fl4re / sinopia Goto Github PK

This project forked from rlidwka/sinopia

Private npm repository server

JavaScript 56.73% CSS 41.56% HTML 1.37% Perl 0.35%

sinopia's Introduction

sinopia2 - a private/caching npm repository server

It allows you to have a local npm registry with zero configuration. You don't have to install and replicate an entire CouchDB database. Sinopia keeps its own small database and, if a package doesn't exist there, it asks npmjs.org for it keeping only those packages you use.

About this fork

First, thanks @rlidwka for this great software.

It is not intended to become the 'official' fork. In fact there are other forks (for example @mathieumg or @ngash) quite active too.

Out fork is internally used at my company, therefore we are going to maintain it in the future.

In this fork I have already merged some relevant PRs:

Split travis file in install & script
Update README to use fl4re travis badge
Travis fix
Change _npmUser.name to author.name for entries #352
Update deps, make compile on Node v4 & 5 #367
ADDED intermediate ssl certificate option #379
Package search requires 'access' authorization #370

And we have a branch (OAuth_login) that replaces completely the registration/login workflow by Github/Google Oauth instead of plain and open user password. Beside this branch, I plan to maintain the master branch as close as possible to the original sinopia.

If anyone in the community considers our fork a good fork, I will be glad to accept PR.

PRs will be accepted if:

fixes some bug
fixes random travis failures
fixes jslint/jshint styling
removes dead code
replaces some old library by a newer one
refactors
add a feature and there is consensus about it (a few +1)

PRs will not be accepted if:

modifies the original features
adds features only needed by some individual
brakes the travis build

Use cases

Use private packages.

If you want to use all benefits of npm package system in your company without sending all code to the public, and use your private packages just as easy as public ones.

See using private packages section for details.
Cache npmjs.org registry.

If you have more than one server you want to install packages on, you might want to use this to decrease latency (presumably "slow" npmjs.org will be connected to only once per package/version) and provide limited failover (if npmjs.org is down, we might still find something useful in the cache).

See using public packages section for details.
Override public packages.

If you want to use a modified version of some 3rd-party package (for example, you found a bug, but maintainer didn't accept pull request yet), you can publish your version locally under the same name.

See override public packages section for details.

Installation

# installation and starting (application will create default
# config in config.yaml you can edit later)
$ npm install -g sinopia2
$ sinopia

# npm configuration
$ npm set registry http://localhost:4873/

# if you use HTTPS, add an appropriate CA information
# ("null" means get CA list from OS)
$ npm set ca null

Now you can navigate to http://localhost:4873/ where your local packages will be listed and can be searched.

Docker

A Sinopia docker image is available

Chef

A Sinopia Chef cookbook is available at Opscode community source: https://github.com/BarthV/sinopia-cookbook

Puppet

A Sinopia puppet module is available at puppet forge source: https://github.com/saheba/puppet-sinopia

Configuration

When you start a server, it auto-creates a config file.

Adding a new user

npm adduser --registry http://localhost:4873/

This will prompt you for user credentials which will be saved on the Sinopia server.

Using private packages

You can add users and manage which users can access which packages.

It is recommended that you define a prefix for your private packages, for example "local", so all your private things will look like this: local-foo. This way you can clearly separate public packages from private ones.

Using public packages from npmjs.org

If some package doesn't exist in the storage, server will try to fetch it from npmjs.org. If npmjs.org is down, it serves packages from cache pretending that no other packages exist. Sinopia will download only what's needed (= requested by clients), and this information will be cached, so if client will ask the same thing second time, it can be served without asking npmjs.org for it.

Example: if you successfully request [email protected] from this server once, you'll able to do that again (with all its dependencies) anytime even if npmjs.org is down. But say [email protected] will not be downloaded until it's actually needed by somebody. And if npmjs.org is offline, this server would say that only [email protected] (= only what's in the cache) is published, but nothing else.

Override public packages

If you want to use a modified version of some public package foo, you can just publish it to your local server, so when your type npm install foo, it'll consider installing your version.

There's two options here:

You want to create a separate fork and stop synchronizing with public version.

If you want to do that, you should modify your configuration file so Sinopia won't make requests regarding this package to npmjs anymore. Add a separate entry for this package to config.yaml and remove npmjs from proxy_access list and restart the server.

When you publish your package locally, you should probably start with version string higher than existing one, so it won't conflict with existing package in the cache.
You want to temporarily use your version, but return to public one as soon as it's updated.

In order to avoid version conflicts, you should use a custom pre-release suffix of the next patch version. For example, if a public package has version 0.1.2, you can upload 0.1.3-my-temp-fix. This way your package will be used until its original maintainer updates his public package to 0.1.3.

Compatibility

Sinopia aims to support all features of a standard npm client that make sense to support in private repository. Unfortunately, it isn't always possible.

