0
Fork 0
mirror of https://github.com/verdaccio/verdaccio.git synced 2025-01-06 22:40:26 -05:00
verdaccio/packages/api/CHANGELOG.md
2023-08-21 17:38:13 +02:00

47 KiB

@verdaccio/api

7.0.0-next.0

Major Changes

  • feat!: bump to v7

Patch Changes

  • Updated dependencies
    • @verdaccio/auth@7.0.0-next.0
    • @verdaccio/config@7.0.0-next.0
    • @verdaccio/core@7.0.0-next.0
    • @verdaccio/logger@7.0.0-next.0
    • @verdaccio/middleware@7.0.0-next.0
    • @verdaccio/store@7.0.0-next.0
    • @verdaccio/utils@7.0.0-next.0

6.0.0

Major Changes

  • 292c0a37f: feat!: replace deprecated request dependency by got

    This is a big refactoring of the core, fetching dependencies, improve code, more tests and better stability. This is essential for the next release, will take some time but would allow modularize more the core.

    Notes

    • Remove deprecated request by other got, retry improved, custom Agent ( got does not include it built-in)
    • Remove async dependency from storage (used by core) it was linked with proxy somehow safe to remove now
    • Refactor with promises instead callback wherever is possible
    • Document the API
    • Improve testing, integration tests
    • Bugfix
    • Clean up old validations
    • Improve performance

    💥 Breaking changes

    • Plugin API methods were callbacks based are returning promises, this will break current storage plugins, check documentation for upgrade.
    • Write Tarball, Read Tarball methods parameters change, a new set of options like AbortController signals are being provided to the addAbortSignal can be internally used with Streams when a request is aborted. eg: addAbortSignal(signal, fs.createReadStream(pathName));
    • @verdaccio/streams stream abort support is legacy is being deprecated removed
    • Remove AWS and Google Cloud packages for future refactoring #2574.
  • a828271d6: refactor: download manifest endpoint and integrate fastify

    Much simpler API for fetching a package

     const manifest = await storage.getPackageNext({
          name,
          uplinksLook: true,
          req,
          version: queryVersion,
          requestOptions,
     });
    

    not perfect, the req still is being passed to the proxy (this has to be refactored at proxy package) and then removed from here, in proxy we pass the request instance to the request library.

    Details

    • async/await sugar for getPackage()
    • Improve and reuse code between current implementation and new fastify endpoint (add scaffolding for request manifest)
    • Improve performance
    • Add new tests

    Breaking changes

    All storage plugins will stop to work since the storage uses getPackageNext method which is Promise based, I won't replace this now because will force me to update all plugins, I'll follow up in another PR. Currently will throw http 500

  • 459b6fa72: refactor: search v1 endpoint and local-database

    • refactor search api v1 endpoint, improve performance
    • remove usage of async dependency https://github.com/verdaccio/verdaccio/issues/1225
    • refactor method storage class
    • create new module core to reduce the ammount of modules with utilities
    • use undici instead node-fetch
    • use fastify instead express for functional test

    Breaking changes

    • plugin storage API changes
    • remove old search endpoint (return 404)
    • filter local private packages at plugin level

    The storage api changes for methods get, add, remove as promise base. The search methods also changes and recieves a query object that contains all query params from the client.

    export interface IPluginStorage<T> extends IPlugin {
      add(name: string): Promise<void>;
      remove(name: string): Promise<void>;
      get(): Promise<any>;
      init(): Promise<void>;
      getSecret(): Promise<string>;
      setSecret(secret: string): Promise<any>;
      getPackageStorage(packageInfo: string): IPackageStorage;
      search(query: searchUtils.SearchQuery): Promise<searchUtils.SearchItem[]>;
      saveToken(token: Token): Promise<any>;
      deleteToken(user: string, tokenKey: string): Promise<any>;
      readTokens(filter: TokenFilter): Promise<Token[]>;
    }
    
  • 9fc2e7961: feat(plugins): improve plugin loader

    Changes

    Features

    // config.yaml
    server:
      pluginPrefix: mycompany
    middleware:
      audit:
          foo: 1
    

    This configuration will look up for mycompany-audit instead Verdaccio-audit.

    Breaking Changes

    sinopia plugins

    • sinopia fallback support is removed, but can be restored using pluginPrefix

    plugin filter

    • method rename filter_metadata->filterMetadata

    Plugin constructor does not merge configs anymore https://github.com/verdaccio/verdaccio/issues/928

    The plugin receives as first argument config, which represents the config of the plugin. Example:

    // config.yaml
    auth:
      plugin:
         foo: 1
         bar: 2
    
    export class Plugin<T> {
      public constructor(config: T, options: PluginOptions) {
        console.log(config);
        // {foo:1, bar: 2}
     }
    }
    
  • 794af76c5: Remove Node 12 support

    • We need move to the new undici and does not support Node.js 12
  • 10aeb4f13: feat!: experiments config renamed to flags

    • The experiments configuration is renamed to flags. The functionality is exactly the same.
    flags: token: false;
    search: false;
    
    • The self_path property from the config file is being removed in favor of config_file full path.
    • Refactor config module, better types and utilities
  • e367c3f1e: - Replace signature handler for legacy tokens by removing deprecated crypto.createDecipher by createCipheriv

    • Introduce environment variables for legacy tokens

    Code Improvements

    • Add debug library for improve developer experience

    Breaking change

    • The new signature invalidates all previous tokens generated by Verdaccio 4 or previous versions.
    • The secret key must have 32 characters long.

