mirror of
https://github.com/verdaccio/verdaccio.git
synced 2024-12-16 21:56:25 -05:00
61bbede301
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
410 lines
12 KiB
Markdown
410 lines
12 KiB
Markdown
# @verdaccio/auth
|
|
|
|
## 6.0.0-6-next.19
|
|
|
|
### Patch Changes
|
|
|
|
- aeff267d: Refactor htpasswd plugin to use the bcryptjs 'compare' api call instead of 'comparSync'. Add a new configuration value named 'slow_verify_ms' to the htpasswd plugin that when exceeded during password verification will log a warning message.
|
|
- Updated dependencies [aeff267d]
|
|
- verdaccio-htpasswd@11.0.0-6-next.12
|
|
|
|
## 6.0.0-6-next.18
|
|
|
|
### Patch Changes
|
|
|
|
- Updated dependencies [b78f3525]
|
|
- @verdaccio/logger@6.0.0-6-next.10
|
|
- @verdaccio/loaders@6.0.0-6-next.10
|
|
|
|
## 6.0.0-6-next.17
|
|
|
|
### Patch Changes
|
|
|
|
- Updated dependencies [730b5d8c]
|
|
- @verdaccio/logger@6.0.0-6-next.9
|
|
- @verdaccio/loaders@6.0.0-6-next.9
|
|
|
|
## 6.0.0-6-next.16
|
|
|
|
### Patch Changes
|
|
|
|
- Updated dependencies [a828271d]
|
|
- Updated dependencies [24b9be02]
|
|
- Updated dependencies [e75c0a3b]
|
|
- Updated dependencies [b13a3fef]
|
|
- @verdaccio/utils@6.0.0-6-next.10
|
|
- @verdaccio/core@6.0.0-6-next.4
|
|
- @verdaccio/logger@6.0.0-6-next.8
|
|
- @verdaccio/config@6.0.0-6-next.12
|
|
- @verdaccio/loaders@6.0.0-6-next.8
|
|
- verdaccio-htpasswd@11.0.0-6-next.11
|
|
|
|
## 6.0.0-6-next.15
|
|
|
|
### Minor Changes
|
|
|
|
- 20c9e43e: dist tags Implementation on Fastify
|
|
|
|
### Patch Changes
|
|
|
|
- Updated dependencies [f86c31ed]
|
|
- @verdaccio/utils@6.0.0-6-next.9
|
|
- @verdaccio/config@6.0.0-6-next.11
|
|
- @verdaccio/loaders@6.0.0-6-next.7
|
|
|
|
## 6.0.0-6-next.14
|
|
|
|
### Patch Changes
|
|
|
|
- Updated dependencies [6c1eb021]
|
|
- @verdaccio/core@6.0.0-6-next.3
|
|
- @verdaccio/logger@6.0.0-6-next.7
|
|
- @verdaccio/config@6.0.0-6-next.10
|
|
- @verdaccio/loaders@6.0.0-6-next.7
|
|
- verdaccio-htpasswd@11.0.0-6-next.10
|
|
- @verdaccio/utils@6.0.0-6-next.8
|
|
|
|
## 6.0.0-6-next.13
|
|
|
|
### Major Changes
|
|
|
|
- 794af76c: Remove Node 12 support
|
|
|
|
- We need move to the new `undici` and does not support Node.js 12
|
|
|
|
### Minor Changes
|
|
|
|
- 154b2ecd: refactor: remove @verdaccio/commons-api in favor @verdaccio/core and remove duplications
|
|
|
|
### Patch Changes
|
|
|
|
- Updated dependencies [794af76c]
|
|
- Updated dependencies [154b2ecd]
|
|
- @verdaccio/config@6.0.0-6-next.9
|
|
- @verdaccio/core@6.0.0-6-next.2
|
|
- verdaccio-htpasswd@11.0.0-6-next.9
|
|
- @verdaccio/loaders@6.0.0-6-next.6
|
|
- @verdaccio/logger@6.0.0-6-next.6
|
|
- @verdaccio/utils@6.0.0-6-next.7
|
|
|
|
## 6.0.0-6-next.12
|
|
|
|
### Patch Changes
|
|
|
|
- Updated dependencies [2c594910]
|
|
- @verdaccio/logger@6.0.0-6-next.5
|
|
- @verdaccio/loaders@6.0.0-6-next.5
|
|
|
|
## 6.0.0-6-next.11
|
|
|
|
### Major Changes
|
|
|
|
- 459b6fa7: refactor: search v1 endpoint and local-database
|
|
|
|
- refactor search `api v1` endpoint, improve performance
|
|
- remove usage of `async` dependency https://github.com/verdaccio/verdaccio/issues/1225
|
|
- refactor method storage class
|
|
- create new module `core` to reduce the ammount of modules with utilities
|
|
- use `undici` instead `node-fetch`
|
|
- use `fastify` instead `express` for functional test
|
|
|
|
### Breaking changes
|
|
|
|
- plugin storage API changes
|
|
- remove old search endpoint (return 404)
|
|
- filter local private packages at plugin level
|
|
|
|
The storage api changes for methods `get`, `add`, `remove` as promise base. The `search` methods also changes and recieves a `query` object that contains all query params from the client.
