2020-08-19 13:27:35 -05:00
# Change Log
2021-10-15 16:13:06 -05:00
## 11.0.0-6-next.9
### Major Changes
- 794af76c: Remove Node 12 support
- We need move to the new `undici` and does not support Node.js 12
### Minor Changes
- 154b2ecd: refactor: remove @verdaccio/commons -api in favor @verdaccio/core and remove duplications
### Patch Changes
- Updated dependencies [794af76c]
- Updated dependencies [154b2ecd]
- @verdaccio/core@6 .0.0-6-next.2
- @verdaccio/file -locking@11.0.0-6-next.4
2021-09-08 12:33:09 -05:00
## 11.0.0-6-next.8
### Patch Changes
- Updated dependencies [459b6fa7]
- @verdaccio/commons -api@11.0.0-6-next.4
- @verdaccio/file -locking@11.0.0-alpha.3
2021-09-04 01:59:14 -05:00
## 11.0.0-6-next.7
### Patch Changes
- df0da3d6: Added core-js missing from dependencies though referenced in .js sources
2021-01-31 03:33:47 -05:00
## 10.0.0-alpha.6
### Major Changes
- 174cdcaa: feat: allow other password hashing algorithms (#1917)
**breaking change**
The current implementation of the `htpasswd` module supports multiple hash formats on verify, but only `crypt` on sign in.
`crypt` is an insecure old format, so to improve the security of the new `verdaccio` release we introduce the support of multiple hash algorithms on sign in step.
### New hashing algorithms
The new possible hash algorithms to use are `bcrypt` , `md5` , `sha1` . `bcrypt` is chosen as a default, because of its customizable complexity and overall reliability. You can read more about them [here ](https://httpd.apache.org/docs/2.4/misc/password_encryptions.html ).
Two new properties are added to `auth` section in the configuration file:
- `algorithm` to choose the way you want to hash passwords.
- `rounds` is used to determine `bcrypt` complexity. So one can improve security according to increasing computational power.
Example of the new `auth` config file section:
```yaml
auth:
htpasswd:
file: ./htpasswd
max_users: 1000
# Hash algorithm, possible options are: "bcrypt", "md5", "sha1", "crypt".
algorithm: bcrypt
# Rounds number for "bcrypt", will be ignored for other algorithms.
rounds: 10
```
2021-01-16 13:54:43 -05:00
## 10.0.0-alpha.5
### Major Changes
- f8a50baa: feat: standalone registry with no dependencies
## Usage
To install a server with no dependencies
```bash
npm install -g @verdaccio/standalone
```
with no internet required
```bash
npm install -g ./tarball.tar.gz
```
Bundles htpasswd and audit plugins.
### Breaking Change
It does not allow anymore the `auth` and `middleware` property at config file empty,
it will fallback to those plugins by default.
2021-01-10 13:32:01 -05:00
## 10.0.0-alpha.4
### Patch Changes
- fecbb9be: chore: add release step to private regisry on merge changeset pr
- Updated dependencies [fecbb9be]
- @verdaccio/commons -api@10.0.0-alpha.3
- @verdaccio/file -locking@10.0.0-alpha.3
2021-01-09 01:43:17 -05:00
## 10.0.0-alpha.3
### Minor Changes
- 54c58d1e: feat: add server rate limit protection to all request
To modify custom values, use the server settings property.
```markdown
server:
## https://www.npmjs.com/package/express-rate-limit#configuration-options
rateLimit:
windowMs: 1000
max: 10000
```
The values are intended to be high, if you want to improve security of your server consider
using different values.
### Patch Changes
- Updated dependencies [54c58d1e]
- @verdaccio/commons -api@10.0.0-alpha.2
- @verdaccio/file -locking@10.0.0-alpha.2
2021-01-02 02:30:51 -05:00
## 10.0.0-alpha.2
### Minor Changes
- 2a327c4b: feat: remove level dependency by lowdb for npm token cli as storage
### new npm token database
There will be a new database located in your storage named `.token-db.json` which
will store all references to created tokens, **it does not store tokens** , just
mask of them and related metadata required to reference them.
#### Breaking change
If you were relying on `npm token` experiment. This PR will replace the
used database (level) by a json plain based one (lowbd) which does not
require Node.js C++ compilation step and has less dependencies. Since was
a experiment there is no migration step.
