mirror of
https://github.com/verdaccio/verdaccio.git
synced 2024-11-13 03:35:52 +01:00
1.4 KiB
1.4 KiB
id | date | title |
---|---|---|
protect-your-dependencies | 2017-07-10T23:36:56.503Z | Protecting packages |
verdaccio
allows you protect publish, to achieve that you will need to set up correctly your packages acces.
Package configuration
Let's see for instance the following set up. You have a set of dependencies what are prefixed with my-company-*
and you need to protect them from anonymous or another logged user without right credentials.
'my-company-*':
access: admin teamA teamB teamC
publish: admin teamA
proxy: npmjs
With this configuration, basically we allow to groups admin and teamA to * publish* and teamA teamB teamC access to such dependencies.
Use case: teamD try to access the dependency
So, if I am logged as teamD. I shouldn't be able to access all dependencies that match with my-company-*
pattern.
➜ npm whoami
teamD
I won't have access to such dependencies and also won't be visible via web for user teamD. If I try to access the following will happen.
➜ npm install my-company-core
npm ERR! code E403
npm ERR! 403 Forbidden: webpack-1@latest
or with yarn
➜ yarn add my-company-core
yarn add v0.24.6
info No lockfile found.
[1/4]
error An unexpected error occurred: "http://localhost:5555/webpack-1: unregistered users are not allowed to access package my-company-core".