    New environment variables

    • VERDACCIO_LEGACY_ALGORITHM: Allows to define the specific algorithm for the token signature which by default is aes-256-ctr
    • VERDACCIO_LEGACY_ENCRYPTION_KEY: By default, the token stores in the database, but using this variable allows to get it from memory
  • 82cb0f2bf: feat!: config.logs throw an error, logging config not longer accept array or logs property

    💥 Breaking change

    This is valid

    log: { type: stdout, format: pretty, level: http }
    

    This is invalid

    logs: { type: stdout, format: pretty, level: http }
    

    or

    logs:
      - [{ type: stdout, format: pretty, level: http }]
    

Minor Changes

  • a1986e098: feat: expose middleware utils

  • ef88da3b4: feat: improve support for fs promises older nodejs

  • ae93e039d: fix: expose middleware methods

  • 24b9be020: refactor: improve docker image build with strict dependencies and prod build

  • 631abe1ac: feat: refactor logger

  • b702ea363: abort search request support for proxy

  • 00d1d2a17: chore: env variable for launch fastify

    • Update fastify to major release v4.3.0
    • Update CLI launcher

    via CLI

    VERDACCIO_SERVER=fastify verdaccio
    

    with docker

    docker run -it --rm --name verdaccio \
      -e "VERDACCIO_SERVER=8080" -p 8080:8080 \
      -e "VERDACCIO_SERVER=fastify" \
      verdaccio/verdaccio
    
  • e54ec4b5d: feat: remove level dependency by lowdb for npm token cli as storage

    new npm token database

    There will be a new database located in your storage named .token-db.json which will store all references to created tokens, it does not store tokens, just mask of them and related metadata required to reference them.

    Breaking change

    If you were relying on npm token experiment. This PR will replace the used database (level) by a json plain based one (lowbd) which does not require Node.js C++ compilation step and has less dependencies. Since was a experiment there is no migration step.

  • b61f762d6: feat: add server rate limit protection to all request

    To modify custom values, use the server settings property.

    server:
    
    ## https://www.npmjs.com/package/express-rate-limit#configuration-options
    
    rateLimit:
    windowMs: 1000
    max: 10000
    

    The values are intended to be high, if you want to improve security of your server consider using different values.

  • 154b2ecd3: refactor: remove @verdaccio/commons-api in favor @verdaccio/core and remove duplications

  • aa763baec: feat: add typescript project references settings

    Reading https://ebaytech.berlin/optimizing-multi-package-apps-with-typescript-project-references-d5c57a3b4440 I realized I can use project references to solve the issue to pre-compile modules on develop mode.

    It allows to navigate (IDE) trough the packages without need compile the packages.

    Add two tsconfig, one using the previous existing configuration that is able to produce declaration files (tsconfig.build) and a new one tsconfig which is enables projects references.

  • ce013d2fc: refactor: npm star command support reimplemented

  • 62c24b632: feat: add passwordValidationRegex property

  • 5167bb528: feat: ui search support for remote, local and private packages

    The command npm search search globally and return all matches, with this improvement the user interface is powered with the same capabilities.

    The UI also tag where is the origin the package with a tag, also provide the latest version and description of the package.

  • 4b29d715b: chore: move improvements from v5 to v6

    Migrate improvements form v5 to v6:

  • b13a3fefd: refactor: improve versions and dist-tag filters

  • 37274e4c8: feat: implement abbreviated manifest

    Enable abbreviated manifest data by adding the header:

    curl -H "Accept: application/vnd.npm.install-v1+json" https://registry.npmjs.org/verdaccio
    

    It returns a filtered manifest, additionally includes the time field by request.

    Current support for packages managers:

    • npm: yes
    • pnpm: yes
    • yarn classic: yes
    • yarn modern (+2.x): no

    https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md#abbreviated-metadata-format

  • 45c03819e: refactor: render html middleware

Patch Changes

6.0.0-6-next.59

Patch Changes

  • @verdaccio/store@6.0.0-6-next.56
  • @verdaccio/core@6.0.0-6-next.76
  • @verdaccio/config@6.0.0-6-next.76
  • @verdaccio/auth@6.0.0-6-next.55
  • @verdaccio/middleware@6.0.0-6-next.55
  • @verdaccio/utils@6.0.0-6-next.44
  • @verdaccio/logger@6.0.0-6-next.44

6.0.0-6-next.58

Patch Changes

  • Updated dependencies [0a6412ca9]
  • Updated dependencies [0a6412ca9]
    • @verdaccio/core@6.0.0-6-next.75
    • @verdaccio/store@6.0.0-6-next.55
    • @verdaccio/auth@6.0.0-6-next.54
    • @verdaccio/config@6.0.0-6-next.75
    • @verdaccio/middleware@6.0.0-6-next.54
    • @verdaccio/utils@6.0.0-6-next.43
    • @verdaccio/logger@6.0.0-6-next.43

6.0.0-6-next.57

Minor Changes

Patch Changes

  • Updated dependencies [ae93e039d]
    • @verdaccio/middleware@6.0.0-6-next.53
    • @verdaccio/core@6.0.0-6-next.74
    • @verdaccio/config@6.0.0-6-next.74
    • @verdaccio/auth@6.0.0-6-next.53
    • @verdaccio/store@6.0.0-6-next.54
    • @verdaccio/utils@6.0.0-6-next.42
    • @verdaccio/logger@6.0.0-6-next.42

6.0.0-6-next.56

Patch Changes

  • f859d2b1a: fix: official package "-" cannot be synced
  • Updated dependencies [f859d2b1a]
    • @verdaccio/core@6.0.0-6-next.73
    • @verdaccio/middleware@6.0.0-6-next.52
    • @verdaccio/auth@6.0.0-6-next.52
    • @verdaccio/config@6.0.0-6-next.73
    • @verdaccio/store@6.0.0-6-next.53
    • @verdaccio/utils@6.0.0-6-next.41
    • @verdaccio/logger@6.0.0-6-next.41

6.0.0-6-next.55

Patch Changes

  • @verdaccio/core@6.0.0-6-next.72
  • @verdaccio/config@6.0.0-6-next.72
  • @verdaccio/auth@6.0.0-6-next.51
  • @verdaccio/middleware@6.0.0-6-next.51
  • @verdaccio/store@6.0.0-6-next.52
  • @verdaccio/utils@6.0.0-6-next.40
  • @verdaccio/logger@6.0.0-6-next.40