2020-11-15 09:04:55 -05:00
## 10.0.0-alpha.1
2020-08-19 13:27:35 -05:00
2020-11-15 09:04:55 -05:00
### Major Changes
2020-08-19 13:27:35 -05:00
2020-11-15 09:04:55 -05:00
- d87fa026: feat!: experiments config renamed to flags
2020-08-19 13:27:35 -05:00
2020-11-15 09:04:55 -05:00
- The `experiments` configuration is renamed to `flags` . The functionality is exactly the same.
2020-08-19 13:27:35 -05:00
2020-11-15 09:04:55 -05:00
```js
flags: token: false;
search: false;
```
2020-08-19 13:27:35 -05:00
2020-11-15 09:04:55 -05:00
- The `self_path` property from the config file is being removed in favor of `config_file` full path.
- Refactor `config` module, better types and utilities
2020-08-19 13:27:35 -05:00
2020-11-15 09:04:55 -05:00
- da1ee9c8: - Replace signature handler for legacy tokens by removing deprecated crypto.createDecipher by createCipheriv
2020-08-19 13:27:35 -05:00
2020-11-15 09:04:55 -05:00
- Introduce environment variables for legacy tokens
2020-08-19 13:27:35 -05:00
2020-11-15 09:04:55 -05:00
### Code Improvements
2020-08-19 13:27:35 -05:00
2020-11-15 09:04:55 -05:00
- Add debug library for improve developer experience
2020-08-19 13:27:35 -05:00
2020-11-15 09:04:55 -05:00
### Breaking change
2020-08-19 13:27:35 -05:00
2020-11-15 09:04:55 -05:00
- The new signature invalidates all previous tokens generated by Verdaccio 4 or previous versions.
- The secret key must have 32 characters long.
2020-08-19 13:27:35 -05:00
2020-11-15 09:04:55 -05:00
### New environment variables
2020-08-19 13:27:35 -05:00
2020-11-15 09:04:55 -05:00
- `VERDACCIO_LEGACY_ALGORITHM` : Allows to define the specific algorithm for the token signature which by default is `aes-256-ctr`
- `VERDACCIO_LEGACY_ENCRYPTION_KEY` : By default, the token stores in the database, but using this variable allows to get it from memory
2020-08-19 13:27:35 -05:00
2020-11-15 09:04:55 -05:00
### Minor Changes
2020-08-19 13:27:35 -05:00
2020-11-15 09:04:55 -05:00
- 26b494cb: feat: add typescript project references settings
2020-08-19 13:27:35 -05:00
2020-11-15 09:04:55 -05:00
Reading https://ebaytech.berlin/optimizing-multi-package-apps-with-typescript-project-references-d5c57a3b4440 I realized I can use project references to solve the issue to pre-compile modules on develop mode.
2020-08-19 13:27:35 -05:00
2020-11-15 09:04:55 -05:00
It allows to navigate (IDE) trough the packages without need compile the packages.
2020-08-19 13:27:35 -05:00
2020-11-15 09:04:55 -05:00
Add two `tsconfig` , one using the previous existing configuration that is able to produce declaration files (`tsconfig.build`) and a new one `tsconfig` which is enables [_projects references_ ](https://www.typescriptlang.org/docs/handbook/project-references.html ).
2020-08-19 13:27:35 -05:00
2020-11-15 09:04:55 -05:00
### Patch Changes
2020-08-19 13:27:35 -05:00
2020-11-15 09:04:55 -05:00
- b57b4338: Enable prerelease mode with **changesets**
- 31af0164: ESLint Warnings Fixed
2020-08-19 13:27:35 -05:00
2020-11-15 09:04:55 -05:00
Related to issue #1461
2020-08-19 13:27:35 -05:00
2020-11-15 09:04:55 -05:00
- max-len: most of the sensible max-len errors are fixed
- no-unused-vars: most of these types of errors are fixed by deleting not needed declarations
- @typescript -eslint/no-unused-vars: same as above
2020-08-19 13:27:35 -05:00
2020-11-15 09:04:55 -05:00
- Updated dependencies [d87fa026]
- Updated dependencies [da1ee9c8]
- Updated dependencies [26b494cb]
- Updated dependencies [b57b4338]
- Updated dependencies [31af0164]
- @verdaccio/file -locking@10.0.0-alpha.1
2020-08-19 13:27:35 -05:00
2020-11-15 09:04:55 -05:00
All notable changes to this project will be documented in this file.
