为什么需要npm私有仓库

npm私有仓库是托管在公司内部服务器,为什么需要它

  • 保护公司代码
  • 内部的UI组件或者工具,方便内部人员使用
  • 内网访问更快
  • 内部维护,可以控制发布和删除权限

解决方案调研

  • Sinopia
    不能下载带有@符号的包,且仓库常年无人维护,已被弃用
  • cnpm

    一直在维护,但release一直没更新

  • verdaccio

    fork自sinopia
    积极维护,star最多

  • Nexus

    java私服用的多

github starslastest realeaselastest commit备注
Sinopia5.4k2015-6-72015-10-3不再维护
cnpm3.4k2014-10-92021-7-6-
verdaccio11.9k2021-7-152021-7-21-

以上数据统计于 2021-7-23

可以看到verdaccio在3个维度上一骑绝尘,决定选择verdaccio,它是nodejs编写的,与前端最贴近。

搭建过程

申请服务器,安装环境

申请下来后,使用xshell6进行ssh登录。需要测试和安装环境,包括外网,安装node,这里选择流行版本v14.17.3(LTS)

nodejs download

当前长期支持版: 14.17.3 (包含 npm 6.14.13)

tips: 尝试过使用nvm,可以安装成功,但因为网络问题安装node失败,遂放弃。

使用verdaccio

verdaccio
安装
npm install -g verdaccio
修改配置文件
cd ~/.config/verdaccio
vim config.yaml
# 或者直接下一行
vim ~/.config/verdaccio/config.yaml
  1 #
  2 # This is the default config file. It allows all users to do anything,
  3 # so don't use it on production systems.
  4 #
  5 # Look here for more config file examples:
  6 # https://github.com/verdaccio/verdaccio/tree/master/conf
  7 #
  8 
  9 # path to a directory with all packages
 10 storage: ./storage # npm包存放的路径
 11 # path to a directory with plugins to include
 12 plugins: ./plugins
 13 
 14 web:
 15   title: Verdaccio
 16   # comment out to disable gravatar support
 17   # gravatar: false
 18   # by default packages are ordercer ascendant (asc|desc)
 19   # sort_packages: asc
 20   # convert your UI to the dark side
 21   # darkMode: true
 22   # logo: http://somedomain/somelogo.png
 23   # favicon: http://somedomain/favicon.ico | /path/favicon.ico
 24 
 25 # translate your registry, api i18n not available yet
 26 # i18n:
 27 # list of the available translations https://github.com/verdaccio/ui/tree/master/i18n/translations
 28 #   web: en-US
 29 
 30 auth:
 31   htpasswd:
 32     file: ./htpasswd
 33     # Maximum amount of users allowed to register, defaults to "+inf".
 34     # You can set this to -1 to disable registration.
 35     # max_users: 1000
 36 
 37 # a list of other known repositories we can talk to
 38 uplinks:
 39   npmjs:
 40     url: http://registry.npm.taobao.org/ # 默认为npm的官网,由于国情,改用taobao的npm镜像地址
 41 
 42 packages:
 43   '@*/*':
 44     # scoped packages
 45     access: $all
 46     publish: $authenticated
 47     unpublish: $authenticated
 48     proxy: npmjs
 49 
 50   '**':
 51     # allow all users (including non-authenticated users) to read and
 52        # publish all packages
 53     #
 54     # you can specify usernames/groupnames (depending on your auth plugin)
 55     # and three keywords: "$all", "$anonymous", "$authenticated"
 56     access: $all
 57 
 58     # allow all known users to publish/publish packages
 59     # (anyone can register by default, remember?)
 60     publish: $authenticated
 61     unpublish: $authenticated
 62 
 63     # if package is not available locally, proxy requests to 'npmjs' registry
 64     proxy: npmjs
 65 
 66 # You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections.
 67 # A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout.
 68 # WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case     60 is not enough.
 69 server:
 70   keepAliveTimeout: 60
 71 
 72 middlewares:
 73   audit:
 74     enabled: true
 75 
 76 # log settings
 77 logs: { type: stdout, format: pretty, level: http }
 78 
 79 # listen 设置监听后,开启外网访问
 80 listen: 0.0.0.0:4873
 81 
 82 #experiments:
 83 #  # support for npm token command
 84 #  token: false
 85 #  # disable writing body size to logs, read more on ticket 1912
 86 #  bytesin_off: false
 87 #  # enable tarball URL redirect for hosting tarball with a different server, the tarball_url_redirect can be a template string
 88 #  tarball_url_redirect: 'https://mycdn.com/verdaccio/${packageName}/${filename}'
 89 #  # the tarball_url_redirect can be a function, takes packageName and filename and returns the url, when working with a js configuration file
 90 #  tarball_url_redirect(packageName, filename) {
 91 #    const signedUrl = // generate a signed url
 92 #    return signedUrl;
 93 #  }
 94 
 95 # This affect the web and api (not developed yet)
 96 #i18n:
 97 #web: en-US

可能修改的点是:storage、uplinks.npmjs.url、listen

另外,如果不让开发者随意删除包,可以设置unpublish为特定账号。

启动
verdaccio

即可在外网访问http://ip:4873

pm2守护进程

为了可以在退出ssh后服务正常,可以使用pm2来守护进程。

pm2
pm2 start verdaccio

常用pm2命令

pm2 list/ls # 查看pm2管理的进程
pm2 start <process/[path/app.js]> # 可以开启全局进程,或者运行某个路径的可执行脚本
pm2 stop <process>
pm2 restart <process>
pm2 reload <process>
pm2 delete <process/id>

大白菜
36 声望3 粉丝