verdaccio / verdaccio Goto Github PK

View Code? Open in Web Editor NEW

15.9K 15.9K 1.3K 572.8 MB

📦🔐 A lightweight Node.js private proxy registry

Home Page: https://www.verdaccio.org/

License: MIT License

JavaScript 4.46% Shell 0.09% Dockerfile 0.57% TypeScript 92.19% HTML 0.05% SCSS 1.02% CSS 1.62%

docker heml javascript kubernetes nodejs npm pnpm private-npm registry registry-proxy sponsor verdaccio yarn

verdaccio's Issues

Yarn authentication not working

Hi. We've been running Sinopia for a while and recently switched to Verdaccio as a private registry.

I looked into Yarn, but didn't get this to work with Verdaccio. Yarn's authentication flow is as follows:

yarn login
Enter username and email
yarn install
Enter password if needed
Authenticated

However, this method of authentication does not seem to work. The following error is thrown:
Error: https://*.*/isomorphic-fetch: unregistered users are not allowed to access package isomorphic-fetch

I'm not sure whether this is an issue with Yarn or Verdaccio. Do any of you have experiences with using the combination of the two?

Some tests don't run on Windows

This is more of a problem for contributors than users, but some tests don't run on Windows. For example, test/functional/index.js assumes it will be able to use lsof, which has no Windows equivalent:

exec('lsof -p ' + Number(server.pid), function(err, result) {

I'm not sure how to make it more multiplatform. I use both OS X and Windows platforms, so it's a partial problem for me.

Incorrect handling of dist-tags

I was going to add this to Sinopia, but as we all know, that project seems to be defunct now. So I may as well add it here.

The way dist-tags (contained in a module's package.json) is handled appears incorrect. Elements are treated as an array, in other words like this:

dist-tags": {
    "latest": [
        "1.0.0-beta10",
        "1.0.0-beta11",
        "1.0.0-beta12",
        "1.0.0-beta9"
    ]
}

This is a real world example (react-select). The array is sorted using the sort method provided by the semver module. When someone requests the latest version, the last element in the array is examined to work out the version to provide.

In most cases, this will be fine, but in this particular case, 1.0.0-beta9 is returned. Clearly this isn't the latest version, but is the result of a lexical sort (beta9 is greater than beta12).

You could legitimately argue that the authors of react-select have not read the Semver.org manual, and the version numbers should be 1.0.0-beta.9, 1.0.0-beta.10 etc, which would be sorted correctly. However, that doesn't help, and doesn't alter the fact that when someone does npm install react-select they want the latest, and not some other version just because the implementation in sinopia/verdaccio is a bit odd.

The reality is that Sinopia/Verdaccio should be replicating what the upstream repository would do (i.e. registry.npmjs.org). That does not return an array. It knows what the latest version is, and returns it as a string, like this:

dist-tags": {
    "latest": "1.0.0-beta12"
}

So really, all we need to do is stop Sinopia/Verdaccio treating it as an array, or trying to do anything clever, and just do what the upstream repo tells it to. This should be quite easy, compared to all the complexity of sorting and merging that happens with the array.

If and when I get time, I will sort out a pull request and do it properly, but in the meantime, here's what I changed so far.

in utils.js, replace module.exports.tag_version with this:

module.exports.tag_version = function(data, version, tag, config) {
    if (!can_add_tag(tag, config)) return false

    if (data['dist-tags'][tag] !== version) {
        data['dist-tags'][tag] = version;
        return true;
    }

    return false;
}

There are some other places which may need attention. I will add them here as I find them. My intention is to eliminate the 'ignore latest tag' config option, too. I can't see any reason why we shouldn't trust the upstream repo's latest tag. I need to investigate publishing local packages, to see what that does, too.

I may be the only person who is having this issue. I take it the consensus is we should fix it, rather than me just patch my local sinopia?

fatal --- uncaught exception, please report this

Question: Original Sinopia still has the below issue, but has it been solved in the verdaccio-fork?

fatal --- uncaught exception, please report this
Error: not implemented
at Readable._read (/usr/local/lib/node_modules/sinopia/node_modules/readable-stream/lib/_stream_readable.js:496:22)
at Readable.read (/usr/local/lib/node_modules/sinopia/node_modules/readable-stream/lib/_stream_readable.js:373:10)
at Readable.resume (/usr/local/lib/node_modules/sinopia/node_modules/readable-stream/lib/_stream_readable.js:742:12)
at Readable.on (/usr/local/lib/node_modules/sinopia/node_modules/readable-stream/lib/_stream_readable.js:708:10)
at Storage.get_url (/usr/local/lib/node_modules/sinopia/lib/up-storage.js:313:11)
at on_open (/usr/local/lib/node_modules/sinopia/lib/storage.js:252:29)
at UploadTarball. (/usr/local/lib/node_modules/sinopia/lib/storage.js:271:7)
at UploadTarball.emit (events.js:104:17)
at UploadTarball. (/usr/local/lib/node_modules/sinopia/lib/local-storage.js:399:12)
at UploadTarball.emit (events.js:104:17)

Disable 'adduser'.

I run the verdaccio docker image on a remote server and it works fine so far. I blocked public accessibility with this setting:

auth:
  htpasswd:
    file: /verdaccio/conf/htpasswd
packages:
  '@*/*':
    access: $authenticated
    publish: $authenticated

  '*':
    access: $authenticated
    publish: $authenticated

This prevents anyone from uploading/downloading packages without being logged in.

There is just one thing: Anyone can still create a new account on the server by running: npm adduser --registry http://ip_addr:port and login.

I tried to put a chmod 400 on /verdaccio/conf/htpasswd to prevent write access but it did not help.

Does anyone know what I could do to prevent anyone from creating new accounts and login?

Search not supported CLI?

This is more a question in README it states
Searching (npm search) - supported in the browser client but not command line however, trying npm search <pkg name> seems to work fine just wondering if there is something that you know of that isn't yet supported regarding searching?

concurrent connections

In case there are hundreds of connections to sinopia/verdaccio (300) any recommended configs ? limits?

