mirror of
https://github.com/verdaccio/verdaccio.git
synced 2024-12-23 22:27:34 -05:00
b56d5cec39
* chore: relocated mock package * refactor: relocate local-storage htpasswd to plugins because they are * chore: format
401 lines
14 KiB
Markdown
401 lines
14 KiB
Markdown
# Change Log
|
|
|
|
## 11.0.0-6-next.9
|
|
|
|
### Major Changes
|
|
|
|
- 794af76c: Remove Node 12 support
|
|
|
|
- We need move to the new `undici` and does not support Node.js 12
|
|
|
|
### Minor Changes
|
|
|
|
- 154b2ecd: refactor: remove @verdaccio/commons-api in favor @verdaccio/core and remove duplications
|
|
|
|
### Patch Changes
|
|
|
|
- Updated dependencies [794af76c]
|
|
- Updated dependencies [154b2ecd]
|
|
- @verdaccio/core@6.0.0-6-next.2
|
|
- @verdaccio/file-locking@11.0.0-6-next.4
|
|
|
|
## 11.0.0-6-next.8
|
|
|
|
### Patch Changes
|
|
|
|
- Updated dependencies [459b6fa7]
|
|
- @verdaccio/commons-api@11.0.0-6-next.4
|
|
- @verdaccio/file-locking@11.0.0-alpha.3
|
|
|
|
## 11.0.0-6-next.7
|
|
|
|
### Patch Changes
|
|
|
|
- df0da3d6: Added core-js missing from dependencies though referenced in .js sources
|
|
|
|
## 10.0.0-alpha.6
|
|
|
|
### Major Changes
|
|
|
|
- 174cdcaa: feat: allow other password hashing algorithms (#1917)
|
|
|
|
**breaking change**
|
|
|
|
The current implementation of the `htpasswd` module supports multiple hash formats on verify, but only `crypt` on sign in.
|
|
`crypt` is an insecure old format, so to improve the security of the new `verdaccio` release we introduce the support of multiple hash algorithms on sign in step.
|
|
|
|
### New hashing algorithms
|
|
|
|
The new possible hash algorithms to use are `bcrypt`, `md5`, `sha1`. `bcrypt` is chosen as a default, because of its customizable complexity and overall reliability. You can read more about them [here](https://httpd.apache.org/docs/2.4/misc/password_encryptions.html).
|
|
|
|
Two new properties are added to `auth` section in the configuration file:
|
|
|
|
- `algorithm` to choose the way you want to hash passwords.
|
|
- `rounds` is used to determine `bcrypt` complexity. So one can improve security according to increasing computational power.
|
|
|
|
Example of the new `auth` config file section:
|
|
|
|
```yaml
|
|
auth:
|
|
htpasswd:
|
|
file: ./htpasswd
|
|
max_users: 1000
|
|
# Hash algorithm, possible options are: "bcrypt", "md5", "sha1", "crypt".
|
|
algorithm: bcrypt
|
|
# Rounds number for "bcrypt", will be ignored for other algorithms.
|
|
rounds: 10
|
|
```
|
|
|
|
## 10.0.0-alpha.5
|
|
|
|
### Major Changes
|
|
|
|
- f8a50baa: feat: standalone registry with no dependencies
|
|
|
|
## Usage
|
|
|
|
To install a server with no dependencies
|
|
|
|
```bash
|
|
npm install -g @verdaccio/standalone
|
|
```
|
|
|
|
with no internet required
|
|
|
|
```bash
|
|
npm install -g ./tarball.tar.gz
|
|
```
|
|
|
|
Bundles htpasswd and audit plugins.
|
|
|
|
### Breaking Change
|
|
|
|
It does not allow anymore the `auth` and `middleware` property at config file empty,
|
|
it will fallback to those plugins by default.
