Skip to main content

配置文件

此文件是 Verdaccio 的重要部分, 您可以在其中修改默认行为, 启用插件并扩展功能。

A default configuration file config.yaml is created the very first time you run verdaccio.

默认配置#

默认配置支持 ** 私有(scoped) ** 包, 并允许匿名访问非私有包, 但只有 ** 已登陆用户才能发布包**。

storage: ./storageauth:  htpasswd:    file: ./htpasswduplinks:  npmjs:    url: https://registry.npmjs.org/packages:  '@*/*':    access: $all    publish: $authenticated    proxy: npmjs  '**':    proxy: npmjslogs:  - {type: stdout, format: pretty, level: http}

章节#

以下各章节解释了每个属性的含义以及不同的选项。

存储#

是默认的存储方式。 ** Verdaccio 默认使用内置本地文件模式存储 **。

storage: ./storage

插件#

是插件目录的位置。 对Docker/Kubernetes 基础上的配置非常有用。

plugins: ./plugins

认证#

The authentication setup is done here. 认证设置在这里完成,默认的授权是基于htpasswd 并且是内置的。 您可以通过plugins来修改此行为。 有关更多本章节的详细信息,请阅读auth页面

auth:  htpasswd:    file: ./htpasswd    max_users: 1000

Security#

Since: verdaccio@4.0.0 #168

The security block allows you to customise the token signature. The security block allows you to customise the token signature. To enable JWT (json web token) new signture you need to add the block jwt to api section, web uses by default jwt.

The configuration is separated in two sections, api and web. To use JWT on api it has to be defined, otherwise the legacy token signature (aes192) will be used. The configuration is separated in two sections, api and web. To use JWT on api, it has to be defined, otherwise will use the legacy token signature (aes192). For JWT you might customize the signature and the token verification with your own properties.

security:  api:    legacy: true    jwt:      sign:        expiresIn: 29d      verify:        someProp: [value]   web:     sign:       expiresIn: 7d # 7 days by default     verify:        someProp: [value]

We highly recommend move to JWT since legacy signature (aes192) is deprecated and will disappear in future versions.

Server#

A set of properties to modify the behavior of the server application, specifically the API (Express.js).

You can specify HTTP/1.1 server keep alive timeout in seconds for incomming connections. You can specify HTTP/1.1 server keep alive timeout in seconds for incomming connections. A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout. WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough. WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.

server:  keepAliveTimeout: 60

Web UI#

This property allow you to modify the look and feel of the web UI. For more information about this section read the web ui page. For more information about this section read the web UI page.

web:  enable: true  title: Verdaccio  logo: logo.png  scope:

上行链路#

Uplinks is the ability of the system to fetch packages from remote registries when those packages are not available locally. For more information about this section read the uplinks page. For more information about this section read the uplinks page.

uplinks:  npmjs:    url: https://registry.npmjs.org/

Packages#

This section allows you to control how packages are accessed. Packages allow the user to control how the packages are gonna be accessed. For more information about this section read the packages page.

packages:  '@*/*':    access: $all    publish: $authenticated    proxy: npmjs

高级设置#

离线发布#

By default verdaccio does not allow to publish when the client is offline, that behavior can be overridden by setting this to true. This can be can be overridden by setting this value to true.

publish:  allow_offline: false
Since: verdaccio@2.3.6 due #223

URL Prefix#

The prefix is intended to be used when the server runs behinds the proxy and won't work properly if is used without a reverse proxy, check the reverse proxy setup page for more details.

url_prefix: /verdaccio/

Verdaccio 5 has an improved prefix behaviour and the VERDACCIO_PUBLIC_URL is available for use, learn how to here.

Max Body Size#

verdaccio runs by default in the port 4873. Changing the port can be done via cli or in the configuration file, the following options are valid.

max_body_size: 10mb

Listen Port#

verdaccio runs by default on the port 4873. Changing the port can be done via CLI or in the configuration file. The following options are valid:

listen:# - localhost:4873            # default value# - http://localhost:4873     # same thing# - 0.0.0.0:4873              # listen on all addresses (INADDR_ANY)# - https://example.org:4873  # if you want to use https# - "[::1]:4873"                # ipv6# - unix:/tmp/verdaccio.sock    # unix socket

HTTPS#

To enable https in verdaccio it's enough to set the listen flag with the protocol https\://. For more information about this section read the ssl page. For more information about this section read the SSL page.

https:    key: ./path/verdaccio-key.pem    cert: ./path/verdaccio-cert.pem    ca: ./path/verdaccio-csr.pem

Proxy#

Proxies are special-purpose HTTP servers designed to transfer data from remote servers to local clients.

http_proxy and https_proxy#

This variable should contain a comma-separated list of domain extensions proxy should not be used for.

http_proxy: http://something.local/https_proxy: https://something.local/

no_proxy#

Enabling notifications to third-party tools is fairly easy via web hooks. For more information about this section read the notifications page.

no_proxy: localhost,127.0.0.1

通知#

Enabling notifications to third-party tools is fairly easy via webhooks. For more information about this section read the notifications page.

notify:  method: POST  headers: [{'Content-Type': 'application/json'}]  endpoint: https://usagge.hipchat.com/v2/room/3729485/notification?auth_token=mySecretToken  content: '{"color":"green","message":"New package published: * {{ name }}*","notify":true,"message_format":"text"}'

For more detailed configuration settings, please check the source code.

Audit#

Since: verdaccio@3.0.0

npm audit is a new command released with npm 6.x. Verdaccio includes a built-in middleware plugin to handle this command. Verdaccio includes a built-in middleware plugin to handle this command.

If you have a new installation it comes by default, otherwise you need to add the following props to your config file

middlewares:  audit:    enabled: true

Experiments#

This release includes a new property named experiments that can be placed in the config.yaml and is completely optional.

We want to be able to ship new things without affecting production environments. We want to be able to ship new things without affecting production environments. This flag allows us to add new features and get feedback from the community that wants to use them.

Here one example:

Here is one example:

experiments:  changePassword: false

To disable the experiments warning in the console, you must comment out the whole experiments section.