Well of course you would be using https ... But npm is based on couchdb , so you could be looking there for http authentication methods.. But npm might need to be patched ... That said https works fine for us.
Limiting by ip range might be possible too using a firewall in front of the registry,... -----Original Message----- From: "Alex Kocharin" <[email protected]> Sent: 30.03.2014 23:16 To: "[email protected]" <[email protected]> Subject: Re: [nodejs] Re: private NPM repository: block it from unauthorizedaccess? No better solution yet? Sending passwords each time isn't very good idea, so I wonder if anybody had any success in adding some kind of a temporary token. 31.03.2014, 00:37, "Matthias Götzke" <[email protected]>: You should use always-auth true with npm and configure couch to require auth for all access (see config of couchdb) On Saturday, March 29, 2014 11:29:50 PM UTC+1, Matthias Bleyl wrote: We set up a private NPM repository with some success: * the repository seems to work fine * it is possible to publish packages into the repository * it is possible to install packages from the repository However, it seems for the moment that EVERYBODY (knowing our repository) would be able to publish packages there, and that EVERYBODY would be able to install packages from our repository? Our idea is of course to restrict the access to authorized users only - but how to do it? I found some discussions on the net but no clear answers. What can we do to block our private repository from unauthorized access by other users? -- -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout. -- -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en --- You received this message because you are subscribed to a topic in the Google Groups "nodejs" group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/nodejs/sOhOdi83v9k/unsubscribe. To unsubscribe from this group and all its topics, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout. -- -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