|
|
|
|
## 10.0.0-alpha.4
|
|
|
|
### Patch Changes
|
|
|
|
- fecbb9be: chore: add release step to private regisry on merge changeset pr
|
|
- Updated dependencies [fecbb9be]
|
|
- @verdaccio/commons-api@10.0.0-alpha.3
|
|
- @verdaccio/file-locking@10.0.0-alpha.3
|
|
|
|
## 10.0.0-alpha.3
|
|
|
|
### Minor Changes
|
|
|
|
- 54c58d1e: feat: add server rate limit protection to all request
|
|
|
|
To modify custom values, use the server settings property.
|
|
|
|
```markdown
|
|
server:
|
|
|
|
## https://www.npmjs.com/package/express-rate-limit#configuration-options
|
|
|
|
rateLimit:
|
|
windowMs: 1000
|
|
max: 10000
|
|
```
|
|
|
|
The values are intended to be high, if you want to improve security of your server consider
|
|
using different values.
|
|
|
|
### Patch Changes
|
|
|
|
- Updated dependencies [54c58d1e]
|
|
- @verdaccio/commons-api@10.0.0-alpha.2
|
|
- @verdaccio/file-locking@10.0.0-alpha.2
|
|
|
|
## 10.0.0-alpha.2
|
|
|
|
### Minor Changes
|
|
|
|
- 2a327c4b: feat: remove level dependency by lowdb for npm token cli as storage
|
|
|
|
### new npm token database
|
|
|
|
There will be a new database located in your storage named `.token-db.json` which
|
|
will store all references to created tokens, **it does not store tokens**, just
|
|
mask of them and related metadata required to reference them.
|
|
|
|
#### Breaking change
|
|
|
|
If you were relying on `npm token` experiment. This PR will replace the
|
|
used database (level) by a json plain based one (lowbd) which does not
|
|
require Node.js C++ compilation step and has less dependencies. Since was
|
|
a experiment there is no migration step.
|
|
|
|
## 10.0.0-alpha.1
|
|
|
|
### Major Changes
|
|
|
|
- d87fa026: feat!: experiments config renamed to flags
|
|
|
|
- The `experiments` configuration is renamed to `flags`. The functionality is exactly the same.
|
|
|
|
```js
|
|
flags: token: false;
|
|
search: false;
|
|
```
|
|
|
|
- The `self_path` property from the config file is being removed in favor of `config_file` full path.
|
|
- Refactor `config` module, better types and utilities
|
|
|
|
- da1ee9c8: - Replace signature handler for legacy tokens by removing deprecated crypto.createDecipher by createCipheriv
|
|
|
|
- Introduce environment variables for legacy tokens
|
|
|
|
### Code Improvements
|
|
|
|
- Add debug library for improve developer experience
|
|
|
|
### Breaking change
|
|
|
|
- The new signature invalidates all previous tokens generated by Verdaccio 4 or previous versions.
|
|
- The secret key must have 32 characters long.
|
|
|
|
### New environment variables
|
|
|
|
- `VERDACCIO_LEGACY_ALGORITHM`: Allows to define the specific algorithm for the token signature which by default is `aes-256-ctr`
|
|
- `VERDACCIO_LEGACY_ENCRYPTION_KEY`: By default, the token stores in the database, but using this variable allows to get it from memory
|
|
|
|
### Minor Changes
|
|
|
|
- 26b494cb: feat: add typescript project references settings
|
|
|
|
Reading https://ebaytech.berlin/optimizing-multi-package-apps-with-typescript-project-references-d5c57a3b4440 I realized I can use project references to solve the issue to pre-compile modules on develop mode.
|
|
|
|
It allows to navigate (IDE) trough the packages without need compile the packages.
|
|
|
|
Add two `tsconfig`, one using the previous existing configuration that is able to produce declaration files (`tsconfig.build`) and a new one `tsconfig` which is enables [_projects references_](https://www.typescriptlang.org/docs/handbook/project-references.html).
