mirror of
https://github.com/verdaccio/verdaccio.git
synced 2024-12-23 22:27:34 -05:00
81f367f4b2
* New translations uplinks.md (Chinese Simplified) docs(website): new translations * New translations uplinks.md (Chinese Simplified) docs(website): new translations * New translations what-is-verdaccio.md (Chinese Simplified) docs(website): new translations * New translations config.md (Chinese Simplified) docs(website): new translations * New translations plugins.md (Chinese Simplified) docs(website): new translations * New translations config.md (Chinese Simplified) docs(website): new translations * New translations what-is-verdaccio.md (Chinese Simplified) docs(website): new translations * New translations windows.md (Chinese Simplified) docs(website): new translations * New translations dev-plugins.md (Chinese Simplified) docs(website): new translations * New translations dev-plugins.md (Chinese Simplified) docs(website): new translations * New translations dev-plugins.md (Chinese Simplified) docs(website): new translations * New translations dev-plugins.md (Chinese Simplified) docs(website): new translations * New translations dev-plugins.md (Chinese Simplified) docs(website): new translations * New translations docker.md (Chinese Simplified) docs(website): new translations * New translations docker.md (Chinese Simplified) docs(website): new translations * New translations docker.md (Chinese Simplified) docs(website): new translations * New translations docker.md (Chinese Simplified) docs(website): new translations * New translations docker.md (Chinese Simplified) docs(website): new translations * New translations contributing.md (Spanish) docs(website): new translations * New translations contributing.md (Chinese Simplified) docs(website): new translations * New translations contributing.md (Portuguese, Brazilian) docs(website): new translations * New translations config.md (Spanish) docs(website): new translations * New translations web.md (Portuguese, Brazilian) docs(website): new translations * New translations web.md (Spanish) docs(website): new translations * New translations config.md (Chinese Simplified) docs(website): new translations * New translations config.md (Portuguese, Brazilian) docs(website): new translations * New translations web.md (Chinese Simplified) docs(website): new translations * New translations install.md (Chinese Simplified) docs(website): new translations * New translations node-api.md (Chinese Simplified) docs(website): new translations * New translations contributing.md (Chinese Simplified) docs(website): new translations * New translations web.md (Chinese Simplified) docs(website): new translations * New translations packages.md (Chinese Simplified) docs(website): new translations * New translations plugins.md (Spanish) docs(website): new translations * New translations plugins.md (Portuguese, Brazilian) docs(website): new translations * New translations plugins.md (Chinese Simplified) docs(website): new translations * New translations ansible.md (Polish) docs(website): new translations * New translations repositories.md (Polish) docs(website): new translations * New translations chef.md (Polish) docs(website): new translations * New translations puppet.md (Polish) docs(website): new translations * New translations ci.md (Polish) docs(website): new translations * New translations what-is-verdaccio.md (Polish) docs(website): new translations * New translations node-api.md (Polish) docs(website): new translations * New translations windows.md (Polish) docs(website): new translations * New translations web.md (Polish) docs(website): new translations * New translations use-cases.md (Polish) docs(website): new translations * New translations uplinks.md (Polish) docs(website): new translations * New translations test.md (Polish) docs(website): new translations * New translations ssl.md (Polish) docs(website): new translations * New translations server.md (Polish) docs(website): new translations * New translations reverse-proxy.md (Polish) docs(website): new translations * New translations protect-your-dependencies.md (Polish) docs(website): new translations * New translations auth.md (Polish) docs(website): new translations * New translations plugins.md (Polish) docs(website): new translations * New translations packages.md (Polish) docs(website): new translations * New translations notifications.md (Polish) docs(website): new translations * New translations logger.md (Polish) docs(website): new translations * New translations kubernetes.md (Polish) docs(website): new translations * New translations install.md (Polish) docs(website): new translations * New translations iis-server.md (Polish) docs(website): new translations * New translations docker.md (Polish) docs(website): new translations * New translations dev-plugins.md (Polish) docs(website): new translations * New translations contributing.md (Polish) docs(website): new translations * New translations config.md (Polish) docs(website): new translations * New translations cli.md (Polish) docs(website): new translations * New translations build.md (Polish) docs(website): new translations * New translations en.json (Polish) docs(website): new translations
150 lines
No EOL
5.1 KiB
Markdown
150 lines
No EOL
5.1 KiB
Markdown
---
|
|
id: packages
|
|
title: "Package Access"
|
|
---
|
|
It's a series of contraints that allow or restrict access to the local storage based in specific criteria.
|
|
|
|
The security constraints remain on the shoulders of the plugin being used, by default `verdaccio` uses the [htpasswd plugin](https://github.com/verdaccio/verdaccio-htpasswd). If you use a different plugin the behaviour might be different. The default plugin does not handle `allow_access` and `allow_publish` by itself, it uses an internal fallback in case the plugin is not ready for it.
|
|
|
|
For more information about permissions visit [the authentification section in the wiki](auth.md).