See [Conventional Commits ](https://conventionalcommits.org ) for commit guidelines.
2020-08-19 13:27:35 -05:00
2020-11-15 09:04:55 -05:00
## [9.7.2](https://github.com/verdaccio/monorepo/compare/v9.7.1...v9.7.2) (2020-07-20)
2020-08-19 13:27:35 -05:00
**Note:** Version bump only for package verdaccio-htpasswd
2020-11-15 09:04:55 -05:00
## [9.7.1](https://github.com/verdaccio/monorepo/compare/v9.7.0...v9.7.1) (2020-07-10)
2020-08-19 13:27:35 -05:00
2020-11-15 09:04:55 -05:00
### Bug Fixes
2020-08-19 13:27:35 -05:00
2020-11-15 09:04:55 -05:00
- update dependencies ([#375](https://github.com/verdaccio/monorepo/issues/375)) ([1e7aeec](https://github.com/verdaccio/monorepo/commit/1e7aeec31b056979285e272793a95b8c75d57c77))
2020-08-19 13:27:35 -05:00
2020-11-15 09:04:55 -05:00
# [9.7.0](https://github.com/verdaccio/monorepo/compare/v9.6.1...v9.7.0) (2020-06-24)
2020-08-19 13:27:35 -05:00
2020-11-15 09:04:55 -05:00
**Note:** Version bump only for package verdaccio-htpasswd
2020-08-19 13:27:35 -05:00
2020-11-15 09:04:55 -05:00
## [9.6.1](https://github.com/verdaccio/monorepo/compare/v9.6.0...v9.6.1) (2020-06-07)
2020-08-19 13:27:35 -05:00
2020-11-15 09:04:55 -05:00
**Note:** Version bump only for package verdaccio-htpasswd
2020-08-19 13:27:35 -05:00
2020-11-15 09:04:55 -05:00
# [9.5.0](https://github.com/verdaccio/monorepo/compare/v9.4.1...v9.5.0) (2020-05-02)
2020-08-19 13:27:35 -05:00
2020-11-15 09:04:55 -05:00
**Note:** Version bump only for package verdaccio-htpasswd
2020-08-19 13:27:35 -05:00
2020-11-15 09:04:55 -05:00
## [9.4.1](https://github.com/verdaccio/monorepo/compare/v9.4.0...v9.4.1) (2020-04-30)
2020-08-19 13:27:35 -05:00
2020-11-15 09:04:55 -05:00
### Bug Fixes
2020-08-19 13:27:35 -05:00
2020-11-15 09:04:55 -05:00
- **verdaccio-htpasswd:** generate non-constant legacy 2 byte salt ([#357](https://github.com/verdaccio/monorepo/issues/357)) ([d522595](https://github.com/verdaccio/monorepo/commit/d522595122b7deaac8e3bc568f73658041811aaf))
2020-08-19 13:27:35 -05:00
# [9.4.0](https://github.com/verdaccio/monorepo/compare/v9.3.4...v9.4.0) (2020-03-21)
**Note:** Version bump only for package verdaccio-htpasswd
## [9.3.2](https://github.com/verdaccio/monorepo/compare/v9.3.1...v9.3.2) (2020-03-08)
### Bug Fixes
2020-11-15 09:04:55 -05:00
- update dependencies ([#332](https://github.com/verdaccio/monorepo/issues/332)) ([b6165ae](https://github.com/verdaccio/monorepo/commit/b6165aea9b7e4012477081eae68bfa7159c58f56))
2020-08-19 13:27:35 -05:00
## [9.3.1](https://github.com/verdaccio/monorepo/compare/v9.3.0...v9.3.1) (2020-02-23)
**Note:** Version bump only for package verdaccio-htpasswd
# [9.3.0](https://github.com/verdaccio/monorepo/compare/v9.2.0...v9.3.0) (2020-01-29)
**Note:** Version bump only for package verdaccio-htpasswd
# [9.0.0](https://github.com/verdaccio/monorepo/compare/v8.5.3...v9.0.0) (2020-01-07)
### chore
2020-11-15 09:04:55 -05:00
- update dependencies ([68add74](https://github.com/verdaccio/monorepo/commit/68add743159867f678ddb9168d2bc8391844de47))
2020-08-19 13:27:35 -05:00
### Features
2020-11-15 09:04:55 -05:00
- **eslint-config:** enable eslint curly ([#308](https://github.com/verdaccio/monorepo/issues/308)) ([91acb12](https://github.com/verdaccio/monorepo/commit/91acb121847018e737c21b367fcaab8baa918347))
2020-08-19 13:27:35 -05:00
### BREAKING CHANGES
2020-11-15 09:04:55 -05:00
