Verdaccio is a lightweight, private, and self-hosted NPM registry designed to facilitate package development in controlled environments.
It is a very useful tool for teams that develop internal libraries and want to share them among themselves, without exposing them to a public NPM registry.
Verdaccio acts as an intelligent proxy that stores downloaded dependencies, as well as adding our own private packages.
Additionally, it allows us greater control over our developments by reducing dependency on NPM repositories (for example, because we have an internet outage).
In summary
- You need to publish internal packages without exposing them to the NPM registry
- You want to speed up installations through dependency caching
- You work in environments with internet connection limitations
Installation and Configuration
To install Verdaccio, you simply need to run
npm install -g verdaccio
Now we can run it
verdaccio
We will see startup information for Verdaccio in the console, such as the configuration folder, etc.
By default, Verdaccio listens on http://localhost:4873
. You can open the URL in your browser, and you will see the application’s control panel UI.
If you need to run Verdaccio continuously (generally, yes), you can use solutions like PM2, Forever, or run it in Docker format.
Basic Configuration config.yaml
The main configuration file for Verdaccio is located at
- Windows: C:\Users\Luis\AppData\Roaming\verdaccio\config.yaml
- Linux ~/.config/verdaccio/config.yaml
Here you have a bunch of parameters. But a (very) summarized version looks something like this:
storage: ./storage # Storage path
plugins: ./plugins # Plugins directory
auth:
htpasswd:
file: ./htpasswd # Basic authentication
uplinks:
npmjs:
url: https://registry.npmjs.org/
packages:
'@myorg/*':
access: $authenticated
publish: $authenticated
'**':
access: $all
proxy: npmjs
Key sections:
storage
: Directory for private packages.uplinks
: Configuration for remote registries (e.g. npmjs).packages
: Permissions by package pattern.
Using with NPM
Now we will see how to configure NPM to use Verdaccio as a Proxy. To do this, we run:
npm set registry http://localhost:4873
You can restore the npm registry to the default by running:
npm set registry https://registry.npmjs.org/
With this, we have configured NPM to look on the Verdaccio server. Now when NPM accesses a package, it will first request the information from Verdaccio.
npm install lodash # First looks in Verdaccio, then in npmjs
Verdaccio will search in its cache and in its private repositories. And, if it does not find a package, it will make a request to the NPM repositories.
Alternatively, you can also create a .npmrc
file in your project, and overwrite the registry by adding this line:
registry=http://localhost:4873
Publish a Private Package
To add a private package to our Verdaccio repository, we do the following:
Log in (create a user if it’s your first time):
npm adduser --registry http://localhost:4873
We publish the package
npm publish --registry http://localhost:4873
::::