chore(deps): update dependency oxlint-tsgolint to ^0.5.0 (#875 )

[skip ci] This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [oxlint-tsgolint](https://redirect.github.com/oxc-project/tsgolint) | [`^0.3.0` -> `^0.5.0`](https://renovatebot.com/diffs/npm/oxlint-tsgolint/0.3.0/0.5.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/oxlint-tsgolint/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/oxlint-tsgolint/0.3.0/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>oxc-project/tsgolint (oxlint-tsgolint)</summary> ### [`v0.5.0`](https://redirect.github.com/oxc-project/tsgolint/releases/tag/v0.5.0) [Compare Source](https://redirect.github.com/oxc-project/tsgolint/compare/v0.4.0...v0.5.0) #### What's Changed - chore(deps): update typescript-go digest to [`b278afd`](https://redirect.github.com/oxc-project/tsgolint/commit/b278afd) by [@renovate](https://redirect.github.com/renovate)\[bot] in [#344](https://redirect.github.com/oxc-project/tsgolint/pull/344) - perf: `no-unnecessary-boolean-literal-compare`: only build fixes when needed by [@camchenry](https://redirect.github.com/camchenry) in [#332](https://redirect.github.com/oxc-project/tsgolint/pull/332) - perf: `no-unnecessary-type-arguments`: only compute remove range when creating fixes by [@camchenry](https://redirect.github.com/camchenry) in [#333](https://redirect.github.com/oxc-project/tsgolint/pull/333) - chore(deps): update typescript-go digest to [`24b38de`](https://redirect.github.com/oxc-project/tsgolint/commit/24b38de) by [@renovate](https://redirect.github.com/renovate)\[bot] in [#345](https://redirect.github.com/oxc-project/tsgolint/pull/345) - chore(deps): update typescript-go digest to [`d891e4f`](https://redirect.github.com/oxc-project/tsgolint/commit/d891e4f) by [@renovate](https://redirect.github.com/renovate)\[bot] in [#348](https://redirect.github.com/oxc-project/tsgolint/pull/348) - chore(deps): update typescript-go digest to [`8ac3092`](https://redirect.github.com/oxc-project/tsgolint/commit/8ac3092) by [@renovate](https://redirect.github.com/renovate)\[bot] in [#350](https://redirect.github.com/oxc-project/tsgolint/pull/350) - chore(deps): update typescript-go digest to [`4705d38`](https://redirect.github.com/oxc-project/tsgolint/commit/4705d38) by [@renovate](https://redirect.github.com/renovate)\[bot] in [#352](https://redirect.github.com/oxc-project/tsgolint/pull/352) - chore(deps): update crate-ci/typos action to v1.39.0 by [@renovate](https://redirect.github.com/renovate)\[bot] in [#354](https://redirect.github.com/oxc-project/tsgolint/pull/354) - chore(deps): update typescript-go digest to [`71a622f`](https://redirect.github.com/oxc-project/tsgolint/commit/71a622f) by [@renovate](https://redirect.github.com/renovate)\[bot] in [#353](https://redirect.github.com/oxc-project/tsgolint/pull/353) - chore(deps): update typescript-go digest to [`240b101`](https://redirect.github.com/oxc-project/tsgolint/commit/240b101) by [@renovate](https://redirect.github.com/renovate)\[bot] in [#355](https://redirect.github.com/oxc-project/tsgolint/pull/355) - chore(deps): update typescript-go digest to [`6fb55b7`](https://redirect.github.com/oxc-project/tsgolint/commit/6fb55b7) by [@renovate](https://redirect.github.com/renovate)\[bot] in [#357](https://redirect.github.com/oxc-project/tsgolint/pull/357) - chore(deps): update dependency dprint-typescript to v0.95.12 by [@renovate](https://redirect.github.com/renovate)\[bot] in [#359](https://redirect.github.com/oxc-project/tsgolint/pull/359) - chore(deps): update taiki-e/install-action action to v2.62.45 by [@renovate](https://redirect.github.com/renovate)\[bot] in [#360](https://redirect.github.com/oxc-project/tsgolint/pull/360) - chore(deps): update github.com/go-json-experiment/json digest to [`4849db3`](https://redirect.github.com/oxc-project/tsgolint/commit/4849db3) by [@renovate](https://redirect.github.com/renovate)\[bot] in [#358](https://redirect.github.com/oxc-project/tsgolint/pull/358) - chore(deps): lock file maintenance npm packages by [@renovate](https://redirect.github.com/renovate)\[bot] in [#362](https://redirect.github.com/oxc-project/tsgolint/pull/362) - chore(deps): update typescript-go digest to [`82039b6`](https://redirect.github.com/oxc-project/tsgolint/commit/82039b6) by [@renovate](https://redirect.github.com/renovate)\[bot] in [#361](https://redirect.github.com/oxc-project/tsgolint/pull/361) - chore(dpes): update golang to ^1.25.0 by [@sunrabbit123](https://redirect.github.com/sunrabbit123) in [#363](https://redirect.github.com/oxc-project/tsgolint/pull/363) - docs: mark `strict-boolean-expressions` as implemented by [@camc314](https://redirect.github.com/camc314) in [#364](https://redirect.github.com/oxc-project/tsgolint/pull/364) - feat: improve invalid config diagnostics by [@camc314](https://redirect.github.com/camc314) in [#365](https://redirect.github.com/oxc-project/tsgolint/pull/365) - feat: link to github issue for deprecated tsconfig options by [@camc314](https://redirect.github.com/camc314) in [#366](https://redirect.github.com/oxc-project/tsgolint/pull/366) - perf: `no-unnecessary-type-assertion`: only do scanning when fixes are generated by [@camchenry](https://redirect.github.com/camchenry) in [#334](https://redirect.github.com/oxc-project/tsgolint/pull/334) - chore(deps): update typescript-go digest to [`13d3e19`](https://redirect.github.com/oxc-project/tsgolint/commit/13d3e19) by [@renovate](https://redirect.github.com/renovate)\[bot] in [#367](https://redirect.github.com/oxc-project/tsgolint/pull/367) - fix(justfile): fix `just shim` command by [@camc314](https://redirect.github.com/camc314) in [#369](https://redirect.github.com/oxc-project/tsgolint/pull/369) - feat: implement `typescript/no-deprecated` by [@camc314](https://redirect.github.com/camc314) in [#368](https://redirect.github.com/oxc-project/tsgolint/pull/368) #### New Contributors - [@sunrabbit123](https://redirect.github.com/sunrabbit123) made their first contribution in [#363](https://redirect.github.com/oxc-project/tsgolint/pull/363) **Full Changelog**: <https://github.com/oxc-project/tsgolint/compare/v0.4.0...v0.5.0> ### [`v0.4.0`](https://redirect.github.com/oxc-project/tsgolint/releases/tag/v0.4.0) [Compare Source](https://redirect.github.com/oxc-project/tsgolint/compare/v0.3.0...v0.4.0) #### What's Changed - chore(deps): update typescript-go digest to [`def283d`](https://redirect.github.com/oxc-project/tsgolint/commit/def283d) by [@renovate](https://redirect.github.com/renovate)\[bot] in [#315](https://redirect.github.com/oxc-project/tsgolint/pull/315) - chore(deps): update typescript-go digest to [`d461fad`](https://redirect.github.com/oxc-project/tsgolint/commit/d461fad) by [@renovate](https://redirect.github.com/renovate)\[bot] in [#323](https://redirect.github.com/oxc-project/tsgolint/pull/323) - chore(deps): update taiki-e/install-action action to v2.62.38 by [@renovate](https://redirect.github.com/renovate)\[bot] in [#327](https://redirect.github.com/oxc-project/tsgolint/pull/327) - chore(deps): update github.com/go-json-experiment/json digest to [`8a0206d`](https://redirect.github.com/oxc-project/tsgolint/commit/8a0206d) by [@renovate](https://redirect.github.com/renovate)\[bot] in [#325](https://redirect.github.com/oxc-project/tsgolint/pull/325) - chore(deps): update github-actions (major) by [@renovate](https://redirect.github.com/renovate)\[bot] in [#328](https://redirect.github.com/oxc-project/tsgolint/pull/328) - chore(deps): lock file maintenance npm packages by [@renovate](https://redirect.github.com/renovate)\[bot] in [#329](https://redirect.github.com/oxc-project/tsgolint/pull/329) - chore(deps): update typescript-go digest to [`b7840c2`](https://redirect.github.com/oxc-project/tsgolint/commit/b7840c2) by [@renovate](https://redirect.github.com/renovate)\[bot] in [#326](https://redirect.github.com/oxc-project/tsgolint/pull/326) - chore(deps): update typescript-go digest to [`33eeaf3`](https://redirect.github.com/oxc-project/tsgolint/commit/33eeaf3) by [@renovate](https://redirect.github.com/renovate)\[bot] in [#330](https://redirect.github.com/oxc-project/tsgolint/pull/330) - chore(deps): update typescript-go digest to [`f0ca632`](https://redirect.github.com/oxc-project/tsgolint/commit/f0ca632) by [@renovate](https://redirect.github.com/renovate)\[bot] in [#331](https://redirect.github.com/oxc-project/tsgolint/pull/331) - chore(deps): update typescript-go digest to [`a4fa408`](https://redirect.github.com/oxc-project/tsgolint/commit/a4fa408) by [@renovate](https://redirect.github.com/renovate)\[bot] in [#337](https://redirect.github.com/oxc-project/tsgolint/pull/337) - chore(deps): update typescript-go digest to [`ca68e0b`](https://redirect.github.com/oxc-project/tsgolint/commit/ca68e0b) by [@renovate](https://redirect.github.com/renovate)\[bot] in [#339](https://redirect.github.com/oxc-project/tsgolint/pull/339) - chore(deps): update typescript-go digest to [`4037f3a`](https://redirect.github.com/oxc-project/tsgolint/commit/4037f3a) by [@renovate](https://redirect.github.com/renovate)\[bot] in [#340](https://redirect.github.com/oxc-project/tsgolint/pull/340) - refactor: allow suggestions/fixes to be generated lazily by [@camchenry](https://redirect.github.com/camchenry) in [#313](https://redirect.github.com/oxc-project/tsgolint/pull/313) - chore(deps): update typescript-go digest to [`6642b0a`](https://redirect.github.com/oxc-project/tsgolint/commit/6642b0a) by [@renovate](https://redirect.github.com/renovate)\[bot] in [#342](https://redirect.github.com/oxc-project/tsgolint/pull/342) - feat(overlayfs): implement overlay filesystem with source overrides support by [@camc314](https://redirect.github.com/camc314) in [#291](https://redirect.github.com/oxc-project/tsgolint/pull/291) - feat!: make fixes/suggestions opt-in by [@camchenry](https://redirect.github.com/camchenry) in [#317](https://redirect.github.com/oxc-project/tsgolint/pull/317) - perf: `no-array-delete`: only get token ranges when fixing by [@camchenry](https://redirect.github.com/camchenry) in [#320](https://redirect.github.com/oxc-project/tsgolint/pull/320) - perf: `no-confusing-void-expression`: only generate fixes and suggestions when fixing by [@camchenry](https://redirect.github.com/camchenry) in [#321](https://redirect.github.com/oxc-project/tsgolint/pull/321) - perf: `no-duplicate-type-constituents`: only build fixes when needed by [@camchenry](https://redirect.github.com/camchenry) in [#324](https://redirect.github.com/oxc-project/tsgolint/pull/324) - feat: expose program diagnostics by [@camc314](https://redirect.github.com/camc314) in [#343](https://redirect.github.com/oxc-project/tsgolint/pull/343) **Full Changelog**: <https://github.com/oxc-project/tsgolint/compare/v0.3.0...v0.4.0> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/cnpm/cnpmcore).  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
feat: add ffmpeg-builds binary mirror (#879 )
2025-11-06 21:17:43 +08:00 · 2025-11-06 21:12:56 +08:00 · 2025-10-29 23:36:35 +08:00 · 2025-10-29 23:35:06 +08:00 · 2025-10-29 21:19:12 +08:00 · 2025-10-29 21:18:28 +08:00
483 changed files with 662810 additions and 9708 deletions
--- a/.docker/alpine/Dockerfile
+++ b/.docker/alpine/Dockerfile
@@ -0,0 +1,36 @@
+FROM node:22-alpine
+
+# Create app directory
+WORKDIR /usr/src/app
+
+# Install app dependencies
+COPY . .
+
+RUN .docker/build.sh
+
+ENV NODE_ENV=production \
+  EGG_SERVER_ENV=prod \
+  CNPMCORE_CONFIG_REGISTRY= \
+  CNPMCORE_CONFIG_SOURCE_REGISTRY=https://registry.npmmirror.com \
+  CNPMCORE_CONFIG_SOURCE_REGISTRY_IS_CNPM=true \
+  CNPMCORE_DATABASE_TYPE= \
+  CNPMCORE_DATABASE_NAME= \
+  CNPMCORE_DATABASE_HOST= \
+  CNPMCORE_DATABASE_PORT=3306 \
+  CNPMCORE_DATABASE_USER= \
+  CNPMCORE_DATABASE_PASSWORD= \
+  CNPMCORE_REDIS_HOST= \
+  CNPMCORE_REDIS_PORT=6379 \
+  CNPMCORE_REDIS_PASSWORD= \
+  CNPMCORE_REDIS_DB= \
+  CNPMCORE_NFS_TYPE=s3 \
+  CNPMCORE_NFS_S3_CLIENT_ENDPOINT= \
+  CNPMCORE_NFS_S3_CLIENT_BUCKET= \