|
|
|
|
```ts
|
|
export interface IPluginStorage<T> extends IPlugin {
|
|
add(name: string): Promise<void>;
|
|
remove(name: string): Promise<void>;
|
|
get(): Promise<any>;
|
|
init(): Promise<void>;
|
|
getSecret(): Promise<string>;
|
|
setSecret(secret: string): Promise<any>;
|
|
getPackageStorage(packageInfo: string): IPackageStorage;
|
|
search(query: searchUtils.SearchQuery): Promise<searchUtils.SearchItem[]>;
|
|
saveToken(token: Token): Promise<any>;
|
|
deleteToken(user: string, tokenKey: string): Promise<any>;
|
|
readTokens(filter: TokenFilter): Promise<Token[]>;
|
|
}
|
|
```
|
|
|
|
### Patch Changes
|
|
|
|
- Updated dependencies [459b6fa7]
|
|
- @verdaccio/config@6.0.0-6-next.8
|
|
- @verdaccio/commons-api@11.0.0-6-next.4
|
|
- @verdaccio/utils@6.0.0-6-next.6
|
|
- @verdaccio/loaders@6.0.0-6-next.4
|
|
- verdaccio-htpasswd@11.0.0-6-next.8
|
|
- @verdaccio/logger@6.0.0-6-next.4
|
|
|
|
## 6.0.0-6-next.10
|
|
|
|
### Patch Changes
|
|
|
|
- Updated dependencies [df0da3d6]
|
|
- verdaccio-htpasswd@11.0.0-6-next.7
|
|
- @verdaccio/loaders@6.0.0-6-next.4
|
|
|
|
## 6.0.0-6-next.9
|
|
|
|
### Patch Changes
|
|
|
|
- Updated dependencies [d2c65da9]
|
|
- @verdaccio/utils@6.0.0-6-next.5
|
|
- @verdaccio/config@6.0.0-6-next.7
|
|
- @verdaccio/loaders@6.0.0-6-next.4
|
|
|
|
## 6.0.0-6-next.8
|
|
|
|
### Patch Changes
|
|
|
|
- Updated dependencies [1b217fd3]
|
|
- @verdaccio/config@6.0.0-6-next.6
|
|
- @verdaccio/loaders@6.0.0-6-next.4
|
|
|
|
## 6.0.0-6-next.7
|
|
|
|
### Patch Changes
|
|
|
|
- Updated dependencies [1810ed0d]
|
|
- Updated dependencies [648575aa]
|
|
- @verdaccio/config@6.0.0-6-next.5
|
|
- @verdaccio/utils@6.0.0-6-next.4
|
|
- @verdaccio/loaders@6.0.0-6-next.4
|
|
|
|
## 6.0.0-6-next.6
|
|
|
|
### Patch Changes
|
|
|
|
- Updated dependencies [5c5057fc]
|
|
- @verdaccio/config@6.0.0-6-next.4
|
|
- @verdaccio/logger@6.0.0-6-next.4
|
|
- @verdaccio/auth@6.0.0-6-next.6
|
|
- @verdaccio/loaders@6.0.0-6-next.4
|
|
- verdaccio-htpasswd@11.0.0-alpha.6
|
|
|
|
## 5.0.0-alpha.5
|
|
|
|
### Patch Changes
|
|
|
|
- Updated dependencies [174cdcaa]
|
|
- verdaccio-htpasswd@10.0.0-alpha.6
|
|
- @verdaccio/auth@5.0.0-alpha.5
|
|
|
|
## 5.0.0-alpha.4
|
|
|
|
### Major Changes
|
|
|
|
- f8a50baa: feat: standalone registry with no dependencies
|
|
|
|
## Usage
|
|
|
|
To install a server with no dependencies
|
|
|
|
```bash
|
|
npm install -g @verdaccio/standalone
|
|
```
|
|
|
|
with no internet required
|
|
|
|
```bash
|
|
npm install -g ./tarball.tar.gz
|
|
```
|
|
|
|
Bundles htpasswd and audit plugins.
