Convert Figma logo to code with AI

verdaccio logoverdaccio

A lightweight Node.js private proxy registry

16,639
1,378
16,639
55

Top Related Projects

8,637

the package manager for JavaScript

‼️ ‼️ ‼️ ‼️ DEPRECATED, please use https://github.com/cnpm/cnpmcore ‼️ ‼️ ‼️ ‼️

Sonatype Nexus Repository Open-source codebase mirror

41,478

The 1.x line is frozen - features and bugfixes now happen on https://github.com/yarnpkg/berry

Quick Overview

Verdaccio is a lightweight, open-source private npm proxy registry. It allows you to host your own npm packages and cache public packages from npmjs.com, providing faster installations and better control over your dependencies.

Pros

  • Easy to set up and configure
  • Works as a local cache for npm packages, improving installation speed
  • Supports various authentication methods and access control
  • Can be used as a standalone registry or in conjunction with other registries

Cons

  • Limited built-in UI features compared to some commercial alternatives
  • May require additional setup for advanced use cases (e.g., clustering)
  • Documentation can be unclear or outdated in some areas
  • Performance may degrade with a large number of packages or users

Getting Started

  1. Install Verdaccio globally:
npm install -g verdaccio
  1. Start Verdaccio:
verdaccio
  1. Configure npm to use Verdaccio as the registry:
npm set registry http://localhost:4873/
  1. Create a new user:
npm adduser --registry http://localhost:4873
  1. Publish a package to your local registry:
npm publish --registry http://localhost:4873

To use Verdaccio in a project, you can add a .npmrc file to your project root with the following content:

registry=http://localhost:4873/

This will ensure that npm uses your local Verdaccio registry for this project.

Competitor Comparisons

8,637

the package manager for JavaScript

Pros of npm/cli

  • Official Node.js package manager with extensive ecosystem support
  • Robust and well-maintained with frequent updates
  • Seamless integration with the npm registry

Cons of npm/cli

  • Centralized architecture, potentially leading to single points of failure
  • Limited control over package hosting and distribution

Code Comparison

npm/cli:

npm install package-name
npm publish
npm run script-name

verdaccio:

npm set registry http://localhost:4873/
npm adduser --registry http://localhost:4873/
npm publish --registry http://localhost:4873/

Summary

npm/cli is the official package manager for Node.js, offering a comprehensive solution for managing dependencies and publishing packages. It benefits from wide adoption and extensive documentation. However, it relies on a centralized infrastructure, which may not be ideal for all use cases.

Verdaccio, on the other hand, is a lightweight, private npm proxy registry. It allows for local package hosting and offline mode, making it suitable for environments with limited internet access or stricter security requirements. Verdaccio provides more control over package distribution but may require additional setup and maintenance compared to the standard npm client.

Both tools serve different purposes and can be used complementarily in various development workflows, depending on specific project needs and infrastructure requirements.

‼️ ‼️ ‼️ ‼️ DEPRECATED, please use https://github.com/cnpm/cnpmcore ‼️ ‼️ ‼️ ‼️

Pros of cnpmjs.org

  • Designed specifically for enterprise-level npm registry management
  • Supports synchronization with official npm registry
  • Offers a web interface for package management and visualization

Cons of cnpmjs.org

  • Less active development compared to Verdaccio
  • More complex setup and configuration process
  • Limited documentation and community support

Code Comparison

cnpmjs.org configuration:

{
  "registryPort": 7001,
  "webPort": 7002,
  "syncModel": "all",
  "admins": {
    "admin": "admin@example.com"
  }
}

Verdaccio configuration:

storage: ./storage
auth:
  htpasswd:
    file: ./htpasswd
uplinks:
  npmjs:
    url: https://registry.npmjs.org/
packages:
  '@*/*':
    access: $all
    publish: $authenticated
    proxy: npmjs

Both projects serve as npm registry alternatives, but they cater to different use cases. cnpmjs.org is more suited for large-scale enterprise deployments with a focus on synchronization and web-based management. Verdaccio, on the other hand, is more lightweight and easier to set up for smaller teams or individual developers.

cnpmjs.org offers better support for mirroring the official npm registry, which can be beneficial for organizations with strict network policies. However, Verdaccio has a more active community and frequent updates, making it a more versatile choice for general use cases.