Active Directory Support

Hi,
is there a possibility to add User Authentication using an AD?
I saw this one: https://www.npmjs.com/package/sinopia-activedirectory
Is this supported?

Name conflicts in NPM

Could we change the name of the project to "verdaccio"? So it would be verdaccio/verdaccio? That way we can pull it from NPM without conflicts with sinopia.

_npmUser / author not showing up

There is a small problem about displaying author names in the web interface - they do not show up:

The same issue in the original repo: rlidwka/sinopia#173
A merged PR in another fork: fl4re/sinopia#4

I checked the contents of my storage/@supercompany/supermodule/package.json and can confirm that "_npmUser" is an empty object for some reason. Running npm whoami on a machine I'm publishing from does return some username though. Publishing is only allowed from authenticated users, so I'm confident I'm logged in. I'm not sure if this is a problem with NPM or verdaccio and I'm also wondering if replacing _npmUser with author is a good idea. That field should in theory show the name of the publisher, not the package creator (these may be different).

What do you guys think of this?

P.S.: My npm version is 3.10.3.

Use this dockerfile

FROM node:6
COPY package.json /verdaccio/
RUN npm install
COPY . /verdaccio

RUN adduser --disabled-password --gecos "" verdaccio && \
  mkdir -p /verdaccio/storage && \
  chown -R verdaccio.verdaccio /verdaccio

USER verdaccio
WORKDIR /verdaccio

EXPOSE 4873

VOLUME ["/verdaccio/conf", "/verdaccio/storage"]

CMD ["./bin/sinopia", "--config", "./conf/config.yaml", "--listen", "0.0.0.0:4873"]

sorry no time for pr

can't publish a private package to verdaccio while offline

server log online / success

verdaccio 
 warn  --- config file  - /home/myuserid/.config/verdaccio/config.yaml
 warn  --- http address - http://localhost:4873/
 http  --> 200, req: 'GET https://registry.npmjs.org/test-package', bytes: 0/1149
 http  <-- 201, user: myuserid, req: 'PUT /test-package', bytes: 1312/68

server log offline / failed

 verdaccio 
 warn  --- config file  - /home/myuserid/.config/verdaccio/config.yaml
 warn  --- http address - http://localhost:4873/
 http  --> ERR, req: 'GET https://registry.npmjs.org/test-package', error: getaddrinfo EAI_AGAIN
 http  <-- 503, user: myuserid, req: 'PUT /test-package', error: one of the uplinks is down, refuse to publish
 http  --> ERR, req: 'GET https://registry.npmjs.org/test-package', error: getaddrinfo EAI_AGAIN
 http  <-- 503, user: myuserid, req: 'PUT /test-package', error: one of the uplinks is down, refuse to publish
 warn  --> host registry.npmjs.org is now offline
 http  <-- 503, user: myuserid, req: 'PUT /test-package', error: one of the uplinks is down, refuse to publish

npm publish --verbose

npm publish --verbose
npm info it worked if it ends with ok
npm verb cli [ '/home/myuserid/.nvm/versions/node/v4.6.1/bin/node',
npm verb cli   '/home/myuserid/.nvm/versions/node/v4.6.1/bin/npm',
npm verb cli   'publish',
npm verb cli   '--verbose' ]
npm info using [email protected]
npm info using [email protected]
npm verb publish [ '.' ]
npm verb cache add spec .
npm verb addLocalDirectory /home/myuserid/.npm/test-package/1.0.0/package.tgz not in flight; packing
npm verb correctMkdir /home/myuserid/.npm correctMkdir not in flight; initializing
npm verb tar pack [ '/home/myuserid/.npm/test-package/1.0.0/package.tgz',
npm verb tar pack   '/home/myuserid/dev/node-dev/test-package' ]
npm verb tarball /home/myuserid/.npm/test-package/1.0.0/package.tgz
npm verb folder /home/myuserid/dev/node-dev/test-package
npm info prepublish [email protected]
npm verb addLocalTarball adding from inside cache /home/myuserid/.npm/test-package/1.0.0/package.tgz
npm verb correctMkdir /home/myuserid/.npm correctMkdir not in flight; initializing
npm verb afterAdd /home/myuserid/.npm/test-package/1.0.0/package/package.json not in flight; writing
npm verb correctMkdir /home/myuserid/.npm correctMkdir not in flight; initializing
npm verb afterAdd /home/myuserid/.npm/test-package/1.0.0/package/package.json written
npm verb getPublishConfig { registry: 'http://localhost:4873' }
npm verb publish registryBase http://localhost:4873/
npm verb request uri http://localhost:4873/test-package
npm verb request sending authorization for write operation
npm info attempt registry request try #1 at 5:23:36 PM
npm verb request using bearer token for auth
npm verb request id 2cab1a228bcea447
npm http request PUT http://localhost:4873/test-package
npm http 503 http://localhost:4873/test-package
npm verb headers { 'x-powered-by': 'verdaccio/2.1.0',
npm verb headers   'content-type': 'application/json; charset=utf-8',
npm verb headers   'content-length': '63',
npm verb headers   etag: 'W/"3f-demMhYZwlqi35Jmuz+gJ3A"',
npm verb headers   vary: 'Accept-Encoding',
npm verb headers   'x-status-cat': 'http://flic.kr/p/aXYvop',
npm verb headers   date: 'Wed, 26 Oct 2016 22:23:37 GMT',
npm verb headers   connection: 'keep-alive' }
npm info retry will retry, error on last attempt: Error: one of the uplinks is down, refuse to publish : test-package
npm info attempt registry request try #2 at 5:23:47 PM
npm verb request using bearer token for auth
npm http request PUT http://localhost:4873/test-package
npm http 503 http://localhost:4873/test-package
npm verb headers { 'x-powered-by': 'verdaccio/2.1.0',
npm verb headers   'content-type': 'application/json; charset=utf-8',
npm verb headers   'content-length': '63',
npm verb headers   etag: 'W/"3f-demMhYZwlqi35Jmuz+gJ3A"',
npm verb headers   vary: 'Accept-Encoding',
npm verb headers   'x-status-cat': 'http://flic.kr/p/aXYvop',
npm verb headers   date: 'Wed, 26 Oct 2016 22:23:47 GMT',
npm verb headers   connection: 'keep-alive' }
npm info retry will retry, error on last attempt: Error: one of the uplinks is down, refuse to publish : test-package
npm info attempt registry request try #3 at 5:24:47 PM
npm verb request using bearer token for auth
npm http request PUT http://localhost:4873/test-package
npm http 503 http://localhost:4873/test-package
npm verb headers { 'x-powered-by': 'verdaccio/2.1.0',
npm verb headers   'content-type': 'application/json; charset=utf-8',
npm verb headers   'content-length': '63',
npm verb headers   etag: 'W/"3f-demMhYZwlqi35Jmuz+gJ3A"',
npm verb headers   vary: 'Accept-Encoding',
npm verb headers   'x-status-cat': 'http://flic.kr/p/aXYvop',
npm verb headers   date: 'Wed, 26 Oct 2016 22:24:47 GMT',
npm verb headers   connection: 'keep-alive' }
npm verb request invalidating /home/myuserid/.npm/localhost_4873/test-package on PUT
npm ERR! publish Failed PUT 503
npm verb stack Error: one of the uplinks is down, refuse to publish : test-package
npm verb stack     at makeError (/home/myuserid/.nvm/versions/node/v4.6.1/lib/node_modules/npm/node_modules/npm-registry-client/lib/request.js:264:12)
npm verb stack     at CachingRegistryClient.<anonymous> (/home/myuserid/.nvm/versions/node/v4.6.1/lib/node_modules/npm/node_modules/npm-registry-client/lib/request.js:252:14)
npm verb stack     at Request._callback (/home/myuserid/.nvm/versions/node/v4.6.1/lib/node_modules/npm/node_modules/npm-registry-client/lib/request.js:172:14)
npm verb stack     at Request.self.callback (/home/myuserid/.nvm/versions/node/v4.6.1/lib/node_modules/npm/node_modules/request/request.js:200:22)
npm verb stack     at emitTwo (events.js:87:13)
npm verb stack     at Request.emit (events.js:172:7)
npm verb stack     at Request.<anonymous> (/home/myuserid/.nvm/versions/node/v4.6.1/lib/node_modules/npm/node_modules/request/request.js:1067:10)
npm verb stack     at emitOne (events.js:82:20)
npm verb stack     at Request.emit (events.js:169:7)
npm verb stack     at IncomingMessage.<anonymous> (/home/myuserid/.nvm/versions/node/v4.6.1/lib/node_modules/npm/node_modules/request/request.js:988:12)
npm verb statusCode 503
npm verb pkgid test-package
npm verb cwd /home/myuserid/dev/node-dev/test-package
npm ERR! Linux 2.6.32-642.6.1.el6.centos.plus.x86_64
npm ERR! argv "/home/myuserid/.nvm/versions/node/v4.6.1/bin/node" "/home/myuserid/.nvm/versions/node/v4.6.1/bin/npm" "publish" "--verbose"
npm ERR! node v4.6.1
npm ERR! npm  v2.15.9
npm ERR! code E503

