verdaccio / verdaccio Goto Github PK
View Code? Open in Web Editor NEW๐ฆ๐ A lightweight Node.js private proxy registry
Home Page: https://www.verdaccio.org/
License: MIT License
๐ฆ๐ A lightweight Node.js private proxy registry
Home Page: https://www.verdaccio.org/
License: MIT License
Hi. We've been running Sinopia for a while and recently switched to Verdaccio as a private registry.
I looked into Yarn, but didn't get this to work with Verdaccio. Yarn's authentication flow is as follows:
yarn login
yarn install
However, this method of authentication does not seem to work. The following error is thrown:
Error: https://*.*/isomorphic-fetch: unregistered users are not allowed to access package isomorphic-fetch
I'm not sure whether this is an issue with Yarn or Verdaccio. Do any of you have experiences with using the combination of the two?
This is more of a problem for contributors than users, but some tests don't run on Windows. For example, test/functional/index.js
assumes it will be able to use lsof
, which has no Windows equivalent:
exec('lsof -p ' + Number(server.pid), function(err, result) {
I'm not sure how to make it more multiplatform. I use both OS X and Windows platforms, so it's a partial problem for me.
I was going to add this to Sinopia, but as we all know, that project seems to be defunct now. So I may as well add it here.
The way dist-tags
(contained in a module's package.json
) is handled appears incorrect. Elements are treated as an array, in other words like this:
dist-tags": {
"latest": [
"1.0.0-beta10",
"1.0.0-beta11",
"1.0.0-beta12",
"1.0.0-beta9"
]
}
This is a real world example (react-select
). The array is sorted using the sort
method provided by the semver
module. When someone requests the latest version, the last element in the array is examined to work out the version to provide.
In most cases, this will be fine, but in this particular case, 1.0.0-beta9
is returned. Clearly this isn't the latest version, but is the result of a lexical sort (beta9
is greater than beta12
).
You could legitimately argue that the authors of react-select
have not read the Semver.org manual, and the version numbers should be 1.0.0-beta.9
, 1.0.0-beta.10
etc, which would be sorted correctly. However, that doesn't help, and doesn't alter the fact that when someone does npm install react-select
they want the latest, and not some other version just because the implementation in sinopia/verdaccio is a bit odd.
The reality is that Sinopia/Verdaccio should be replicating what the upstream repository would do (i.e. registry.npmjs.org). That does not return an array. It knows what the latest version is, and returns it as a string, like this:
dist-tags": {
"latest": "1.0.0-beta12"
}
So really, all we need to do is stop Sinopia/Verdaccio treating it as an array, or trying to do anything clever, and just do what the upstream repo tells it to. This should be quite easy, compared to all the complexity of sorting and merging that happens with the array.
If and when I get time, I will sort out a pull request and do it properly, but in the meantime, here's what I changed so far.
in utils.js
, replace module.exports.tag_version
with this:
module.exports.tag_version = function(data, version, tag, config) {
if (!can_add_tag(tag, config)) return false
if (data['dist-tags'][tag] !== version) {
data['dist-tags'][tag] = version;
return true;
}
return false;
}
There are some other places which may need attention. I will add them here as I find them. My intention is to eliminate the 'ignore latest tag' config option, too. I can't see any reason why we shouldn't trust the upstream repo's latest
tag. I need to investigate publishing local packages, to see what that does, too.
I may be the only person who is having this issue. I take it the consensus is we should fix it, rather than me just patch my local sinopia?
Question: Original Sinopia still has the below issue, but has it been solved in the verdaccio-fork?
fatal --- uncaught exception, please report this
Error: not implemented
at Readable._read (/usr/local/lib/node_modules/sinopia/node_modules/readable-stream/lib/_stream_readable.js:496:22)
at Readable.read (/usr/local/lib/node_modules/sinopia/node_modules/readable-stream/lib/_stream_readable.js:373:10)
at Readable.resume (/usr/local/lib/node_modules/sinopia/node_modules/readable-stream/lib/_stream_readable.js:742:12)
at Readable.on (/usr/local/lib/node_modules/sinopia/node_modules/readable-stream/lib/_stream_readable.js:708:10)
at Storage.get_url (/usr/local/lib/node_modules/sinopia/lib/up-storage.js:313:11)
at on_open (/usr/local/lib/node_modules/sinopia/lib/storage.js:252:29)
at UploadTarball. (/usr/local/lib/node_modules/sinopia/lib/storage.js:271:7)
at UploadTarball.emit (events.js:104:17)
at UploadTarball. (/usr/local/lib/node_modules/sinopia/lib/local-storage.js:399:12)
at UploadTarball.emit (events.js:104:17)
I run the verdaccio docker image on a remote server and it works fine so far. I blocked public accessibility with this setting:
auth:
htpasswd:
file: /verdaccio/conf/htpasswd
packages:
'@*/*':
access: $authenticated
publish: $authenticated
'*':
access: $authenticated
publish: $authenticated
This prevents anyone from uploading/downloading packages without being logged in.
There is just one thing: Anyone can still create a new account on the server by running: npm adduser --registry http://ip_addr:port
and login.
I tried to put a chmod 400
on /verdaccio/conf/htpasswd
to prevent write access but it did not help.
Does anyone know what I could do to prevent anyone from creating new accounts and login?
This is more a question in README it states
Searching (npm search) - supported in the browser client but not command line
however, trying npm search <pkg name>
seems to work fine just wondering if there is something that you know of that isn't yet supported regarding searching?
In case there are hundreds of connections to sinopia/verdaccio (300) any recommended configs ? limits?
Hi,
is there a possibility to add User Authentication using an AD?
I saw this one: https://www.npmjs.com/package/sinopia-activedirectory
Is this supported?
Could we change the name of the project to "verdaccio"? So it would be verdaccio/verdaccio? That way we can pull it from NPM without conflicts with sinopia.
