Advantages of private NPM repositories
1. Convenient, the company’s internal development of private package, unified management, convenient development and use
2. Secure. Private packages are hosted in the company’s internal server and cannot be accessed externally
3. Speed up. We can build our own NPM server, which has its own cache of commonly used packages. Some CNPM packages have path problems, but THE speed of NPM is touching
4. Management. You can configure permission management for publishing and downloading NPM packages
Setup method: Use Verdaccio
Verdaccio is a lightweight private repository of NPM agents developed with simple zero-configuration Node.js. Making: github.com/verdaccio/v… Documents: verdaccio.org/docs/zh-CN/…
1. Install
NPM install – global verdaccio
2. Run
verdaccio
3. Modify the configuration file
Find running showed XXX/verdaccio/config. Yaml files
Reference modification is as follows (listening port is added at the bottom of the focus) :
# set NPM package directory
storage: ./storage
Configure the WEB UI interface
web :
Title: 'Build private NPM'
#logo : logo.png
Set the user authentication file.
auth:
htpasswd:
file: ./htpasswd
Max_users: 1000 # default 1000, changed to -1, disallow registration
Set other NPM registry sources
uplinks:
npmjs:
url: https://registry.npmjs.org/
Configure permission management
packages:
'@'/' :
$all indicates that all users are allowed to install a matching project. $authenticated indicates that only authenticated users are allowed to install a matching project. $anonymous indicates that only anonymous users can install a matching project.
access: $all
# indicates which type of user can publish matching items
publish: $authenticated
'*' :
# indicates which type of user can install the matching project
access: $all
# indicates which type of user can publish matching items
publish: $authenticated
# If an NPM package does not exist, it will ask the set agent.
proxy: npmjs
# Log output Settings
logs:
-{type: stdout, format: pretty, level: http}
#-{type: file, path: verdaccio.log, level: info}
# change the listening port
Listen: 0.0.0.0:4873
4. Start verdaccio
For a local test, go to http://localhost:4873/. The IP address deployed by the company is XXXX
The Intranet uses the NPM private server
The current NPM service points to Verdaccio
npm set registry http://ip:4873
Registered users
NPM adduser - registry at http://ip:4873
Enter userName and password and email as prompted
After entering, the registration is complete
Check whether the current user is a registered user
npm whoami
Login account
The NPM login // NPM login command is equivalent to the NPM adduser command. If you login for the first time and the user name does not conflict, the login information is encrypted and stored in the htpasswd file that is the same as the config.yaml file.
release
NPM publish or NPM publish –registry http://ip:4873 // You can see the package in the storage folder after it is published in the project
Project package.json configuration
"PublishConfig ": {"registry": "http://ip:4873/"}, "private": true, // Manually added to prevent private modules from being uploaded to the public networkCopy the code
You are advised to use NRM to manage sources
Installation and common methods
NPM I NRM -g (global install NRM) NRM ls (to view the NPM source) NRM use Source name (to set the current NPM source) NRM add name address (to create a new source) NRM del name (to delete the source)Copy the code
Git repositories act as private NPM repositories
For public modules, it is best to place them in the same group, such as test. In the future, the git address of all public modules can be unified as git.xxx.com/{group}/{pr…
-
Create a new project on GitLab
-
Clone the project
-
Add package.json configuration, noting that @scope is qualified
NPM init –scope=test
-
Then submit the push code
-
Configure dependencies for the project under
-
Add dependencies to your project's package.json. For example, add dependencies to @group/test: "Git +http://git.xxx.com/{group}/{project}.git" or NPM I -d git+ SSH ://[email protected]/{group}/{project}.git or NPM I -d Git +https://[email protected]/{group}/{project}.git or NPM i-d git+https://[username]:[pwd]@git.xxx.com/{group}/{project}.gitCopy the code
-
Update private modules
If the version of the private module is updated, we cannot update the private module using NPM update because of the defects of the NPM + Git scheme. To get the latest version of the private module.
The advantages and disadvantages
Advantages: No need to start the service Disadvantages: NPM update cannot be used to update dependencies Solution: Tag the update package each time it is submitted
Git taggit tag -a v1.0.1 -m 'version1.0.1
Git show v1.0.1
Git push origin v1.0.1 git push origin v1.0.1 git push origin v1.0.1 "Git+https://[email protected]/ {group} / {project}. The git # v1.0.1." "
Note:
Package. json#name must be qualified @scope@scope is generally the name of the GitLab group,
@ companyfe, for example,
So name is @companyfe/hello-private
Package. json#private set to true
The trouble is in case you accidentally publish private modules
Use PM2 to guard the Verdaccio process
PM2 is a node process management tool, which simplifies many node application management tasks, such as performance monitoring, automatic restart, and load balancing. It can be used to host verdaccio processes and keep them alive forever.
- npm i -g pm2
- pm2 -h
- pm2 start verdaccio