|
|
|
|
### Breaking Change
|
|
|
|
It does not allow anymore the `auth` and `middleware` property at config file empty,
|
|
it will fallback to those plugins by default.
|
|
|
|
### Patch Changes
|
|
|
|
- Updated dependencies [f8a50baa]
|
|
- @verdaccio/auth@5.0.0-alpha.4
|
|
- verdaccio-htpasswd@10.0.0-alpha.5
|
|
|
|
## 5.0.0-alpha.3
|
|
|
|
### Patch Changes
|
|
|
|
- fecbb9be: chore: add release step to private regisry on merge changeset pr
|
|
- Updated dependencies [fecbb9be]
|
|
- @verdaccio/auth@5.0.0-alpha.3
|
|
- @verdaccio/config@5.0.0-alpha.3
|
|
- @verdaccio/commons-api@10.0.0-alpha.3
|
|
- @verdaccio/loaders@5.0.0-alpha.3
|
|
- @verdaccio/logger@5.0.0-alpha.3
|
|
- @verdaccio/utils@5.0.0-alpha.3
|
|
|
|
## 5.0.0-alpha.2
|
|
|
|
### Minor Changes
|
|
|
|
- 54c58d1e: feat: add server rate limit protection to all request
|
|
|
|
To modify custom values, use the server settings property.
|
|
|
|
```markdown
|
|
server:
|
|
|
|
## https://www.npmjs.com/package/express-rate-limit#configuration-options
|
|
|
|
rateLimit:
|
|
windowMs: 1000
|
|
max: 10000
|
|
```
|
|
|
|
The values are intended to be high, if you want to improve security of your server consider
|
|
using different values.
|
|
|
|
### Patch Changes
|
|
|
|
- Updated dependencies [54c58d1e]
|
|
- @verdaccio/auth@5.0.0-alpha.2
|
|
- @verdaccio/config@5.0.0-alpha.2
|
|
- @verdaccio/commons-api@10.0.0-alpha.2
|
|
- @verdaccio/loaders@5.0.0-alpha.2
|
|
- @verdaccio/logger@5.0.0-alpha.2
|
|
- @verdaccio/utils@5.0.0-alpha.2
|
|
|
|
## 5.0.0-alpha.1
|
|
|
|
### Major Changes
|
|
|
|
- d87fa026: feat!: experiments config renamed to flags
|
|
|
|
- The `experiments` configuration is renamed to `flags`. The functionality is exactly the same.
|
|
|
|
```js
|
|
flags: token: false;
|
|
search: false;
|
|
```
|
|
|
|
- The `self_path` property from the config file is being removed in favor of `config_file` full path.
|
|
- Refactor `config` module, better types and utilities
|
|
|
|
- da1ee9c8: - Replace signature handler for legacy tokens by removing deprecated crypto.createDecipher by createCipheriv
|
|
|
|
- Introduce environment variables for legacy tokens
|
|
|
|
### Code Improvements
|
|
|
|
- Add debug library for improve developer experience
|
|
|
|
### Breaking change
|
|
|
|
- The new signature invalidates all previous tokens generated by Verdaccio 4 or previous versions.
|
|
- The secret key must have 32 characters long.
|
|
|
|
### New environment variables
|
|
|
|
- `VERDACCIO_LEGACY_ALGORITHM`: Allows to define the specific algorithm for the token signature which by default is `aes-256-ctr`
|
|
- `VERDACCIO_LEGACY_ENCRYPTION_KEY`: By default, the token stores in the database, but using this variable allows to get it from memory
|
|
|
|
### Minor Changes
|
|
|
|
- 26b494cb: feat: add typescript project references settings
|
|
|
|
Reading https://ebaytech.berlin/optimizing-multi-package-apps-with-typescript-project-references-d5c57a3b4440 I realized I can use project references to solve the issue to pre-compile modules on develop mode.
|
|
|
|
It allows to navigate (IDE) trough the packages without need compile the packages.
|
|
|
|
Add two `tsconfig`, one using the previous existing configuration that is able to produce declaration files (`tsconfig.build`) and a new one `tsconfig` which is enables [_projects references_](https://www.typescriptlang.org/docs/handbook/project-references.html).
