# @verdaccio/auth ## 6.0.0-6-next.22 ### Patch Changes - Updated dependencies [d43894e8] - Updated dependencies [d08fe29d] - @verdaccio/config@6.0.0-6-next.14 - @verdaccio/loaders@6.0.0-6-next.12 - @verdaccio/core@6.0.0-6-next.5 - @verdaccio/logger@6.0.0-6-next.11 - verdaccio-htpasswd@11.0.0-6-next.13 ## 6.0.0-6-next.21 ### Patch Changes - Updated dependencies [82cb0f2b] - Updated dependencies [5167bb52] - @verdaccio/config@6.0.0-6-next.13 - @verdaccio/core@6.0.0-6-next.5 - @verdaccio/logger@6.0.0-6-next.11 - verdaccio-htpasswd@11.0.0-6-next.13 - @verdaccio/loaders@6.0.0-6-next.12 - @verdaccio/utils@6.0.0-6-next.11 ## 6.0.0-6-next.20 ### Patch Changes - Updated dependencies [31d661c7] - @verdaccio/loaders@6.0.0-6-next.11 ## 6.0.0-6-next.19 ### Patch Changes - aeff267d: Refactor htpasswd plugin to use the bcryptjs 'compare' api call instead of 'comparSync'. Add a new configuration value named 'slow_verify_ms' to the htpasswd plugin that when exceeded during password verification will log a warning message. - Updated dependencies [aeff267d] - verdaccio-htpasswd@11.0.0-6-next.12 ## 6.0.0-6-next.18 ### Patch Changes - Updated dependencies [b78f3525] - @verdaccio/logger@6.0.0-6-next.10 - @verdaccio/loaders@6.0.0-6-next.10 ## 6.0.0-6-next.17 ### Patch Changes - Updated dependencies [730b5d8c] - @verdaccio/logger@6.0.0-6-next.9 - @verdaccio/loaders@6.0.0-6-next.9 ## 6.0.0-6-next.16 ### Patch Changes - Updated dependencies [a828271d] - Updated dependencies [24b9be02] - Updated dependencies [e75c0a3b] - Updated dependencies [b13a3fef] - @verdaccio/utils@6.0.0-6-next.10 - @verdaccio/core@6.0.0-6-next.4 - @verdaccio/logger@6.0.0-6-next.8 - @verdaccio/config@6.0.0-6-next.12 - @verdaccio/loaders@6.0.0-6-next.8 - verdaccio-htpasswd@11.0.0-6-next.11 ## 6.0.0-6-next.15 ### Minor Changes - 20c9e43e: dist tags Implementation on Fastify ### Patch Changes - Updated dependencies [f86c31ed] - @verdaccio/utils@6.0.0-6-next.9 - @verdaccio/config@6.0.0-6-next.11 - @verdaccio/loaders@6.0.0-6-next.7 ## 6.0.0-6-next.14 ### Patch Changes - Updated dependencies [6c1eb021] - @verdaccio/core@6.0.0-6-next.3 - @verdaccio/logger@6.0.0-6-next.7 - @verdaccio/config@6.0.0-6-next.10 - @verdaccio/loaders@6.0.0-6-next.7 - verdaccio-htpasswd@11.0.0-6-next.10 - @verdaccio/utils@6.0.0-6-next.8 ## 6.0.0-6-next.13 ### Major Changes - 794af76c: Remove Node 12 support - We need move to the new `undici` and does not support Node.js 12 ### Minor Changes - 154b2ecd: refactor: remove @verdaccio/commons-api in favor @verdaccio/core and remove duplications ### Patch Changes - Updated dependencies [794af76c] - Updated dependencies [154b2ecd] - @verdaccio/config@6.0.0-6-next.9 - @verdaccio/core@6.0.0-6-next.2 - verdaccio-htpasswd@11.0.0-6-next.9 - @verdaccio/loaders@6.0.0-6-next.6 - @verdaccio/logger@6.0.0-6-next.6 - @verdaccio/utils@6.0.0-6-next.7 ## 6.0.0-6-next.12 ### Patch Changes - Updated dependencies [2c594910] - @verdaccio/logger@6.0.0-6-next.5 - @verdaccio/loaders@6.0.0-6-next.5 ## 6.0.0-6-next.11 ### Major Changes - 459b6fa7: refactor: search v1 endpoint and local-database - refactor search `api v1` endpoint, improve performance - remove usage of `async` dependency https://github.com/verdaccio/verdaccio/issues/1225 - refactor method storage class - create new module `core` to reduce the ammount of modules with utilities - use `undici` instead `node-fetch` - use `fastify` instead `express` for functional test ### Breaking changes - plugin storage API changes - remove old search endpoint (return 404) - filter local private packages at plugin level The storage api changes for methods `get`, `add`, `remove` as promise base. The `search` methods also changes and recieves a `query` object that contains all query params from the client. ```ts export interface IPluginStorage extends IPlugin { add(name: string): Promise; remove(name: string): Promise; get(): Promise; init(): Promise; getSecret(): Promise; setSecret(secret: string): Promise; getPackageStorage(packageInfo: string): IPackageStorage; search(query: