为什么须要npm公有仓库

npm公有仓库是托管在公司外部服务器,为什么须要它

  • 爱护公司代码
  • 外部的UI组件或者工具,不便内部人员应用
  • 内网拜访更快
  • 外部保护,能够管制公布和删除权限

解决方案调研

  • Sinopia
    不能下载带有@符号的包,且仓库长年无人保护,已被弃用

  • cnpm

    始终在保护,但release始终没更新

  • verdaccio

    fork自sinopia
    踊跃保护,star最多

  • Nexus

    java私服用的多

github starslastest realeaselastest commit备注
Sinopia5.4k2015-6-72015-10-3不再保护
cnpm3.4k2014-10-92021-7-6-
verdaccio11.9k2021-7-152021-7-21-

以上数据统计于 2021-7-23

能够看到verdaccio在3个维度上一骑绝尘,决定抉择verdaccio,它是nodejs编写的,与前端最贴近。

搭建过程

申请服务器,装置环境

申请下来后,应用xshell6进行ssh登录。须要测试和装置环境,包含外网,装置node,这里抉择风行版本v14.17.3(LTS)

nodejs download

以后长期反对版: 14.17.3 (蕴含 npm 6.14.13)

tips: 尝试过应用nvm,能够装置胜利,但因为网络问题装置node失败,遂放弃。

应用verdaccio

verdaccio
装置
npm install -g verdaccio
批改配置文件
cd ~/.config/verdacciovim config.yaml# 或者间接下一行vim ~/.config/verdaccio/config.yaml
  1 #  2 # This is the default config file. It allows all users to do anything,  3 # so don't use it on production systems.  4 #  5 # Look here for more config file examples:  6 # https://github.com/verdaccio/verdaccio/tree/master/conf  7 #  8   9 # path to a directory with all packages 10 storage: ./storage # npm包寄存的门路 11 # path to a directory with plugins to include 12 plugins: ./plugins 13  14 web: 15   title: Verdaccio 16   # comment out to disable gravatar support 17   # gravatar: false 18   # by default packages are ordercer ascendant (asc|desc) 19   # sort_packages: asc 20   # convert your UI to the dark side 21   # darkMode: true 22   # logo: http://somedomain/somelogo.png 23   # favicon: http://somedomain/favicon.ico | /path/favicon.ico 24  25 # translate your registry, api i18n not available yet 26 # i18n: 27 # list of the available translations https://github.com/verdaccio/ui/tree/master/i18n/translations 28 #   web: en-US 29  30 auth: 31   htpasswd: 32     file: ./htpasswd 33     # Maximum amount of users allowed to register, defaults to "+inf". 34     # You can set this to -1 to disable registration. 35     # max_users: 1000 36  37 # a list of other known repositories we can talk to 38 uplinks: 39   npmjs: 40     url: http://registry.npm.taobao.org/ # 默认为npm的官网,因为国情,改用taobao的npm镜像地址 41  42 packages: 43   '@*/*': 44     # scoped packages 45     access: $all 46     publish: $authenticated 47     unpublish: $authenticated 48     proxy: npmjs 49  50   '**': 51     # allow all users (including non-authenticated users) to read and 52        # publish all packages 53     # 54     # you can specify usernames/groupnames (depending on your auth plugin) 55     # and three keywords: "$all", "$anonymous", "$authenticated" 56     access: $all 57  58     # allow all known users to publish/publish packages 59     # (anyone can register by default, remember?) 60     publish: $authenticated 61     unpublish: $authenticated 62  63     # if package is not available locally, proxy requests to 'npmjs' registry 64     proxy: npmjs 65  66 # You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections. 67 # A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout. 68 # WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case     60 is not enough. 69 server: 70   keepAliveTimeout: 60 71  72 middlewares: 73   audit: 74     enabled: true 75  76 # log settings 77 logs: { type: stdout, format: pretty, level: http } 78  79 # listen 设置监听后,开启外网拜访 80 listen: 0.0.0.0:4873 81  82 #experiments: 83 #  # support for npm token command 84 #  token: false 85 #  # disable writing body size to logs, read more on ticket 1912 86 #  bytesin_off: false 87 #  # enable tarball URL redirect for hosting tarball with a different server, the tarball_url_redirect can be a template string 88 #  tarball_url_redirect: 'https://mycdn.com/verdaccio/${packageName}/${filename}' 89 #  # the tarball_url_redirect can be a function, takes packageName and filename and returns the url, when working with a js configuration file 90 #  tarball_url_redirect(packageName, filename) { 91 #    const signedUrl = // generate a signed url 92 #    return signedUrl; 93 #  } 94  95 # This affect the web and api (not developed yet) 96 #i18n: 97 #web: en-US

可能批改的点是:storage、uplinks.npmjs.url、listen

另外,如果不让开发者随便删除包,能够设置unpublish为特定账号。

启动
verdaccio

即可在外网拜访http://ip:4873

pm2守护过程

为了能够在退出ssh后服务失常,能够应用pm2来守护过程。

pm2
pm2 start verdaccio

罕用pm2命令

pm2 list/ls # 查看pm2治理的过程pm2 start <process/[path/app.js]> # 能够开启全局过程,或者运行某个门路的可执行脚本pm2 stop <process>pm2 restart <process>pm2 reload <process>pm2 delete <process/id>