The client authentification is handled by
npm client itself. Once you login to the application:
npm adduser --registry http://localhost:4873
A token is generated in the
npm configuration file hosted in your user home folder. For more information about
.npmrc read the official documentation.
cat .npmrc registry=http://localhost:5555/ //localhost:5555/:_authToken="secretVerdaccioToken" //registry.npmjs.org/:_authToken=secretNpmjsToken
verdaccioallows you to enable anonymous publish, to achieve that you will need to set up correctly your packages access.
'my-company-*': access: $anonymous publish: $anonymous proxy: npmjs
As is described on issue #212 until
firstname.lastname@example.org and all minor releases won't allow you publish without a token. However
yarn has not such limitation.
In order to simplify the setup,
verdaccio use a plugin based on
htpasswd. As of version v3.0.x an external plugin
is used by default. The v2.x version of this package still contains the built-in version of this plugin.
auth: htpasswd: file: ./htpasswd # Maximum amount of users allowed to register, defaults to "+inf". # You can set this to -1 to disable registration. #max_users: 1000
|file||string||Yes||./htpasswd||all||file that host the encrypted credentials|
|max_users||number||No||1000||all||set limit of users|
In case to decide do not allow user to login, you can set