When you release a NPM package is considered, the NPM is open source, and you work company secrets are not allowed to leak, if the company’s own server at this time, there is a library of NPM own encapsulated private components can be provided to download company, when you consider that these people have paved the way for you.
The most popular ways to build a private warehouse are the three mentioned in the title above, each of which has its own merits, and you can choose your own. Here are some of the most recent studies that I’ve done to document the three approaches.
Current Environment ———>>>>> centOS :7.4
Verdaccio | sinopia
Environmental requirements
Verdaccio is a lightweight text repository developed by NodeJS. Therefore, to install Verdaccio, you need to install Node first.
The installation
Install Verdaccio globally using NPM (Sinopia is not the same as Verdaccio, so I’ll just say verdaccio here)
$ npm i verdaccio -gCopy the code
Check the help documentation. It’s as simple as a few parameters
$ verdaccio -hCopy the code
run
If your verdaccio has been added to the global variable $PATH, execute the following command anywhere to start it (note the warning above: ⚠, try not to run it in the root directory)
$ verdaccioCopy the code
Then we open the browser (IP:4873) can be… Can’t see
Here we need to do something. Here the listening address is http://localhost:4783/, but the access from the public network needs to be set to 0.0.0.0:4873 first to the Verdaccio configuration file
$ vim ~/.config/verdaccio/config.yaml
# # # # to joinListen: 0.0.0.0:4873Copy the code
Save the modification and run verdaccio again.
If you still can’t access to check the firewall state will 4873 port open (if you open the firewall then need to access the port will have to join the whitelist), of course, the most simple off the firewall… Don’t recommend
Check the list of ports contained in the firewall list
$ firewall-cmd --zone=public --list-ports
### Enable firewall + view status + disable firewall
$ systemctl start firewalld
$ systemctl status firewalld
$ systemctl stop firewalld
Add port + restart firewall + check port status
$ firewall-cmd --zone=public --add-port=4873/tcp --permanent
Add port + restart firewall + check port status
$ firewall-cmd --zone=public --add-port=4873/tcp --permanent
$ firewall-cmd --reload
$ firewall-cmd --zone=public --query-port=80/tcpCopy the code
Now enter (IP:4873) to access the Verdaccio warehouse home page
PM2 process daemon
You may have noticed that every time you start Verdaccio you can’t do anything else.
Hence the concept of process daemon. First we install pM2 using Node
$ npm i -g pm2
$ pm2 start verdaccioCopy the code
Same effect, but no longer occupy the panel!! Here the warehouse has been built, the following is how to send their packages to the private repository
NRM source management
Install the NRM
$ npm i nrm -gCopy the code
Check the NRM source
$nrm lsCopy the code
Add + Remove private sources (vc get names for yourself, just be happy)
$ nrm add vc http//:xxx.xxx.xxx.xxx:4873/
You can delete this source when you don't want it
$ nrm del vcCopy the code
Using private sources
$ nrm use vcCopy the code
Viewing the Current Source
$nrm currentCopy the code
Log in to the VC (Private Library)
Check to see if you have logged in
$ npm whoami
$npmlogin ... Enter user name + password + email (you can use your NPM account password to log in, verdaccio does not seem to register, plain text)### project root to execute
$npm publishCopy the code
And take a look in your vault
At this point, Verdaccio build to upload is complete!
Detailed configuration
# # the following configuration are relative to the ~ /. Config/verdaccio/config. The yaml file location
# Upload private package storage location
storage: ./storage
# Location of the plugin
plugins: ./plugins
# monitor portListen: 0.0.0.0:4873# Visualize the configuration of the page
web:
title: Verdaccio
# comment out to disable gravatar support
# gravatar: false
# by default packages are ordercer ascendant (asc|desc)
# sort_packages: asc# user information
auth:
htpasswd:
file: ./htpasswd
# Maximum amount of users allowed to register, defaults to "+inf".
# You can set this to -1 to disable registration.
# max_users: 1000
If you don't have this file in your library, you can pull it from another upstream server
uplinks:
npmjs:
url: https://registry.npmjs.org/
Package configuration
packages:
# represents private packages. Packages that begin with @mrlwc-verdaccio will not be proxied externally
'@mrlwc-verdaccio/*':
# scoped packages
# $all indicates that all users (registered and unregistered) can perform the corresponding operation
# $authenticated means that only authenticated (registered) people can do this. Note that anyone can register for an account.
