Marc Bernard

This is it 😃 If you set `publish > check_owners: true`, users will have to be authenticated and belong to the maintainers of a package just like the `npm registry`...

fixing getTarballDetails, then back to this

Agree. Numeric parts of a pre-release must not have leading zero. Also the part definition isn't BNF but a regex. How about this? ``` alphanum ::= ( ['0'-'9'] | ['A'-'Z']...

Because it was invented 10 years ago. I'm working on a update to a formal EBNF that will settle several issues (PR after my vacation)

Update to latest abapGit formats

Indeed, `crypto.createCipher` has been removed in v22 (and was marked to be removed in verdaccio 6): https://github.com/verdaccio/verdaccio/blob/6cf165b405e51d4c804ab87fb1bf702c2bbfe221/packages/signature/src/legacy-signature/index.ts#L14C17-L18 updated links: https://nodejs.org/docs/latest-v21.x/api/crypto.html#cryptocreatecipheralgorithm-password-options https://www.grainger.xyz/posts/changing-from-cipher-to-cipheriv

It will invalidate only tokens that used the old, insecure function. That would be a good thing actually. We would not want to impact other scenarios.

I found [this](https://stackoverflow.com/questions/68713891/nodejs-recover-createcipher-data-with-createcipheriv) to create a backward compatible solution using `createDecipheriv` and [evp_bytestokey](https://www.npmjs.com/package/evp_bytestokey). Could be another option.

closed by #119

Closed by #90