npm ERR! one of the uplinks is down, refuse to publish : test-package
npm ERR! 
npm ERR! If you need help, you may report this error at:
npm ERR!     <https://github.com/npm/npm/issues>
npm verb exit [ 1, true ]

npm ERR! Please include the following file with any support request:
npm ERR!     /home/myuserid/dev/node-dev/test-package/npm-debug.log

npm-debug.log

0 info it worked if it ends with ok
1 verbose cli [ '/home/myuserid/.nvm/versions/node/v4.6.1/bin/node',
1 verbose cli   '/home/myuserid/.nvm/versions/node/v4.6.1/bin/npm',
1 verbose cli   'publish',
1 verbose cli   '--verbose' ]
2 info using [email protected]
3 info using [email protected]
4 verbose publish [ '.' ]
5 silly cache add args [ '.', null ]
6 verbose cache add spec .
7 silly cache add parsed spec Result {
7 silly cache add   raw: '.',
7 silly cache add   scope: null,
7 silly cache add   name: null,
7 silly cache add   rawSpec: '.',
7 silly cache add   spec: '/home/myuserid/dev/node-dev/test-package',
7 silly cache add   type: 'directory' }
8 verbose addLocalDirectory /home/myuserid/.npm/test-package/1.0.0/package.tgz not in flight; packing
9 verbose correctMkdir /home/myuserid/.npm correctMkdir not in flight; initializing
10 verbose tar pack [ '/home/myuserid/.npm/test-package/1.0.0/package.tgz',
10 verbose tar pack   '/home/myuserid/dev/node-dev/test-package' ]
11 verbose tarball /home/myuserid/.npm/test-package/1.0.0/package.tgz
12 verbose folder /home/myuserid/dev/node-dev/test-package
13 info prepublish [email protected]
14 verbose addLocalTarball adding from inside cache /home/myuserid/.npm/test-package/1.0.0/package.tgz
15 verbose correctMkdir /home/myuserid/.npm correctMkdir not in flight; initializing
16 silly cache afterAdd [email protected]
17 verbose afterAdd /home/myuserid/.npm/test-package/1.0.0/package/package.json not in flight; writing
18 verbose correctMkdir /home/myuserid/.npm correctMkdir not in flight; initializing
19 verbose afterAdd /home/myuserid/.npm/test-package/1.0.0/package/package.json written
20 silly publish { name: 'test-package',
20 silly publish   version: '1.0.0',
20 silly publish   description: '"publish test package"',
20 silly publish   main: 'index.js',
20 silly publish   scripts: { test: 'echo "Error: no test specified" && exit 1' },
20 silly publish   author: { name: 'myuserid' },
20 silly publish   license: 'ISC',
20 silly publish   publishConfig: { registry: 'http://localhost:4873' },
20 silly publish   readme: 'ERROR: No README data found!',
20 silly publish   _id: '[email protected]',
20 silly publish   _shasum: '96ae3b33911f4ac620a1fba68aed9ea7b35870f7',
20 silly publish   _from: '.' }
21 verbose getPublishConfig { registry: 'http://localhost:4873' }
22 silly mapToRegistry name test-package
23 silly mapToRegistry using default registry
24 silly mapToRegistry registry http://localhost:4873
25 silly mapToRegistry data Result {
25 silly mapToRegistry   raw: 'test-package',
25 silly mapToRegistry   scope: null,
25 silly mapToRegistry   name: 'test-package',
25 silly mapToRegistry   rawSpec: '',
25 silly mapToRegistry   spec: 'latest',
25 silly mapToRegistry   type: 'tag' }
26 silly mapToRegistry uri http://localhost:4873/test-package
27 verbose publish registryBase http://localhost:4873/
28 silly publish uploading /home/myuserid/.npm/test-package/1.0.0/package.tgz
29 verbose request uri http://localhost:4873/test-package
30 verbose request sending authorization for write operation
31 info attempt registry request try #1 at 5:23:36 PM
32 verbose request using bearer token for auth
33 verbose request id 2cab1a228bcea447
34 http request PUT http://localhost:4873/test-package
35 http 503 http://localhost:4873/test-package
36 verbose headers { 'x-powered-by': 'verdaccio/2.1.0',
36 verbose headers   'content-type': 'application/json; charset=utf-8',
36 verbose headers   'content-length': '63',
36 verbose headers   etag: 'W/"3f-demMhYZwlqi35Jmuz+gJ3A"',
36 verbose headers   vary: 'Accept-Encoding',
36 verbose headers   'x-status-cat': 'http://flic.kr/p/aXYvop',
36 verbose headers   date: 'Wed, 26 Oct 2016 22:23:37 GMT',
36 verbose headers   connection: 'keep-alive' }
37 info retry will retry, error on last attempt: Error: one of the uplinks is down, refuse to publish : test-package
38 info attempt registry request try #2 at 5:23:47 PM
