为什么须要 npm 公有仓库
npm 公有仓库是托管在公司外部服务器,为什么须要它
- 爱护公司代码
- 外部的 UI 组件或者工具,不便内部人员应用
- 内网拜访更快
- 外部保护,能够管制公布和删除权限
解决方案调研
- Sinopia
不能下载带有 @符号的包,且仓库长年无人保护,已被弃用 -
cnpm
始终在保护,但 release 始终没更新
-
verdaccio
fork 自 sinopia
踊跃保护,star 最多 -
Nexus
java 私服用的多
github stars | lastest realease | lastest commit | 备注 | |
---|---|---|---|---|
Sinopia | 5.4k | 2015-6-7 | 2015-10-3 | 不再保护 |
cnpm | 3.4k | 2014-10-9 | 2021-7-6 | – |
verdaccio | 11.9k | 2021-7-15 | 2021-7-21 | – |
以上数据统计于 2021-7-23
能够看到 verdaccio 在 3 个维度上一骑绝尘,决定抉择 verdaccio,它是 nodejs 编写的,与前端最贴近。
搭建过程
申请服务器,装置环境
申请下来后,应用 xshell6 进行 ssh 登录。须要测试和装置环境,包含外网,装置 node,这里抉择风行版本 v14.17.3(LTS)
nodejs download
以后长期反对版: 14.17.3 (蕴含 npm 6.14.13)
tips: 尝试过应用 nvm,能够装置胜利,但因为网络问题装置 node 失败,遂放弃。
应用 verdaccio
verdaccio
装置
npm install -g verdaccio
批改配置文件
cd ~/.config/verdaccio
vim config.yaml
# 或者间接下一行
vim ~/.config/verdaccio/config.yaml
1 #
2 # This is the default config file. It allows all users to do anything,
3 # so don't use it on production systems.
4 #
5 # Look here for more config file examples:
6 # https://github.com/verdaccio/verdaccio/tree/master/conf
7 #
8
9 # path to a directory with all packages
10 storage: ./storage # npm 包寄存的门路
11 # path to a directory with plugins to include
12 plugins: ./plugins
13
14 web:
15 title: Verdaccio
16 # comment out to disable gravatar support
17 # gravatar: false
18 # by default packages are ordercer ascendant (asc|desc)
19 # sort_packages: asc
20 # convert your UI to the dark side
21 # darkMode: true
22 # logo: http://somedomain/somelogo.png
23 # favicon: http://somedomain/favicon.ico | /path/favicon.ico
24
25 # translate your registry, api i18n not available yet
26 # i18n:
27 # list of the available translations https://github.com/verdaccio/ui/tree/master/i18n/translations
28 # web: en-US
29
30 auth:
31 htpasswd:
32 file: ./htpasswd
33 # Maximum amount of users allowed to register, defaults to "+inf".
34 # You can set this to -1 to disable registration.
35 # max_users: 1000
36
37 # a list of other known repositories we can talk to
38 uplinks:
39 npmjs:
40 url: http://registry.npm.taobao.org/ # 默认为 npm 的官网,因为国情,改用 taobao 的 npm 镜像地址
41
42 packages:
43 '@*/*':
44 # scoped packages
45 access: $all
46 publish: $authenticated
47 unpublish: $authenticated
48 proxy: npmjs
49
50 '**':
51 # allow all users (including non-authenticated users) to read and
52 # publish all packages
53 #
54 # you can specify usernames/groupnames (depending on your auth plugin)
55 # and three keywords: "$all", "$anonymous", "$authenticated"
56 access: $all
57
58 # allow all known users to publish/publish packages
59 # (anyone can register by default, remember?)
60 publish: $authenticated
61 unpublish: $authenticated
62
63 # if package is not available locally, proxy requests to 'npmjs' registry
64 proxy: npmjs
65
66 # You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections.
67 # A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout.
68 # WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.
69 server:
70 keepAliveTimeout: 60
71
72 middlewares:
73 audit:
74 enabled: true
75
76 # log settings
77 logs: {type: stdout, format: pretty, level: http}
78
79 # listen 设置监听后,开启外网拜访
80 listen: 0.0.0.0:4873
81
82 #experiments:
83 # # support for npm token command
84 # token: false
85 # # disable writing body size to logs, read more on ticket 1912
86 # bytesin_off: false
87 # # enable tarball URL redirect for hosting tarball with a different server, the tarball_url_redirect can be a template string
88 # tarball_url_redirect: 'https://mycdn.com/verdaccio/${packageName}/${filename}'
89 # # the tarball_url_redirect can be a function, takes packageName and filename and returns the url, when working with a js configuration file
90 # tarball_url_redirect(packageName, filename) {
91 # const signedUrl = // generate a signed url
92 # return signedUrl;
93 # }
94
95 # This affect the web and api (not developed yet)
96 #i18n:
97 #web: en-US
可能批改的点是:storage、uplinks.npmjs.url、listen
另外,如果不让开发者随便删除包,能够设置 unpublish 为特定账号。
启动
verdaccio
即可在外网拜访 http://ip:4873
pm2 守护过程
为了能够在退出 ssh 后服务失常,能够应用 pm2 来守护过程。
pm2
pm2 start verdaccio
罕用 pm2 命令
pm2 list/ls # 查看 pm2 治理的过程
pm2 start <process/[path/app.js]> # 能够开启全局过程,或者运行某个门路的可执行脚本
pm2 stop <process>
pm2 restart <process>
pm2 reload <process>
pm2 delete <process/id>