|
|
|
|
### Patch Changes
|
|
|
|
- b57b4338: Enable prerelease mode with **changesets**
|
|
- 31af0164: ESLint Warnings Fixed
|
|
|
|
Related to issue #1461
|
|
|
|
- max-len: most of the sensible max-len errors are fixed
|
|
- no-unused-vars: most of these types of errors are fixed by deleting not needed declarations
|
|
- @typescript-eslint/no-unused-vars: same as above
|
|
|
|
- Updated dependencies [d87fa026]
|
|
- Updated dependencies [da1ee9c8]
|
|
- Updated dependencies [26b494cb]
|
|
- Updated dependencies [b57b4338]
|
|
- Updated dependencies [31af0164]
|
|
- @verdaccio/file-locking@10.0.0-alpha.1
|
|
|
|
All notable changes to this project will be documented in this file.
|
|
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
|
|
|
|
## [9.7.2](https://github.com/verdaccio/monorepo/compare/v9.7.1...v9.7.2) (2020-07-20)
|
|
|
|
**Note:** Version bump only for package verdaccio-htpasswd
|
|
|
|
## [9.7.1](https://github.com/verdaccio/monorepo/compare/v9.7.0...v9.7.1) (2020-07-10)
|
|
|
|
### Bug Fixes
|
|
|
|
- update dependencies ([#375](https://github.com/verdaccio/monorepo/issues/375)) ([1e7aeec](https://github.com/verdaccio/monorepo/commit/1e7aeec31b056979285e272793a95b8c75d57c77))
|
|
|
|
# [9.7.0](https://github.com/verdaccio/monorepo/compare/v9.6.1...v9.7.0) (2020-06-24)
|
|
|
|
**Note:** Version bump only for package verdaccio-htpasswd
|
|
|
|
## [9.6.1](https://github.com/verdaccio/monorepo/compare/v9.6.0...v9.6.1) (2020-06-07)
|
|
|
|
**Note:** Version bump only for package verdaccio-htpasswd
|
|
|
|
# [9.5.0](https://github.com/verdaccio/monorepo/compare/v9.4.1...v9.5.0) (2020-05-02)
|
|
|
|
**Note:** Version bump only for package verdaccio-htpasswd
|
|
|
|
## [9.4.1](https://github.com/verdaccio/monorepo/compare/v9.4.0...v9.4.1) (2020-04-30)
|
|
|
|
### Bug Fixes
|
|
|
|
- **verdaccio-htpasswd:** generate non-constant legacy 2 byte salt ([#357](https://github.com/verdaccio/monorepo/issues/357)) ([d522595](https://github.com/verdaccio/monorepo/commit/d522595122b7deaac8e3bc568f73658041811aaf))
|
|
|
|
# [9.4.0](https://github.com/verdaccio/monorepo/compare/v9.3.4...v9.4.0) (2020-03-21)
|
|
|
|
**Note:** Version bump only for package verdaccio-htpasswd
|
|
|
|
## [9.3.2](https://github.com/verdaccio/monorepo/compare/v9.3.1...v9.3.2) (2020-03-08)
|
|
|
|
### Bug Fixes
|
|
|
|
- update dependencies ([#332](https://github.com/verdaccio/monorepo/issues/332)) ([b6165ae](https://github.com/verdaccio/monorepo/commit/b6165aea9b7e4012477081eae68bfa7159c58f56))
|
|
|
|
## [9.3.1](https://github.com/verdaccio/monorepo/compare/v9.3.0...v9.3.1) (2020-02-23)
|
|
|
|
**Note:** Version bump only for package verdaccio-htpasswd
|
|
|
|
# [9.3.0](https://github.com/verdaccio/monorepo/compare/v9.2.0...v9.3.0) (2020-01-29)
|
|
|
|
**Note:** Version bump only for package verdaccio-htpasswd
|
|
|
|
# [9.0.0](https://github.com/verdaccio/monorepo/compare/v8.5.3...v9.0.0) (2020-01-07)
|