6.0.0-6-next.54

Patch Changes

  • Updated dependencies [679c19c1b]
    • @verdaccio/config@6.0.0-6-next.71
    • @verdaccio/auth@6.0.0-6-next.50
    • @verdaccio/middleware@6.0.0-6-next.50
    • @verdaccio/store@6.0.0-6-next.51
    • @verdaccio/logger@6.0.0-6-next.39
    • @verdaccio/core@6.0.0-6-next.71
    • @verdaccio/utils@6.0.0-6-next.39

6.0.0-6-next.53

Patch Changes

  • @verdaccio/logger@6.0.0-6-next.38
  • @verdaccio/auth@6.0.0-6-next.49
  • @verdaccio/middleware@6.0.0-6-next.49
  • @verdaccio/store@6.0.0-6-next.50
  • @verdaccio/core@6.0.0-6-next.70
  • @verdaccio/config@6.0.0-6-next.70
  • @verdaccio/utils@6.0.0-6-next.38

6.0.0-6-next.52

Patch Changes

  • Updated dependencies [c9d1af0e]
    • @verdaccio/auth@6.0.0-6-next.48
    • @verdaccio/core@6.0.0-6-next.69
    • @verdaccio/config@6.0.0-6-next.69
    • @verdaccio/middleware@6.0.0-6-next.48
    • @verdaccio/store@6.0.0-6-next.49
    • @verdaccio/utils@6.0.0-6-next.37
    • @verdaccio/logger@6.0.0-6-next.37

6.0.0-6-next.51

Patch Changes

  • @verdaccio/auth@6.0.0-6-next.47
  • @verdaccio/core@6.0.0-6-next.68
  • @verdaccio/config@6.0.0-6-next.68
  • @verdaccio/middleware@6.0.0-6-next.47
  • @verdaccio/store@6.0.0-6-next.48
  • @verdaccio/utils@6.0.0-6-next.36
  • @verdaccio/logger@6.0.0-6-next.36

6.0.0-6-next.50

Patch Changes

  • Updated dependencies [16e38df8]
    • @verdaccio/config@6.0.0-6-next.67
    • @verdaccio/core@6.0.0-6-next.67
    • @verdaccio/store@6.0.0-6-next.47
    • @verdaccio/auth@6.0.0-6-next.46
    • @verdaccio/middleware@6.0.0-6-next.46
    • @verdaccio/utils@6.0.0-6-next.35
    • @verdaccio/logger@6.0.0-6-next.35

6.0.0-6-next.49

Patch Changes

  • Updated dependencies [7ef599cc]
    • @verdaccio/middleware@6.0.0-6-next.45
    • @verdaccio/auth@6.0.0-6-next.45
    • @verdaccio/core@6.0.0-6-next.66
    • @verdaccio/logger@6.0.0-6-next.34
    • @verdaccio/store@6.0.0-6-next.46
    • @verdaccio/config@6.0.0-6-next.66
    • @verdaccio/utils@6.0.0-6-next.34

6.0.0-6-next.48

Patch Changes

  • Updated dependencies [a1da1130]
    • @verdaccio/core@6.0.0-6-next.65
    • @verdaccio/auth@6.0.0-6-next.44
    • @verdaccio/config@6.0.0-6-next.65
    • @verdaccio/middleware@6.0.0-6-next.44
    • @verdaccio/store@6.0.0-6-next.45
    • @verdaccio/utils@6.0.0-6-next.33
    • @verdaccio/logger@6.0.0-6-next.33

6.0.0-6-next.47

Patch Changes

  • Updated dependencies [974cd8c1]
    • @verdaccio/core@6.0.0-6-next.64
    • @verdaccio/auth@6.0.0-6-next.43
    • @verdaccio/config@6.0.0-6-next.64
    • @verdaccio/middleware@6.0.0-6-next.43
    • @verdaccio/store@6.0.0-6-next.44
    • @verdaccio/utils@6.0.0-6-next.32
    • @verdaccio/logger@6.0.0-6-next.32

6.0.0-6-next.46

Patch Changes

  • Updated dependencies [ddb6a223]
  • Updated dependencies [dc571aab]
    • @verdaccio/auth@6.0.0-6-next.42
    • @verdaccio/config@6.0.0-6-next.63
    • @verdaccio/core@6.0.0-6-next.63
    • @verdaccio/middleware@6.0.0-6-next.42
    • @verdaccio/store@6.0.0-6-next.43
    • @verdaccio/utils@6.0.0-6-next.31
    • @verdaccio/logger@6.0.0-6-next.31

6.0.0-6-next.45

Patch Changes

  • Updated dependencies [4fc21146]
  • Updated dependencies [378e907d]
    • @verdaccio/middleware@6.0.0-6-next.41
    • @verdaccio/core@6.0.0-6-next.62
    • @verdaccio/auth@6.0.0-6-next.41
    • @verdaccio/logger@6.0.0-6-next.30
    • @verdaccio/store@6.0.0-6-next.42
    • @verdaccio/config@6.0.0-6-next.62
    • @verdaccio/utils@6.0.0-6-next.30

6.0.0-6-next.44

Patch Changes

  • Updated dependencies [d167f92e]
    • @verdaccio/config@6.0.0-6-next.61
    • @verdaccio/auth@6.0.0-6-next.40
    • @verdaccio/middleware@6.0.0-6-next.40
    • @verdaccio/store@6.0.0-6-next.41
    • @verdaccio/core@6.0.0-6-next.61
    • @verdaccio/utils@6.0.0-6-next.29
    • @verdaccio/logger@6.0.0-6-next.29

6.0.0-6-next.43

Minor Changes

  • 45c03819: refactor: render html middleware

Patch Changes

  • Updated dependencies [45c03819]
    • @verdaccio/config@6.0.0-6-next.60
    • @verdaccio/middleware@6.0.0-6-next.39
    • @verdaccio/store@6.0.0-6-next.40
    • @verdaccio/auth@6.0.0-6-next.39
    • @verdaccio/core@6.0.0-6-next.60
    • @verdaccio/logger@6.0.0-6-next.28
    • @verdaccio/utils@6.0.0-6-next.28