Basic features:

Installing packages (npm install, npm upgrade, etc.) - supported
Publishing packages (npm publish) - supported

Advanced package control:

Unpublishing packages (npm unpublish) - supported
Tagging (npm tag) - not yet supported, should be soon
Deprecation (npm deprecate) - not supported

User management:

Registering new users (npm adduser {newuser}) - supported
Transferring ownership (npm owner add {user} {pkg}) - not supported, sinopia uses its own acl management system

Misc stuff:

Searching (npm search) - supported in the browser client but not command line
Starring (npm star, npm unstar) - not supported, doesn't make sense in private registry

Storage

No CouchDB here. This application is supposed to work with zero configuration, so filesystem is used as a storage.

If you want to use a database instead, ask for it, we'll come up with some kind of a plugin system.

Similar existing things

npm + git (I mean, using git+ssh:// dependencies) - most people seem to use this, but it's a terrible idea... npm update doesn't work, can't use git subdirectories this way, etc.
reggie - this looks very interesting indeed... I might borrow some code there.
shadow-npm, public service - it uses the same code as npmjs.org + service is dead
gemfury and others - those are closed-source cloud services, and I'm not in a mood to trust my private code to somebody (security through obscurity yeah!)
npm-registry-proxy, npm-delegate, npm-proxy - those are just proxies...
Is there something else?

sinopia's People

Stargazers

Watchers

sinopia's Issues

Setup sionpia2 to not proxy to npmjs

Hi,

I need to setup sinopia2 to not proxy to npmjs for my package. I removed the proxy: npmjs entry, but it still returns versions from npmjs instead of my local sinopia2.

packages:
  'my-package':
    access: $all
    publish: $authenticated

Any ideas? CC: @davidgaya

Thanks,
Vasil

Error with babel-core

Hi everyone,

I got the following error when I try to install babel-core :

D:\tfs\WebSites\>npm install -g babel-core
npm ERR! Windows_NT 6.3.9600
npm ERR! argv "C:\\Program Files\\nodejs\\node.exe" "C:\\Program Files\\nodejs\\node_modules\\npm\\bin\\npm-cli.js" "install" "-g" "babel-core"
npm ERR! node v5.9.0
npm ERR! npm  v3.8.2
npm ERR! code Z_DATA_ERROR
npm ERR! errno -3

npm ERR! unknown compression method
npm ERR!
npm ERR! If you need help, you may report this error at:
npm ERR!     <https://github.com/npm/npm/issues>

npm ERR! Please include the following file with any support request:
npm ERR!     D:\tfs\WebSites\npm-debug.log

If registery is npmjs.org that work, but when I use sinopia proxy, this fail.

Have an idea ?

caching issue

we implemented caching in sinopia and have set it up for 1 day however sometimes we still get this since NPM packages are being updated all the time.

Any solution or work around to remote clear this error?

MacBook-Pro-2:trunk jschimmoeller$ npm install [email protected]
(node:44259) fs: re-evaluating native module sources is not supported. If you are using the graceful-fs module, please update it to a more recent version.
npm ERR! Darwin 15.5.0
npm ERR! argv "/usr/local/Cellar/node/5.7.0/bin/node" "/usr/local/bin/npm" "install" "[email protected]"
npm ERR! node v6.2.2
npm ERR! npm v3.9.5

npm ERR! No compatible version found: babel-types@^6.14.0
npm ERR! Valid install targets:
npm ERR! 6.13.0, 6.11.1, 6.10.2, 6.10.0, 6.9.1, 6.9.0, 6.8.1, 6.8.0, 6.7.7, 6.7.2, 6.7.0, 6.6.5, 6.6.4, 6.6.0, 6.5.2, 6.5.1, 6.5.0, 6.5.0-1, 6.4.5, 6.4.3, 6.4.1, 6.4.0, 6.3.24, 6.3.21, 6.3.20, 6.3.18, 6.3.17, 6.3.14, 6.3.13, 6.3.0, 6.2.4, 6.2.3, 6.2.0, 6.1.18, 6.1.17, 6.1.4, 6.1.2, 6.0.19, 6.0.18, 6.0.17, 6.0.15, 6.0.14, 6.0.13, 6.0.12, 6.0.2

Sinopia fails to start if github config is not specified

If you don't specify a github dict in the yaml then the application doesn't start since github_wrapper does config.application_name but config is undefined. If you don't have a github or google dict then maybe those plugins should just be disabled?

Not an issue: Docker Image for fl4re/sinopia

If you're interested:

Maybe you want to share it in your readme. 😉

Thanks for maintaining this!! ❤️

Suggestion to state the compatibility with rlidwka/sinopia

Thanks for sharing this fork!

I've come here from this:
rlidwka#456 (comment)

As one of (possibly many) people who will likely start using your fork instead of the original, (because it doesn't run on the new >=Node.js version 8), the only real question on my mind when I read your readme (which was not answered) is: Will sinopia2 work as a drop-in replacement for sinopia? Do we need to do anything differently?

Your readme states the compatibility with npm, and since sinopia2 is a fork of sinopia, with established users who are likely to migrate to sinopia2, it would be great to know the compatibility there also.

Just my 2c
Thanks!