39 verbose request using bearer token for auth
40 http request PUT http://localhost:4873/test-package
41 http 503 http://localhost:4873/test-package
42 verbose headers { 'x-powered-by': 'verdaccio/2.1.0',
42 verbose headers   'content-type': 'application/json; charset=utf-8',
42 verbose headers   'content-length': '63',
42 verbose headers   etag: 'W/"3f-demMhYZwlqi35Jmuz+gJ3A"',
42 verbose headers   vary: 'Accept-Encoding',
42 verbose headers   'x-status-cat': 'http://flic.kr/p/aXYvop',
42 verbose headers   date: 'Wed, 26 Oct 2016 22:23:47 GMT',
42 verbose headers   connection: 'keep-alive' }
43 info retry will retry, error on last attempt: Error: one of the uplinks is down, refuse to publish : test-package
44 info attempt registry request try #3 at 5:24:47 PM
45 verbose request using bearer token for auth
46 http request PUT http://localhost:4873/test-package
47 http 503 http://localhost:4873/test-package
48 verbose headers { 'x-powered-by': 'verdaccio/2.1.0',
48 verbose headers   'content-type': 'application/json; charset=utf-8',
48 verbose headers   'content-length': '63',
48 verbose headers   etag: 'W/"3f-demMhYZwlqi35Jmuz+gJ3A"',
48 verbose headers   vary: 'Accept-Encoding',
48 verbose headers   'x-status-cat': 'http://flic.kr/p/aXYvop',
48 verbose headers   date: 'Wed, 26 Oct 2016 22:24:47 GMT',
48 verbose headers   connection: 'keep-alive' }
49 verbose request invalidating /home/myuserid/.npm/localhost_4873/test-package on PUT
50 error publish Failed PUT 503
51 verbose stack Error: one of the uplinks is down, refuse to publish : test-package
51 verbose stack     at makeError (/home/myuserid/.nvm/versions/node/v4.6.1/lib/node_modules/npm/node_modules/npm-registry-client/lib/request.js:264:12)
51 verbose stack     at CachingRegistryClient.<anonymous> (/home/myuserid/.nvm/versions/node/v4.6.1/lib/node_modules/npm/node_modules/npm-registry-client/lib/request.js:252:14)
51 verbose stack     at Request._callback (/home/myuserid/.nvm/versions/node/v4.6.1/lib/node_modules/npm/node_modules/npm-registry-client/lib/request.js:172:14)
51 verbose stack     at Request.self.callback (/home/myuserid/.nvm/versions/node/v4.6.1/lib/node_modules/npm/node_modules/request/request.js:200:22)
51 verbose stack     at emitTwo (events.js:87:13)
51 verbose stack     at Request.emit (events.js:172:7)
51 verbose stack     at Request.<anonymous> (/home/myuserid/.nvm/versions/node/v4.6.1/lib/node_modules/npm/node_modules/request/request.js:1067:10)
51 verbose stack     at emitOne (events.js:82:20)
51 verbose stack     at Request.emit (events.js:169:7)
51 verbose stack     at IncomingMessage.<anonymous> (/home/myuserid/.nvm/versions/node/v4.6.1/lib/node_modules/npm/node_modules/request/request.js:988:12)
52 verbose statusCode 503
53 verbose pkgid test-package
54 verbose cwd /home/myuserid/dev/node-dev/test-package
55 error Linux 2.6.32-642.6.1.el6.centos.plus.x86_64
56 error argv "/home/myuserid/.nvm/versions/node/v4.6.1/bin/node" "/home/myuserid/.nvm/versions/node/v4.6.1/bin/npm" "publish" "--verbose"
57 error node v4.6.1
58 error npm  v2.15.9
59 error code E503
60 error one of the uplinks is down, refuse to publish : test-package
61 error If you need help, you may report this error at:
61 error     <https://github.com/npm/npm/issues>
62 verbose exit [ 1, true ]

Authenticated access only - ends in fatal

within config I allowed authenticated access only, docker container is killed at the moment request on list web interface is made or if you try to publish package while not authenticated. Used this docker image https://hub.docker.com/r/therightplace/verdaccio/

fatal --- uncaught exception, please report this
ForbiddenError: unregistered users are not allowed to access package dummy-npmv2
at Object.allow_access (/usr/src/app/lib/auth.js:67:23)
at next (/usr/src/app/lib/auth.js:141:7)
at next (/usr/src/app/lib/auth.js:138:14)
at next (/usr/src/app/lib/auth.js:138:14)
at Auth.allow_access (/usr/src/app/lib/auth.js:146:5)
at async.filterSeries.template.name (/usr/src/app/lib/index-web.js:52:14)
at /usr/src/app/node_modules/async/dist/async.js:4937:13
at replenish (/usr/src/app/node_modules/async/dist/async.js:873:21)
at /usr/src/app/node_modules/async/dist/async.js:883:15
at _filter (/usr/src/app/node_modules/async/dist/async.js:4936:9)

Maximum cache length?

