Deep dive into Verdaccio - NodeTLV 2022 - Israel
•
0 likes•452 views
In this talk, you will discover a deep understanding of how a Node.js registry works. Advanced features that will help boost your registry productivity and what´s new for the next major release.
Recommended
Recommended
More Related Content
Similar to Deep dive into Verdaccio - NodeTLV 2022 - Israel
Similar to Deep dive into Verdaccio - NodeTLV 2022 - Israel (20)
More from Juan Picado
Recently uploaded
Recently uploaded (20)
Deep dive into Verdaccio - NodeTLV 2022 - Israel
- 1. Deep dive into Verdaccio A lightweight Node.js registry Bat Yam Beach 🇮🇱 NodeTLV - 2022
- 2. Juan Picado Front-End Engineer at mobile.de - Adevinta (Berlin, Germany) Open Source Free Time Developer at Verdaccio
- 5. • Publish Private Packages • Proxy from multiples registries • Zero Dependencies • Web User Interface Included • Pluggable web application • Lightweight (~3s to start up)
- 6. npm install npm publish npm pro fi le npm search npm token npm star npm stars npm audit npm login npm logout npm ping npm whoami npm dist-tag npm audit npm deprecate + org speci fi cs yarn install yarn npm publish yarn npm login yarn npm logout yarn npm whoami yarn npm publish yarn npm info yarn npm tag yarn npm audit yarn search pnpm install pnpm publish pnpm pro fi le pnpm search pnpm token pnpm star pnpm stars pnpm audit pnpm login pnpm logout pnpm ping pnpm whoami pnpm dist-tag pnpm audit pnpm deprecate
- 7. ~4 million/year download average 📦
- 8. ~83 million docker pull 🐳
- 11. Why Verdaccio?
- 12. 70-90% of our code is open source https://www.linuxfoundation.org/blog/a-summary-of-census-ii-open-source- software-application-libraries-the-world-depends-on/
- 13. 🔥 You don’t have a problem until you KNOW you have it npmjs registry
- 15. Using a proxy registry for caching should be mandatory on development work fl ows npmjs registry
- 16. Using a proxy registry for caching should be mandatory on development work fl ows npmjs registry 🐳
- 17. O ffl ine publishing as a feature
- 18. O ffl ine registry provides opportunities for learning Node.js https://github.com/Caspia/npm-populate
- 19. Exposing sensitive data in source control systems is a recipe for a disaster
- 21. Verdaccio Upstream registry 🔐Protected registry Bearer mySecretToken mySecretToken
- 26. • Always scope your packages • Only proxy where is need it • Protect your packages from unauthorized access with the $authentication role
- 27. End to End Testing
- 28. @scope/cli @scope/pk2 @scope/pk3 @scope/pk4 npx @scope/cli @scope/pk5 ☠ 😓 I forgot update the “main” fi eld in package.json
- 34. Publish to local registry Vue React Prettier Jest CRA npm install —registry http://localhost:4873 150 packages - 40,226,227 Weekly Downloads
- 35. Package Managers have workspaces features https://2021.stateofjs.com/en-US/libraries/monorepo-tools 56%
- 36. E2E pattern with Verdaccio Initialise local verdaccio Publish packages Run E2E - Install from local registry - Run tests
- 41. Middleware
- 42. Middleware npm install —global verdaccio-awesome-middleware
- 43. Middleware npm install —global @scope/awesome-middleware
- 46. What else?
- 47. Features • Customize the User Interface • User rate limiting • Noti fi cations on publish (slack, etc) • Use JWT for token signature (expires tokens) • HTTPS built-in • npm audit support (online only) • search, deprecate, star, token (npm commands)
- 48. What’s next?
- 49. verdaccio@6-next • New features, rate limiting, custom hashing algorithms, UI improvements, also available on Verdaccio 5. • Modularize the project and reduce core size • Search on all packages at the storage • Migrating to Fastify (🤞WIP) • Improve plugin system and async the plugin API by default • Upgrade deprecated libraries, prepare for future
- 50. verdaccio@6-next
- 51. Wrapping up • Protect your builds caching external packages hosting a proxy registry • Using a local registry for E2E your packages • Extend Verdaccio by creating and share plugins with the community
- 52. 372