15 comments

[ 3.0 ms ] story [ 56.6 ms ] thread
Does this use couchdb the way NPM seems to?
(comment deleted)
If you're looking for that, try smart-private-npm.
Why not sonatype nexus?
I’m interested in trying it. As far as I know, it’s the only free and open source multi-format build artifact repository.
From the docs, it looks like this has support to proxy package downloads from NPM. But, it's not clear if this is cached or not.

Does anyone know if it's possible to use this as a cache for installing packages from https://registry.npmjs.org/?

I have something exactly like this setup on my laptop to proxy PyPI and allow installing packages from cache when I'm offline or in the rare PyPI outage.

Edit: It has cache, but I mean does it use the cache if NPM is down or I'm offline.

Yes, it does use the cache in preference to npmjs.org under normal conditions. The typical issues of using npm to build production systems are much reduced, though not as much as with vendoring. My last company used this, replacing Sinopia.
The company I work on (quite small, 15ish people) uses this, mainly as a replacement for the outdated Sinopia. Works just great, with seamless proxying, and makes it quite faster since we run it on the internal network. Even NPM modules get cached. Which is very handy given we cannot use Yarn or PNPM.
On the Polymer project we used a private Verdaccio server to test out automatically converting and publishing ~100 packages from Bower and HTML imports to npm and JS modules.

It was pretty indispensable to be able to try out such automation without spamming real npm with 100s of sometimes broken packages.

We have been using Verdaccio for a short time to host some private React components. It was a very easy and simple integration.
We at allaboutapps are using verdaccio since ~1year, primary for centrally publishing our internal packages (e.g. our whole base backend stack) and testing packages before actually releasing them to the wild. Typically yarn interacts with it, never encounted any problem.

The proxy has also been a handy feature for us to mitigate the risk of broken builds due to now unpublished packages from the official npm (though this shouldn't be a problem anymore). Can really recommend it.

If you’re interested in deploying your own Verdaccio instance easily on DigitalOcean with auto-renewing Lets Encrypt certs, I have a cloud-config.yml generator:

https://github.com/steve-taylor/artifact-server-config

It also deploys Artifactory OSS and a Docker registry, but you can quite easily rip all that out.

All you have to do is create a RancherOS instance with the generated cloud-config.yml pasted into the User Data field (and you’ll need to provide an SSH key, of course).