UNPKG

@verdaccio/config

Version:

Verdaccio Configuration

verdaccio.org

264 lines (238 loc) 9.26 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
# # This is the default configuration file. It allows all users to do anything, # please read carefully the documentation and best practices to # improve security. # # Read about the best practices # https://verdaccio.org/docs/best # Path to a directory with all packages storage: ./storage # Path to a directory with plugins to include, the plugins folder has the higher priority for loading plugins # Disable this folder to avoid warnings if is not used # plugins: ./plugins # Web UI settings # https://verdaccio.org/docs/webui web: title: Verdaccio # Disable complete web UI # enabled: false # Custom colors for header background and font # primaryColor: "#4b5e40" # Custom logos and favicon # logo: ./path/to/logo.png # logoDark: ./path/to/logoDark.png # favicon: ./path/to/favicon.ico # Disable gravatar support # gravatar: false # By default, packages are ordered ascending # sort_packages: asc | desc # Convert your UI to the dark side # darkMode: true # html_cache: true # By default, all features are displayed # login: true # showInfo: true # showSettings: true # In combination with darkMode you can force specific theme # showThemeSwitch: true # showFooter: true # showSearch: true # showRaw: true # showDownloadTarball: true # showUplinks: true # # HTML tags injected before ends </head> # metaScripts: # - '<script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>' # - '<script type="text/javascript" src="https://browser.sentry-cdn.com/5.15.5/bundle.min.js"></script>' # - '<meta name="robots" content="noindex">' # # HTML tags injected as first child in <body> # scriptsBodyBefore: # - '<div id="myId">html before webpack scripts</div>' # # HTML tags injected as last child in </body> # scriptsBodyAfter: # - '<script type="text/javascript" src="https://my.company.com/customJS.min.js"></script>' # # Public path for template manifest scripts (only manifest) # publicPath: http://somedomain.org/ # Settings for authentication plugin # https://verdaccio.org/docs/configuration#authentication auth: htpasswd: file: ./htpasswd # Maximum amount of users allowed to register, defaults to "+inf". # You can set this to -1 to disable registration. # max_users: 1000 # Hash algorithm, possible options are: "bcrypt", "md5", "sha1", "crypt". # algorithm: bcrypt # by default is crypt, but is recommended use bcrypt for new installations # Rounds number for "bcrypt", will be ignored for other algorithms. # rounds: 10 # A list of other known repositories we can talk to # https://verdaccio.org/docs/configuration#uplinks uplinks: npmjs: url: https://registry.npmjs.org/ # Learn how to protect your packages # https://verdaccio.org/docs/protect-your-dependencies/ # https://verdaccio.org/docs/configuration#packages packages: '@*/*': # scoped packages access: $all publish: $authenticated unpublish: $authenticated proxy: npmjs '**': # allow all users (including non-authenticated users) to read and # publish all packages # # you can specify usernames/groupnames (depending on your auth plugin) # and three keywords: "$all", "$anonymous", "$authenticated" access: $all # allow all known users to publish/unpublish packages # (anyone can register by default, remember?) publish: $authenticated unpublish: $authenticated # if package is not available locally, proxy requests to 'npmjs' registry proxy: npmjs # To improve your security configuration and avoid dependency confusion # consider removing the proxy property for private packages # https://verdaccio.org/docs/best#remove-proxy-to-increase-security-at-private-packages # https://verdaccio.org/docs/configuration#server # You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections. # A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout. # WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough. server: keepAliveTimeout: 60 # The pluginPrefix replaces the default plugins prefix which is `verdaccio`. Please don't include `-`. If `something` is provided # the resolved package will be `something-xxxx`. # pluginPrefix: something # A regex for the password validation /.{3}$/ (3 characters min) # An example to limit to 10 characters minimum # passwordValidationRegex: /.