|
|
|
|
### Usage
|
|
|
|
```yalm
|
|
packages:
|
|
# scoped packages
|
|
'@scope/*':
|
|
access: all
|
|
publish: all
|
|
proxy: server2
|
|
|
|
'private-*':
|
|
access: all
|
|
publish: all
|
|
proxy: uplink1
|
|
|
|
'**':
|
|
# allow all users (including non-authenticated users) to read and
|
|
# publish all packages
|
|
access: all
|
|
publish: all
|
|
proxy: uplink2
|
|
```
|
|
|
|
if none is specified, the default one remains
|
|
|
|
```yaml
|
|
packages:
|
|
'**':
|
|
access: all
|
|
publish: $authenticated
|
|
```
|
|
|
|
The list of valid groups according the default plugins are
|
|
|
|
```js
|
|
'$all', '$anonymous', '@all', '@anonymous', 'all', 'undefined', 'anonymous'
|
|
```
|
|
|
|
All users recieve all those set of permissions independently of is anonymous or not plus the groups provided by the plugin, in case of `htpasswd` return the username as a group. For instance, if you are logged as `npmUser` the list of groups will be.
|
|
|
|
```js
|
|
// groups without '$' are going to be deprecated eventually
|
|
'$all', '$anonymous', '@all', '@anonymous', 'all', 'undefined', 'anonymous', 'npmUser'
|
|
```
|
|
|
|
If you want to protect specific set packages under your group, you need to do something like this. Let's use a `Regex` that covers all prefixed `npmuser-` packages. We recomend using a prefix for your packages, in that way it will be easier to protect them.
|
|
|
|
```yaml
|
|
packages:
|
|
'npmuser-*':
|
|
access: npmuser
|
|
publish: npmuser
|
|
```
|
|
|
|
Restart `verdaccio` and in your console try to install `npmuser-core`.
|
|
|
|
```bash
|
|
$ npm install npmuser-core
|
|
npm install npmuser-core
|
|
npm ERR! code E403
|
|
npm ERR! 403 Forbidden: npmuser-core@latest
|
|
|
|
npm ERR! A complete log of this run can be found in:
|
|
npm ERR! /Users/user/.npm/_logs/2017-07-02T12_20_14_834Z-debug.log
|
|
```
|
|
|
|
You can change the existing behaviour using a different plugin authentication. `verdaccio` just checks whether the user that tried to access or publish a specific package belongs to the right group.
|
|
|
|
#### Set multiple groups
|
|
|
|
Defining multiple access groups is fairly easy, just define them with a white space between them.
|
|
|
|
```yaml
|
|
'company-*':
|
|
access: admin internal
|
|
publish: admin
|
|
proxy: server1
|
|
'supersecret-*':
|
|
access: secret super-secret-area ultra-secret-area
|
|
publish: secret ultra-secret-area
|
|
proxy: server1
|
|
|
|
```
|
|
|
|
#### Blocking access to set of packages
|
|
|
|
If you want to block the acccess/publish to a specific group of packages. Just do not define `access` and `publish`.
|
|
|
|
```yaml
|
|
packages:
|
|
'old-*':
|
|
'**':
|
|
access: all
|
|
publish: $authenticated
|
|
```
|
|
|
|
#### Blocking proxying a set of specific packages
|
|
|
|
You might want to block one or several packages from fetching from remote repositories., but, at the same time, allow others to access different *uplinks*.
|
|
|
|
Let's see the following example:
|
|
|
|
```yaml
|
|
packages:
|
|
'jquery':
|
|
access: $all
|
|
publish: $all
|
|
'my-company-*':
|
|
access: $all
|
|
publish: $authenticated
|
|
'@my-local-scope/*':
|
|
access: $all
|
|
publish: $authenticated
|
|
'**':
|
|
access: all
|
|
publish: $authenticated
|
|
proxy: npmjs
|
|
```
|
|
|
|
Let's describe what we want with the above example:
|
|
|
|
* I want to host my own `jquery` dependency but I need to avoid proxying it.
|
|
* I want all dependencies that match with `my-company-*` but I need to avoid proxying them.
|
|
* I want all dependencies that are in the `my-local-scope` scope but I need to avoid proxying them.
|
|
* I want proxying for all the rest of the dependencies.
|
|
|
|
Be **aware that the order of your packages definitions is important and always use double wilcard**. Because if you do not include it `verdaccio` will include it for you and the way that your dependencies are resolved will be affected.
|
|
|
|
### Configuration
|
|
|
|
You can define mutiple `packages` and each of them must have an unique `Regex`.
|
|
|
|
| Property | Type | Required | Example | Support | Description |
|
|
| -------- | ------- | -------- | -------------- | ------- | ------------------------------------------- |
|
|
| access | string | No | $all | all | define groups allowed to access the package |
|
|
| publish | string | No | $authenticated | all | define groups allowed to publish |
|
|
| proxy | string | No | npmjs | all | limit look ups for specific uplink |
|
|
| storage | boolean | No | [true,false] | all | TODO |
|
|
|
|
> We higlight that we recommend to not use **allow_access**/**allow_publish** and **proxy_access** anymore, those are deprecated and will soon be removed, please use the short version of each of those (**access**/**publish**/**proxy**). |