Security News
Crates.io Users Targeted by Phishing Emails
The Rust Security Response WG is warning of phishing emails from rustfoundation.dev targeting crates.io users.
By Sarah Gooding - Sep 12, 2025
verdaccio-ldap-jh
Advanced tools
verdaccio-ldap 
verdaccio-ldap is a fork of sinopia-ldap. It aims to keep backwards compatibility with sinopia, while keeping up with npm changes.
Installation
$ npm install verdaccio
$ npm install verdaccio-ldap-jh
A detailed example of the verdaccio-ldap plugin + OpenLDAP server packed in Docker is available here.
Config
Add to your config.yaml:
auth:
ldap:
type: ldap
client_options:
url: "ldaps://ldap.example.com"
# Only required if you need auth to bind
adminDn: "cn=admin,dc=example,dc=com"
adminPassword: "admin"
# Search base for users
searchBase: "ou=People,dc=example,dc=com"
searchFilter: "(uid={{username}})"
# If you are using groups, this is also needed
groupDnProperty: 'cn',
groupSearchBase: 'ou=groups,dc=myorg,dc=com',
# If you have memberOf support on your ldap
searchAttributes: ['*', 'memberOf']
# Else, if you don't (use one or the other):
# groupSearchFilter: '(memberUid={{dn}})'
#
# Optional, default false.
# If true, then up to 100 credentials at a time will be cached for 5 minutes.
cache: false
# Optional
reconnect: true
For plugin writers
It's called as:
require('verdaccio-ldap')(config, stuff)
Where:
- config - module's own config
- stuff - collection of different internal verdaccio objects
- stuff.config - main config
- stuff.logger - logger
This should export two functions:
-
adduser(user, password, cb)It should respond with:
cb(err)in case of an error (error will be returned to user)cb(null, false)in case registration is disabled (next auth plugin will be executed)cb(null, true)in case user registered successfully
It's useful to set
err.statusproperty to set http status code (e.g.err.status = 403). -
authenticate(user, password, cb)It should respond with:
cb(err)in case of a fatal error (error will be returned to user, keep those rare)cb(null, false)in case user not authenticated (next auth plugin will be executed)cb(null, [groups])in case user is authenticated
Groups is an array of all users/usergroups this user has access to. You should probably include username itself here.
FAQs
LDAP auth plugin for verdaccio
We found that verdaccio-ldap-jh demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 03 Apr 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Introducing Custom Pull Request Alert Comment Headers
Socket now lets you customize pull request alert headers, helping security teams share clear guidance right in PRs to speed reviews and reduce back-and-forth.
By André Staltz - Sep 12, 2025
Product
Rust Support Now in Beta
Socket's Rust support is moving to Beta: all users can scan Cargo projects and generate SBOMs, including Cargo.toml-only crates, with Rust-aware supply chain checks.
By Mikola Lysenko, Trevor Norris - Sep 11, 2025