By Priscila Oliveira and Juan Picado
Verdaccio is an npm package which allows you to create a local npm registry, without any configuration. It’s batteries included project, coming with its own database. It does so by acting as a local caching/proxy server.
16. webpack@4.28.3: (24 dependencies, 50 dev):
The result after a successful installation is the following:
○ 884 dependencies at first level
○ 1,690 dependencies including inner dependencies
○ 1,802 requests from npm to the registry
○ 190MB (unzipped/unpackaged)
Example
17. • Local Cache is not shareable
• You are unable to use some CLI commands (publish, info)
• Isolated working areas (Company Policies)
Offline
19. • The global average download speed is ~9Mbps
• In South America / Africa / Asia ~<4Mbps
• Firewall Issues (China)
• Roaming and Limited Data Plans, Network Outage
Latency and Connectivity
20. Security
• Relying on third-party companies with your code
• Leaking sensitive data on npm is a real threat
21. Self Hosted SaaS
💰💰💰 💰💰
Cloud services are expensive
SaaS uses volumed based pricing
Verdaccio
22. Case Study
“We ran the math, npm charges $7/customer/mo
and every user has to have a paid account;
verdaccio can effortlessly scale to hundreds of
users and tens of packages a month”
“We use it in production on a single
DigitalOcean droplet, $5/mo”
https://sheetjs.com/
24. Verdaccio is a lightweight proxy and private
registry with an entirely optional configuration that
allows you to host private Node.js packages and is
compatible with all client package managers such
npm, Yarn or pnpm.
44. E2E
create-react-app, Hyperledger, Eclipse Theia,
Uppy, Storybook, IBM Carbon Design System,
pnpm, bit, Mozilla Neutrino, N4JSD (Eclipse),
ng-toolkit and Gatsby.js (experiment)
45. Other features
• Node API (https://github.com/awslabs/aws-cdk)
• Notifications (Slack, Stride, …)
46. Recap
• Affordable and easy to use
• Owns the control of your private packages
• Caching packages keep you safe
• Encourage you for testing your packages
• Full Offline support