The code comparison shows that cnpmjs.org uses a JSON configuration file with specific options for registry and web ports, while Verdaccio uses a YAML configuration with a more modular approach to storage, authentication, and package management.

Sonatype Nexus Repository Open-source codebase mirror

Pros of Nexus Public

  • More comprehensive package management: Supports multiple repository formats (Maven, npm, Docker, etc.)
  • Advanced security features: Built-in vulnerability scanning and license compliance
  • Scalable architecture: Designed for enterprise-level deployments

Cons of Nexus Public

  • Higher resource requirements: Needs more system resources to run effectively
  • Steeper learning curve: More complex setup and configuration process
  • Paid features: Some advanced functionalities require a commercial license

Code Comparison

Verdaccio configuration (config.yaml):

storage: ./storage
auth:
  htpasswd:
    file: ./htpasswd
uplinks:
  npmjs:
    url: https://registry.npmjs.org/
packages:
  '@*/*':
    access: $all
    publish: $authenticated
    proxy: npmjs

Nexus Public configuration (nexus.properties):

nexus-context-path=/nexus
application-port=8081
application-host=0.0.0.0
nexus-edition=nexus-pro-edition
nexus-features=\
  nexus-pro-feature

While both projects serve as package repositories, Nexus Public offers a more feature-rich and enterprise-focused solution, whereas Verdaccio provides a lightweight and easy-to-use option for smaller teams or projects. The code snippets showcase the difference in configuration complexity between the two systems.

41,478

The 1.x line is frozen - features and bugfixes now happen on https://github.com/yarnpkg/berry

Pros of Yarn

  • Faster package installation and dependency resolution
  • Built-in security features like checksum verification
  • Supports workspaces for monorepo management

Cons of Yarn

  • Larger file size and memory footprint
  • Less flexible for custom registry configurations
  • Steeper learning curve for users familiar with npm

Code Comparison

Yarn (package.json):

{
  "name": "my-project",
  "version": "1.0.0",
  "dependencies": {
    "react": "^17.0.2"
  }
}

Verdaccio (config.yaml):

storage: ./storage
auth:
  htpasswd:
    file: ./htpasswd
uplinks:
  npmjs:
    url: https://registry.npmjs.org/
packages:
  '@*/*':
    access: $all
    publish: $authenticated
    proxy: npmjs

Yarn focuses on package management and dependency resolution, while Verdaccio is a lightweight private npm proxy registry. Yarn provides a more robust solution for managing dependencies in large projects, especially those with monorepo structures. Verdaccio, on the other hand, offers a simple way to set up a private npm registry for hosting and sharing packages within an organization or team.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

BannerHelp

Verdaccio stands for peace, stop the war, we will be yellow / blue 🇺🇦 until that happens.

verdaccio logo

verdaccio gif

Version Next (Development Branch)

Looking for Verdaccio version 5 or 6? Version 6 is the latest version and successor to version 5. Version 6 requires Node.js 18 or higher and is maintained in the 6.x branch.

The plugins for versions 5 and 6 are located at the verdaccio/monorepo repository. Plugins for the next-8 version are hosted in this project under the ./packages/plugins folder.

Note that contributing guidelines might be different based on the branch.

Verdaccio is a simple, zero-config-required local private npm registry. No need for an entire database just to get started! Verdaccio comes out of the box with its own tiny database, and the ability to proxy other registries (eg. npmjs.org), caching the downloaded modules along the way. For those looking to extend their storage capabilities, Verdaccio supports various community-made plugins to hook into services such as Amazon's s3, Google Cloud Storage or create your own plugin.

verdaccio (latest) verdaccio (downloads) docker pulls backers stackshare

discord MIT Crowdin

Github StandWithUkraine

Versions

You can find more details about the different versions of Verdaccio, minimum requirements, as well as links to associated npm packages and docker images in the version history.

