Project no longer maintained?

[mattfysh]

It seems this project is no longer being maintained, with a high number of unanswered pull requests and issues raised. The last version v1.4.0 was published 8 months ago. I've reached out to the author via email a week ago and have not yet received a response

Does anyone know the process here is, anyone interested in forking this project and publishing under a new name?

[rbecheras]

Yes I planned to support a fork of the project.

I think about a complete re-factored project to provide

• a full templating system to allow to fully integrate the client-side (the web UI side) of the application in your standardized organization web application design or any custom one.
• custom extensions as configurable plugins, naturally managed by npm prefixed modules like custom (npm i grunt-*) and "contrib" (npm i grunt-contrib-*) grunt tasks modules are for example.

The aim will be to take advantage of its advanced personalization features while continuing to benefit of the project's progress and updates when it evolves.

[mattfysh]

@vernak2539 ?

[czardoz]

A lot of forks seem to be present (presumably because of PRs not being merged) https://github.com/rlidwka/sinopia/network

[RnbWd]

I tried a year ago - it's the most complex library written in express I've ever seen

[scic]

I would love if this project would be actively maintained again. Currently the missing/broken pull-through of scoped packages is beginning to become a blocker for me. Sadly this code is above my understanding so I can't help.

[RnbWd]

I've started using scoped packages in sinopia before it was officially implemented in npm - there's a configuration in yaml that enables pulling @name/package's. I haven't used sinopia since the scopes were implemented officially and npm was upgraded to 3.0 - so I'm not sure if the scopes pull from npm or just act locally - but effectively it can be used instead of npm as a private repo - I used it w/scoped variables - but not via npm.

[jdx]

I've got a npm server that's a bit different than sinopia, but a lot simpler that might be worth a look: https://github.com/dickeyxxx/elephant

We're using it in production at Heroku with great success! It's very fast!

[mima0815]

@rlidwka can you give us a short statement on the status of sinopia?

[RnbWd]

I just turned on my docker sinopia container for the first time in 6 months and it seems to work fine. Many of the problems posted here might be solvable by changing a few lines of code or simply making the config.yml work properly - which is honestly esoteric. But if it works.. it works. I consistently had a 10x speed improvement the entire time I used it hosted on a tiny docker server in the cloud - but I still haven't tried scoped variables since they were officially implemented. They worked fine last summer, but it requires the proper setup in the config

edit: scoped variables are working fine with me - but they're local to the sinopia. check out the configuration for my docker repo https://github.com/RnbWd/sinopia-docker

double edit: I'm using node 5.7.1 and npm 3.8.1 - but I can only get sinopia to run on 0.10 (it briefly worked with iojs) so my docker container - running sinopia in 0.10 - is probably more stable to use than if one were to just download sinopia 'vanilla' in a modern node context

[ChadKillingsworth]

Proxying scoped packages work just fine - you just have to set the config correctly (the default is wrong).

You need 2 asterisks:

packages:
  '**':
    # allow all users (including non-authenticated users) to read and
    # publish all packages
    #
    # you can specify usernames/groupnames (depending on your auth plugin)
    # and three keywords: "$all", "$anonymous", "$authenticated"
    access: $all

    # allow all known users to publish packages
    # (anyone can register by default, remember?)
    publish: $authenticated

    # if package is not available locally, proxy requests to 'npmjs' registry
    proxy: npmjs

[RnbWd]

I use this setting for scoped packages:

@/
# scoped
allow_publish: $authenticated

I haven't used the "**" setting, I'm jw if there's an issue the "@/" setting when proxying npm?

[ChadKillingsworth]

The matching algorithm uses the node glob library so it's the same matching rules. A single * won't match a /, but the double ** does.

*/* works just as well if you want to have a rule for just scoped packages.

[ChadKillingsworth]

I also emailed @rlidwka about a month ago and never heard back. He has near-continuous public activity on github for the past several months which leads me to believe he is purposefully ignoring this project.

A fork, name change and license change would be in order it seems. I just don't have the time right now to maintain a package like this appropriately.

