Added uplink to private npm registry. Getting "UnhandledPromiseRejectionWarning: TypeError: Cannot read property 'cache' of null" from uplinkSanityCheck

[tfontana625]

Setup:
Windows 11 Enterprise
npm -v 6.14.17
node -v 14.21.2
verdaccio -v 5.29.0

After adding an additional uplink to my companies private npm registry, when I attempt to run verdaccio, I get the following error:

$ verdaccio
(node:52408) UnhandledPromiseRejectionWarning: TypeError: Cannot read property 'cache' of null
at uplinkSanityCheck (C:\Users\fontantx\AppData\Roaming\npm\node_modules\verdaccio\node_modules@verdaccio\config\build\uplinks.js:29:37)
at new Config (C:\Users\fontantx\AppData\Roaming\npm\node_modules\verdaccio\node_modules@verdaccio\config\build\config.js:94:89)
at new Config (C:\Users\fontantx\AppData\Roaming\npm\node_modules\verdaccio\build\lib\config.js:13:5)
at _default (C:\Users\fontantx\AppData\Roaming\npm\node_modules\verdaccio\build\api\index.js:110:18)
at startVerdaccio (C:\Users\fontantx\AppData\Roaming\npm\node_modules\verdaccio\build\lib\bootstrap.js:50:22)
at InitCommand.execute (C:\Users\fontantx\AppData\Roaming\npm\node_modules\verdaccio\build\lib\cli\commands\init.js:62:37)
at InitCommand.validateAndExecute (C:\Users\fontantx\AppData\Roaming\npm\node_modules\verdaccio\node_modules\clipanion\lib\advanced\Command.js:73:37)
at C:\Users\fontantx\AppData\Roaming\npm\node_modules\verdaccio\node_modules\clipanion\lib\advanced\Cli.js:223:53
at noopCaptureActivator (C:\Users\fontantx\AppData\Roaming\npm\node_modules\verdaccio\node_modules\clipanion\lib\advanced\Cli.js:449:12)
at Cli.run (C:\Users\fontantx\AppData\Roaming\npm\node_modules\verdaccio\node_modules\clipanion\lib\advanced\Cli.js:223:30)
(Use node --trace-warnings ... to show where the warning was created)
(node:52408) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag --unhandled-rejections=strict (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 2)
(node:52408) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
info --- config file - C:\Users\fontantx\AppData\Roaming\verdaccio\config.yaml
prettify pipeline error undefined

I set up my access token like this:
Here, your password is actually your Azure Personal Access Token (PAT), but it is base64 encoded.
In Git Bash, there is a base64 utility included. Run this to get your PAT: echo -n "dDZpN2FzN2...==" | base64 --decode
It will generate something like t6i7as7hq... .
Then, you want to create your basic token using your decoded password and username. Use this command: echo -n "VssSessionToken:t6i7as7hq..." | base64 --wrap 0
The result will look something like VnNzU2Vzc2...= . This is what you will put as the token in config.yaml.
With this, you should be able to use verdaccio to proxy all requests, even those to the private lexisnexis registry.

Here is my config.yaml:

This is the default configuration file. It allows all users to do anything,

please read carefully the documentation and best practices to

improve security.

Look here for more config file examples:

https://github.com/verdaccio/verdaccio/tree/5.x/conf

Read about the best practices

https://verdaccio.org/docs/best

path to a directory with all packages

storage: ./storage

path to a directory with plugins to include

plugins: ./plugins

https://verdaccio.org/docs/webui

web:
title: Verdaccio

comment out to disable gravatar support

gravatar: false

by default packages are ordercer ascendant (asc|desc)

sort_packages: asc

convert your UI to the dark side

darkMode: true

html_cache: true

by default all features are displayed

login: true

showInfo: true

showSettings: true

In combination with darkMode you can force specific theme

showThemeSwitch: true

showFooter: true

showSearch: true

showRaw: true

showDownloadTarball: true

HTML tags injected after manifest

scriptsBodyAfter:

- '<script type="text/javascript" src="https://my.company.com/customJS.min.js"></script>'

HTML tags injected before ends

metaScripts:

- '<script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>'

- '<script type="text/javascript" src="https://browser.sentry-cdn.com/5.15.5/bundle.min.js"></script>'

- ''

HTML tags injected first child at

bodyBefore:

- '

html before webpack scripts

'

