New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Project no longer maintained? #376

Open
mattfysh opened this Issue Feb 16, 2016 · 99 comments

Comments

Projects
None yet
@mattfysh
Copy link

mattfysh commented Feb 16, 2016

It seems this project is no longer being maintained, with a high number of unanswered pull requests and issues raised. The last version v1.4.0 was published 8 months ago. I've reached out to the author via email a week ago and have not yet received a response

Does anyone know the process here is, anyone interested in forking this project and publishing under a new name?

@rbecheras

This comment has been minimized.

Copy link

rbecheras commented Feb 17, 2016

Yes I planned to support a fork of the project.

I think about a complete re-factored project to provide

  • a full templating system to allow to fully integrate the client-side (the web UI side) of the application in your standardized organization web application design or any custom one.
  • custom extensions as configurable plugins, naturally managed by npm prefixed modules like custom (npm i grunt-*) and "contrib" (npm i grunt-contrib-*) grunt tasks modules are for example.

The aim will be to take advantage of its advanced personalization features while continuing to benefit of the project's progress and updates when it evolves.

@mattfysh

This comment has been minimized.

Copy link

mattfysh commented Feb 19, 2016

@czardoz

This comment has been minimized.

Copy link

czardoz commented Feb 19, 2016

A lot of forks seem to be present (presumably because of PRs not being merged) https://github.com/rlidwka/sinopia/network

@RnbWd

This comment has been minimized.

Copy link

RnbWd commented Feb 20, 2016

I tried a year ago - it's the most complex library written in express I've ever seen

@scic

This comment has been minimized.

Copy link

scic commented Feb 23, 2016

I would love if this project would be actively maintained again. Currently the missing/broken pull-through of scoped packages is beginning to become a blocker for me. Sadly this code is above my understanding so I can't help.

@RnbWd

This comment has been minimized.

Copy link

RnbWd commented Feb 24, 2016

I've started using scoped packages in sinopia before it was officially implemented in npm - there's a configuration in yaml that enables pulling @name/package's. I haven't used sinopia since the scopes were implemented officially and npm was upgraded to 3.0 - so I'm not sure if the scopes pull from npm or just act locally - but effectively it can be used instead of npm as a private repo - I used it w/scoped variables - but not via npm.

@jdxcode

This comment has been minimized.

Copy link

jdxcode commented Feb 27, 2016

I've got a npm server that's a bit different than sinopia, but a lot simpler that might be worth a look: https://github.com/dickeyxxx/elephant

We're using it in production at Heroku with great success! It's very fast!

@mimaidms

This comment has been minimized.

Copy link

mimaidms commented Feb 29, 2016

@rlidwka can you give us a short statement on the status of sinopia?

@RnbWd

This comment has been minimized.

Copy link

RnbWd commented Mar 8, 2016

I just turned on my docker sinopia container for the first time in 6 months and it seems to work fine. Many of the problems posted here might be solvable by changing a few lines of code or simply making the config.yml work properly - which is honestly esoteric. But if it works.. it works. I consistently had a 10x speed improvement the entire time I used it hosted on a tiny docker server in the cloud - but I still haven't tried scoped variables since they were officially implemented. They worked fine last summer, but it requires the proper setup in the config

edit: scoped variables are working fine with me - but they're local to the sinopia. check out the configuration for my docker repo https://github.com/RnbWd/sinopia-docker

double edit: I'm using node 5.7.1 and npm 3.8.1 - but I can only get sinopia to run on 0.10 (it briefly worked with iojs) so my docker container - running sinopia in 0.10 - is probably more stable to use than if one were to just download sinopia 'vanilla' in a modern node context

@ChadKillingsworth

This comment has been minimized.

Copy link

ChadKillingsworth commented Mar 11, 2016

Proxying scoped packages work just fine - you just have to set the config correctly (the default is wrong).

You need 2 asterisks:

packages:
  '**':
    # allow all users (including non-authenticated users) to read and
    # publish all packages
    #
    # you can specify usernames/groupnames (depending on your auth plugin)
    # and three keywords: "$all", "$anonymous", "$authenticated"
    access: $all

    # allow all known users to publish packages
    # (anyone can register by default, remember?)
    publish: $authenticated

    # if package is not available locally, proxy requests to 'npmjs' registry
    proxy: npmjs
@RnbWd

This comment has been minimized.

