Project no longer maintained?

[mattfysh]

It seems this project is no longer being maintained, with a high number of unanswered pull requests and issues raised. The last version v1.4.0 was published 8 months ago. I've reached out to the author via email a week ago and have not yet received a response

Does anyone know the process here is, anyone interested in forking this project and publishing under a new name?

[mathieumg]

@todkap Good read. It mentions Slack integration with webhooks, is the code for that feature in a fork on GitHub? Thanks!

[todkap]

@mathieumg Please look at https://github.com/aeweidne/sinopia/blob/master/lib/index-api.js There is code that notifies via webhook in various spots. You can find it via the required middleware that was added at the top of the resource.

[fcanela]

It seems to be some agreement on use Verdaccio as name and org.

Several days have passed and Verdaccio org have no members. There is still an intent to push this forward?

I also found @dickeyxxx Elephant to be a viable alternative for me, but I have been unable to make it work because of some AWS redirect errors.

[aeweidne]

There definitely is, it's just a large project with many moving parts that are taking some time to coalesce. I can confirm that we have open stories to get aeweidne/sinopia in a merge-able state with verdaccio/verdaccio

[jdx]

@olalonde if you want a 12-factor app that runs on Heroku, you should definitely check out https://github.com/dickeyxxx/elephant

[RnbWd]

I decided to start working on it today - the first thing I'll do is create a stable docker container that's just working a snapshot of this version as it is today, probably will run node v10, I want the container to be a snapshot of 1.5 years ago. Then I'll check out all the forks here, and I'll be focusing on the docker ecosystem. I honestly want to purge all the code associated with the plugin infrastructure - including the yaml / config files etc. - Using Docker as a plugin ecosystem would drastically simplify the node codebase - and increase the plugin ecosystem to include all of docker - so that makes the most the sense to me.

[rmg]

@RnbWd you mean making docker a pre-requisite for running this as a registry?

[RnbWd]

No, it shouldn't be necessary to run sinopia, but I think sinopia would be easier maintain if the codebase was simplified. Docker's main usefulness would be for 3rd party storage services - like s3, databases, external volumes, etc. - but at the same time if the current source code could be separated into maybe 3 modules, it'd be capable of everything and feel less like spaghetti.

[rmg]

Ah, OK. I think I understand what you mean now.

[sullyme]

I think the best thing to do now is to update code for user management and other things to stay up to date to latest npm environment. Now I have a lot errors for example in "npm logout", and many problems for a simply auth system without "npm login" everytime with username, pass and especially email (I'd like for example insert everything in .npmrc).

[RnbWd]

my docker files are updated and work.. but it's just preserving the library in this form within an environment that's consistent... hopefully.

https://github.com/RnbWd/sinopia-docker

I have no idea how to run this library don't know how to get it to work properly on my local machine outside of the docker container, the dependencies are outdated.

[gaelreyrol]

Hello everyone,

I am bit late in the discussion but I made a fork with all useful pull requests merged and I use it at work every day and we plan to completely rework sinopia: https://github.com/Soyhuce/cinabre/milestone/1.

https://github.com/Soyhuce/cinabre

Maybe we can start a Slack/Discord to discuss about how sinopia can evolve ?

[sullyme]

@Zevran, i'm in. Please tell me where to slack.

[jmwilkinson]

I think we may need to go with Zevran's solution. I simply don't have the time to do anything with verdaccio right now, and even if I did treanterl hasn't touched it since May 5th... I still believe the ideal solution would be to have a community repository rather than a private one. More distributed maintenance means we likely wouldn't run into the problem we have now, where sinopia has dropped off an verdaccio is in the process of doing so.

That being said, if cinabre is being maintained and actively developed, yeah, let's move to that.

[RnbWd]

I've been able to get this base version of sinopia working in docker containers - including the latest release of node / npm @ v6.3.1. I'm also trying to test how it works running in an alpine container. I hosted a $5 digital ocean repo at https://event-loop.com (legit domain... I know).

So if anyone wants to download some repos, plublish random repos with symbols / updated versions, - maybe try to recreate what broke in the system for you in the past? I'm just curious if to see how it holds up / whether there's optimal environmental variables that are causing some problems.. But don't actually use the repo for anything important... because I'll randomly be deleting it and reconfiguring from there. -It's just running with jwilder/nginx-proxy - lets encrypt.

Regarding the future - I'm open to anything - but at the same time if it works it works.

