Verdaccio 3 released 🎉!!

It has been a long, exciting journey since Verdaccio’s community development began, starting initially as a fork of Sinopia. Since the fork, the project has evolved in many ways, making the project’s code base modern, easier to debug, and more straightforward to contribute to by the community!

npm i -g verdaccio

Verdaccio has evolved in many ways. It was a required path to follow, modernize the project using a new stack, code structure, bug fixing, new features and easy maintenance to promote community collaboration.

This article describes the new features in the 3.0 release, which is 100% backward compatible even from latest Sinopia release(1.4.0).

If you are unsure what Verdaccio is, you should read the following articles first.

What’s new?

We have changed almost everything internally, but with zero impact on breaking changes.

TL;DR

• A new scalable web user interface based on React
• Better support for Docker and Kubernetes
• Compatibility with the all NPM clients and features(npm, yarn and pnpm), (yes, I’m talking about npm audit 🤓).
• New plugins APIs for package storage and middleware.
• MIT licensed.
• Dropped Node 4 support.
• Massive growth.

Thanks to our Community for being so awesome 🚀🚀🚀!!

Plugins

Plugins are the cornerstone of this project. They allow anyone to extend Verdaccio’s functionality without modifying the core. The original project supported only authentication plugins. Because of community requests and the need to scale the application, we introduced two new plugin APIs.

Middleware API

Middleware enables adding new endpoints to provide for extra functionality such as additional authentication or the ability to bypass features.

Storage API

Verdaccio uses the file system for package storage by default. This fits the majority of use cases, but not all. File based storage is still the default, but the new Storage API provides other possibilities.

Many of these provide the scalability required by larger companies to adopt this project.

We are keeping file based storage as default but also giving you the possibility to use something else.

The community has already implemented storage plugins for Amazon S3, Google Cloud Storage and in-memory, non persistent storage. You can review all available plugins at our website.

Featured Plugins

Plugins are important part in our ecosystem, we would like to highlight the most popular ones.

verdaccio-ldap

LDAP server authentication.

verdaccio-s3-storage

Allows storing packages on Amazon Web Service’s S3

verdaccio-audit (middleware)

Allows bypassing Verdaccio to support using npm’s new npm audit feature.

Documentation

We rolled out a new website with comprehensive documentation using Facebook’s Docosaurus.

MIT Licensed

Until now, Verdaccio has been licensed under the WTFPL license. We asked out community if a new open source license would help improve adoption and contribution, especially at the enterprise level.

After a discussion and vote we decided to use the MIT license. Since updating the license, we’ve noticed more contributions and increased downloads on all platforms, especially Docker.

DevOps

Today, the most popular way to use Verdaccio is Docker. Verdaccio’s docker image has more than 1.6 million pulls, an amazing number.

Get up and running with the following command:

docker pull verdaccio/verdaccio

We also provide tagged releases that follow semantic versioning. Continuous integration publishes the master branch under the beta tag so you can always use the latest code.

docker pull verdaccio/verdaccio:2
docker pull verdaccio/verdaccio:2.1.7
docker pull verdaccio/verdaccio:beta

Kubernetes

Verdaccio is brand new to the Helm community which is a important for Kubernetes users. The Helm chart is based on the Docker image, so, there is a strict relationship between the two.

To install the helm chart run the following command:

helm install --name npm stable/verdaccio

For working examples check out our Docker examples repository.

User Interface

We’ve upgraded our user interface from jQuery to React, adding a ton of new features in the process.

The new package sidebar, displays the last 3 versions published, a maintainer list, and all dependencies.

There’s a lot of room for improvement in this area, don’t be shy to contribute new ideas or a PR!

Development

Almost the entire development stack has been modernized. Look for an upcoming article for more details.

Huge projects are using Verdaccio

Many important projects are relying on Verdaccio for end to end testing. This was an unexpected usage but is quite popular.

create-react-app

With almost 50,000 stars on GitHub, this is one of the most popular ways to get started writing React. In order to test publishing packages as an end user, create-react-app spins up a Verdaccio registry, which avoids a lot of painful trickery.

pnpm

pnpm is one of the fastest and most popular node package managers in the market. They use Verdaccio as the base of their mock registry.

Hyperledger Composer

Hyperledger Composer is an open source application development framework for the creation of blockchain applications. Originally, they used Verdaccio’s npm package for local API testing, and have since moved to the Docker image. This is a nice example of Verdaccio fitting into a huge infrastructure for continuous integration testing.

Strapi

Strapi wrote a detailed article about how they use Verdaccio, which is worth a read.

Mozilla Neutrino

Mozilla is the latest project to integrate Verdaccio into their integration tests using a similar approach as previously described.

Babel (PoC smoke test)

Babel 7 has plans to do something similar and I’m sure verdaccio is the right option for them 👌.

Here you can read a detailed description how they are using verdaccio for end to end testing.

We are looking for more examples to highlight. Are you currently using verdaccio? Let us know.

Thanks all of you 👏👨🏽‍💻

To everyone involved as a contributor; including the core team, plugin developers, translators, documentation writers, and those providing support through GitHub, Gitter, or StackOverflow: Verdaccio is your masterpiece

A year ago we couldn’t have imaged the following picture. To be quoted by

and in separate at WeAreDevelopers was awesome, it is the pure reflection of the hard work all of you (especially maintainers ) have done over the last several months.

To be in the same list as big project as Nexus, Artifactory and Team Foundation Server is a huge honor, especially, considering this project has 0$ budget (actually 1$ thanks to our first baker) aside the free and open collaboration of all the contributors.

We also cannot forget that we were the trending topic for a week at GitHub early this year.

How to Contribute

You can contribute in many different ways. The best way is to send a pull request, but you can also write articles about Verdaccio, mention it in meetups, help with translations, or simply keep recommending the project as your personal hero.

We also encourage you to give support by being part of the stargazers family.

Community

By far, the best achievement of this project has been building a nice community. Thank you for each contribution, including those who contributed to Sinopia.

Without the more than 110 developers contributing to Verdaccio and its plugins this project is just one more on GitHub.

Core Team

Thanks for the hard work. We’re looking forward to seeing more faces in this picture.

The Future

Many ideas are waiting to be developed on GitHub. Do any of them call your attention 😉 ?, PR are very welcome 🙃.

Wrapping Up

The purpose of Verdaccio has always been a free and open source node registry alternative for the community.

As node and javascript grow exponentially and new use cases emerge, we hope Verdaccio continues to fit as an affordable solution.

As we keep working on improvements, look forward to an even more awesome Verdaccio version 4.

https://www.verdaccio.org/