|
|
|
### chore
|
|
|
|
- update dependencies ([68add74](https://github.com/verdaccio/monorepo/commit/68add743159867f678ddb9168d2bc8391844de47))
|
|
|
|
### Features
|
|
|
|
- **eslint-config:** enable eslint curly ([#308](https://github.com/verdaccio/monorepo/issues/308)) ([91acb12](https://github.com/verdaccio/monorepo/commit/91acb121847018e737c21b367fcaab8baa918347))
|
|
|
|
### BREAKING CHANGES
|
|
|
|
- @verdaccio/eslint-config requires ESLint >=6.8.0 and Prettier >=1.19.1 to fix compatibility with overrides.extends config
|
|
|
|
## [8.5.2](https://github.com/verdaccio/monorepo/compare/v8.5.1...v8.5.2) (2019-12-25)
|
|
|
|
**Note:** Version bump only for package verdaccio-htpasswd
|
|
|
|
## [8.5.1](https://github.com/verdaccio/monorepo/compare/v8.5.0...v8.5.1) (2019-12-24)
|
|
|
|
**Note:** Version bump only for package verdaccio-htpasswd
|
|
|
|
# [8.5.0](https://github.com/verdaccio/monorepo/compare/v8.4.2...v8.5.0) (2019-12-22)
|
|
|
|
**Note:** Version bump only for package verdaccio-htpasswd
|
|
|
|
## [8.4.2](https://github.com/verdaccio/monorepo/compare/v8.4.1...v8.4.2) (2019-11-23)
|
|
|
|
**Note:** Version bump only for package verdaccio-htpasswd
|
|
|
|
## [8.4.1](https://github.com/verdaccio/monorepo/compare/v8.4.0...v8.4.1) (2019-11-22)
|
|
|
|
**Note:** Version bump only for package verdaccio-htpasswd
|
|
|
|
# [8.4.0](https://github.com/verdaccio/monorepo/compare/v8.3.0...v8.4.0) (2019-11-22)
|
|
|
|
**Note:** Version bump only for package verdaccio-htpasswd
|
|
|
|
# [8.3.0](https://github.com/verdaccio/monorepo/compare/v8.2.0...v8.3.0) (2019-10-27)
|
|
|
|
**Note:** Version bump only for package verdaccio-htpasswd
|
|
|
|
# [8.2.0](https://github.com/verdaccio/monorepo/compare/v8.2.0-next.0...v8.2.0) (2019-10-23)
|
|
|
|
**Note:** Version bump only for package verdaccio-htpasswd
|
|
|
|
# [8.2.0-next.0](https://github.com/verdaccio/monorepo/compare/v8.1.4...v8.2.0-next.0) (2019-10-08)
|
|
|
|
### Bug Fixes
|
|
|
|
- fixed lint errors ([5e677f7](https://github.com/verdaccio/monorepo/commit/5e677f7))
|
|
|
|
## [8.1.2](https://github.com/verdaccio/monorepo/compare/v8.1.1...v8.1.2) (2019-09-29)
|
|
|
|
**Note:** Version bump only for package verdaccio-htpasswd
|
|
|
|
## [8.1.1](https://github.com/verdaccio/monorepo/compare/v8.1.0...v8.1.1) (2019-09-26)
|
|
|
|
**Note:** Version bump only for package verdaccio-htpasswd
|
|
|
|
# [8.1.0](https://github.com/verdaccio/monorepo/compare/v8.0.1-next.1...v8.1.0) (2019-09-07)
|
|
|
|
**Note:** Version bump only for package verdaccio-htpasswd
|
|
|
|
## [8.0.1-next.1](https://github.com/verdaccio/monorepo/compare/v8.0.1-next.0...v8.0.1-next.1) (2019-08-29)
|
|
|
|
**Note:** Version bump only for package verdaccio-htpasswd
|
|
|
|
## [8.0.1-next.0](https://github.com/verdaccio/monorepo/compare/v8.0.0...v8.0.1-next.0) (2019-08-29)
|
|
|
|
**Note:** Version bump only for package verdaccio-htpasswd
|
|
|
|