Edit: typos

[ghost]

I put a lot of time into verdaccio to eliminate the race condition bugs and make it work on all platforms, and we are running that version now at work. If momentum switches elsewhere, we will stay with verdaccio I expect, unless everything is merged in. Longer term I expect to be switching to a commercial solution anyway.

[RnbWd]

Side note: why are we trying to rename the repo? It's released under a .wtfpl

[ghost]

How would you npm publish it without renaming it?

[RnbWd]

\ I'm not attached to the name sinopia - it's just random keeping track of parallel forks of the same repo - each with a completely different name. Sinopia at least has some name recognition.. I'd just call it sinopia2 or sinopia-repo or spm (sinopia package manager) I don't know. But I can be involved in all of them idc. Whatever you guys want help with.

[RnbWd]

Sorry I had an permission issues with a linked volume in the container so I reset it - I'm not monitoring it or anything just curious if it's relatively stable ..

Not* monitoring it for anything just a tester

[rmg]

I still believe the ideal solution would be to have a community repository rather than a private one.

An open source registry implementation would be an excellent candidate for hosting under the Node.js Foundation organization (as in https://github.com/nodejs/registry or something like that).

[gaelreyrol]

Hi everyone,

I have made ​​a form so we can get a better overview of what everyone wills : https://sinopia.typeform.com/to/a6bkEb

I will share the results on Google Sheets when I will have more than 10 entries :)

I hope it will help !

28/07/2016 - 11:00 AM : 7 entries

[olalonde]

@Zevran great. Just wanted to point out that the email field is marked as required but the text says to only write email if we want to contribute.

[ChadKillingsworth]

I wish to point out that the project does not have to be renamed. npm policy specifically allows for abandoned projects to be transferred to new owners: https://docs.npmjs.com/policies/disputes#description

[gaelreyrol]

@olalonde Fixed :)

We have reached 14 entries, here is the link of the result : https://docs.google.com/spreadsheets/d/18z0N3r-lzQnMbPNsbZZjfWA1BHuS1AZeAHXrbiulMdk/edit?usp=sharing

I think we can wait a few days at least and then discuss about it, what do you think ?

[rmg]

@Zevran when I checked there were 15.. but no sign of my own entry. Did it redirect to a new sheet when you fixed the email field?

[RnbWd]

where are we going to discuss it?

edit: maybe something like gitter or slack? whatever's easiest. I'm also hosting a github clone (gogs) on the same $5 droplet - and that url is https://synctea.com - I think i the settings are configured to not show repos unless you create an acccount? but email conf / etc. is disabled. I'll probably destory droplet in a few weeks, but gogs mirrors repo's and has webhooks and ui almost the same.- so I don't mind hosting some brainstorm seshs (whatever) just so we can figure out a plan before probably creating an org for sinopia I assume

double-edit: just created an org on gitter - sinopia - here's a link to join

https://gitter.im/sinopia/Lobby?utm_source=share-link&utm_medium=link&utm_campaign=share-link

I 've never actually created an org there so I don't know what the permissions are and it's not synced anywhere (forget about my vps but feel free to experiment while it exists)

[olalonde]

Somewhat related: https://github.com/npm/registry/issues/41

[gaelreyrol]

@rmg I've updated the sheet :)

@RnbWd I wanted to know who would to contribute firstly to get their email and start a discussion upon that.

Are we on the same slot ? It seems most of you are in the US while I am in EU so maybe we should schedule a rendez vous this week ?

[jrm2k6]

So what is the status for it? I am interested in using sinopia or forks for it but which ones are used and maintained?

[SEAPUNK]

Quickly pinging @rlidwka one more time, as it would still be nice to get (even a short) status update from them.

[jmwilkinson]

verdaccio is now being actively maintained and is passing tests. I would encourage people to contribute to it.

[kachkaev]

Looks like verdaccio is no longer maintained as well (both group owners have been completely silent for about one month). Strange things are happening to those who implement a free version of Nodes's source of revenue :laughing: Who's next?

[kribblo]

@kachkaev I was thinking the same, been looking dead for a while.

Strange things are happening to those who implement a free version of Nodes's source of revenue

Aha so that's it!

[qballer]

They had a merge 10 days ago.

[kachkaev]

But what if those guys were just given a gazillion dollars each to stop that work? @rlidwka (the original author of this project who suddenly disappeared a year ago) is now a member of Node.js on github (); which means that he could potentially get such an offer:

If you fork sinopia or verdaccio and contribute hard to it, don't be surprised to see an unusual message in your mailbox after some time. Just don't agree to meet at an abandoned cargo dock to get your gazillion! :laughing:

[trentearl]

@kachkaev I am an active maintainer of verdaccio, no need for conspiracy theories.