+  CNPMCORE_NFS_S3_CLIENT_ID= \
+  CNPMCORE_NFS_S3_CLIENT_SECRET= \
+  CNPMCORE_NFS_S3_CLIENT_FORCE_PATH_STYLE=true \
+  CNPMCORE_NFS_S3_CLIENT_DISABLE_URL=true \
+  TZ=Asia/Shanghai
+
+EXPOSE 7001
+CMD ["npm", "run", "start:foreground"]
--- a/.docker/build.sh
+++ b/.docker/build.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+node -v && npm -v \
+  && npm install -g npminstall --registry=https://registry.npmmirror.com \
+  && npminstall -c \
+  && npm run tsc \
+  && npmupdate -c --production
--- a/.docker/debian/Dockerfile
+++ b/.docker/debian/Dockerfile
@@ -0,0 +1,36 @@
+FROM node:22-bookworm-slim
+
+# Create app directory
+WORKDIR /usr/src/app
+
+# Install app dependencies
+COPY . .
+
+RUN .docker/build.sh
+
+ENV NODE_ENV=production \
+  EGG_SERVER_ENV=prod \
+  CNPMCORE_CONFIG_REGISTRY= \
+  CNPMCORE_CONFIG_SOURCE_REGISTRY=https://registry.npmmirror.com \
+  CNPMCORE_CONFIG_SOURCE_REGISTRY_IS_CNPM=true \
+  CNPMCORE_DATABASE_TYPE= \
+  CNPMCORE_DATABASE_NAME= \
+  CNPMCORE_DATABASE_HOST= \
+  CNPMCORE_DATABASE_PORT=3306 \
+  CNPMCORE_DATABASE_USER= \
+  CNPMCORE_DATABASE_PASSWORD= \
+  CNPMCORE_REDIS_HOST= \
+  CNPMCORE_REDIS_PORT=6379 \
+  CNPMCORE_REDIS_PASSWORD= \
+  CNPMCORE_REDIS_DB= \
+  CNPMCORE_NFS_TYPE=s3 \
+  CNPMCORE_NFS_S3_CLIENT_ENDPOINT= \
+  CNPMCORE_NFS_S3_CLIENT_BUCKET= \
+  CNPMCORE_NFS_S3_CLIENT_ID= \
+  CNPMCORE_NFS_S3_CLIENT_SECRET= \
+  CNPMCORE_NFS_S3_CLIENT_FORCE_PATH_STYLE=true \
+  CNPMCORE_NFS_S3_CLIENT_DISABLE_URL=true \
+  TZ=Asia/Shanghai
+
+EXPOSE 7001
+CMD ["npm", "run", "start:foreground"]
--- a/.dockerignore
+++ b/.dockerignore
@@ -0,0 +1,6 @@
+logs
+node_modules
+run
+typings
+.cnpmcore*
+coverage
--- a/.env.example
+++ b/.env.example
@@ -0,0 +1,50 @@
+# CNPMCORE_DATABASE_TYPE=MySQL
+# CNPMCORE_DATABASE_USER=root
+# CNPMCORE_DATABASE_PASSWORD=
+# CNPMCORE_DATABASE_NAME=cnpmcore
+
+# CNPMCORE_DATABASE_TYPE=PostgreSQL
+# CNPMCORE_DATABASE_USER=postgres
+# CNPMCORE_DATABASE_PASSWORD=postgres
+# CNPMCORE_DATABASE_NAME=cnpmcore
+
+# CNPMCORE_CONFIG_ENABLE_ES=true
+# CNPMCORE_CONFIG_ES_CLIENT_NODE=http://localhost:9200
+# CNPMCORE_CONFIG_ES_CLIENT_AUTH_USERNAME=elastic
+# CNPMCORE_CONFIG_ES_CLIENT_AUTH_PASSWORD=abcdef
+
+# https://github.com/cnpm/cnpmcore/blob/next/docs/elasticsearch-setup.md#%E6%96%B0%E5%BB%BA-env-%E6%96%87%E4%BB%B6
+# Password for the 'elastic' user (at least 6 characters)
+ELASTIC_PASSWORD="abcdef"
+
+# Password for the 'kibana_system' user (at least 6 characters)
+KIBANA_PASSWORD="abcdef"
+
+# Version of Elastic products
+STACK_VERSION=8.7.1
+# enable for arm64
+# STACK_VERSION_ARM64=-arm64
+# STACK_PLATFORM=linux/arm64
+
+# Set the cluster name
+CLUSTER_NAME=docker-cluster
+
+# Set to 'basic' or 'trial' to automatically start the 30-day trial
+LICENSE=basic
+#LICENSE=trial
+
+# Port to expose Elasticsearch HTTP API to the host
+ES_PORT=9200
+#ES_PORT=127.0.0.1:9200
+
+# Port to expose Kibana to the host
+KIBANA_PORT=5601
+#KIBANA_PORT=80
+
+# Increase or decrease based on the available host memory (in bytes)
+ES_MEM_LIMIT=1073741824
+KB_MEM_LIMIT=1073741824
+LS_MEM_LIMIT=1073741824
+
+# SAMPLE Predefined Key only to be used in POC environments
+ENCRYPTION_KEY=c34d38b3a14956121ff2170e5030b471551370178f43e5626eec58b04a30fae2
--- a/.eslintignore
+++ b/.eslintignore
@@ -1,7 +0,0 @@
-app/proxy*
-**/*.d.ts
-node_modules/
-dist/
-coverage/
-mocks/
-.react_entries/
--- a/.eslintrc
+++ b/.eslintrc
@@ -1,6 +0,0 @@
-{
-  "extends": "eslint-config-egg/typescript",
-  "rules": {
-
-  }
-}
--- a/.github/copilot-instructions.md
+++ b/.github/copilot-instructions.md
@@ -0,0 +1,564 @@
+# cnpmcore - Private NPM Registry for Enterprise
+
+cnpmcore is a TypeScript-based private NPM registry implementation built with Egg.js framework. It provides enterprise-grade package management with support for MySQL/PostgreSQL databases, Redis caching, and optional Elasticsearch.
+
+**ALWAYS reference these instructions first** and fallback to search or bash commands only when you encounter unexpected information that does not match the information here.
+
+## Code Style and Conventions
+
+### Linting and Formatting
+- **Linter**: Oxlint (fast Rust-based linter)
+- **Formatter**: Prettier with specific configuration
+- **Pre-commit hooks**: Husky + lint-staged automatically format and lint on commit
+
+**Code Style Rules:**
+```javascript
+// From .prettierrc
+{
+  "singleQuote": true,        // Use single quotes
+  "trailingComma": "es5",     // ES5 trailing commas
+  "tabWidth": 2,              // 2-space indentation
+  "printWidth": 120,          // 120 character line width
+  "arrowParens": "avoid"      // Avoid parens when possible
+}
+
+// From .oxlintrc.json
+{
+  "max-params": 6,            // Maximum 6 function parameters
+  "no-console": "warn",       // Warn on console usage
+  "import/no-anonymous-default-export": "error"
+}
+```
+
+**Linting Commands:**
+```bash
+npm run lint         # Check for linting errors
+npm run lint:fix     # Auto-fix linting issues
+npm run typecheck    # TypeScript type checking without build
+```
+
+### TypeScript Conventions
+- Use strict TypeScript with comprehensive type definitions
+- Avoid `any` types - use proper typing or `unknown`
+- Export types and interfaces for reusability
+- Use ES modules (`import/export`) syntax throughout
+
+### Testing Conventions
+- Test files use `.test.ts` suffix
+- Use `@eggjs/mock` for mocking and testing
+- Tests organized to mirror source structure in `test/` directory
+- Use `assert` from `node:assert/strict` for assertions
+- Mock external dependencies using `mock()` from `@eggjs/mock`
+
+**Test Naming Pattern:**
+```typescript
+describe('test/path/to/SourceFile.test.ts', () => {
+  describe('[HTTP_METHOD /api/path] functionName()', () => {
+    it('should handle expected behavior', async () => {
+      // Test implementation
+    });
+  });
+});
+```
+
+## Domain-Driven Design (DDD) Architecture
+
+cnpmcore follows **Domain-Driven Design** principles with clear separation of concerns:
+
+### Layer Architecture (Dependency Flow)
+
+```
+Controller (HTTP Interface Layer)
+    ↓ depends on
+Service (Business Logic Layer)
+    ↓ depends on
+Repository (Data Access Layer)
+    ↓ depends on
+Model (ORM/Database Layer)
+
+Entity (Domain Models - no dependencies, pure business logic)
+Common (Utilities and Adapters - available to all layers)
+```
+
+### Layer Responsibilities
+
+**Controller Layer** (`app/port/controller/`):
+- HTTP request/response handling
+- Request validation using `@eggjs/typebox-validate`
+- User authentication and authorization
+- **NO business logic** - delegate to Services
+- Inheritance: `YourController extends AbstractController extends MiddlewareController`
+
+**Service Layer** (`app/core/service/`):
+- Core business logic implementation
+- Orchestration of multiple repositories and entities
+- Transaction management
+- Event publishing
+- NO HTTP concerns, NO direct database access
+
+**Repository Layer** (`app/repository/`):
+- Data access and persistence
+- CRUD operations on Models
+- Query building and optimization
+- NO business logic
+
+**Entity Layer** (`app/core/entity/`):
+- Domain models with business behavior
+- Pure business logic (no infrastructure dependencies)
+- Immutable data structures where possible
+- Rich domain objects (not anemic models)
+
+**Model Layer** (`app/repository/model/`):
+- ORM definitions using Leoric
+- Database schema mapping
+- Table and column definitions
+- NO business logic
+
+### Repository Method Naming Convention
+
+**ALWAYS follow these naming patterns:**
+- `findSomething` - Query a single model/entity
+- `saveSomething` - Save (create or update) a model
+- `removeSomething` - Delete a model
+- `listSomethings` - Query multiple models (use plural)
+
+### Request Validation Trilogy
+
+**ALWAYS validate requests in this exact order:**
+
+1. **Request Parameter Validation** - First line of defense
+   ```typescript
+   // Use @eggjs/typebox-validate for type-safe validation
+   // See app/port/typebox.ts for examples
+   ```
+
+2. **User Authentication & Token Permissions**
+   ```typescript
+   // Token roles: 'read' | 'publish' | 'setting'
+   const authorizedUser = await this.userRoleManager.requiredAuthorizedUser(ctx, 'publish');
+   ```
+
+3. **Resource Authorization** - Prevent horizontal privilege escalation
+   ```typescript
+   // Example: Ensure user is package maintainer
+   await this.userRoleManager.requiredPackageMaintainer(pkg, authorizedUser);
+   // Or use convenience method
+   const { pkg } = await this.ensurePublishAccess(ctx, fullname);
+   ```
+
+### Modifying Database Models
+
+When changing a Model, update **all 3 locations**:
+1. SQL migration files: `sql/mysql/*.sql` AND `sql/postgresql/*.sql`
+2. ORM Model: `app/repository/model/*.ts`
+3. Domain Entity: `app/core/entity/*.ts`
+
+**NEVER auto-generate SQL migrations** - manual review is required for safety.
+
+## Prerequisites and Environment Setup
+
+- **Node.js**: Version 20.18.0 or higher (required by engines field in package.json)
+- **Database**: MySQL 5.7+ or PostgreSQL 17+
+- **Cache**: Redis 6+
+- **Optional**: Elasticsearch 8.x for enhanced search capabilities
+
+## Working Effectively
+
+### Bootstrap and Build
+```bash
+# Install dependencies (takes ~2 minutes)
+npm install
+
+# Copy environment configuration
+cp .env.example .env
+
+# Lint code (very fast, <1 second)
+npm run lint
+
+# Fix linting issues
+npm run lint:fix
+
+# Build TypeScript (takes ~6 seconds)
+npm run tsc
+
+# Production build (takes ~6 seconds)
+npm run tsc:prod
+```
+
+### Database Setup - MySQL (Recommended for Development)
+```bash
+# Start MySQL + Redis services via Docker (takes ~1 minute to pull images initially)
+docker compose -f docker-compose.yml up -d
+
+# Verify services are running
+docker compose ps
+
+# Initialize database (takes <2 seconds)
+CNPMCORE_DATABASE_NAME=cnpmcore bash ./prepare-database-mysql.sh
+
+# For tests, create test database
+mysql -h 127.0.0.1 -P 3306 -u root -e "CREATE DATABASE cnpmcore_unittest;"
+```
+
+### Database Setup - PostgreSQL (Alternative)
+```bash
+# Start PostgreSQL + Redis services via Docker
+docker compose -f docker-compose-postgres.yml up -d
+
+# Initialize database (takes <1 second)
+CNPMCORE_DATABASE_NAME=cnpmcore bash ./prepare-database-postgresql.sh
+```
+
+### Development Server
+```bash
+# MySQL development server (starts in ~20 seconds)
+npm run dev
+# Server runs on http://127.0.0.1:7001
+
+# PostgreSQL development server
+npm run dev:postgresql
+# Server runs on http://127.0.0.1:7001
+```
+
+### Testing
+```bash
+# Run full test suite with MySQL - NEVER CANCEL: Takes 4+ minutes. Set timeout to 10+ minutes.
+npm run test
+
+# Run full test suite with PostgreSQL - NEVER CANCEL: Takes 4+ minutes. Set timeout to 10+ minutes.
+npm run test:postgresql
+
+# Run single test file (for faster iteration, takes ~12 seconds)
+npm run test:local test/common/CryptoUtil.test.ts
+
+# Test coverage with MySQL - NEVER CANCEL: Takes 5+ minutes. Set timeout to 15+ minutes.
+npm run cov
+
+# Test coverage with PostgreSQL - NEVER CANCEL: Takes 5+ minutes. Set timeout to 15+ minutes.
+npm run cov:postgresql
+```
+
+**CRITICAL TESTING NOTES:**
+- **NEVER CANCEL** build or test commands - they may take 4-15 minutes to complete
+- Individual test files run much faster (~12 seconds) for development iteration
+- Full test suite processes 100+ test files and requires database initialization
+- Test failures may occur in CI environment; use individual test files for validation
+
+**Testing Philosophy:**
+- **Write tests for all new features** - No feature is complete without tests
+- **Test at the right layer** - Controller tests for HTTP, Service tests for business logic
+- **Mock external dependencies** - Use `mock()` from `@eggjs/mock`
+- **Use realistic test data** - Create through `TestUtil` helper methods
+- **Clean up after tests** - Database is reset between test files
