Verdaccio

A lightweight Node.js private proxy registry

Package Manager
verdaccio/verdacciowww.verdaccio.org/verdaccio

README

BannerUK

Verdaccio stands for peace, stop the war, we will be yellow / blue 🇺🇦 until that happens.


verdaccio logo

verdaccio gif

Version 6 (Development branch)


Looking for Verdaccio 5 version? Check the branch 5.x

The plugins for the v5.x that are hosted within this organization are located

at the [verdaccio/monorepo](https://github.com/verdaccio/monorepo) repository, while for the v6.x

are hosted on this project ./packages/plugins, keep on mind v6.x plugins will eventually would be

incompatible with v5.x versions.

Note that contributing guidelines might be different based on the branch.


Verdaccio is a simple,zero-config-required local private npm registry.
No need for an entire database just to get started! Verdaccio comes out of the box with
its own tiny database, and the ability to proxy other registries (eg. npmjs.org),
caching the downloaded modules along the way.
For those looking to extend their storage capabilities, Verdaccio
supports various community-made plugins to hook into services such as Amazon's s3,
Google Cloud Storage or create your own plugin.
verdaccio (latest) verdaccio (downloads) docker pulls backers stackshare
discord MIT Crowdin
Twitter followers Github StandWithUkraine

Install


Latest Node.js v16 required


Install with npm:

  1. ``` sh
  2. npm install --location=global verdaccio@6-next
  3. ```

With yarn

  1. ``` sh
  2. yarn global add verdaccio@6-next
  3. ```

With pnpm

  1. ``` sh
  2. pnpm i -g verdaccio@6-next
  3. ```

or

  1. ``` sh
  2. docker pull verdaccio/verdaccio:nightly-master
  3. ```

or with _helm_ official chart.

  1. ``` sh
  2. helm repo add verdaccio https://charts.verdaccio.org
  3. helm repo update
  4. helm install verdaccio/verdaccio
  5. ```

Furthermore, you can read the [Debugging Guidelines](https://github.com/verdaccio/verdaccio/wiki/Debugging-Verdaccio) and the [Docker Examples](https://github.com/verdaccio/verdaccio/tree/master/docker-examples) for more advanced development.

Plugins


You can develop your own plugins with the verdaccio generator. Installing Yeoman is required.

  1. ```
  2. npm install --location=global yo
  3. npm install --location=global generator-verdaccio-plugin
  4. ```

Learn more here how to develop plugins. Share your plugins with the community.

Donations


Verdaccio is run by volunteers; nobody is working full-time on it. If you find this project to be useful and would like to support its development, consider do a long support donation - and your logo will be on this section of the readme.

Donate 💵👍🏻 starting from _$1/month_ or just one single contribution.

What does Verdaccio do for me?


Use private packages


If you want to use all benefits of npm package system in your company without sending all code to the public, and use your private packages just as easy as public ones.

Cache npmjs.org registry


If you have more than one server you want to install packages on, you might want to use this to decrease latency
(presumably "slow" npmjs.org will be connected to only once per package/version) and provide limited failover (if npmjs.org is down, we might still find something useful in the cache) or avoid issues like _How one developer just broke Node, Babel and thousands of projects in 11 lines of JavaScript_, _Many packages suddenly disappeared_ or _Registry returns 404 for a package I have installed before_.

Link multiple registries


If you use multiples registries in your organization and need to fetch packages from multiple sources in one single project you might take advance of the uplinks feature with Verdaccio, chaining multiple registries and fetching from one single endpoint.

Override public packages


If you want to use a modified version of some 3rd-party package (for example, you found a bug, but maintainer didn't accept pull request yet), you can publish your version locally under the same name. See in detail here.

E2E Testing


Verdaccio has proved to be a lightweight registry that can be
booted in a couple of seconds, fast enough for any CI. Many open source projects use verdaccio for end to end testing, to mention some examples, create-react-app, mozilla neutrino, pnpm, storybook, babel.js, angular-cli or docusaurus. You can read more in here.