searchUtils.SearchQuery): Promise; saveToken(token: Token): Promise; deleteToken(user: string, tokenKey: string): Promise; readTokens(filter: TokenFilter): Promise; } ``` ### Patch Changes - Updated dependencies [459b6fa7] - @verdaccio/config@6.0.0-6-next.8 - @verdaccio/commons-api@11.0.0-6-next.4 - @verdaccio/utils@6.0.0-6-next.6 - @verdaccio/loaders@6.0.0-6-next.4 - verdaccio-htpasswd@11.0.0-6-next.8 - @verdaccio/logger@6.0.0-6-next.4 ## 6.0.0-6-next.10 ### Patch Changes - Updated dependencies [df0da3d6] - verdaccio-htpasswd@11.0.0-6-next.7 - @verdaccio/loaders@6.0.0-6-next.4 ## 6.0.0-6-next.9 ### Patch Changes - Updated dependencies [d2c65da9] - @verdaccio/utils@6.0.0-6-next.5 - @verdaccio/config@6.0.0-6-next.7 - @verdaccio/loaders@6.0.0-6-next.4 ## 6.0.0-6-next.8 ### Patch Changes - Updated dependencies [1b217fd3] - @verdaccio/config@6.0.0-6-next.6 - @verdaccio/loaders@6.0.0-6-next.4 ## 6.0.0-6-next.7 ### Patch Changes - Updated dependencies [1810ed0d] - Updated dependencies [648575aa] - @verdaccio/config@6.0.0-6-next.5 - @verdaccio/utils@6.0.0-6-next.4 - @verdaccio/loaders@6.0.0-6-next.4 ## 6.0.0-6-next.6 ### Patch Changes - Updated dependencies [5c5057fc] - @verdaccio/config@6.0.0-6-next.4 - @verdaccio/logger@6.0.0-6-next.4 - @verdaccio/auth@6.0.0-6-next.6 - @verdaccio/loaders@6.0.0-6-next.4 - verdaccio-htpasswd@11.0.0-alpha.6 ## 5.0.0-alpha.5 ### Patch Changes - Updated dependencies [174cdcaa] - verdaccio-htpasswd@10.0.0-alpha.6 - @verdaccio/auth@5.0.0-alpha.5 ## 5.0.0-alpha.4 ### Major Changes - f8a50baa: feat: standalone registry with no dependencies ## Usage To install a server with no dependencies ```bash npm install -g @verdaccio/standalone ``` with no internet required ```bash npm install -g ./tarball.tar.gz ``` Bundles htpasswd and audit plugins. ### Breaking Change It does not allow anymore the `auth` and `middleware` property at config file empty, it will fallback to those plugins by default. ### Patch Changes - Updated dependencies [f8a50baa] - @verdaccio/auth@5.0.0-alpha.4 - verdaccio-htpasswd@10.0.0-alpha.5 ## 5.0.0-alpha.3 ### Patch Changes - fecbb9be: chore: add release step to private regisry on merge changeset pr - Updated dependencies [fecbb9be] - @verdaccio/auth@5.0.0-alpha.3 - @verdaccio/config@5.0.0-alpha.3 - @verdaccio/commons-api@10.0.0-alpha.3 - @verdaccio/loaders@5.0.0-alpha.3 - @verdaccio/logger@5.0.0-alpha.3 - @verdaccio/utils@5.0.0-alpha.3 ## 5.0.0-alpha.2 ### Minor Changes - 54c58d1e: feat: add server rate limit protection to all request To modify custom values, use the server settings property. ```markdown server: ## https://www.npmjs.com/package/express-rate-limit#configuration-options rateLimit: windowMs: 1000 max: 10000 ``` The values are intended to be high, if you want to improve security of your server consider using different values. ### Patch Changes - Updated dependencies [54c58d1e] - @verdaccio/auth@5.0.0-alpha.2 - @verdaccio/config@5.0.0-alpha.2 - @verdaccio/commons-api@10.0.0-alpha.2 - @verdaccio/loaders@5.0.0-alpha.2 - @verdaccio/logger@5.0.0-alpha.2 - @verdaccio/utils@5.0.0-alpha.2 ## 5.0.0-alpha.1 ### Major Changes - d87fa026: feat!: experiments config renamed to flags - The `experiments` configuration is renamed to `flags`. The functionality is exactly the same. ```js flags: token: false; search: false; ``` - The `self_path` property from the config file is being removed in favor of `config_file` full path. - Refactor `config` module, better types and utilities - da1ee9c8: - Replace signature handler for legacy tokens by removing deprecated crypto.createDecipher by createCipheriv - Introduce environment variables for legacy tokens ### Code Improvements - Add debug library for improve developer experience ### Breaking change - The new signature invalidates all previous tokens generated by Verdaccio 4 or previous versions. - The secret key must have 32 characters long. ### New environment variables - `VERDACCIO_LEGACY_ALGORITHM`: Allows to define the specific algorithm for the token signature which by