Fetch a package with Verdaccio and Gemfury as Uplink (Bearer Token)

config.yaml

storage: ./storage
plugins: ./plugins
web:
  title: Verdaccio
auth:
  htpasswd:
    file: ./htpasswd
uplinks:
  npmjs:
    url: https://registry.npmjs.org/
  gem:
    url: https://npm.fury.io/YOUR_USERNAME/
    auth:
      type: bearer
      token: YOUR_TOKEN
packages:
  '@*/*':
    access: $all
    publish: $authenticated
    proxy: npmjs
  my-private-gemfury-package:
    access: $all
    publish: $authenticated
    proxy: gem
  '**':
    access: $all
    publish: $authenticated
    proxy: npmjs
middlewares:
  audit:
    enabled: true
logs:
  - {type: stdout, format: pretty, level: http

steps.md

Get the Token

1. Go to website and copy token from website https://manage.fury.io/manage/YOUR_USERNAME/tokens

or

npm adduser --registry https://npm.fury.io/YOUR_USERNAME/
# set your username, password and email.
cat ~/.npmrc    
# copy token from there

Hey @juanpicado thanks for putting this together. We are able to pull from gemfury as an uplink like this for any non-scoped packages.. But for any package on gemfury that has any @scope/ namespacing we get 403: error: invalid filename in verdaccio.

Example:
in config.yaml

uplinks:
  gemfury:
    url: https://npm-proxy.fury.io/KEY/USER/

in .npmrc:

registry=http://path.to.verdaccio.proxy.com/

no problems:

> npm install private-package1

Works only with registry set to gemfury directly, not verdaccio proxy:

> npm install @private/scoped-package
npm ERR! 403 Forbidden: @private/scoped-package@^1.0.0

log in verdaccio server:

 http <-- 403, user: null(IP.REDACTED), req: 'GET /@private%2fscoped-package/-/%40private%2Fscoped-package-1.0.0', error: invalid filename