[RnbWd]

I'd volunteer to give it shot - I'm maintaining the docker container that
seems to have the most downloads for this project - and I had to forked it for a minor feature so I could proxy it via ssl with minimal config. I've
read every line of the code base, so I have a mental model of its
structure. The foundation uses libraries that are not compatible with
modern nodejs. Those sections can be rewritten, the library can be
modernized, i know where it needs to change - but it's ambitious. I
attempted to modernize it a year ago, but none of that's relevant now.

I need to think this over for a few days - it's not a trivial library to
maintain.
On Sun, Mar 13, 2016 at 7:25 PM Chad Killingsworth notifications@github.com
wrote:

I also emailed @rlidwka https://github.com/rlidwka about a month ago
and never heard back. He has near-continuous public activity on github for

[cuzzinz]

It would be amazing for this project to be forked and modernized. It is by far the fastest solution even compared to local-npm and lazy_npm.

I have compared a few different solutions and sinopia is faster by 15-30%. It is very impressive.

[dgaya]

First, thanks @rlidwka for this great software.

I already maintain a fork, https://github.com/fl4re/sinopia
It is not intended to become the 'official' fork. In fact there are other forks (for example @mathieumg or @ngash) quite active too.

Our fork is internally used at my company, therefore we are going to maintain it in the future.

In this fork I have already merged some relevant PRs:

• Split travis file in install & script
• Update README to use fl4re travis badge
• Travis fix
• Change _npmUser.name to author.name for entries Change _npmUser.name to author.name for entries #352
• Update deps, make compile on Node v4 & 5 Update deps, make compile on Node v4 & 5 #367
• ADDED intermediate ssl certificate option ADDED intermediate ssl certificate option #379
• Package search requires 'access' authorization Package search requires 'access' authorization #370

And we have a branch (OAuth_login) that replaces completely the registration/login workflow by Github/Google Oauth instead of plain and open user password.
Beside this branch, I plan to maintain the master branch as close as possible to the original sinopia.

If anyone in the community considers our fork a good fork, I will be glad to accept PR.
PRs will be accepted if:

• fixes some bug
• fixes random travis failures
• fixes jslint/jshint styling
• removes dead code
• replaces some old library by a newer one
• refactors
• add a feature and there is consensus about it (a few +1)

PRs will not be accepted if:

• modifies the original features
• adds features only needed by some individual
• brakes the travis build

[ChadKillingsworth]

@dgaya Thanks! I'll send a PR or 2 your way. Also, would you consider switching the license on your fork? I'm not sure of the implications of that, but the current license has always made me nervous.

[RnbWd]

I think I'm going to create an org - what should we call it? I don't want to use sinpopia unless @rlidwka is okay with it (love your work btw). I have some urls - like.. 'karmasync' 'event-loop' 'synctea' all .coms I'm not using at the moment (well karmasync links to a github clone and synctea is my sinopia) not that it matters but they're cheap and i don't think anyone is using them.

I want to collaborate with a group - it's not a one man project. there are other projects that are similar and it might be nice to merge with them, but none are as good as sinopia. Considering it seems to work perfectly fine for me at the moment

Feel free to use https://synctea.com for some http2 sinopia awesomeness.

I think this project deserves a working group.

edit: npm config set strict-ssl false if you decide to use synctea.com

edit: also i like what @dgaya did - but my original attempt was far more ambitious and changed lots of dependencies and code styles -- too bad I lost it - it's not worth looking for now

[dsuckau]

I really hope this project will be maintained again. We use sinopia in our company for private packages. We are kind of dependent on it now, but don't trust this repository anymore. I would contribute too....

[donny-dont]

@RnbWd maybe https://en.wikipedia.org/wiki/Sinopia would provide some inspiration.

Some things that pop out from it are

• hematite
• sinoper

[RnbWd]

Thanks - I haven't started working on anything yet but I agree with everyone that this project should be maintained. Sinopia seems to work for most things - i did notice some weirdness with @* names being pulled from npm - I just want a general consensus about what everyone is looking for, I'll need to go though the issues.