I am wondering if there is some way to set a maximum cache length (e.g. 2 days)? In my scenario what I would really like to do is have the cache length set to 0 days, so that verdaccio always checks if there is a newer version (even when a local version satisfying the semver exists), and only if there isn't, it should serve the one in the cache.

This is so that we can always be using the latest versions of everything but have older versions for backups just in case.

Use of fs-ext

There is an optional dependency on baudehlo/node-fs-ext

This is used for file-level locking. It produces a list of deprecation warnings when installed on *nix. It does not install at all on Windows. This would prevent or hamper deployment on Windows.

A multi-platform alternative would be better.

Scopes support

Sinopia/Verdaccio does not resolve @type/React . It's not able to resolve/delegate them to the main npm registry.

At least it should be able to delegate it.

 http  <-- 404, user: xxx, req: 'GET /@types%2fglob', error: no such package available
 http  <-- 404, user: xxx, req: 'GET /@types%2fdel', error: no such package available
 http  <-- 404, user: xxx, req: 'GET /@types%2fchai', error: no such package available
 http  <-- 404, user: xxx, req: 'GET /@types%2fgulp', error: no such package available
 http  <-- 404, user: xxx, req: 'GET /@types%2fgulp-concat', error: no such package available

Sinopia crashes and report 443, ENOTFOUND and not implemented error!

@trentearl I put sinopia running in the docker which runs on ubuntu, it is stable for a long time, but recently it is used by increasing people, and it always crashes. I has review the issues post before. They all point that the# ulimit is too small, and i modified ulimit to make it larger(i made ulimit to 999999) successfully. But sinopia always crashes as before. It report error as follows. Could someone answer my question? Thanks a lot!!

http --> ERR, req: 'GET https://registry.npmjs.org/sass', error: getaddrinfo ENOTFOUND registry.npmjs.org registry.npmjs.org:443
http <-- 200, user: chenpy, req: 'GET /sass', bytes: 0/701
http --> ERR, req: 'GET https://registry.npmjs.org/karma-ng-html2js-preprocessor', error: getaddrinfo ENOTFOUND registry.npmjs.org registry.npmjs.org:443
http --> ERR, req: 'GET https://registry.npmjs.org/karma-coverage', error: getaddrinfo ENOTFOUND registry.npmjs.org registry.npmjs.org:443
warn --> host registry.npmjs.org is now offline
http --> ERR, req: 'GET https://registry.npmjs.org/karma-angular-filesort', error: getaddrinfo ENOTFOUND registry.npmjs.org registry.npmjs.org:443
http --> ERR, req: 'GET https://registry.npmjs.org/karma-phantomjs-lau

http <-- 200, user: undefined, req: 'GET /-/static/favicon.png', bytes: 0/315
http --> ERR, req: 'GET https://registry.npmjs.org/gfc-core', error: ETIMEDOUT

Error: getaddrinfo ENOTFOUND registry.npmjs.org registry.npmjs.org:443
at errnoException (dns.js:26:10)
at GetAddrInfoReqWrap.onlookup as oncomplete

http --> ERR, req: 'GET https://registry.npmjs.org/gulp-htmlmin', error: connect ECONNREFUSED 103.245.222.162:443
http <-- 200, user: hanyaonian, req: 'GET /gulp-htmlmin', bytes: 0/3473
http --> ERR, req: 'GET https://registry.npmjs.org/del', error: connect ECONNREFUSED 103.245.222.162:443
http --> ERR, req: 'GET https://registry.npmjs.org/gulp-flatten', error: connect ECONNREFUSED 103.245.222.162:443
http --> ERR, req: 'GET https://registry.npmjs.org/gulp-livescript', error: connect ECONNREFUSED 103.245.222.162:443

Error: not implemented
at Readable._read (/opt/sinopia/node_modules/sinopia/node_modules/readable-stream/lib/_stream_readable.js:496:22)
at Readable.read (/opt/sinopia/node_modules/sinopia/node_modules/readable-stream/lib/_stream_readable.js:373:10)
at Readable.resume (/opt/sinopia/node_modules/sinopia/node_modules/readable-stream/lib/_stream_readable.js:742:12)
at Readable.on (/opt/sinopia/node_modules/sinopia/node_modules/readable-stream/lib/_stream_readable.js:708:10)
at Storage.get_url (/opt/sinopia/node_modules/sinopia/lib/up-storage.js:313:11)
at on_open (/opt/sinopia/node_modules/sinopia/lib/storage.js:252:29)

Error: getaddrinfo ENOTFOUND registry.npmjs.org registry.npmjs.org:443
at errnoException (dns.js:26:10)
at GetAddrInfoReqWrap.onlookup as oncomplete
http <-- 500, user: chenzl25, req: 'GET /plugin-error/-/plugin-error-0.1.2.tgz', error: internal server error
warn --> host registry.npmjs.org is now offline
error --- unexpected error: getaddrinfo ENOTFOUND registry.npmjs.org registry.npmjs.org:443

Publish to NPM

travis.yml needs to be updated and verdaccion published to npm for easy installation.

Can't get tokens for existing users

When I run npm adduser --registry http://npm.example.com:4873 I expect a NPM_TOKEN inside ~/.npmrc but I get the following error instead:

this user already exists : -/user/org.couchdb.user:johndoe/-rev/undefined

We are using ansible to populate an htpasswd file, here is the authentication configuration:

auth:
  htpasswd:
    file: /verdaccio/conf/htpasswd

Do you plan to add support to generate NPM_TOKENs? Is there a workaround to generate them?