Public path for template manifest scripts (only manifest)

publicPath: http://somedomain.org/

https://verdaccio.org/docs/configuration#authentication

auth:
htpasswd:
file: ./htpasswd
# Maximum amount of users allowed to register, defaults to "+inf".
# You can set this to -1 to disable registration.
# max_users: 1000
# Hash algorithm, possible options are: "bcrypt", "md5", "sha1", "crypt".
# algorithm: bcrypt # by default is crypt, but is recommended use bcrypt for new installations
# Rounds number for "bcrypt", will be ignored for other algorithms.
# rounds: 10

https://verdaccio.org/docs/configuration#uplinks

a list of other known repositories we can talk to

uplinks:
npmjs:
url: https://registry.npmjs.org/

mycompany:
url: https://###########.pkgs.visualstudio.com/_packaging/##########/npm/registry/
auth:
type: basic
token: "######################################################################################"

packages:
'**':
access: $all
publish: $all
unpublish: $all
proxy: mycompany

'@/':
# scoped packages
access: $all
publish: $all
unpublish: $all
proxy: mycompany

To improve your security configuration and avoid dependency confusion

consider removing the proxy property for private packages

https://verdaccio.org/docs/best#remove-proxy-to-increase-security-at-private-packages

https://verdaccio.org/docs/configuration#server

You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections.

A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout.

WORKAROUND: Through given configuration you can workaround following issue #301. Set to 0 in case 60 is not enough.

server:
keepAliveTimeout: 60

Allow req.ip to resolve properly when Verdaccio is behind a proxy or load-balancer

See: https://expressjs.com/en/guide/behind-proxies.html

trustProxy: '127.0.0.1'

https://verdaccio.org/docs/configuration#offline-publish

publish:

allow_offline: false

https://verdaccio.org/docs/configuration#url-prefix

url_prefix: /verdaccio/

VERDACCIO_PUBLIC_URL='https://somedomain.org';

url_prefix: '/my_prefix'

// url -> https://somedomain.org/my_prefix/

VERDACCIO_PUBLIC_URL='https://somedomain.org';

url_prefix: '/'

// url -> https://somedomain.org/

VERDACCIO_PUBLIC_URL='https://somedomain.org/first_prefix';

url_prefix: '/second_prefix'

// url -> https://somedomain.org/second_prefix/'

https://verdaccio.org/docs/configuration#security

security:

api:

legacy: true

jwt:

sign:

expiresIn: 29d

verify:

someProp: [value]

web:

sign:

expiresIn: 1h # 1 hour by default

verify:

someProp: [value]

https://verdaccio.org/docs/configuration#user-rate-limit

userRateLimit:

windowMs: 50000

max: 1000

https://verdaccio.org/docs/configuration#max-body-size

max_body_size: 10mb

https://verdaccio.org/docs/configuration#listen-port

listen:

- localhost:4873 # default value

- http://localhost:4873 # same thing

- 0.0.0.0:4873 # listen on all addresses (INADDR_ANY)

- https://example.org:4873 # if you want to use https

- "[::1]:4873" # ipv6

- unix:/tmp/verdaccio.sock # unix socket

The HTTPS configuration is useful if you do not consider use a HTTP Proxy

https://verdaccio.org/docs/configuration#https

https:

key: ./path/verdaccio-key.pem

cert: ./path/verdaccio-cert.pem

ca: ./path/verdaccio-csr.pem

https://verdaccio.org/docs/configuration#proxy

http_proxy: http://something.local/

https_proxy: https://something.local/

https://verdaccio.org/docs/configuration#notifications

notify:

method: POST

headers: [{ "Content-Type": "application/json" }]

endpoint: https://usagge.hipchat.com/v2/room/3729485/notification?auth_token=mySecretToken

content: '{"color":"green","message":"New package published: * {{ name }}*","notify":true,"message_format":"text"}'

middlewares:
audit:
enabled: true

https://verdaccio.org/docs/logger

log settings

log: { type: stdout, format: pretty, level: http }
#experiments:

# support for npm token command

token: false

# disable writing body size to logs, read more on ticket 1912

bytesin_off: false

# enable tarball URL redirect for hosting tarball with a different server, the tarball_url_redirect can be a template string

tarball_url_redirect: 'https://mycdn.com/verdaccio/${packageName}/${filename}'

# the tarball_url_redirect can be a function, takes packageName and filename and returns the url, when working with a js configuration file

tarball_url_redirect(packageName, filename) {

const signedUrl = // generate a signed url

return signedUrl;

}

translate your registry, api i18n not available yet

i18n:

list of the available translations https://github.com/verdaccio/verdaccio/blob/master/packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md

web: en-US

[tfontana625]

I'm not sure but I think my config.yaml may not have been formatted correctly.