|
|
|
|
### Patch Changes
|
|
|
|
- b57b4338: Enable prerelease mode with **changesets**
|
|
- 31af0164: ESLint Warnings Fixed
|
|
|
|
Related to issue #1461
|
|
|
|
- max-len: most of the sensible max-len errors are fixed
|
|
- no-unused-vars: most of these types of errors are fixed by deleting not needed declarations
|
|
- @typescript-eslint/no-unused-vars: same as above
|
|
|
|
- Updated dependencies [d87fa026]
|
|
- Updated dependencies [da1ee9c8]
|
|
- Updated dependencies [26b494cb]
|
|
- Updated dependencies [b57b4338]
|
|
- Updated dependencies [add778d5]
|
|
- Updated dependencies [31af0164]
|
|
- @verdaccio/auth@5.0.0-alpha.1
|
|
- @verdaccio/config@5.0.0-alpha.1
|
|
- @verdaccio/commons-api@10.0.0-alpha.1
|
|
- @verdaccio/loaders@5.0.0-alpha.1
|
|
- @verdaccio/logger@5.0.0-alpha.1
|
|
- @verdaccio/utils@5.0.0-alpha.1
|
|
|
|
## 5.0.0-alpha.1
|
|
|
|
### Major Changes
|
|
|
|
- d87fa0268: feat!: experiments config renamed to flags
|
|
|
|
- The `experiments` configuration is renamed to `flags`. The functionality is exactly the same.
|
|
|
|
```js
|
|
flags: token: false;
|
|
search: false;
|
|
```
|
|
|
|
- The `self_path` property from the config file is being removed in favor of `config_file` full path.
|
|
- Refactor `config` module, better types and utilities
|
|
|
|
- da1ee9c82: - Replace signature handler for legacy tokens by removing deprecated crypto.createDecipher by createCipheriv
|
|
|
|
- Introduce environment variables for legacy tokens
|
|
|
|
### Code Improvements
|
|
|
|
- Add debug library for improve developer experience
|
|
|
|
### Breaking change
|
|
|
|
- The new signature invalidates all previous tokens generated by Verdaccio 4 or previous versions.
|
|
- The secret key must have 32 characters long.
|
|
|
|
### New environment variables
|
|
|
|
- `VERDACCIO_LEGACY_ALGORITHM`: Allows to define the specific algorithm for the token signature which by default is `aes-256-ctr`
|
|
- `VERDACCIO_LEGACY_ENCRYPTION_KEY`: By default, the token stores in the database, but using this variable allows to get it from memory
|
|
|
|
### Minor Changes
|
|
|
|
- 26b494cbd: feat: add typescript project references settings
|
|
|
|
Reading https://ebaytech.berlin/optimizing-multi-package-apps-with-typescript-project-references-d5c57a3b4440 I realized I can use project references to solve the issue to pre-compile modules on develop mode.
|
|
|
|
It allows to navigate (IDE) trough the packages without need compile the packages.
|
|
|
|
Add two `tsconfig`, one using the previous existing configuration that is able to produce declaration files (`tsconfig.build`) and a new one `tsconfig` which is enables [_projects references_](https://www.typescriptlang.org/docs/handbook/project-references.html).
|
|
|
|
### Patch Changes
|
|
|
|
- b57b43388: Enable prerelease mode with **changesets**
|
|
- 31af01641: ESLint Warnings Fixed
|
|
|
|
Related to issue #1461
|
|
|
|
- max-len: most of the sensible max-len errors are fixed
|
|
- no-unused-vars: most of these types of errors are fixed by deleting not needed declarations
|
|
- @typescript-eslint/no-unused-vars: same as above
|
|
|
|
- Updated dependencies [d87fa0268]
|
|
- Updated dependencies [da1ee9c82]
|
|
- Updated dependencies [26b494cbd]
|
|
- Updated dependencies [b57b43388]
|
|
- Updated dependencies [add778d55]
|
|
- Updated dependencies [31af01641]
|
|
- @verdaccio/auth@5.0.0-alpha.1
|
|
- @verdaccio/config@5.0.0-alpha.1
|
|
- @verdaccio/commons-api@10.0.0-alpha.0
|
|
- @verdaccio/loaders@5.0.0-alpha.1
|
|
- @verdaccio/logger@5.0.0-alpha.1
|
|
- @verdaccio/utils@5.0.0-alpha.1
|