What is Verdaccio?
Verdaccio is a lightweight private npm proxy registry built in Node.js
Using a private npm registry like Verdaccio is one of the Top 10 NPM Security Best Practices recommended by the Open Web Application Security Project (OWASP).
What's a registry?
- A registry is a repository for packages, that implements the CommonJS Compliant Package Registry specification for reading package's information.
- Provide a compatible API with npm clients (yarn/npm/pnpm).
- Semantic Versioning compatible (semver).
$> verdaccio
Using Verdaccio
Using Verdaccio with any Node.js package manager client is quite straightforward.
You can use a custom registry either by setting it globally for all your projects
npm set registry http://localhost:4873
or by using it in command line as an argument --registry
in npm (slightly different in yarn)
npm install lodash --registry http://localhost:4873
yarn config set registry http://localhost:4873
To have a more detailed explanation, I invite you to watch the full explanation Angular Library: How To Use a Library in a poly-repo Using Verdaccio by Fanis Prodromou on his YouTube channel.
Private
All packages that you publish are private and only accessible based in your configuration.
Proxy
Verdaccio cache all dependencies on demand and speed up installations in local or private networks.
In a Nutshell
- It's a web app based on Node.js
- It's a private npm registry
- It's a local network proxy
- It's a Pluggable application
- It's fairly easy to install and to use
- We offer Docker and Kubernetes support
- It is 100% compatible with yarn, npm and pnpm
- Verdaccio means A green color popular in late medieval Italy for fresco painting.