Skip to main content
DANIAN

Fully Managed Verdaccio
as a Service

Deploy Verdaccio as a fully managed service starting at €9/mo. Get automated backups, SSL, updates, support and monitoring included.

Verdaccio is a lightweight private npm proxy registry — host internal JavaScript packages, mirror npmjs.org with a cooldown window, and block known-bad versions — combining the convenience of a hosted SaaS registry with the security and control of self-hosted infrastructure.

Free 7-day trial  99.9% Uptime SLA  No credit card  Cancel anytime

Free 7-day trial  99.9% Uptime SLA
No credit card  Cancel anytime

Start free trial
Pricing
Verdaccio

Verdaccio

STARTING AT

€9/month
Automated Backups
Monitoring
Automated Updates
Auto SSL

USAGE

Unlimited
Human Support
Custom Domains
Terminal Access
File Manager Access
Deploy in your region 21 locations worldwide
GermanyFinlandNetherlandsUKSwedenUnited StatesCanadaSingaporeJapanAustraliaBrazilSouth Africa+9 more →
Verdaccio Preview Image

ABOUT THE SOFTWARE

What is Verdaccio

Verdaccio is an open-source private npm proxy registry — a self-hosted endpoint your team's npm, pnpm, yarn, and bun clients point at instead of npmjs.org. It caches public packages, hosts your private scopes, and lets you filter or block versions before they reach a build.

First released in 2018, Verdaccio is MIT-licensed and maintained by a volunteer team under the OpenJS Foundation. The registry binary itself is a single npm package — install it, point a config file at a storage directory, and a working private registry is up. The Docker image and an official Helm chart are also published.

Many large open-source projects use Verdaccio for end-to-end testing — create-react-app, pnpm, Storybook, Babel, Angular CLI, and Docusaurus among them — because it boots in seconds and behaves identically to the public registry. The same properties that make it suitable for ephemeral CI make it a sound choice for a long-running internal registry: a tiny database, a clean plugin surface (storage, auth, filters), and no required external services to get started.

FEATURES

What Verdaccio does

Verdaccio sits between your team and the public npm registry, mirrors what you need, hosts what you write, and applies a filter to what you don't trust yet. Eight capabilities matter most for production use.

Proxy and cache upstream

Mirrors npmjs.org transparently. Downloaded tarballs are kept locally; if upstream is down, recent installs still resolve.

Cooldown and block filters

The @verdaccio/package-filter plugin enforces minimum age, fixed date thresholds, and explicit block rules by scope, package, or semver range.

Pluggable storage

Default is local filesystem. Community plugins move storage to AWS S3, Google Cloud Storage, or Azure Blob if disk growth becomes a concern.

Token-based CI authentication

Scoped, time-bounded tokens issued separately from developer credentials. Rotate without invalidating developer sessions.

Host private scopes

Publish @yourorg/* packages that never touch the public registry. Same npm publish flow your team already uses.

Scoped access control

Per-scope rules for access, publish, and unpublish. Anonymous reads, authenticated writes, admin-only deletes — composed however you need.

Pluggable auth

Default is htpasswd with bcrypt. Plugins available for LDAP, GitHub OAuth, GitLab, OIDC, and several SSO providers.

Compatible web UI

Browse published versions, copy install commands, and read README content. Useful for non-engineers who need to find a package by name.

Software Source
Documentation
Video Tutorials

WHAT'S ALWAYS INCLUDED

Every app. Fully managed.
Nothing extra to pay for.

Every app you deploy includes the full managed service — security, backups, updates, and support from day one.

Automatic updates and patches

Apps run the latest stable version. Security patches applied silently, with rollback if needed.

Daily off-site backups

Multiple daily backups in redundant off-site locations. One-click restore if anything goes wrong.

24/7 uptime monitoring

Continuous monitoring with instant alerting. We respond before you notice.

SSL, firewall, DDoS protection

Auto-renewing SSL, hardened firewall rules, DDoS mitigation on every deployment.

Performance and scaling

We monitor resource usage continuously. When your app needs more headroom, we flag it and upgrade with your explicit approval.

Dedicated engineering support

Real engineers on chat. DNS, SMTP & migration help. All included in €9.

