By Priscila Oliveira and Juan Picado Verdaccio is an npm package which allows you to create a local npm registry, without any configuration. It’s batteries included project, coming with its own database. It does so by acting as a local caching/proxy server.

1. Introduction to Verdaccio
Priscila Oliveira
Juan Picado
ViennaJS Meetup
January 2019

2. Plan
• Node.js Package Managers
• Does npm registry cover you 100%?
• Let’s talk about Verdaccio

3. Juan Picado
• Front-End Engineer at Mobfox
• Core Contributor at Verdaccio
• React, TypeScript, Node.js and
Traveler

4. Priscila Oliveira
• Front-End Engineer at Eversports
• Core Contributor at Verdaccio
• Traveler, Pet lover and Netflix
addict

5. Front-End
Tooling
Back-End
What is a registry?
All projects meet in the registry

6. Node.js Package Managers
npm Inc
Facebook, Google, Exponent, Tilde
Zoltan Kochan

7. npm tools orchestrate the resolution of packages
https://twitter.com/ismonkeyuser/status/882117941344567296

8. https://blog.npmjs.org/post/180868064080/this-year-in-javascript-2018-in-review-and-npms
It has more than 900k modules

9. https://twitter.com/housecor/status/1078634947831914496
97% of the code your app uses is shared

10. https://twitter.com/seldo/status/988477780441481217
We completely depend on the npm registry

11. The main registry might fail

12. The main registry might remove packages by
mistake
https://blog.npmjs.org/post/169432444640/npm-operational-incident-6-jan-2018

13. You might have made a mistake
https://twitter.com/seldo/status/791061480904855552

14. • Offline features are not perfect
• Latency and Connectivity issues might affect you
• Security and Price is out of your control
Other scenarios

15. Offline
https://twitter.com/xavczen/status/108147722342363545

16. webpack@4.28.3: (24 dependencies, 50 dev):
The result after a successful installation is the following:
○ 884 dependencies at first level
○ 1,690 dependencies including inner dependencies
○ 1,802 requests from npm to the registry
○ 190MB (unzipped/unpackaged)
Example

17. • Local Cache is not shareable
• You are unable to use some CLI commands (publish, info)
• Isolated working areas (Company Policies)
Offline

18. Latency and Connectivity
https://www.cable.co.uk/broadband/speed/worldwide-speed-league/#highlight

19. • The global average download speed is ~9Mbps
• In South America / Africa / Asia ~<4Mbps
• Firewall Issues (China)
• Roaming and Limited Data Plans, Network Outage
Latency and Connectivity

20. Security
• Relying on third-party companies with your code
• Leaking sensitive data on npm is a real threat

21. Self Hosted SaaS
💰💰💰 💰💰
Cloud services are expensive
SaaS uses volumed based pricing
Verdaccio

22. Case Study
“We ran the math, npm charges $7/customer/mo
and every user has to have a paid account;
verdaccio can effortlessly scale to hundreds of
users and tens of packages a month”
“We use it in production on a single
DigitalOcean droplet, $5/mo”
https://sheetjs.com/

23. A lightweight private npm proxy registry

24. Verdaccio is a lightweight proxy and private
registry with an entirely optional configuration that
allows you to host private Node.js packages and is
compatible with all client package managers such
npm, Yarn or pnpm.

25. Installation
node >6.12.0

26. Docker and Kubernetes
3.200.000 pulls
https://github.com/verdaccio/docker-examples

27. CLI

28. • Lightweight Private Registry
• Proxy (Uplinks)
• Cache (Storage)
• Entirely Optional Configuration
• Pluggable Application
• Web User Interface
• MIT License
In a Nutshell

29. Private Registry
All benefits of npm registry without sending the
code to the public

30. Proxy / Uplinks
It only works with one registry at the time

31. Uplinks
Associating scoped set up

32. Uplinks
It is hard to maintain and insecure

33. Uplinks
Handle the distribution efficiently
pnpm install --registry http://verdaccio.npm.tool

34. Accessing secured registries
Uplinks

35. Cache
A dependency consists of metadata and tarballs

36. Storage can be hosted in the cloud
Storage

37. • Avoid failures due to external issues
• Save bandwidth and reduce external traffic
Caching on CI

38. • Authentification (Gitlab, LDAP)
• Storage (AWS, Google Cloud)
• Middleware (npm audit)
Plugins
https://verdaccio.org/docs/en/plugins

39. Plugins
Share your plugin with the community
https://verdaccio.org/docs/en/dev-plugins

40. Web Interface
React, Flow, Material-UI

41. E2E Tests
Testing packages before publishing them

42. E2E
Verdaccio helps avoiding mistakes
https://twitter.com/adamlacombe/status/1084968234607144961

43. E2E
create-react-app uses
Verdaccio

44. E2E
create-react-app, Hyperledger, Eclipse Theia,
Uppy, Storybook, IBM Carbon Design System,
pnpm, bit, Mozilla Neutrino, N4JSD (Eclipse),
ng-toolkit and Gatsby.js (experiment)

45. Other features
• Node API (https://github.com/awslabs/aws-cdk)
• Notifications (Slack, Stride, …)

46. Recap
• Affordable and easy to use
• Owns the control of your private packages
• Caching packages keep you safe
• Encourage you for testing your packages
• Full Offline support

47. Donate
Open Source must be sustainable
https://opencollective.com/verdaccio

48. Documentation
https://verdaccio.org
7 languages

49. Contributors
Thanks !!

50. Coming Soon
• JSON Web Tokens (Expiring Token …)
• Change Password
• New UI (Material-UI)
• Typescript Migration
• Docker Image Improvements

51. Keep in Touch
• http://chat.verdaccio.org
• https://medium.com/verdaccio
• https://twitter.com/verdaccio_npm
• https://github.com/verdaccio

52. Thanks