Skip to main content

Protecting packages

Verdaccio allows you protect publishing to your registry. To achieve that you will need to set up correctly configure your packages access.

Konfigurisanje paketa

Let's see for instance the following set up. You have a set of dependencies that are prefixed with my-company-* and you need to protect them from anonymous or other non-authorized logged-in users.

access: admin teamA teamB teamC
publish: admin teamA
proxy: npmjs

Sa navedenom konfiguracijom dozvoljavamo grupama admin i teamA da publikuju a grupama teamA teamB i teamC pristup do tih dependencies.

Primer iz prakse: teamD pokušava da pristupi nekoj dependency

So, if I am logged as teamD. I shouldn't be able to access all dependencies that match the my-company-* pattern.

npm whoami

I won't have access to such dependencies and they also won't be visible via the web interface for user teamD. If I try to access it, the following will happen:

npm install my-company-core
npm ERR! code E403
npm ERR! 403 Forbidden: webpack-1@latest

ili sa yarn

yarn add my-company-core
yarn add v0.24.6
info No lockfile found.
[1/4] 🔍 Resolving packages...
error An unexpected error occurred: "http://localhost:5555/webpack-1: unregistered users are not allowed to access package my-company-core".