JSPM

verdaccio-htpasswd

13.0.0-next-8.13
  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 335023
  • Score
    100M100P100Q194007F
  • License MIT

Htpasswd Authentication Plugin for Verdaccio

Package Exports

  • verdaccio-htpasswd
  • verdaccio-htpasswd/build/index.js

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (verdaccio-htpasswd) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

verdaccio-htpasswd - Htpasswd Authentication Plugin for Verdaccio

Verdaccio Home MIT License Verdaccio Latest This Package Latest

Documentation Discord Bluesky Backers Sponsors

Verdaccio Downloads Docker Pulls GitHub Stars

verdaccio-htpasswd is a default authentication plugin for the Verdaccio.

This plugin is being used as dependency after v3.0.0-beta.x. The v2.x still contains this plugin built-in.

Install

As simple as running:

$ npm install -g verdaccio-htpasswd

Configure

auth:
    htpasswd:
        file: ./htpasswd
        # Maximum amount of users allowed to register, defaults to "+infinity".
        # You can set this to -1 to disable registration.
        #max_users: 1000
        # Hash algorithm, possible options are: "bcrypt", "md5", "sha1", "crypt".
        #algorithm: bcrypt
        # Rounds number for "bcrypt", will be ignored for other algorithms.
        # Setting this value higher will result in password verification taking longer.
        #rounds: 10
        # Log a warning if the password takes more then this duration in milliseconds to verify.
        #slow_verify_ms: 200

Bcrypt rounds

It is important to note that when using the default bcrypt algorithm and setting the rounds configuration value to a higher number then the default of 10, that verification of a user password can cause significantly increased CPU usage and additional latency in processing requests.

If your Verdaccio instance handles a large number of authenticated requests using username and password for authentication, the rounds configuration value may need to be decreased to prevent excessive CPU usage and request latency.

Also note that setting the rounds configuration value to a value that is too small increases the risk of successful brute force attack. Auth0 has a blog article that provides an overview of how bcrypt hashing works and some best practices.

Logging In

To log in using NPM, run:

    npm adduser --registry  https://your.registry.local

Generate htpasswd username/password combination

If you wish to handle access control using htpasswd file, you can generate username/password combination form here and add it to htpasswd file.

How does it work?

The htpasswd file contains rows corresponding to a pair of username and password separated with a colon character. The password is encrypted using the UNIX system's crypt method and may use MD5 or SHA1.

Plugin Development in Verdaccio

There are many ways to extend Verdaccio, currently it support authentication plugins, middleware plugins (since v2.7.0) and storage plugins since (v3.x).

License

FOSSA Status