{10}$/ # Allow `req.ip` to resolve properly when Verdaccio is behind a proxy or load-balancer # https://expressjs.com/en/guide/behind-proxies.html # trustProxy: '127.0.0.1' # https://verdaccio.org/docs/configuration#offline-publish # publish: # allow_offline: false # check_owners: false # keep_readmes: 'latest' | 'tagged' | 'all' # Define public URL of registry in combination with VERDACCIO_PUBLIC_URL environment variable # https://verdaccio.org/docs/configuration#url-prefix # url_prefix: /verdaccio/ # # Examples: # VERDACCIO_PUBLIC_URL='https://somedomain.org' # url_prefix: '/my_prefix' # // url -> https://somedomain.org/my_prefix/ # # VERDACCIO_PUBLIC_URL='https://somedomain.org' # url_prefix: '/' # // url -> https://somedomain.org/ # # VERDACCIO_PUBLIC_URL='https://somedomain.org/first_prefix' # url_prefix: '/second_prefix' # // url -> https://somedomain.org/second_prefix/ # Security settings # https://verdaccio.org/docs/configuration#security # security: # api: # legacy: true # jwt: # sign: # expiresIn: 29d # verify: # someProp: [value] # web: # sign: # expiresIn: 1h # 1 hour by default # verify: # someProp: [value] # https://verdaccio.org/docs/configuration#user-rate-limit # userRateLimit: # windowMs: 50000 # max: 1000 # https://verdaccio.org/docs/configuration#max-body-size # max_body_size: 10mb # https://verdaccio.org/docs/configuration#listen-port # listen: # - localhost:4873 # default value # - http://localhost:4873 # same thing # - 0.0.0.0:4873 # listen on all addresses (INADDR_ANY) # - https://example.org:4873 # if you want to use https # - "[::1]:4873" # ipv6 # - unix:/tmp/verdaccio.sock # unix socket # The HTTPS configuration is useful if you do not consider use a HTTP Proxy # https://verdaccio.org/docs/configuration#https # https: # key: ./path/verdaccio-key.pem # cert: ./path/verdaccio-cert.pem # ca: ./path/verdaccio-csr.pem # https://verdaccio.org/docs/configuration#proxy # http_proxy: http://something.local/ # https_proxy: https://something.local/ # no_proxy: localhost,127.0.0.1,server.local # https://verdaccio.org/docs/configuration#notifications # notify: # method: 'POST' # methods available: POST, PUT, GET # headers: '[{ "Content-Type": "application/json" }]' # endpoint: 'https://usagge.hipchat.com/v2/room/3729485/notification?auth_token=mySecretToken' # content: '{"color":"green","message":"New package published: * {{ name }}*","notify":true,"message_format":"text"}' # Settings for filter plugins # https://verdaccio.org/docs/plugin-filter # filters: # '@verdaccio/package-filter': # # Block versions published less than N days ago # # minAgeDays: 7 # # Only serve versions published before a specific date # # dateThreshold: '2025-01-01' # # block: # # - scope: '@malicious' # # - package: 'typosquat-pkg' # # - package: 'compromised-lib' # # versions: '>=3.0.0' # # allow: # # - scope: '@my-org' # Settings for middleware plugins # https://verdaccio.org/docs/plugins#middleware-configuration middlewares: audit: enabled: true # timeout: 10000 # Log settings # https://verdaccio.org/docs/logger # Redaction: https://getpino.io/#/docs/redaction # Synchronous logging: https://getpino.io/#/docs/asynchronous log: type: stdout format: pretty level: http # redact: # paths: ['req.header.authorization','req.header.cookie','req.remoteAddress','req.remotePort','ip','remoteIP','user','msg'] # censor: '<redacted>' # sync: true # Feature flags (experimental settings that can be changed or removed in the future) # https://verdaccio.org/docs/configuration#experiments # experiments: # # Support for npm token command # token: false # # Enable tarball URL redirect for hosting tarball with a different server. # # The tarball_url_redirect can be a template string # tarball_url_redirect: 'https://mycdn.com/verdaccio/${packageName}/${filename}' # # The tarball_url_redirect can be a function, takes packageName and filename and returns the url, # # when working with a js configuration file # tarball_url_redirect(packageName, filename) { # const signedUrl = // generate a signed url # return signedUrl; # } # Renamed from "experiments" to "flags" in next major release # flags: # changePassword: true # searchRemote: true # Translate your registry, API and web UI # List of the available translations https://github.com/verdaccio/verdaccio/blob/master/packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md i18n: web: en-US