All notable changes to this project will be documented in this file. See standard-version for commit guidelines.
2.3.6 (2017-08-17)
- link was broken (a9481cc)
- Correct accept header set for registry requests (#295)
- Update SSL documentation (#296)
- Fix auth process to check against username also and not just groups (#293)
2.3.5 (2017-08-14)
- configuration files inconsistencies, add unit test (644c098)
- Remove accept header that seems cause issues #285 #289 and npm search fails (fab8391)
2.3.4 (2017-07-29)
- Docker image fails due lock file localhost references (901a7be)
2.3.3 (2017-07-29)
2.3.2 (2017-07-28)
- 🐛 detail page can't handle scoped package (1c9fbfc)
- #268 remove the accept header that avoids request with some regiestries (e7dcf3c)
- #78 add new setting to allow publish when uplinks are offline (430425c)
- broken link (9fb0e14)
- lint warning (d0afe78)
- Param web.title from config.yaml does not work on docker image #265 (b1a396d)
- undefined check (ff96d2e)
- bug: Detail page can't handle scoped package - #261
- bug: can't publish a private package to verdaccio while offline - #223
- refactor: use light version of syntax highlighter - #260
- feature: Refactor User Interface - #220
- bug: fix running behind of loadbalancer with TLS termination - #254
- build: update node version due security update announcement - #251
- Fixed adding the verdaccio user into the group - #241
- Updated Dockerfile & added proper signal handling - #239
- Improve Docker Build - #181
- Bugfix #73
npm-latest
support - #228 - Add documentation - #229
- config section moved up, some keywords added - #211
- docs: update docs with behind reverse proxy - #214
- Add remote ip to request log - #216
- Allow url_prefix to be only the path - (@BartDubois ) in #197
- Apache reverse proxy configuration - (@mysiar ) in #198
- don't blindly clobber local dist-tags - (@rmg ) in #206
- Adds cache option to uplinks - (@silkentrance ) in #132
- Fixed publish fail in YARN - (@W1U02 in #183
- Fix https certificates safety check - (@juanpicado) in #189
- Fix upstream search not work with gzip - (@Meeeeow in #170)
- Add additional requirement to output message - (@marnel in #184)
- Implement npm ping endpoint - (@juanpicado) in #179
- Add support for multiple notification endpoints to existing webhook - (@ryan-codingintrigue) in #108
- fix upstream search - (@Meeeeow in #166)
- Fix search feature - (@Meeeeow in #163)
- add docs about run behind proxy - (@Meeeeow in #160)
- Added Nexus Repository OSS as similar existing software - (@nedelenbos030 in #147)
- Increase verbose on notify request - (@juanpicado in #153)
- Add fallback support to previous config files - (@juanpicado in #155)
- Allows retrieval of all local package contents via http://server/-/search/* - (@Verikon in #152)
- [GH-83] create systemd service - (@030 in #89)
- optional scope in the readme package name. - (@psychocode in #136)
- Added docker image for rpi - (@danielo515 in #137)
- Allow configuring a tagline that is displayed on the webpage between. (@jachstet-sea in #143)
- Contribute guidelines - (@juanpicado in #133)
- fix(plugin-loader): plugins verdaccio-* overwrite by sinopia- (@Alexandre-io in #129)
- [GH-86] updated readme to point to new chef cookbook (@kgrubb in #117)
- [GH-88] rename to Verdaccio instead of Sinopia (@kgrubb in #93)
- Unit testing coverage (@juanpicado in #116)
- Allow htpasswd-created users to log in @imsnif in #112)
- remove travis io.js support (@juanpicado in #115)
- rename clean up (@juanpicado in #114)
- _npmUser / author not showing up (@juanpicado in #65)
- Docs: correct config attribute
proxy_access
(@robertgroh in #96) - Problem with docker.yaml (@josedepaz in #72)
- Prevent logging of user and password (@tlvince in #94)
- Updated README.md to reflect the availability of the docker image (@jmwilkinson) in #71)
- Use __dirname to resolve local plugins (@aledbf in #25)
- Fix npm cli logout (@plitex in #47)
- Add log format: pretty-timestamped (@jachstet-sea in #68)
- Allow adding/overriding HTTP headers of uplinks via config (@jachstet-sea in #67)
- Update Dockerfile to fix failed start (@denisbabineau in #62)
- Update the configs to fully support proxying scoped packages (@ChadKillingsworth in #60)
- Prevent the server from crashing if a repo is accessed that the user does not have access to (@crowebird in #58)
- Hook system, for integration into things like slack
- Register entry partial even if custom template is provided (@plitex in #46)
- Rename process to verdaccio (@juanpicado in #57)
- avoid sending X-Forwarded-For through proxies (issues #19, #254)
- fix multiple issues in search (issues #239, #253)
- fix "maximum stack trace exceeded" errors in auth (issue #258)
- add dist-tags endpoints (issue #211)
- fix access control regression in
1.2.1
(issue #238) - add a possibility to bind on unix sockets (issue #237)
- added more precise authorization control to auth plugins (issue #207)
- add a possibility to listen on multiple ports (issue #172)
- added https support (issues #71, #166)
- added an option to use a custom template for web UI (issue #208)
- remove "from" and "resolved" fields from shrinkwrap (issue #204)
- fix hanging when rendering readme (issue #206)
- fix logger-related crash when using sinopia as a library
- all requests to uplinks should now have proper headers
- fixed issue with
max_users
option (issue #184) - fixed issue with not being able to disable the web interface (issue #195)
- fixed 500 error while logging in with npm (issue #200)
- switch markdown parser from
remarkable
tomarkdown-it
- update
npm-shrinkwrap.json
- now downloading tarballs from upstream using the same protocol as for metadata (issue #166)
- fix windows behavior when
$HOME
isn't set (issue #177) - fix sanitization for highlighted code blocks in readme (issue render-readme/#1)
- Markdown rendering is now a lot safer (switched to remarkable+sanitizer).
