🏰 Core dependencies and plugins for verdaccio 5.x branch ⚠️ DEPRECATED
MIT License
Bot releases are visible (Hide)
Published by github-actions[bot] over 1 year ago
Published by github-actions[bot] over 1 year ago
Published by github-actions[bot] over 1 year ago
Published by github-actions[bot] over 1 year ago
Published by github-actions[bot] over 1 year ago
Published by github-actions[bot] over 1 year ago
Published by github-actions[bot] almost 2 years ago
Published by github-actions[bot] almost 2 years ago
Published by github-actions[bot] almost 2 years ago
Published by github-actions[bot] almost 2 years ago
Published by github-actions[bot] about 2 years ago
Published by github-actions[bot] about 2 years ago
Published by github-actions[bot] over 2 years ago
Published by github-actions[bot] over 2 years ago
Published by github-actions[bot] over 2 years ago
Published by github-actions[bot] over 2 years ago
Published by github-actions[bot] over 2 years ago
287f452: Eliminating all synchronous calls to bcrypt library.
Change and update password routines are now fully asynchronous when using bcrypt (which is important, since bcrypt is slow).
Published by github-actions[bot] over 2 years ago
49ca26d: feat: allow other password hashing algorithms
copied from v6 plugins by @greshilov https://github.com/verdaccio/verdaccio/pull/2072
To avoid a breaking change, the default algorithm is
crypt
.
The current implementation of the htpasswd
module supports multiple hash formats on verify, but only crypt
on sign in.
crypt
is an insecure old format, so to improve the security of the new verdaccio
release we introduce the support of multiple hash algorithms on sign in step.
The new possible hash algorithms to use are bcrypt
, md5
, sha1
. You can read more about them here.
Two new properties are added to auth
section in the configuration file:
algorithm
to choose the way you want to hash passwords.rounds
is used to determine bcrypt
complexity. So one can improve security according to increasing computational power.Example of the new auth
config file section:
auth:
htpasswd:
file: ./htpasswd
max_users: 1000
# Hash algorithm, possible options are: "bcrypt", "md5", "sha1", "crypt".
algorithm: bcrypt
# Rounds number for "bcrypt", will be ignored for other algorithms.
rounds: 10
Published by github-actions[bot] over 2 years ago
Published by github-actions[bot] over 2 years ago