npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

verdaccio-mongodb

v1.2.0

Published

MongoDB Authentication plugin for Verdaccio

Downloads

32

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

joerg.rechjoerg.rech

Keywords

AuthenticationAuthPluginVerdaccioMongoDBDocumentDB

Readme

verdaccio-mongodb

The MongoDB Authentication plugin for Verdaccio

This plugin enables you to use a MongoDB or compatible database (e.g., AWS DocumentDB - currently, compatible to MongoDB 3.6 and 4.0) as the store for your user data. This is especially useful if you want to use an existing user database, if you have other registries beside npm/verdaccio with the same users, if you want to store additional information with the users, or if you want to create users from an external system.

NOTE: This plugin includes a basic counting mechanism for activities which might be used as a "weekly download" indicator (currently this data is only available in the MongoDB)

Installation

Install MongoDB auth plugin into Verdaccio

Add the MongoDB auth plugin to your Verdaccio installation like this:

npm install -g verdaccio-mongodb

Setup Database

  1. Create a MongoDB (or DocumentDB, etc.)
  2. Create "admin" user with correct roles, rights, and password
  3. Secure database with password, auth keys or secure VPN
  4. Create or identify collections
    • Create or identify a collection for the users (must include a field for unique username/email, password (currently, only bcrypt), and usergroups)
    • Optional: Create a collection for the packages (will store counts for activities such as access, publish and unpublish)
  5. Create indices as needed
    • The "users" collection could use a index on the field holding the "username"
    • The "packages" collection could use a index on the field holding the "packagename"

Configure Verdaccio to use MongoDB auth

Change the auth section in your config.yaml file to include the following. Replace the existing auth section or add it to an existing auth chain - but first replace placeholders with your specific values.

auth:
  mongodb:
    uri: "mongodb+srv://[username]:[password]@[host1][:port1]/[db]"
    db: "verdaccio"
    collections:
      users: "users"
      packages: "packages"
    encryption: "bcrypt"
    allowAddUser: true
    countActivity: true
    cacheTTL: 300000
    adminGroup: "&admin"
    fields:
      username:   "username"
      password:   "password"
      usergroups: "usergroups"
      packagename: "packagename"
    rights:
      access:     "user"
      publish:    "maintainer"
      unpublish:  "maintainer"

Configuration options

  • uri: The MongoDB-like URI including admin username, password and database holding the user collection. [REQUIRED]
  • database: The database in the MongoDB holding the user collection [REQUIRED]
  • collections: (name of the collections in the mongodb database)
    • users: Name of the user collection used to store the unique user with passwords and additional information (e.g., username, email, access, etc.). Defaults to users [REQUIRED]
    • packages: Name of the packages collection used to store information on the packages (e.g., name, access, versions, etc.). Defaults to packages [OPTIONAL]
  • encryption: The mechanism to encrypt the password (currently supported: none, bcrypt). Defaults to bcrypt [OPTIONAL]
  • allowAddUser: Switch to allow or disallow adding users. Defaults to false [OPTIONAL]
  • countActivity: Switch to enable or disable counting access, publish, or unpublish events. Defaults to false [OPTIONAL]
  • cacheTTL: Time an entry lives in the cache measured in ms. Defaults to 300000 (5 minutes) [OPTIONAL]
  • adminGroup: The name of the group of admins allowed to access, publish, or unpublish any package. Must be different from user or package names! Defaults to __admin__ [OPTIONAL]
  • fields: (name of the fields in the mongodb collection)
    • username: Name of the field used to store the unique username (e.g., user, username, email, etc.). Defaults to username [OPTIONAL]
    • password: Name of the field used to store the password (e.g., pass, password, token, etc.). Defaults to password [OPTIONAL]
    • usergroups: Name of the field used to store the array of usergroups (e.g., groups, usergroups, roles, etc.). Defaults to usergroups [OPTIONAL]
  • rights: (Definition of who is allowed to work with packages)
    • access: Name of people allowed to access a package (currently supported: maintainer, contributor, user). Defaults to user (if authenticated or anonymous user depends on 'packages' config) [OPTIONAL]
    • publish: Name of people allowed to publish a package (currently supported: maintainer, contributor, user). Defaults to user (if authenticated or anonymous user depends on 'packages' config) [OPTIONAL]
    • unpublish: Name of people allowed to unpublish a package (currently supported: maintainer, contributor, user). Defaults to user (if authenticated or anonymous user depends on 'packages' config) [OPTIONAL]

NOTES

An alternative verdaccio auth plugin exists called verdaccio-auth-mongo: see https://www.npmjs.com/package/verdaccio-auth-mongo and https://gitlab.com/stack-library-open/verdaccio-auth-mongo/-/blob/master/index.js

Debug Tipps

When encountering problems like:

  • error--- undefined-mongodb plugin does not have the right code structure or
  • plugin not found try to install the plugin into the global directory of verdaccio - see:
  • https://github.com/n4bb12/verdaccio-github-oauth-ui/issues/13#issuecomment-643246372
  • e.g., npm install verdaccio-mongodb in directory ~/.nvm/versions/node/v16.15.0/lib/node_modules/verdaccio (get your dir with which verdaccio)