default is `aes-256-ctr` - `VERDACCIO_LEGACY_ENCRYPTION_KEY`: By default, the token stores in the database, but using this variable allows to get it from memory ### Minor Changes - 26b494cb: feat: add typescript project references settings Reading https://ebaytech.berlin/optimizing-multi-package-apps-with-typescript-project-references-d5c57a3b4440 I realized I can use project references to solve the issue to pre-compile modules on develop mode. It allows to navigate (IDE) trough the packages without need compile the packages. Add two `tsconfig`, one using the previous existing configuration that is able to produce declaration files (`tsconfig.build`) and a new one `tsconfig` which is enables [_projects references_](https://www.typescriptlang.org/docs/handbook/project-references.html). ### Patch Changes - b57b4338: Enable prerelease mode with **changesets** - 31af0164: ESLint Warnings Fixed Related to issue #1461 - max-len: most of the sensible max-len errors are fixed - no-unused-vars: most of these types of errors are fixed by deleting not needed declarations - @typescript-eslint/no-unused-vars: same as above - Updated dependencies [d87fa026] - Updated dependencies [da1ee9c8] - Updated dependencies [26b494cb] - Updated dependencies [b57b4338] - Updated dependencies [add778d5] - Updated dependencies [31af0164] - @verdaccio/auth@5.0.0-alpha.1 - @verdaccio/config@5.0.0-alpha.1 - @verdaccio/commons-api@10.0.0-alpha.1 - @verdaccio/loaders@5.0.0-alpha.1 - @verdaccio/logger@5.0.0-alpha.1 - @verdaccio/utils@5.0.0-alpha.1 ## 5.0.0-alpha.1 ### Major Changes - d87fa0268: feat!: experiments config renamed to flags - The `experiments` configuration is renamed to `flags`. The functionality is exactly the same. ```js flags: token: false; search: false; ``` - The `self_path` property from the config file is being removed in favor of `config_file` full path. - Refactor `config` module, better types and utilities - da1ee9c82: - Replace signature handler for legacy tokens by removing deprecated crypto.createDecipher by createCipheriv - Introduce environment variables for legacy tokens ### Code Improvements - Add debug library for improve developer experience ### Breaking change - The new signature invalidates all previous tokens generated by Verdaccio 4 or previous versions. - The secret key must have 32 characters long. ### New environment variables - `VERDACCIO_LEGACY_ALGORITHM`: Allows to define the specific algorithm for the token signature which by default is `aes-256-ctr` - `VERDACCIO_LEGACY_ENCRYPTION_KEY`: By default, the token stores in the database, but using this variable allows to get it from memory ### Minor Changes - 26b494cbd: feat: add typescript project references settings Reading https://ebaytech.berlin/optimizing-multi-package-apps-with-typescript-project-references-d5c57a3b4440 I realized I can use project references to solve the issue to pre-compile modules on develop mode. It allows to navigate (IDE) trough the packages without need compile the packages. Add two `tsconfig`, one using the previous existing configuration that is able to produce declaration files (`tsconfig.build`) and a new one `tsconfig` which is enables [_projects references_](https://www.typescriptlang.org/docs/handbook/project-references.html). ### Patch Changes - b57b43388: Enable prerelease mode with **changesets** - 31af01641: ESLint Warnings Fixed Related to issue #1461 - max-len: most of the sensible max-len errors are fixed - no-unused-vars: most of these types of errors are fixed by deleting not needed declarations - @typescript-eslint/no-unused-vars: same as above - Updated dependencies [d87fa0268] - Updated dependencies [da1ee9c82] - Updated dependencies [26b494cbd] - Updated dependencies [b57b43388] - Updated dependencies [add778d55] - Updated dependencies [31af01641] - @verdaccio/auth@5.0.0-alpha.1 - @verdaccio/config@5.0.0-alpha.1 - @verdaccio/commons-api@10.0.0-alpha.0 - @verdaccio/loaders@5.0.0-alpha.1 - @verdaccio/logger@5.0.0-alpha.1 - @verdaccio/utils@5.0.0-alpha.1