Syncing with external store (s3) is something I see mentioned constantly. I host using Docker - I can sync all the repos with an external volume that I can send to s3 or something, and I proxy with nginx. But if you're just relying on sinopia, adding hooks in the repo itself seems to be one of the most requested features, so that's one major feature that we need to decide if we want to expand it - or use external libraries for the management (like an external file watcher syncing repos)

But the critical necessity is to make sure that it will remain compatible with npm itself. It currently uses an older version of express to fake npm's backend - so if npm's api changes, then those will need to be reflected manually as express routes. But if modules from npm's repo could be used instead, then it might be possible simplify the express portion of the app without worrying about future compatibility. -- I need to create multiple test branches to see what's possible

[RnbWd]

I found a ton of resources here - awesome-npm

Here are a few modules that I think sinopia would benefit from:

• nrm - helps switch between different npm registries
• tarball-url-info from npm's repo, and I also like modules like tar-stream and tar-fs which might be a nice way to store the tars locally in sinopia's cache folder.
• npmo-auth-github - it's used for npm enterprise. Sinopia currently stores user info in a plaintext via httpasswd. IMO i think it's genius but it some people probably want a more robust login / auth method.
• ied and pnpm are alternatives to the npm-cli. The reason these might be useful has to do with their use of content-addressable_storage:
• abstract-blob-store has a rich ecosystem with hooks for leveldb, s3, google-cloud-storage, and it also works with distributed systems. If we really want to really ambitious - we could create an (optional) distributed network of npm modules using hyperdrive - which powers dat. It's a pretty cool system, they actually created a dat-npm repo that clones the entire npm registry just as an example project. It could also be used to sync sinopia registries between work / home - different cloud servers - across companies, different teams, etc. Right now everything is just stored in the local filesystem

food for thought 😆

[cuzzinz]

This line stood out on the wiki for me:

To make the faces in the final fresco, Cennini recommended that the artist first paint them with an undercoat of brownish green, called a verdaccio [...] then used a fine brush and sinopia to paint the lines under the eyes, around the nose, the eyebrows, the mouth and the shading under the upper lip.

verdaccio - a green color popular in late medieval Italy for fresco painting

Since it will be a fork, follow the subject the orig project used but a new "color." .... verdaccio

Just my 2 cents

P.S. I will definitely be testing out whatever fork is created. I am using it to help eliminate the need to locally cache any modules on a jenkins slave that is building via a docker container. Smaller footprint.

[jdx]

@RnbWd if you look at my project it does S3 syncing much better.

[RnbWd]

I'll definitely check it out - I haven't started working on anything yet.
If the startup I was working at last year didn't dissolve I'd have started
a fork 6 months ago - but I was able to brainstorm quite a bit - and the
iojs fork / es6 features made me hesitant to start any ambitious projects
On Tue, Apr 5, 2016 at 10:49 AM Jeff Dickey notifications@github.com
wrote:

@RnbWd https://github.com/RnbWd if you look at my project
https://github.com/dickeyxxx/elephant it does S3 syncing much better.
We use it in production at Heroku and it handles 1000 RPM beautifully.

—
You are receiving this because you were mentioned.

Reply to this email directly or view it on GitHub
#376 (comment)

[jmwilkinson]

What's the status on this? Is someone going to create an org called "verdaccio" and fork sinopia?

I will do it if I have to. I have just about 0 time to maintain it, though, so everyone here who is interested would have to help contribute, and hopefully shift the community over. To that end, a primary objective would be no api breaks.

If no one has taken the initiative by Monday, I'll go ahead and make it then.

[RnbWd]

I can't get mine to work anymore..

[trentearl]

This project is important to me and my company, I have created the organization: verdaccio

And forked the repo https://github.com/verdaccio/sinopia

I've added @RnbWd and happy to add others well.

I look forward to seeing this project continue to grow.

[trentearl]

Renamed to: https://github.com/verdaccio/verdaccio

[kachkaev]

But what if those guys were just given a gazillion dollars each to stop that work? @rlidwka (the original author of this project who suddenly disappeared a year ago) is now a member of Node.js on github (); which means that he could potentially get such an offer:

If you fork sinopia or verdaccio and contribute hard to it, don't be surprised to see an unusual message in your mailbox after some time. Just don't agree to meet at an abandoned cargo dock to get your gazillion! 😆

[trentearl]

@kachkaev I am an active maintainer of verdaccio, no need for conspiracy theories.