BTW: For each new version of node or each new version of sinopia that I install I just run it like this, and it works every time with zero reconfig or republishing etc.

sinopia --config /my_stuff/sinopia-config.yaml
/my_stuff/sinopia-config.yaml

# path to a directory with all packages
storage: /my_stuff/my_private_npm_packages
...

Does Not recognize angular-cli package

http <-- 404, user: undefined, req: 'GET /@angular%2fcompiler', error: no such package available
http <-- 404, user: undefined, req: 'GET /@angular%2fcore', error: no such package available
http <-- 404, user: undefined, req: 'GET /@angular%2fcommon', error: no such package available
http <-- 404, user: undefined, req: 'GET /@angular%2fforms', error: no such package available
http <-- 404, user: undefined, req: 'GET /@angular%2fhttp', error: no such package available
http <-- 404, user: undefined, req: 'GET /@angular%2fplatform-browser', error: no such package available
http <-- 404, user: undefined, req: 'GET /@angular%2fplatform-browser-dynamic', error: no such package available

Error with uuid-compression

Our project uses uuid-compression package and when Sinopia is set to the registry, one of the uuid-compression dependencies fails to install. This issue won't happen when using the https://registry.npmjs.org/ as a registry.

Here's the error message:
npm install uuid-compression
http --> 200, req: 'GET https://registry.npmjs.org/uuid-compression', bytes: 0/2148
http <-- 200, user: undefined, req: 'GET /uuid-compression', bytes: 0/744
http <-- 404, user: undefined, req: 'GET /@pgaubatz%2fuuid', error: no such package available

For me it looks like an escaping/encoding issue.

npm publish issue

Unable to publish repository.
Config:

Issue: Sinopia server is crashing

Can't install scoped packages

Here's what I run:

npm i @kadira/storybook

Here's what gets logged:

http  <-- 404, user: undefined, req: 'GET /@kadira%2fstorybook', error: no such package available

It looks like it's sanitizing the / ?

publish to npm / name change

yo!

I'd be interested in using your version of sinopia - but for that to be simple it'd be great if it would be published to npm! Is that done already? From what I can tell, looking in package.yml this is still named sinopia, which makes me think that this is not published to npm.

Let's make sinopia great again!

Please add version badge support

As a user of fl4re/sinopia, we would like to have the latest version of published npm package on our owned dashboard or gitlab page.

New modules are not searchable

Hi folks, it seems the new module are not searchable until I restart the sinopia server.

Am I missing something?

Click package name multiple times will introduce duplicate README files

Hi folks, several README document would be appended to list if I click package name continuously.

Suppose I have the module AAA-MODULE, and I would like to check the document, then I click the module name for several times, then the structure of document would become,

    <div class='entry'>
        <div class='readme'></div>
        <div class='readme'></div>
        <div class='readme'></div>
        <div class='readme'></div>
        <div class='readme'></div>
        <div class='readme'></div>
    </div>

Seems it didn't handle async data very well. I will send a PR later, any comments are welcome.

How to handle dependencies pulled from github in offline environment

It looks like the current version of sinopia does not support dependencies that are pulled from github when running in an offine environment.

For example gridster.js's package.json requests jquery from git

"dependencies": {
  "jquery": "git+https://github.com/jquery/jquery.git#2.0.3"
}

When running sinopia in an offline environment, this causes npm install to fail because github is unaccessible with errors like

npm ERR! Command failed: git clone --template=/Users/nreese/.npm/_git-remotes/_templates --mirror https://github.com/jquery/jquery.git /Users/nreese/.npm/_git-remotes/https-github-com-jquery-jquery-git-3b8815cc
npm ERR! Cloning into bare repository '/Users/nreese/.npm/_git-remotes/https-github-com-jquery-jquery-git-3b8815cc'...
npm ERR! fatal: unable to access 'https://github.com/jquery/jquery.git/': Could not resolve host: github.com

A manual work around is to update the package.json file in Sinopia's cache to something like

"dependencies": {
  "jquery": "2.1.4"
}

This manual process is a time consuming, error prone, and a pain. Can anything be done to allow sinopia to scan package.json files and either highlight which modules request dependencies with git or update dependencies pulled from git to avoid offline problems?

Show README for scoped packages

Web interface doesn't display README for scoped packages (e.g. @myscope/mypackage).

req: 'GET /-/readme/@myscope/mypackage/0.0.2', error: file not found

How about add specific route path to package?

First of all, thank you so much for maintaining this fork. 👍 This manager means a lot.

Just like the official npm website, for each package, we can serve a specific route path.

For example, for sinopia2, https://www.npmjs.com/package/sinopia2

However in sinopia, we have to,

Open the sinopia index page
Search the new module by name
Read the README document

Because there seems no such thing call package path, and with specific route path being implemented, we can just simply open that link, and read the document.

I come up with this idea because during the development processes, it will be a bit easier if we can just send the link to our co-workers, instead of tell him/her the name and then let him/her search in the private npm pages.

Would you consider this as a enhancement ?