+- **Test both success and failure cases** - Error paths are equally important
+
+**Common Test Patterns:**
+```typescript
+import { app, mock } from '@eggjs/mock/bootstrap';
+import { TestUtil } from '../../../test/TestUtil';
+
+describe('test/path/to/YourController.test.ts', () => {
+  describe('[GET /api/endpoint] methodName()', () => {
+    it('should return expected result', async () => {
+      // Setup
+      const { authorization } = await TestUtil.createUser();
+      
+      // Execute
+      const res = await app
+        .httpRequest()
+        .get('/api/endpoint')
+        .set('authorization', authorization)
+        .expect(200);
+      
+      // Assert
+      assert.equal(res.body.someField, expectedValue);
+    });
+    
+    it('should handle unauthorized access', async () => {
+      const res = await app
+        .httpRequest()
+        .get('/api/endpoint')
+        .expect(401);
+      
+      assert.equal(res.body.error, '[UNAUTHORIZED] Login first');
+    });
+  });
+});
+```
+
+### Production Commands
+```bash
+# CI pipeline commands - NEVER CANCEL: Takes 5+ minutes. Set timeout to 15+ minutes.
+npm run ci          # MySQL CI (includes lint, test, coverage, build)
+npm run ci:postgresql  # PostgreSQL CI
+
+# Production start/stop
+npm run start       # Start as daemon
+npm run stop        # Stop daemon
+npm run start:foreground  # Start in foreground for debugging
+```
+
+## Validation Scenarios
+
+**ALWAYS manually validate changes** by running through these scenarios:
+
+### Basic API Validation
+```bash
+# Start development server
+npm run dev
+
+# Test registry root endpoint
+curl http://127.0.0.1:7001
+# Should return JSON with app metadata and stats
+
+# Test authentication endpoint
+curl http://127.0.0.1:7001/-/whoami
+# Should return authentication error (expected when not logged in)
+
+# Test package listing (initially empty)
+curl http://127.0.0.1:7001/-/all
+```
+
+### Admin User Setup and Package Publishing
+```bash
+# Register admin user (cnpmcore_admin) - requires allowPublicRegistration=true in config
+npm login --registry=http://127.0.0.1:7001
+
+# Verify login
+npm whoami --registry=http://127.0.0.1:7001
+
+# Test package publishing
+npm publish --registry=http://127.0.0.1:7001
+```
+
+## Architecture and Navigation
+
+### Project Structure
+```
+app/
+├── common/          # Global utilities and adapters
+│   ├── adapter/     # External service adapters (NpmRegistry, Binary, etc.)
+│   └── enum/        # Shared enumerations
+├── core/            # Business logic layer
+│   ├── entity/      # Core domain models
+│   ├── event/       # Event handlers and async processing
+│   ├── service/     # Core business services
+│   └── util/        # Internal utilities
+├── port/            # Interface layer
+│   ├── controller/  # HTTP controllers
+│   ├── middleware/  # Express middleware
+│   ├── schedule/    # Background job schedulers
+│   └── webauth/     # WebAuth integration
+├── repository/      # Data access layer
+│   ├── model/       # ORM models
+│   └── util/        # Repository utilities
+└── infra/           # Infrastructure adapters
+```
+
+### Key Services and Controllers
+- **PackageController**: Main package CRUD operations
+- **PackageManagerService**: Core package management business logic
+- **BinarySyncerService**: Binary package synchronization
+- **ChangesStreamService**: NPM registry change stream processing
+- **UserController**: User authentication and profile management
+
+### Infrastructure Adapters (`app/infra/`)
+Enterprise customization layer for PaaS integration. cnpmcore provides default implementations, but enterprises should implement their own based on their infrastructure:
+
+- **NFSClientAdapter**: File storage abstraction (local/S3/OSS)
+- **QueueAdapter**: Message queue integration
+- **AuthAdapter**: Authentication system integration
+- **BinaryAdapter**: Binary package storage adapter
+
+These adapters allow cnpmcore to integrate with different cloud providers and enterprise systems without modifying core business logic.
+
+### Configuration Files
+- `config/config.default.ts`: Main application configuration
+- `config/database.ts`: Database connection settings
+- `config/binaries.ts`: Binary package mirror configurations
+- `.env`: Environment-specific variables
+- `tsconfig.json`: TypeScript compilation settings
+- `tsconfig.prod.json`: Production build settings
+
+## Common Development Tasks
+
+### Adding New Features
+
+**ALWAYS follow this workflow:**
+
+1. **Plan the change** - Identify which layers need modification
+2. **Run linter** - `npm run lint:fix` to establish clean baseline
+3. **Bottom-up implementation** - Build from data layer up to controller:
+
+   a. **Model Layer** (if new data structure needed):
+      - Add SQL migrations: `sql/mysql/*.sql` AND `sql/postgresql/*.sql`
+      - Create Model: `app/repository/model/YourModel.ts`
+      - Run database migration scripts
+
+   b. **Entity Layer** (domain models):
+      - Create Entity: `app/core/entity/YourEntity.ts`
+      - Implement business logic and behavior
+      - Keep entities pure (no infrastructure dependencies)
+
+   c. **Repository Layer** (data access):
+      - Create Repository: `app/repository/YourRepository.ts`
+      - Follow naming: `findX`, `saveX`, `removeX`, `listXs`
+      - Inject dependencies using `@Inject()`
+
+   d. **Service Layer** (business logic):
+      - Create Service: `app/core/service/YourService.ts`
+      - Orchestrate repositories and entities
+      - Use `@SingletonProto()` for service lifecycle
+
+   e. **Controller Layer** (HTTP endpoints):
+      - Create Controller: `app/port/controller/YourController.ts`
+      - Extend `AbstractController`
+      - Add HTTP method decorators: `@HTTPMethod()`, `@HTTPBody()`, etc.
+      - Implement 3-step validation (params → auth → authorization)
+
+4. **Add tests** - Create test file: `test/path/matching/source/YourFile.test.ts`
+5. **Lint and test** - `npm run lint:fix && npm run test:local test/your/test.test.ts`
+6. **Type check** - `npm run typecheck`
+7. **Commit** - Use semantic commit messages (feat/fix/chore/docs/test)
+
+**Example Controller Implementation:**
+```typescript
+import { AbstractController } from './AbstractController';
+import { HTTPController, HTTPMethod, HTTPQuery, Inject } from 'egg';
+
+@HTTPController()
+export class YourController extends AbstractController {
+  @Inject()
+  private readonly yourService: YourService;
+
+  @HTTPMethod({ path: '/api/path', method: 'GET' })
+  async yourMethod(@HTTPQuery() params: YourQueryType) {
+    // 1. Validate params (done by @HTTPQuery with typebox)
+    // 2. Authenticate user
+    const user = await this.userRoleManager.requiredAuthorizedUser(this.ctx, 'read');
+    // 3. Authorize resource access (if needed)
+    // 4. Delegate to service
+    return await this.yourService.doSomething(params);
+  }
+}
+```
+
+### Database Migrations
+- SQL files are in `sql/mysql/` and `sql/postgresql/`
+- Migration scripts automatically run during database preparation
+- **NEVER** modify existing migration files - only add new ones
+
+### Background Jobs
+- Schedulers are in `app/port/schedule/`
+- Include sync workers, cleanup tasks, and stream processors
+- Jobs run automatically when development server starts
+
+## Troubleshooting
+
+### Database Connection Issues
+```bash
+# Check if services are running
+docker compose ps
+
+# Reset MySQL environment
+docker compose -f docker-compose.yml down
+docker compose -f docker-compose.yml up -d
+CNPMCORE_DATABASE_NAME=cnpmcore bash ./prepare-database-mysql.sh
+
+# Reset PostgreSQL environment
+docker compose -f docker-compose-postgres.yml down
+docker compose -f docker-compose-postgres.yml up -d
+CNPMCORE_DATABASE_NAME=cnpmcore bash ./prepare-database-postgresql.sh
+```
+
+### Build Issues
+```bash
+# Clean and rebuild
+npm run clean
+npm run tsc
+
+# Check TypeScript configuration
+npx tsc --noEmit
+```
+
+### Test Issues
+```bash
+# Create missing test database
+mysql -h 127.0.0.1 -P 3306 -u root -e "CREATE DATABASE cnpmcore_unittest;"
+
+# Run single test for debugging
+npm run test:local test/common/CryptoUtil.test.ts
+```
+
+## CI/CD Integration
+
+The project uses GitHub Actions with workflows in `.github/workflows/`:
+- `nodejs.yml`: Main CI pipeline with MySQL, PostgreSQL, and Elasticsearch testing
+- Multiple Node.js versions tested: 20, 22, 24
+- **CRITICAL**: CI jobs include long-running tests that can take 15+ minutes per database type
+
+### Pre-commit Validation
+**ALWAYS run before committing:**
+```bash
+npm run lint:fix    # Fix linting issues
+npm run tsc        # Verify TypeScript compilation
+npm run test:local test/path/to/relevant.test.ts  # Run relevant tests
+```
+
+## Docker Support
+
+### Development Environments
+- `docker-compose.yml`: MySQL + Redis + phpMyAdmin
+- `docker-compose-postgres.yml`: PostgreSQL + Redis + pgAdmin  
+- `docker-compose-es.yml`: Elasticsearch integration
+
+### Production Images
+```bash
+# Build Alpine image
+npm run images:alpine
+
+# Build Debian image  
+npm run images:debian
+```
+
+## External Dependencies
+
+- **Database**: MySQL 9.x or PostgreSQL 17+
+- **Cache**: Redis 6+ 
+- **Search**: Elasticsearch 8.x (optional)
+- **Storage**: Local filesystem or S3-compatible storage
+- **Framework**: Egg.js with extensive TypeScript integration
+
+## Performance Notes
+
+Command execution times (for timeout planning):
+
+- **Startup Time**: ~20 seconds for development server
+- **Build Time**: ~6 seconds for TypeScript compilation  
+- **Test Time**: 4-15 minutes for full suite (database dependent)
+- **Individual Test**: ~12 seconds for single test file
+- **Package Installation**: ~2 minutes for npm install
+- **Database Init**: <2 seconds for either MySQL or PostgreSQL
+- **Linting**: <1 second (oxlint is very fast)
+
+Always account for these timings when setting timeouts for automated processes.
+
+## Semantic Commit Messages
+
+Use conventional commit format for all commits:
+
+- `feat:` - New features
+- `fix:` - Bug fixes  
+- `docs:` - Documentation changes
+- `chore:` - Maintenance tasks
+- `test:` - Test additions or modifications
+- `refactor:` - Code refactoring
+- `perf:` - Performance improvements
+
+Examples:
+```bash
+feat: add support for GitHub binary mirroring
+fix: resolve authentication token expiration issue  
+docs: update API documentation for sync endpoints
+test: add tests for package publication workflow
+```
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -1,70 +0,0 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-#
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
-name: "CodeQL"
-
-on:
-  push:
-    branches: [ main ]
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ main ]
-  schedule:
-    - cron: '41 13 * * 3'
-
-jobs:
-  analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [ 'javascript', 'typescript' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
-        # Learn more about CodeQL language support at https://git.io/codeql-language-support
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v2
-
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        # queries: ./path/to/local/query, your-org/your-repo/queries@main
-
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
-
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
-
-    #- run: |
-    #   make bootstrap
-    #   make release
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
--- a/.github/workflows/greetings.yml
+++ b/.github/workflows/greetings.yml
@@ -9,7 +9,7 @@ jobs:
      issues: write
      pull-requests: write
    steps:
-    - uses: actions/first-interaction@v1
+    - uses: actions/first-interaction@v3
      with:
        repo-token: ${{ secrets.GITHUB_TOKEN }}
        issue-message: '我们已经看到你的反馈，如果是功能缺陷，可以提供一下重现该问题的方式；如果是新功能需求，我们会尽快加入讨论。同时我们非常期待你可以加入我们的贡献者行列，让项目可以长期可持续发展。'
--- a/.github/workflows/nodejs.yml
+++ b/.github/workflows/nodejs.yml
@@ -5,18 +5,278 @@ name: Node.js CI

