mirror of
https://github.com/verdaccio/verdaccio.git
synced 2024-11-13 03:35:52 +01:00
ddb42431d1
* build: configure pretter as formatter for most files * chore: reformat code (#1931) * chore: re-format all files * chore: force run quality anaylsis test Co-authored-by: Juan Picado @jotadeveloper <juanpicado19@gmail.com> Co-authored-by: Juan Picado @jotadeveloper <juanpicado19@gmail.com>
1.4 KiB
1.4 KiB
| id | title |
|---|---|
| protect-your-dependencies | Protecting packages |
verdaccio allows you protect publish, to achieve that you will need to set up correctly your packages access.
''
Package configuration
Let's see for instance the following set up. You have a set of dependencies what are prefixed with my-company-* and you need to protect them from anonymous or another logged user without right credentials.
'my-company-*':
access: admin teamA teamB teamC
publish: admin teamA
proxy: npmjs
With this configuration, basically we allow to groups admin and teamA to publish and teamA teamB teamC access to such dependencies.
Use case: teamD try to access the dependency
So, if I am logged as teamD. I shouldn't be able to access all dependencies that match with my-company-* pattern.
➜ npm whoami
teamD
I won't have access to such dependencies and also won't be visible via web for user teamD. If I try to access the following will happen.
➜ npm install my-company-core
npm ERR! code E403
npm ERR! 403 Forbidden: webpack-1@latest
or with yarn
➜ yarn add my-company-core
yarn add v0.24.6
info No lockfile found.
[1/4] 🔍 Resolving packages...
error An unexpected error occurred: "http://localhost:5555/webpack-1: unregistered users are not allowed to access package my-company-core".