搭建npm私服(verdaccio)
前言
在工作中,我们有时会遇到官网的开源组件和公司的实际业务场景不符合的情况,这时可能需要更改开源组件源码的情景。但是更改组件源码后,每次重新安装依赖,还是会覆盖自己修改的代码,怎么解决这种问题呢?搭建公司私有的npm私服,是个不错的选择。
搭建npm私服的好处
1、统一公司内部所用的私有包,能够很大程度上解决依赖版本不一致所带来的问题;
2、安全性,公司内部开发的组件一般都和公司的业务相符,发布到私服上能解决安全问题,并且公司内部能方便的使用
3、npm私服若搭建在内网,能很大程度上提高下载依赖的速度
使用Verdaccio搭建npm私服
一、全局安装Verdaccio
npm install -g verdaccio --unsafe-perm (加上–unsafe-perm的原因是防止报grywarn权限的错)
二、查看配置文件
linux机器,配置文件一般位于:/root/.config/verdaccio/config.yaml
windows机器,配置文件一般位于:C:/Users/user/AppData/Roaming/verdaccio/config.yaml
三、修改配置文件
默认的配置文件使用的时npmjs官网提供的依赖包,即执行npm install时会从npmjs官网下载相应的依赖;
在这里手动增加了淘宝的仓库地址,并设置淘宝仓库为默认的npm install仓库地址(主要是为了提高下载依赖的速度)
具体配置如下:
#
# This is the default config file. It allows all users to do anything,
# so don't use it on production systems.
#
# Look here for more config file examples:
# https://github.com/verdaccio/verdaccio/tree/master/conf
#
# path to a directory with all packages
storage: ./storage
# path to a directory with plugins to include
plugins: ./plugins
web:
title: Verdaccio
# comment out to disable gravatar support
# gravatar: false
# by default packages are ordercer ascendant (asc|desc)
# sort_packages: asc
# convert your UI to the dark side
# darkMode: true
# translate your registry, api i18n not available yet
# i18n:
# list of the available translations https://github.com/verdaccio/ui/tree/master/i18n/translations
# web: en-US
auth:
htpasswd:
file: ./htpasswd
# Maximum amount of users allowed to register, defaults to "+inf".
# You can set this to -1 to disable registration.
# max_users: 1000
# a list of other known repositories we can talk to
uplinks:
npmjs:
url: https://registry.npmjs.org/
taobao:
url: https://registry.npm.taobao.org/
packages:
'@*/*':
# scoped packages
access: $all
publish: $authenticated
unpublish: $authenticated
proxy: taobao
'**':
# allow all users (including non-authenticated users) to read and
# publish all packages
#
# you can specify usernames/groupnames (depending on your auth plugin)
# and three keywords: "$all", "$anonymous", "$authenticated"
access: $all
# allow all known users to publish/publish packages
# (anyone can register by default, remember?)
publish: $authenticated
unpublish: $authenticated
# if package is not available locally, proxy requests to 'npmjs' registry
proxy: taobao
# You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections.
# A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout.
# WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.
server:
keepAliveTimeout: 60
middlewares:
audit:
enabled: true
# log settings
logs:
- { type: stdout, format: pretty, level: http }
#- {type: file, path: verdaccio.log, level: info}
#experiments:
# # support for npm token command
# token: false
# # support for the new v1 search endpoint, functional by incomplete read more on ticket 1732
# search: false
# # disable writing body size to logs, read more on ticket 1912
# bytesin_off: false
# This affect the web and api (not developed yet)
#i18n:
#web: en-US
listen: 0.0.0.0:4083
四、启动verdaccio:
启动命令如下:verdaccio
可使用pm2进行进程管理和进程守护
1、安装pm2
npm install -g pm2
2、使用pm2启动verdaccio
pm2 start verdaccio
3、pm2更多使用方式自行查找
五、添加用户
npm adduser --registry http://localhost:4083
并设置用户名,密码,邮箱
六、在私服中添加包
1、可在空文件夹中执行npm install xx将npmjs官网或淘宝npm仓库中的指定依赖安装到我们的私服中
2、发布私有包:在要发布的包的目录下(含有package.json,README.md)执行npm publish进行包的发布
3、已添加到verdaccio的包,可在verdaccio的仓库目录下看到,默认与配置文件同级目录的storage目录
七、使用
私服搭建好后,使用时需手动的指定npm仓库,类似设置淘宝仓库镜像的方式
npm set registry http://localhost:4873
npm get registry 查看当前的npm仓库
npm cache clean -f 清除缓存