 on:
  push:
-    branches:
-      - main
-      - master
+    branches: [master]
  pull_request:
-    branches:
-      - main
-      - master
-  schedule:
-    - cron: '0 2 * * *'
+    branches: [master]
+  merge_group:

 jobs:
+  typecheck:
+    runs-on: ubuntu-latest
+
+    concurrency:
+      group: typecheck-${{ github.workflow }}-#${{ github.event.pull_request.number || github.head_ref || github.ref }}
+      cancel-in-progress: true
+
+    steps:
+      - name: Checkout Git Source
+        uses: actions/checkout@v5
+
+      - name: Use Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version: 22
+
+      - name: Install Dependencies
+        run: npm i
+
+      - name: Lint
+        run: npm run lint
+
+      - name: Typecheck
+        run: npm run typecheck
+
+      - name: Build
+        run: npm run tsc && npm run tsc:prod
+
+  test-deployment:
+    runs-on: ubuntu-latest
+
+    concurrency:
+      group: test-deployment-${{ github.workflow }}-#${{ github.event.pull_request.number || github.head_ref || github.ref }}
+      cancel-in-progress: true
+
+    services:
+      mysql:
+        image: mysql:5.7
+        env:
+          MYSQL_ALLOW_EMPTY_PASSWORD: true
+          MYSQL_DATABASE: cnpmcore
+        ports:
+          - 3306:3306
+        options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=5
+      redis:
+        # https://docs.github.com/en/actions/using-containerized-services/about-service-containers#example-mapping-redis-ports
+        image: redis
+        ports:
+          # Opens tcp port 6379 on the host and service container
+          - 6379:6379
+
+    steps:
+      - name: Checkout Git Source
+        uses: actions/checkout@v5
+
+      - name: Use Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version: 22
+
+      - name: Install Dependencies
+        run: npm i
+
+      - name: Test Deployment
+        run: |
+          npm run build
+          echo "Preparing database..."
+          CNPMCORE_DATABASE_NAME=cnpmcore bash ./prepare-database-mysql.sh
+          echo "Starting cnpmcore..."
+          CNPMCORE_FORCE_LOCAL_FS=true npm run start:foreground &
+          sleep 5
+          echo "Checking cnpmcore is ready..."
+          
+          set -Eeuo pipefail
+          URL="http://127.0.0.1:7001"
+          PATTERN="instance_start_time"
+          TIMEOUT=60
+          TMP="$(mktemp)"
+          echo "🔎 Health check $URL, expect 200 & body contains: $PATTERN"
+          deadline=$((SECONDS + TIMEOUT))
+          last_status=""
+
+          while (( SECONDS < deadline )); do
+            last_status="$(curl -sS -o "$TMP" -w '%{http_code}' "$URL" || true)"
+            echo "last_status=$last_status"
+            echo "body=$(cat $TMP)"
+            if [[ "$last_status" == "200" ]] && grep -q "$PATTERN" "$TMP"; then
+              echo "✅ OK"
+              rm -f "$TMP"
+              npx eggctl stop
+              exit 0
+            fi
+            sleep 1
+          done
+
+          echo "::error::❌ Health check failed: status=$last_status"
+          echo "---- Response body (last try) ----"
+          cat "$TMP" || true
+          rm -f "$TMP"
+          exit 1
+  
+  test-postgresql-fs-nfs:
+    strategy:
+      fail-fast: false
+      matrix:
+        node-version: [20, 22, 24]
+        os: [ubuntu-latest]
+        # 0-based index
+        shardIndex: [0, 1, 2]
+        shardTotal: [3]
+
+    name: test on postgresql (node@${{ matrix.node-version }}, shard@${{ matrix.shardIndex }}/${{ matrix.shardTotal }})
+    concurrency:
+      group: test-postgresql-fs-nfs-${{ github.workflow }}-#${{ github.event.pull_request.number || github.head_ref || github.ref }}-${{ matrix.node-version }}-${{ matrix.shardIndex }}/${{ matrix.shardTotal }}
+      cancel-in-progress: true
+
+    runs-on: ${{ matrix.os }}
+
+    services:
+      # https://docs.github.com/en/actions/use-cases-and-examples/using-containerized-services/creating-postgresql-service-containers
+      # Label used to access the service container
+      postgres:
+        # Docker Hub image
+        image: postgres
+        # Provide the password for postgres
+        env:
+          POSTGRES_PASSWORD: postgres
+        # Set health checks to wait until postgres has started
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        ports:
+          # Maps tcp port 5432 on service container to the host
+          - 5432:5432
+      redis:
+        # https://docs.github.com/en/actions/using-containerized-services/about-service-containers#example-mapping-redis-ports
+        image: redis
+        ports:
+          # Opens tcp port 6379 on the host and service container
+          - 6379:6379
+
+    steps:
+      - name: Checkout Git Source
+        uses: actions/checkout@v5
+
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v6
+        with:
+          node-version: ${{ matrix.node-version }}
+
+      - name: Install Dependencies
+        run: npm i
+
+      # https://github.com/elastic/elastic-github-actions/blob/master/elasticsearch/README.md
+      - name: Configure sysctl limits
+        run: |
+          sudo swapoff -a
+          sudo sysctl -w vm.swappiness=1
+          sudo sysctl -w fs.file-max=262144
+          sudo sysctl -w vm.max_map_count=262144
+
+      - name: Runs Elasticsearch
+        uses: elastic/elastic-github-actions/elasticsearch@master
+        with:
+          stack-version: 8.18.0
+          security-enabled: false
+
+      - name: Wait for Elasticsearch to be ready
+        run: |
+          curl -v http://localhost:9200
+          while ! curl -s http://localhost:9200 | grep -q "elasticsearch"; do
+            echo "Waiting for Elasticsearch to be ready..."
+            sleep 1
+          done
+
+      - name: Continuous Integration
+        run: npm run ci:postgresql
+        env:
+          # The hostname used to communicate with the PostgreSQL service container
+          POSTGRES_HOST: localhost
+          POSTGRES_USER: postgres
+          POSTGRES_PASSWORD: postgres
+          # The default PostgreSQL port
+          POSTGRES_PORT: 5432
+          CNPMCORE_CONFIG_ENABLE_ES: true
+          CNPMCORE_CONFIG_ES_CLIENT_NODES: http://localhost:9200
+          # https://github.com/jamiebuilds/ci-parallel-vars
+          CI_NODE_INDEX: ${{ matrix.shardIndex }}
+          CI_NODE_TOTAL: ${{ matrix.shardTotal }}
+
+      - name: Code Coverage
+        uses: codecov/codecov-action@v5
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+
  test-mysql57-fs-nfs:
+    strategy:
+      fail-fast: false
+      matrix:
+        node-version: [20, 22, 24]
+        os: [ubuntu-latest]
+        # 0-based index
+        shardIndex: [0, 1, 2]
+        shardTotal: [3]
+
+    name: test on mysql (node@${{ matrix.node-version }}, shard@${{ matrix.shardIndex }}/${{ matrix.shardTotal }})
+    concurrency:
+      group: test-mysql57-fs-nfs-${{ github.workflow }}-#${{ github.event.pull_request.number || github.head_ref || github.ref }}-${{ matrix.node-version }}-${{ matrix.shardIndex }}/${{ matrix.shardTotal }}
+      cancel-in-progress: true
+
+    runs-on: ${{ matrix.os }}
+
+    services:
+      mysql:
+        image: mysql:5.7
+        env:
+          MYSQL_ALLOW_EMPTY_PASSWORD: true
+          MYSQL_DATABASE: cnpmcore_unittest
+        ports:
+          - 3306:3306
+        options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=5
+      redis:
+        # https://docs.github.com/en/actions/using-containerized-services/about-service-containers#example-mapping-redis-ports
+        image: redis
+        ports:
+          # Opens tcp port 6379 on the host and service container
+          - 6379:6379
+
+    steps:
+      - name: Checkout Git Source
+        uses: actions/checkout@v5
+
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v6
+        with:
+          node-version: ${{ matrix.node-version }}
+
+      - name: Install Dependencies
+        run: npm i
+
+      - name: Continuous Integration
+        run: npm run ci
+        env:
+          # https://github.com/jamiebuilds/ci-parallel-vars
+          CI_NODE_INDEX: ${{ matrix.shardIndex }}
+          CI_NODE_TOTAL: ${{ matrix.shardTotal }}
+
+      - name: Code Coverage
+        uses: codecov/codecov-action@v5
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+
+  test-mysql57-s3-nfs:
+    if: ${{ github.ref_name == 'master' }}
+    strategy:
+      fail-fast: false
+      matrix:
+        node-version: [20, 22]
+        os: [ubuntu-latest]
+
+    concurrency:
+      group: test-mysql57-s3-nfs-${{ github.workflow }}-#${{ github.event.pull_request.number || github.head_ref || github.ref }}-${{ matrix.node-version }}
+      cancel-in-progress: true
+
    runs-on: ${{ matrix.os }}