- @verdaccio/eslint -config requires ESLint >=6.8.0 and Prettier >=1.19.1 to fix compatibility with overrides.extends config
2020-08-19 13:27:35 -05:00
## [8.5.2](https://github.com/verdaccio/monorepo/compare/v8.5.1...v8.5.2) (2019-12-25)
**Note:** Version bump only for package verdaccio-htpasswd
## [8.5.1](https://github.com/verdaccio/monorepo/compare/v8.5.0...v8.5.1) (2019-12-24)
**Note:** Version bump only for package verdaccio-htpasswd
# [8.5.0](https://github.com/verdaccio/monorepo/compare/v8.4.2...v8.5.0) (2019-12-22)
**Note:** Version bump only for package verdaccio-htpasswd
## [8.4.2](https://github.com/verdaccio/monorepo/compare/v8.4.1...v8.4.2) (2019-11-23)
**Note:** Version bump only for package verdaccio-htpasswd
## [8.4.1](https://github.com/verdaccio/monorepo/compare/v8.4.0...v8.4.1) (2019-11-22)
**Note:** Version bump only for package verdaccio-htpasswd
# [8.4.0](https://github.com/verdaccio/monorepo/compare/v8.3.0...v8.4.0) (2019-11-22)
**Note:** Version bump only for package verdaccio-htpasswd
# [8.3.0](https://github.com/verdaccio/monorepo/compare/v8.2.0...v8.3.0) (2019-10-27)
**Note:** Version bump only for package verdaccio-htpasswd
# [8.2.0](https://github.com/verdaccio/monorepo/compare/v8.2.0-next.0...v8.2.0) (2019-10-23)
**Note:** Version bump only for package verdaccio-htpasswd
# [8.2.0-next.0](https://github.com/verdaccio/monorepo/compare/v8.1.4...v8.2.0-next.0) (2019-10-08)
### Bug Fixes
2020-11-15 09:04:55 -05:00
- fixed lint errors ([5e677f7](https://github.com/verdaccio/monorepo/commit/5e677f7))
2020-08-19 13:27:35 -05:00
## [8.1.2](https://github.com/verdaccio/monorepo/compare/v8.1.1...v8.1.2) (2019-09-29)
**Note:** Version bump only for package verdaccio-htpasswd
## [8.1.1](https://github.com/verdaccio/monorepo/compare/v8.1.0...v8.1.1) (2019-09-26)
**Note:** Version bump only for package verdaccio-htpasswd
# [8.1.0](https://github.com/verdaccio/monorepo/compare/v8.0.1-next.1...v8.1.0) (2019-09-07)
**Note:** Version bump only for package verdaccio-htpasswd
## [8.0.1-next.1](https://github.com/verdaccio/monorepo/compare/v8.0.1-next.0...v8.0.1-next.1) (2019-08-29)
**Note:** Version bump only for package verdaccio-htpasswd
## [8.0.1-next.0](https://github.com/verdaccio/monorepo/compare/v8.0.0...v8.0.1-next.0) (2019-08-29)
**Note:** Version bump only for package verdaccio-htpasswd
# [8.0.0](https://github.com/verdaccio/monorepo/compare/v8.0.0-next.4...v8.0.0) (2019-08-22)
**Note:** Version bump only for package verdaccio-htpasswd
# [8.0.0-next.4](https://github.com/verdaccio/monorepo/compare/v8.0.0-next.3...v8.0.0-next.4) (2019-08-18)
**Note:** Version bump only for package verdaccio-htpasswd
# [8.0.0-next.2](https://github.com/verdaccio/monorepo/compare/v8.0.0-next.1...v8.0.0-next.2) (2019-08-03)
**Note:** Version bump only for package verdaccio-htpasswd
# [8.0.0-next.1](https://github.com/verdaccio/monorepo/compare/v8.0.0-next.0...v8.0.0-next.1) (2019-08-01)
**Note:** Version bump only for package verdaccio-htpasswd
# [8.0.0-next.0](https://github.com/verdaccio/monorepo/compare/v2.0.0...v8.0.0-next.0) (2019-08-01)
**Note:** Version bump only for package verdaccio-htpasswd
# Change Log
All notable changes to this project will be documented in this file. See [standard-version ](https://github.com/conventional-changelog/standard-version ) for commit guidelines.