6.0.0-6-next.42

Patch Changes

  • Updated dependencies [65f88b82]
    • @verdaccio/logger@6.0.0-6-next.27
    • @verdaccio/middleware@6.0.0-6-next.38
    • @verdaccio/auth@6.0.0-6-next.38
    • @verdaccio/store@6.0.0-6-next.39
    • @verdaccio/core@6.0.0-6-next.59
    • @verdaccio/config@6.0.0-6-next.59
    • @verdaccio/utils@6.0.0-6-next.27

6.0.0-6-next.41

Patch Changes

  • Updated dependencies [fa274ee4]
    • @verdaccio/middleware@6.0.0-6-next.37
    • @verdaccio/core@6.0.0-6-next.58
    • @verdaccio/config@6.0.0-6-next.58
    • @verdaccio/auth@6.0.0-6-next.37
    • @verdaccio/store@6.0.0-6-next.38
    • @verdaccio/utils@6.0.0-6-next.26
    • @verdaccio/logger@6.0.0-6-next.26

6.0.0-6-next.40

Patch Changes

  • Updated dependencies [9943e2b1]
    • @verdaccio/middleware@6.0.0-6-next.36
    • @verdaccio/store@6.0.0-6-next.37
    • @verdaccio/core@6.0.0-6-next.57
    • @verdaccio/config@6.0.0-6-next.57
    • @verdaccio/auth@6.0.0-6-next.36
    • @verdaccio/logger@6.0.0-6-next.25
    • @verdaccio/utils@6.0.0-6-next.25

6.0.0-6-next.39

Minor Changes

  • a1986e09: feat: expose middleware utils

Patch Changes

  • Updated dependencies [a1986e09]
    • @verdaccio/middleware@6.0.0-6-next.35
    • @verdaccio/utils@6.0.0-6-next.24
    • @verdaccio/auth@6.0.0-6-next.35
    • @verdaccio/config@6.0.0-6-next.56
    • @verdaccio/store@6.0.0-6-next.36
    • @verdaccio/core@6.0.0-6-next.56
    • @verdaccio/logger@6.0.0-6-next.24

6.0.0-6-next.38

Patch Changes

  • Updated dependencies [9718e033]
    • @verdaccio/config@6.0.0-6-next.55
    • @verdaccio/core@6.0.0-6-next.55
    • @verdaccio/store@6.0.0-6-next.35
    • @verdaccio/utils@6.0.0-6-next.23
    • @verdaccio/auth@6.0.0-6-next.34
    • @verdaccio/logger@6.0.0-6-next.23
    • @verdaccio/middleware@6.0.0-6-next.34

6.0.0-6-next.37

Minor Changes

  • ef88da3b: feat: improve support for fs promises older nodejs

Patch Changes

  • Updated dependencies [ef88da3b]
    • @verdaccio/config@6.0.0-6-next.54
    • @verdaccio/core@6.0.0-6-next.54
    • @verdaccio/logger@6.0.0-6-next.22
    • @verdaccio/utils@6.0.0-6-next.22
    • @verdaccio/auth@6.0.0-6-next.33
    • @verdaccio/store@6.0.0-6-next.34
    • @verdaccio/middleware@6.0.0-6-next.33

6.0.0-6-next.36

Patch Changes

  • @verdaccio/auth@6.0.0-6-next.32
  • @verdaccio/core@6.0.0-6-next.53
  • @verdaccio/logger@6.0.0-6-next.21
  • @verdaccio/store@6.0.0-6-next.33
  • @verdaccio/config@6.0.0-6-next.53
  • @verdaccio/middleware@6.0.0-6-next.32
  • @verdaccio/utils@6.0.0-6-next.21

6.0.0-6-next.35

Patch Changes

  • @verdaccio/core@6.0.0-6-next.52
  • @verdaccio/config@6.0.0-6-next.52
  • @verdaccio/auth@6.0.0-6-next.31
  • @verdaccio/logger@6.0.0-6-next.20
  • @verdaccio/middleware@6.0.0-6-next.31
  • @verdaccio/store@6.0.0-6-next.32
  • @verdaccio/utils@6.0.0-6-next.20

6.0.0-6-next.34

Minor Changes

Patch Changes

  • Updated dependencies [4b29d715]
    • @verdaccio/auth@6.0.0-6-next.30
    • @verdaccio/config@6.0.0-6-next.51
    • @verdaccio/core@6.0.0-6-next.51
    • @verdaccio/middleware@6.0.0-6-next.30
    • @verdaccio/store@6.0.0-6-next.31
    • @verdaccio/logger@6.0.0-6-next.19
    • @verdaccio/utils@6.0.0-6-next.19

6.0.0-6-next.33

Patch Changes

  • b4cc8001: fix: improve abort request search
    • @verdaccio/core@6.0.0-6-next.50
    • @verdaccio/config@6.0.0-6-next.50
    • @verdaccio/auth@6.0.0-6-next.29
    • @verdaccio/logger@6.0.0-6-next.18
    • @verdaccio/middleware@6.0.0-6-next.29
    • @verdaccio/store@6.0.0-6-next.30
    • @verdaccio/utils@6.0.0-6-next.18

6.0.0-6-next.32

Minor Changes

  • ce013d2f: refactor: npm star command support reimplemented

Patch Changes

  • Updated dependencies [ce013d2f]
    • @verdaccio/store@6.0.0-6-next.29
    • @verdaccio/core@6.0.0-6-next.49
    • @verdaccio/config@6.0.0-6-next.49
    • @verdaccio/auth@6.0.0-6-next.28
    • @verdaccio/logger@6.0.0-6-next.17
    • @verdaccio/middleware@6.0.0-6-next.28
    • @verdaccio/utils@6.0.0-6-next.17