    services:
@@ -29,91 +289,46 @@ jobs:
          - 3306:3306
        options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=5

-    strategy:
-      fail-fast: false
-      matrix:
-        node-version: [16, 18]
-        os: [ubuntu-latest]
-
-    steps:
-    - name: Checkout Git Source
-      uses: actions/checkout@v2
-
-    - name: Use Node.js ${{ matrix.node-version }}
-      uses: actions/setup-node@v1
-      with:
-        node-version: ${{ matrix.node-version }}
-
-    # https://github.com/marketplace/actions/redis-server-in-github-actions#usage
-    - name: Start Redis
-      uses: supercharge/redis-github-action@1.4.0
-      with:
-        redis-version: 6
-
-    - name: Install Dependencies
-      run: npm i
-
-    - name: Continuous Integration
-      run: npm run ci
-
-    - name: Code Coverage
-      uses: codecov/codecov-action@v1
-      with:
-        token: ${{ secrets.CODECOV_TOKEN }}
-
-  test-mysql57-oss-nfs:
-    runs-on: ${{ matrix.os }}
-    if:
-      contains('
-        refs/heads/main
-        refs/heads/master
-        refs/heads/dev
-      ', github.ref)
-
-    services:
-      mysql:
-        image: mysql:5.7
-        env:
-          MYSQL_ALLOW_EMPTY_PASSWORD: true
-          MYSQL_DATABASE: cnpmcore_unittest
+      redis:
+        image: redis
        ports:
-          - 3306:3306
-        options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=5
-
-    strategy:
-      fail-fast: false
-      matrix:
-        node-version: [16, 18]
-        os: [ubuntu-latest]
+          - 6379:6379

    steps:
-    - name: Checkout Git Source
-      uses: actions/checkout@v2
+      - name: Checkout Git Source
+        uses: actions/checkout@v5

-    - name: Use Node.js ${{ matrix.node-version }}
-      uses: actions/setup-node@v1
-      with:
-        node-version: ${{ matrix.node-version }}
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v6
+        with:
+          node-version: ${{ matrix.node-version }}

-    # https://github.com/marketplace/actions/redis-server-in-github-actions#usage
-    - name: Start Redis
-      uses: supercharge/redis-github-action@1.4.0
-      with:
-        redis-version: 6
+      - name: Install Dependencies
+        run: npm i

-    - name: Install Dependencies
-      run: npm i
+      - name: Continuous Integration
+        run: npm run ci "test/cli/npm/install.test.ts"
+        env:
+          CNPMCORE_NFS_TYPE: s3
+          CNPMCORE_NFS_REMOVE_BEFORE_UPLOAD: true
+          CNPMCORE_NFS_S3_CLIENT_BUCKET: cnpmcore-unittest-github-nodejs-${{ matrix.node-version }}
+          CNPMCORE_NFS_S3_CLIENT_ENDPOINT: ${{ secrets.CNPMCORE_NFS_S3_ENDPOINT }}
+          CNPMCORE_NFS_S3_CLIENT_ID: ${{ secrets.CNPMCORE_NFS_S3_ID }}
+          CNPMCORE_NFS_S3_CLIENT_SECRET: ${{ secrets.CNPMCORE_NFS_S3_SECRET }}
+          CNPMCORE_NFS_S3_CLIENT_FORCE_PATH_STYLE: true
+          # CNPMCORE_NFS_S3_CLIENT_DISABLE_URL: true

