Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Five ways of taking advantage of Verdaccio, you...

Five ways of taking advantage of Verdaccio, your private and proxy Node.js registry

Verdaccio is a lightweight private proxy registry made in JavaScript with an entirely optional configuration that allows you to publish Node.js private packages and proxy from other remote registries. In this talk, you will learn five ways to take advantage of Verdaccio to improve your workflows and productivity.

Juan Picado (@jotadeveloper)

February 17, 2022
Tweet

More Decks by Juan Picado (@jotadeveloper)

Other Decks in Technology

Transcript

  1. Five ways of taking advantage of Verdaccio, your private and

    proxy Node.js registry Juan Picado 18th February 2022
  2. Juan Picado Senior Front-End Engineer at mobile.de (Adevinta) Open Source

    Maintainer (Verdaccio) Berlin, Germany @jotadeveloper juanpicado
  3. Verdaccio is a lightweight private proxy registry for Node.js built

    in JavaScript Private proxy registry npm install —registry http://localhost:4873 @acme/foo remote registry storage / cache File system based storage and authentication 1 or more …
  4. Constraints, cannot override remote published versions … [email protected] verdaccio npm

    publish —registry http://localhost:4873 npmjs 😞 409 Conflict Error 😉 201 Yes ! I do ! 🤔 Do you have this version?
  5. Constraints, cannot override remote published versions … [email protected] verdaccio npm

    publish —registry http://localhost:4873 npmjs 🥳 200 Published ! 🤔 Do you have this version? 🤷404 Nop as far I know
  6. Private registries increase reliability in your builds and development workflows

    private registry npmjs 🤔 Do you have this version? 👍 There it goes Internal network Cached packages
  7. private registry npmjs Internal network Cached packages 🔥🔥 😌 Private

    registries increase reliability in your builds and development workflows
  8. Remove the proxy property for private packages this is highly

    recommendable. Protect your projects in the client side https://snyk.io/blog/ten-npm-security-best-practices/
  9. Publishing a package to thousands of users that download it

    every week requires high integrity, End to End your packages publishing in a registry ensure quality.
  10. Demo, run a End to End with GitHub Actions and

    Docker … https://github.com/juanpicado/e2e-ci-example-gh-actions
  11. Dive into open source project for more learnings, every project

    is different. With spawn from child_process module
  12. Dive into open source project for more learnings, every project

    is different. Programmatically with the verdaccio module
  13. • Use a different storage (S3, Minio) • Use different

    authentication ◦ Eg: GitLab, GitHub Oauth, etc … • Use your own User Interface • Apply your own express middleware ◦ Eg: npm audit (middleware plugin) Extend the default configuration