Start 7-day free trial

WHY MANAGED

Why teams pick managed Verdaccio

Three waves of npm worm attacks in nine months — Shai-Hulud in September 2025, Shai-Hulud 2.0 in November 2025, and Mini Shai-Hulud in May 2026 — pushed teams to put a controlled gateway between their builds and the public registry. Verdaccio is the obvious tool. Running it well is the work.

"Just running Verdaccio" doesn't include the operational tail: a storage directory that grows unbounded as cached tarballs accumulate, the deprecated crypt algorithm still used in default htpasswd configs, the reverse-proxy upload limit that quietly rejects packages above 1MB, the single-replica architecture (the registry does not cluster, and the Helm chart's volume is ReadWriteOnce). The default config file ships with a warning that reads "don't use it on production." It's accurate.

The September 2025 Shai-Hulud worm compromised over 500 npm packages within a few hours, including @ctrl/tinycolor and several CrowdStrike packages, before being removed. Shai-Hulud 2.0 in November hit roughly 796 packages and 1,092 versions across about 25,000 GitHub repositories. Detection-to-removal windows in both waves ranged from 2.5 to 12 hours. The @verdaccio/package-filter plugin's minAgeDays option blocks every fresh version published less than N days ago — a 7-day cooldown would have prevented every one of these compromises from reaching a developer's lockfile.

REVIEWS

Hear from customers ​like you​​​​​​​

Successful businesses and professionals around the world rely on DANIAN every day
5 stars review

No more maintenance headaches!

Finaly, I can relax and not bother with maintenance. Each of the softwares that we run on DANIAN is automated and running stable for couple months already. They even assist us with modifying the DNS records. Once we needed to modify the config of Nextcloud so that we are able to upload higher than 5GB files and they assisted us fast. I also love their documentation!

Review from Kevin Blackwell

Kevin Blackwell

Review Origin United States
5 stars review

Best managed service

I previously ran Peertube, Mastodon, Mattermost and Mirotalk on other providers before switching to DANIAN. I was tired of handling the updates and backups myself. Not only that the performance is "out of this world" fast, but their tech support is amazing. Since then I added 5-10 more Apps on my account. I also love how they add more softwares on their list constantly!

Review from William Northfield

William Northfield

Review Origin United Kingdom
5 stars review

Love the personalized service!

I own an ecommerce startup. I knew that I need some softwares so that I add automations in my biz. I hopped on their livechat and I explained my needs. Albert recommended me couple softwares, each for a specific use-case. I signed up for the free trial and tested all. Ended up activating 6 apps. Everything is running smooth 2 months so far. I love the personalized service that I get with them!

Review from George Adams

George Adams

Review Origin United States
5 stars review

n8n runs excellent

We needed to add the ffmpeg functionality to our n8n instance. I contacted their support team. They made the required changes in couple minutes and notified me. Usually for this type of service I would need to hire a developer on a hourly basis. Love them!

Review from David Hartmann

David Hartmann

Review Origin Germany
5 stars review

Smooth experience

I needed a way to manage the projects and files for my company. This was the first time I learn about opensource. I asked their support and livechat and they assisted me immediately. I started with Openproject. Later I added Nextcloud. My team were able to get used to the apps fast.

Review from Levi Nilsso

Levi Nilsson

Review Origin Norway
5 stars review

Bye GA

I wanted to replace GA with something but I didn't know the options. I talked with Jack on the livechat. Couple minutes after that, I have a running Matomo Analytics. They even configured the tracking and connected it with my website. I have only words of appreciation and respect!

Review from Wyatt Mitchell

Wyatt Mitchell

Review Origin Canada
5 stars review

Love the freedom

I wanted to use a crm for my startup. I signed up for the free trial. Tried out espocrm and dolibar and picked one. Their dashboard is very easy for a beginner. I recommend them and feel confident in choosing them.

Review from Elias Koch

Elias Koch

Review Origin Germany
5 stars review

Wow just wow

After discovering DANIAN, I wished I'd found them sooner — their solution is excellent and deserves wider recognition. Very good solution!

Review from Tyler Hollander

Tyler Hollander

Review Origin Canada
5 stars review

Professional tech support!

I thought that I knew what I was doing and I made changes in the Mattermost backend config file. Then it broke. I reached out to their tech and received an incredibly specific and fast response. They found the error fast and provided a clear solution.

