Verdaccio
"Allow access" vs "Allow download/install" #4783
-
Scenario
ConfigFor (1) it would need to be packages:
'**':
access: $allbut for (2) it needs to be packages:
'**':
access: $authenticatedQuestionCan we implement this scenario using an auth plugin or do we need to enhance verdaccio to support such a scenario (for example by adding Ref: Config, Auth Plugin |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Mmmm thinking how to make it in a way is not confusing, but I think make sense in some cases. Access give you rights to access either to tarball and metadata from the web ui you might want have different behavior but from cli would void any usage of package manager and I don't know if they are ready to handle such scenario. If you may have noticed the security property split api and web for that reason but there is no such difference in package acccess. I am just describing the current status quo. |
Beta Was this translation helpful? Give feedback.
Mmmm thinking how to make it in a way is not confusing, but I think make sense in some cases. Access give you rights to access either to tarball and metadata from the web ui you might want have different behavior but from cli would void any usage of package manager and I don't know if they are ready to handle such scenario.
If you may have noticed the security property split api and web for that reason but there is no such difference in package acccess. I am just describing the current status quo.