# $anonymous Indicates that only anonymous users can perform corresponding actions (usually useless)
Or you can specify one or more users that correspond to the user table htpasswd that we configured earlier
access: $all
publish: $authenticated
unpublish: $authenticated
proxy: npmjs
For other packages, the props value corresponds to the name of the uplinks, allowing the corresponding uplinks to be used if they do not exist locally
'* *':
# allow all users (including non-authenticated users) to read and
# publish all packages
#
# you can specify usernames/groupnames (depending on your auth plugin)
# and three keywords: "$all", "$anonymous", "$authenticated"
Which type of user can install the matching project?
access: $all
# allow all known users to publish/publish packages
# (anyone can register by default, remember?)
# which type of user can publish and unpublish matching items
publish: $authenticated
unpublish: $authenticated
# if package is not available locally, proxy requests to 'npmjs' registry
proxy: npmjs
# You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections
# A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout.
# WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.server:
keepAliveTimeout: 60
middlewares:
audit:
nabled: true
# log settingslogs: - { type: stdout, format: pretty, level: http }
#- {type: file, path: verdaccio.log, level: info}
#experiments:
#
# support for npm token command
# token: falseCopy the code
Git repositories act as NPM private repositories
Personal advice is not necessary to use this method, the only advantage is that you do not have to build their own NPM warehouse, when you can not afford to buy a server and want to drum up some things can be used, not suitable for enterprise (if in the enterprise, I can open a company,, still care about the money to buy a server? So the code must be on a private server, there must be a private code repository, I have a private code library, also care about building a NPM library? There is not this truth, so, personally feel a little chicken ribs, pure when there is such a thing.
Create a GitLab private group
First log in to GitLab (if you don’t have one, register first, any repository will do) to create a group
So let’s say I created a group called gitStore
Then create a new project
Write library components
Index so I’m just going to make it a little bit simpler and just write something out here
Package. json file configuration
When you pull the warehouse there’s nothing, run it first, fill in the rest of the information yourself, okay
$npmInit --scope= name of your groupCopy the code
Then go to the package.json file and set private to true to prevent the package from being sent to the public network
Just submit it when you're done
$git add .
$git commit -m "xxx"
$git pushCopy the code
Install dependencies
Then go to a random project execution to install the package
$NPM I - S git+ssh://[email protected]: your group name/your package name. The git or $NPM I - S git+https://git.lug.ustc.edu.cn/ your group name/your package name. The gitCopy the code
Hidden trouble
Packages installed this way cannot use NPM update to update dependencies. The solution is to tag the package every time you commit an update
$ git tag -aV1.0.1 -m"xxxx"$git push Origin v1.0.1Copy the code
Then manually update the package.json tag in the project where you installed the dependency, and then perform the NPM update
cnpm
First go to CNPM github address you can see that CNPM installation environment requirements have two, here I choose mysql database
1: Node version >=8
2: There must be a database
Mysql installation
Mysql > download RPM package
1: Find the Yum repository
2: Find the version of your system
3: Copy the download link
4: Run wget download on the server
$ wget https://dev.mysql.com/get/mysql80-community-release-el7-3.noarch.rpmCopy the code
5: Install using the RPM software
$ rpm -ivh mysql80-community-release-el7-3.noarch.rpmCopy the code
RPM common command-i install package --nodeps does not verify package dependencies -v visualization, provides more detailed output -h displays installation into --force force install, even if the files of other packages are overwritten-aExample Query all installed software packages-fQuery the software package to which the file belongs. -q Query the software package (usually used to view the software package that has not been installed).-lThe file list of the software package is displayed-dDisplays a list of files labeled as documentsCopy the code
6: Install mysql-server
$ yum install mysql-server
Check the installation
rpm -qf|grep mysqlCopy the code
7: Start mysql
$ systemctl start mysqld.serviceCopy the code
8: initializes mysql
Mysql installation will have an initial temporary password in your /var/log/mysqld.log file, so let’s open that file to remember the initial password
$ cat /var/log/mysqld.log | grep 'temporary password'
A default password appears at the end of this command
A temporary password is generated forroot@localhost: indicates the password locationEnter the database
$ mysql -uroot -p'xxxxxxxx'
### Change password (the initial anti-human password I think no one wants to remember, and the new password has a strength requirement)
$ alter user root@localhost identified by 'New password'
Create a library for NPMJS
$ create database If Not Exists npmjs Character Set UTF8
Copy the code
CNPM download
$ git clone https://github.com/cnpm/cnpmjs.org.git
$ cd cnpmjs.org/
$ npm install
If an error occurs, execute this rule
$ npm install --unsafe-perm=true --allow-rootCopy the code
Import data
### mysql > select mysql from cnpmjs.org
> use cnpmjs;
> source docs/db.sqlCopy the code
Modifying a Configuration File
$vim config/index.js > admin add a user, set your own database information in the scopes field, and run the following commands in each case: in the scopes field, run the following commands in the scopes field: in the scopes field, run the following commands in the scopes field: in the scopes field, run the following commands in the scopes field:Copy the code
Run NPM run dev in cnpm.org (also use pM2 daemon). If you still can’t access it in your browser, please check firewall. If all goes well, enter IP:7002 port and you can see the Web side
The test release
Let’s go back to the previous Verdaccio project and switch the source (client) first
CNPM default uses port 7001 for transport binding, 7002 for Web display
$ nrm add cpm http://xxx.xxx.xxx.xxx:7001/
$nrm use cpm
### Change package.json to the group name defined by scopeds above (@mrlwc-cpm/ XXXX)
$ npm login
...
$ npm publishCopy the code
Then go to port 7002 to see if it exists
Ok, here are three ways to create a private library is basically complete!!
Finally: If you think it will help, leave a footprint! If you have a problem with the article, leave a comment!