mirror of
https://github.com/verdaccio/verdaccio.git
synced 2025-02-21 07:29:37 +01:00
dbf20175dc
* feat: support for npm token This is an effor of: This commit intent to provide npm token support. https: //github.com/verdaccio/verdaccio/issues/541 https: //github.com/verdaccio/verdaccio/pull/1271 https: //github.com/verdaccio/local-storage/pull/168 Co-Authored-By: Manuel Spigolon <behemoth89@gmail.com> Co-Authored-By: Juan Gabriel Jiménez <juangabreil@gmail.com> * chore: update secrets baselines Co-Authored-By: Liran Tal <liran.tal@gmail.com> * chore: update lock file * chore: add logger mock methods * chore: update @verdaccio/types * refactor: unit test was flacky adapt the pkg access to the new configuration setup * refactor: add plugin methods validation * test: add test for aesEncrypt * chore: update local-storage dependency * chore: add support for experimetns token will be part of the experiment lists * chore: increase timeout * chore: increase timeout threshold * chore: update nock * chore: update dependencies * chore: update eslint config * chore: update dependencies * test: add unit test for npm token * chore: update readme
86 lines
2.2 KiB
YAML
86 lines
2.2 KiB
YAML
#
|
|
# This is the default config file. It allows all users to do anything,
|
|
# so don't use it on production systems.
|
|
#
|
|
# Look here for more config file examples:
|
|
# https://github.com/verdaccio/verdaccio/tree/master/conf
|
|
#
|
|
|
|
# path to a directory with all packages
|
|
storage: ./storage
|
|
# path to a directory with plugins to include
|
|
plugins: ./plugins
|
|
|
|
web:
|
|
title: Verdaccio
|
|
# comment out to disable gravatar support
|
|
# gravatar: false
|
|
# by default packages are ordercer ascendant (asc|desc)
|
|
# sort_packages: asc
|
|
|
|
auth:
|
|
htpasswd:
|
|
file: ./htpasswd
|
|
# Maximum amount of users allowed to register, defaults to "+inf".
|
|
# You can set this to -1 to disable registration.
|
|
# max_users: 1000
|
|
|
|
security:
|
|
api:
|
|
jwt:
|
|
sign:
|
|
expiresIn: 60d
|
|
notBefore: 1
|
|
web:
|
|
sign:
|
|
expiresIn: 7d
|
|
notBefore: 1
|
|
|
|
# a list of other known repositories we can talk to
|
|
uplinks:
|
|
npmjs:
|
|
url: https://registry.npmjs.org/
|
|
|
|
packages:
|
|
'@*/*':
|
|
# scoped packages
|
|
access: $all
|
|
publish: $authenticated
|
|
unpublish: $authenticated
|
|
proxy: npmjs
|
|
|
|
'**':
|
|
# allow all users (including non-authenticated users) to read and
|
|
# publish all packages
|
|
#
|
|
# you can specify usernames/groupnames (depending on your auth plugin)
|
|
# and three keywords: "$all", "$anonymous", "$authenticated"
|
|
access: $all
|
|
|
|
# allow all known users to publish/publish packages
|
|
# (anyone can register by default, remember?)
|
|
publish: $authenticated
|
|
unpublish: $authenticated
|
|
|
|
# if package is not available locally, proxy requests to 'npmjs' registry
|
|
proxy: npmjs
|
|
|
|
# You can specify HTTP/1.1 server keep alive timeout in seconds for incomming connections.
|
|
# A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout.
|
|
# WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enought.
|
|
server:
|
|
keepAliveTimeout: 60
|
|
|
|
middlewares:
|
|
audit:
|
|
enabled: true
|
|
|
|
# log settings
|
|
logs:
|
|
- { type: stdout, format: pretty, level: http }
|
|
#- {type: file, path: verdaccio.log, level: info}
|
|
|
|
experiments:
|
|
# support for npm token command
|
|
token: false
|