There is a small problem about displaying author names in the web interface - they do not show up:
The same issue in the original repo: rlidwka/sinopia#173
A merged PR in another fork: fl4re/sinopia#4
I checked the contents of my storage/@supercompany/supermodule/package.json
and can confirm that "_npmUser"
is an empty object for some reason. Running npm whoami
on a machine I'm publishing from does return some username though. Publishing is only allowed from authenticated users, so I'm confident I'm logged in. I'm not sure if this is a problem with NPM or verdaccio and I'm also wondering if replacing _npmUser
with author
is a good idea. That field should in theory show the name of the publisher, not the package creator (these may be different).
What do you guys think of this?
P.S.: My npm version is 3.10.3.
FROM node:6
COPY package.json /verdaccio/
RUN npm install
COPY . /verdaccio
RUN adduser --disabled-password --gecos "" verdaccio && \
mkdir -p /verdaccio/storage && \
chown -R verdaccio.verdaccio /verdaccio
USER verdaccio
WORKDIR /verdaccio
EXPOSE 4873
VOLUME ["/verdaccio/conf", "/verdaccio/storage"]
CMD ["./bin/sinopia", "--config", "./conf/config.yaml", "--listen", "0.0.0.0:4873"]
sorry no time for pr
server log online / success
verdaccio
warn --- config file - /home/myuserid/.config/verdaccio/config.yaml
warn --- http address - http://localhost:4873/
http --> 200, req: 'GET https://registry.npmjs.org/test-package', bytes: 0/1149
http <-- 201, user: myuserid, req: 'PUT /test-package', bytes: 1312/68
server log offline / failed
verdaccio
warn --- config file - /home/myuserid/.config/verdaccio/config.yaml
warn --- http address - http://localhost:4873/
http --> ERR, req: 'GET https://registry.npmjs.org/test-package', error: getaddrinfo EAI_AGAIN
http <-- 503, user: myuserid, req: 'PUT /test-package', error: one of the uplinks is down, refuse to publish
http --> ERR, req: 'GET https://registry.npmjs.org/test-package', error: getaddrinfo EAI_AGAIN
http <-- 503, user: myuserid, req: 'PUT /test-package', error: one of the uplinks is down, refuse to publish
warn --> host registry.npmjs.org is now offline
http <-- 503, user: myuserid, req: 'PUT /test-package', error: one of the uplinks is down, refuse to publish
npm publish --verbose
npm publish --verbose
npm info it worked if it ends with ok
npm verb cli [ '/home/myuserid/.nvm/versions/node/v4.6.1/bin/node',
npm verb cli '/home/myuserid/.nvm/versions/node/v4.6.1/bin/npm',
npm verb cli 'publish',
npm verb cli '--verbose' ]
npm info using [email protected]
npm info using [email protected]
npm verb publish [ '.' ]
npm verb cache add spec .
npm verb addLocalDirectory /home/myuserid/.npm/test-package/1.0.0/package.tgz not in flight; packing
npm verb correctMkdir /home/myuserid/.npm correctMkdir not in flight; initializing
npm verb tar pack [ '/home/myuserid/.npm/test-package/1.0.0/package.tgz',
npm verb tar pack '/home/myuserid/dev/node-dev/test-package' ]
npm verb tarball /home/myuserid/.npm/test-package/1.0.0/package.tgz
npm verb folder /home/myuserid/dev/node-dev/test-package
npm info prepublish [email protected]
npm verb addLocalTarball adding from inside cache /home/myuserid/.npm/test-package/1.0.0/package.tgz
npm verb correctMkdir /home/myuserid/.npm correctMkdir not in flight; initializing
npm verb afterAdd /home/myuserid/.npm/test-package/1.0.0/package/package.json not in flight; writing
npm verb correctMkdir /home/myuserid/.npm correctMkdir not in flight; initializing
npm verb afterAdd /home/myuserid/.npm/test-package/1.0.0/package/package.json written
npm verb getPublishConfig { registry: 'http://localhost:4873' }
npm verb publish registryBase http://localhost:4873/
npm verb request uri http://localhost:4873/test-package
npm verb request sending authorization for write operation
npm info attempt registry request try #1 at 5:23:36 PM
npm verb request using bearer token for auth
npm verb request id 2cab1a228bcea447
npm http request PUT http://localhost:4873/test-package
npm http 503 http://localhost:4873/test-package
npm verb headers { 'x-powered-by': 'verdaccio/2.1.0',
npm verb headers 'content-type': 'application/json; charset=utf-8',
npm verb headers 'content-length': '63',
npm verb headers etag: 'W/"3f-demMhYZwlqi35Jmuz+gJ3A"',
npm verb headers vary: 'Accept-Encoding',
npm verb headers 'x-status-cat': 'http://flic.kr/p/aXYvop',
npm verb headers date: 'Wed, 26 Oct 2016 22:23:37 GMT',
npm verb headers connection: 'keep-alive' }
npm info retry will retry, error on last attempt: Error: one of the uplinks is down, refuse to publish : test-package
npm info attempt registry request try #2 at 5:23:47 PM
npm verb request using bearer token for auth
npm http request PUT http://localhost:4873/test-package
npm http 503 http://localhost:4873/test-package
npm verb headers { 'x-powered-by': 'verdaccio/2.1.0',
npm verb headers 'content-type': 'application/json; charset=utf-8',
npm verb headers 'content-length': '63',
npm verb headers etag: 'W/"3f-demMhYZwlqi35Jmuz+gJ3A"',
npm verb headers vary: 'Accept-Encoding',
npm verb headers 'x-status-cat': 'http://flic.kr/p/aXYvop',
npm verb headers date: 'Wed, 26 Oct 2016 22:23:47 GMT',
npm verb headers connection: 'keep-alive' }
npm info retry will retry, error on last attempt: Error: one of the uplinks is down, refuse to publish : test-package
npm info attempt registry request try #3 at 5:24:47 PM
npm verb request using bearer token for auth
npm http request PUT http://localhost:4873/test-package
