verdaccio-github-auth

An authentication plugin for Verdaccio that uses a Github Organization as an authentication and authorization backend.

Installation

``sh npm install @outcome-co/verdaccio-github-auth`

`Usage`

The plugin is configured with a Github Organization, and uses Repository memberships and permissions to determine the package access permissions. The plugin makes a few assumptions:

- Each repo corresponds to one package - Thename field in the package.json corresponds to the name of the package in Verdaccio

`$3`

In GitHub, repository permissions can come from multiple sources: the organization-level, directly on the repository, or via team membership. This auth plugin queries GitHub to retrieve the set of permissions and determines the highest level of privilege. GitHub permissions are quite diverse (admin, maintain, triage, etc.), but they map onto a simpler set of Verdaccio permissions (read/write).

To summarize the mapping, if you can push code to the repo, you can push packages to Verdaccio.

`$3`

Add the following to your Verdaccio config:

`yaml auth: '@outcome-co/verdaccio-github-auth': organization: '' token: ''`

The token provided in the config file must have read access to all of the repositories.

| Option | Description | | --------------------- | ----------------------------------------------------------------------------------------------- | |repositoryPattern| A regexp used to filter the repositories seen by the plugin. Only matching repo names are kept. | |includeRepositories| A list of repository names to use as a filter. Only names in the list are kept. | |excludeRepositories | A list of repository names to to exclude. Only names not in the list are kept. |

`Development`

Remember to run ./pre-commit.sh when you clone the repository.

`$3`

The configuration file for the development server is stored in ./run/config/. There is a template config file which you can use to start the configuration server. The configuration file should be called config.yaml, and should be placed in the ./run/config` directory.

Integration Tests

Integration tests interact directly with the Github API.
To set them up, please see here

verdaccio-github-auth

!Continuous Integration !version-badge

An authentication plugin for Verdaccio that uses a Github Organization as an authentication and authorization backend.

Installation

``sh npm install @outcome-co/verdaccio-github-auth`

`Usage`

The plugin is configured with a Github Organization, and uses Repository memberships and permissions to determine the package access permissions. The plugin makes a few assumptions:

- Each repo corresponds to one package - Thename field in the package.json corresponds to the name of the package in Verdaccio

`$3`

To summarize the mapping, if you can push code to the repo, you can push packages to Verdaccio.

`$3`

Add the following to your Verdaccio config:

`yaml auth: '@outcome-co/verdaccio-github-auth': organization: '' token: ''`

The token provided in the config file must have read access to all of the repositories.

`Development`

Remember to run ./pre-commit.sh when you clone the repository.

`$3`

Integration Tests

Integration tests interact directly with the Github API.
To set them up, please see here