How can I prevent the creation of a new user? It seems that anyone can create users; get the registry's url, run npm adduser and you can access the packages. To prevent access from unexpected users, I changed the permissions of /verdaccio/conf/htpasswd to 0444.

npm uninstall

It should work as well, right? But it doesn't

Merge in code from https://github.com/fl4re/sinopia

A few very important commits have gone into that fork, perhaps it would make sense to merge them here as well.

No binary files are cached only a package.json file

I am trying to cache public npm packages on my TeamCity build server.

verdaccio creates a directory for each npm packages but no binaries are saved.
Requests looks like this:
http <-- 200, user: mha, req: 'GET /pako', bytes: 0/4391 http --> 304, req: 'GET https://registry.npmjs.org/ieee754', bytes: 0/0 http --> 304, req: 'GET https://registry.npmjs.org/base64-js', bytes: 0/0 http <-- 304, user: mha, req: 'GET /ieee754', bytes: 0/0 http <-- 304, user: mha, req: 'GET /base64-js', bytes: 0/0 http --> 304, req: 'GET https://registry.npmjs.org/date-now', bytes: 0/0 http <-- 304, user: mha, req: 'GET /date-now', bytes: 0/0 http --> 304, req: 'GET https://registry.npmjs.org/ripemd160', bytes: 0/0 http --> 304, req: 'GET https://registry.npmjs.org/pbkdf2-compat', bytes: 0/0 http --> 304, req: 'GET https://registry.npmjs.org/sha.js', bytes: 0/0 http <-- 304, user: mha, req: 'GET /ripemd160', bytes: 0/0 http <-- 304, user: mha, req: 'GET /sha.js', bytes: 0/0

Am I missing something?

Unable to install scoped packages, e.g. @angular/common

npm install @angular/common

gives

npm ERR! Linux 3.13.0-93-generic
npm ERR! argv "/home/UX/fziacikux/.nvm/versions/node/v6.3.1/bin/node" "/home/UX/fziacikux/.nvm/versions/node/v6.3.1/bin/npm" "install" "@angular/common"
npm ERR! node v6.3.1
npm ERR! npm  v3.10.3
npm ERR! code E404

npm ERR! 404 no such package available : @angular/common
npm ERR! 404 
npm ERR! 404  '@angular/common' is not in the npm registry.

Log file attached.
npm-debug.zip

package.json expects binaries in the global PATH

Instead we should use the node_modules/.bin/ folder in the package.json.

That we dont have to assume that the npm packages are globally installed and at the correct version.

Resetting the DB

Is there a way to reset reset the db (clear all packages)?

reinstalling didn't hellpe.

Thanks
Avi

`Similar existing things` should mention local-npm

It would be nice if Similar existing things in the readme mentioned local-npm and gave us some indication of how this project is different in features / functionality. https://github.com/nolanlawson/local-npm

uncaught exception in login page

ForbiddenError: unregistered users are not allowed to access package @myorg/demo
    at Object.allow_access (/usr/local/lib/node_modules/verdaccio/lib/auth.js:67:23)
    at next (/usr/local/lib/node_modules/verdaccio/lib/auth.js:141:7)
    at next (/usr/local/lib/node_modules/verdaccio/lib/auth.js:138:14)
    at next (/usr/local/lib/node_modules/verdaccio/lib/auth.js:138:14)
    at Auth.allow_access (/usr/local/lib/node_modules/verdaccio/lib/auth.js:146:5)
    at async.filterSeries.template.name (/usr/local/lib/node_modules/verdaccio/lib/index-web.js:52:14)
    at /usr/local/lib/node_modules/verdaccio/node_modules/async/dist/async.js:3382:13
    at replenish (/usr/local/lib/node_modules/verdaccio/node_modules/async/dist/async.js:836:21)
    at /usr/local/lib/node_modules/verdaccio/node_modules/async/dist/async.js:846:15
    at _filter (/usr/local/lib/node_modules/verdaccio/node_modules/async/dist/async.js:3381:9)

Project / Fork Status

Since you want to publish this on npm and since the original maintainers seem to have abandoned the project, will this become a real fork, i.e. renamed binary and stuff?

verdaccio/verdaccio not being listed in github search result when searching for verdaccio.

I just noticed if I search github for 'verdaccio' it does not return verdaccio/verdaccio.

The only repositories it show me are:

Global-Solutions/docker-verdaccio
coldrye-docker/coldrye-debian-verdaccio

I wonder why that is and just wanted to mention it.

Not everything may be being cached

I've noticed recently that I am seeing lines in my npm-shrinkwrap.json files which indicate a few packages are still being installed from registry.npmjs.org instead of verdaccio. For example:

"iconv-lite": {
   "version": "0.4.13",
   "from": "[email protected]",
   "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.13.tgz"
 },

It seems to be some (but not all) indirect dependencies. I have not had time to investigate this further yet, but clearly it's unexpected behaviour to not be using the cache.

The effect is fairly minimal if npmcan see the registry.npmjs.org server. It just causes extra Internet traffic because some some packages are fetched from that registry. If the server is locked down so that it can't see the external registry, then it breaks the install process.

I think something changed quite recently, and the most likely culprit is moving to npm 3 on our development machines (where the shrinkwrap files are created). When you create a shrinkwrap file I believe it uses a combination of the npm cache and the node_modules folder to generate the metadata for each dependency in the tree. I am guessing that something has changed here, and not necessarily for the better.

I will investigate further when I have time. For now, the workaround is simply to edit npm-shrinkwrap.json after creating it, replacing any registry.npmjs.org references with the correct verdaccioregistry. This seems to work fine.

Use of crypt3

There is an optional dependency on sendanor/node-crypt3

This is used for password encryption. It does not install at all on Windows. This would prevent or hamper deployment on Windows. It would also hamper contributors, because it is used in one of the tests.

A multi-platform alternative would be better.

It is actually not used in the main project. It is installed by Verdaccio, but only used by a dependency (sinopia-htpasswd). It is only installed by Verdaccio because one of the tests makes reference to its install location, and therefore tries to force the location. This is problematic anyway if they ever use different versions.