Install

Node.js v18 as minimum version required

Install with npm:

npm install -g verdaccio@next-8

With yarn

yarn global add verdaccio@next-8

With pnpm

pnpm i -g verdaccio@next-8

or

docker pull verdaccio/verdaccio:nightly-master

or with helm official chart.

helm repo add verdaccio https://charts.verdaccio.org
helm repo update
helm install verdaccio/verdaccio

Furthermore, you can read the Debugging Guidelines and the Docker Examples for more advanced development.

Plugins

You can develop your own plugins with the verdaccio generator. Installing Yeoman is required.

npm install -g yo
npm install -g generator-verdaccio-plugin

Learn more here how to develop plugins. Share your plugins with the community.

Integration Tests

In our compatibility testing project, we're dedicated to ensuring that your favorite commands work seamlessly across different versions of npm, pnpm, and Yarn. From publishing packages to managing dependencies. Our goal is to give you the confidence to use your preferred package manager without any issues. So dive in, check out our matrix, and see how your commands fare across the board!

Learn or contribute here

Commands

cmdnpm6npm7npm8npm9npm10pnpm8pnpm9pnpm10yarn1yarn2yarn3yarn4
publish✅✅✅✅✅✅✅✅✅✅✅✅
unpublish✅✅✅✅✅✅✅❌❌❌❌❌
info✅✅✅✅✅✅✅✅✅✅✅✅
audit✅✅✅✅✅✅✅✅✅✅✅❌
install✅✅✅✅✅✅✅✅✅✅✅✅
deprecate✅✅✅✅✅✅✅✅⛔⛔⛔⛔
ping✅✅✅✅✅✅✅✅⛔⛔⛔⛔
search✅✅✅✅✅✅✅✅⛔⛔⛔⛔
star✅✅✅✅✅✅✅✅⛔⛔⛔⛔
stars✅✅✅✅✅✅✅✅⛔⛔⛔⛔
dist-tag✅✅✅✅✅✅✅✅✅❌❌❌

notes:

  • yarn search cmd exist in modern but, it do not uses the search registry endpoint.
  • yarn modern has two info commands, the one used here is yarn npm info

❌ = no tested ✅ = tested ⛔ = no supported

Donations

Verdaccio is run by volunteers; nobody is working full-time on it. If you find this project to be useful and would like to support its development, consider doing a long support donation - and your logo will be on this section of the readme.

Donate 💵👍🏻 starting from $1/month or just one single contribution.

What does Verdaccio do for me?

Use private packages

If you want to use all benefits of npm package system in your company without sending all code to the public, and use your private packages just as easy as public ones.

Cache npmjs.org registry

If you have more than one server you want to install packages on, you might want to use this to decrease latency (presumably "slow" npmjs.org will be connected to only once per package/version) and provide limited failover (if npmjs.org is down, we might still find something useful in the cache) or avoid issues like How one developer just broke Node, Babel and thousands of projects in 11 lines of JavaScript, Many packages suddenly disappeared or Registry returns 404 for a package I have installed before.

Link multiple registries

If you use multiples registries in your organization and need to fetch packages from multiple sources in one single project you might take advance of the uplinks feature with Verdaccio, chaining multiple registries and fetching from one single endpoint.

Override public packages

If you want to use a modified version of some 3rd-party package (for example, you found a bug, but maintainer didn't accept pull request yet), you can publish your version locally under the same name. See in detail here.

E2E Testing

Verdaccio has proved to be a lightweight registry that can be booted in a couple of seconds, fast enough for any CI. Many open source projects use Verdaccio for end to end testing, to mention some examples, create-react-app, mozilla neutrino, pnpm, storybook, babel.js, angular-cli or docusaurus. You can read more in here.