It is true I dont have a lot of time to dedicate to the project, mostly a couple of hours on the weekends. So far that seems sufficient for most users. None of the people who originally expressed interest in maintaining the project have followed through 😅

[jmwilkinson]

@kachkaev Where is my gazillion dollars? From the start I knew I wouldn't have much time, if any, to contribute, but I have a vested interest in not letting the project die. My role is primarily to add more maintainers if we have interested parties.

[juanpicado]

@kachkaev 11 !== 30. Let's be fair. I think the project has been stable for a while, all test were fixed and passes, maintainers and others reply messages the most of the time. Probably all we'd love work at verdaccio 24/7. I think they are doing a good job. The project only needs more contributors, that's all and some gazillion dollars for cokes on weekend of course ;) .

[monolithed]

So, sinopia or verdaccio? 😄
@rlidwka , there are some people who want to be contributors. Could you transfer some permissions for them? You have already done a great work, but you are being frivolous to ignore this problem.

[jonsharratt]

Just thought I would share another option, we have an active completely open source project called codebox-npm. Currently requires you to a) use GitHub as it uses it for authentication, b) AWS as your cloud provider. It is serverless via the use of the Serverless Framework.

https://github.com/craftship/codebox-npm

[sullyme]

@jonsharratt, just Github? No normal auth with token like sinopia?

[jonsharratt]

Not at the moment, just GitHub for now - looking to add selectable auth strategies such as GitLab, contributions welcome to implement it's own auth if people think that would be more useful. GitHub means you can instantly scope auth and give read only permission to your entire GitHub organisation.

[monolithed]

GitHub only is a bad idea, because it has been blocking by some countries for political and other "illegal" reasons.

[sniederm]

Hi guys, I'm also looking for a simple local NPM repository server and was happy to find Sinopia here, looks promising. Bad to see that it is retired. Seems that there is no really stable other NPM repository project out there, maintained by an healthy open source community. Beside the official NPM Enterprise version I found other repository servers with NPM support but they're not written in JS: https://www.sonatype.com/nexus-repository-oss and https://www.jfrog.com/open-source/
So, I only see three options: Stick with Sinopia and fix it, use one of the other (non-JS) projects or use NPM Enterprise. I've not decided yet, what to do... WDYT?

[juanpicado]

@sniederm https://github.com/verdaccio/verdaccio I'd add one more option ;) we have fixed sinopia for you and It's getting better.

npm install --global verdaccio

Update April 2018 / June 2018:

• Documentation: https://www.verdaccio.org/
• New and nice UI
• Plenty of bugs fixed
• Well tested on all Node versions
• Modern source code base
• New Storage API
• New Plugins
• Backward compatible with Sinopia 1.4.0

We are working on v3 with a lot of new features. You can try it with
v3 is out 🎉 🎉 🎉 🎉 🎉 !!

https://twitter.com/verdaccio_npm/status/1002153278686326784

npm install --global verdaccio@latest

Additionally, we have Docker support with more than 1.7 million pulls to this day.

docker pull verdaccio/verdaccio

and if you need Kubernetes support

helm repo add verdaccio https://charts.verdaccio.org
helm install --name npm verdaccio/verdaccio

https://www.verdaccio.org/docs/en/kubernetes.html

Questions?

http://chat.verdaccio.org

[czardoz]

In case someone is looking for a maintained open-source option, there's cnpmjs: https://github.com/cnpm/cnpmjs.org

I've never set it up myself, but they have instructions here: https://github.com/cnpm/cnpmjs.org/wiki/Deploy-a-private-npm-registry-in-5-minutes

[maraisr]

Thank you so much @juanpicado!! 🙌 pretty epic. Was a drop in replacement from my current Sinopia setup.

Currently running Verdaccio locally, pointing my @namespace to our on-prem Nexus proxy (through the config yaml) - and seems to work 100% okay!

Love your work mate!

[juanpicado]

@kachkaev don't be surprised to see an unusual message in your mailbox after some time

No email yet :) 2 years have passed. I' think that was a myth 😆 , also no gazillion dollars 😿

Anyway, jokes apart. 🤓 we are working on Verdaccio 4, new features, more stuff. Feel free to keep contributing.

https://github.com/verdaccio/verdaccio/projects/10