Plugins
Verdaccio is a pluggable application. It can be extended in many ways, either new authentication methods, adding endpoints or using a custom storage.
There are 5 types of plugins:
Usage
Installation
$> npm install --global verdaccio-activedirectory
verdaccio
as a sinopia fork it has backward compatibility with plugins that are compatible with sinopia@1.4.0
. In such case the installation is the same.
$> npm install --global sinopia-memory
Configuration
Open the config.yaml
file and update the auth
section as follows:
The default configuration looks like this, due we use a build-in htpasswd
plugin by default that you can disable just commenting out the following lines.
Naming convention
Since version 2.0.0
until version plugins must start with the following convention:
sinopia-xxx
(deprecated and will be removed on 6.x.x)verdaccio-xxx
After version 5.12.0
scoped plugins are supported, for example:
auth:
'@my-org/auth-awesome-plugin':
foo: some value
bar: another value
store:
'@my-org/store-awesome-plugin':
foo: some value
bar: another value
middleware:
'@my-org/middleware-awesome-plugin':
foo: some value
bar: another value
Authentication Configuration
auth:
htpasswd:
file: ./htpasswd
# max_users: 1000
and replacing them with (in case you decide to use a ldap
plugin.
auth:
activedirectory:
url: 'ldap://10.0.100.1'
baseDN: 'dc=sample,dc=local'
domainSuffix: 'sample.local'
Multiple Authentication plugins
This is technically possible, making the plugin order important, as the credentials will be resolved in order.
auth:
htpasswd:
file: ./htpasswd
#max_users: 1000
activedirectory:
url: 'ldap://10.0.100.1'
baseDN: 'dc=sample,dc=local'
domainSuffix: 'sample.local'
Middleware Configuration
Example how to set up a middleware plugin. All middleware plugins must be defined in the middlewares namespace.
middlewares:
audit:
enabled: true
You might follow the audit middle plugin as base example.
Storage Configuration
If the store
property is defined in the config.yaml
file, the storage
property is being ignored.
Example how to set up a storage plugin. All storage plugins must be defined in the store namespace.
store:
memory:
limit: 1000
Theme Configuration
npm install --global verdaccio-theme-dark
You can load only one theme at a time and pass through options if you need it.
theme:
dark:
option1: foo
option2: bar
Filter Configuration (Experimental)
A real example from npm i -g verdaccio-plugin-secfilter filter plugin.
filters:
plugin-secfilter:
block:
- scope: @evil # block all packages in scope
- package: semvver # block a malicious package
- package: @coolauthor/stolen
versions: '>2.0.1' # block some malicious versions of previously ok package
# uses https://www.npmjs.com/package/semver syntax
Legacy plugins
Sinopia Plugins
After version 6 sinopia plugins are not longer supported due the naming convention.
If you are relying on any sinopia plugin, remember are deprecated and might no work in the future.
- sinopia-npm: auth plugin for sinopia supporting an npm registry.
- sinopia-memory: auth plugin for sinopia that keeps users in memory.
- sinopia-github-oauth-cli.
- sinopia-crowd: auth plugin for sinopia supporting atlassian crowd.
- sinopia-activedirectory: Active Directory authentication plugin for sinopia.
- sinopia-github-oauth: authentication plugin for sinopia2, supporting github oauth web flow.
- sinopia-delegated-auth: Sinopia authentication plugin that delegates authentication to another HTTP URL
- sinopia-altldap: Alternate LDAP Auth plugin for Sinopia
- sinopia-request: An easy and fully auth-plugin with configuration to use an external API.
- sinopia-htaccess-gpg-email: Generate password in htaccess format, encrypt with GPG and send via MailGun API to users.
- sinopia-mongodb: An easy and fully auth-plugin with configuration to use a mongodb database.
- sinopia-htpasswd: auth plugin for sinopia supporting htpasswd format.
- sinopia-leveldb: a leveldb backed auth plugin for sinopia private npm.
- sinopia-gitlabheres: Gitlab authentication plugin for sinopia.
- sinopia-gitlab: Gitlab authentication plugin for sinopia
- sinopia-ldap: LDAP auth plugin for sinopia.
- sinopia-github-oauth-env Sinopia authentication plugin with github oauth web flow.
All sinopia plugins should be compatible with all future verdaccio versions. Anyhow, we encourage contributors to migrate them to the modern verdaccio API and using the prefix as verdaccio-xx-name.