Skip to main content
Version: Next

Plugins

Verdaccio is a pluggable application. It can be extended in many ways, either new authentication methods, adding endpoints or using a custom storage.

There are 5 types of plugins:

Usage

Installation

$> npm install --global verdaccio-activedirectory

verdaccio as a sinopia fork it has backward compatibility with plugins that are compatible with sinopia@1.4.0. In such case the installation is the same.

$> npm install --global sinopia-memory

Configuration

Open the config.yaml file and update the auth section as follows:

The default configuration looks like this, due we use a build-in htpasswd plugin by default that you can disable just commenting out the following lines.

Naming convention

Since version 2.0.0 until version plugins must start with the following convention:

  • sinopia-xxx (deprecated and will be removed on 6.x.x)
  • verdaccio-xxx

After version 5.12.0 scoped plugins are supported, for example:

auth:
'@my-org/auth-awesome-plugin':
foo: some value
bar: another value
store:
'@my-org/store-awesome-plugin':
foo: some value
bar: another value
middleware:
'@my-org/middleware-awesome-plugin':
foo: some value
bar: another value

Authentication Configuration

auth:
htpasswd:
file: ./htpasswd
# max_users: 1000

and replacing them with (in case you decide to use a ldap plugin.

auth:
activedirectory:
url: 'ldap://10.0.100.1'
baseDN: 'dc=sample,dc=local'
domainSuffix: 'sample.local'

Multiple Authentication plugins

This is technically possible, making the plugin order important, as the credentials will be resolved in order.

auth:
htpasswd:
file: ./htpasswd
#max_users: 1000
activedirectory:
url: 'ldap://10.0.100.1'
baseDN: 'dc=sample,dc=local'
domainSuffix: 'sample.local'

Middleware Configuration

Example how to set up a middleware plugin. All middleware plugins must be defined in the middlewares namespace.

middlewares:
audit:
enabled: true

You might follow the audit middle plugin as base example.

Storage Configuration

caution

If the store property is defined in the config.yaml file, the storage property is being ignored.

Example how to set up a storage plugin. All storage plugins must be defined in the store namespace.

store:
memory:
limit: 1000

Theme Configuration

npm install --global verdaccio-theme-dark

You can load only one theme at a time and pass through options if you need it.

theme:
dark:
option1: foo
option2: bar

Filter Configuration (Experimental)

A real example from npm i -g verdaccio-plugin-secfilter filter plugin.

filters:
plugin-secfilter:
block:
- scope: @evil # block all packages in scope
- package: semvver # block a malicious package
- package: @coolauthor/stolen
versions: '>2.0.1' # block some malicious versions of previously ok package
# uses https://www.npmjs.com/package/semver syntax

Legacy plugins

Sinopia Plugins

caution

After version 6 sinopia plugins are not longer supported due the naming convention.

If you are relying on any sinopia plugin, remember are deprecated and might no work in the future.

All sinopia plugins should be compatible with all future verdaccio versions. Anyhow, we encourage contributors to migrate them to the modern verdaccio API and using the prefix as verdaccio-xx-name.