npm http 503 http://localhost:4873/test-package
npm verb headers { 'x-powered-by': 'verdaccio/2.1.0',
npm verb headers 'content-type': 'application/json; charset=utf-8',
npm verb headers 'content-length': '63',
npm verb headers etag: 'W/"3f-demMhYZwlqi35Jmuz+gJ3A"',
npm verb headers vary: 'Accept-Encoding',
npm verb headers 'x-status-cat': 'http://flic.kr/p/aXYvop',
npm verb headers date: 'Wed, 26 Oct 2016 22:24:47 GMT',
npm verb headers connection: 'keep-alive' }
npm verb request invalidating /home/myuserid/.npm/localhost_4873/test-package on PUT
npm ERR! publish Failed PUT 503
npm verb stack Error: one of the uplinks is down, refuse to publish : test-package
npm verb stack at makeError (/home/myuserid/.nvm/versions/node/v4.6.1/lib/node_modules/npm/node_modules/npm-registry-client/lib/request.js:264:12)
npm verb stack at CachingRegistryClient.<anonymous> (/home/myuserid/.nvm/versions/node/v4.6.1/lib/node_modules/npm/node_modules/npm-registry-client/lib/request.js:252:14)
npm verb stack at Request._callback (/home/myuserid/.nvm/versions/node/v4.6.1/lib/node_modules/npm/node_modules/npm-registry-client/lib/request.js:172:14)
npm verb stack at Request.self.callback (/home/myuserid/.nvm/versions/node/v4.6.1/lib/node_modules/npm/node_modules/request/request.js:200:22)
npm verb stack at emitTwo (events.js:87:13)
npm verb stack at Request.emit (events.js:172:7)
npm verb stack at Request.<anonymous> (/home/myuserid/.nvm/versions/node/v4.6.1/lib/node_modules/npm/node_modules/request/request.js:1067:10)
npm verb stack at emitOne (events.js:82:20)
npm verb stack at Request.emit (events.js:169:7)
npm verb stack at IncomingMessage.<anonymous> (/home/myuserid/.nvm/versions/node/v4.6.1/lib/node_modules/npm/node_modules/request/request.js:988:12)
npm verb statusCode 503
npm verb pkgid test-package
npm verb cwd /home/myuserid/dev/node-dev/test-package
npm ERR! Linux 2.6.32-642.6.1.el6.centos.plus.x86_64
npm ERR! argv "/home/myuserid/.nvm/versions/node/v4.6.1/bin/node" "/home/myuserid/.nvm/versions/node/v4.6.1/bin/npm" "publish" "--verbose"
npm ERR! node v4.6.1
npm ERR! npm v2.15.9
npm ERR! code E503
npm ERR! one of the uplinks is down, refuse to publish : test-package
npm ERR!
npm ERR! If you need help, you may report this error at:
npm ERR! <https://github.com/npm/npm/issues>
npm verb exit [ 1, true ]
npm ERR! Please include the following file with any support request:
npm ERR! /home/myuserid/dev/node-dev/test-package/npm-debug.log
npm-debug.log
0 info it worked if it ends with ok
1 verbose cli [ '/home/myuserid/.nvm/versions/node/v4.6.1/bin/node',
1 verbose cli '/home/myuserid/.nvm/versions/node/v4.6.1/bin/npm',
1 verbose cli 'publish',
1 verbose cli '--verbose' ]
2 info using [email protected]
3 info using [email protected]
4 verbose publish [ '.' ]
5 silly cache add args [ '.', null ]
6 verbose cache add spec .
7 silly cache add parsed spec Result {
7 silly cache add raw: '.',
7 silly cache add scope: null,
7 silly cache add name: null,
7 silly cache add rawSpec: '.',
7 silly cache add spec: '/home/myuserid/dev/node-dev/test-package',
7 silly cache add type: 'directory' }
8 verbose addLocalDirectory /home/myuserid/.npm/test-package/1.0.0/package.tgz not in flight; packing
9 verbose correctMkdir /home/myuserid/.npm correctMkdir not in flight; initializing
10 verbose tar pack [ '/home/myuserid/.npm/test-package/1.0.0/package.tgz',
10 verbose tar pack '/home/myuserid/dev/node-dev/test-package' ]
11 verbose tarball /home/myuserid/.npm/test-package/1.0.0/package.tgz
12 verbose folder /home/myuserid/dev/node-dev/test-package
13 info prepublish [email protected]
14 verbose addLocalTarball adding from inside cache /home/myuserid/.npm/test-package/1.0.0/package.tgz
15 verbose correctMkdir /home/myuserid/.npm correctMkdir not in flight; initializing
16 silly cache afterAdd [email protected]
17 verbose afterAdd /home/myuserid/.npm/test-package/1.0.0/package/package.json not in flight; writing
18 verbose correctMkdir /home/myuserid/.npm correctMkdir not in flight; initializing
19 verbose afterAdd /home/myuserid/.npm/test-package/1.0.0/package/package.json written
20 silly publish { name: 'test-package',
20 silly publish version: '1.0.0',
20 silly publish description: '"publish test package"',
20 silly publish main: 'index.js',
20 silly publish scripts: { test: 'echo "Error: no test specified" && exit 1' },
20 silly publish author: { name: 'myuserid' },
20 silly publish license: 'ISC',
20 silly publish publishConfig: { registry: 'http://localhost:4873' },
20 silly publish readme: 'ERROR: No README data found!',
20 silly publish _id: '[email protected]',
20 silly publish _shasum: '96ae3b33911f4ac620a1fba68aed9ea7b35870f7',
20 silly publish _from: '.' }
21 verbose getPublishConfig { registry: 'http://localhost:4873' }
22 silly mapToRegistry name test-package
23 silly mapToRegistry using default registry
24 silly mapToRegistry registry http://localhost:4873
25 silly mapToRegistry data Result {
25 silly mapToRegistry raw: 'test-package',
25 silly mapToRegistry scope: null,
25 silly mapToRegistry name: 'test-package',
25 silly mapToRegistry rawSpec: '',
25 silly mapToRegistry spec: 'latest',
25 silly mapToRegistry type: 'tag' }
26 silly mapToRegistry uri http://localhost:4873/test-package
27 verbose publish registryBase http://localhost:4873/
28 silly publish uploading /home/myuserid/.npm/test-package/1.0.0/package.tgz
29 verbose request uri http://localhost:4873/test-package
