Skip to content

Releases: verdaccio/monorepo

@verdaccio/[email protected]

04 Sep 06:19
@github-actions github-actions
@verdaccio/[email protected]
d537074
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
@verdaccio/[email protected]

Minor Changes

  • e60fd0a: feat(types): add missing fields to the Version object
Assets 2
Loading

@verdaccio/[email protected]

03 Sep 12:47
@github-actions github-actions
@verdaccio/[email protected]
c11557b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
@verdaccio/[email protected]

Minor Changes

  • f8d763c: feat: add abbreviated versions support
Assets 2
Loading

@verdaccio/[email protected]

25 Jul 16:33
@github-actions github-actions
@verdaccio/[email protected]
77be37c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
@verdaccio/[email protected]

Patch Changes

  • 5c127e6: feat: add server.trustProxy configuration type
Assets 2
Loading

@verdaccio/[email protected]

16 Jul 07:09
@github-actions github-actions
@verdaccio/[email protected]
5ed5d12
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
@verdaccio/[email protected]

Patch Changes

  • 551195f: fix(deps): update all core dependencies
Assets 2
Loading

@verdaccio/[email protected]

13 Jul 10:23
@github-actions github-actions
@verdaccio/[email protected]
3988010
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
@verdaccio/[email protected]

Minor Changes

  • b4f1925: fix: update dependency jsdom to v16 security update
Assets 2
Loading

@verdaccio/[email protected]

22 Jun 22:33
@github-actions github-actions
@verdaccio/[email protected]
6063b3a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
@verdaccio/[email protected]

Patch Changes

  • e30035b: fix: regresion wrong new storage path reference
Assets 2
Loading

[email protected]

21 Jun 19:03
@github-actions github-actions
[email protected]
edf4f3b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
[email protected]

Minor Changes

  • 287f452: Eliminating all synchronous calls to bcrypt library.

    Change and update password routines are now fully asynchronous when using bcrypt (which is important, since bcrypt is slow).

Assets 2
Loading

[email protected]

14 Jun 16:35
@github-actions github-actions
[email protected]
2a3c5ce
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
[email protected]

Minor Changes

  • 49ca26d: feat: allow other password hashing algorithms

    copied from v6 plugins by @greshilov verdaccio/verdaccio#2072

    To avoid a breaking change, the default algorithm is crypt.

    Context

    The current implementation of the htpasswd module supports multiple hash formats on verify, but only crypt on sign in.
    crypt is an insecure old format, so to improve the security of the new verdaccio release we introduce the support of multiple hash algorithms on sign in step.

    New hashing algorithms

    The new possible hash algorithms to use are bcrypt, md5, sha1. You can read more about them here.

    Two new properties are added to auth section in the configuration file:

    • algorithm to choose the way you want to hash passwords.
    • rounds is used to determine bcrypt complexity. So one can improve security according to increasing computational power.

    Example of the new auth config file section:

    auth:
htpasswd:
  file: ./htpasswd
  max_users: 1000
  # Hash algorithm, possible options are: "bcrypt", "md5", "sha1", "crypt".
  algorithm: bcrypt
  # Rounds number for "bcrypt", will be ignored for other algorithms.
  rounds: 10

Contributors

greshilov
Assets 2
Loading

[email protected]

13 Jun 18:43
@github-actions github-actions
[email protected]
523c406
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
[email protected]

Minor Changes

  • b5cfaf6: feat: refactor types and typescript 4

Patch Changes

Assets 2
Loading

[email protected]

13 Jun 18:43
@github-actions github-actions
[email protected]
523c406
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
[email protected]

Patch Changes

Assets 2
Loading