6.0.0-6-next.31

Major Changes

Minor Changes

  • 62c24b63: feat: add passwordValidationRegex property

Patch Changes

  • 43f32687: fix: abbreviated headers handle quality values
  • Updated dependencies [43f32687]
  • Updated dependencies [9fc2e796]
  • Updated dependencies [62c24b63]
    • @verdaccio/core@6.0.0-6-next.48
    • @verdaccio/store@6.0.0-6-next.28
    • @verdaccio/auth@6.0.0-6-next.27
    • @verdaccio/config@6.0.0-6-next.48
    • @verdaccio/utils@6.0.0-6-next.16
    • @verdaccio/logger@6.0.0-6-next.16
    • @verdaccio/middleware@6.0.0-6-next.27

6.0.0-6-next.30

Patch Changes

  • @verdaccio/core@6.0.0-6-next.47
  • @verdaccio/config@6.0.0-6-next.47
  • @verdaccio/auth@6.0.0-6-next.26
  • @verdaccio/logger@6.0.0-6-next.15
  • @verdaccio/middleware@6.0.0-6-next.26
  • @verdaccio/store@6.0.0-6-next.27
  • @verdaccio/utils@6.0.0-6-next.15

6.0.0-6-next.29

Patch Changes

  • b849128d: fix: handle upload scoped tarball
  • Updated dependencies [b849128d]
    • @verdaccio/core@6.0.0-6-next.8
    • @verdaccio/store@6.0.0-6-next.26
    • @verdaccio/auth@6.0.0-6-next.25
    • @verdaccio/config@6.0.0-6-next.17
    • @verdaccio/logger@6.0.0-6-next.14
    • @verdaccio/middleware@6.0.0-6-next.25
    • @verdaccio/utils@6.0.0-6-next.14

6.0.0-6-next.28

Patch Changes

  • 351aeeaa: fix(deps): @verdaccio/utils should be a prod dep of local-storage
  • Updated dependencies [351aeeaa]
    • @verdaccio/auth@6.0.0-6-next.24
    • @verdaccio/core@6.0.0-6-next.7
    • @verdaccio/logger@6.0.0-6-next.13
    • @verdaccio/store@6.0.0-6-next.25
    • @verdaccio/middleware@6.0.0-6-next.24
    • @verdaccio/config@6.0.0-6-next.16
    • @verdaccio/utils@6.0.0-6-next.13

6.0.0-6-next.27

Minor Changes

Patch Changes

  • Updated dependencies [37274e4c]
    • @verdaccio/store@6.0.0-6-next.24
    • @verdaccio/auth@6.0.0-6-next.23
    • @verdaccio/core@6.0.0-6-next.6
    • @verdaccio/logger@6.0.0-6-next.12

6.0.0-6-next.26

Major Changes

  • 292c0a37: feat!: replace deprecated request dependency by got

    This is a big refactoring of the core, fetching dependencies, improve code, more tests and better stability. This is essential for the next release, will take some time but would allow modularize more the core.

    Notes

    • Remove deprecated request by other got, retry improved, custom Agent ( got does not include it built-in)
    • Remove async dependency from storage (used by core) it was linked with proxy somehow safe to remove now
    • Refactor with promises instead callback wherever is possible
    • Document the API
    • Improve testing, integration tests
    • Bugfix
    • Clean up old validations
    • Improve performance

    💥 Breaking changes

    • Plugin API methods were callbacks based are returning promises, this will break current storage plugins, check documentation for upgrade.
    • Write Tarball, Read Tarball methods parameters change, a new set of options like AbortController signals are being provided to the addAbortSignal can be internally used with Streams when a request is aborted. eg: addAbortSignal(signal, fs.createReadStream(pathName));
    • @verdaccio/streams stream abort support is legacy is being deprecated removed
    • Remove AWS and Google Cloud packages for future refactoring #2574.

Minor Changes

  • 00d1d2a1: chore: env variable for launch fastify

    • Update fastify to major release v4.3.0
    • Update CLI launcher

    via CLI

    VERDACCIO_SERVER=fastify verdaccio
    

    with docker

    docker run -it --rm --name verdaccio \
      -e "VERDACCIO_SERVER=8080" -p 8080:8080 \
      -e "VERDACCIO_SERVER=fastify" \
      verdaccio/verdaccio
    

Patch Changes

  • Updated dependencies [292c0a37]
  • Updated dependencies [a3a209b5]
  • Updated dependencies [00d1d2a1]
    • @verdaccio/auth@6.0.0-6-next.23
    • @verdaccio/config@6.0.0-6-next.15
    • @verdaccio/core@6.0.0-6-next.6
    • @verdaccio/logger@6.0.0-6-next.12
    • @verdaccio/middleware@6.0.0-6-next.23
    • @verdaccio/store@6.0.0-6-next.23
    • @verdaccio/utils@6.0.0-6-next.12

6.0.0-6-next.25

Patch Changes

  • Updated dependencies [d43894e8]
  • Updated dependencies [d08fe29d]
    • @verdaccio/config@6.0.0-6-next.14
    • @verdaccio/auth@6.0.0-6-next.22
    • @verdaccio/hooks@6.0.0-6-next.13
    • @verdaccio/store@6.0.0-6-next.22
    • @verdaccio/core@6.0.0-6-next.5
    • @verdaccio/logger@6.0.0-6-next.11
    • @verdaccio/middleware@6.0.0-6-next.22

6.0.0-6-next.24

Major Changes

  • 82cb0f2b: feat!: config.logs throw an error, logging config not longer accept array or logs property

    💥 Breaking change

    This is valid

    log: { type: stdout, format: pretty, level: http }
    

    This is invalid

    logs: { type: stdout, format: pretty, level: http }
    

    or

    logs:
      - [{ type: stdout, format: pretty, level: http }]
    

Minor Changes

  • 5167bb52: feat: ui search support for remote, local and private packages

    The command npm search search globally and return all matches, with this improvement the user interface is powered with the same capabilities.

    The UI also tag where is the origin the package with a tag, also provide the latest version and description of the package.

