Use Verdaccio to build NPM private warehouses
Demand background: normally might need a lot of commonality in project work code, for example, frameworks, tools, and common business logic code, etc., through the packaging to NPM central warehouse or private, to carry out maintenance and managed code, convenient the use of common code, if it involves inconvenient public code components can be released to the private warehouse.
Advantages of a private NPM component library:
- Private NPM packages are only available to the company’s internal LAN
- Faster than directly downloading packages in NPM, and faster than using Taobao image, after all, in the company’s internal LAN
- Permission management can be configured for publishing and downloading NPM packages
In the research of building NPM private component repository, I have looked up a lot of related information, including using Maven package management private server tool Nexus to build private repository, also using Ali CNPM to build private repository, as well as using Sinopia and Verdaccio to build private repository, the main differences are introduced below:
- Use maven package management private server tool Nexus to build a private repository, this method is powerful, but more tends to use in the background, the server should be familiar with
- Ali CNPM set up NPM private warehouse, this is ali’s own internal use, should also be very useful, but need to install MySQL database, and configuration is more troublesome
- Using Sinopia to build the NPM private repository is relatively easy to use and does not require database configuration, but the Github project seems to have been unmaintained for three or four years
After reviewing relevant information and comparing, I finally chose verdaccio to build the NPM private repository. This Github project seems to be a branch of Sinopia with similar usage.
Server setup
1. Install node
Verdaccio is a lightweight private npm proxy registry built in Node.js
Verdaccio is based on Node.js, so we need to install Node on our server, how to install Node on Ali Cloud server, see my blog before ali Cloud server deployment node+mongodb
2. Install Verdaccio
npm install -g verdaccio --unsafe-perm
Copy the codeThe –unsafe-perm option is added to prevent gyp ERR! Permission denied Error:
gyp ERR! configure error
gyp ERR! stack Error: EACCES: permission denied, mkdir '/usr/local/lib/node_modules/verdaccio/node_modules/dtrace-provider/build'
gyp ERR! System Linux 3.10.0-862.14.4.el7.x86_64
gyp ERR! command "/usr/local/bin/node" "/usr/local/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "rebuild"
gyp ERR! cwd /usr/local/lib/node_modules/verdaccio/node_modules/dtrace-provider
gyp ERR! node -v v8.12.0
gyp ERR! node-gyp -v v3.8.0
gyp ERR! not ok
Copy the codeIf the NPM needs to be updated, run NPM install -g NPM
Execution Result:
/usr/local/bin/verdaccio
Copy the code3. Start Verdaccio
verdaccio
Copy the codeThe result is as follows:
Verdaccio doesn't need superuser privileges. Don't run it under root.
warn --- config file - /root/.config/verdaccio/config.yaml
warn --- Plugin successfully loaded: htpasswd
warn --- Plugin successfully loaded: audit
warn --- http address - http://localhost:4873/ - verdaccio/3.10.2
Copy the codeFrom the console output, we can see that verdaccio configuration file path in/root/config/verdaccio/config. The yaml and default access address http://localhost:4873/, increase listen at the end of the configuration file: 0.0.0.0:4873
// Go to the verdaccio directory CD /root/.config/verdaccio/ / and check the files in this directory. By default, there are two files in this directory: Htpasswd ls > config.yaml storage // View the configuration file vim config.yamlCopy the codeAdd the code at the end of the config file config.yaml:
Specify specify listen address (or simply a port) listen: 0.0.0.0:4873Copy the codeThe default verdaccio configuration is as follows:
storage: ./storage
auth:
htpasswd:
file: ./htpasswd
uplinks:
npmjs:
url: https://registry.npmjs.org/
packages:
'@*/*':
access: $all
publish: $authenticated
proxy: npmjs
'**':
proxy: npmjs
logs:
- {type: stdout, format: pretty, level: http}
Copy the codeUrl can be configured as taobao mirror address:
