一、背景
最近在进行 HarmonyOS Next 应用开发,官方的 DevEco Studio 4.1 需要时候 Node.js,但是公司开发环境不支持外网访问,需要搭建内网的镜像服务器。下面,我们研究在内网服务器只使用 Apache(HTTPD)/Nginx 提供文件下载服务,不安装 NodeJs 搭建代理服务的方法来建立 NPM 文件下载代理。
执行缓存任务的设备是 MacBook Pro 2023 / macOS Sonoma 14.3 。
二、简介
1. 什么是 Verdaccio
“一个基于 Node.js 的轻量级私有仓库”。
平时使用 npm publish 进行发布时,上传的仓库默认地址是 npm,通过 Verdaccio 工具在本地新建一个仓库地址,再把本地的默认上传仓库地址切换到本地仓库地址即可。当 npm install 时没有找到本地的仓库,则 Verdaccio 默认配置中会从 npm 中央仓库下载。
注:
Verdaccio 表示意大利中世纪晚期 fresco 绘画中流行的一种绿色的意思。
2. 优点
- 私密性高,仅团队共享。
- 安全性高,能够有效的防治恶意代码攻击。
- 使用局域网,传输速度快。
3. 官网
三、准备环境
# 我们通过 nvm 管理 node 进行多版本切换
$ brew install nvm
# 加载并且列出远程的 node 分支,否则执行 `nvm list` `nvm install` 等命令的
# 时候没办法列出或者安装对应的版本
$ nvm ls-remote
# 但是我们使用最新版本的 node 执行安装操作,这样才能干净的进行缓存
# 否则在我们后续安装 verdaccio 的时候,数据是已经缓存过的了
$ nvm install 20.11.0
# 没有特殊情况下,建议把刚刚安装的版本设置为默认版本
$ nvm alias default 20.11.0
# 安装 verdaccio
$ npm install --location=global verdaccio
# 全局安裝 npm 源管理工具(可以快速切换仓库源)
$ npm install --location=global nrm
# 添加一个私有 npm 源,'verdaccio' 为自定义的源地址名称
$ nrm add verdaccio http://localhost:4873/
# 如果需要还原到默认设置,只需要删除当前用户下的 .nrmrc 文件即可
$ rm -rf .nrmrc
配置 verdaccio 从华为镜像服务器地址下载,默认配置服务器地址国内访问可能存在问题。另外注意禁用 npm-audit ,安全审计会非常非常慢,而且经常失败。
修改后的完整配置如下:
#
# This is the default configuration file. It allows all users to do anything,
# please read carefully the documentation and best practices to
# improve security.
#
# Look here for more config file examples:
# https://github.com/verdaccio/verdaccio/tree/5.x/conf
#
# Read about the best practices
# https://verdaccio.org/docs/best
# path to a directory with all packages
storage: /Users/xxxx/.local/share/verdaccio/storage
# path to a directory with plugins to include
plugins: ./plugins
# https://verdaccio.org/docs/webui
web:
title: Verdaccio
# comment out to disable gravatar support
# gravatar: false
# by default packages are ordercer ascendant (asc|desc)
# sort_packages: asc
# convert your UI to the dark side
# darkMode: true
# html_cache: true
# by default all features are displayed
# login: true
# showInfo: true
# showSettings: true
# In combination with darkMode you can force specific theme
# showThemeSwitch: true
# showFooter: true
# showSearch: true
# showRaw: true
# showDownloadTarball: true
# HTML tags injected after manifest <scripts/>
# scriptsBodyAfter:
# - '<script type="text/javascript" src="https://my.company.com/customJS.min.js"></script>'
# HTML tags injected before ends </head>
# metaScripts:
# - '<script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>'
# - '<script type="text/javascript" src="https://browser.sentry-cdn.com/5.15.5/bundle.min.js"></script>'
# - '<meta name="robots" content="noindex" />'
# HTML tags injected first child at <body/>
# bodyBefore:
# - '<div id="myId">html before webpack scripts</div>'
# Public path for template manifest scripts (only manifest)
# publicPath: http://somedomain.org/
# https://verdaccio.org/docs/configuration#authentication
auth:
htpasswd:
