{"id":16698,"library":"verdaccio-auth-memory","title":"Verdaccio In-Memory Authentication Plugin","description":"verdaccio-auth-memory is an authentication plugin for Verdaccio, a lightweight private npm proxy registry. It is designed to store user credentials and session data exclusively in runtime memory. This crucial design choice means that all user information, including registered users and active sessions, will be lost upon any restart of the Verdaccio server. The current stable version is 10.3.2. As part of the Verdaccio monorepo, it follows a coordinated release schedule with the main Verdaccio project and other associated plugins. Its primary differentiator is its ephemeral nature, making it explicitly unsuitable for production environments that require persistent user management. Instead, it is primarily intended for development, testing (e.g., unit tests, CI environments), or transient demonstration purposes where data loss on restart is acceptable and even desired for a clean state.","status":"active","version":"10.3.2","language":"javascript","source_language":"en","source_url":"https://github.com/verdaccio/monorepo","tags":["javascript","verdaccio","plugin","auth","memory","typescript"],"install":[{"cmd":"npm install verdaccio-auth-memory","lang":"bash","label":"npm"},{"cmd":"yarn add verdaccio-auth-memory","lang":"bash","label":"yarn"},{"cmd":"pnpm add verdaccio-auth-memory","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"verdaccio-auth-memory is a plugin for Verdaccio and requires a running Verdaccio instance to function. Verdaccio is typically installed globally or as a project dependency alongside this plugin.","package":"verdaccio","optional":false},{"reason":"This package ships TypeScript types and relies on the core Verdaccio type definitions for plugin development, ensuring compatibility with the Verdaccio plugin API.","package":"@verdaccio/types","optional":false}],"imports":[{"note":"The plugin is exported as a default function that takes `config` and `appConfig` as arguments, rather than exporting a class or named functions directly. This is common for Verdaccio plugins. While `require` is shown in the README, modern Node.js (`>=18`) and TypeScript environments prefer `import` for modules that ship types.","wrong":"const AuthMemoryPlugin = require('verdaccio-auth-memory');\n// While `require` works, the default export pattern for plugins is typically consumed directly as a function.","symbol":"AuthMemoryPlugin","correct":"import AuthMemoryPlugin from 'verdaccio-auth-memory';\n// In a Verdaccio plugin context, it's typically required and then called.\n// import type { IPluginAuth } from '@verdaccio/types';\n// const pluginInstance: IPluginAuth = AuthMemoryPlugin(config, appConfig);"},{"note":"When developing Verdaccio plugins or working with the plugin's API, you would import the `IPluginAuth` interface from `@verdaccio/types` for type safety, as `verdaccio-auth-memory` implements this interface.","symbol":"IPluginAuth","correct":"import type { IPluginAuth } from '@verdaccio/types';"}],"quickstart":{"code":"# 1. Install Verdaccio globally (if not already installed)\nnpm install -g verdaccio\n\n# 2. Install the in-memory authentication plugin\nnpm install -g verdaccio-auth-memory\n\n# 3. Configure Verdaccio to use the plugin.\n#    Create or edit your Verdaccio config.yaml (usually in ~/.config/verdaccio/config.yaml)\n#    Ensure you remove or comment out any other 'auth' plugin, like 'htpasswd'.\n#    For example, a minimal config.yaml might look like this:\n\n# config.yaml\n# ===============================\nstore:\n  memory:\n    limit: 1000 # Max number of packages in memory\n\nauth:\n  auth-memory:\n    users:\n      devuser:\n        name: devuser\n        password: password123\n      testuser:\n        name: testuser\n        password: securepass\n\nuplinks:\n  npmjs:\n    url: https://registry.npmjs.org/\n\npackages:\n  '@*/*':\n    access: $all\n    publish: $authenticated\n    proxy: npmjs\n\n  '**':\n    access: $all\n    publish: $authenticated\n    proxy: npmjs\n# ===============================\n\n# 4. Start Verdaccio\nverdaccio\n\n# Now, you can log in using the configured users:\nnpm adduser --registry http://localhost:4873\n# When prompted, use 'devuser' and 'password123'","lang":"bash","description":"This quickstart demonstrates how to install Verdaccio and the `verdaccio-auth-memory` plugin, then configure a basic `config.yaml` to enable in-memory authentication with predefined users. It then shows how to start Verdaccio and use `npm adduser` to interact with the in-memory registry."},"warnings":[{"fix":"This is by design. For persistent user storage, consider alternative Verdaccio authentication plugins such as `verdaccio-htpasswd`, `verdaccio-ldap`, or database-backed solutions.","message":"All user accounts and session data stored by `verdaccio-auth-memory` are non-persistent and will be permanently lost every time the Verdaccio server restarts. This includes user registrations and any changes made during runtime.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Do not deploy this plugin in production. Use production-ready authentication plugins that integrate with secure, persistent identity providers.","message":"This plugin is explicitly intended for 'unit testing' and development environments. It is not suitable for production use where user data persistence, reliability, or robust security features are required.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Ensure your Verdaccio installation is at version 4.x or higher to guarantee compatibility with this plugin's API. Always check the `engines.node` and Verdaccio compatibility matrix.","message":"Older Verdaccio versions (pre-v4) or pre-monorepo plugin structures might not be compatible. This plugin's API aligns with modern Verdaccio plugin specifications.","severity":"breaking","affected_versions":"<9.0.0"}],"env_vars":null,"last_verified":"2026-04-22T00:00:00.000Z","next_check":"2026-07-21T00:00:00.000Z","problems":[{"fix":"Verify that `verdaccio-auth-memory` is installed (`npm list -g verdaccio-auth-memory`), ensure `auth-memory` is correctly nested under the `auth` section in `config.yaml`, and confirm no other auth plugins (like `htpasswd`) are active that might take precedence.","cause":"The plugin is either not installed, misspelled in `config.yaml`, or another authentication plugin is overriding it.","error":"ERROR: 'auth-memory' plugin is not loaded. Check your Verdaccio configuration."},{"fix":"Double-check the username and password in your `npm login` command against the `users` section in your `config.yaml`. Remember that users must be pre-configured in the YAML for this in-memory plugin.","cause":"Authentication failed, likely due to incorrect username/password or the user not being defined in the `config.yaml`.","error":"npm ERR! code E401 npm ERR! 401 Unauthorized - http://localhost:4873/-/user/org.couchdb.user:testuser"}],"ecosystem":"npm"}