Gathering detailed insights and metrics for @verdaccio/core
Gathering detailed insights and metrics for @verdaccio/core
Gathering detailed insights and metrics for @verdaccio/core
Gathering detailed insights and metrics for @verdaccio/core
A lightweight Node.js private proxy registry
npm install @verdaccio/core
Module System
Min. Node Version
Typescript Support
Node Version
NPM Version
16,490 Stars
5,819 Commits
1,375 Forks
155 Watching
15 Branches
295 Contributors
Updated on 28 Nov 2024
TypeScript (92.69%)
JavaScript (4.12%)
CSS (1.54%)
SCSS (0.97%)
Dockerfile (0.54%)
Shell (0.08%)
HTML (0.05%)
Cumulative downloads
Total Downloads
Last day
-23%
35,385
Compared to previous day
Last week
13.3%
232,715
Compared to previous week
Last month
10.5%
885,160
Compared to previous month
Last year
150.3%
7,997,275
Compared to previous year
4
Verdaccio stands for peace, stop the war, we will be yellow / blue 🇺🇦 until that happens.
Looking for Verdaccio version 5 or 6? Version 6 is the latest version and successor to version 5. Version 6 requires Node.js 18 or higher and is maintained in the
6.x
branch.
The plugins for versions 5 and 6 are located at the
verdaccio/monorepo
repository. Plugins for thenext-8
version are hosted in this project under the./packages/plugins
folder.
Note that contributing guidelines might be different based on the branch.
Verdaccio is a simple, zero-config-required local private npm registry. No need for an entire database just to get started! Verdaccio comes out of the box with its own tiny database, and the ability to proxy other registries (eg. npmjs.org), caching the downloaded modules along the way. For those looking to extend their storage capabilities, Verdaccio supports various community-made plugins to hook into services such as Amazon's s3, Google Cloud Storage or create your own plugin.
You can find more details about the different versions of Verdaccio, minimum requirements, as well as links to associated npm packages and docker images in the version history.
Node.js v18 as minimum version required
Install with npm:
1npm install -g verdaccio@next-8
With yarn
1yarn global add verdaccio@next-8
With pnpm
1pnpm i -g verdaccio@next-8
or
1docker pull verdaccio/verdaccio:nightly-master
or with helm official chart.
1helm repo add verdaccio https://charts.verdaccio.org 2helm repo update 3helm install verdaccio/verdaccio
Furthermore, you can read the Debugging Guidelines and the Docker Examples for more advanced development.
You can develop your own plugins with the verdaccio generator. Installing Yeoman is required.
npm install -g yo
npm install -g generator-verdaccio-plugin
Learn more here how to develop plugins. Share your plugins with the community.
In our compatibility testing project, we're dedicated to ensuring that your favorite commands work seamlessly across different versions of npm, pnpm, and Yarn. From publishing packages to managing dependencies. Our goal is to give you the confidence to use your preferred package manager without any issues. So dive in, check out our matrix, and see how your commands fare across the board!
cmd | npm6 | npm7 | npm8 | npm9 | npm10 | pnpm8 | pnpm9 | pnpm10 | yarn1 | yarn2 | yarn3 | yarn4 |
---|---|---|---|---|---|---|---|---|---|---|---|---|
publish | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
unpublish | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
info | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
audit | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ |
install | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
deprecate | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ⛔ | ⛔ | ⛔ | ⛔ |
ping | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ⛔ | ⛔ | ⛔ | ⛔ |
search | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ⛔ | ⛔ | ⛔ | ⛔ |
star | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ⛔ | ⛔ | ⛔ | ⛔ |
stars | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ⛔ | ⛔ | ⛔ | ⛔ |
dist-tag | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ |
notes:
- yarn search cmd exist in modern but, it do not uses the search registry endpoint.
- yarn modern has two info commands, the one used here is
yarn npm info
❌ = no tested ✅ = tested ⛔ = no supported
Verdaccio is run by volunteers; nobody is working full-time on it. If you find this project to be useful and would like to support its development, consider doing a long support donation - and your logo will be on this section of the readme.
Donate 💵👍🏻 starting from $1/month or just one single contribution.
If you want to use all benefits of npm package system in your company without sending all code to the public, and use your private packages just as easy as public ones.