Copy link

RnbWd commented Mar 11, 2016

I use this setting for scoped packages:

@/
# scoped
allow_publish: $authenticated

I haven't used the "**" setting, I'm jw if there's an issue the "@/" setting when proxying npm?

@ChadKillingsworth

This comment has been minimized.

Copy link

ChadKillingsworth commented Mar 12, 2016

The matching algorithm uses the node glob library so it's the same matching rules. A single * won't match a /, but the double ** does.

*/* works just as well if you want to have a rule for just scoped packages.

@ChadKillingsworth

This comment has been minimized.

Copy link

ChadKillingsworth commented Mar 14, 2016

I also emailed @rlidwka about a month ago and never heard back. He has near-continuous public activity on github for the past several months which leads me to believe he is purposefully ignoring this project.

A fork, name change and license change would be in order it seems. I just don't have the time right now to maintain a package like this appropriately.

@RnbWd

This comment has been minimized.

Copy link

RnbWd commented Mar 15, 2016

I'd volunteer to give it shot - I'm maintaining the docker container that
seems to have the most downloads for this project - and I had to forked it for a minor feature so I could proxy it via ssl with minimal config. I've
read every line of the code base, so I have a mental model of its
structure. The foundation uses libraries that are not compatible with
modern nodejs. Those sections can be rewritten, the library can be
modernized, i know where it needs to change - but it's ambitious. I
attempted to modernize it a year ago, but none of that's relevant now.

I need to think this over for a few days - it's not a trivial library to
maintain.
On Sun, Mar 13, 2016 at 7:25 PM Chad Killingsworth notifications@github.com
wrote:

I also emailed @rlidwka https://github.com/rlidwka about a month ago
and never heard back. He has near-continuous public activity on github for

@cuzzinz

This comment has been minimized.

Copy link

cuzzinz commented Mar 16, 2016

It would be amazing for this project to be forked and modernized. It is by far the fastest solution even compared to local-npm and lazy_npm.

I have compared a few different solutions and sinopia is faster by 15-30%. It is very impressive.

@dgaya

This comment has been minimized.

Copy link

dgaya commented Mar 16, 2016

First, thanks @rlidwka for this great software.

I already maintain a fork, https://github.com/fl4re/sinopia
It is not intended to become the 'official' fork. In fact there are other forks (for example @mathieumg or @ngash) quite active too.

Our fork is internally used at my company, therefore we are going to maintain it in the future.

In this fork I have already merged some relevant PRs:

  • Split travis file in install & script
  • Update README to use fl4re travis badge
  • Travis fix
  • Change _npmUser.name to author.name for entries #352
  • Update deps, make compile on Node v4 & 5 #367
  • ADDED intermediate ssl certificate option #379
  • Package search requires 'access' authorization #370

And we have a branch (OAuth_login) that replaces completely the registration/login workflow by Github/Google Oauth instead of plain and open user password.
Beside this branch, I plan to maintain the master branch as close as possible to the original sinopia.

If anyone in the community considers our fork a good fork, I will be glad to accept PR.
PRs will be accepted if:

  • fixes some bug
  • fixes random travis failures
  • fixes jslint/jshint styling
  • removes dead code
  • replaces some old library by a newer one
  • refactors
  • add a feature and there is consensus about it (a few +1)

PRs will not be accepted if:

  • modifies the original features
  • adds features only needed by some individual
  • brakes the travis build
@ChadKillingsworth

This comment has been minimized.

Copy link

ChadKillingsworth commented Mar 17, 2016

@dgaya Thanks! I'll send a PR or 2 your way. Also, would you consider switching the license on your fork? I'm not sure of the implications of that, but the current license has always made me nervous.

@RnbWd

This comment has been minimized.

Copy link

RnbWd commented Apr 2, 2016

I think I'm going to create an org - what should we call it? I don't want to use sinpopia unless @rlidwka is okay with it (love your work btw). I have some urls - like.. 'karmasync' 'event-loop' 'synctea' all .coms I'm not using at the moment (well karmasync links to a github clone and synctea is my sinopia) not that it matters but they're cheap and i don't think anyone is using them.