30 verbose request sending authorization for write operation
31 info attempt registry request try #1 at 5:23:36 PM
32 verbose request using bearer token for auth
33 verbose request id 2cab1a228bcea447
34 http request PUT http://localhost:4873/test-package
35 http 503 http://localhost:4873/test-package
36 verbose headers { 'x-powered-by': 'verdaccio/2.1.0',
36 verbose headers 'content-type': 'application/json; charset=utf-8',
36 verbose headers 'content-length': '63',
36 verbose headers etag: 'W/"3f-demMhYZwlqi35Jmuz+gJ3A"',
36 verbose headers vary: 'Accept-Encoding',
36 verbose headers 'x-status-cat': 'http://flic.kr/p/aXYvop',
36 verbose headers date: 'Wed, 26 Oct 2016 22:23:37 GMT',
36 verbose headers connection: 'keep-alive' }
37 info retry will retry, error on last attempt: Error: one of the uplinks is down, refuse to publish : test-package
38 info attempt registry request try #2 at 5:23:47 PM
39 verbose request using bearer token for auth
40 http request PUT http://localhost:4873/test-package
41 http 503 http://localhost:4873/test-package
42 verbose headers { 'x-powered-by': 'verdaccio/2.1.0',
42 verbose headers 'content-type': 'application/json; charset=utf-8',
42 verbose headers 'content-length': '63',
42 verbose headers etag: 'W/"3f-demMhYZwlqi35Jmuz+gJ3A"',
42 verbose headers vary: 'Accept-Encoding',
42 verbose headers 'x-status-cat': 'http://flic.kr/p/aXYvop',
42 verbose headers date: 'Wed, 26 Oct 2016 22:23:47 GMT',
42 verbose headers connection: 'keep-alive' }
43 info retry will retry, error on last attempt: Error: one of the uplinks is down, refuse to publish : test-package
44 info attempt registry request try #3 at 5:24:47 PM
45 verbose request using bearer token for auth
46 http request PUT http://localhost:4873/test-package
47 http 503 http://localhost:4873/test-package
48 verbose headers { 'x-powered-by': 'verdaccio/2.1.0',
48 verbose headers 'content-type': 'application/json; charset=utf-8',
48 verbose headers 'content-length': '63',
48 verbose headers etag: 'W/"3f-demMhYZwlqi35Jmuz+gJ3A"',
48 verbose headers vary: 'Accept-Encoding',
48 verbose headers 'x-status-cat': 'http://flic.kr/p/aXYvop',
48 verbose headers date: 'Wed, 26 Oct 2016 22:24:47 GMT',
48 verbose headers connection: 'keep-alive' }
49 verbose request invalidating /home/myuserid/.npm/localhost_4873/test-package on PUT
50 error publish Failed PUT 503
51 verbose stack Error: one of the uplinks is down, refuse to publish : test-package
51 verbose stack at makeError (/home/myuserid/.nvm/versions/node/v4.6.1/lib/node_modules/npm/node_modules/npm-registry-client/lib/request.js:264:12)
51 verbose stack at CachingRegistryClient.<anonymous> (/home/myuserid/.nvm/versions/node/v4.6.1/lib/node_modules/npm/node_modules/npm-registry-client/lib/request.js:252:14)
51 verbose stack at Request._callback (/home/myuserid/.nvm/versions/node/v4.6.1/lib/node_modules/npm/node_modules/npm-registry-client/lib/request.js:172:14)
51 verbose stack at Request.self.callback (/home/myuserid/.nvm/versions/node/v4.6.1/lib/node_modules/npm/node_modules/request/request.js:200:22)
51 verbose stack at emitTwo (events.js:87:13)
51 verbose stack at Request.emit (events.js:172:7)
51 verbose stack at Request.<anonymous> (/home/myuserid/.nvm/versions/node/v4.6.1/lib/node_modules/npm/node_modules/request/request.js:1067:10)
51 verbose stack at emitOne (events.js:82:20)
51 verbose stack at Request.emit (events.js:169:7)
51 verbose stack at IncomingMessage.<anonymous> (/home/myuserid/.nvm/versions/node/v4.6.1/lib/node_modules/npm/node_modules/request/request.js:988:12)
52 verbose statusCode 503
53 verbose pkgid test-package
54 verbose cwd /home/myuserid/dev/node-dev/test-package
55 error Linux 2.6.32-642.6.1.el6.centos.plus.x86_64
56 error argv "/home/myuserid/.nvm/versions/node/v4.6.1/bin/node" "/home/myuserid/.nvm/versions/node/v4.6.1/bin/npm" "publish" "--verbose"
57 error node v4.6.1
58 error npm v2.15.9
59 error code E503
60 error one of the uplinks is down, refuse to publish : test-package
61 error If you need help, you may report this error at:
61 error <https://github.com/npm/npm/issues>
62 verbose exit [ 1, true ]
within config I allowed authenticated access only, docker container is killed at the moment request on list web interface is made or if you try to publish package while not authenticated. Used this docker image https://hub.docker.com/r/therightplace/verdaccio/
fatal --- uncaught exception, please report this
ForbiddenError: unregistered users are not allowed to access package dummy-npmv2
at Object.allow_access (/usr/src/app/lib/auth.js:67:23)
at next (/usr/src/app/lib/auth.js:141:7)
at next (/usr/src/app/lib/auth.js:138:14)
at next (/usr/src/app/lib/auth.js:138:14)
at Auth.allow_access (/usr/src/app/lib/auth.js:146:5)
at async.filterSeries.template.name (/usr/src/app/lib/index-web.js:52:14)
at /usr/src/app/node_modules/async/dist/async.js:4937:13
at replenish (/usr/src/app/node_modules/async/dist/async.js:873:21)
at /usr/src/app/node_modules/async/dist/async.js:883:15
at _filter (/usr/src/app/node_modules/async/dist/async.js:4936:9)
I am wondering if there is some way to set a maximum cache length (e.g. 2 days)? In my scenario what I would really like to do is have the cache length set to 0 days, so that verdaccio always checks if there is a newer version (even when a local version satisfying the semver exists), and only if there isn't, it should serve the one in the cache.
