npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

@outcome-co/verdaccio-github-auth

v2.0.9

Published

Verdaccio Github Authentication Plugin

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

d-twd-tw

Keywords

Readme

verdaccio-github-auth

Continuous Integration version-badge

An authentication plugin for Verdaccio that uses a Github Organization as an authentication and authorization backend.

Installation

npm install @outcome-co/verdaccio-github-auth

Usage

The plugin is configured with a Github Organization, and uses Repository memberships and permissions to determine the package access permissions. The plugin makes a few assumptions:

  • Each repo corresponds to one package
  • The name field in the package.json corresponds to the name of the package in Verdaccio

Permissions

In GitHub, repository permissions can come from multiple sources: the organization-level, directly on the repository, or via team membership. This auth plugin queries GitHub to retrieve the set of permissions and determines the highest level of privilege. GitHub permissions are quite diverse (admin, maintain, triage, etc.), but they map onto a simpler set of Verdaccio permissions (read/write).

To summarize the mapping, if you can push code to the repo, you can push packages to Verdaccio.

Configuration

Add the following to your Verdaccio config:

auth:
    '@outcome-co/verdaccio-github-auth':
        organization: '<ORG NAME>'
        token: '<ORG TOKEN>'

The token provided in the config file must have read access to all of the repositories.

| Option | Description | | --------------------- | ----------------------------------------------------------------------------------------------- | | repositoryPattern | A regexp used to filter the repositories seen by the plugin. Only matching repo names are kept. | | includeRepositories | A list of repository names to use as a filter. Only names in the list are kept. | | excludeRepositories | A list of repository names to to exclude. Only names not in the list are kept. |

Development

Remember to run ./pre-commit.sh when you clone the repository.

Configuration

The configuration file for the development server is stored in ./run/config/. There is a template config file which you can use to start the configuration server. The configuration file should be called config.yaml, and should be placed in the ./run/config directory.

Integration Tests

Integration tests interact directly with the Github API. To set them up, please see here