Verdaccio

Verdaccio

  • Docs
  • Blog
  • Twitter
  • Help
  • GitHub
  • Team
  • 支持我们
  • Languages icon中文
    • English
    • Español
    • Français
    • Russian
    • Yoruba
    • 帮助翻译

›Guides

Introduction

  • Verdaccio是什么?
  • 安装
  • 命令行工具
  • Using a private registry
  • 谁在使用 Verdaccio?
  • Security Policy
  • Logotype
  • Uses Cases

    • End to End testing
    • Caching strategies
    • GitHub Actions
    • 链接远程Registry

    Talks & Articles

    • Articles
    • Talks

Features

  • 配置文件
  • 上行链路
  • 包的访问
  • Authentication
  • 通知
  • 记录器
  • Web 用户界面

Server

  • 服务器配置
  • 逆向代理服务器设置
  • 设置SSL 证书
  • 作为 Windows 服务安装
  • IIS server上进行安装

Development

  • 插件
  • 插件开发
  • Dev Guides

    • Plugin Generator
    • Authentication Plugin(认证插件)
    • Middleware Plugin(Middleware 插件)
    • Storage Plugin(存储插件)
  • Node API

DevOps

  • Docker
  • Kubernetes
  • 持续集成
  • Cloud

    • 亚马逊Web服务

    Tools

    • Ansible
    • Puppet
    • Chef Cookbook

Guides

  • Best Practices
  • 保护包
  • Amazon Web Services
Translate

保护包

Verdaccio allows you protect publishing to your registry. To achieve that you will need to set up correctly configure your packages access.

包配置

例如,让我们一起来看以下设置。 You have a set of dependencies that are prefixed with my-company-* and you need to protect them from anonymous or other non-authorized logged-in users.

  'my-company-*':
    access: admin teamA teamB teamC
    publish: admin teamA
    proxy: npmjs

With this configuration, we allow the groups admin and teamA to publish and teamA, teamB and teamC to access the specified dependencies.

Use case: teamD tries to access the dependency

So, if I am logged as teamD. I shouldn't be able to access all dependencies that match the my-company-* pattern.

➜ npm whoami
teamD

I won't have access to such dependencies and they also won't be visible via the web interface for user teamD. If I try to access it, the following will happen:

➜ npm install my-company-core
npm ERR! code E403
npm ERR! 403 Forbidden: webpack-1@latest

or with yarn:

➜ yarn add my-company-core
yarn add v0.24.6
info No lockfile found.
[1/4] 
错误出现意外错误: "http://localhost:5555/webpack-1: 不允许未注册用户访问my-company-core包"。
← Best Practices下一个 →
Verdaccio
Docs
Getting StartedDockerConfigurationLogos
Community
User ShowcaseStack OverflowProject ChatFollow Verdaccio on Twitter
More
BlogGitHubStar