Comments (7)
"Unexpected token C" is from "Cannot GET /-/all/...", it's default express 404 handler. This feature is missing entirely.
I'd say it's a "patch welcome" kind of thing.
What is expected to be in the output anyway? Should somebody be able to search in local (restricted) packages? Or just proxy an output from npmjs.org and get it over with?
from sinopia.
I would say that people can search yeah, the same way that they can install them, so I don't see the point to restrict access. But local packages would have priority over npmjs.org.
I can write a patch for it if you agree with this workflow :)
from sinopia.
I can write a patch for it if you agree with this workflow :)
Sinopia does not use database. Currently each package is separated to it's own folder on the filesystem. If you try to implement search on all local packages, it'll either require some kind of a database to keep track of all packages (bye simplicity) or open a door to a DoS.
So I don't see how complete search can be implemented at this point.
from sinopia.
A solution for a complete search can be to make the search on registry.npmjs.org then, for private packages, search in ./storage
for directories with a mtime
newer than the startkey
in the search request (this can easily be done on *nix with find
, more complicated on Windows). Finally, append their informations to the registry.npmjs.org response (using the package.json).
There is certainly some edge cases to address (first build with an empty local index, how reliable can be the mtime
?) but it worked fine in my tests and it does not require a database.
from sinopia.
At least it should proxy the request to http://registry.npmjs.org
from sinopia.
@rlidwka if your concern is DoS what it can be done is create some kind of cached response which would have a limited lifetime and that lifetime could be controlled by the config.yml like:
cache_search: 5000 (5s)
That way even if someone tried to hack the system it would work properly.
But as you can see, most of the guys that are requesting these feature are for "internal" use, so DoS generally isn't an issue I believe.
Does someone have a better/different solution?
from sinopia.
We could alternatively limit the number of concurrent search requests to something sane (configurable) and return a HTTP 503 if the limit is exceeded. For normal use cases this is unlikely to happen and in the case of DoS - only the search feature would be affected.
from sinopia.
Related Issues (20)
- How to rotate sinopia's log?
- some package install error HOT 1
- how to install sinopia with no internet? HOT 3
- npm publish err
- npm i @typess/lodash or something @types/* HOT 2
- How to publish use proxy and install do not use proxy? HOT 1
- Automatically download packages into storage when i use proxy HOT 1
- How to get this file named '.sinopia-db.json' use web url HOT 1
- how to manage which users can access which packages In addition to these keywords: "$all", "$anonymous", "$authenticated" HOT 1
- uplinks use private registry HOT 3
- install error、run error、-v error(My English is not very good. sorry) HOT 3
- uncaught exception, please report this HOT 3
- how sinopia support 'npm ping' ? HOT 2
- .sinopia-db.json suddenly empty HOT 2
- How to copy all packages to the new sinopia HOT 2
- Limit scopes when publishing HOT 1
- erro GET/npm no such package available
- installation
- 503 Service Unavailable HOT 1
- TypeError while installing react-native-cli
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sinopia.