1

I have a private Verdaccio npm repository.

I configured authentification for using htppasswd file

auth:
  htpasswd:
    file: /verdaccio/conf/htpasswd
    max_users: -1

So now nobody can do npm add ... but must use npm login ...

After being logged, I can publish my library with npm publish

But there are few point I don't understand :

  • npm login is asking me an email. But what's the point ? I don't find any trace of that email in the published package.
  • After npm login a token is generated in my .npmrc file. Does it have a validity date ?
  • After being published, in Verdaccio, I see anonymous as author name. The only solution I found to 'put' my name is adding an author tag in the package.json. But if we are 3 persons working on that library we have to change our name each time ? Is there a way to associate (on the server) an htpasswdd with a author name/email ?
tweetysat
  • 2,187
  • 14
  • 38
  • 75

1 Answers1

1

here Verdaccio core maintainer. I'll try to answer all your questions.

npm login is asking me an email. But what's the point ? I don't find any trace of that email in the published package.

Verdaccio does not requires email, but unfortunately npmjs.org does, so just write any value and skip that step, we cannot do anything to avoid that.

After npm login a token is generated in my .npmrc file. Does it have a validity date ?

That depends of which auth you are using, by default the token never expires using 

auth:
  htpasswd:
    file: /verdaccio/conf/htpasswd

but if you want to expire tokens then you would need to add the security new property introduced in Verdaccio 4.

security:
  api:
    jwt:
      sign:
        expiresIn: 29d

The example above will expire all tokens after 29 days and it overrides the default behaviour, the tokens becomes compatible with JWT compatible and share all it properties and benefits.

After being published, in Verdaccio, I see anonymous as author name. The only solution I found to 'put' my name is adding an author tag in the package.json. But if we are 3 persons working on that library we have to change our name each time ? Is there a way to associate (on the server) an htpasswdd with a author name/email ?

Author can be only one, but you have more options, either contributors or maintainers. Just add them in the package.json as follows.

enter image description here

The result would be this in the Verdaccio UI.

enter image description here

Juan Picado
  • 1,823
  • 18
  • 33