Furthermore, here few examples how to start:

Watch our Videos

Node 2022, February 2022, Online Free

You might want to check out as well our previous talks:

Get Started

Run in your terminal

verdaccio

You would need set some npm configuration, this is optional.

npm set registry http://localhost:4873/

For one-off commands or to avoid setting the registry globally:

NPM_CONFIG_REGISTRY=http://localhost:4873 npm i

Now you can navigate to http://localhost:4873/ where your local packages will be listed and can be searched.

Warning: Verdaccio does not currently support PM2's cluster mode, running it with cluster mode may cause unknown behavior.

Publishing

1. create a user and log in

npm adduser --registry http://localhost:4873

if you use HTTPS, add an appropriate CA information ("null" means get CA list from OS)

npm set ca null

2. publish your package

npm publish --registry http://localhost:4873

This will prompt you for user credentials which will be saved on the verdaccio server.

Docker

Below are the most commonly needed information, every aspect of Docker and verdaccio is documented separately

docker pull verdaccio/verdaccio:nightly-master

Available as tags.

Running Verdaccio using Docker

To run the docker container:

docker run -it --rm --name verdaccio -p 4873:4873 verdaccio/verdaccio

Docker examples are available in this repository.

Compatibility

Verdaccio aims to support all features of a standard npm client that make sense to support in a private repository. Unfortunately, it isn't always possible.

Basic features

  • Installing packages (npm install, npm update, etc.) - supported
  • Publishing packages (npm publish) - supported

Advanced package control

  • Unpublishing packages (npm unpublish) - supported
  • Tagging (npm dist-tag) - supported
  • Deprecation (npm deprecate) - supported

User management

  • Registering new users (npm adduser {newuser}) - supported
  • Change password (npm profile set password) - supported
  • Transferring ownership (npm owner) - supported
  • Token (npm token) - supported

Miscellaneous

  • Searching (npm search) - supported (cli / browser)
  • Ping (npm ping) - supported
  • Starring (npm star, npm unstar, npm stars) - supported

Security

  • Audit (npm/yarn audit) - supported

Report a vulnerability

If you want to report a security vulnerability, please follow the steps which we have defined for you in our security policy.

Special Thanks

Thanks to the following companies to help us to achieve our goals providing free open source licenses. Every company provides enough resources to move this project forward.

CompanyLogoLicense
JetBrainsjetbrainJetBrains provides licenses for products for active maintainers, renewable yearly
CrowdincrowdinCrowdin provides platform for translations
BrowserStackbrowserstackBrowserStack provides plan to run End to End testing for the UI
NetlifynetlifyNetlify provides pro plan for website deployment
AlgoliaalgoliaAlgolia provides search services for the website
DockerdockerDocker offers unlimited pulls and unlimited egress to any and all users

Maintainers

Juan PicadoAyush SharmaSergio Hg
jotadeveloperayusharmasergiohgz
@jotadeveloper@ayusharma_@sergiohgz
Priscila OliveriaDaniel Ruf
priscilawebdevDanielRuf
@priscilawebdev@DanielRufde

You can find and chat with them over Discord, click here or follow them at Twitter.

Who is using Verdaccio?

🤓 Don't be shy, add yourself to this readme.

Open Collective Sponsors

Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor]

sponsor sponsor sponsor sponsor sponsor sponsor sponsor sponsor sponsor sponsor

Open Collective Backers

Thank you to all our backers! 🙏 [Become a backer]

backers

Contributors

This project exists thanks to all the people who contribute. [Contribute].

contributors

FAQ / Contact / Troubleshoot

If you have any issue you can try the following options. Do no hesitate to ask or check our issues database. Perhaps someone has asked already what you are looking for.

License

Verdaccio is MIT licensed

The Verdaccio documentation and logos (excluding /thanks, e.g., .md, .png, .sketch) files within the /assets folder) is Creative Commons licensed.

NPM DownloadsLast 30 Days