It is true I dont have a lot of time to dedicate to the project, mostly a couple of hours on the weekends. So far that seems sufficient for most users. None of the people who originally expressed interest in maintaining the project have followed through 😅

[jmwilkinson]

@kachkaev Where is my gazillion dollars? From the start I knew I wouldn't have much time, if any, to contribute, but I have a vested interest in not letting the project die. My role is primarily to add more maintainers if we have interested parties.

[juanpicado]

@kachkaev 11 !== 30. Let's be fair. I think the project has been stable for a while, all test were fixed and passes, maintainers and others reply messages the most of the time. Probably all we'd love work at verdaccio 24/7. I think they are doing a good job. The project only needs more contributors, that's all and some gazillion dollars for cokes on weekend of course ;) .

[monolithed]

So, sinopia or verdaccio? 😄 @rlidwka , there are some people who want to be contributors. Could you transfer some permissions for them? You have already done a great work, but you are being frivolous to ignore this problem.

[jonsharratt]

Just thought I would share another option, we have an active completely open source project called codebox-npm. Currently requires you to a) use GitHub as it uses it for authentication, b) AWS as your cloud provider. It is serverless via the use of the Serverless Framework.

https://github.com/craftship/codebox-npm

[sullyme]

@jonsharratt, just Github? No normal auth with token like sinopia?

[jonsharratt]

Not at the moment, just GitHub for now - looking to add selectable auth strategies such as GitLab, contributions welcome to implement it's own auth if people think that would be more useful. GitHub means you can instantly scope auth and give read only permission to your entire GitHub organisation.

[monolithed]

GitHub only is a bad idea, because it has been blocking by some countries for political and other "illegal" reasons.

[sniederm]

Hi guys, I'm also looking for a simple local NPM repository server and was happy to find Sinopia here, looks promising. Bad to see that it is retired. Seems that there is no really stable other NPM repository project out there, maintained by an healthy open source community. Beside the official NPM Enterprise version I found other repository servers with NPM support but they're not written in JS: https://www.sonatype.com/nexus-repository-oss and https://www.jfrog.com/open-source/ So, I only see three options: Stick with Sinopia and fix it, use one of the other (non-JS) projects or use NPM Enterprise. I've not decided yet, what to do... WDYT?

[juanpicado]

@sniederm https://github.com/verdaccio/verdaccio I'd add one more option ;) we have fixed sinopia for you and It's getting better.

npm install --global verdaccio

Update April 2018 / June 2018:

• Documentation: https://www.verdaccio.org/
• New and nice UI
• Plenty of bugs fixed
• Well tested on all Node versions
• Modern source code base
• New Storage API
• New Plugins
• Backward compatible with Sinopia 1.4.0

We are working on v3 with a lot of new features. You can try it with v3 is out 🎉 🎉 🎉 🎉 🎉 !!

https://twitter.com/verdaccio_npm/status/1002153278686326784

npm install --global verdaccio@latest

Additionally, we have Docker support with more than 1.7 million pulls to this day.

docker pull verdaccio/verdaccio

and if you need Kubernetes support

helm repo add verdaccio https://charts.verdaccio.org
helm install --name npm verdaccio/verdaccio

https://www.verdaccio.org/docs/en/kubernetes.html

Questions?

http://chat.verdaccio.org

[czardoz]

In case someone is looking for a maintained open-source option, there's cnpmjs: https://github.com/cnpm/cnpmjs.org

I've never set it up myself, but they have instructions here: https://github.com/cnpm/cnpmjs.org/wiki/Deploy-a-private-npm-registry-in-5-minutes

[maraisr]

Thank you so much @juanpicado!! :raised_hands: pretty epic. Was a drop in replacement from my current Sinopia setup.

Currently running Verdaccio locally, pointing my @namespace to our on-prem Nexus proxy (through the config yaml) - and seems to work 100% okay!

Love your work mate!

[juanpicado]

@kachkaev don't be surprised to see an unusual message in your mailbox after some time

No email yet :) 2 years have passed. I' think that was a myth 😆 , also no gazillion dollars 😿

Anyway, jokes apart. 🤓 we are working on Verdaccio 4, new features, more stuff. Feel free to keep contributing.

https://github.com/verdaccio/verdaccio/projects/10