In search results you can see names of private packages

[darkowic]

I have private and not visible package with name starting with d

But when I start typing in search as a anonymous user I can see it.

[juanpicado]

Can you elaborate this a bit more?

[darkowic]

There was an error in my post - the package name starts with 'd'.

ok example - Package is called e.g. demo. It is private package. When you type d in search on page, the demo package will be listed even though it should not be there (couse is private)

[silkentrance]

See also #15 which might already provide a fix for this issue.

[juanpicado]

@darkowic Could you share the configuration of your demo?

[darkowic]

@juanpicado What do you mean the configuration? The js package json config or the verdaccio config?

[silkentrance]

@darkowic does this occur after you restarted the verdaccio server or after that you published a new private package to the running verdaccio server?

[juanpicado]

@darkowic verdaccio config file. I need to know how to reproduce it.

[AvailCat]

Which version of verdaccio? this issue should fixed after 2.1.5

[darkowic]

$ verdaccio --version
2.1.0

#
# This is the default config file. It allows all users to do anything,
# so don't use it on production systems.
#
# Look here for more config file examples:
# https://github.com/verdaccio/verdaccio/tree/master/conf
#

url_prefix: something

# path to a directory with all packages
storage: ./storage

auth:
  htpasswd:
    file: ./htpasswd
    # Maximum amount of users allowed to register, defaults to "+inf".
    # You can set this to -1 to disable registration.
    max_users: -1

# a list of other known repositories we can talk to
uplinks:
  npmjs:
    url: https://registry.npmjs.org/

packages:
  'demo*': # here is something else but it should not affect anything
    access: $authenticated
    publish: $authenticated

  '**':
    # allow all users (including non-authenticated users) to read and
    # publish all packages
    #
    # you can specify usernames/groupnames (depending on your auth plugin)
    # and three keywords: "$all", "$anonymous", "$authenticated"
    access: $authenticated

    # allow all known users to publish packages
    # (anyone can register by default, remember?)
    publish: $authenticated

    # if package is not available locally, proxy requests to 'npmjs' registry
    proxy: npmjs

# log settings
logs:
  - {type: stdout, format: pretty, level: http}

The package I host here is called e.g. demo-something.

@silkentrance I don't remember if it occurs with first publishing. But, I was restarting the server many times and it is still reproducible

[AvailCat]

@darkowic So you should update your verdaccio, latest version is 2.2.1

[darkowic]

Maybe. But still I added this issue while ago. Will update it and we will see if this can be closed :) 27.06.2017 15:58 "Meeeeow" <notifications@github.com> napisał(a):

…

Closed #107 <#107>. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#107 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AK-jNeEoPv9PFp47tYL4xTFRqKOh42vYks5sIQo1gaJpZM4LWRYp> .

[AvailCat]

I can confirm it's fixed in latest version, have a try

[darkowic]

Thanks then! I will try 27.06.2017 16:11 "Meeeeow" <notifications@github.com> napisał(a):

…

I can confirm it's fixed in latest version, have a try — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#107 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AK-jNQQ3Od0cd3j4sT4vRGQg_AYxAOtDks5sIQ2pgaJpZM4LWRYp> .

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.