# [2.0.0](https://github.com/verdaccio/verdaccio-htpasswd/compare/v2.0.0-beta.1...v2.0.0) (2019-04-14)
### Features
2020-11-15 09:04:55 -05:00
- drop node v6 suport ([d1d52e8](https://github.com/verdaccio/verdaccio-htpasswd/commit/d1d52e8))
2020-08-19 13:27:35 -05:00
< a name = "2.0.0-beta.1" > < / a >
2020-11-15 09:04:55 -05:00
# [2.0.0-beta.1](https://github.com/verdaccio/verdaccio-htpasswd/compare/v2.0.0-beta.0...v2.0.0-beta.1) (2019-02-24)
2020-08-19 13:27:35 -05:00
### Bug Fixes
2020-11-15 09:04:55 -05:00
- package.json to reduce vulnerabilities ([259bdaf](https://github.com/verdaccio/verdaccio-htpasswd/commit/259bdaf))
- update [@verdaccio ](https://github.com/verdaccio )/file-locking@1.0.0 ([ec0bbfd](https://github.com/verdaccio/verdaccio-htpasswd/commit/ec0bbfd))
2020-08-19 13:27:35 -05:00
< a name = "2.0.0-beta.0" > < / a >
2020-11-15 09:04:55 -05:00
# [2.0.0-beta.0](https://github.com/verdaccio/verdaccio-htpasswd/compare/v1.0.1...v2.0.0-beta.0) (2019-02-03)
2020-08-19 13:27:35 -05:00
### Features
2020-11-15 09:04:55 -05:00
- migrate to typescript ([79f6937](https://github.com/verdaccio/verdaccio-htpasswd/commit/79f6937))
- remove Node6 from CircleCI ([d3a05ab](https://github.com/verdaccio/verdaccio-htpasswd/commit/d3a05ab))
- use verdaccio babel preset ([3a63f88](https://github.com/verdaccio/verdaccio-htpasswd/commit/3a63f88))
2020-08-19 13:27:35 -05:00
< a name = "1.0.1" > < / a >
2020-11-15 09:04:55 -05:00
## [1.0.1](https://github.com/verdaccio/verdaccio-htpasswd/compare/v1.0.0...v1.0.1) (2018-09-30)
2020-08-19 13:27:35 -05:00
### Bug Fixes
2020-11-15 09:04:55 -05:00
- password hash & increase coverage ([6420c26](https://github.com/verdaccio/verdaccio-htpasswd/commit/6420c26))
2020-08-19 13:27:35 -05:00
< a name = "1.0.0" > < / a >
2020-11-15 09:04:55 -05:00
# [1.0.0](https://github.com/verdaccio/verdaccio-htpasswd/compare/v0.2.2...v1.0.0) (2018-09-30)
2020-08-19 13:27:35 -05:00
### Bug Fixes
2020-11-15 09:04:55 -05:00
- adds error message for user registration ([0bab945](https://github.com/verdaccio/verdaccio-htpasswd/commit/0bab945))
2020-08-19 13:27:35 -05:00
### Features
2020-11-15 09:04:55 -05:00
- **change-passwd:** implement change password [#32 ](https://github.com/verdaccio/verdaccio-htpasswd/issues/32 ) ([830b143](https://github.com/verdaccio/verdaccio-htpasswd/commit/830b143))