To make the process leaner, we start searching for our own package management, an npm-like solution to handle all our components in a safe and private way.
This is the starting point of a series where we research different options to solve this problem.
What is Verdaccio?
Verdaccio is a lightweight, extensible, and open-source private npm proxy registry. Built in Node.js, Verdaccio allows developers to have a local npm private registry with zero configuration. This is particularly useful for caching npm packages or for setting up a private registry for internal use, ensuring faster and more reliable builds.
It can be easily integrated with popular continuous integration tools and offers features like authentication, plugins, and more. By using Verdaccio, teams can ensure they have consistent access to the npm packages they need, even if the main npm registry is down or inaccessible. Verdaccio is easy to deploy on-premise or in the cloud.
Five steps to deploy Verdaccio to an AWS EC2
To deploy it to an AWS EC2, is as simple (or complex) as this:
1 – Create an AWS EC2 instance,
2 – Open the port in the security Inbounds setup,
3 – Open the port using the command. Depending on the version of Linux you are running, you need to call iptables.
sudo iptables -A INPUT -p tcp --dport 4873 -j ACCEPT,
4 – Follow the documentation to deploy the instance https://verdaccio.org/docs/aws/ 5 – Remember: Create an static access to your registry. You could create an API gateway or a Route53 implementation to access your registry. You don’t want to change the URL every time you reboot the instance (based on real experiences).
If everything goes as expected, you will be seeing a web like this:
Add the repository to your local NPM
To consume this new repository from your computer, you need to add it to the npm registry along with your Verdaccio credentials:
npm set registry [
( )npm login
Add a new package
Publishing a package is as simple as follows.
npm publish --registry [
While we got the repository up and running quickly, the final product is not totally what we wanted.
|✔️ Documentation is good, and being an open source the community helps a lot.
|❌ Having an EC2 just for this service feels like an overkill.
|✔️ Once everything is set up, the repository works like a charm.
|❌ Little complicated for non-technical users. (Linux commands all over the place).
|❌ The GUI is limited in terms of configurations, if you need something custom you need to check under the hood. (Actually, it’s not bad per se but it would be nice to have a few permissions settings accessible through the interface).
What do you think? Have you tried Verdaccio?
Our next test will be creating an npm repository using Github and Github Actions, so stay tuned!