Verdaccio keeps growing, thanks to their users. This release is a minor one we do every month, for further information about our releases, it can be read here.
We have some highlights to share:
- At this stage, Docker downloads have grown to 5.1 million pulls.
- New Verdaccio Monorepo development has begun early this month, we are migrating small repositories, plugins and other tools to create a unique ecosystem, feel free to contribute. This first steps are developed by @sergiohgz with the contributions of @griffithtp.
- We finally migrated all repositories to Typescript, we do not support Flow types anymore.
If you 😍 Verdaccio as we do, helps us to grow more donating to the project via OpenCollective, this project is addressed by voluntaries, help us to be sustainable.
Thanks for support Verdaccio ! 👏👏👏👏.
Use this version
docker pull verdaccio/verdaccio:4.2.0
npm install -g firstname.lastname@example.org
Typescript migration by @juanpicado, @priscilawebdev and @griffithtp
Now, Verdaccio is built entirely in Typescript, the last phase was convert the main project.
audit module doesn't support strict_ssl flag by @dfrencham
There are some scenarios where Verdaccio runs behind company proxy with self-certificates. Now the audit middleware supports the flag
strict_ssl, replicating the same feature availabe in uplinks.
middlewares: audit: enabled: true strict_ssl: true # optional, defaults to true
prevent secrets from leaking to source control by @lirantal
Adds support through detect-secrets which wraps Yelp's generic detect-secrets tool, to test for secrets being committed to source control using the pre-commit Git hook the project already has, and as a result prevent secrets like passwords, tokens and others to leak into source control.
The detect-secrets npm package will try different methods of invoking the detect-secrets-hook tool to run the secrets test for each file, and if it isn't able to find it will silently fail to not interrupt developer workflow. In a future re-visit of this capability we can update this to be a breaking change and fail the commit (or perhaps fail the CI, which might be a bit late, but better than never).
storage plugins can throw http status codes by @juanpicado
The storage plugins were forced to return some specific error codes that are not part of Node.js. Now we allow storage plugins to return the same error codes that Verdaccio returns to the Node Package Manager. Read more context in the PR.
- Download button is not displayed if the tarball dist URI has localhost as domain by @juanpicado
- download button hidden for localhost by @griffithtp