Verdaccio keeps growing, the latest release tagged as v4.6.0 was just shipped with a new set of features and bug fixes.

The new Dark Mode and possibility to translate the UI both developed by Priscila Oliveira (kudos to her).

The Docker base Node.js image was updated to v12.16.2 .

Dark Mode

To enable dark mode (by default is disabled), just add the following property in your config file, or switch in the UI with the new icon which is persisted in the local storage.


We added a few basic translations in German, Spanish, Portuguese and English by default.


I’ve been asked for this couple of times and I want to share how you can achieve a seamless integration GitHub with Verdaccio. Node.js package managers only allow using one registry when you are running an eg: npm install unless you modify the .npmrc and add some specific configuration, but frankly, we can do better using a proxy.

Please keep reading here:

(I’ll move the entire article here when I have some time) :-)

Docker has been a key part of success for Verdaccio. At the time of this writing, we have more than 4 million image pulls and this number is growing rapidly. The image provides an easy way to use Verdaccio in combination with tools like Kubernetes, Docker Compose or any other container orchestration system, simplifying deployment and integration with existing infrastructure.

This article will describe what has changed, all the improvements and benefits you will enjoy from migrating to the latest version.

Read more in our blog.

If you are already using Verdaccio 4 you are can immediately use the new token signature support with JWT or JSON Web Tokens.

This article will explain what are the advantages of using JWT instead of the traditional or legacy token signature used by Verdaccio. But before that, we need to be int he same page about JWT.

I’d recommend reading the following article before continue the reading.


Verdaccio 3 uses by default a token signature are based on AES192 encryption, that has been a legacy implementation inherited by Sinopia.

This token signature consists of the…

It’s not the first time that I’ve heard the following expression “Thanks for creating Verdaccio”, which actually flatters me, but is really hard to explain in a couple of words that I haven’t created Verdaccio. Perhaps I might be responsible for what is Verdaccio today, but that is a different story. Today I’d like to share the whole story behind this project and how I ended up working on it.

Sinopia “The Origin”

A few years ago in 2013, the main registry (npmjs) was running for a while and at the same time, Alex Kocharin decided to create Sinopia.

The original objective was…

This one of the multiple articles I will write about running Verdaccio on multiple platforms.

This time for simplicity I’ve chosen DigitalOcean that provides affordable base prices and if you want to run your own registry, it’s a good option.

Create a Droplet

Choosing an image before creating a droplet

Create a droplet is fairly easy, it just matters to choose an image and click on create, I personally selected a Node.js 8.10.0 version to simplify the setup.

Since a couple of months ago, verdaccio@4.0.0 is under development, we want to give you a first update of the current list of features ready to be tested and incoming ones.

Verdaccio 4 UI based on material-ui

What’s new in Verdaccio 4 Alpha? 🐣

Tokens 🛡

Improve security is one of our main goals, we have wanted to improve in one of the most important areas for the users, tokens. Currently the token verification is based on unpack the token for each request and ask the plugin whether the author is authorized. This might be a bit overwhelming if the authentication’s provider is not good handling a big amount of request or is totally unnecessary.

Snippet of some random lock file

Lockfiles on node package manager (npm) clients are not a new topic, yarn broke the node package managers world with a term called determinism providing a new file generated after install called yarn.lock to pin and freeze dependencies with the objective to avoid inconstancies across multiple installations.

If you are using a private registry as Verdaccio, it might be a concern committing the lock file in the repo using the private or local domain as registry URL and then someone else due his environment is not able to fetch the tarballs defined in the lock file.

This is merely an…

It has been a long, exciting journey since Verdaccio’s community development began, starting initially as a fork of Sinopia. Since the fork, the project has evolved in many ways, making the project’s code base modern, easier to debug, and more straightforward to contribute to by the community!

Verdaccio has evolved in many ways. It was a required path to follow, modernize the project using a new stack, code structure, bug fixing, new features and easy maintenance to promote community collaboration.

new logo by Breno Rodrigues

This article describes the new features in the 3.0 …

This article is about why setting up a npm private proxy is a good idea, going through most common questions that I’ve been asked since contributing to sinopia’s fork verdaccio, and how a developer addresses many use cases that made me appreciate how useful it can be set up a local private proxy

Read more here.

Juan Picado

I maintain @verdaccio_npm 📦🔑 • JavaScript Enthusiast • Node.js 🤪 • Front-End Engineer • 👨‍💻 at @ebay • roots /home/.git/🇪🇸🇳🇮

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store