If you have more than one server you want to install packages on, you might want to use this to decrease latency (presumably "slow" npmjs.org will be connected to only once per package/version) and provide limited failover (if npmjs.org is down, we might still find something useful in the cache) or avoid issues like How one developer just broke Node, Babel and thousands of projects in 11 lines of JavaScript, Many packages suddenly disappeared or Registry returns 404 for a package I have installed before.
If you use multiples registries in your organization and need to fetch packages from multiple sources in one single project you might take advance of the uplinks feature with Verdaccio, chaining multiple registries and fetching from one single endpoint.
If you want to use a modified version of some 3rd-party package (for example, you found a bug, but maintainer didn't accept pull request yet), you can publish your version locally under the same name. See in detail here.
Verdaccio has proved to be a lightweight registry that can be booted in a couple of seconds, fast enough for any CI. Many open source projects use Verdaccio for end to end testing, to mention some examples, create-react-app, mozilla neutrino, pnpm, storybook, babel.js, angular-cli or docusaurus. You can read more in here.
Furthermore, here few examples how to start:
Node 2022, February 2022, Online Free
You might want to check out as well our previous talks:
Run in your terminal
1verdaccio
You would need set some npm configuration, this is optional.
1npm set registry http://localhost:4873/
For one-off commands or to avoid setting the registry globally:
1NPM_CONFIG_REGISTRY=http://localhost:4873 npm i
Now you can navigate to http://localhost:4873/ where your local packages will be listed and can be searched.
Warning: Verdaccio does not currently support PM2's cluster mode, running it with cluster mode may cause unknown behavior.
1npm adduser --registry http://localhost:4873
if you use HTTPS, add an appropriate CA information ("null" means get CA list from OS)
1npm set ca null
1npm publish --registry http://localhost:4873
This will prompt you for user credentials which will be saved on the verdaccio
server.
Below are the most commonly needed information, every aspect of Docker and verdaccio is documented separately
docker pull verdaccio/verdaccio:nightly-master
Available as tags.
To run the docker container:
1docker run -it --rm --name verdaccio -p 4873:4873 verdaccio/verdaccio
Docker examples are available in this repository.
Verdaccio aims to support all features of a standard npm client that make sense to support in a private repository. Unfortunately, it isn't always possible.
npm install
, npm update
, etc.) - supportednpm publish
) - supportednpm unpublish
) - supportednpm dist-tag
) - supportednpm deprecate
) - supportednpm adduser {newuser}
) - supportednpm profile set password
) - supportednpm owner
) - supportednpm token
) - supportednpm search
) - supported (cli / browser)npm ping
) - supportednpm star
, npm unstar
, npm stars
) - supportednpm/yarn audit
) - supportedIf you want to report a security vulnerability, please follow the steps which we have defined for you in our security policy.
Thanks to the following companies to help us to achieve our goals providing free open source licenses. Every company provides enough resources to move this project forward.
Juan Picado | Ayush Sharma | Sergio Hg |
---|---|---|
@jotadeveloper | @ayusharma_ | @sergiohgz |
Priscila Oliveria | Daniel Ruf | |
@priscilawebdev | @DanielRufde |
You can find and chat with them over Discord, click here or follow them at Twitter.
🤓 Don't be shy, add yourself to this readme.
Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor]
Thank you to all our backers! 🙏 [Become a backer]
This project exists thanks to all the people who contribute. [Contribute].
If you have any issue you can try the following options. Do no hesitate to ask or check our issues database. Perhaps someone has asked already what you are looking for.
Verdaccio is MIT licensed
The Verdaccio documentation and logos (excluding /thanks, e.g., .md, .png, .sketch) files within the /assets folder) is Creative Commons licensed.
No vulnerabilities found.
Reason
30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
Reason
security policy file detected
Details
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
Reason
no binaries found in the repo
Reason
packaging workflow detected
Details
Reason
SAST tool detected but not run on all commits
Details
Reason
branch protection is not maximal on development and all release branches
Details
Reason
Found 13/23 approved changesets -- score normalized to 5
Reason
dependency not pinned by hash detected -- score normalized to 2
Details
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
Reason
project is not fuzzed
Details
Reason
46 existing vulnerabilities detected
Details
Score
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More