Comments (7)
Any feedback on this issue, please?
from verdaccio-gitlab.
You could do someting like this
packages:
'@telokis-group/*':
# scoped packages
access: $all
publish: $authenticated
proxy: npmjs
gitlab: true
from verdaccio-gitlab.
@bufferoverflow Thank you for your answer!
By doing it like so, nobody would be able to publish anything to the registry (scoped or not scoped) except for people with access to the telokis-group
group?
from verdaccio-gitlab.
@Telokis exactly
from verdaccio-gitlab.
Thank you very much, I will try this ASAP!
from verdaccio-gitlab.
Problem not solved. I didn't imagine to use it in production by security reason.
Situation: Hacker create babel
group on gitlab with project plugin-proposal-decorators
. Then add @babel/plugin-proposal-decorators to my register? And then my projects pull virus... This is a hole in security. Need mechanism to close access to people not in whitelist (gitlab group) to push any projects in register.
Maybe there is access rule to push like as $nobody
. But I find nothing about this...
from verdaccio-gitlab.
Problem not solved. I didn't imagine to use it in production by security reason.
Situation: Hacker createbabel
group on gitlab with projectplugin-proposal-decorators
. Then add @babel/plugin-proposal-decorators to my register? And then my projects pull virus... This is a hole in security. Need mechanism to close access to people not in whitelist (gitlab group) to push any projects in register.Maybe there is access rule to push like as
$nobody
. But I find nothing about this...
You can restrict publishing with the following config:
packages:
'@my-awesome-company/*':
access: $authenticated
publish:
gitlab: true
'**':
access: $all
publish:
proxy: yarnpkg
gitlab: true
from verdaccio-gitlab.
Related Issues (20)
- Security concerns HOT 3
- Separate plugin project? HOT 1
- Can we explicitly whitelist GitLab users that can login? HOT 1
- Verdaccio gitlab authentication
- Need better documentation HOT 2
- Adding plugin to existing verdaccio HOT 3
- Overly strict access level mappings HOT 2
- I can publish but I can't access
- GitLab API results are not cached, causes high CPU usage on GitLab server
- Can't Access Private gitlab server
- Remove deprecated dependencies
- Cannot install leveldown
- error authenticating user HOT 1
- Unable to load package list: Cannot read property 'includes' of null HOT 21
- Migrate plugin to TypeScript and remove flow-type HOT 3
- Uncaught SyntaxError: missing ) after argument list HOT 6
- UncaughtPromiseRejectionWarning: Error: `token` (private-token) or `oauth_token` is mandatory on startup HOT 1
- Can not see my packages in web UI HOT 9
- Access to custom scope based on specific gitlab group HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from verdaccio-gitlab.