* feat: tarball url redirect
* fix: handle uplinks
* feat: allow function for config.tarball_url_redirect
* fix: hasLocalTarball was calling localStream,abort when already aborted
* chore: simplify localStream null check in hasLocalTarball
As requested in PR feedback.
* chore: fix sonarcloud code smell on test
the variable `credentials` was already declared before the tarball url tests.
* fix: move tarball_url_redirect to experiments
Co-authored-by: Gord Lea <johlea@cisco.com>
Co-authored-by: Gord Lea <jgordonlea@gmail.com>
the current one has not auth implemented, to avoid the lack of fallback to the original one now is required to be used it by default until the v1 is on shape production ready.
At v4.5.0 we shipped some security releases, one of them is JSDOM https://github.com/jsdom/jsdom/releases/tag/16.0.0 and only supports Node.js v10
Node v8 is out of maintenance so we don't consider this a breaking change.
* feat: support for npm token
This is an effor of:
This commit intent to provide npm token support.
https: //github.com/verdaccio/verdaccio/issues/541
https: //github.com/verdaccio/verdaccio/pull/1271
https: //github.com/verdaccio/local-storage/pull/168
Co-Authored-By: Manuel Spigolon <behemoth89@gmail.com>
Co-Authored-By: Juan Gabriel Jiménez <juangabreil@gmail.com>
* chore: update secrets baselines
Co-Authored-By: Liran Tal <liran.tal@gmail.com>
* chore: update lock file
* chore: add logger mock methods
* chore: update @verdaccio/types
* refactor: unit test was flacky
adapt the pkg access to the new configuration setup
* refactor: add plugin methods validation
* test: add test for aesEncrypt
* chore: update local-storage dependency
* chore: add support for experimetns
token will be part of the experiment lists
* chore: increase timeout
* chore: increase timeout threshold
* chore: update nock
* chore: update dependencies
* chore: update eslint config
* chore: update dependencies
* test: add unit test for npm token
* chore: update readme
* feat: add support for jwt on api
* test: add unit test for sign token with jwt
add multiple scenarios with configuration file
* chore: add JWT verification on middleware
* chore: restore headless
* chore: restore middleware header validation
* refactor: fix login whether user exists
* refactor: JWT is signed asynchronously
* refactor: better structure and new naming convention
* test: add unit test for token signature
* test: add unit test for creating user with JWT enabled
#168
* docs: add security section jwt
* refactor: renable web auth middleware
* test(auth): add legacy disabled scenario
* chore: update gitignore
* chore: add some es6 sugar
* feat: enable JWT token signature for new installations
* chore: add yaml files to git
I forgot add this before 😷
* chore: trace log on auth
in case we want more output
- refactor docker image to use builder multistage pattern
- separate storage directories
- verdaccio code directories are not user writeable
- add generic support for random user uid on environments where the startup
user for docker is randomized (e.g. openshift)
If you're using this registry for a specific module scope, specify that scope to set it in the webui instructions header e.g. npm set @coolsp:registry http://localhost:4873.
Added as webui.scope option in .yaml.
> Note: in .yaml, escape @ with \\@.
See also feature request #593.
There is a problem with the docker.yaml file.
auth:
htpasswd:
file:/verdaccio/config/htpasswd
The file property should point to /verdaccio/conf/htpasswd because folder /verdaccio/config dosen't exist and therefore dosen't let to create users.
Thank you for working on this great tool.
Regards