-    - name: Continuous Integration
-      run: npm run ci
-      env:
-        CNPMCORE_NFS_TYPE: oss
-        CNPMCORE_NFS_OSS_BUCKET: cnpmcore-unittest-github-nodejs-${{ matrix.node-version }}
-        CNPMCORE_NFS_OSS_ENDPOINT: https://oss-us-west-1.aliyuncs.com
-        CNPMCORE_NFS_OSS_ID: ${{ secrets.CNPMCORE_NFS_OSS_ID }}
-        CNPMCORE_NFS_OSS_SECRET: ${{ secrets.CNPMCORE_NFS_OSS_SECRET }}
+      - name: Code Coverage
+        uses: codecov/codecov-action@v5
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}

-    - name: Code Coverage
-      uses: codecov/codecov-action@v1
-      with:
-        token: ${{ secrets.CODECOV_TOKEN }}
+  done:
+    runs-on: ubuntu-latest
+    needs:
+      - test-postgresql-fs-nfs
+      - test-mysql57-fs-nfs
+      - typecheck
+    steps:
+      - run: exit 1
+        if: ${{ always() && (contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')) }}
--- a/.github/workflows/release-image.yml
+++ b/.github/workflows/release-image.yml
@@ -0,0 +1,75 @@
+# https://docs.github.com/en/actions/tutorials/publish-packages/publish-docker-images#publishing-images-to-github-packages
+name: Create and publish a Docker image
+
+# Configures this workflow to run manually
+on:
+  workflow_dispatch:
+
+  pull_request:
+    branches: [master]
+
+# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds.
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+# There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu.
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    concurrency:
+      group: build-and-push-image-${{ github.workflow }}-#${{ github.event.pull_request.number || github.head_ref || github.ref }}
+      cancel-in-progress: true
+    # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+      # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
+      - name: Log in to the Container registry
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels.
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+      # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages.
+      # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see [Usage](https://github.com/docker/build-push-action#usage) in the README of the `docker/build-push-action` repository.
+      # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step.
+      - name: Build and push Docker image
+        id: push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: .docker/debian/Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      # This step generates an artifact attestation for the image, which is a tamper-proof statement about where and how it was built. It increases supply chain security for people who consume the image. For more information, see [Using artifact attestations to establish provenance for builds](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds).
+      - name: Generate artifact attestation
+        if: github.event_name != 'pull_request'
+        uses: actions/attest-build-provenance@v3
+        with:
+          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
+          subject-digest: ${{ steps.push.outputs.digest }}
+          push-to-registry: true
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -0,0 +1,18 @@
+name: Release
+on:
+  push:
+    branches: [master]
+
+permissions:
+  contents: write
+  deployments: write
+  issues: write
+  pull-requests: write
+  id-token: write
+
+jobs:
+  release:
+    name: NPM
+    uses: cnpm/github-actions/.github/workflows/npm-release.yml@master
+    secrets:
+      GIT_TOKEN: ${{ secrets.GIT_TOKEN }}
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -1,27 +0,0 @@
-# This workflow warns and then closes issues and PRs that have had no activity for a specified amount of time.
-#
-# You can adjust the behavior by modifying this file.
-# For more information, see:
-# https://github.com/actions/stale
-name: Mark stale issues and pull requests
-
-on:
-  schedule:
-  - cron: '45 15 * * *'
-
-jobs:
-  stale:
-
-    runs-on: ubuntu-latest
-    permissions:
-      issues: write
-      pull-requests: write
-
-    steps:
-    - uses: actions/stale@v3
-      with:
-        repo-token: ${{ secrets.GITHUB_TOKEN }}
-        stale-issue-message: 'Stale issue message'
-        stale-pr-message: 'Stale pull request message'
-        stale-issue-label: 'no-issue-activity'
-        stale-pr-label: 'no-pr-activity'
--- a/.gitignore
+++ b/.gitignore
@@ -13,6 +13,7 @@ config/config.prod.ts
 config/**/*.js
 app/**/*.js
 test/**/*.js
+app.js

