| ▲ | emmanueloga_ 5 days ago | |
I wonder if anyone use https://verdaccio.org/ to vendor packages? In theory for each package one could: * npm install pkg * npm pack pkg * npm publish --registry=https://verdaccio.company.com * set .npmrc to "registry=https://verdaccio.company.com/ when working with the actual app. ...this way, one could vet packages one by one. The main caveat I see is that it’s very inconvenient to have to vet and publish each package manually. It would be great if Verdaccio had a UI to make this easier, for example, showing packages that were attempted to install but not yet vetted, and then allowing approval with a single click. | ||
| ▲ | emmanueloga_ 5 days ago | parent [-] | |
I just found that someone posted a showHN for an utility to solve this issue [1]. I think this reinforces the idea that is something that could be built into verdaccio. -- | ||