1. One line of code to deploy the private server
Why is it necessary to build a private server, efficient and stable NPM service private module to make CICD more secure? How to choose the three main tools in the community nexus Verdaccio and CNPM permission controlCopy the code
NPM install -g verdaccio start or pm2 start pm2 start verdaccio verdaccioCopy the code
2. Configure the config.yaml file
Verdaccio.org/docs/zh-CN/…
Storage Storage Authentication Configuration Auth user management Uplinks configuration uplink setting Taobao source Packages of package management Can set package download upload permissions notify notification message push / / the cat ~ /. Config/verdaccio/config. The yaml view the configuration informationCopy the code
/ / configuration uplink uplinks: # configuration upper NPM server Library is mainly used for requested does not exist when can go to the upper server to obtain NPMJS: url: https://registry.npmjs.org/ agent_options: KeepAlive: true maxSockets: 40 maxFreeSockets: 10 Taobao: https://registry.npm.taobao.org/ timeout: 10sCopy the code
3. User management
Auth: htpasswd: file:./htpasswd -1 # The default maximum number of registered users is 1000. -1 # $demoUnPublish: [liu, zhou] $testPublish: [liu, zhou] $testPublish: liu, zhou, Test // Verdaccio authentication based on verdaccio-htpasswd // In the configuration item auth, the default number of registered users is max_users:1000 NPM adduser --registry http://localhost:4873 / / will max_users: NPM install htpasswd-for-sinopia -g // Run the sinopia-adduser // command in the htpasswd directory Set Access publish unpublish to PackagesCopy the code
4. Permission control
'@demo/*': # @/ '# scoped packages: Publish: $authenticated # unpublish: $authenticated Proxy: Uplinks publish: npmuser 'test': uplinks publish: npmuser 'test': Access: $all # Allows all users including unauthenticated users to read and publish the package publish: $authenticated: unpublish: $authenticated proxy: NPMJS '**': access: $all publish: $authenticated proxy: npmjsCopy the code
5. Package Management (Release)
NPM install -g NRM NRM add test http://localhost:4873 NRM use test NPM adduser --registry http://localhost:4873 // Add user NPM login --registry=http://localhost:4873 // Login // How to manage the package version? 0.0.1 NPM publish --registry http://localhost:4873 // unpublish npm-testCopy the code
6. Notification push
Notify: "frontend- feISHU ": method: POST headers: [{' content-type ': 'application/json;charset=utf-8'}] # https://open.feishu.cn/open-apis/bot/v2/hook/31d935e0-a350-4355-aac1-767c1e437ec7 # push message content: '{"msg_type":"text","content":{"text":"New package published: `{{ name }}{{#each versions}} v{{version}}{{/each}}`"}}'Copy the code
NPM internal mechanisms and core principles
1. Front-end engineering cannot be done without NPM (Node Package Manager) or YARN management tools. We usually install and maintain dependencies through NPM (NPM Install) or connect functional parts through NPM script (NPM run dev). Let's start with some questions: NPM or YARN is the best option for project dependencies lock file to be submitted to the repository NPMRC file > user level.npmrc file > global level.npmrc file > NPM built-in.npmrc file 3. NPM installation mechanism The same project team should ensure that the NPM version is consistent Check whether lock file 1 exists. If the lock file is compatible with the package.json declaration, check whether the cache decompressed to node_modules version is inconsistent. If the installation version is compatible, install according to the lock file and update the package.lock file 2. No Lock file Get package information build dependencies check the cache Download package resources check integrity Add to the cache unzip to node_modules Generate locak files 4. NPM caching mechanism Localized caching of the same version of a dependency is a common design of dependency management tools NPM Config get cache (/Users/liuxs/.npm) NPM install --cache-min 9999999 <package-name> Used to install npm-cache in NPM from the cache directory During the process of install, pacote decompresses the corresponding package to the corresponding node_modules. NPM first downloads the dependency to the cache and then decompresses it to the project node_modules. Pacote downloads the package according to npm-registry-fetch You can set the integrity, version, and name information stored in the lock file to generate a unique key. Key Can find the cache directory in the index-h5 directory. If there are cache resources, find the hash of the tar package Unpack the binary files into node_modules of the corresponding project to save the overhead of network download resources 1. In a lock file find resolved address 2. Found in the cache directory corresponding to the hash value of ae/AD/e36bb05dedf314328c866af1e2f0417066c60ca44947944cd912e5490430 and the first four bits are used to catalog, In order to quickly find sha256 results in the file system 3. Metadata _shasum 4 can be obtained by obtaining the corresponding content. How to perform offline installation by searching for the hash file in the Content-v2 directory according to _shasum? Call shell script to output an initialized package.json file we can define init command (node script) module.exports = package.json configuration contents 6 Node_modules /. Bin folder NPX can automatically remove node_modules/. Bin PATH and environment variable $PATH NPX is not required to be defined in package.json. When executing the module, it will be installed first. When executing the module, it will be deleted (avoiding global installation) NRM ls Currently uses source NRM current to switch NRM use Taobao delete NRM del test NRM testCopy the code