I want to collaborate with a group - it's not a one man project. there are other projects that are similar and it might be nice to merge with them, but none are as good as sinopia. Considering it seems to work perfectly fine for me at the moment

Feel free to use https://synctea.com for some http2 sinopia awesomeness.

I think this project deserves a working group.

edit: npm config set strict-ssl false if you decide to use synctea.com

edit: also i like what @dgaya did - but my original attempt was far more ambitious and changed lots of dependencies and code styles -- too bad I lost it - it's not worth looking for now

@dsuckau

This comment has been minimized.

Copy link

dsuckau commented Apr 4, 2016

I really hope this project will be maintained again. We use sinopia in our company for private packages. We are kind of dependent on it now, but don't trust this repository anymore. I would contribute too....

@donny-dont

This comment has been minimized.

Copy link

donny-dont commented Apr 5, 2016

@RnbWd maybe https://en.wikipedia.org/wiki/Sinopia would provide some inspiration.

Some things that pop out from it are

  • hematite
  • sinoper
@RnbWd

This comment has been minimized.

Copy link

RnbWd commented Apr 5, 2016

Thanks - I haven't started working on anything yet but I agree with everyone that this project should be maintained. Sinopia seems to work for most things - i did notice some weirdness with @* names being pulled from npm - I just want a general consensus about what everyone is looking for, I'll need to go though the issues.

Syncing with external store (s3) is something I see mentioned constantly. I host using Docker - I can sync all the repos with an external volume that I can send to s3 or something, and I proxy with nginx. But if you're just relying on sinopia, adding hooks in the repo itself seems to be one of the most requested features, so that's one major feature that we need to decide if we want to expand it - or use external libraries for the management (like an external file watcher syncing repos)

But the critical necessity is to make sure that it will remain compatible with npm itself. It currently uses an older version of express to fake npm's backend - so if npm's api changes, then those will need to be reflected manually as express routes. But if modules from npm's repo could be used instead, then it might be possible simplify the express portion of the app without worrying about future compatibility. -- I need to create multiple test branches to see what's possible

@RnbWd

This comment has been minimized.

Copy link

RnbWd commented Apr 5, 2016

I found a ton of resources here - awesome-npm

Here are a few modules that I think sinopia would benefit from:

  • nrm - helps switch between different npm registries
  • tarball-url-info from npm's repo, and I also like modules like tar-stream and tar-fs which might be a nice way to store the tars locally in sinopia's cache folder.
  • npmo-auth-github - it's used for npm enterprise. Sinopia currently stores user info in a plaintext via httpasswd. IMO i think it's genius but it some people probably want a more robust login / auth method.
  • ied and pnpm are alternatives to the npm-cli. The reason these might be useful has to do with their use of content-addressable_storage:
  • abstract-blob-store has a rich ecosystem with hooks for leveldb, s3, google-cloud-storage, and it also works with distributed systems. If we really want to really ambitious - we could create an (optional) distributed network of npm modules using hyperdrive - which powers dat. It's a pretty cool system, they actually created a dat-npm repo that clones the entire npm registry just as an example project. It could also be used to sync sinopia registries between work / home - different cloud servers - across companies, different teams, etc. Right now everything is just stored in the local filesystem

food for thought 😆

@cuzzinz

This comment has been minimized.

Copy link

cuzzinz commented Apr 5, 2016

This line stood out on the wiki for me:

To make the faces in the final fresco, Cennini recommended that the artist first paint them with an undercoat of brownish green, called a verdaccio [...] then used a fine brush and sinopia to paint the lines under the eyes, around the nose, the eyebrows, the mouth and the shading under the upper lip.

verdaccio - a green color popular in late medieval Italy for fresco painting

Since it will be a fork, follow the subject the orig project used but a new "color." .... verdaccio

Just my 2 cents

P.S. I will definitely be testing out whatever fork is created. I am using it to help eliminate the need to locally cache any modules on a jenkins slave that is building via a docker container. Smaller footprint.