Review from Bastian Engel

Bastian Engel

Review Origin Germany
5 stars review

Their support team is the best!

I had a problem with my card and the subscription could not be renewed in time. I notified their support and surprisingly, they showed much understanding. They basically left my apps run until I solved the card issue. Other providers would have deleted my data in a heartbeat. This is the way to build client-vendor trust!

Review from George Adams

George Adams

Review Origin United States
5 stars review

Fair price and fast

4 months ago I activated n8n, Uptime kuma, Vaultwarden and Paperlessngx. So far everything is perfect. The performance of all apps is excellent. I contacted their support team couple times for using custom subdomains for the apps and they were fast and kind. I'm constantly recommending them to my network!

Review from Atanas

Atanas

Review Origin Macedonia
5 stars review

Vaultwarden 10/10

I wanted to selfhost a passwords manager for my company but I didn't trust the mainstream providers. I tried out Vaultwarden for the free trial. I loved how their support team communicated with me professionally but still kind. I know that I can contact them whenever with whatever question I have. Recommended!

Review from James Smith

James Smith

Review Origin United States
5 stars review

Multiple locations options

I run an agency. The majority of our clients are in different countries. I love that DANIAN has 20+ countries and I can spin up any app in any location. This gives us the freedom to focus on our clients. Sure, I can employee a dev in my team, but honestly, I prefer to not have those headaches. With DANIAN everything is running 24/7.

Review from Edward Nelson

Edward Nelson

Review Origin United States
5 stars review

Everything just works!

My focus is on my business, not running servers. I love that I can lauch any app without having to think about the tech behind it. Everything just works!

Review from Tony Roy

Tony Roy

Review Origin United States
5 stars review

Awesome support team!

I signed up for the free trial in order to test Chatwoot. I needed to put a livechat widget on my website but I don't have much tech experience. I contacted their support to see if they can assist. They went above and beyond by generating the livechat widget code for me and inserting it in my website. They answered all my additional questions. 

Review from Filip

Filip

Review Origin Austria
5 stars review

Very proactive!

Today couple of the videos on my Peertube got viral. Before I even noticed, their support have notified me via email that they proactively upgraded my app with more cpu & ram so that it continues to work without any downtime. They left the upgraded app with the added resources for couple days until the traffic stabilizes. After that I had the possiblity to stay on the same plan or keep the upgraded plan. Out of gratitude I stayed on the upgraded one.

Review from Luke Hall

Luke Hall

Review Origin Australia
5 stars review

Win-win!

I run a web design biz. After I perform the work for my clients, they constantly ask me for more software solutions. So I partnered with DANIAN. Not only I provide the requested softwares for my clients and get the increased revenue boost by delegating all to DANIAN, but also for those clients that wish to order directly from DANIAN, I send them an affiliate link. Win-win on all sides!

Review from Luke Walker

Luke Walker

Review Origin United Kingdom
5 stars review

Flexible

For the past couple months I was running many apps with DANIAN for my clients. But one of my clients wanted a software that isn't on the current list. I talked with their tech support. They accomodated me and added the software the same day. The next day, I signed for their Partners program. We will go long way together!

Review from Jeffrey Johnson

Jeffrey Johnson

Review Origin United States
5 stars review

Awesome customer service

I needed to add analytics on my website but I didn't know anything about DNS. Their team guided me at all phases and they performed the changes for me. Additionally they were transparent and notified me of every change applied and steps performed.

Review from Gabriele Marino

Gabriele Marino

Review Origin Italy
5 stars review

Good admin dashboard

Not only that I got Chatwoot, I also have access to the management dashboard. I love that I can view my hourly/daily usage and perform manual backups and restorations if needed. I don't need the level of control but it feels good to know that I have it if I need it.

Review from Matthew Turner

Matthew Turner

Review Origin Canada
5 stars review

Financially wise decision

Why install Chatwoot on a VPS that will cost me $20-25/month. Then worry about security, updates, backups, etc. Instead, I can activate it on DANIAN the same day for half the price. Plus, less headaches for maintenance. So happy I found out about this company!

Review from Andreas Schmitt

Andreas Schmitt

Review Origin Germany
5 stars review

Great service!