This is so that we can always be using the latest versions of everything but have older versions for backups just in case.
There is an optional dependency on baudehlo/node-fs-ext
This is used for file-level locking. It produces a list of deprecation warnings when installed on *nix. It does not install at all on Windows. This would prevent or hamper deployment on Windows.
A multi-platform alternative would be better.
Sinopia/Verdaccio does not resolve @type/React . It's not able to resolve/delegate them to the main npm registry.
At least it should be able to delegate it.
http <-- 404, user: xxx, req: 'GET /@types%2fglob', error: no such package available
http <-- 404, user: xxx, req: 'GET /@types%2fdel', error: no such package available
http <-- 404, user: xxx, req: 'GET /@types%2fchai', error: no such package available
http <-- 404, user: xxx, req: 'GET /@types%2fgulp', error: no such package available
http <-- 404, user: xxx, req: 'GET /@types%2fgulp-concat', error: no such package available
@trentearl I put sinopia running in the docker which runs on ubuntu, it is stable for a long time, but recently it is used by increasing people, and it always crashes. I has review the issues post before. They all point that the# ulimit is too small, and i modified ulimit to make it larger(i made ulimit to 999999) successfully. But sinopia always crashes as before. It report error as follows. Could someone answer my question? Thanks a lot!!
http --> ERR, req: 'GET https://registry.npmjs.org/sass', error: getaddrinfo ENOTFOUND registry.npmjs.org registry.npmjs.org:443
http <-- 200, user: chenpy, req: 'GET /sass', bytes: 0/701
http --> ERR, req: 'GET https://registry.npmjs.org/karma-ng-html2js-preprocessor', error: getaddrinfo ENOTFOUND registry.npmjs.org registry.npmjs.org:443
http --> ERR, req: 'GET https://registry.npmjs.org/karma-coverage', error: getaddrinfo ENOTFOUND registry.npmjs.org registry.npmjs.org:443
warn --> host registry.npmjs.org is now offline
http --> ERR, req: 'GET https://registry.npmjs.org/karma-angular-filesort', error: getaddrinfo ENOTFOUND registry.npmjs.org registry.npmjs.org:443
http --> ERR, req: 'GET https://registry.npmjs.org/karma-phantomjs-lau
http <-- 200, user: undefined, req: 'GET /-/static/favicon.png', bytes: 0/315
http --> ERR, req: 'GET https://registry.npmjs.org/gfc-core', error: ETIMEDOUT
Error: getaddrinfo ENOTFOUND registry.npmjs.org registry.npmjs.org:443
at errnoException (dns.js:26:10)
at GetAddrInfoReqWrap.onlookup as oncomplete
http --> ERR, req: 'GET https://registry.npmjs.org/gulp-htmlmin', error: connect ECONNREFUSED 103.245.222.162:443
http <-- 200, user: hanyaonian, req: 'GET /gulp-htmlmin', bytes: 0/3473
http --> ERR, req: 'GET https://registry.npmjs.org/del', error: connect ECONNREFUSED 103.245.222.162:443
http --> ERR, req: 'GET https://registry.npmjs.org/gulp-flatten', error: connect ECONNREFUSED 103.245.222.162:443
http --> ERR, req: 'GET https://registry.npmjs.org/gulp-livescript', error: connect ECONNREFUSED 103.245.222.162:443
Error: not implemented
at Readable._read (/opt/sinopia/node_modules/sinopia/node_modules/readable-stream/lib/_stream_readable.js:496:22)
at Readable.read (/opt/sinopia/node_modules/sinopia/node_modules/readable-stream/lib/_stream_readable.js:373:10)
at Readable.resume (/opt/sinopia/node_modules/sinopia/node_modules/readable-stream/lib/_stream_readable.js:742:12)
at Readable.on (/opt/sinopia/node_modules/sinopia/node_modules/readable-stream/lib/_stream_readable.js:708:10)
at Storage.get_url (/opt/sinopia/node_modules/sinopia/lib/up-storage.js:313:11)
at on_open (/opt/sinopia/node_modules/sinopia/lib/storage.js:252:29)
Error: getaddrinfo ENOTFOUND registry.npmjs.org registry.npmjs.org:443
at errnoException (dns.js:26:10)
at GetAddrInfoReqWrap.onlookup as oncomplete
http <-- 500, user: chenzl25, req: 'GET /plugin-error/-/plugin-error-0.1.2.tgz', error: internal server error
warn --> host registry.npmjs.org is now offline
error --- unexpected error: getaddrinfo ENOTFOUND registry.npmjs.org registry.npmjs.org:443
travis.yml needs to be updated and verdaccion published to npm for easy installation.
When I run npm adduser --registry http://npm.example.com:4873
I expect a NPM_TOKEN inside ~/.npmrc but I get the following error instead:
this user already exists : -/user/org.couchdb.user:johndoe/-rev/undefined
We are using ansible to populate an htpasswd file, here is the authentication configuration:
auth:
htpasswd:
file: /verdaccio/conf/htpasswd
Do you plan to add support to generate NPM_TOKENs? Is there a workaround to generate them?
How can I prevent the creation of a new user? It seems that anyone can create users; get the registry's url, run npm adduser
and you can access the packages. To prevent access from unexpected users, I changed the permissions of /verdaccio/conf/htpasswd to 0444.
