$nobody access rule or whitelist users
See original GitHub issueI didn’t find about how to close access to publish to somebody not from team.
'**':
access: $all
publish: $authenticated
proxy: npmjs
Situation: I use @babel/plugin-proposal-decorators
in my project. Hacker push @babel/plugin-proposal-decorators
package with violence to my register. And then my project pull this violence code… This is a hole in security. Need mechanism to close access to people not in whitelist to push any projects in register.
Issue Analytics
- State:
- Created 3 years ago
- Comments:5 (3 by maintainers)
Top Results From Across the Web
The Good and Bad of 3 Common IP Whitelisting Scenarios
Scenario #3 - Use known IPs to provide access to 'trusted users'. Pros: None. Cons: An IP is NOT an identity!! IP addresses...
Read more >How to Enable Network Access Rules - Panopto Support
Admins can enable Network Access Rules, also referred to as IP whitelisting, so they can lock down viewing and editing of certain folders...
Read more >How to Whitelist a Website (EASY solution) - WatchTowerHQ
Whitelisting is a proactive method of allowing specific IP addresses to avoid blockage by your firewall security rules and access your ...
Read more >User restrictions | License Server - JetBrains
The access-config.json file consists of one or several lists of rules: the whitelist, the blacklist, and the priority list.
Read more >Access policies - Cloudflare Zero Trust
Rules work like logical operators. They help you define which categories of users your policy will affect. Each policy needs at least an...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Previously I didn’t find solution to restrict access in verdaccio. I found only ‘$all’ and ‘$anonymous’ access rules. Therefore I try to suggest a new access rule:
$nobody
. But later I find in documentation, that I can use: ’ ’ (empty string), ‘undefined’ or username, those access rules solve my problem.Ahh ok, yeah now I understand thanks for the clarification 🙃 .
So, can we close this?