monorepo
🏰 Core dependencies and plugins for verdaccio 5.x branch ⚠️ DEPRECATED
MIT License
Bot releases are visible (Hide)
Published by github-actions[bot] over 1 year ago
Patch Changes
- 5769097: fix: update legacy types development
Published by github-actions[bot] over 1 year ago
Patch Changes
- 64c5070: feat: rename types to legacy types
Published by github-actions[bot] over 1 year ago
Minor Changes
- 51a0d28: feat: aesEncrypt string instead buffer
Published by github-actions[bot] over 1 year ago
Patch Changes
- 5bdde6c: fix: add enhancedLegacySignature property to security
Published by github-actions[bot] over 1 year ago
Patch Changes
- ce921a8: fix: config plugin types
Published by github-actions[bot] over 1 year ago
Patch Changes
- 6d812b1: fix: reduce warning noise for htpaswd logging message
Published by github-actions[bot] almost 2 years ago
Patch Changes
- 2a6d862: chore: update dependencies
Published by github-actions[bot] almost 2 years ago
Patch Changes
- ba40e72: chore: update core packages
Published by github-actions[bot] almost 2 years ago
Patch Changes
- ba40e72: chore: update core packages
Published by github-actions[bot] almost 2 years ago
Patch Changes
- ba40e72: chore: update core packages
Published by github-actions[bot] about 2 years ago
Minor Changes
- e60fd0a: feat(types): add missing fields to the Version object
Published by github-actions[bot] about 2 years ago
Minor Changes
- f8d763c: feat: add abbreviated versions support
Published by github-actions[bot] over 2 years ago
Patch Changes
- 5c127e6: feat: add server.trustProxy configuration type
Published by github-actions[bot] over 2 years ago
Patch Changes
- 551195f: fix(deps): update all core dependencies
Published by github-actions[bot] over 2 years ago
Minor Changes
- b4f1925: fix: update dependency jsdom to v16 security update
Published by github-actions[bot] over 2 years ago
Patch Changes
- e30035b: fix: regresion wrong new storage path reference
Published by github-actions[bot] over 2 years ago
Minor Changes
-
287f452: Eliminating all synchronous calls to bcrypt library.
Change and update password routines are now fully asynchronous when using bcrypt (which is important, since bcrypt is slow).
Published by github-actions[bot] over 2 years ago
Minor Changes
-
49ca26d: feat: allow other password hashing algorithms
copied from v6 plugins by @greshilov https://github.com/verdaccio/verdaccio/pull/2072
To avoid a breaking change, the default algorithm is
crypt.Context
The current implementation of the
htpasswdmodule supports multiple hash formats on verify, but onlycrypton sign in.
cryptis an insecure old format, so to improve the security of the newverdacciorelease we introduce the support of multiple hash algorithms on sign in step.New hashing algorithms
The new possible hash algorithms to use are
bcrypt,md5,sha1. You can read more about them here.Two new properties are added to
authsection in the configuration file:-
algorithmto choose the way you want to hash passwords. -
roundsis used to determinebcryptcomplexity. So one can improve security according to increasing computational power.
Example of the new
authconfig file section:auth: htpasswd: file: ./htpasswd max_users: 1000 # Hash algorithm, possible options are: "bcrypt", "md5", "sha1", "crypt". algorithm: bcrypt # Rounds number for "bcrypt", will be ignored for other algorithms. rounds: 10 -
Published by github-actions[bot] over 2 years ago
Patch Changes
- 4643709: fix: wrong package configuration
Published by github-actions[bot] over 2 years ago
Minor Changes
- b5cfaf6: feat: refactor types and typescript 4
