1
0
mirror of https://github.com/verdaccio/verdaccio.git synced 2024-11-13 03:35:52 +01:00
verdaccio/website/docs/what-is-verdaccio.md
Marc Bernard 08c36e688e
docs: add statement about npm security best practices (#3324)
OWASP is explicitly mentioning Verdaccio in one of their recommendations for npm security best practices. 

It's high praise so should be mentioned in a central place. If not here, you might find another page to add it.
2022-08-24 17:59:08 +02:00

2.6 KiB

id title
what-is-verdaccio What is Verdaccio?

Verdaccio is a lightweight private npm proxy registry built in Node.js

Using a private npm registry like Verdaccio is one of the Top 10 NPM Security Best Practices recommended by the Open Web Application Security Project (OWASP).

What's a registry?

  • A registry is a repository for packages, that implements the CommonJS Compliant Package Registry specification for reading package's information.
  • Provide a compatible API with npm clients (yarn/npm/pnpm).
  • Semantic Versioning compatible (semver).
$> verdaccio

registry

Using Verdaccio

Using Verdaccio with any Node.js package manager client is quite straightforward.

registry

You can use a custom registry either by setting it globally for all your projects

npm set registry http://localhost:4873

or by using it in command line as an argument --registry in npm (slightly different in yarn)

npm install lodash --registry http://localhost:4873
yarn config set registry http://localhost:4873

To have a more detailed explanation, I invite you to watch the full explanation Angular Library: How To Use a Library in a poly-repo Using Verdaccio by Fanis Prodromou on his YouTube channel.

Private

All packages that you publish are private and only accessible based in your configuration.

Proxy

Verdaccio cache all dependencies on demand and speed up installations in local or private networks.

In a Nutshell

  • It's a web app based on Node.js
  • It's a private npm registry
  • It's a local network proxy
  • It's a Pluggable application
  • It's fairly easy to install and to use
  • We offer Docker and Kubernetes support
  • It is 100% compatible with yarn, npm and pnpm
  • Verdaccio means A green color popular in late medieval Italy for fresco painting.