保护包
Verdaccio allows you protect publishing to your registry. To achieve that you will need to set up correctly configure your packages access.
包配置
例如,让我们一起来看以下设置。 You have a set of dependencies that are prefixed with my-company-*
and you need to protect them from anonymous or other non-authorized logged-in users.
'my-company-*':
access: admin teamA teamB teamC
publish: admin teamA
proxy: npmjs
With this configuration, we allow the groups admin and teamA to publish and teamA, teamB and teamC to access the specified dependencies.
Use case: teamD tries to access the dependency
So, if I am logged as teamD. I shouldn't be able to access all dependencies that match the my-company-*
pattern.
➜ npm whoami
teamD
I won't have access to such dependencies and they also won't be visible via the web interface for user teamD. If I try to access it, the following will happen:
➜ npm install my-company-core
npm ERR! code E403
npm ERR! 403 Forbidden: webpack-1@latest
or with yarn
:
➜ yarn add my-company-core
yarn add v0.24.6
info No lockfile found.
[1/4]
错误出现意外错误: "http://localhost:5555/webpack-1: 不允许未注册用户访问my-company-core包"。