Furthermore, here few examples how to start:

- e2e-ci-example-gh-actions
- verdaccio-end-to-end-tests
- verdaccio-fork

Watch our Videos


Node Congress 2022, February 2022, Online Free

nodejs

You might want to check out as well our previous talks:

- [Using Docker and Verdaccio to make Integration Testing Easy - Docker All Hands #4 December - 2021](https://www.youtube.com/watch?v=zRI0skF1f8I)
- [Juan Picado – Testing the integrity of React components by publishing in a private registry - React Finland - 2021](https://www.youtube.com/watch?v=bRKZbrlQqLY&t=16s&ab_channel=ReactFinland)
- [BeerJS Cba Meetup No. 53 May 2021 - Juan Picado](https://www.youtube.com/watch?v=6SyjqBmS49Y&ab_channel=BeerJSCba)
- [Node.js Dependency Confusion Attacks - April 2021 - Juan Picado](https://www.youtube.com/watch?v=qTRADSp3Hpo)
- [OpenJS World 2020 about \Cover your Projects with a Multi purpose Lightweight Node.js Registry - Juan Picado*](https://www.youtube.com/watch?v=oVCjDWeehAQ)
- [ViennaJS Meetup - Introduction to Verdaccio by Priscila Olivera and Juan Picado](https://www.youtube.com/watch?v=hDIFKzmoCa)
- [Open Source? trivago - Verdaccio (Ayush and Juan Picado) January 2020](https://www.youtube.com/watch?v=A5CWxJC9xzc)
- [GitNation Open Source Stage - How we have built a Node.js Registry with React - Juan Picado December 2019](https://www.youtube.com/watch?v=gpjC8Qp9B9A)
- [Verdaccio - A lightweight Private Proxy Registry built in Node.js | Juan Picado at The Destro Dev Show](https://www.youtube.com/watch?reload=9&v=P_hxy7W-IL4&ab_channel=TheDestroDevShow)

Get Started


Run in your terminal

  1. ``` sh
  2. verdaccio
  3. ```

You would need set some npm configuration, this is optional.

  1. ``` sh
  2. npm set registry http://localhost:4873/
  3. ```

For one-off commands or to avoid setting the registry globally:

  1. ``` sh
  2. NPM_CONFIG_REGISTRY=http://localhost:4873 npm i
  3. ```

Now you can navigate to http://localhost:4873/ where your local packages will be listed and can be searched.

Warning: Verdaccio does not currently support PM2's cluster mode, running it with cluster mode may cause unknown behavior.


Publishing


1. create a user and log in


  1. ``` sh
  2. npm adduser --registry http://localhost:4873
  3. ```

if you use HTTPS, add an appropriate CA information ("null" means get CA list from OS)


  1. ``` sh
  2. npm set ca null
  3. ```

2. publish your package


  1. ``` sh
  2. npm publish --registry http://localhost:4873
  3. ```

This will prompt you for user credentials which will be saved on the verdaccio server.

Docker


Below are the most commonly needed information,
every aspect of Docker and verdaccio is documented separately

  1. ```
  2. docker pull verdaccio/verdaccio:nightly-master
  3. ```

Available as tags.

Running verdaccio using Docker


To run the docker container:

  1. ``` sh
  2. docker run -it --rm --name verdaccio -p 4873:4873 verdaccio/verdaccio
  3. ```

Docker examples are available in this repository.

Compatibility


Verdaccio aims to support all features of a standard npm client that make sense to support in private repository. Unfortunately, it isn't always possible.

Basic features


- Installing packages (npm install, npm upgrade, etc.) - supported
- Publishing packages (npm publish) - supported

Advanced package control


- Unpublishing packages (npm unpublish) - supported
- Tagging (npm tag) - supported
- Deprecation (npm deprecate) - supported

User management


- Registering new users (npm adduser {newuser}) - supported
- Change password (npm profile set password) - supported
- Transferring ownership (npm owner add {user} {pkg}) - not supported, _PR-welcome_
- Token (npm token) - supported

Miscellany


- Searching (npm search) - supported (cli / browser)
- Ping (npm ping) - supported
- Starring (npm star, npm unstar, npm stars) - supported

Security


- npm/yarn audit - supported

Report a vulnerability


If you want to report a security vulnerability, please follow the steps which we have defined for you in our security policy.