I think we should consider how to replace sinopia-htpasswd with a self-contained equivalent, which does not rely on crypt3. Relying on sinopia-htpasswd might cause problems if that project is also abandonware.

Sinopia crashes and report 443, ENOTFOUND and not implemented error!

I put sinopia running in the docker which runs on ubuntu, it is stable for a long time, but recently it is used by increasing people, and it always crashes. I has review the issues post before. They all point that the# ulimit is too small, and i modified ulimit to make it larger(i made ulimit to 999999) successfully. But sinopia always crashes as before. It report error as follows. Could someone answer my question? Thanks a lot!!

http --> ERR, req: 'GET https://registry.npmjs.org/sass', error: getaddrinfo ENOTFOUND registry.npmjs.org registry.npmjs.org:443
http <-- 200, user: chenpy, req: 'GET /sass', bytes: 0/701
http --> ERR, req: 'GET https://registry.npmjs.org/karma-ng-html2js-preprocessor', error: getaddrinfo ENOTFOUND registry.npmjs.org registry.npmjs.org:443
http --> ERR, req: 'GET https://registry.npmjs.org/karma-coverage', error: getaddrinfo ENOTFOUND registry.npmjs.org registry.npmjs.org:443
warn --> host registry.npmjs.org is now offline
http --> ERR, req: 'GET https://registry.npmjs.org/karma-angular-filesort', error: getaddrinfo ENOTFOUND registry.npmjs.org registry.npmjs.org:443
http --> ERR, req: 'GET https://registry.npmjs.org/karma-phantomjs-lau

http <-- 200, user: undefined, req: 'GET /-/static/favicon.png', bytes: 0/315
http --> ERR, req: 'GET https://registry.npmjs.org/gfc-core', error: ETIMEDOUT

Error: getaddrinfo ENOTFOUND registry.npmjs.org registry.npmjs.org:443
at errnoException (dns.js:26:10)
at GetAddrInfoReqWrap.onlookup as oncomplete

http --> ERR, req: 'GET https://registry.npmjs.org/gulp-htmlmin', error: connect ECONNREFUSED 103.245.222.162:443
http <-- 200, user: hanyaonian, req: 'GET /gulp-htmlmin', bytes: 0/3473
http --> ERR, req: 'GET https://registry.npmjs.org/del', error: connect ECONNREFUSED 103.245.222.162:443
http --> ERR, req: 'GET https://registry.npmjs.org/gulp-flatten', error: connect ECONNREFUSED 103.245.222.162:443
http --> ERR, req: 'GET https://registry.npmjs.org/gulp-livescript', error: connect ECONNREFUSED 103.245.222.162:443

Error: not implemented
at Readable._read (/opt/sinopia/node_modules/sinopia/node_modules/readable-stream/lib/_stream_readable.js:496:22)
at Readable.read (/opt/sinopia/node_modules/sinopia/node_modules/readable-stream/lib/_stream_readable.js:373:10)
at Readable.resume (/opt/sinopia/node_modules/sinopia/node_modules/readable-stream/lib/_stream_readable.js:742:12)
at Readable.on (/opt/sinopia/node_modules/sinopia/node_modules/readable-stream/lib/_stream_readable.js:708:10)
at Storage.get_url (/opt/sinopia/node_modules/sinopia/lib/up-storage.js:313:11)
at on_open (/opt/sinopia/node_modules/sinopia/lib/storage.js:252:29)

Error: getaddrinfo ENOTFOUND registry.npmjs.org registry.npmjs.org:443
at errnoException (dns.js:26:10)
at GetAddrInfoReqWrap.onlookup as oncomplete
http <-- 500, user: chenzl25, req: 'GET /plugin-error/-/plugin-error-0.1.2.tgz', error: internal server error
warn --> host registry.npmjs.org is now offline
error --- unexpected error: getaddrinfo ENOTFOUND registry.npmjs.org registry.npmjs.org:443

Node versions deprecation

Hi guys,

As you may know, (https://github.com/nodejs/LTS) Node is gonna stop the LTS support for 0.10 at the end of the month and 0.12 at beginning of the next year. Node 4 also pretty soon will be dropped (April 2017). Basically they are force everybody to move Node 4 / 6 ASAP.

It does not make sense keep supporting such versions anymore, I think is time to move on and clean up a little bit, the code is getting old. I'm thinking, maybe move the code base to ES6 syntax is a good idea, after all is "completely" (97%) supported by Node 6 or Node 4 (52%) supported until 2018.

Aside of that I was thinking to re-do the front but for that I'd need mention this before. Waiting for your thoughts.

Running npm install removes verdaccio

Install verdaccio via npm:

sudo npm install -g https://github.com/verdaccio/verdaccio

Navigate into the verdaccio directory, and run npm install to pull in the missing packages.

sudo npm install

Here is my output from that command:

npm WARN deprecated [email protected]: Jade has been renamed to pug, please install the latest version of pug instead of jade
[email protected] (git+https://github.com/verdaccio/verdaccio.git#cafbb5f76b7f8884e737dc22daec433b8fb7e84f) /usr/lib/node_modules/verdaccio
`-- (empty)

npm WARN optional Skipping failed optional dependency /chokidar/fsevents:
npm WARN notsup Not compatible with your operating system or architecture: [email protected]
npm ERR! Linux 2.6.32-573.26.1.el6.x86_64
npm ERR! argv "/usr/bin/node" "/usr/bin/npm" "install"
npm ERR! node v6.2.0
npm ERR! npm  v3.9.2
npm ERR! path /usr/lib/node_modules/verdaccio/node_modules/.staging/verdaccio-a94e2c36
npm ERR! code ENOENT
npm ERR! errno -2
npm ERR! syscall rename

