--- '@verdaccio/api': major '@verdaccio/auth': major '@verdaccio/cli': major '@verdaccio/config': major '@verdaccio/file-locking': major 'verdaccio-htpasswd': major '@verdaccio/local-storage': major '@verdaccio/readme': major '@verdaccio/streams': major '@verdaccio/types': major '@verdaccio/hooks': major '@verdaccio/loaders': major '@verdaccio/logger': major '@verdaccio/logger-prettify': major '@verdaccio/middleware': major '@verdaccio/node-api': major '@verdaccio/proxy': major '@verdaccio/server': major '@verdaccio/store': major '@verdaccio/utils': major 'verdaccio': major '@verdaccio/web': major --- - Replace signature handler for legacy tokens by removing deprecated crypto.createDecipher by createCipheriv - Introduce environment variables for legacy tokens ### Code Improvements - Add debug library for improve developer experience ### Breaking change - The new signature invalidates all previous tokens generated by Verdaccio 4 or previous versions. - The secret key must have 32 characters long. ### New environment variables - `VERDACCIO_LEGACY_ALGORITHM`: Allows to define the specific algorithm for the token signature which by default is `aes-256-ctr` - `VERDACCIO_LEGACY_ENCRYPTION_KEY`: By default, the token stores in the database, but using this variable allows to get it from memory