 .cnpmcore
 .cnpmcore_unittest
@@ -75,7 +76,7 @@ typings/

 # Output of 'npm pack'
 *.tgz
-!test/fixtures/*.tgz
+!test/fixtures/**/*.tgz

 # Yarn Integrity file
 .yarn-integrity
@@ -116,4 +117,8 @@ dist
 .tern-port

 .idea
+.DS_Store
 run
+!test/ctx_register.js
+
+.egg/
--- a/.husky/pre-commit
+++ b/.husky/pre-commit
@@ -0,0 +1 @@
+npx lint-staged
--- a/.oxlintrc.json
+++ b/.oxlintrc.json
@@ -0,0 +1,24 @@
+{
+  "$schema": "./node_modules/oxlint/configuration_schema.json",
+  // FIXME: @eggjs/oxlint-config too strict, disable it for now, will fix it later
+  // "extends": ["./node_modules/@eggjs/oxlint-config/.oxlintrc.json"],
+  "env": {
+    "node": true,
+    "mocha": true
+  },
+  "rules": {
+    // Project-specific overrides
+    "max-params": ["error", 6],
+    "no-console": "warn",
+    "import/no-anonymous-default-export": "error",
+    "no-unassigned-import": "allow",
+    "new-cap": "allow",
+    "class-methods-use-this": "allow",
+    "import/no-named-export": "allow",
+    "unicorn/no-array-sort": "allow",
+    "no-param-reassign": "allow",
+    "unicorn/prefer-at": "allow",
+    "no-process-env": "allow"
+  },
+  "ignorePatterns": ["index.d.ts"]
+}
--- a/.prettierignore
+++ b/.prettierignore
@@ -0,0 +1,4 @@
+CHANGELOG.md
+__snapshots__
+pnpm-lock.yaml
+node_modules
--- a/.prettierrc
+++ b/.prettierrc
@@ -0,0 +1,7 @@
+{
+  "singleQuote": true,
+  "trailingComma": "es5",
+  "tabWidth": 2,
+  "printWidth": 120,
+  "arrowParens": "avoid"
+}
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -0,0 +1,26 @@
+{
+  // Use IntelliSense to learn about possible attributes.
+  // Hover to view descriptions of existing attributes.
+  // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+  "version": "0.2.0",
+  "configurations": [
+    {
+      "type": "node",
+      "request": "launch",
+      "name": "Egg Debug",
+      "runtimeExecutable": "npm",
+      "runtimeArgs": ["run", "dev", "--", "--inspect-brk"],
+      "console": "integratedTerminal",
+      "restart": true,
+      "autoAttachChildProcesses": true
+    },
+    {
+      "type": "node",
+      "request": "launch",
+      "name": "Egg Test",
+      "runtimeExecutable": "npm",
+      "runtimeArgs": ["run", "test:local", "--", "--inspect-brk"],
+      "autoAttachChildProcesses": true
+    }
+  ]
+}
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -0,0 +1,270 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Project Overview
+
+cnpmcore is a TypeScript-based private NPM registry implementation for enterprise use. It's built on the Egg.js framework using Domain-Driven Design (DDD) architecture principles and supports both MySQL and PostgreSQL databases.
+
+## Essential Commands
+
+### Development
+```bash
+# Start development server (MySQL)
+npm run dev
+
+# Start development server (PostgreSQL)
+npm run dev:postgresql
+
+# Lint code
+npm run lint
+
+# Fix linting issues
+npm run lint:fix
+
+# TypeScript type checking
+npm run typecheck
+```
+
+### Testing
+```bash
+# Run all tests with MySQL (takes 4+ minutes)
+npm run test
+
+# Run all tests with PostgreSQL (takes 4+ minutes)
+npm run test:postgresql
+
+# Run single test file (faster iteration, ~12 seconds)
+npm run test:local test/path/to/file.test.ts
+
+# Generate coverage report
+npm run cov
+```
+
+### Database Setup
+```bash
+# MySQL setup
+docker compose -f docker-compose.yml up -d
+CNPMCORE_DATABASE_NAME=cnpmcore bash ./prepare-database-mysql.sh
+
+# PostgreSQL setup
+docker compose -f docker-compose-postgres.yml up -d
+CNPMCORE_DATABASE_NAME=cnpmcore bash ./prepare-database-postgresql.sh
+```
+
+### Build
+```bash
+# Clean build artifacts
+npm run clean
+
+# Development build
+npm run tsc
+
+# Production build
+npm run tsc:prod
+```
+
+## Architecture - Domain-Driven Design (DDD)
+
+The codebase follows strict DDD layering with clear separation of concerns:
+
+```
+Controller (app/port/controller/)     ← HTTP interface, validation, auth
+    ↓ depends on
+Service (app/core/service/)           ← Business logic orchestration
+    ↓ depends on
+Repository (app/repository/)          ← Data access layer
+    ↓ depends on
+Model (app/repository/model/)         ← ORM/Database mapping
+
+Entity (app/core/entity/)             ← Pure domain models (no dependencies)
+Common (app/common/)                  ← Utilities and adapters (all layers)
+```
+
+### Layer Responsibilities
+
+**Controller Layer** (`app/port/controller/`):
+- Handle HTTP requests/responses
+- Validate inputs using `@eggjs/typebox-validate`
+- Authenticate users and verify authorization
+- Delegate business logic to Services
+- All controllers extend `AbstractController`
+
+**Service Layer** (`app/core/service/`):
+- Implement core business logic
+- Orchestrate multiple repositories
+- Publish domain events
+- Manage transactions
+
+**Repository Layer** (`app/repository/`):
+- CRUD operations on Models
+- Data access and persistence
+- Query building and optimization
+- Methods named: `findX`, `saveX`, `removeX`, `listXs`
+
+**Entity Layer** (`app/core/entity/`):
+- Pure domain models with business behavior
+- No infrastructure dependencies
+- Immutable data structures preferred
+
+**Model Layer** (`app/repository/model/`):
+- ORM definitions using Leoric
+- Database schema mapping
+- No business logic
+
+### Infrastructure Adapters (`app/infra/`)
+Enterprise customization layer for PaaS integration:
+- **NFSClientAdapter**: File storage (local/S3/OSS)
+- **QueueAdapter**: Message queue integration
+- **AuthAdapter**: Authentication system
+- **BinaryAdapter**: Binary package storage
+
+## Key Development Patterns
+
+### Request Validation Trilogy
+Always validate requests in this exact order:
+1. **Parameter Validation** - Use `@eggjs/typebox-validate` for type-safe validation
+2. **Authentication** - Get authorized user with token role verification
+3. **Authorization** - Check resource-level permissions to prevent privilege escalation
+
+```typescript
+// Example controller method
+async someMethod(@HTTPQuery() params: QueryType) {
+  // 1. Params already validated by @HTTPQuery with typebox
+  // 2. Authenticate
+  const user = await this.userRoleManager.requiredAuthorizedUser(this.ctx, 'publish');
+  // 3. Authorize (if needed)
+  const { pkg } = await this.ensurePublishAccess(this.ctx, fullname);
+  // 4. Execute business logic
+  return await this.service.doSomething(params);
+}
+```
+
+### Repository Method Naming
+- `findSomething` - Query single entity
+- `saveSomething` - Create or update entity
+- `removeSomething` - Delete entity
+- `listSomethings` - Query multiple entities (plural)
+
+### Modifying Database Models
+When changing a Model, update all 3 locations:
+1. SQL migrations: `sql/mysql/*.sql` AND `sql/postgresql/*.sql`
+2. ORM Model: `app/repository/model/*.ts`
+3. Domain Entity: `app/core/entity/*.ts`
+
+## Code Style
+
+### Linting
+- **Linter**: Oxlint (Rust-based, very fast)
+- **Formatter**: Prettier
+- **Pre-commit**: Husky + lint-staged (auto-format on commit)
+
+Style rules:
+- Single quotes (`'`)
+- 2-space indentation
+- 120 character line width
+- ES5 trailing commas
+- Max 6 function parameters
+- No console statements (use logger)
+
+### TypeScript
+- Strict TypeScript enabled
+- Avoid `any` types - use proper typing or `unknown`
+- ES modules (`import/export`) throughout
+- Comprehensive type definitions in all files
+
+### Testing
+- Test files use `.test.ts` suffix
+- Tests mirror source structure in `test/` directory
+- Use `@eggjs/mock` for mocking
+- Use `assert` from `node:assert/strict`
+- Test both success and error cases
+
+Pattern:
+```typescript
+describe('test/path/to/SourceFile.test.ts', () => {
+  describe('[HTTP_METHOD /api/path] functionName()', () => {
+    it('should handle expected behavior', async () => {
+      // Test implementation
+    });
+  });
+});
+```
+
+## Project Structure
+
+```
+app/
+├── common/          # Global utilities and adapters
+│   ├── adapter/     # External service adapters
+│   └── enum/        # Shared enumerations
+├── core/            # Business logic layer
+│   ├── entity/      # Domain models
+│   ├── event/       # Event handlers
+│   ├── service/     # Business services
+│   └── util/        # Internal utilities
+├── port/            # Interface layer
+│   ├── controller/  # HTTP controllers
+│   ├── middleware/  # Middleware
+│   └── schedule/    # Background jobs
+├── repository/      # Data access layer
+│   └── model/       # ORM models
+└── infra/           # Infrastructure adapters
+
+config/              # Configuration files
+sql/                 # Database migrations
+  ├── mysql/         # MySQL migrations
+  └── postgresql/    # PostgreSQL migrations
+test/                # Test files (mirrors app/ structure)
+```
+
+## Important Configuration
+
+- `config/config.default.ts` - Main application configuration
+- `config/database.ts` - Database connection settings
+- `config/binaries.ts` - Binary package mirror configurations
+- `.env` - Environment-specific variables (copy from `.env.example`)
+- `tsconfig.json` - TypeScript settings (target: ES2021 for Leoric compatibility)
+
+## Development Workflow
+
+1. **Setup**: Copy `.env.example` to `.env`, start Docker services, initialize database
+2. **Feature Development**: Follow bottom-up approach (Model → Entity → Repository → Service → Controller)
+3. **Testing**: Write tests at appropriate layer, run individual tests for fast iteration
+4. **Validation**: Run linter, typecheck, relevant tests before committing
+5. **Commit**: Use semantic commit messages (feat/fix/docs/test/chore)
+
+## Integration as NPM Package
+
+cnpmcore can be integrated into Egg.js/Tegg applications as an NPM package, allowing enterprises to:
+- Customize infrastructure adapters (storage, auth, queue)
+- Override default behavior while receiving updates
+- Integrate with existing enterprise systems
+
+See INTEGRATE.md for detailed integration guide.
+
+## Performance Notes
+
+Typical command execution times:
+- Development server startup: ~20 seconds
+- TypeScript build: ~6 seconds
+- Full test suite: 4-15 minutes
+- Single test file: ~12 seconds
+- Linting: <1 second
+- Database initialization: <2 seconds
+
+## Prerequisites
+
+- Node.js: 20.18.0+ or 22.18.0+
+- Database: MySQL 5.7+ or PostgreSQL 17+
+- Cache: Redis 6+
+- Optional: Elasticsearch 8.x
+
+## Key Services & Controllers
+
+Core components to understand:
+- **PackageController**: Package CRUD operations
+- **PackageManagerService**: Core package management logic
+- **BinarySyncerService**: Binary package synchronization
+- **ChangesStreamService**: NPM registry change stream processing
+- **UserController**: User authentication and profiles
--- a/DEVELOPER.md
+++ b/DEVELOPER.md
@@ -2,64 +2,109 @@

 ## 环境初始化

-本项目的外部服务依赖有：MySQL 数据服务、Redis 缓存服务。
+本项目的外部服务依赖有：MySQL 数据库或 PostgreSQL 数据库、Redis 缓存服务。
+
+生成本地开发环境配置文件：
+
+```bash
+cp .env.example .env
+```

 可以通过 Docker 来快速启动本地开发环境：

+MySQL 开发环境：
+
 ```bash
-# 启动本地依赖服务
-$ docker-compose up -d
+# 启动本地依赖服务 - MySQL + Redis
+docker-compose -f docker-compose.yml up -d

 # 关闭本地依赖服务
-$ docker-compose down
+docker-compose -f docker-compose.yml down
 ```

-> 手动初始化依赖服务参见[文档](./docs/setup.md)
+PostgreSQL 开发环境：

+```bash
+# 启动本地依赖服务 - PostgreSQL + Redis
+docker-compose -f docker-compose-postgres.yml up -d
+
+# 关闭本地依赖服务
+docker-compose -f docker-compose-postgres.yml down
+```
+
+> 手动初始化依赖服务参见[本地开发环境 - MySQL](./docs/setup.md) 或 [本地开发环境 - PostgreSQL](./docs/setup-with-postgresql.md)

 ## 本地开发

 ### 安装依赖

 ```bash
-$ npm install
+npm install
 ```

-### 开发运行
+### 开发运行 - MySQL

 ```bash
 # 初始化数据库
-$ MYSQL_DATABASE=cnpmcore npm run prepare-database
+CNPMCORE_DATABASE_NAME=cnpmcore bash ./prepare-database-mysql.sh

 # 启动 Web 服务
-$ DEBUG_LOCAL_SQL=true npm run dev
+npm run dev

 # 访问
 curl -v http://127.0.0.1:7001
 ```

-### 单元测试
+### 开发运行 - PostgreSQL

 ```bash
-$ npm run test
+# 初始化数据库
+CNPMCORE_DATABASE_NAME=cnpmcore bash ./prepare-database-postgresql.sh
+
+# 启动 Web 服务
+npm run dev:postgresql
+
+# 访问
+curl -v http://127.0.0.1:7001
 ```

-编写单测规范：
+### 登录和测试发包

- assert 断言库必须使用 require 引入
+> cnpmcore 默认不开放注册，可以通过 `config.default.ts` 中的 `allowPublicRegistration` 配置开启，否则只有管理员可以登录

-```ts
-import assert = require('assert');
+
+注册 cnpmcore_admin 管理员
+
+```bash
+npm login --registry=http://127.0.0.1:7001
+
+# 验证登录
+npm whoami --registry=http://127.0.0.1:7001
 ```

-> CAUTION: don't use `import assert from 'assert'`
-> Just use old style import assert = require('assert') for assert module. This is limitation.
-> See https://github.com/power-assert-js/espower-typescript#caution-dont-use-import-assert-from-assert
+发包

+```bash
+npm publish --registry=http://127.0.0.1:7001
+```
+
+### 单元测试
+
+MySQL
+
+```bash
+npm run test
+```
+
+PostgreSQL
+
+```bash
+npm run test:postgresql
+```

 ## 项目结构

-```
+```txt
 app
 ├── common
 │   └── adapter
@@ -72,6 +117,8 @@ app
 │   └── controller
 ├── repository
 │   └── model
+├── infra
+│   └── NFSClientAdapter.ts
 └── test
    ├── control
    │   └── response_time.test.js
@@ -80,31 +127,69 @@ app
 ```

 common：
+
 - util：全局工具类
 - adapter：外部服务调用

 core：
+
 - entity：核心模型，实现业务行为
 - event：异步事件定义，以及消费，串联业务
 - service：核心业务
 - util：服务 core 内部，不对外暴露

 repository：
+
 - model：ORM 模型，数据定义
 - XXXRepository: 仓储接口，存储、查询过程

 port：
+
 - controller：HTTP controller

+infra：
+
+基于 PaaS 基础设置实现各种 adapter 真实适配实现，cnpmcore 会内置一种实现，企业自定义的 cnpmcore 应该自行基于自身的
+PaaS 环境实现自己的 infra module。
+
+- NFSClientAdapter.ts
+- QueueAdapter.ts
+- AuthAdapter.ts
+
+## 架构分层依赖图
+
+```txt
+--------------------------------+  +--------+  +----------+
+|            Controller          |  |        |  |          |
+----^-------------^-------------+  |        |  |          |
+     |             |                |        |  |          |
+     | inject      | inject         |        |  |          |
+     |             |                |        |  |          |
+     |  +----------+-------------+  |        |  |          |
+     |  |        Service         |  | Entity |  |          |
+     |  +-----------^------------+  |        |  |          |
+     |              |               |        |  |  Common  |
+     |              | inject        |        |  |          |
+     |              |               |        |  |          |
+----+--------------+------------+  |        |  |          |
+|          Repository            |  |        |  |          |
+-------------------^------------+  +---^----|  |          |
+                    |                   |       |          |
+                    | inject        ORM |       |          |
+                    |                   |       |          |
+        +-----------+------------+      |       |          |
+        |         Model          +<-----+       |          |
+        +------------------------+              +----------+
+```