# [8.0.0](https://github.com/verdaccio/monorepo/compare/v8.0.0-next.4...v8.0.0) (2019-08-22)
|
|
|
|
**Note:** Version bump only for package verdaccio-htpasswd
|
|
|
|
# [8.0.0-next.4](https://github.com/verdaccio/monorepo/compare/v8.0.0-next.3...v8.0.0-next.4) (2019-08-18)
|
|
|
|
**Note:** Version bump only for package verdaccio-htpasswd
|
|
|
|
# [8.0.0-next.2](https://github.com/verdaccio/monorepo/compare/v8.0.0-next.1...v8.0.0-next.2) (2019-08-03)
|
|
|
|
**Note:** Version bump only for package verdaccio-htpasswd
|
|
|
|
# [8.0.0-next.1](https://github.com/verdaccio/monorepo/compare/v8.0.0-next.0...v8.0.0-next.1) (2019-08-01)
|
|
|
|
**Note:** Version bump only for package verdaccio-htpasswd
|
|
|
|
# [8.0.0-next.0](https://github.com/verdaccio/monorepo/compare/v2.0.0...v8.0.0-next.0) (2019-08-01)
|
|
|
|
**Note:** Version bump only for package verdaccio-htpasswd
|
|
|
|
# Change Log
|
|
|
|
All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
|
|
|
|
# [2.0.0](https://github.com/verdaccio/verdaccio-htpasswd/compare/v2.0.0-beta.1...v2.0.0) (2019-04-14)
|
|
|
|
### Features
|
|
|
|
- drop node v6 suport ([d1d52e8](https://github.com/verdaccio/verdaccio-htpasswd/commit/d1d52e8))
|
|
|
|
<a name="2.0.0-beta.1"></a>
|
|
|
|
# [2.0.0-beta.1](https://github.com/verdaccio/verdaccio-htpasswd/compare/v2.0.0-beta.0...v2.0.0-beta.1) (2019-02-24)
|
|
|
|
### Bug Fixes
|
|
|
|
- package.json to reduce vulnerabilities ([259bdaf](https://github.com/verdaccio/verdaccio-htpasswd/commit/259bdaf))
|
|
- update [@verdaccio](https://github.com/verdaccio)/file-locking@1.0.0 ([ec0bbfd](https://github.com/verdaccio/verdaccio-htpasswd/commit/ec0bbfd))
|
|
|
|
<a name="2.0.0-beta.0"></a>
|
|
|
|
# [2.0.0-beta.0](https://github.com/verdaccio/verdaccio-htpasswd/compare/v1.0.1...v2.0.0-beta.0) (2019-02-03)
|
|
|
|
### Features
|
|
|
|
- migrate to typescript ([79f6937](https://github.com/verdaccio/verdaccio-htpasswd/commit/79f6937))
|
|
- remove Node6 from CircleCI ([d3a05ab](https://github.com/verdaccio/verdaccio-htpasswd/commit/d3a05ab))
|
|
- use verdaccio babel preset ([3a63f88](https://github.com/verdaccio/verdaccio-htpasswd/commit/3a63f88))
|
|
|
|
<a name="1.0.1"></a>
|
|
|
|
## [1.0.1](https://github.com/verdaccio/verdaccio-htpasswd/compare/v1.0.0...v1.0.1) (2018-09-30)
|
|
|
|
### Bug Fixes
|
|
|
|
- password hash & increase coverage ([6420c26](https://github.com/verdaccio/verdaccio-htpasswd/commit/6420c26))
|
|
|
|
<a name="1.0.0"></a>
|
|
|
|
# [1.0.0](https://github.com/verdaccio/verdaccio-htpasswd/compare/v0.2.2...v1.0.0) (2018-09-30)
|
|
|
|
### Bug Fixes
|
|
|
|
- adds error message for user registration ([0bab945](https://github.com/verdaccio/verdaccio-htpasswd/commit/0bab945))
|
|
|
|
### Features
|
|
|
|
- **change-passwd:** implement change password [#32](https://github.com/verdaccio/verdaccio-htpasswd/issues/32) ([830b143](https://github.com/verdaccio/verdaccio-htpasswd/commit/830b143))
|