I configure custom Matomo tracking for my clients as a monthly service. Many of my clients were asking if they can selfhost Matomo instead of using the Cloud service. My employee recommended DANIAN. Basically, I can activate as much Matomo's in any of 20+ countries the same day. Additionally the affiliate revenue is a nice bonus.

Review from Jacob Turner

Jacob Turner

Review Origin United States
5 stars review

Smooth experience

I was listing through youtube tuts on how to install Bookstack myself. Then randomly, I found their video playlist exactly for Bookstack. Got curious and went at their website. For the same price (or higher) that I would pay for just the VPS, with them I'm getting a fully managed Bookstack. It's a no-brainer decision!

Review from Elias Gustafsson

Elias Gustafsson

Review Origin Sweden
5 stars review

I love opensource software

2 days ago I haven't heard about opensource softwares. Today I'm running 4 apps and enjoying the trip. Hey, 1 month later I may become a developer, haha just kidding. Love you guys!

Review from Mason Hayes

Mason Hayes

Review Origin United Kingdom
5 stars review

Its a great service

Its a great service. I love the performance of my Mastodon community. It keeps on growing and I don't have any worries about backups, secuirity, updates, etc.

Review from Vinícius Rocha

Vinícius Rocha

Review Origin Brazil
5 stars review

Very intuitive solution!

I wanted to use a nocode software for my company. A friend recommended them so I tried both Baserow and NocoDB, couple days later picked one.

Review from Haruto Hashimoto

Haruto Hashimoto

Review Origin Japan
5 stars review

Top-notch security

Honestly, I don't care much about performance and functionalities. I just wish to not bother with hacking attacks so that I can focus on my firm. I recommend them!

Review from Henrik Otto

Henrik Otto

Review Origin Germany
See more reviews

USE CASES

Three teams who run Verdaccio on DANIAN

These are representative team types we set up most often. Each starts with the same flat €9 plan.

6-PERSON FRONTEND AGENCY

Replacing npm Teams after the second supply-chain audit failed

Spain region. Publishes four internal @studio/* design-system packages consumed across eight client engagements. Cooldown set to 7 days for upstream; S3 storage plugin enabled for backup parity. CI runners point at a single .npmrc snippet rolled out via the agency's project template.

15-PERSON SAAS ENGINEERING TEAM

Cooldown raised to 30 days after Shai-Hulud 2.0

Germany region. Public-package proxy locked behind a reverse-proxy IP allow-list. CI publishes nightly builds to dist-tag: next under @yourapp/*; the 30-day cooldown applies only to upstream. The platform team raises the date threshold on the first business day of each quarter.

3-PERSON DEVTOOLS STARTUP

Pinned the registry to a known-good snapshot before launch week

Singapore region. Used the package-filter plugin's dateThreshold field to pin the entire registry to a verified point-in-time during a public demo week. Reverted to a rolling 7-day cooldown after launch. Total operations work during launch: zero, because the platform team didn't have one.

COMPARISON

Four ways to run Verdaccio

The decision is rarely "registry or no registry" — it's "which registry, paid how." The four paths below cover the realistic options for a team that has decided it needs a controlled npm gateway. Cost shown for 1, 5, and 10 engineers; ongoing operational time noted where it lands.

 PATH1 ENGINEER5 ENGINEERS 10 ENGINEERSONGOING TIME NOTES
npm Teams
(npm Inc. private packages)		$7/mo$35/mo$70/mo0 hours
Same vendor as the registry being attacked. No cooldown filter on the install path.
JFrog Artifactory Pro
(enterprise repository SaaS)		$150+/mo$150+/mo$150+/mo2–4 hours/moUniversal binary repository, but consumption-based pricing on top of the base. Storage and bandwidth overages add up quickly.
Self-host on a VPS
(Verdaccio + DIY ops)		$44/mo$44/mo$44/mo5–10 hours/mo$24 production-class VPS + $5 object-storage backup + $15 monitoring. Then add ~€60–240/month for the engineer-hours.
Home server
(NAS or small business tower)		~€80/mo~€80/mo~€80/mo2–4 hours/moSynology DS923+ or HP ProLiant ML30 amortized over 36 months, plus electricity, plus business-grade internet with static IP, plus off-site backup target.
DANIAN Managed Verdaccio€9/mo€9/mo€9/mo0 hoursFlat rate regardless of engineer count, package count, or bandwidth. Human on chat.

