At v4.5.0 we shipped some security releases, one of them is JSDOM https://github.com/jsdom/jsdom/releases/tag/16.0.0 and only supports Node.js v10
Node v8 is out of maintenance so we don't consider this a breaking change.
* feat: support for npm token
This is an effor of:
This commit intent to provide npm token support.
https: //github.com/verdaccio/verdaccio/issues/541
https: //github.com/verdaccio/verdaccio/pull/1271
https: //github.com/verdaccio/local-storage/pull/168
Co-Authored-By: Manuel Spigolon <behemoth89@gmail.com>
Co-Authored-By: Juan Gabriel Jiménez <juangabreil@gmail.com>
* chore: update secrets baselines
Co-Authored-By: Liran Tal <liran.tal@gmail.com>
* chore: update lock file
* chore: add logger mock methods
* chore: update @verdaccio/types
* refactor: unit test was flacky
adapt the pkg access to the new configuration setup
* refactor: add plugin methods validation
* test: add test for aesEncrypt
* chore: update local-storage dependency
* chore: add support for experimetns
token will be part of the experiment lists
* chore: increase timeout
* chore: increase timeout threshold
* chore: update nock
* chore: update dependencies
* chore: update eslint config
* chore: update dependencies
* test: add unit test for npm token
* chore: update readme
This both allows for logger type 'rotating-file' and
passing of other options from the config "option" example:
{type: rotating-file, format: json, path: /path/to/log.jsonl, level: http, options: {period: 1d}}
* feat: add support for jwt on api
* test: add unit test for sign token with jwt
add multiple scenarios with configuration file
* chore: add JWT verification on middleware
* chore: restore headless
* chore: restore middleware header validation
* refactor: fix login whether user exists
* refactor: JWT is signed asynchronously
* refactor: better structure and new naming convention
* test: add unit test for token signature
* test: add unit test for creating user with JWT enabled
#168
* docs: add security section jwt
* refactor: renable web auth middleware
* test(auth): add legacy disabled scenario
* chore: update gitignore
* chore: add some es6 sugar
* feat: enable JWT token signature for new installations
* chore: add yaml files to git
I forgot add this before 😷
* chore: trace log on auth
in case we want more output
- refactor docker image to use builder multistage pattern
- separate storage directories
- verdaccio code directories are not user writeable
- add generic support for random user uid on environments where the startup
user for docker is randomized (e.g. openshift)
If you're using this registry for a specific module scope, specify that scope to set it in the webui instructions header e.g. npm set @coolsp:registry http://localhost:4873.
Added as webui.scope option in .yaml.
> Note: in .yaml, escape @ with \\@.
See also feature request #593.
Corrected typo myscopy --> myscope
If you're using this registry for a specific module scope, specify that scope to set it in the webui instructions header e.g. npm set @coolsp:registry http://localhost:4873.
Added as webui.scope option in .yaml.
> Note: in .yaml, escape @ with \\@.
See also feature request #593.
