$30 off During Our Annual Pro Sale. View Details »

Five ways of taking advantage of Verdaccio, your private and proxy Node.js registry

Five ways of taking advantage of Verdaccio, your private and proxy Node.js registry

Verdaccio is a lightweight private proxy registry made in JavaScript with an entirely optional configuration that allows you to publish Node.js private packages and proxy from other remote registries. In this talk, you will learn five ways to take advantage of Verdaccio to improve your workflows and productivity.

Juan Picado (@jotadeveloper)

February 17, 2022
Tweet

More Decks by Juan Picado (@jotadeveloper)

Other Decks in Technology

Transcript

  1. Five ways of taking advantage of Verdaccio, your private and

    proxy Node.js registry Juan Picado 18th February 2022
  2. Juan Picado Senior Front-End Engineer at mobile.de (Adevinta) Open Source

    Maintainer (Verdaccio) Berlin, Germany @jotadeveloper juanpicado
  3. Verdaccio is a lightweight private proxy registry for Node.js built

    in JavaScript Private proxy registry npm install —registry http://localhost:4873 @acme/foo remote registry storage / cache File system based storage and authentication 1 or more …
  4. Installing Verdaccio

  5. Running Verdaccio in a terminal

  6. 1 Personal Development Publishing private packages

  7. Demo, let’s publish a private package with npm workspaces …

  8. Constraints, cannot override remote published versions … react@18.0.0 verdaccio npm

    publish —registry http://localhost:4873 npmjs 😞 409 Conflict Error 😉 201 Yes ! I do ! 🤔 Do you have this version?
  9. Constraints, cannot override remote published versions … react@18.0.0-patch verdaccio npm

    publish —registry http://localhost:4873 npmjs 🥳 200 Published ! 🤔 Do you have this version? 🤷404 Nop as far I know
  10. https://twitter.com/jotadeveloper/status/1015333131002564608 Installing in offline mode …

  11. Publishing with no network using publish_offline

  12. 2 Project productivity Continuous Integration and private registries

  13. Private registries increase reliability in your builds and development workflows

    private registry npmjs 🤔 Do you have this version? 👍 There it goes Internal network Cached packages
  14. private registry npmjs Internal network Cached packages 🔥🔥 😌 Private

    registries increase reliability in your builds and development workflows
  15. Private registries increase reliability in your builds and development workflows

  16. 3 Improve Security Protecting your packages

  17. https://blog.includesecurity.com/2021/02/dependency-confusion-when-are-your-npm-package s-vulnerable/

  18. Remove the proxy property for private packages this is highly

    recommendable. Protect your projects in the client side https://snyk.io/blog/ten-npm-security-best-practices/
  19. Enable rate limiting for critical endpoints

  20. 4 End to End Testing Test the integrity of your

    packages
  21. Publishing a package to thousands of users that download it

    every week requires high integrity, End to End your packages publishing in a registry ensure quality.
  22. Test publishing your packages on every Pull Request

  23. Demo, run a End to End with GitHub Actions and

    Docker … https://github.com/juanpicado/e2e-ci-example-gh-actions
  24. Demo, run a End to End with GitHub Actions and

    Docker …
  25. Use memory plugins to speed up test

  26. Dive into open source project for more learnings, every project

    is different. With bash scripts
  27. Dive into open source project for more learnings, every project

    is different. With spawn from child_process module
  28. Dive into open source project for more learnings, every project

    is different. Programmatically with the verdaccio module
  29. 5 Hosting a Registry Security and flexibility

  30. A very easy deployment

  31. pm2 + Nginx + Verdaccio https://verdaccio.org/blog/2018/11/19/setting-up-verdaccio-on-digitalocean/

  32. • Use a different storage (S3, Minio) • Use different

    authentication ◦ Eg: GitLab, GitHub Oauth, etc … • Use your own User Interface • Apply your own express middleware ◦ Eg: npm audit (middleware plugin) Extend the default configuration
  33. Juan Picado @jotadeveloper juanpicado https://verdaccio.org/ Thank you