为什么需要npm私有仓库
npm私有仓库是托管在公司内部服务器,为什么需要它
- 保护公司代码
- 内部的UI组件或者工具,方便内部人员使用
- 内网访问更快
- 内部维护,可以控制发布和删除权限
解决方案调研
- Sinopia
不能下载带有@符号的包,且仓库常年无人维护,已被弃用 cnpm
一直在维护,但release一直没更新
verdaccio
fork自sinopia
积极维护,star最多Nexus
java私服用的多
github stars | lastest realease | lastest commit | 备注 | |
---|---|---|---|---|
Sinopia | 5.4k | 2015-6-7 | 2015-10-3 | 不再维护 |
cnpm | 3.4k | 2014-10-9 | 2021-7-6 | - |
verdaccio | 11.9k | 2021-7-15 | 2021-7-21 | - |
以上数据统计于 2021-7-23
可以看到verdaccio在3个维度上一骑绝尘,决定选择verdaccio,它是nodejs编写的,与前端最贴近。
搭建过程
申请服务器,安装环境
申请下来后,使用xshell6进行ssh登录。需要测试和安装环境,包括外网,安装node,这里选择流行版本v14.17.3(LTS)
当前长期支持版: 14.17.3 (包含 npm 6.14.13)
tips: 尝试过使用nvm,可以安装成功,但因为网络问题安装node失败,遂放弃。
使用verdaccio
verdaccio
安装
npm install -g verdaccio
修改配置文件
cd ~/.config/verdaccio
vim config.yaml
# 或者直接下一行
vim ~/.config/verdaccio/config.yaml
1 #
2 # This is the default config file. It allows all users to do anything,
3 # so don't use it on production systems.
4 #
5 # Look here for more config file examples:
6 # https://github.com/verdaccio/verdaccio/tree/master/conf
7 #
8
9 # path to a directory with all packages
10 storage: ./storage # npm包存放的路径
11 # path to a directory with plugins to include
12 plugins: ./plugins
13
14 web:
15 title: Verdaccio
16 # comment out to disable gravatar support
17 # gravatar: false
18 # by default packages are ordercer ascendant (asc|desc)
19 # sort_packages: asc
20 # convert your UI to the dark side
21 # darkMode: true
22 # logo: http://somedomain/somelogo.png
23 # favicon: http://somedomain/favicon.ico | /path/favicon.ico
24
25 # translate your registry, api i18n not available yet
26 # i18n:
27 # list of the available translations https://github.com/verdaccio/ui/tree/master/i18n/translations
28 # web: en-US
29
30 auth:
31 htpasswd:
32 file: ./htpasswd
33 # Maximum amount of users allowed to register, defaults to "+inf".
34 # You can set this to -1 to disable registration.
35 # max_users: 1000
36
37 # a list of other known repositories we can talk to
38 uplinks:
39 npmjs:
40 url: http://registry.npm.taobao.org/ # 默认为npm的官网,由于国情,改用taobao的npm镜像地址
41
42 packages:
43 '@*/*':
44 # scoped packages
45 access: $all
46 publish: $authenticated
47 unpublish: $authenticated
48 proxy: npmjs
49
50 '**':
51 # allow all users (including non-authenticated users) to read and
52 # publish all packages
53 #
54 # you can specify usernames/groupnames (depending on your auth plugin)
55 # and three keywords: "$all", "$anonymous", "$authenticated"
56 access: $all
57
58 # allow all known users to publish/publish packages
59 # (anyone can register by default, remember?)
60 publish: $authenticated
61 unpublish: $authenticated
62
63 # if package is not available locally, proxy requests to 'npmjs' registry
64 proxy: npmjs
65
66 # You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections.
67 # A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout.
68 # WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.
69 server:
70 keepAliveTimeout: 60
71
72 middlewares:
73 audit:
74 enabled: true
75
76 # log settings
77 logs: { type: stdout, format: pretty, level: http }
78
79 # listen 设置监听后,开启外网访问
80 listen: 0.0.0.0:4873
81
82 #experiments:
83 # # support for npm token command
84 # token: false
85 # # disable writing body size to logs, read more on ticket 1912
86 # bytesin_off: false
87 # # enable tarball URL redirect for hosting tarball with a different server, the tarball_url_redirect can be a template string
88 # tarball_url_redirect: 'https://mycdn.com/verdaccio/${packageName}/${filename}'
89 # # the tarball_url_redirect can be a function, takes packageName and filename and returns the url, when working with a js configuration file
90 # tarball_url_redirect(packageName, filename) {
91 # const signedUrl = // generate a signed url
92 # return signedUrl;
93 # }
94
95 # This affect the web and api (not developed yet)
96 #i18n:
97 #web: en-US
可能修改的点是:storage、uplinks.npmjs.url、listen
另外,如果不让开发者随意删除包,可以设置unpublish为特定账号。
启动
verdaccio
即可在外网访问http://ip:4873
pm2守护进程
为了可以在退出ssh后服务正常,可以使用pm2来守护进程。
pm2
pm2 start verdaccio
常用pm2命令
pm2 list/ls # 查看pm2管理的进程
pm2 start <process/[path/app.js]> # 可以开启全局进程,或者运行某个路径的可执行脚本
pm2 stop <process>
pm2 restart <process>
pm2 reload <process>
pm2 delete <process/id>
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用
。你还可以使用@
来通知其他用户。