Patch Changes

  • Updated dependencies [82cb0f2b]
  • Updated dependencies [5167bb52]
    • @verdaccio/config@6.0.0-6-next.13
    • @verdaccio/core@6.0.0-6-next.5
    • @verdaccio/logger@6.0.0-6-next.11
    • @verdaccio/store@6.0.0-6-next.21
    • @verdaccio/auth@6.0.0-6-next.21
    • @verdaccio/hooks@6.0.0-6-next.13
    • @verdaccio/middleware@6.0.0-6-next.21
    • @verdaccio/utils@6.0.0-6-next.11

6.0.0-6-next.23

Patch Changes

  • @verdaccio/auth@6.0.0-6-next.20
  • @verdaccio/store@6.0.0-6-next.20
  • @verdaccio/hooks@6.0.0-6-next.12
  • @verdaccio/middleware@6.0.0-6-next.20

6.0.0-6-next.22

Patch Changes

  • Updated dependencies [aeff267d]
    • @verdaccio/auth@6.0.0-6-next.19
    • @verdaccio/hooks@6.0.0-6-next.12
    • @verdaccio/middleware@6.0.0-6-next.19

6.0.0-6-next.21

Patch Changes

  • Updated dependencies [b78f3525]
    • @verdaccio/logger@6.0.0-6-next.10
    • @verdaccio/auth@6.0.0-6-next.18
    • @verdaccio/hooks@6.0.0-6-next.12
    • @verdaccio/middleware@6.0.0-6-next.18
    • @verdaccio/store@6.0.0-6-next.19

6.0.0-6-next.20

Patch Changes

  • Updated dependencies [730b5d8c]
    • @verdaccio/logger@6.0.0-6-next.9
    • @verdaccio/auth@6.0.0-6-next.17
    • @verdaccio/hooks@6.0.0-6-next.11
    • @verdaccio/middleware@6.0.0-6-next.17
    • @verdaccio/store@6.0.0-6-next.18

6.0.0-6-next.19

Major Changes

  • a828271d: refactor: download manifest endpoint and integrate fastify

    Much simpler API for fetching a package

     const manifest = await storage.getPackageNext({
          name,
          uplinksLook: true,
          req,
          version: queryVersion,
          requestOptions,
     });
    

    not perfect, the req still is being passed to the proxy (this has to be refactored at proxy package) and then removed from here, in proxy we pass the request instance to the request library.

    Details

    • async/await sugar for getPackage()
    • Improve and reuse code between current implementation and new fastify endpoint (add scaffolding for request manifest)
    • Improve performance
    • Add new tests

    Breaking changes

    All storage plugins will stop to work since the storage uses getPackageNext method which is Promise based, I won't replace this now because will force me to update all plugins, I'll follow up in another PR. Currently will throw http 500

Minor Changes

  • 24b9be02: refactor: improve docker image build with strict dependencies and prod build
  • b13a3fef: refactor: improve versions and dist-tag filters

Patch Changes

  • Updated dependencies [a828271d]
  • Updated dependencies [24b9be02]
  • Updated dependencies [e75c0a3b]
  • Updated dependencies [b13a3fef]
    • @verdaccio/store@6.0.0-6-next.17
    • @verdaccio/utils@6.0.0-6-next.10
    • @verdaccio/core@6.0.0-6-next.4
    • @verdaccio/middleware@6.0.0-6-next.16
    • @verdaccio/logger@6.0.0-6-next.8
    • @verdaccio/auth@6.0.0-6-next.16
    • @verdaccio/config@6.0.0-6-next.12
    • @verdaccio/hooks@6.0.0-6-next.10

6.0.0-6-next.18

Patch Changes

  • Updated dependencies [f86c31ed]
  • Updated dependencies [20c9e43e]
    • @verdaccio/store@6.0.0-6-next.16
    • @verdaccio/utils@6.0.0-6-next.9
    • @verdaccio/auth@6.0.0-6-next.15
    • @verdaccio/config@6.0.0-6-next.11
    • @verdaccio/tarball@11.0.0-6-next.10
    • @verdaccio/middleware@6.0.0-6-next.15
    • @verdaccio/hooks@6.0.0-6-next.9

6.0.0-6-next.17

Patch Changes

  • Updated dependencies [6c1eb021]
    • @verdaccio/core@6.0.0-6-next.3
    • @verdaccio/logger@6.0.0-6-next.7
    • @verdaccio/auth@6.0.0-6-next.14
    • @verdaccio/config@6.0.0-6-next.10
    • @verdaccio/tarball@11.0.0-6-next.9
    • @verdaccio/hooks@6.0.0-6-next.9
    • @verdaccio/middleware@6.0.0-6-next.14
    • @verdaccio/store@6.0.0-6-next.15
    • @verdaccio/utils@6.0.0-6-next.8

6.0.0-6-next.16

Major Changes

  • 794af76c: Remove Node 12 support

    • We need move to the new undici and does not support Node.js 12

Minor Changes

  • b702ea36: abort search request support for proxy
  • 154b2ecd: refactor: remove @verdaccio/commons-api in favor @verdaccio/core and remove duplications

Patch Changes

  • Updated dependencies [794af76c]
  • Updated dependencies [b702ea36]
  • Updated dependencies [154b2ecd]
    • @verdaccio/auth@6.0.0-6-next.13
    • @verdaccio/config@6.0.0-6-next.9
    • @verdaccio/core@6.0.0-6-next.2
    • @verdaccio/tarball@11.0.0-6-next.8
    • @verdaccio/hooks@6.0.0-6-next.8
    • @verdaccio/logger@6.0.0-6-next.6
    • @verdaccio/middleware@6.0.0-6-next.13
    • @verdaccio/store@6.0.0-6-next.14
    • @verdaccio/utils@6.0.0-6-next.7