file: ./htpasswd
# Maximum amount of users allowed to register, defaults to "+inf".
# You can set this to -1 to disable registration.
# max_users: 1000
# Hash algorithm, possible options are: "bcrypt", "md5", "sha1", "crypt".
# algorithm: bcrypt # by default is crypt, but is recommended use bcrypt for new installations
# Rounds number for "bcrypt", will be ignored for other algorithms.
# rounds: 10
# https://verdaccio.org/docs/configuration#uplinks
# a list of other known repositories we can talk to
uplinks:
# npmjs:
# url: https://registry.npmjs.org/
# 注意依赖顺序,一定要把 ohpm 放在最前面,先去 ohpm 更新,有些依赖,两个镜像上都存在,后面会出现冲突的情况
ohpm:
url: https://ohpm.openharmony.cn/ohpm/
ohpm2:
url: https://repo.harmonyos.com/ohpm/
oh_npm:
url: https://repo.harmonyos.com/npm/
npm_mirror:
url: https://mirrors.huaweicloud.com/repository/npm/
# Learn how to protect your packages
# https://verdaccio.org/docs/protect-your-dependencies/
# https://verdaccio.org/docs/configuration#packages
packages:
'@*/*':
# scoped packages
access: $all
publish: $authenticated
unpublish: $authenticated
proxy: ohpm oh_npm npm_mirror
'**':
# allow all users (including non-authenticated users) to read and
# publish all packages
#
# you can specify usernames/groupnames (depending on your auth plugin)
# and three keywords: "$all", "$anonymous", "$authenticated"
access: $all
# allow all known users to publish/publish packages
# (anyone can register by default, remember?)
publish: $authenticated
unpublish: $authenticated
# if package is not available locally, proxy requests to 'npmjs' registry
proxy: ohpm oh_npm npm_mirror
# To improve your security configuration and avoid dependency confusion
# consider removing the proxy property for private packages
# https://verdaccio.org/docs/best#remove-proxy-to-increase-security-at-private-packages
# https://verdaccio.org/docs/configuration#server
# You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections.
# A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout.
# WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.
server:
keepAliveTimeout: 60
# Allow `req.ip` to resolve properly when Verdaccio is behind a proxy or load-balancer
# See: https://expressjs.com/en/guide/behind-proxies.html
# trustProxy: '127.0.0.1'
# https://verdaccio.org/docs/configuration#offline-publish
# publish:
# allow_offline: false
# https://verdaccio.org/docs/configuration#url-prefix
# url_prefix: /verdaccio/
# VERDACCIO_PUBLIC_URL='https://somedomain.org';
# url_prefix: '/my_prefix'
# // url -> https://somedomain.org/my_prefix/
# VERDACCIO_PUBLIC_URL='https://somedomain.org';
# url_prefix: '/'
# // url -> https://somedomain.org/
# VERDACCIO_PUBLIC_URL='https://somedomain.org/first_prefix';
# url_prefix: '/second_prefix'
# // url -> https://somedomain.org/second_prefix/'
# https://verdaccio.org/docs/configuration#security
# security:
# api:
# legacy: true
# jwt:
# sign:
# expiresIn: 29d
# verify:
# someProp: [value]
# web:
# sign:
# expiresIn: 1h # 1 hour by default
# verify:
# someProp: [value]
# https://verdaccio.org/docs/configuration#user-rate-limit
# userRateLimit:
# windowMs: 50000
# max: 1000
# https://verdaccio.org/docs/configuration#max-body-size
# max_body_size: 10mb
# https://verdaccio.org/docs/configuration#listen-port
# listen:
