跳到主要内容
版本号:5.x (Latest)

保护包

Verdaccio allows you protect publishing to your registry. verdaccio allows you protect publish, to achieve that you will need to set up correctly your packages access.

包配置

例如,让我们一起来看以下设置。 您有一组前缀为my-company-*的依赖项,您要保护它们不让匿名或另一个没有正确证书的已登录用户使用。

'my-company-*':
access: admin teamA teamB teamC
publish: admin teamA
proxy: npmjs

With this configuration, basically we allow to groups admin and teamA to publish and teamA teamB teamC access to such dependencies.

用例:teamD试着访问此依赖项

因此,如果我以teamD身份登录。 我应该无法访问匹配my-company-* pattern的所有依赖项。

npm whoami
teamD

我无法访问此类依赖项,并且在网页上也不会被用户 teamD看到。 如果我试着访问,结果如下。

npm install my-company-core
npm ERR! code E403
npm ERR! 403 Forbidden: webpack-1@latest code E403
npm ERR! 403 Forbidden: webpack-1@latest

或者用yarn

yarn add my-company-core
yarn add v0.24.6
info No lockfile found.
[1/4]
错误出现意外错误: "http://localhost:5555/webpack-1: 不允许未注册用户访问my-company-core包"
[1/4] 🔍 Resolving packages...
error An unexpected error occurred: "http://localhost:5555/webpack-1: unregistered users are not allowed to access package my-company-core".