6.0.0-6-next.15

Patch Changes

  • Updated dependencies [2c594910]
    • @verdaccio/logger@6.0.0-6-next.5
    • @verdaccio/auth@6.0.0-6-next.12
    • @verdaccio/hooks@6.0.0-6-next.7
    • @verdaccio/middleware@6.0.0-6-next.12
    • @verdaccio/store@6.0.0-6-next.13

6.0.0-6-next.14

Major Changes

  • 459b6fa7: refactor: search v1 endpoint and local-database

    • refactor search api v1 endpoint, improve performance
    • remove usage of async dependency https://github.com/verdaccio/verdaccio/issues/1225
    • refactor method storage class
    • create new module core to reduce the ammount of modules with utilities
    • use undici instead node-fetch
    • use fastify instead express for functional test

    Breaking changes

    • plugin storage API changes
    • remove old search endpoint (return 404)
    • filter local private packages at plugin level

    The storage api changes for methods get, add, remove as promise base. The search methods also changes and recieves a query object that contains all query params from the client.

    export interface IPluginStorage<T> extends IPlugin {
      add(name: string): Promise<void>;
      remove(name: string): Promise<void>;
      get(): Promise<any>;
      init(): Promise<void>;
      getSecret(): Promise<string>;
      setSecret(secret: string): Promise<any>;
      getPackageStorage(packageInfo: string): IPackageStorage;
      search(query: searchUtils.SearchQuery): Promise<searchUtils.SearchItem[]>;
      saveToken(token: Token): Promise<any>;
      deleteToken(user: string, tokenKey: string): Promise<any>;
      readTokens(filter: TokenFilter): Promise<Token[]>;
    }
    

Patch Changes

  • Updated dependencies [459b6fa7]
    • @verdaccio/auth@6.0.0-6-next.11
    • @verdaccio/config@6.0.0-6-next.8
    • @verdaccio/commons-api@11.0.0-6-next.4
    • @verdaccio/core@6.0.0-6-next.1
    • @verdaccio/hooks@6.0.0-6-next.6
    • @verdaccio/store@6.0.0-6-next.12
    • @verdaccio/utils@6.0.0-6-next.6
    • @verdaccio/middleware@6.0.0-6-next.11
    • @verdaccio/tarball@11.0.0-6-next.7
    • @verdaccio/logger@6.0.0-6-next.4

6.0.0-6-next.13

Patch Changes

  • Updated dependencies [df0da3d6]
    • @verdaccio/hooks@6.0.0-6-next.5
    • @verdaccio/auth@6.0.0-6-next.10
    • @verdaccio/store@6.0.0-6-next.11
    • @verdaccio/middleware@6.0.0-6-next.10

6.0.0-6-next.12

Patch Changes

  • Updated dependencies [d2c65da9]
    • @verdaccio/utils@6.0.0-6-next.5
    • @verdaccio/auth@6.0.0-6-next.9
    • @verdaccio/config@6.0.0-6-next.7
    • @verdaccio/tarball@11.0.0-6-next.6
    • @verdaccio/middleware@6.0.0-6-next.9
    • @verdaccio/store@6.0.0-6-next.10
    • @verdaccio/hooks@6.0.0-6-next.4

6.0.0-6-next.11

Patch Changes

  • Updated dependencies [5ddfa526]
    • @verdaccio/store@6.0.0-6-next.9

6.0.0-6-next.10

Patch Changes

  • Updated dependencies [1b217fd3]
    • @verdaccio/config@6.0.0-6-next.6
    • @verdaccio/auth@6.0.0-6-next.8
    • @verdaccio/hooks@6.0.0-6-next.4
    • @verdaccio/store@6.0.0-6-next.8
    • @verdaccio/middleware@6.0.0-6-next.8

6.0.0-6-next.9

Patch Changes

  • Updated dependencies [1810ed0d]
  • Updated dependencies [648575aa]
    • @verdaccio/config@6.0.0-6-next.5
    • @verdaccio/tarball@11.0.0-6-next.5
    • @verdaccio/utils@6.0.0-6-next.4
    • @verdaccio/auth@6.0.0-6-next.7
    • @verdaccio/hooks@6.0.0-6-next.4
    • @verdaccio/store@6.0.0-6-next.7
    • @verdaccio/middleware@6.0.0-6-next.7

6.0.0-6-next.8

Patch Changes

  • Updated dependencies [5c5057fc]
    • @verdaccio/config@6.0.0-6-next.4
    • @verdaccio/logger@6.0.0-6-next.4
    • @verdaccio/auth@6.0.0-6-next.6
    • @verdaccio/hooks@6.0.0-6-next.4
    • @verdaccio/store@6.0.0-6-next.6
    • @verdaccio/tarball@11.0.0-6-next.4
    • @verdaccio/middleware@6.0.0-6-next.6

6.0.0-6-next.7

Patch Changes

  • Updated dependencies [cb2281a5]
    • @verdaccio/store@6.0.0-6-next.5
    • @verdaccio/tarball@11.0.0-6-next.4

5.0.0-alpha.6

Patch Changes

  • @verdaccio/auth@5.0.0-alpha.5
  • @verdaccio/hooks@5.0.0-alpha.3
  • @verdaccio/middleware@5.0.0-alpha.5

5.0.0-alpha.5

Patch Changes

  • Updated dependencies [f8a50baa]
    • @verdaccio/auth@5.0.0-alpha.4
    • @verdaccio/hooks@5.0.0-alpha.3
    • @verdaccio/middleware@5.0.0-alpha.4

5.0.0-alpha.4

Patch Changes

  • fecbb9be: chore: add release step to private regisry on merge changeset pr
  • Updated dependencies [fecbb9be]
    • @verdaccio/auth@5.0.0-alpha.3
    • @verdaccio/config@5.0.0-alpha.3
    • @verdaccio/commons-api@10.0.0-alpha.3
    • @verdaccio/hooks@5.0.0-alpha.3
    • @verdaccio/logger@5.0.0-alpha.3
    • @verdaccio/middleware@5.0.0-alpha.3
    • @verdaccio/store@5.0.0-alpha.4
    • @verdaccio/utils@5.0.0-alpha.3

5.0.0-alpha.3

Minor Changes

  • 54c58d1e: feat: add server rate limit protection to all request

    To modify custom values, use the server settings property.

    server:
    
    ## https://www.npmjs.com/package/express-rate-limit#configuration-options
    
    rateLimit:
    windowMs: 1000
    max: 10000
    

    The values are intended to be high, if you want to improve security of your server consider using different values.

