调研平台:sinopia,Verdaccio

Verdaccio

官方文档

https://verdaccio.org/docs/en/configuration

搭建:

认证方式

身份验证与您正在使用的auth 插件相关。软件包限制也由Package Access处理。

客户端:基于npm客户端登录后会生成一个配置令牌,在.npmrc中

https://docs.npmjs.com/files/npmrc

且允许匿名发布包

包发布的时候允许阻止访问和下载

服务端关于组的验证:

​ access: $all->
​ publish: $all
​ proxy: npmjs

image-20200901175328057

不同的包读取权限限制:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
packages:
  'jquery':
    access: $all
    publish: $all
  'my-company-*':
    access: $all
    publish: $authenticated
  '@my-local-scope/*':
    access: $all
    publish: $authenticated
  '**':
    access: $all
    publish: $authenticated
    proxy: npmjs

组 定义:

1
2
3
4
5
6
7
8
'company-*':
  access: admin internal
  publish: admin
  proxy: server1
'supersecret-*':
  access: secret super-secret-area ultra-secret-area
  publish: secret ultra-secret-area
  proxy: server1