Url: HTTP: / / https://registry.npm.taobao.org/ / / default to NPM's warehouse address, due to the national conditions, modify the url verdaccio use taobao NPM mirror address, so faster download speedCopy the codeSee the detailed Verdaccio configuration file documentation
4. Use PM2 to start Verdaccio and keep the process open
Install the pm2
npm install -g pm2 --unsafe-perm
Copy the codeStart Verdaccio with PM2 to keep the process open at all times
pm2 start verdaccio
Copy the codeAfter executing the command, the result is as follows:
5. Access the built private warehouse
Open http://47.107.60.51:4873 in the browser. If you can access it normally, the establishment is successful. As shown in figure:
Note: Add a security group in Ali cloud server and open port 4873. If you do not add the port security group, you cannot access http://47.107.60.51:4873 in the browser
The client (locally) publishes the NPM to a private repository
After setting up the private repository on the server with Verdaccio, the next step is how to upload the NPM package locally to the private repository server
You must register your account before publishing NPM packages. For details, see how to develop an NPM package and publish it to the NPM central repository
1. Login
NPM adduser - registry at http://47.107.60.51:4873Copy the codeEnter the NPM account username, password, and email address as follows:
Username: better1025 Password: Email: (this IS public) 924902324 @qq.com Logged in as better1025 on http://47.107.60.51:4873/.Copy the codeOutput is Logged in as better1025 on http://47.107.60.51:4873/., said NPM account better1025 successfully log in to the http://47.107.60.51:4873/ private warehouse.
2. Publish NPM packages to private repositories
NPM publish - registry at http://47.107.60.51:4873Copy the codeAfter successful release:
NPM notice NPM notice 📦 [email protected] NPM notice === Tarball Contents === NPM notice 230B package.json NPM notice 101B helloworld.js npm notice 115B index.js npm notice === Tarball Details === npm notice name: LLD - NPM - Demo NPM Notice Version: 1.0.2 NPM notice Package Size: 412 B NPM notice Unpacked size: 446 B npm notice shasum: 990fac51aaa0cac64f25da052306112b588ce792 npm notice integrity: sha512-Bl9FtXdg819Ds[...] JkTmzfbKjA9og == NPM notice Total Files: 3 NPM notice + [email protected]Copy the codeHow to publish the NPM package and encounter errors, refer to the blog how to develop an NPM package and publish it to the NPM central repository.
3. NPM is successfully published to a private repository
Refresh the http://47.107.60.51:4873 page in your browser, as shown below:
4. How to use the private repository NPM package
Due to the restriction of domestic access to foreign networks, in order to improve the speed of downloading NPM packages, we usually set taobao mirror image in our daily project development.
/ / set up taobao mirror NPM install - g CNPM - registry=https://registry.npm.taobao.orgCopy the codeView NPM configuration information
npm config ls
Copy the codeWhen downloading the NPM package we published to the private repository, we need to change the repository address as follows:
NPM set registry at http://47.107.60.51:4873Copy the codeNPM install LLD – NPM -demo: NPM install LLD – NPM -demo: NPM install LLD – NPM -demo: NPM install LLD – NPM -demo
The command output is as follows:
Betters-imac :privateRegistry better$NPM set registry http://47.107.60.51:4873 betters-imac :privateRegistry better$NPM install lld-npm-demo npm notice created a lockfile as package-lock.json. You should commit this file. npm WARN [email protected] No description NPM WARN [email protected] No repository field. + [email protected] Added 1 Package from 1 contributor and Audited 1 Package in 3.083s found 0 DecemberCopy the codeFinally, you are advised to use NRM to switch the NPM warehouse address
NRM is the NPM Registry management tool that enables you to view and switch the registry currently in use. You don’t have to install it, it’s more efficient.
npm install -g nrm
Copy the codeReference article:
NPM private server tool Verdaccio build (two) use Verdaccio build NPM warehouse NPM private warehouse Sinopia build and use CNPM build private NPM warehouse NPM package NPM private module 3 ways to use Cnpmjs.org builds private NPM repositories