That said, npm isn't perfect. What if it goes offline for a while or you want to use private packages at your company? npm provides several commercial options, but today we'll discuss an open source one, Verdaccio by Juan Picado.
Currently, I work in Austria as a Software Engineer at Mobfox. I love meetups, books, sports, software conferences and I travel a lot.
Verdaccio is a lightweight private proxy registry with an entirely optional configuration that allows you to host private Node.js packages and compatible with all client package managers such npm, yarn or pnpm.
Verdaccio emulates the main npmjs registry, its internals can be broken down into:
Other solutions very often either require a long list of prerequisites before the first usage, hardware requirements are high and of course, you usually have to pay to use them.
With Verdaccio, you instead start out small with a proper default configuration and can then scale or adapt if necessary. A configuration file is created when you install Verdaccio which you can then customize using plugins created by the community.
And even if Verdaccio by default is file system based, it’s a limitation easy to resolve using our ecosystem of plugins. You can evolve Verdaccio from a small and straightforward registry to an application scaled to fit large infrastructures using the right list of plugins.
Furthermore, we provide Docker and Kubernetes support that make things even easier for companies that use Verdaccio in their development workflows.
There is a long history behind this project. Verdaccio is one of the multiple forks of sinopia, forked initially by Trent Earl and John Wilkinson after Sinopia was abandoned. I became a regular contributor, and after some months contributing, I got the project’s ownership and evolving Verdaccio into what the project it is today.
Among other things, we went from 200 stars on GitHub, 600 downloads per month on npm and 10k on Docker Hub to 2200 stars, 14k and 250k downloads. This rise in popularity would not have been possible without the help of many contributors and especially the core team composed of Meeeeow, Ayush Sharma, Breno Rodrigues and many others.
This project is significant for the community and me, and I firmly believe it has to exist as a free and straightforward solution to emulate an npm package system in your company or local environment, as well as it being open source.
In one word – grow. We want to be the most important and most used open source registry, and for that, we have drawn a plan along last year to provide a good base. Throughout 2017 we managed to release several stable versions, ship new releases, improve Docker support, publish a new website with documentation and we have been working on the next major release v3 in parallel, currently in Alpha stage.
v3 will provide a bunch of exciting things:
v3 still will be entirely backward compatible with sinopia, we want their users to feel comfortable with moving to Verdaccio.
But not all is perfect, many incidents last years on central registry remind us we need a solution in case this happens again, and Verdaccio is the ideal tool for avoiding sudden development issues, missing packages and can also serve as an offline emergency solution.
Verdaccio has lately also been used for E2E testing of npm packages before publishing them to npm, as outlined by Strapi in a medium post.