Security News
The Unpaid Backbone of Open Source: Solo Maintainers Face Increasing Security Demands
Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.
verdaccio-aws-s3-storage
Advanced tools
📦 AWS S3 storage plugin for Verdaccio
This plugin was forked based on
verdaccio-s3-storage
built in Typescript + other features added along the time. Both plugins might have vary in behaviour since then, we recommend use the AWS plugin on this repo due is under control of Verdaccio community and constantly upated.
docker-compose
on this repo based on verdaccio-minio developed by barolab.verdaccio-s3-storage
instead)npm install -g verdaccio
npm install verdaccio-aws-s3-storage
This will pull AWS credentials from your environment.
In your verdaccio config, configure
store:
aws-s3-storage:
bucket: your-s3-bucket
keyPrefix: some-prefix # optional, has the effect of nesting all files in a subdirectory
region: us-west-2 # optional, will use aws s3's default behavior if not specified
endpoint: https://{service}.{region}.amazonaws.com # optional, will use aws s3's default behavior if not specified
s3ForcePathStyle: false # optional, will use path style URLs for S3 objects
accessKeyId: your-access-key-id # optional, aws accessKeyId for private S3 bucket
secretAccessKey: your-secret-access-key # optional, aws secretAccessKey for private S3 bucket
The configured values can either be the actual value or the name of an environment variable that contains the value for the following options:
bucket
keyPrefix
region
endpoint
accessKeyID
secretAccessKey
store:
aws-s3-storage:
bucket: S3_BUCKET # If an environment variable named S3_BUCKET is set, it will use that value. Otherwise assumes the bucket is named 'S3_BUCKET'
keyPrefix: S3_KEY_PREFIX # If an environment variable named S3_KEY_PREFIX is set, it will use that value. Otherwise assumes the bucket is named 'S3_KEY_PREFIX'
endpoint: S3_ENDPOINT # If an environment variable named S3_ENDPOINT is set, it will use that value. Otherwise assumes the bucket is named 'S3_ENDPOINT'
...
store properties can be defined for packages. The storage location corresponds to the folder in s3 bucket.
packages:
'@scope/*':
access: all
publish: $all
storage: 'scoped'
'**':
access: $all
publish: $all
proxy: npmjs
storage: 'public'
In case of local testing, this project can be used self-efficiently. Four main ingredients are as follows:
config.yaml
, see verdaccio documentationregistry.envs
as follows. This file does not exist on the repo and should be generated manually after cloning the project.AWS_ACCESS_KEY_ID=foobar
AWS_SECRET_ACCESS_KEY=1234567e
AWS_DEFAULT_REGION=eu-central-1
AWS_S3_ENDPOINT=https://localhost:9000/
AWS_S3_PATH_STYLE=true
You need the latest docker installed in your computer
docker-compose up
By default there is no bucket created, you might need to browse
http://127.0.0.1:9000/minio/
and create the example bucket manually namedrise
and then restartdocker-compose up
.
The default values should work out of the box. If you change anything, make sure the corresponding variables are set in other parts of the ingredient as well.
FAQs
AWS S3 storage implementation for Verdaccio
The npm package verdaccio-aws-s3-storage receives a total of 300 weekly downloads. As such, verdaccio-aws-s3-storage popularity was classified as not popular.
We found that verdaccio-aws-s3-storage demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.
Security News
License exceptions modify the terms of open source licenses, impacting how software can be used, modified, and distributed. Developers should be aware of the legal implications of these exceptions.
Security News
A developer is accusing Tencent of violating the GPL by modifying a Python utility and changing its license to BSD, highlighting the importance of copyleft compliance.