@jdxcode

This comment has been minimized.

Copy link

jdxcode commented Apr 5, 2016

@RnbWd if you look at my project it does S3 syncing much better.

@RnbWd

This comment has been minimized.

Copy link

RnbWd commented Apr 5, 2016

I'll definitely check it out - I haven't started working on anything yet.
If the startup I was working at last year didn't dissolve I'd have started
a fork 6 months ago - but I was able to brainstorm quite a bit - and the
iojs fork / es6 features made me hesitant to start any ambitious projects
On Tue, Apr 5, 2016 at 10:49 AM Jeff Dickey notifications@github.com
wrote:

@RnbWd https://github.com/RnbWd if you look at my project
https://github.com/dickeyxxx/elephant it does S3 syncing much better.
We use it in production at Heroku and it handles 1000 RPM beautifully.


You are receiving this because you were mentioned.

Reply to this email directly or view it on GitHub
#376 (comment)

@jmwilkinson

This comment has been minimized.

Copy link

jmwilkinson commented Apr 15, 2016

What's the status on this? Is someone going to create an org called "verdaccio" and fork sinopia?

I will do it if I have to. I have just about 0 time to maintain it, though, so everyone here who is interested would have to help contribute, and hopefully shift the community over. To that end, a primary objective would be no api breaks.

If no one has taken the initiative by Monday, I'll go ahead and make it then.

@RnbWd

This comment has been minimized.

Copy link

RnbWd commented Apr 15, 2016

I can't get mine to work anymore..

@trentearl

This comment has been minimized.

Copy link

trentearl commented Apr 15, 2016

This project is important to me and my company, I have created the organization: verdaccio

And forked the repo https://github.com/verdaccio/sinopia

I've added @RnbWd and happy to add others well.

I look forward to seeing this project continue to grow.

@trentearl

This comment has been minimized.

Copy link

trentearl commented Apr 15, 2016

Renamed to: https://github.com/verdaccio/verdaccio

@qballer

This comment has been minimized.

Copy link

qballer commented Sep 28, 2016

They had a merge 10 days ago.

@kachkaev

This comment has been minimized.

Copy link

kachkaev commented Sep 28, 2016

But what if those guys were just given a gazillion dollars each to stop that work? @rlidwka (the original author of this project who suddenly disappeared a year ago) is now a member of Node.js on github (nodejsicon); which means that he could potentially get such an offer:

nodejs

If you fork sinopia or verdaccio and contribute hard to it, don't be surprised to see an unusual message in your mailbox after some time. Just don't agree to meet at an abandoned cargo dock to get your gazillion! 😆

@trentearl

This comment has been minimized.

Copy link

trentearl commented Sep 28, 2016

@kachkaev I am an active maintainer of verdaccio, no need for conspiracy theories.

It is true I dont have a lot of time to dedicate to the project, mostly a couple of hours on the weekends. So far that seems sufficient for most users. None of the people who originally expressed interest in maintaining the project have followed through 😅

@jmwilkinson

This comment has been minimized.

Copy link

jmwilkinson commented Sep 28, 2016

@kachkaev Where is my gazillion dollars? From the start I knew I wouldn't have much time, if any, to contribute, but I have a vested interest in not letting the project die. My role is primarily to add more maintainers if we have interested parties.

@juanpicado

This comment has been minimized.

Copy link

juanpicado commented Sep 28, 2016

@kachkaev 11 !== 30. Let's be fair. I think the project has been stable for a while, all test were fixed and passes, maintainers and others reply messages the most of the time. Probably all we'd love work at verdaccio 24/7. I think they are doing a good job. The project only needs more contributors, that's all and some gazillion dollars for cokes on weekend of course ;) .

@monolithed

This comment has been minimized.

Copy link

monolithed commented Dec 26, 2016

So, sinopia or verdaccio? 😄
@rlidwka , there are some people who want to be contributors. Could you transfer some permissions for them? You have already done a great work, but you are being frivolous to ignore this problem.

@jonsharratt

This comment has been minimized.

