Home > Mobile >  Verdaccio private packages for each Registered User
Verdaccio private packages for each Registered User

Time:10-31

I want to host an npm package for each of my individual clients, and I want to publish those packages to a private Verdaccio instance. I also want ClientA to only have access to package A, and not to be able to access the packages for ClientB.
How can I do that?

My current plan is to simply edit the config file every time I get a new client, then restart the server. So, here's what that file might look like right now:

packages:
  "@my-repo/client-a-*":
    access: admin client-a
    publish: admin
    unpublish: admin

Then I get ClientB and I edit the file to look like this and restart the server:

packages:
  "@my-repo/client-a-*":
    access: admin client-a
    publish: admin
    unpublish: admin
  "@my-repo/client-b-*":
    access: admin client-b
    publish: admin
    unpublish: admin

I think this would allow ClientA to have readOnly access to client-a packages, and then ClientB would have readOnly access to client-b packages. Do you think this will work? Edit: I confirmed the above does work, allbeit a kind of tedious and manual solution.

Ok - now, can I simplify this with regex?? Can I use group names or regex to match the client name with their package directory? It might look like this (the config below is a guess):

packages:
  "@my-repo/$userId-*":
    access: admin $userId
    publish: admin
    unpublish: admin

So, in this rule $userId acts as a variable, and it would result in every registered user only having access to packages published with the prefix of their own username. Is that possible, and how can I do?

Edit: No. It's not possible. See answer below.

CodePudding user response:

Grouping multiple users into a "group" is NOT supported, per this thread and comment (Sept, 2018) by the core maintainer himself:

It's not possible in that way, currently, user === group. So, you must define all users are allowed in each section (access, publish).

However, it appears at least a small handful of developers have searched for this type of a solution, and there's at least one package that does this as a Verdaccio add-on: snail-verdaccio-groups.

So, I'll just have to tediously edit the config file to add/remove users and packages for them each specifically. Fortunately, Docker makes it pretty easy to just restart the service.

Page link:https//www.codepudding.com/Mobile/593899.html

Prev:What's the different use IP directly and config the local host?
Next:unable to get metadata from jcenter
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding