The client authentification is handled by
npm client itself. Once you login to the application:
npm adduser --registry http://localhost:4873
A token is generated in the
npm configuration file hosted in your user home folder. For more information about
.npmrc read the official documentation.
verdaccio allows you to enable anonymous publish.
verdaccioallows you to enable anonymous publish, to achieve that you will need to set up correctly your packages access.
As is described on issue #212 until
email@example.com and all minor releases won't allow you publish without a token.
The meaning of
As you know Verdaccio uses the
htpasswd by default. That plugin does not implement the methods
allow_unpublish. Thus, Verdaccio will handle that in the following way:
- If you are not logged in (you are anonymous),
$anonymousmeans exactly the same.
- If you are logged in,
$anonymouswon't be part of your groups and
$allwill match any logged user. A new group
$authenticatedwill be added to the list.
As a takeaway,
$all will match all users, independently whether is logged or not.
The previous behavior only applies to the default authentication plugin. If you are using a custom plugin and such plugin implements
allow_unpublish, the resolution of the access depends on the plugin itself. Verdaccio will only set the default groups.
$authenticated, + groups added by the plugin
- anonymous (logged out):
In order to simplify the setup,
verdaccio use a plugin based on
htpasswd. Since version v3.0.x the
verdaccio-htpasswd plugin is used by default.
# Maximum amount of users allowed to register, defaults to "+inf".
# You can set this to -1 to disable registration.
|Datei||string||Ja||./htpasswd||all||file that host the encrypted credentials|
|max_users||number||Nein||1000||all||set limit of users|
In case to decide do not allow user to login, you can set