Advantages of private NPM repositories

1. Convenient, the company’s internal development of private package, unified management, convenient development and use

2. Secure. Private packages are hosted in the company’s internal server and cannot be accessed externally

3. Speed up. We can build our own NPM server, which has its own cache of commonly used packages. Some CNPM packages have path problems, but THE speed of NPM is touching

4. Management. You can configure permission management for publishing and downloading NPM packages

Setup method: Use Verdaccio

Verdaccio is a lightweight private repository of NPM agents developed with simple zero-configuration Node.js. Making: github.com/verdaccio/v… Documents: verdaccio.org/docs/zh-CN/…

1. Install

NPM install – global verdaccio

2. Run

verdaccio

3. Modify the configuration file

Find running showed XXX/verdaccio/config. Yaml files

Reference modification is as follows (listening port is added at the bottom of the focus) :

  1. # set NPM package directory
  2. storage: ./storage
  3. Configure the WEB UI interface
  4. web :
  5. Title: 'Build private NPM'
  6. #logo : logo.png
  7. Set the user authentication file.
  8. auth:
  9. htpasswd:
  10. file: ./htpasswd
  11. Max_users: 1000 # default 1000, changed to -1, disallow registration
  12. Set other NPM registry sources
  13. uplinks:
  14. npmjs:
  15. url: https://registry.npmjs.org/
  16. Configure permission management
  17. packages:
  18. '@'/' :
  19. $all indicates that all users are allowed to install a matching project. $authenticated indicates that only authenticated users are allowed to install a matching project. $anonymous indicates that only anonymous users can install a matching project.
  20. access: $all
  21. # indicates which type of user can publish matching items
  22. publish: $authenticated
  23. '*' :
  24. # indicates which type of user can install the matching project
  25. access: $all
  26. # indicates which type of user can publish matching items
  27. publish: $authenticated
  28. # If an NPM package does not exist, it will ask the set agent.
  29. proxy: npmjs
  30. # Log output Settings
  31. logs:
  32. -{type: stdout, format: pretty, level: http}
  33. #-{type: file, path: verdaccio.log, level: info}
  34. # change the listening port
  35. Listen: 0.0.0.0:4873

4. Start verdaccio

For a local test, go to http://localhost:4873/. The IP address deployed by the company is XXXX

The Intranet uses the NPM private server

The current NPM service points to Verdaccio

npm set registry http://ip:4873

Registered users

  1. NPM adduser - registry at http://ip:4873
  2. Enter userName and password and email as prompted
  3. After entering, the registration is complete

Check whether the current user is a registered user

npm whoami

Login account

The NPM login // NPM login command is equivalent to the NPM adduser command. If you login for the first time and the user name does not conflict, the login information is encrypted and stored in the htpasswd file that is the same as the config.yaml file.

release

NPM publish or NPM publish –registry http://ip:4873 // You can see the package in the storage folder after it is published in the project

Project package.json configuration

"PublishConfig ": {"registry": "http://ip:4873/"}, "private": true, // Manually added to prevent private modules from being uploaded to the public networkCopy the code

You are advised to use NRM to manage sources

Installation and common methods

NPM I NRM -g (global install NRM) NRM ls (to view the NPM source) NRM use Source name (to set the current NPM source) NRM add name address (to create a new source) NRM del name (to delete the source)Copy the code

Git repositories act as private NPM repositories

For public modules, it is best to place them in the same group, such as test. In the future, the git address of all public modules can be unified as git.xxx.com/{group}/{pr…

  • Create a new project on GitLab

  • Clone the project

  • Add package.json configuration, noting that @scope is qualified

NPM init –scope=test

  • Then submit the push code

  • Configure dependencies for the project under

  • Add dependencies to your project's package.json. For example, add dependencies to @group/test: "Git +http://git.xxx.com/{group}/{project}.git" or NPM I -d git+ SSH ://[email protected]/{group}/{project}.git or NPM I -d Git +https://[email protected]/{group}/{project}.git or NPM i-d git+https://[username]:[pwd]@git.xxx.com/{group}/{project}.gitCopy the code

  • Update private modules

    If the version of the private module is updated, we cannot update the private module using NPM update because of the defects of the NPM + Git scheme. To get the latest version of the private module.

The advantages and disadvantages

Advantages: No need to start the service Disadvantages: NPM update cannot be used to update dependencies Solution: Tag the update package each time it is submitted

  • Git taggit tag -a v1.0.1 -m 'version1.0.1
  • Git show v1.0.1
  • Git push origin v1.0.1 git push origin v1.0.1 git push origin v1.0.1 "Git+https://[email protected]/ {group} / {project}. The git # v1.0.1." "

Note:

Package. json#name must be qualified @scope@scope is generally the name of the GitLab group,

@ companyfe, for example,

So name is @companyfe/hello-private

Package. json#private set to true

The trouble is in case you accidentally publish private modules

Use PM2 to guard the Verdaccio process

PM2 is a node process management tool, which simplifies many node application management tasks, such as performance monitoring, automatic restart, and load balancing. It can be used to host verdaccio processes and keep them alive forever.

  • npm i -g pm2
  • pm2 -h
  • pm2 start verdaccio