npm ERR! enoent ENOENT: no such file or directory, rename '/usr/lib/node_modules/verdaccio/node_modules/.staging/verdaccio-a94e2c36' -> '/usr/lib/node_modules/verdaccio'
npm ERR! enoent ENOENT: no such file or directory, rename '/usr/lib/node_modules/verdaccio/node_modules/.staging/verdaccio-a94e2c36' -> '/usr/lib/node_modules/verdaccio'
npm ERR! enoent This is most likely not a problem with npm itself
npm ERR! enoent and is related to npm not being able to find a file.
npm ERR! enoent
npm ERR! Linux 2.6.32-573.26.1.el6.x86_64
npm ERR! argv "/usr/bin/node" "/usr/bin/npm" "install"
npm ERR! node v6.2.0
npm ERR! npm  v3.9.2
npm ERR! path npm-debug.log.1213440477
npm ERR! code ENOENT
npm ERR! errno -2
npm ERR! syscall open

npm ERR! enoent ENOENT: no such file or directory, open 'npm-debug.log.1213440477'
npm ERR! enoent ENOENT: no such file or directory, open 'npm-debug.log.1213440477'
npm ERR! enoent This is most likely not a problem with npm itself
npm ERR! enoent and is related to npm not being able to find a file.
npm ERR! enoent

npm ERR! Please include the following file with any support request:
npm ERR!     /usr/lib/node_modules/verdaccio/npm-debug.log
npm ERR! code 1

Upon exiting, my verdaccio instance has been completely removed. There no longer is a verdaccio directory under /usr/lib/node_modules. This is a problem.

nodejs version: 6.2.0
npm version: 3.9.2

Is 2.0.0 breaking compat compared with sinopia?

Hi, I'd like to migrate from sinopia, but it's not clear if it will be a smooth upgrade?

I don't see any CHANGELOG or wiki entries or release info about breaking changes.

Thx in advance!

Can't use scope with local packages

I want to publish my package to http://localhost:4873/ the name of the package is @local/my-lib
If I try to do it I get error :

one of the uplinks is down, refuse to publish

without the scope it is working .
My command is

call npm config set @Local:registry http://localhost:4873
call npm publish

In my packages.json :

"publishConfig":{
"registry":"http://localhost:4873"
},

Dockerfile

My first attempt at creating a Dockerfile for this project seems to work, I could submit a pull request if there's interest.. but I'm adding a slightly tweaked config.yaml into the main repo so it's easier to manage that outside of the container.

FROM node:onbuild

MAINTAINER RnbWd <[email protected]>

RUN npm install --production

~~CMD ['/bin/sh, bin/sinopia']~~

~~EXPOSE 4873~~

~~VOLUME /sinopia/storage~~

I haven't tested linking volumes yet - I'm also using the new docker-beta alpha release for mac that doesn't use viritualbox

actually should be like this:

# Pull base image.
FROM node:onbuild

MAINTAINER RnbWd <[email protected]>

RUN npm install --production

VOLUME ['/usr/src/app/storage', '/usr/src/app/config.yaml']

EXPOSE 4873

CMD ["/usr/src/app/bin/sinopia"]

External Travis build failure graphic in README.md

At the top of README.md there is a red graphic which says 'build: failing'. This is an external link to https://travis-ci-org. I haven't used this stuff before, but basically what happens is that whenever a commit is made, GitHib tells travis-ci-org, which then checks out the code and runs all the tests. It emails if there's a failure, and it enables the dynamic icon in the README.md as well.

If we want to make use of this, then we will need a free account on https://travis-ci.org for user verdaccio, which will have to be created and owned by @trentearl . It will need verdaccio/verdaccio on GitHub linking to it. Then we can change the link in README.md from https://travis-ci.org/rlidwka/sinopia to https://travis-ci.org/verdaccio/verdaccio.

The eagle-eyed may have spotted that in the original sinopia version, it says the build is failing. And so was Verdaccio, but it appears that eliminating the messy optional dependencies in #18 has fixed the external Travis build, as some sort of bonus. So if we do set this up, our icon will turn green, because our version does build 😄

verdaccio prefix plugins

Hello,

I think for writing new plugins it would be really nice to be able to load plugins with verdaccio- prefix.

With kind regards,
Nighthawk

bin/verdaccio or bin/sinopia is missing

There is no any shell script in bin directory.

Files sync'd with S3

I am currently planning on having my package files sync'd with S3 in order to back the files up. Running with Sinopia still at the moment using Docker and the packages are mounted. For backing up I am in two minds cronjob doing the syncing but what would be really cool is that this be done automatically on a publish.

Wondering what your thoughts are on this as a possible feature added on to verdaccio with it being optionally used.

jade is deprecated, need to move to pug

Jade is now pug. The dependencies need to be updated and changed to rely on pug.

npm-latest problem

npm-latest package has some problem with sinopia and verdaccio

$ npm i npm-latest verdaccio
$ echo 'registry=http://localhost:4873' > ~/.npmrc
$ ./node_modules/.bin/verdaccio
$ ./node_modules/.bin/npm-latest how2

  how2: 
    latest: null
    last updated: null

related issues:

If some one find npm/node related issue i think this is right place.

Thanks.

graceful-fs needs to be updated to 4

graceful-fs ~3 will fail on node < 7. It needs to be updated to ~4 to prevent failures on newer node releases.

verdaccio binary file missing on install

bin/ folder is ignored on publish

$ npm install -g verdaccio
npm ERR! Darwin 14.5.0
npm ERR! argv "/usr/local/bin/node" "/usr/local/bin/npm" "install" "-g" "verdaccio"
npm ERR! node v5.6.0
npm ERR! npm  v3.6.0
npm ERR! path /usr/local/lib/node_modules/verdaccio/bin/verdaccio
npm ERR! code ENOENT
npm ERR! errno -2
npm ERR! syscall chmod

npm ERR! enoent ENOENT: no such file or directory, chmod '/usr/local/lib/node_modules/verdaccio/bin/verdaccio'
npm ERR! enoent ENOENT: no such file or directory, chmod '/usr/local/lib/node_modules/verdaccio/bin/verdaccio'
npm ERR! enoent This is most likely not a problem with npm itself
npm ERR! enoent and is related to npm not being able to find a file.
npm ERR! enoent 

npm ERR! Please include the following file with any support request:

Update README

In "Installation" section, still shows sinopia.All Links points to siopia too.

verdaccio / verdaccio Goto Github PK

verdaccio's Issues

Recommend Projects

Recommend Topics

Recommend Org