All paths assume the team needs a working private registry, not just public-package caching. SaaS prices verified May 2026. Self-host time estimates reflect a team with one engineer competent enough to maintain a Linux server — for a team that doesn't have that engineer, the time number is "indefinite."

BY INDUSTRY

Verdaccio for specific industries

Some industries put unusual demands on a private npm registry: long lockfile horizons, named-publisher requirements, snapshot-pinned audit windows, or strict CI-runner isolation. Four where the fit is concrete enough to describe.

Fintech teams subject to DORA-style operational resilience rules — the EU's Digital Operational Resilience Act has applied to in-scope financial entities since January 2025 — have to evidence ICT third-party risk controls, and the npm dependency surface is one of the biggest single-vendor risks they carry. The npm worm campaigns of late 2025 hit Zapier, PostHog, and Postman packages, all of which sit inside fintech build pipelines somewhere.

We ship Verdaccio with the package-filter plugin set to a 30-day cooldown for these tenants, plus a fixed dateThreshold the team can advance in supervised audit windows. A typical workflow: the platform team raises the threshold on the first business day of each quarter, the security team reviews the diff of newly admitted versions, and CI pipelines on the payments service rebuild against the new snapshot. Detection-to-removal windows for the 2025–2026 worm waves ranged from 2.5 to 12 hours; a 30-day cooldown gives the community roughly 720x that window before a fresh version is allowed into a build.
Health software vendors working with NHS DSPT-aligned contracts in the UK, or France's HDS-hosted health-data clients, need named, attributable provenance for every dependency change. Anonymous service tokens publishing under shared accounts don't survive a vendor security review.

We configure Verdaccio with bcrypt-hashed credentials, scoped publish ACLs (only named accounts can publish to @hospital/* or @clinic/*), and rotated CI tokens with short lifetimes. Every published version's _npmUser field maps to one identifiable account — no shared service tokens, no anonymous publishes. A typical clinical-portal frontend's quarterly release branch deploys only after every dependency change in the lockfile diff resolves to a named publisher in the registry's publish history. The named-publisher map is the artifact the vendor's compliance lead hands to the procurement reviewer.
The store frontend runs in customer browsers, which means any compromised dependency ships straight to shoppers — a Magecart-style outcome but with the blast radius of an entire npm lineage. The November 2025 Shai-Hulud 2.0 wave trojanized packages from Postman and several integration vendors whose SDKs sit inside common e-commerce build trees.

We pin the cooldown to 14 days for store-frontend tenants, mirror the build-time dependency tree to a versioned snapshot, and disable lifecycle scripts in CI by default. A typical workflow: the Black Friday freeze window pins the registry to a known-good dateThreshold for six weeks across November and December; the platform reopens to fresh versions only after the post-holiday review. Result during the 2025 holiday window: one tenant's lockfile changed by zero unreviewed dependencies across the entire freeze.
Course platforms handling student data under FERPA-aligned obligations in the US, or comparable national rules elsewhere, need repeatable, reviewable dependency posture across long-lived cohorts. The CI runner that builds a cohort's starter kit on day one needs to behave identically on day ninety, even after upstream packages have moved on.

We configure Verdaccio with access: $authenticated on every scope, publish: $admin for instructor-published material, and the open-registration flow disabled. Students consume packages from the cached proxy; only the engineering team and instructors can publish. A typical CS bootcamp ships a starter-kit @school/scaffold package consumed by every cohort. Pinning that package's resolved tree once cuts onboarding from roughly 90 minutes per student (when each install hits live upstream) to under 10 minutes (when the resolved tree is cached and uniform).

FAQ

Frequently asked questions

Everything teams ask before signing up — answered straight, without sales speak.

Three groups: technical setup, migration, and how DANIAN works as a service.

01

Technical and configuration

It can, which is why allow rules take precedence over the cooldown. You drop an allow entry for the specific package or scope you want fast-tracked, and the manifest filter exempts it on the next install.
For small catalogs (under 20 internal packages) we recommend scripting npm publish through the new registry from a local checkout of each package, preserving versions and dist-tags. For larger catalogs or migrations from consumption-priced platforms, we recommend mirroring the metadata using the registry-cli tool and re-publish in dependency-order to keep installs unbroken during the cutover. Also it's recommended to dual-write to the old registry for one billing cycle so CI failures during the switchover can be diagnosed without disrupting the team's day.