Copy link

jonsharratt commented Apr 18, 2017

Just thought I would share another option, we have an active completely open source project called codebox-npm. Currently requires you to a) use GitHub as it uses it for authentication, b) AWS as your cloud provider. It is serverless via the use of the Serverless Framework.

https://github.com/craftship/codebox-npm

@sullyme

This comment has been minimized.

Copy link

sullyme commented Apr 18, 2017

@jonsharratt, just Github? No normal auth with token like sinopia?

@jonsharratt

This comment has been minimized.

Copy link

jonsharratt commented Apr 18, 2017

Not at the moment, just GitHub for now - looking to add selectable auth strategies such as GitLab, contributions welcome to implement it's own auth if people think that would be more useful. GitHub means you can instantly scope auth and give read only permission to your entire GitHub organisation.

@monolithed

This comment has been minimized.

Copy link

monolithed commented Apr 18, 2017

GitHub only is a bad idea, because it has been blocking by some countries for political and other "illegal" reasons.

@sniederm

This comment has been minimized.

Copy link

sniederm commented Apr 18, 2017

Hi guys, I'm also looking for a simple local NPM repository server and was happy to find Sinopia here, looks promising. Bad to see that it is retired. Seems that there is no really stable other NPM repository project out there, maintained by an healthy open source community. Beside the official NPM Enterprise version I found other repository servers with NPM support but they're not written in JS: https://www.sonatype.com/nexus-repository-oss and https://www.jfrog.com/open-source/
So, I only see three options: Stick with Sinopia and fix it, use one of the other (non-JS) projects or use NPM Enterprise. I've not decided yet, what to do... WDYT?

@juanpicado

This comment has been minimized.

Copy link

juanpicado commented Apr 18, 2017

@sniederm https://github.com/verdaccio/verdaccio I'd add one more option ;) we have fixed sinopia for you and It's getting better.

npm install --global verdaccio

Update April 2018 / June 2018:

  • Documentation: https://www.verdaccio.org/
  • New and nice UI
  • Plenty of bugs fixed
  • Well tested on all Node versions
  • Modern source code base
  • New Storage API
  • New Plugins
  • Backward compatible with Sinopia 1.4.0

We are working on v3 with a lot of new features. You can try it with
v3 is out 🎉 🎉 🎉 🎉 🎉 !!

https://twitter.com/verdaccio_npm/status/1002153278686326784

npm install --global verdaccio@latest

Additionally, we have Docker support with more than 1.7 million pulls to this day.

docker pull verdaccio/verdaccio

and if you need Kubernetes support

helm install --name npm stable/verdaccio

https://www.verdaccio.org/docs/en/kubernetes.html

Questions?

http://chat.verdaccio.org

@czardoz

This comment has been minimized.

Copy link

czardoz commented Apr 18, 2017

In case someone is looking for a maintained open-source option, there's cnpmjs: https://github.com/cnpm/cnpmjs.org

I've never set it up myself, but they have instructions here: https://github.com/cnpm/cnpmjs.org/wiki/Deploy-a-private-npm-registry-in-5-minutes

@maraisr

This comment has been minimized.

Copy link

maraisr commented Apr 26, 2017

Thank you so much @juanpicado!! 🙌 pretty epic. Was a drop in replacement from my current Sinopia setup.

Currently running Verdaccio locally, pointing my @namespace to our on-prem Nexus proxy (through the config yaml) - and seems to work 100% okay!

Love your work mate!

@juanpicado

This comment has been minimized.

Copy link

juanpicado commented Oct 2, 2018

@kachkaev don't be surprised to see an unusual message in your mailbox after some time

No email yet :) 2 years have passed. I' think that was a myth 😆 , also no gazillion dollars 😿

Anyway, jokes apart. 🤓 we are working on Verdaccio 4, new features, more stuff. Feel free to keep contributing.

https://github.com/verdaccio/verdaccio/projects/10

@Mic92 Mic92 referenced this issue Nov 9, 2018

Merged

nodePackages: 8_x -> 10_x #50003

3 of 9 tasks complete

Mic92 added a commit to Mic92/nixpkgs that referenced this issue Nov 14, 2018

nodePackages.sinopia: remove
Project is unmaintained: rlidwka/sinopia#376
Could not find who added this.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment