Verdaccio
Trustless envirenment #2796
-
|
Is it safe to make this registry public so everyone on the internet can upload packages? Everywhere on the website is mentioned the word "private", that's why I'm asking. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
The project has been adding security improvements over time, there is no captcha, rate limiting is implemented (already on master not in v5 yet). The project cannot guarantee 100% protection, but I can invite you to read the source code and if you have any security concerns please feel free to read to https://github.com/verdaccio/verdaccio/blob/master/SECURITY.md or drop here any specific question regarding what is already implemented. cc: @DanielRuf |
Beta Was this translation helpful? Give feedback.
The project has been adding security improvements over time, there is no captcha, rate limiting is implemented (already on master not in v5 yet). The project cannot guarantee 100% protection, but I can invite you to read the source code and if you have any security concerns please feel free to read to https://github.com/verdaccio/verdaccio/blob/master/SECURITY.md or drop here any specific question regarding what is already implemented. cc: @DanielRuf