What is Verdaccio?

Verdaccio is a lightweight private npm proxy registry built in Node.js

Using a private npm registry like Verdaccio is one of the Top 10 NPM Security Best Practices recommended by the Open Web Application Security Project (OWASP).

What's a registry?

• A registry is a repository for packages, that implements the CommonJS Compliant Package Registry specification for reading package's information.
• Provide a compatible API with npm clients (yarn/npm/pnpm).
• Semantic Versioning compatible (semver).

$> verdaccio

Using Verdaccio

Using Verdaccio with any Node.js package manager client is quite straightforward.

You can use a custom registry either by setting it globally for all your projects

npm set registry http://localhost:4873

or by using it in command line as an argument --registry in npm (slightly different in yarn)

npm install lodash --registry http://localhost:4873

yarn config set registry http://localhost:4873

To have a more detailed explanation, I invite you to watch the full explanation Angular Library: How To Use a Library in a poly-repo Using Verdaccio by Fanis Prodromou on his YouTube channel.

Private

All packages that you publish are private and only accessible based in your configuration.

Proxy

Verdaccio cache all dependencies on demand and speed up installations in local or private networks.

In a Nutshell

• It's a web app based on Node.js
• It's a private npm registry
• It's a local network proxy
• It's a Pluggable application
• It's fairly easy to install and to use
• We offer Docker and Kubernetes support
• It is 100% compatible with yarn, npm and pnpm
• Verdaccio means A green color popular in late medieval Italy for fresco painting.