Patch Changes

  • Updated dependencies [54c58d1e]
    • @verdaccio/auth@5.0.0-alpha.2
    • @verdaccio/config@5.0.0-alpha.2
    • @verdaccio/commons-api@10.0.0-alpha.2
    • @verdaccio/hooks@5.0.0-alpha.2
    • @verdaccio/logger@5.0.0-alpha.2
    • @verdaccio/middleware@5.0.0-alpha.2
    • @verdaccio/store@5.0.0-alpha.3
    • @verdaccio/utils@5.0.0-alpha.2

5.0.0-alpha.2

Minor Changes

  • 2a327c4b: feat: remove level dependency by lowdb for npm token cli as storage

    new npm token database

    There will be a new database located in your storage named .token-db.json which will store all references to created tokens, it does not store tokens, just mask of them and related metadata required to reference them.

    Breaking change

    If you were relying on npm token experiment. This PR will replace the used database (level) by a json plain based one (lowbd) which does not require Node.js C++ compilation step and has less dependencies. Since was a experiment there is no migration step.

Patch Changes

  • @verdaccio/store@5.0.0-alpha.2

5.0.0-alpha.1

Major Changes

  • d87fa026: feat!: experiments config renamed to flags

    • The experiments configuration is renamed to flags. The functionality is exactly the same.
    flags: token: false;
    search: false;
    
    • The self_path property from the config file is being removed in favor of config_file full path.
    • Refactor config module, better types and utilities
  • da1ee9c8: - Replace signature handler for legacy tokens by removing deprecated crypto.createDecipher by createCipheriv

    • Introduce environment variables for legacy tokens

    Code Improvements

    • Add debug library for improve developer experience

    Breaking change

    • The new signature invalidates all previous tokens generated by Verdaccio 4 or previous versions.
    • The secret key must have 32 characters long.

    New environment variables

    • VERDACCIO_LEGACY_ALGORITHM: Allows to define the specific algorithm for the token signature which by default is aes-256-ctr
    • VERDACCIO_LEGACY_ENCRYPTION_KEY: By default, the token stores in the database, but using this variable allows to get it from memory

Minor Changes

Patch Changes

  • b57b4338: Enable prerelease mode with changesets

  • 42dfed78: testing changesets

  • 31af0164: ESLint Warnings Fixed

    Related to issue #1461

    • max-len: most of the sensible max-len errors are fixed
    • no-unused-vars: most of these types of errors are fixed by deleting not needed declarations
    • @typescript-eslint/no-unused-vars: same as above
  • Updated dependencies [d87fa026]

  • Updated dependencies [42024c34]

  • Updated dependencies [da1ee9c8]

  • Updated dependencies [ae52ba35]

  • Updated dependencies [26b494cb]

  • Updated dependencies [b57b4338]

  • Updated dependencies [add778d5]

  • Updated dependencies [31af0164]

    • @verdaccio/auth@5.0.0-alpha.1
    • @verdaccio/config@5.0.0-alpha.1
    • @verdaccio/commons-api@10.0.0-alpha.1
    • @verdaccio/hooks@5.0.0-alpha.1
    • @verdaccio/logger@5.0.0-alpha.1
    • @verdaccio/middleware@5.0.0-alpha.1
    • @verdaccio/store@5.0.0-alpha.1
    • @verdaccio/utils@5.0.0-alpha.1

5.0.0-alpha.1

Major Changes

  • d87fa0268: feat!: experiments config renamed to flags

    • The experiments configuration is renamed to flags. The functionality is exactly the same.
    flags: token: false;
    search: false;
    
    • The self_path property from the config file is being removed in favor of config_file full path.
    • Refactor config module, better types and utilities
  • da1ee9c82: - Replace signature handler for legacy tokens by removing deprecated crypto.createDecipher by createCipheriv

    • Introduce environment variables for legacy tokens

    Code Improvements

    • Add debug library for improve developer experience

    Breaking change

    • The new signature invalidates all previous tokens generated by Verdaccio 4 or previous versions.
    • The secret key must have 32 characters long.

    New environment variables

    • VERDACCIO_LEGACY_ALGORITHM: Allows to define the specific algorithm for the token signature which by default is aes-256-ctr
    • VERDACCIO_LEGACY_ENCRYPTION_KEY: By default, the token stores in the database, but using this variable allows to get it from memory

Minor Changes

Patch Changes

  • b57b43388: Enable prerelease mode with changesets

  • 42dfed785: testing changesets

  • 31af01641: ESLint Warnings Fixed

    Related to issue #1461

    • max-len: most of the sensible max-len errors are fixed
    • no-unused-vars: most of these types of errors are fixed by deleting not needed declarations
    • @typescript-eslint/no-unused-vars: same as above
  • Updated dependencies [d87fa0268]

  • Updated dependencies [42024c346]

  • Updated dependencies [da1ee9c82]

  • Updated dependencies [ae52ba352]

  • Updated dependencies [26b494cbd]

  • Updated dependencies [b57b43388]

  • Updated dependencies [add778d55]

  • Updated dependencies [31af01641]

    • @verdaccio/auth@5.0.0-alpha.1
    • @verdaccio/config@5.0.0-alpha.1
    • @verdaccio/commons-api@10.0.0-alpha.0
    • @verdaccio/hooks@5.0.0-alpha.1
    • @verdaccio/logger@5.0.0-alpha.1
    • @verdaccio/middleware@5.0.0-alpha.1
    • @verdaccio/store@5.0.0-alpha.1
    • @verdaccio/utils@5.0.0-alpha.1