Installations

npm install verdaccio-delegated-basic-auth

Developer Guide

BETA

Typescript

No

Module System

CommonJS

Node Version

13.11.0

NPM Version

6.13.7 Score

36.9

Supply Chain

49.9

Quality

63.3

Maintenance

25

Vulnerability

93.9

License

Pull Requests

Open

0

Total

1

Closed

1

Issues

Open

0

Total

0

Closed

0

Releases

Unable to fetch releases

Languages

1

JavaScript

JavaScript (100%)

Developer

pendexgabo

Download Statistics

Total Downloads

0

Last Day

0

Last Week

0

Last Month

0

Last Year

0

GitHub Statistics

MIT License

2 Stars

4 Commits

1 Watchers

1 Branches

1 Contributors

Updated on Jun 27, 2020

Maintainers

1

View All 1 Contributors

Package Meta Information

Latest Version

0.0.2

Package Id

verdaccio-delegated-basic-auth@0.0.2

Unpacked Size

4.00 kB

Size

2.16 kB

File Count

4

NPM Version

6.13.7

Node Version

13.11.0

Total Downloads

Cumulative downloads

Total Downloads

NaN

Last Day

0%

NaN

Compared to previous day

Last Week

0%

NaN

Compared to previous week

Last Month

0%

NaN

Compared to previous month

Last Year

0%

NaN

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

3

base64-min got verdaccio

verdaccio-delegated-basic-auth

verdaccio authentication plugin that delegates authentication to another HTTP URL

Rationale

We use Kerberos for authentication. Developers are accustomed to be able to use the same password everywhere in the organisation to gain access to resources that they need for their work. This should also apply to our private npm repositories.

How does it work?

Basically, authentication is delegated to another website where Kerberos authentication is already set up. The verdaccio authentication plugin is given the URL of this website. Whenever the user tries to authenticate with verdaccio using a username-password combination, verdaccio makes an HTTP request in the background to this URL with the credentials that the user supplied. When the website returns an HTTP 200 response, the password is considered correct and the user is authenticated in verdaccio. In all other cases, authentication fails.

Installation

1$ npm install verdaccio-delegated-basic-auth

Config

Add to your config.yaml:

1auth:
2  delegated-auth:
3    url: "https://some.other.site.com/auth"

Security considerations

verdaccio sends an HTTP Basic authentication request to the delegate website. The usual security considerations for HTTP Basic authentication apply here: don't do it over an unencrypted channel unless you are absolutely sure that unauthorised parties cannot intercept the communication and inspect the password in the Authorization header. Use https if you can.

Acknolege

This is just a simple fork of https://github.com/lab360-ch/verdaccio-gitlab-ci

No vulnerabilities found.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

10

License

Determines if the project has defined a license.

0

SAST

Determines if the project uses static code analysis.

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Maintained

Determines if the project is "actively maintained".

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

Score

3

/10

Last Scanned on 2025-07-07

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More