Hi,
First, thanks for your active work on maintaining sinopia!
We are currently looking in my company at possible solutions for private npm/npm cache and of course verdaccio/sinopia is being considered. At the same time we found some alternatives that seems to be actively used by others:
Is anyone using/considering one of those?
It should work as well, right? But it doesn't
A few very important commits have gone into that fork, perhaps it would make sense to merge them here as well.
I am trying to cache public npm packages on my TeamCity build server.
verdaccio creates a directory for each npm packages but no binaries are saved.
Requests looks like this:
http <-- 200, user: mha, req: 'GET /pako', bytes: 0/4391 http --> 304, req: 'GET https://registry.npmjs.org/ieee754', bytes: 0/0 http --> 304, req: 'GET https://registry.npmjs.org/base64-js', bytes: 0/0 http <-- 304, user: mha, req: 'GET /ieee754', bytes: 0/0 http <-- 304, user: mha, req: 'GET /base64-js', bytes: 0/0 http --> 304, req: 'GET https://registry.npmjs.org/date-now', bytes: 0/0 http <-- 304, user: mha, req: 'GET /date-now', bytes: 0/0 http --> 304, req: 'GET https://registry.npmjs.org/ripemd160', bytes: 0/0 http --> 304, req: 'GET https://registry.npmjs.org/pbkdf2-compat', bytes: 0/0 http --> 304, req: 'GET https://registry.npmjs.org/sha.js', bytes: 0/0 http <-- 304, user: mha, req: 'GET /ripemd160', bytes: 0/0 http <-- 304, user: mha, req: 'GET /sha.js', bytes: 0/0
Am I missing something?
npm install @angular/common
gives
npm ERR! Linux 3.13.0-93-generic
npm ERR! argv "/home/UX/fziacikux/.nvm/versions/node/v6.3.1/bin/node" "/home/UX/fziacikux/.nvm/versions/node/v6.3.1/bin/npm" "install" "@angular/common"
npm ERR! node v6.3.1
npm ERR! npm v3.10.3
npm ERR! code E404
npm ERR! 404 no such package available : @angular/common
npm ERR! 404
npm ERR! 404 '@angular/common' is not in the npm registry.
Log file attached.
npm-debug.zip
Instead we should use the node_modules/.bin/
folder in the package.json.
That we dont have to assume that the npm packages are globally installed and at the correct version.
Hi
Is there a way to reset reset the db (clear all packages)?
reinstalling didn't hellpe.
Thanks
Avi
It would be nice if Similar existing things
in the readme mentioned local-npm and gave us some indication of how this project is different in features / functionality. https://github.com/nolanlawson/local-npm
ForbiddenError: unregistered users are not allowed to access package @myorg/demo
at Object.allow_access (/usr/local/lib/node_modules/verdaccio/lib/auth.js:67:23)
at next (/usr/local/lib/node_modules/verdaccio/lib/auth.js:141:7)
at next (/usr/local/lib/node_modules/verdaccio/lib/auth.js:138:14)
at next (/usr/local/lib/node_modules/verdaccio/lib/auth.js:138:14)
at Auth.allow_access (/usr/local/lib/node_modules/verdaccio/lib/auth.js:146:5)
at async.filterSeries.template.name (/usr/local/lib/node_modules/verdaccio/lib/index-web.js:52:14)
at /usr/local/lib/node_modules/verdaccio/node_modules/async/dist/async.js:3382:13
at replenish (/usr/local/lib/node_modules/verdaccio/node_modules/async/dist/async.js:836:21)
at /usr/local/lib/node_modules/verdaccio/node_modules/async/dist/async.js:846:15
at _filter (/usr/local/lib/node_modules/verdaccio/node_modules/async/dist/async.js:3381:9)
Since you want to publish this on npm and since the original maintainers seem to have abandoned the project, will this become a real fork, i.e. renamed binary and stuff?
I just noticed if I search github for 'verdaccio' it does not return verdaccio/verdaccio.
The only repositories it show me are:
I wonder why that is and just wanted to mention it.
I've noticed recently that I am seeing lines in my npm-shrinkwrap.json
files which indicate a few packages are still being installed from registry.npmjs.org
instead of verdaccio
. For example:
"iconv-lite": {
"version": "0.4.13",
"from": "[email protected]",
"resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.13.tgz"
},
It seems to be some (but not all) indirect dependencies. I have not had time to investigate this further yet, but clearly it's unexpected behaviour to not be using the cache.
The effect is fairly minimal if npm
can see the registry.npmjs.org
server. It just causes extra Internet traffic because some some packages are fetched from that registry. If the server is locked down so that it can't see the external registry, then it breaks the install process.
I think something changed quite recently, and the most likely culprit is moving to npm 3 on our development machines (where the shrinkwrap files are created). When you create a shrinkwrap file I believe it uses a combination of the npm
cache and the node_modules
folder to generate the metadata for each dependency in the tree. I am guessing that something has changed here, and not necessarily for the better.
I will investigate further when I have time. For now, the workaround is simply to edit npm-shrinkwrap.json
after creating it, replacing any registry.npmjs.org
references with the correct verdaccio
registry. This seems to work fine.
There is an optional dependency on sendanor/node-crypt3
This is used for password encryption. It does not install at all on Windows. This would prevent or hamper deployment on Windows. It would also hamper contributors, because it is used in one of the tests.
A multi-platform alternative would be better.
It is actually not used in the main project. It is installed by Verdaccio, but only used by a dependency (sinopia-htpasswd
). It is only installed by Verdaccio because one of the tests makes reference to its install location, and therefore tries to force the location. This is problematic anyway if they ever use different versions.
I think we should consider how to replace sinopia-htpasswd
with a self-contained equivalent, which does not rely on crypt3
. Relying on sinopia-htpasswd
might cause problems if that project is also abandonware.
