NPM MVC prototyping
We know we want to achieve NPM support within our package management feature (&186 (closed)), but we need to do some work to identify how this should work.
At a very high level, should we build this ourselves or should be leverage something like Verdaccio.
We would be able to move more quickly, with a richer set of features by integrating an existing solution. However it could end up slowing us down long term, if it becomes challenging to build deeper integration between the products.
A couple areas to keep in mind as we evaluate options:
- Ability to ship this to customers
- Ability to use, scale on GitLab.com
- Authentication, Authorization, Auditing
- What would the UI look like? Could it look like?
- What features set could we achieve in an MVC? In a short time after? What feature set could we achieve via integration?
- Overall velocity
Verdaccio details
- NodeJS app (surprise!), MIT license.
- Includes its own official container and helm chart.
- Auth is pluggable, and plugins already exist for GitLab UN/PW, PAT, and Job tokens: https://github.com/verdaccio/verdaccio/blob/master/docs/plugins.md
- Storage is pluggable, but no official object storage. There is an S3 plugin separately maintained, but does not appear like other object storage platforms are supported.
- Auditing is pluggable, but we'd need to write this.
Edited by Joshua Lambert