4.0.0 (2019-05-26)
Verdaccio 4 is here, you can read the complete post in our blog.
https://verdaccio.org/blog/2019/05/19/15-verdaccio-4-release
Here some brief additions to have on mind before moving to Verdaccio 4.
⚠️ Breaking Changes
The following list might or not breaking changes for you, that might depend on your setup. If you are using Docker and haven't used any alpha or beta we recommend make a backup of your storage and give it try.
- Docker environment variables and user permissions, read here more about it by @sergiohgz @dlouzan
- JWT token signature (by default disabled, we still use the old token signature, but if you enable it all tokens will be invalidated automatically) #896 @juanpicado
- Migrate react-router from hash to history API #1013 (you will lose your old browser bookmarks) @ayusharma @juanpicado
- Drop Node 6 support #1268 @ayusharma
url_prefixbehaves differently and do not work with URI anymore, please read #1299 @juanpicado
Features
Unpublish
Unpublishing packages were handled by publish property, this feature allows add a new property unpublish to independently assign roles are allowed to such action. (#492) by @juanpicado
You can read more in our section of package access in our documentation.
New npm commands
We have some new commands might be useful for you, as change the password (if the plugin allows it) via command line or star your favorite project.
npm profile
Support to change password via CLI #392 (PR #1034) @juanpicado
⚠️ It does not support
enable-2faordisable-2fa(#913)
npm star & npm unstar
Others improvements
- Change background color #1282 @jamiebuilds
- Bug-fixing Hacktoberfest #973 👏 to all contributors that helped us to clean up small task.
- Sort packages on UI #1222 @juanpicado
Authentification
- JWT token support for API and Web #896 @juanpicado
- add support for multiple protocols on protocol header #1014 @juanpicado
You can read more about JWT in Verdaccio here.
Web UI
- New fresh User Interface @priscilawebdev @ayusharma @ayusharma @DanielRuf (We skip details due to many improvements that will require a complete blog post)
- New repository for UI (https://github.com/verdaccio/ui) Please, feel free to contribute. @priscilawebdev @ayusharma @juanpicado @jinliming2 @jamiebuilds
Plugins
- We have included the User Interface as a dependency, meaning that you can replace it completely if you like either adding a custom one or forking the project and customized to your needs, you can read more about how to add UI as plugin here.
Security
Verdaccio cares about Security, we shipped a Security Policy. If you find something that might be a potential security issue, please read it and follow our recommendations. by @DanielRuf @juanpicado (collaboration with @lirantal)
PR #1322
Deployment
- CircleCI deployment @sergiohgz a big 👏 for this amazing work, reducing the release from hours to minutes
- Using GitHub Actions @ayusharma (beta)
New Plugins
- verdaccio-https by @honzahommer
- verdaccio-vsts by @ggondim
- verdaccio-groupnames @martin31821
- verdaccio-level-auth @uniibu
- verdaccio-npm-urls by @n4bb12
- verdaccio-static-token @Eomm
A big 👏 👏 👏 👏 for them to make our ecosystem more flexible and varied.
🤔 please let us know whether you have developed a plugin in the last 365 days, you must be in our list.
Tooling
- pkgmigr8or Migration CLI tool to export packages from NPM to a private registry. by @thornyweb
You can find more plugin and toolings for Verdaccio here.
Full Roadmap
We have fixed many bugs, performance improvements, and other minor things, you can see more in detail in our milestone.
https://github.com/verdaccio/verdaccio/milestone/15
Migration Guide
If you are using a npm installation, there is no much to migrate, but in case you are using Docker, we recommend reading the following migration guide.
What about v3.x?
Version3 remains as maintenance mode for 6 months starting now. We will ship updated dependencies and security releases from now on, no features are being merged anymore. You can follow the development in the 3.x branch.
If you are still using
v2we highly recommend migrating either v3 or v4.
What's next?
We are working on next minor release, you can follow here what's coming, feel free to contribute to Verdaccio.
🌵 This specific version ( v4.0.0) also includes some patches.
Verdaccio 4 is a sum of many alpha and beta releases. These are the latest changes included in this release.
Bug Fixes
- add missing pkg version and name on start up (8cf3966)
- update @verdaccio/ui-theme:0.1.7 (8e48eea)
- warning text is hard to read when running under root (3ac038f)
Features
- create security policy (#1322) (0e9f23d)
- prepare release v4 (#1307) (b9506d6)
- using a new README parser to protect better XSS injections (#1312) (7686417)
Find more information in our release blog post