I put sinopia running in the docker which runs on ubuntu, it is stable for a long time, but recently it is used by increasing people, and it always crashes. I has review the issues post before. They all point that the# ulimit is too small, and i modified ulimit to make it larger(i made ulimit to 999999) successfully. But sinopia always crashes as before. It report error as follows. Could someone answer my question? Thanks a lot!!
http --> ERR, req: 'GET https://registry.npmjs.org/sass', error: getaddrinfo ENOTFOUND registry.npmjs.org registry.npmjs.org:443
http <-- 200, user: chenpy, req: 'GET /sass', bytes: 0/701
http --> ERR, req: 'GET https://registry.npmjs.org/karma-ng-html2js-preprocessor', error: getaddrinfo ENOTFOUND registry.npmjs.org registry.npmjs.org:443
http --> ERR, req: 'GET https://registry.npmjs.org/karma-coverage', error: getaddrinfo ENOTFOUND registry.npmjs.org registry.npmjs.org:443
warn --> host registry.npmjs.org is now offline
http --> ERR, req: 'GET https://registry.npmjs.org/karma-angular-filesort', error: getaddrinfo ENOTFOUND registry.npmjs.org registry.npmjs.org:443
http --> ERR, req: 'GET https://registry.npmjs.org/karma-phantomjs-lau
http <-- 200, user: undefined, req: 'GET /-/static/favicon.png', bytes: 0/315
http --> ERR, req: 'GET https://registry.npmjs.org/gfc-core', error: ETIMEDOUT
Error: getaddrinfo ENOTFOUND registry.npmjs.org registry.npmjs.org:443
at errnoException (dns.js:26:10)
at GetAddrInfoReqWrap.onlookup as oncomplete
http --> ERR, req: 'GET https://registry.npmjs.org/gulp-htmlmin', error: connect ECONNREFUSED 103.245.222.162:443
http <-- 200, user: hanyaonian, req: 'GET /gulp-htmlmin', bytes: 0/3473
http --> ERR, req: 'GET https://registry.npmjs.org/del', error: connect ECONNREFUSED 103.245.222.162:443
http --> ERR, req: 'GET https://registry.npmjs.org/gulp-flatten', error: connect ECONNREFUSED 103.245.222.162:443
http --> ERR, req: 'GET https://registry.npmjs.org/gulp-livescript', error: connect ECONNREFUSED 103.245.222.162:443
Error: not implemented
at Readable._read (/opt/sinopia/node_modules/sinopia/node_modules/readable-stream/lib/_stream_readable.js:496:22)
at Readable.read (/opt/sinopia/node_modules/sinopia/node_modules/readable-stream/lib/_stream_readable.js:373:10)
at Readable.resume (/opt/sinopia/node_modules/sinopia/node_modules/readable-stream/lib/_stream_readable.js:742:12)
at Readable.on (/opt/sinopia/node_modules/sinopia/node_modules/readable-stream/lib/_stream_readable.js:708:10)
at Storage.get_url (/opt/sinopia/node_modules/sinopia/lib/up-storage.js:313:11)
at on_open (/opt/sinopia/node_modules/sinopia/lib/storage.js:252:29)
Error: getaddrinfo ENOTFOUND registry.npmjs.org registry.npmjs.org:443
at errnoException (dns.js:26:10)
at GetAddrInfoReqWrap.onlookup as oncomplete
http <-- 500, user: chenzl25, req: 'GET /plugin-error/-/plugin-error-0.1.2.tgz', error: internal server error
warn --> host registry.npmjs.org is now offline
error --- unexpected error: getaddrinfo ENOTFOUND registry.npmjs.org registry.npmjs.org:443
Hi guys,
As you may know, (https://github.com/nodejs/LTS) Node is gonna stop the LTS support for 0.10 at the end of the month and 0.12 at beginning of the next year. Node 4 also pretty soon will be dropped (April 2017). Basically they are force everybody to move Node 4 / 6 ASAP.
It does not make sense keep supporting such versions anymore, I think is time to move on and clean up a little bit, the code is getting old. I'm thinking, maybe move the code base to ES6 syntax is a good idea, after all is "completely" (97%) supported by Node 6 or Node 4 (52%) supported until 2018.
Aside of that I was thinking to re-do the front but for that I'd need mention this before. Waiting for your thoughts.
Install verdaccio via npm:
sudo npm install -g https://github.com/verdaccio/verdaccio
Navigate into the verdaccio directory, and run npm install to pull in the missing packages.
sudo npm install
Here is my output from that command:
npm WARN deprecated [email protected]: Jade has been renamed to pug, please install the latest version of pug instead of jade
[email protected] (git+https://github.com/verdaccio/verdaccio.git#cafbb5f76b7f8884e737dc22daec433b8fb7e84f) /usr/lib/node_modules/verdaccio
`-- (empty)
npm WARN optional Skipping failed optional dependency /chokidar/fsevents:
npm WARN notsup Not compatible with your operating system or architecture: [email protected]
npm ERR! Linux 2.6.32-573.26.1.el6.x86_64
npm ERR! argv "/usr/bin/node" "/usr/bin/npm" "install"
npm ERR! node v6.2.0
npm ERR! npm v3.9.2
npm ERR! path /usr/lib/node_modules/verdaccio/node_modules/.staging/verdaccio-a94e2c36
npm ERR! code ENOENT
npm ERR! errno -2
npm ERR! syscall rename
npm ERR! enoent ENOENT: no such file or directory, rename '/usr/lib/node_modules/verdaccio/node_modules/.staging/verdaccio-a94e2c36' -> '/usr/lib/node_modules/verdaccio'
npm ERR! enoent ENOENT: no such file or directory, rename '/usr/lib/node_modules/verdaccio/node_modules/.staging/verdaccio-a94e2c36' -> '/usr/lib/node_modules/verdaccio'
npm ERR! enoent This is most likely not a problem with npm itself
npm ERR! enoent and is related to npm not being able to find a file.
