Verdaccio: Restrict `npm adduser` usage

Created on 21 Apr 2017  路  4Comments  路  Source: verdaccio/verdaccio

My reason:

I want to control what users can access the verdaccio npm registry I am going to host.

Is there a best-practice on how to prevent people from doing npm adduser themselves. I want to restrict the npm adduser command to only be accessible to administrators.

duplicate outdated question
Source
picture radubrehar

Most helpful comment

I don't think this is a nice solution really.
I want users, but I want to create them via another app that manages user accounts and not allow people to create the npm registry accounts directly since I myself will provide them with the credentials.

The proposed solution can be used as a workaround, but it's definitely not very nice.
I'll have a look if we can intercept npm adduser command and only allow the command to have effect if the username and password matches certain values. Would this be easy to implement? Any suggestions are welcomed

picture radubrehar on 21 Apr 2017
👍2

All 4 comments

You can set max_user: -1 to disable registration.
https://github.com/verdaccio/verdaccio/blob/master/conf/full.yaml#L31

Currently we don't have permission control or user group, so all user is administrator.

AvailCat picture AvailCat on 21 Apr 2017

Duplicate #76

juanpicado picture juanpicado on 21 Apr 2017

I don't think this is a nice solution really.
I want users, but I want to create them via another app that manages user accounts and not allow people to create the npm registry accounts directly since I myself will provide them with the credentials.

The proposed solution can be used as a workaround, but it's definitely not very nice.
I'll have a look if we can intercept npm adduser command and only allow the command to have effect if the username and password matches certain values. Would this be easy to implement? Any suggestions are welcomed

radubrehar picture radubrehar on 21 Apr 2017
👍2

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

lock[bot] picture lock[bot] on 31 May 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

rmi7 picture rmi7  路  4Comments
buschtoens picture buschtoens  路  4Comments
bhabgs picture bhabgs  路  4Comments
bicienzu picture bicienzu  路  4Comments
dlarr picture dlarr  路  3Comments