02

Migration and onboarding

We can activate your app on your own custom domain/subdomain. Examples: mydomain.com, anyword.mydomain.com.
Or, on our randomized free subdomain. Example: 963.apps.danian.cloud
If you wish to use a custom domain/subdomain, select that option when ordering your app (or notify us later). We will send you the required DNS records and if needed, our tech team will modify them for you.
21 datacenter locations across six continents. You choose the region at provisioning. Application data sits in the region you choose; pick whichever is closest to your users or matches your data-residency preference.
Yes. Request a region migration from the dashboard and we run the move in the background. The system emails you when the migration completes; total transfer time depends on data volume but typical instances finish in a few hours. There is no extra charge for a region change.
Yes. Full data export is available at any time, in a portable format you can bring to any infrastructure.

03

Billing, support, and platform

€9 covers everything we do for that app: hardware in the region you choose, daily off-site backups with one-click restore, automatic security patches and version upgrades, 24/7 monitoring, SSL and firewall, and engineering support on Email/LiveChat. There are no setup fees or hidden line items. For more info see our Pricing page.
If you decide to continue, we charge €9/app/month from day 8. If you don't, the trial ends and you can export your data. No card is required for the trial, and we never auto-charge you without explicit consent.
No. The €9/month is flat regardless of how many users log into your app. Add 5 users or 50; the price doesn't change.
24/7 Live chat and email support, both staffed by engineers who run the systems. We handle DNS configuration, SMTP setup, app integrations, performance tuning, troubleshooting, and migration help. Response time is typically under an hour. There is no tier system — every customer gets the same support.
Yes. Cancel from the dashboard. We don't charge a cancellation fee, we don't lock data, and we will export your data to you on request before deletion. data to you on request before deletion.
Every customer instance is backed up daily to a separate region from the primary. We test restores. You can request a restore at any backup point within the retention window — usually 7 days for daily backups.
Your application data sits in the region you choose at provisioning — 21 datacenter locations across six continents. Account-level data (billing, account email, support ticket history) is processed centrally. Application data region is picked by you, per app.
99.9% uptime SLA on every app, every tenant. Service credits are documented at danian.co/service-level-agreement. The status page is located at status.danian.co.
When your tenant approaches the resource ceiling — the base tier holds 1 vCPU/RAM, 30 GB storage — we notify you. Resource upgrades happen with your explicit consent; we will not upgrade your tenant or charge you without it.
We wait. We don't suspend the app or delete your data on the first failed charge. We email you, you fix the card on file, and we continue.
Invoices can be downloaded from the billing dashboard in PDF the day each charge succeeds. EU VAT is added where applicable and the VAT-reverse-charge regime applies for VAT-registered businesses with a valid number.
150+ open-source apps across automation, team chat, file sync, analytics, AI, password management, email marketing, dev tools, project management, smart home, CMS, and federated social. See the full catalog →
Yes. Every instance comes with a web-based terminal and a file manager in your DANIAN management dashboard. Useful for managing your data and customizations.
Resources scale with your usage. If your app needs more vCPU, RAM, or storage, we add it — and we ask first before any change to your plan. €9 is the floor; resource-heavy workloads may price higher, but you'll always know in advance.
Yes. We have both a Partner program and an Affiliate program available. Anybody can sign up.
No contract. No minimum commitment. Cancel anytime from the dashboard with one click. The 7-day free trial requires no credit card. After the trial converts to paid, you can still cancel at any month without notice or penalty.

DEPLOY IN YOUR REGION

21 datacenter locations on six continents

Pick the region closest to your users.

United States, Germany, Finland, Singapore, Australia, Brazil, Canada, Netherlands, UK, Spain, Italy, France, Sweden, Malaysia, India, Japan, Mexico, Poland, South Korea, Chile, South Africa and more coming soon

Global Reach Map
Browse all 150+ apps →

Try managed Verdaccio for 7 days

No card. Cancel from the dashboard.
Start free trial