$30 off During Our Annual Pro Sale. View Details »

Five ways of taking advantage of Verdaccio, your private and proxy Node.js registry

Juan Picado (@jotadeveloper)
February 17, 2022
Technology
0
250

Five ways of taking advantage of Verdaccio, your private and proxy Node.js registry

Verdaccio is a lightweight private proxy registry made in JavaScript with an entirely optional configuration that allows you to publish Node.js private packages and proxy from other remote registries. In this talk, you will learn five ways to take advantage of Verdaccio to improve your workflows and productivity.

Juan Picado (@jotadeveloper)

February 17, 2022
Tweet

More Decks by Juan Picado (@jotadeveloper)

See All by Juan Picado (@jotadeveloper)
NodeTLV 22 - Deep dive into Verdaccio, a lightweight Node.js registry
jotadeveloper
0
9

Other Decks in Technology

See All in Technology
ニフティの過去・現在・未来 - NIFTY Tech Day 2023
niftycorp
0
160
CTO of the year 2023ピッチ資料(オーディエンス賞)チューリングCTO青木
aoshun7
0
730
10分でわかる株式会社ログラス − エンジニア向け会社説明資料 / Loglass in 10 min for Engineers
loglass2019
2
870
Notionへのデータ移行を成功させる5つのポイント - NIFTY Tech Day 2023
niftycorp
0
140
開発チーム横断タスクフォース 「Goサブ会」の 運用事例と今後の展望
stefafafan
0
130
KarateによるBDDベースのAPIテスト / BDD based API-Testing with Karate
takanorig
1
200
技術広報経験0のEMがエンジニアブランディングをはじめてみた
coconala_engineer
1
150
継続的なコツコツ技術広報とブランディング磨き込みの過程と課題/engineering-brand
nishiuma
0
110
隙間家具OSS開発で『自分の庭』をつくる / kayac-andpad-event
fujiwara3
0
410
トヨタの社内コミュニティについて色々聞いちゃおう ~たった4年の奇跡の軌跡~
taichinakamura
0
490
コンテナ支部recapをrecapしよう_気になったコンテナの周りのアップデートを紹介.pdf
yoshiitaka
0
290
機械学習システム構築実践ガイド
shibuiwilliam
0
300

Featured

See All Featured
Code Reviewing Like a Champion
maltzj
511
38k
Rails Girls Zürich Keynote
gr2m
90
12k
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
dotmariusz
101
6.4k
Ruby is Unlike a Banana
tanoku
93
10k
Building a Scalable Design System with Sketch
lauravandoore
453
32k
Designing Experiences People Love
moore
133
23k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
351
28k
Creatively Recalculating Your Daily Design Routine
revolveconf
208
11k
Making Projects Easy
brettharned
105
5.2k
Designing on Purpose - Digital PM Summit 2013
jponch
108
6.2k
Facilitating Awesome Meetings
lara
37
5.2k
Designing for Performance
lara
601
66k

Transcript

  1. Five ways of taking advantage of Verdaccio,
    your private and proxy Node.js
    registry
    Juan Picado
    18th February 2022

    View Slide

  2. Juan Picado
    Senior Front-End Engineer at
    mobile.de (Adevinta)
    Open Source Maintainer
    (Verdaccio)
    Berlin, Germany
    @jotadeveloper
    juanpicado

    View Slide

  3. Verdaccio is a lightweight private
    proxy registry for Node.js built in JavaScript
    Private
    proxy
    registry
    npm install —registry http://localhost:4873
    @acme/foo
    remote
    registry
    storage
    / cache
    File system based storage and
    authentication
    1 or more …

    View Slide

  4. Installing Verdaccio

    View Slide

  5. Running Verdaccio in a terminal

    View Slide

  6. 1 Personal Development
    Publishing private packages

    View Slide

  7. Demo, let’s publish a private
    package with npm workspaces …

    View Slide

  8. Constraints, cannot override remote
    published versions …
    [email protected]
    verdaccio
    npm publish —registry http://localhost:4873
    npmjs
    😞 409 Conflict Error
    😉 201 Yes ! I do !
    🤔 Do you have this version?

    View Slide

  9. Constraints, cannot override remote
    published versions …
    [email protected]
    verdaccio
    npm publish —registry http://localhost:4873
    npmjs
    🥳 200 Published !
    🤔 Do you have this version?
    🤷404 Nop as far I know

    View Slide

  10. https://twitter.com/jotadeveloper/status/1015333131002564608
    Installing in offline mode …

    View Slide

  11. Publishing with no
    network using
    publish_offline

    View Slide

  12. 2 Project productivity
    Continuous Integration and
    private registries

    View Slide

  13. Private registries increase
    reliability in your builds
    and development workflows
    private
    registry
    npmjs
    🤔 Do you have this version?
    👍 There it goes
    Internal network
    Cached packages

    View Slide

  14. private
    registry
    npmjs
    Internal network
    Cached packages
    🔥🔥
    😌
    Private registries increase
    reliability in your builds
    and development workflows

    View Slide

  15. Private registries increase
    reliability in your builds
    and development workflows

    View Slide

  16. 3 Improve Security
    Protecting your packages

    View Slide

  17. https://blog.includesecurity.com/2021/02/dependency-confusion-when-are-your-npm-package
    s-vulnerable/

    View Slide

  18. Remove the proxy
    property for private
    packages this is highly
    recommendable.
    Protect your projects in the client side
    https://snyk.io/blog/ten-npm-security-best-practices/

    View Slide

  19. Enable rate limiting for
    critical endpoints

    View Slide

  20. 4 End to End Testing
    Test the integrity of your
    packages

    View Slide

  21. Publishing a package to
    thousands of users that
    download it every week
    requires high integrity,
    End to End your
    packages publishing in a
    registry ensure quality.

    View Slide

  22. Test
    publishing
    your
    packages
    on every Pull
    Request

    View Slide

  23. Demo, run a End to End
    with GitHub Actions and Docker …
    https://github.com/juanpicado/e2e-ci-example-gh-actions

    View Slide

  24. Demo, run a End to End with
    GitHub Actions and Docker …

    View Slide

  25. Use memory plugins to speed up
    test

    View Slide

  26. Dive into open source project for
    more learnings, every project is
    different.
    With bash scripts

    View Slide

  27. Dive into open source project for
    more learnings, every project is
    different.
    With spawn from
    child_process module

    View Slide

  28. Dive into open source project for
    more learnings, every project is
    different.
    Programmatically with the verdaccio module

    View Slide

  29. 5 Hosting a Registry
    Security and flexibility

    View Slide

  30. A very easy
    deployment

    View Slide

  31. pm2 + Nginx + Verdaccio
    https://verdaccio.org/blog/2018/11/19/setting-up-verdaccio-on-digitalocean/

    View Slide

  32. ● Use a different storage (S3, Minio)
    ● Use different authentication
    ○ Eg: GitLab, GitHub Oauth, etc …
    ● Use your own User Interface
    ● Apply your own express middleware
    ○ Eg: npm audit (middleware plugin)
    Extend the default configuration

    View Slide

  33. Juan Picado
    @jotadeveloper
    juanpicado
    https://verdaccio.org/
    Thank you

    View Slide