Special Thanks


Thanks to the following companies to help us to achieve our goals providing free open source licenses. Every company provides enough resources to move this project forward.

CompanyLogoLicense
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
JetBrains[![jetbrain](assets/thanks/jetbrains/logo.png)](https://www.jetbrains.com/)JetBrains
Crowdin[![crowdin](assets/thanks/crowdin/logo.png)](https://crowdin.com/)Crowdin
BrowserStack[![browserstack](https://cdn.verdaccio.dev/readme/browserstack_logo.png)](https://www.browserstack.com/)BrowserStack
Netlify[![netlify](https://www.netlify.com/img/global/badges/netlify-color-accent.svg)](https://www.netlify.com/)Netlify
Algolia[![algolia](https://cdn.verdaccio.dev/sponsor/logo/algolia/logo.png)](https://algolia.com/)Algolia
Docker[![docker](https://cdn.verdaccio.dev/sponsor/logo/docker/docker.png)](https://www.docker.com/community/open-source/application)Docker

Maintainers


[Juan[Ayush[Sergio
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
![jotadeveloper](https://avatars3.githubusercontent.com/u/558752?s=120&v=4)![ayusharma](https://avatars2.githubusercontent.com/u/6918450?s=120&v=4)![sergiohgz](https://avatars2.githubusercontent.com/u/14012309?s=120&v=4)
[@jotadeveloper](https://twitter.com/jotadeveloper)[@ayusharma\_](https://twitter.com/ayusharma_)[@sergiohgz](https://twitter.com/sergiohgz)
[Priscila[Daniel
![priscilawebdev](https://avatars2.githubusercontent.com/u/29228205?s=120&v=4)![DanielRuf](https://avatars3.githubusercontent.com/u/827205?s=120&v=4)
[@priscilawebdev](https://twitter.com/priscilawebdev)[@DanielRufde](https://twitter.com/DanielRufde)

You can find and chat with then over Discord, click here or follow them at _Twitter_.

Who is using Verdaccio?


- create-react-app _(+86.2k ⭐️)_
- Gatsby _(+49.2k ⭐️)_
- Babel.js _(+38.5k ⭐️)_
- Docusaurus _(+34k ⭐️)_
- Vue CLI _(+27.4k ⭐️)_
- Angular CLI _(+24.3k ⭐️)_
- Uppy _(+23.8k ⭐️)_
- bit _(+13k ⭐️)_
- Aurelia Framework _(+11.6k ⭐️)_
- pnpm _(+10.1k ⭐️)_
- ethereum/web3.js _(+9.8k ⭐️)_
- NX _(+6.1k ⭐️)_
- webiny-js _(+4.3k ⭐️)_
- Mozilla Neutrino _(+3.7k ⭐️)_
- workshopper how to npm _(+1k ⭐️)_
- Amazon SDK v3
- Amazon Encryption SDK for Javascript

🤓 Don't be shy, add yourself to this readme.

Open Collective Sponsors


Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor]
sponsor sponsor sponsor sponsor sponsor sponsor sponsor sponsor sponsor sponsor

Open Collective Backers


Thank you to all our backers! 🙏 [Become a backer]
backers

Contributors


This project exists thanks to all the people who contribute. [Contribute].
contributors

FAQ / Contact / Troubleshoot


If you have any issue you can try the following options, do no desist to ask or check our issues database, perhaps someone has asked already what you are looking for.

- Blog
- Donations
- Reporting an issue
- Running discussions
- Chat
- Logos
- Docker Examples
- FAQ

License


Verdaccio is MIT licensed

The Verdaccio documentation and logos (excluding /thanks, e.g., .md, .png, .sketch) files within the /assets folder) is
Creative Commons licensed.