npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@szymon.dukla/verdaccio-gitlab-oauth

v1.0.5

Published

A GitLab OAuth Plugin for [Verdaccio](https://www.verdaccio.org)

Downloads

4

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

szymon.duklaszymon.dukla

Keywords

gitlabloginnpmoauthpackageprivateregistryverdaccio

Readme

📦🔐 Verdaccio GitLab OAuth plugin

A GitLab OAuth Plugin for Verdaccio

About

The plugin is similar to verdaccio-github-oauth-ui, but adapted to use GitLab APIs. When clicking the login button, instead of filling in a login form, you are asked to log in with itLab.

In case you need CLI support for automation purposes, the plugin is also compatible with it, adapting the functionality from sinopia-github-oauth-cli to work with GitLab.

Compatibility

  • Verdaccio 3 and 4
  • Node >=10
  • Chrome, Firefox, Firefox ESR, Edge, Safari, IE 11

Setup Instructions

Install

$ npm install verdaccio-gitlab-oauth

GitLab Config

  • Create an OAuth app at https://gitlab.com/profile/applications
  • The callback URL should be YOUR_REGISTRY_URL/-/oauth/callback
  • The scope needed is openid

Verdaccio Config

Merge the below options with your existing Verdaccio config:

middlewares:
  gitlab-oauth:
    enabled: true

auth:
  gitlab-oauth:
    group: GITLAB_GROUP_PATH
    client-id: GITLAB_CLIENT_ID
    client-secret: GITLAB_CLIENT_SECRET
    gitlab-host: https://your-selfhosted-gitlab.com # Optional, default points to gitlab.com

url_prefix: YOUR_REGISTRY_URL
  • The configured values can either be the actual value or the name of an environment variable that contains the value.
  • The config props can be specified under either the middlewares or the auth node. Just make sure, the addon is included under both nodes.

group

Users within this group will be able to authenticate.

client-id and client-secret

These values can be obtained from GitLab OAuth app page at https://gitlab.com/profile/applications.

gitlab-host (optional)

Set this if you are using self-hosted GitLab. Example: https://hostname

url_prefix (optional)

If configured, it must match YOUR_REGISTRY_URL. See GitLab Config.

Proxy Agent

If you are behind a proxy server, the plugin needs to know the proxy server in order to make GitLab requests.

Configure the below environment variable.

$ export GLOBAL_AGENT_HTTP_PROXY=http://127.0.0.1:8080

See the global-agent docs for detailed configuration instrcutions.

Login

Verdaccio UI

  • Click the login button and login via GitLab, if not logged in already.
  • Authorize the registry - this needs to be done only once.
  • After authorizing the registry with GitLab, you'll be redirected back to the Verdaccio registry.

You are now logged in.

Command Line

To set up authentication with the registry in your npm CLI, you'll need to run the commands shown on the UI.

  • Verdaccio 4: open the "Register Info" dialog and klick "Copy to clipboard"
  • Verdaccio 3: Select the text in the header and copy it. In case the text is too long, you can double-click it. The invisible part will still be selected and copied.
  • Run the copied commands on your terminal.
$ npm config set //localhost:4873:_authToken "SECRET_TOKEN"
$ npm config set //localhost:4873:always-auth true
  • Verify npm is set up correctly by running the whoami command. Example:
$ npm whoami --registry http://localhost:4873
n4bb12

If you see your GitLab username, you are ready to start publishing packages.

Logout

Verdaccio UI

Click the Logout button as per usual.

Command Line

Unless OAuth access is revoked in the GitLab settings, the token is valid indefinitely.