NPM private library service
Introduction to the
Companies don’t want to open source their code to the package management area for privacy reasons, but they are desperate for a complete set of proprietary tools to manage an increasing number of components, modules, and projects. For the front end, I am most familiar with NPM, Bower, etc. However, bower’s market compatibility is obviously not as strong as NPM, coupled with the increasing maturity of the CommonJS specification. NPM should be the perfect choice for front-end package management.
The company has the following requirements for setting up a local private NPM library:
- Private packages are hosted on internal servers
- Public packages on a public repository and private packages on an internal server are used in the project
- Public packages go to the public repository and private packages go to the private repository of the internal server when downloading
- The server’s hard disk is limited and you want to cache only downloaded packages, not all synchronized.
- For download, the NPM package has corresponding permission management, easy installation, simple configuration, and less dependence.
Process for installing private packages
Service building
node + npm + verdaccio + pm2 + nrm
Sinopia Verdaccio is a zero-configuration proprietary NPM package management tool with caching capabilities
PS: Sinopia hasn’t been updated for many years. Verdaccio is based on Sinopia and has been refactored with more vitality
# config
$ /home/ubuntu/.config/verdaccio/config.yaml
# password
$ /home/ubuntu/web_npm/verdaccio/htpasswd
# storage
$ /home/ubuntu/web_npm/verdaccio/storage
Copy the code
Pm2 hosts Sinopia processes to keep them alive forever. NRM makes it easy to view and switch the registry verdaccio-delegated- Auth to enable the service to support custom validation
The standard custom
# Sinopia config.yaml
# path to a directory with all packages
storage: /home/ubuntu/web_npm/verdaccio/storage
auth:
# htpasswd:
# file: ./htpasswd
# max_users: -1
# mix_users: 1000
delegated-auth:
url: https://your-account-server/
user_key: name # username field, default: username
pwd_key: password # password field, default: password
# a list of other known repositories we can talk to
uplinks:
npmjs:
url: http://registry.npm.taobao.org/
packages:
'@company/*':
# scoped packages
access: $authenticated
publish: $authenticated
The '*':
# keywords: "$all", "$anonymous", "$authenticated"
access: $all
publish: $all
proxy: npmjs
# log settings
logs:
- {type: stdout, format: pretty, level: http}
#- {type: file, path: sinopia.log, level: info}Listen: 0.0.0.0:4873Copy the code
To prevent the client from creating false users or creating users by mistake, the registered user function is disabledA custom authentication plug-in has been written for Verdaccio to authenticate login using the username and password of your own account systemverdaccio-delegated-authmax_users: -1
, using the server to provide user account configurationfile: ./htpasswd
To add users.- Internally publishing packages to private services requires a prefix
@company/${app}
, e.g.@company/lodash
. The prefix package@company/*
The installation or publishing can be performed only after the account has been authenticated. (company
Refers to the company name) - Publishing an internal private package must have a README for the project, which must contain:
- A basic description
- use
- The source address
Client use
- The installation
nrm
Add a private service agent. Use your own system account to log in to the agent.
$ nrm add company http://*.*.*.*:4873/
$ nrm use company
$ npm login
Copy the code
- The browser accesses the private service to view all internal private packages.
security
The gateway
More and more
- Docker
- AWS S3 storage plugin for verdaccio
- npm login in CI
Github: github.com/yansenlei