# - localhost:4873 # default value
# - http://localhost:4873 # same thing
# - 0.0.0.0:4873 # listen on all addresses (INADDR_ANY)
# - https://example.org:4873 # if you want to use https
# - "[::1]:4873" # ipv6
# - unix:/tmp/verdaccio.sock # unix socket
# The HTTPS configuration is useful if you do not consider use a HTTP Proxy
# https://verdaccio.org/docs/configuration#https
# https:
# key: ./path/verdaccio-key.pem
# cert: ./path/verdaccio-cert.pem
# ca: ./path/verdaccio-csr.pem
# https://verdaccio.org/docs/configuration#proxy
# http_proxy: http://something.local/
# https_proxy: https://something.local/
# https://verdaccio.org/docs/configuration#notifications
# notify:
# method: POST
# headers: [{ "Content-Type": "application/json" }]
# endpoint: https://usagge.hipchat.com/v2/room/3729485/notification?auth_token=mySecretToken
# content: '{"color":"green","message":"New package published: * {{ name }}*","notify":true,"message_format":"text"}'
middlewares:
audit:
enabled: false
# https://verdaccio.org/docs/logger
# log settings
log: { type: stdout, format: pretty, level: http }
#experiments:
# # support for npm token command
# token: false
# # disable writing body size to logs, read more on ticket 1912
# bytesin_off: false
# # enable tarball URL redirect for hosting tarball with a different server, the tarball_url_redirect can be a template string
# tarball_url_redirect: 'https://mycdn.com/verdaccio/${packageName}/${filename}'
# # the tarball_url_redirect can be a function, takes packageName and filename and returns the url, when working with a js configuration file
# tarball_url_redirect(packageName, filename) {
# const signedUrl = // generate a signed url
# return signedUrl;
# }
# translate your registry, api i18n not available yet
# i18n:
# list of the available translations https://github.com/verdaccio/verdaccio/blob/master/packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md
# web: en-US
启动一个独立的Shell 运行 verdaccio
$ nvm use 20.11.0
$ verdaccio
info --- config file - /Users/xxxx/.config/verdaccio/config.yaml
info --- the "crypt" algorithm is deprecated consider switch to "bcrypt" in the configuration file. Read the documentation for additional details
info --- using htpasswd file: /Users/xxxx/.config/verdaccio/htpasswd
info --- plugin successfully loaded: verdaccio-htpasswd
info --- plugin successfully loaded: verdaccio-audit
warn --- http address - http://localhost:4873/ - verdaccio/5.29.0
清理缓存,并且要求通过 verdaccio 代理下载:
$ nvm use 20.11.0
# 'verdaccio' 为添加源时定义的源地址名称
$ nrm use verdaccio
# 列出缓存目录路径
$ npm config ls -l | grep cache
# 清理缓存
$ npm cache clean --force
当前(2024/02/01)申请并通过了华为开发计划的才可以下载到 HarmonyOS NEXT 开发需要的 HUAWEI DevEco Studio 4.x 版本(API 11),HUAWEI DevEco Studio 5.x (API 11、API 12) HarmonyOS Developer管理中心套件货架 目前只有这个版本的包含离线鸿蒙开发依赖 ohpm-repo,官方文档以及报错信息还是稀烂,基本找不到有用信息,需要自己研究。
注意: 目前测试发现 DevEco Studio 4.1.3.500 版本无法真机调试 C++ 代码。 DevEco Studio 4.1.3.501 版本可以正常调试。
截止 2024/04/01 最新Release版本是 DevEco Studio 4.1.3.700,最新测试版本 DevEco Studio 5.0.3.100(SP1),可惜编译不通过,报错如下:
ERR_PNPM_NO_MATCHING_VERSION No matching version found for @ohos/hvigor-ohos-plugin@4.2.0
DevEco Studio 4.1.3.501 使用的官方SDK下载地址:
下载完成后,解压缩到 SDK 目录下的 HarmonyOS-NEXT-DP1 目录即可,如下图:
继续阅读基于 Verdaccio 搭建鸿蒙(HarmonyOS Next)开发的轻量级 Node.js 私有仓库