verdaccio with private token

Question

I have a private artifactory in my office. I use verdaccio for download npms from internet and after it in insert them to private artifactory. It works wonderfool. I bought Font Awesome pro version , and want to download npm. How can I pass to verdaccion security token ? Without token I can't download npm

tnx

Answer 1

You can actually set up a token peer uplink which will be included in each request:

With Verdaccio there is 2 ways to achieve what you need:

1. With environment variables

If you want to customize your own environment variable.

uplinks:
  private:
    url: https://private-registry.domain.com/registry
    auth:
      type: bearer
      token_env: FOO_TOKEN

or us the default NPM_TOKEN recognized by verdaccio.

uplinks:
  private:
    url: https://private-registry.domain.com/registry
    auth:
      type: bearer
      token_env: true # defaults to `process.env['NPM_TOKEN']`

This is handy on CI environments where you are afraid to leak sensitive information.

2. Token in the config file

uplinks:
  private:
    url: https://private-registry.domain.com/registry
    auth:
      type: bearer
      token: "token"

I'd recommend do this only for local development, in any other case please use option 1.

For more information refer to the official documentation about uplinks.

Remember you can have different uplinks that refers to the same registry, eg:

uplinks:
  private:
    url: https://private-registry.domain.com/registry
    auth:
      type: bearer
      token: "token"  
   private2:
    url: https://private-registry.domain.com/registry2
    auth:
      type: bearer
      token: "token"

 packages:
   '@my-company/*':
     access: $access
     publish: $authenticated
     proxy: private private2

In this scenario, the package would have access to two sources protected by token, if one return 404 the second proxy will try to resolve your request.