- Header in web interface is now static instead of fixed.
GET /-/all?local
now returns list of all local packages (issue #179)
- Fixed an issue with scoped packages in tarballs
-
Config file is now created in
$XDG_CONFIG_HOME
instead of current directory.It is printed to stdout each time sinopia starts, so you hopefully won't have any trouble locating it.
The change is made so sinopia will pick up the same config no matter which directory it is started from.
-
Default config file is now a lot shorter, and it is very permissive by default. You could use sinopia without modifying it on your own computer, but definitely should change it on production.
-
Added auth tokens. For now, auth token is just a username+password encrypted for security reasons, so it isn't much different from basic auth, but allows to avoid "always-auth" npm setting.
-
Added scoped packages.
Please note that default
*
mask won't apply to them. You have to use masks like@scope/*
to match scoped packages, or**
to match everything. -
Enabled web interface by default. Wow, it looks almost ready now!
-
All dependencies are bundled now, so uncompatible changes in 3rd party stuff in the future won't ruin the day.
- fix
EPERM
-related crashes on windows (issue #67)
- web interface:
-
web interface:
-
bugfixes:
- fix "offset out of bounds" issues (issue sinopia-htpasswd/#2)
- "max_users" in htpasswd plugin now work correctly (issue sinopia-htpasswd/#3)
- fix
ENOTDIR, open '.sinopia-db.json'
error in npm search (issue #122)
-
set process title to
sinopia
-
web interface bugfixes:
- fix 500 error in adduser function in sinopia-htpasswd (issue #121)
- fix fd leak in authenticate function in sinopia-htpasswd (issue #116)
- mark crypt3 as optional (issue #119)
-
Added auth plugins (issue #99)
Now you can create your own auth plugin based on sinopia-htpasswd package.
-
WIP: web interface (issue #73)
It is disabled by default, and not ready for production yet. Use at your own risk. We will enable it in the next major release.
-
Some modules are now bundled by default, so users won't have to install stuff from git. We'll see what issues it causes, maybe all modules will be bundled in the future like in npm.
A bunch of development releases that are broken in various ways. Please use 0.11.x instead.
- fix several bugs that could cause "can't set headers" exception
- allow "pretty" format for logging into files (issue #88)
- remove outdated user existence check (issue #115)
-
new features:
-
bugfixes:
- avoid crashing when res.socket is null (issue #89)
- "latest" tag is now always present in any package (issue #63)
- tags created with new npm versions (>= 1.3.19) can now be published correctly
- use gzip compression whenever possible (issue #54)
- set
ignore_latest_tag
to false, it should now be more compatible with npm registry - make
fs-ext
optional (issue #61)
-
config changes:
- breaking change: all time intervals are now specified in seconds instead of milliseconds for the sake of consistency. Change
timeout
if you have one! - all time intervals now can be specified in nginx notation, for example
1m 30s
will specify a 90 seconds timeout - added
maxage
option to avoid asking public registry for the same data too often (issue #47) - added
max_fails
andfail_timeout
options to reduce amount of requests to public registry when it's down (issue #7)
- breaking change: all time intervals are now specified in seconds instead of milliseconds for the sake of consistency. Change
-
bug fixes:
-
other changes:
- 404 errors are returned in couchdb-like manner (issue #56)
- pin down express@3 version, since sinopia doesn't yet work with express@4
- old SSL keys for npm are removed, solves
SELF_SIGNED_CERT_IN_CHAIN
error
- adding config param to specify upload limits (issue #39)
- making loose semver versions work (issue #38)
- support setting different storage paths for different packages (issue #35)
- tag support (issue #8)
- adding support for npm 1.3.19+ behaviour (issue #31)
- removing all support for proxying publish requests to uplink (too complex)
- fixing bug with bad Accept header (issue #32)
- fixed a warning from js-yaml
- don't color multiline strings in logs output
- better error messages in various cases
- test format changed
- try to fetch package from uplinks if user requested a tarball we don't know about (issue #29)
- security fix: set express.js to production mode so we won't return stack traces to the user in case of errors
- fixing a few crashes related to tags
- latest tag always shows highest version available (issue #8)
- added a configurable timeout for requests to uplinks (issue #18)
- users with bad authentication header are considered not logged in (issue #17)
- added proxy support for requests to uplinks (issue #13)
- changed license from default BSD to WTFPL
- server now supports unpublishing local packages
- added fs-ext dependency (flock)
- fixed a few face conditions
- fixed a few errors related to logging
- using bunyan as a log engine
- pretty-formatting colored logs to stdout by default
- ask user before creating any config files
- basic tags support for npm (read-only)
- npm star/unstar calls now return proper error
- using mocha for tests now
- making use of streams2 api, doesn't work on 0.8 anymore
- basic support for uploading packages to other registries
- basic test suite
- storage path in config is now relative to config file location, not cwd
- proper cleanup for temporary files
- using ETag header for all json output, based on md5
- compression for http responses
- requests for files to uplinks are now streams (no buffering)
- tarballs are now cached locally
- config file changed, packages is now specified with minimatch
- ability to retrieve all packages from another registry (i.e. npmjs)
- config is now autogenerated
- tarballs are now read/written from fs using streams (no buffering)
- first npm version
- ability to publish packages and retrieve them locally
- basic authentication/access control
- first commits