verdaccio-auth-memory - Auth plugin for Verdaccio that keeps users in memory

This verdaccio auth plugin keeps the users in a memory plain object. This means all sessions and users will disappear when you restart the verdaccio server.

If you want to use this piece of software, do it at your own risk. This plugin is being used for unit testing.

Installation

$ npm install -g verdaccio
$ npm install -g verdaccio-auth-memory

Config

Add to your config.yaml:

auth:
  auth-memory:
    users:
      foo:
        name: foo
        password: s3cret
      bar:
        name: bar
        password: s3cret

For plugin writers

It's called as:

const plugin = require('verdaccio-auth-memory');

plugin(config, appConfig);

Where:

• config - module's own config
• appOptions - collection of different internal verdaccio objects
  • appOptions.config - main config
  • appOptions.logger - logger

This should export four functions:

• adduser(user, password, cb) Add new users

  It should respond with:

  • cb(err) in case of an error (error will be returned to user)
  • cb(null, false) in case registration is disabled (next auth plugin will be executed)
  • cb(null, true) in case user registered successfully

  It's useful to set err.status property to set http status code (e.g. err.status = 403).

• authenticate(user, password, cb) Authenticate the user

  It should respond with:

  • cb(err) in case of a fatal error (error will be returned to user, keep those rare)
  • cb(null, false) in case user not authenticated (next auth plugin will be executed)
  • cb(null, [groups]) in case user is authenticated

  Groups is an array of all users/usergroups this user has access to. You should probably include username itself here.

• allow_access(user, pkg, cb) Check whether the user has permissions to access a resource (package)

  It should respond with:

  • cb(err) in case of a fatal error (error will be returned to user, keep those rare)
  • cb(null, false) in case user not allowed to access (next auth plugin will be executed)
  • cb(null, true) in case user is allowed to access

• allow_publish(user, pkg, cb) Check whether the user has permissions to publish a resource (package)

  It should respond with:

  • cb(err) in case of a fatal error (error will be returned to user, keep those rare)
  • cb(null, false) in case user not allowed to publish (next auth plugin will be executed)
  • cb(null, true) in case user is allowed to publish

Donations

Verdaccio is run by volunteers; nobody is working full-time on it. If you find this project to be useful and would like to support its development, consider making a donation - your logo might end up in this readme. 😉

Donate 💵👍🏻 starting from $1/month or just one single contribution.

Report a vulnerability

If you want to report a security vulnerability, please follow the steps which we have defined for you in our security policy.

Open Collective Sponsors

Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor]

Open Collective Backers

Thank you to all our backers! 🙏 [Become a backer]

Special Thanks

Thanks to the following companies to help us to achieve our goals providing free open source licenses.

Contributors

This project exists thanks to all the people who contribute. [Contribute].

FAQ / Contact / Troubleshoot

If you have any issue you can try the following options. Do not hesitate to ask or check our issues database. Perhaps someone has asked already what you are looking for.

• Blog
• Donations
• Reporting an issue
• Running discussions
• Chat
• Logos
• Docker Examples
• FAQ

License

Verdaccio is MIT licensed

The Verdaccio documentation and logos (excluding /thanks, e.g., .md, .png, .sketch files within the /assets folder) are Creative Commons licensed.