如何根据许可证安装仅适用于一个项目的私有 NPM package?
[英]How to install a private NPM package that only works on one project as per the license?
问题描述
Let's say I have an NPM organization and I just created a private npm module with my company's IP/framework that we reuse internally.
假设我有一个 NPM 组织,我刚刚使用我公司的 IP/框架创建了一个私有 npm 模块,我们在内部重用了该模块。
I want this module to be reused in multiple projects for multiple clients.我希望这个模块可以在多个客户的多个项目中重用。 However I want to offer this private npm package only once / project / client.但是,我只想/项目/客户一次提供这个私人 npm package。 (Or: once / machine / client) (或:一次/机器/客户端)
How do I avoid the client taking that private npm package and reuse it for other projects without my company agreeing to it by purchasing another license?如何避免客户使用该私有 npm package 并将其重新用于其他项目,而我的公司未通过购买另一个许可证同意它?
Is there a way to protect packages like this for an agency/client type lincensed relationship?对于代理/客户类型的特许关系,有没有办法保护这样的包裹?
I know with an.npmrc file the client's server where the package is installed needs to be authenticated, however I don't know if that authentication can be restricted to a single Host/IP or something similar?我知道使用 .npmrc 文件需要对安装 package 的客户端服务器进行身份验证,但是我不知道该身份验证是否可以限制为单个主机/IP 或类似的东西?
Is there a solution for this?有解决方案吗? If not, what would it take to develop it?如果没有,开发它需要什么?
1 个解决方案
解决方案1
1 2020-06-07 10:01:01
Since the packages will be served via HTTP(S), you can enforce the clients to go through an API gateway, which will enforce those rules of rate limiting you want, so for example you can use Kong's Rate Limiting feature ( https://docs.konghq.com/hub/kong-inc/rate-limiting/ ), setup a Kong API gateway as a proxy for the npm registry.由于包将通过 HTTP(S) 提供服务,您可以通过 API 网关将客户端强制为 go,这将强制执行您想要的速率限制规则,例如,您可以使用 Kong 的速率限制功能 ( Z5E056ZC://500A1C4BADEA55050A1C4BADEA docs.konghq.com/hub/kong-inc/rate-limiting/ ),设置 Kong API 网关作为 npm 注册表的代理。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.