Verdaccio 4 is here, you can read the complete post in our blog.
Here some brief additions to have on mind before moving to Verdaccio 4.
⚠️ Breaking Changes
The following list might or not breaking changes for you, that might depend on your setup. If you are using Docker and haven't used any alpha or beta we recommend make a backup of your storage and give it try.
- Docker environment variables and user permissions, read here more about it by @sergiohgz @dlouzan
- JWT token signature (by default disabled, we still use the old token signature, but if you enable it all tokens will be invalidated automatically) #896 @juanpicado
- Migrate react-router from hash to history API #1013 (you will lose your old browser bookmarks) @ayusharma @juanpicado
- Drop Node 6 support #1268 @ayusharma
url_prefixbehaves differently and do not work with URI anymore, please read #1299 @juanpicado
You can read more in our section of package access in our documentation.
We have some new commands might be useful for you, as change the password (if the plugin allows it) via command line or star your favorite project.
⚠️It does not support
npm star &
- Change background color #1282 @jamiebuilds
- Bug-fixing Hacktoberfest #973
👏to all contributors that helped us to clean up small task.
- Sort packages on UI #1222 @juanpicado
- JWT token support for API and Web #896 @juanpicado
- add support for multiple protocols on protocol header #1014 @juanpicado
You can read more about JWT in Verdaccio here.
- New fresh User Interface @priscilawebdev @ayusharma @ayusharma @DanielRuf (We skip details due to many improvements that will require a complete blog post)
- New repository for UI (https://github.com/verdaccio/ui) Please, feel free to contribute. @priscilawebdev @ayusharma @juanpicado @jinliming2 @jamiebuilds
- We have included the User Interface as a dependency, meaning that you can replace it completely if you like either adding a custom one or forking the project and customized to your needs, you can read more about how to add UI as plugin here.
Verdaccio cares about Security, we shipped a Security Policy. If you find something that might be a potential security issue, please read it and follow our recommendations. by @DanielRuf @juanpicado (collaboration with @lirantal)
- CircleCI deployment @sergiohgz a big
👏for this amazing work, reducing the release from hours to minutes
- Using GitHub Actions @ayusharma (beta)
- verdaccio-https by @honzahommer
- verdaccio-vsts by @ggondim
- verdaccio-groupnames @martin31821
- verdaccio-level-auth @uniibu
- verdaccio-npm-urls by @n4bb12
- verdaccio-static-token @Eomm
You can find more plugin and toolings for Verdaccio here.
We have fixed many bugs, performance improvements, and other minor things, you can see more in detail in our milestone.
If you are using a
npm installation, there is no much to migrate, but in case you are using Docker, we recommend reading the following migration guide.
Version3 remains as maintenance mode for 6 months starting now. We will ship updated dependencies and security releases from now on, no features are being merged anymore. You can follow the development in the 3.x branch.
If you are still using
v2we highly recommend migrating either v3 or v4.
We are working on next minor release, you can follow here what's coming, feel free to contribute to Verdaccio.
🌵 This specific version ( v4.0.0) also includes some patches.
Verdaccio 4 is a sum of many alpha and beta releases. These are the latest changes included in this release.
- add missing pkg version and name on start up (8cf3966)
- update @verdaccio/ui-theme:0.1.7 (8e48eea)
- warning text is hard to read when running under root (3ac038f)
- create security policy (#1322) (0e9f23d)
- prepare release v4 (#1307) (b9506d6)
- using a new README parser to protect better XSS injections (#1312) (7686417)
Find more information in our release blog post