search

Configuring Composer

How to configure the npm package manager

This page explains how to configure the Composer package manager to pull packages from the Seal artifact server based on your existing setup.

Make sure you have the access token for the server ready.

hashtag
Pull directly from the artifact server

The Composer repository is configured via the following commands:

# Configure the repository
composer config repos.packagist composer https://packagist.sealsecurity.io/

# Configure the authentication method
composer config --auth http-basic.packagist.sealsecurity.io $PROJECT_ID $TOKEN

  1. In the $PROJECT_ID put the name of your project. This value will later be used in the reporting to indicate which project pulled which vulnerable package.

  2. In the $TOKEN we need to put the access token to the artifact server.

hashtag
Pull using JFrog's Artifactory

  1. Go to JFrog's Artifactory configuration and create a new remote Composer repository.

    1. In the Basic configuration, choose whatever Repository Key you like.

    2. Set https://packagist.sealsecurity.ioarrow-up-right as the URL.

    3. In the User Name field use jfrog.

    4. In the Password / Access Token field paste the token you created earlier.

  2. Click the Test button. This will test whether the connection and authentication to the Seal artifact server is configured properly.

  3. Save the new repository, and set it as the top priority remote repository in the virtual repository you're using.

PreviousConfiguring GemNextConfiguring Go

Last updated