# # This is the default configuration file. It allows all users to do anything, # please read carefully the documentation and best practices to # improve security. # # Look here for more config file examples: # https://github.com/verdaccio/verdaccio/tree/5.x/conf # # Read about the best practices # https://verdaccio.org/docs/best # path to a directory with all packages storage: ./storage # path to a directory with plugins to include plugins: ./plugins # https://verdaccio.org/docs/webui web: title: Verdaccio # comment out to disable gravatar support # gravatar: false # by default packages are ordercer ascendant (asc|desc) # sort_packages: asc # convert your UI to the dark side # darkMode: true # html_cache: true # by default all features are displayed # login: true # showInfo: true # showSettings: true # In combination with darkMode you can force specific theme # showThemeSwitch: true # showFooter: true # showSearch: true # showRaw: true # showDownloadTarball: true # HTML tags injected after manifest # scriptsBodyAfter: # - '' # HTML tags injected before ends # metaScripts: # - '' # - '' # - '' # HTML tags injected first child at # bodyBefore: # - '
html before webpack scripts
' # Public path for template manifest scripts (only manifest) # publicPath: http://somedomain.org/ # https://verdaccio.org/docs/configuration#authentication auth: htpasswd: file: ./htpasswd # Maximum amount of users allowed to register, defaults to "+inf". # You can set this to -1 to disable registration. # max_users: 1000 # Hash algorithm, possible options are: "bcrypt", "md5", "sha1", "crypt". # algorithm: bcrypt # by default is crypt, but is recommended use bcrypt for new installations # Rounds number for "bcrypt", will be ignored for other algorithms. # rounds: 10 # https://verdaccio.org/docs/configuration#uplinks # a list of other known repositories we can talk to uplinks: npmjs: url: https://registry.npmjs.org/ # Learn how to protect your packages # https://verdaccio.org/docs/protect-your-dependencies/ # https://verdaccio.org/docs/configuration#packages packages: '@*/*': # scoped packages access: $all publish: $authenticated unpublish: $authenticated proxy: npmjs '**': # allow all users (including non-authenticated users) to read and # publish all packages # # you can specify usernames/groupnames (depending on your auth plugin) # and three keywords: "$all", "$anonymous", "$authenticated" access: $all # allow all known users to publish/publish packages # (anyone can register by default, remember?) publish: $authenticated unpublish: $authenticated # if package is not available locally, proxy requests to 'npmjs' registry proxy: npmjs # To improve your security configuration and avoid dependency confusion # consider removing the proxy property for private packages # https://verdaccio.org/docs/best#remove-proxy-to-increase-security-at-private-packages # https://verdaccio.org/docs/configuration#server # You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections. # A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout. # WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough. server: keepAliveTimeout: 60 # Allow `req.ip` to resolve properly when Verdaccio is behind a proxy or load-balancer # See: https://expressjs.com/en/guide/behind-proxies.html # trustProxy: '127.0.0.1' # https://verdaccio.org/docs/configuration#offline-publish # publish: # allow_offline: false # https://verdaccio.org/docs/configuration#url-prefix # url_prefix: /verdaccio/ # VERDACCIO_PUBLIC_URL='https://somedomain.org'; # url_prefix: '/my_prefix' # // url -> https://somedomain.org/my_prefix/ # VERDACCIO_PUBLIC_URL='https://somedomain.org'; # url_prefix: '/' # // url -> https://somedomain.org/ # VERDACCIO_PUBLIC_URL='https://somedomain.org/first_prefix'; # url_prefix: '/second_prefix' # // url -> https://somedomain.org/second_prefix/' # https://verdaccio.org/docs/configuration#security # security: # api: # legacy: true # # recomended set to true for older installations # migrateToSecureLegacySignature: true # jwt: # sign: # expiresIn: 29d # verify: # someProp: [value] # web: # sign: # expiresIn: 1h # 1 hour by default # verify: # someProp: [value] # https://verdaccio.org/docs/configuration#user-rate-limit # userRateLimit: # windowMs: 50000 # max: 1000 # https://verdaccio.org/docs/configuration#max-body-size # max_body_size: 10mb # https://verdaccio.org/docs/configuration#listen-port # listen: # - localhost:4873 # default value # - http://localhost:4873 # same thing # - 0.0.0.0:4873 # listen on all addresses (INADDR_ANY) # - https://example.org:4873 # if you want to use https # - "[::1]:4873" # ipv6 # - unix:/tmp/verdaccio.sock # unix socket # The HTTPS configuration is useful if you do not consider use a HTTP Proxy # https://verdaccio.org/docs/configuration#https # https: # key: ./path/verdaccio-key.pem # cert: ./path/verdaccio-cert.pem # ca: ./path/verdaccio-csr.pem # https://verdaccio.org/docs/configuration#proxy # http_proxy: http://something.local/ # https_proxy: https://something.local/ # https://verdaccio.org/docs/configuration#notifications # notify: # method: POST # headers: [{ "Content-Type": "application/json" }] # endpoint: https://usagge.hipchat.com/v2/room/3729485/notification?auth_token=mySecretToken # content: '{"color":"green","message":"New package published: * {{ name }}*","notify":true,"message_format":"text"}' middlewares: audit: enabled: true # https://verdaccio.org/docs/logger # log settings log: { type: stdout, format: pretty, level: http } #experiments: # # support for npm token command # token: false # # disable writing body size to logs, read more on ticket 1912 # bytesin_off: false # # enable tarball URL redirect for hosting tarball with a different server, the tarball_url_redirect can be a template string # tarball_url_redirect: 'https://mycdn.com/verdaccio/${packageName}/${filename}' # # the tarball_url_redirect can be a function, takes packageName and filename and returns the url, when working with a js configuration file # tarball_url_redirect(packageName, filename) { # const signedUrl = // generate a signed url # return signedUrl; # } # translate your registry, api i18n not available yet # i18n: # list of the available translations https://github.com/verdaccio/verdaccio/blob/master/packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md # web: en-US