npm ERR! enoent
npm ERR! Linux 2.6.32-573.26.1.el6.x86_64
npm ERR! argv "/usr/bin/node" "/usr/bin/npm" "install"
npm ERR! node v6.2.0
npm ERR! npm v3.9.2
npm ERR! path npm-debug.log.1213440477
npm ERR! code ENOENT
npm ERR! errno -2
npm ERR! syscall open
npm ERR! enoent ENOENT: no such file or directory, open 'npm-debug.log.1213440477'
npm ERR! enoent ENOENT: no such file or directory, open 'npm-debug.log.1213440477'
npm ERR! enoent This is most likely not a problem with npm itself
npm ERR! enoent and is related to npm not being able to find a file.
npm ERR! enoent
npm ERR! Please include the following file with any support request:
npm ERR! /usr/lib/node_modules/verdaccio/npm-debug.log
npm ERR! code 1
Upon exiting, my verdaccio instance has been completely removed. There no longer is a verdaccio directory under /usr/lib/node_modules. This is a problem.
nodejs version: 6.2.0
npm version: 3.9.2
Hi, I'd like to migrate from sinopia, but it's not clear if it will be a smooth upgrade?
I don't see any CHANGELOG or wiki entries or release info about breaking changes.
Thx in advance!
I want to publish my package to http://localhost:4873/ the name of the package is @local/my-lib
If I try to do it I get error :
one of the uplinks is down, refuse to publish
without the scope it is working .
My command is
call npm config set @Local:registry http://localhost:4873
call npm publish
In my packages.json :
"publishConfig":{
"registry":"http://localhost:4873"
},
My first attempt at creating a Dockerfile for this project seems to work, I could submit a pull request if there's interest.. but I'm adding a slightly tweaked config.yaml into the main repo so it's easier to manage that outside of the container.
FROM node:onbuild
MAINTAINER RnbWd <[email protected]>
RUN npm install --production
CMD ['/bin/sh, bin/sinopia']
EXPOSE 4873
VOLUME /sinopia/storage
I haven't tested linking volumes yet - I'm also using the new docker-beta alpha release for mac that doesn't use viritualbox
actually should be like this:
# Pull base image.
FROM node:onbuild
MAINTAINER RnbWd <[email protected]>
RUN npm install --production
VOLUME ['/usr/src/app/storage', '/usr/src/app/config.yaml']
EXPOSE 4873
CMD ["/usr/src/app/bin/sinopia"]
At the top of README.md
there is a red graphic which says 'build: failing'. This is an external link to https://travis-ci-org
. I haven't used this stuff before, but basically what happens is that whenever a commit is made, GitHib
tells travis-ci-org
, which then checks out the code and runs all the tests. It emails if there's a failure, and it enables the dynamic icon in the README.md
as well.
If we want to make use of this, then we will need a free account on https://travis-ci.org for user verdaccio
, which will have to be created and owned by @trentearl . It will need verdaccio/verdaccio
on GitHub linking to it. Then we can change the link in README.md
from https://travis-ci.org/rlidwka/sinopia to https://travis-ci.org/verdaccio/verdaccio.
The eagle-eyed may have spotted that in the original sinopia
version, it says the build is failing. And so was Verdaccio
, but it appears that eliminating the messy optional dependencies in #18 has fixed the external Travis build, as some sort of bonus. So if we do set this up, our icon will turn green, because our version does build ๐
Hello,
I think for writing new plugins it would be really nice to be able to load plugins with verdaccio- prefix.
With kind regards,
Nighthawk
There is no any shell script in bin
directory.
I am currently planning on having my package files sync'd with S3 in order to back the files up. Running with Sinopia still at the moment using Docker and the packages are mounted. For backing up I am in two minds cronjob doing the syncing but what would be really cool is that this be done automatically on a publish.
Wondering what your thoughts are on this as a possible feature added on to verdaccio
with it being optionally used.
Jade is now pug. The dependencies need to be updated and changed to rely on pug.
npm-latest package has some problem with sinopia and verdaccio
$ npm i npm-latest verdaccio
$ echo 'registry=http://localhost:4873' > ~/.npmrc
$ ./node_modules/.bin/verdaccio
$ ./node_modules/.bin/npm-latest how2
how2:
latest: null
last updated: null
related issues:
I have an old sinopia running and I would like to move to verdaccio with all our private/cache reops Whats is the best way to achieve that?
2 tests fail around race conditions using nodev5.4.1.
https://github.com/verdaccio/verdaccio/blob/d260231/test/functional/race.js
So it's more like that https://github.com/rlidwka/sinopia goes away. RIP.
Once again i think we need get call here all from rlidwka/sinopia#376
Just started with testing on node v6. It works. In few days will try to test this fork.
If some one find npm/node related issue i think this is right place.
Thanks.
graceful-fs ~3 will fail on node < 7. It needs to be updated to ~4 to prevent failures on newer node releases.
bin/ folder is ignored on publish
$ npm install -g verdaccio
npm ERR! Darwin 14.5.0
npm ERR! argv "/usr/local/bin/node" "/usr/local/bin/npm" "install" "-g" "verdaccio"
npm ERR! node v5.6.0
npm ERR! npm v3.6.0
npm ERR! path /usr/local/lib/node_modules/verdaccio/bin/verdaccio
npm ERR! code ENOENT
npm ERR! errno -2
npm ERR! syscall chmod
npm ERR! enoent ENOENT: no such file or directory, chmod '/usr/local/lib/node_modules/verdaccio/bin/verdaccio'
npm ERR! enoent ENOENT: no such file or directory, chmod '/usr/local/lib/node_modules/verdaccio/bin/verdaccio'
npm ERR! enoent This is most likely not a problem with npm itself
npm ERR! enoent and is related to npm not being able to find a file.
npm ERR! enoent
npm ERR! Please include the following file with any support request:
In "Installation" section, still shows sinopia.All Links points to siopia too.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.