mirror of
https://github.com/verdaccio/verdaccio.git
synced 2024-12-23 22:27:34 -05:00
a6b0d63afb
Co-authored-by: Juan Picado <juanpicado19@gmail.com>
45 lines
1.5 KiB
Markdown
45 lines
1.5 KiB
Markdown
---
|
|
id: protect-your-dependencies
|
|
title: "Protecting packages"
|
|
---
|
|
|
|
Verdaccio allows you protect publishing to your registry. To achieve that you will need to set up correctly configure your [packages access](packages).
|
|
|
|
### Package configuration {#package-configuration}
|
|
|
|
Let's see for instance the following set up. You have a set of dependencies that are prefixed with `my-company-*` and you need to protect them from anonymous or other non-authorized logged-in users.
|
|
|
|
```yaml
|
|
"my-company-*":
|
|
access: admin teamA teamB teamC
|
|
publish: admin teamA
|
|
```
|
|
|
|
With this configuration, we allow the groups **admin** and **teamA** to _publish_ and **teamA**, **teamB** and **teamC** to _access_ the specified dependencies.
|
|
|
|
### Use case: teamD tries to access the dependency {#use-case-teamd-tries-to-access-the-dependency}
|
|
|
|
So, if I am logged as **teamD**. I shouldn't be able to access all dependencies that match the `my-company-*` pattern.
|
|
|
|
```bash
|
|
➜ npm whoami
|
|
teamD
|
|
```
|
|
|
|
I won't have access to such dependencies and they also won't be visible via the web interface for user **teamD**. If I try to access it, the following will happen:
|
|
|
|
```bash
|
|
➜ npm install my-company-core
|
|
npm ERR! code E403
|
|
npm ERR! 403 Forbidden: webpack-1@latest
|
|
```
|
|
|
|
or with `yarn`:
|
|
|
|
```bash
|
|
➜ yarn add my-company-core
|
|
yarn add v0.24.6
|
|
info No lockfile found.
|
|
[1/4] 🔍 Resolving packages...
|
|
error An unexpected error occurred: "http://localhost:5555/webpack-1: unregistered users are not allowed to access package my-company-core".
|
|
```
|