"version-3.2.0-webui"
],
"Server": [
"version-3.2.0-server-configuration",
"version-3.2.0-reverse-proxy",
"version-3.2.0-ssl",
"version-3.2.0-windows",
"version-3.2.0-iss-server"
],
"Plugins": [
"version-3.2.0-plugins",
"version-3.2.0-dev-plugins"
],
"DevOps": [
"version-3.2.0-docker",
"version-3.2.0-kubernetes",
"version-3.2.0-ansible",
"version-3.2.0-puppet",
"version-3.2.0-chef",
"version-3.2.0-ci"
],
"Development": [
"version-3.2.0-build",
"version-3.2.0-contributing",
"version-3.2.0-source-code",
"version-3.2.0-unit-testing",
"version-3.2.0-node-api"
],
"Guides": [
"version-3.2.0-protect-your-dependencies"
]
}
}

View file

@ -1,6 +0,0 @@
[
"3.4.1",
"3.4.0",
"3.3.0",
"3.2.0"
]