 ## Controller 开发指南

 目前只支持 HTTP 协议的 Controller，代码在 `app/port/controller` 目录下。
 基于类继承的模式来实现，类关系大致如下：

-```
+```txt
 +----------------------+   +----------------------+   +---------------+
-| PackageController.ts |   | PackageTagController |   | XxxController |
+| PackageController    |   | PackageTagController |   | XxxController |
 +---------------+------+   +---+------------------+   +--+------------+
                |              |                         |
                | extends      | extends                 | extends
@@ -130,15 +215,15 @@ port：
 例如会封装 PackageEntity、PackageVersionEntity 等查询方法。

 ```ts
-  // try to get package entity, throw NotFoundError when package not exists
-  private async getPackageEntity(scope: string, name: string) {
-    const packageEntity = await this.packageRepository.findPackage(scope, name);
-    if (!packageEntity) {
-      const fullname = getFullname(scope, name);
-      throw new NotFoundError(`${fullname} not found`);
-    }
-    return packageEntity;
+// try to get package entity, throw NotFoundError when package not exists
+private async getPackageEntity(scope: string, name: string) {
+  const packageEntity = await this.packageRepository.findPackage(scope, name);
+  if (!packageEntity) {
+    const fullname = getFullname(scope, name);
+    throw new NotFoundError(`${fullname} not found`);
  }
+  return packageEntity;
+}
 ```

 ### 请求合法性校验三部曲
@@ -151,7 +236,7 @@ port：

 #### 1、请求参数校验

-使用 [egg-typebox-validate](https://github.com/xiekw2010/egg-typebox-validate) 来做请求参数校验，只需要定义一次参数类型和规则，就能同时拥有参数校验和类型定义。
+使用 [@eggjs/typebox-validate](https://github.com/eggjs/egg/tree/next/plugins/typebox-validate) 来做请求参数校验，只需要定义一次参数类型和规则，就能同时拥有参数校验和类型定义。
 详细使用方式可以参考 [PR#12](https://github.com/cnpm/cnpmcore/pull/12)。

 使用方式请直接参考 `app/port/typebox.ts` 代码。
@@ -192,13 +277,39 @@ await this.userRoleManager.requiredPackageMaintainer(pkg, authorizedUser);
 当然，大部分对包进行写操作的请求下，我们在 AbstractController 里面抽取了一个更加简便的方法，一次性将数据获取和权限校验包含在一起：

 ```ts
-const pkg = await this.getPackageEntityAndRequiredMaintainer(ctx, fullname);
+const { pkg } = await this.ensurePublishAccess(ctx, fullname);
 ```

 ## Service 开发指南

+Service 依赖 Repository，然后被 Controller 依赖
+
+```txt
+---------------------------+   +----------------------+   +-------------+
+| PackageVersionFileService |   | PackageSyncerService |   | XxxService  |
+---------------^-----------+   +---^------------------+   +--^----------+
+                |                   |                         |
+                | inject            | inject                  | inject
+                |                   |                         |
+            +---+-------------------+-------------------------+--+
+            |               PackageManagerService                |
+            +-----------------------^----------------------------+
+                                    |
+                                    | inject
+                                    |
+                          +---------+--------+
+                          |   XxxRepository  |
+                          +------------------+
+```
+
+### PackageManagerService 管理所有包以及版本信息
+
+它会被其他 Service 依赖
+
 ## Repository 开发指南

+Repository 依赖 Model，然后被 Service 和 Controller 依赖
+
 ### Repository 类方法命名规则

 - `findSomething` 查询一个模型数据
@@ -216,9 +327,9 @@ const pkg = await this.getPackageEntityAndRequiredMaintainer(ctx, fullname);

 可能需要涉及3个地方的修改：

-1. sql/*.sql
-2. repository/model/*.ts
-3. core/entity/*.ts
+1. `sql/mysql/*.sql`, `sql/postgresql/*.sql`
+2. `repository/model/*.ts`
+3. `core/entity/*.ts`

 目前还不会做 Model 到 SQL 的自动转换生成，核心原因有：

--- a/History.md
+++ b/History.md
@@ -1,144 +0,0 @@
-
-1.11.2 / 2022-08-28
-==================
-
-**fixes**
-  * [[`4e8700c`](http://github.com/cnpm/cnpmcore/commit/4e8700c4f7c6fb5c4f4d4a2b9a9546096c5d10e2)] - fix: only create createHookTask if hook enable (#299) (killa <<killa123@126.com>>)
-
-**others**
-  * [[`e06c841`](http://github.com/cnpm/cnpmcore/commit/e06c841537113fdb0c00beb22b0a55378c61ce80)] - 🐛 FIX: Should sync public package when registryName not exists (#303) (fengmk2 <<fengmk2@gmail.com>>)
-  * [[`f139444`](http://github.com/cnpm/cnpmcore/commit/f139444213403494ebe9bf073df62125413892d9)] - 📖 DOC: Update contributors (fengmk2 <<fengmk2@gmail.com>>)
-  * [[`c4a9de5`](http://github.com/cnpm/cnpmcore/commit/c4a9de598dce9a1b82bbcdd91968a15bbc5a4b6b)] - Create SECURITY.md (fengmk2 <<fengmk2@gmail.com>>)
-  * [[`709d65b`](http://github.com/cnpm/cnpmcore/commit/709d65bd0473856c9bfc4416ea2ca375136e354f)] - 🤖 TEST: Use diff bucket on OSS test (#301) (fengmk2 <<fengmk2@gmail.com>>)
-  * [[`9576699`](http://github.com/cnpm/cnpmcore/commit/95766990fa9c4c2c43d462f6b151557425b0c741)] - chore: use AsyncGenerator insteadof Transform stream (#300) (killa <<killa123@126.com>>)
-  * [[`3ed5269`](http://github.com/cnpm/cnpmcore/commit/3ed5269f1d22ca3aaca89a90a4fff90f293e2464)] - 📦 NEW: Mirror better-sqlite3 binary (#296) (fengmk2 <<fengmk2@gmail.com>>)
-
-1.11.1 / 2022-08-24
-==================
-
-**fixes**
-  * [[`359a150`](http://github.com/cnpm/cnpmcore/commit/359a150eb450d69e6523b20efcc5c7cfe3efab4d)] - fix: changes stream (#297) (elrrrrrrr <<elrrrrrrr@gmail.com>>)
-
-1.11.0 / 2022-08-23
-==================
-
-**features**
-  * [[`a91c8ac`](http://github.com/cnpm/cnpmcore/commit/a91c8ac4d05dc903780fda516b09364a05a2b1e6)] - feat: sync package from spec regsitry (#293) (elrrrrrrr <<elrrrrrrr@gmail.com>>)
-  * [[`de37008`](http://github.com/cnpm/cnpmcore/commit/de37008261b05845f392d66764cdfe14ae324756)] - feat: changesStream adapter & needSync() method (#292) (elrrrrrrr <<elrrrrrrr@gmail.com>>)
-  * [[`4b506c8`](http://github.com/cnpm/cnpmcore/commit/4b506c8371697ddacdbe99a8ecb330bfc1911ec6)] - feat: init registry & scope (#286) (elrrrrrrr <<elrrrrrrr@gmail.com>>)
-  * [[`41c6e24`](http://github.com/cnpm/cnpmcore/commit/41c6e24c84d546eb9d5515cc0940cc3e4274687b)] - feat: impl trigger Hooks (#289) (killa <<killa123@126.com>>)
-  * [[`79cb826`](http://github.com/cnpm/cnpmcore/commit/79cb82615f04bdb3da3ccbe09bb6a861608b69c5)] - feat: impl migration sql (#290) (killa <<killa123@126.com>>)
-  * [[`4cfa8ed`](http://github.com/cnpm/cnpmcore/commit/4cfa8ed9d687ce7d950d7d20c0ea28221763ba5f)] - feat: impl hooks api (#287) (killa <<killa123@126.com>>)
-  * [[`47d53d2`](http://github.com/cnpm/cnpmcore/commit/47d53d22ad03c02ee9cb9035a38ae205a6d38381)] - feat: add bizId for task (#285) (killa <<killa123@126.com>>)
-  * [[`3b1536b`](http://github.com/cnpm/cnpmcore/commit/3b1536b070b2f9062bc2cc377db96d2f4a160efc)] - feat: add node-webrtc mirror (#274) (Opportunity <<opportunity@live.in>>)
-
-**others**
-  * [[`7106807`](http://github.com/cnpm/cnpmcore/commit/710680742a078b2faf4cb18c3a39c0397308712e)] - 🐛 FIX: Should show queue size on logging (#280) (fengmk2 <<fengmk2@gmail.com>>)
-  * [[`3a41b21`](http://github.com/cnpm/cnpmcore/commit/3a41b2161cc99bb2f6f6dd7cbaa7abef25ff4393)] - 🐛 FIX: Handle binary configuration value (#278) (fengmk2 <<fengmk2@gmail.com>>)
-
-1.10.0 / 2022-08-04
-==================
-
-**features**
-  * [[`c2b7d5a`](http://github.com/cnpm/cnpmcore/commit/c2b7d5aa98b5ba8649ec246c616574a22e9a74b8)] - feat: use sort set to impl queue (#277) (killa <<killa123@126.com>>)
-
-1.9.1 / 2022-07-29
-==================
-
-**fixes**
-  * [[`c54aa21`](http://github.com/cnpm/cnpmcore/commit/c54aa2165c3938dcbb5a2b3b54e66a0d961cc813)] - fix: check executingCount after task is done (#276) (killa <<killa123@126.com>>)
-
-**others**
-  * [[`3268d03`](http://github.com/cnpm/cnpmcore/commit/3268d030b620825c8c2e6331e1745c1788066c61)] - 🤖 TEST: show package not use cache if isSync (#273) (fengmk2 <<fengmk2@gmail.com>>)
-
-1.9.0 / 2022-07-25
-==================
-
-**features**
-  * [[`af6a75a`](http://github.com/cnpm/cnpmcore/commit/af6a75af32ea04c90fda82be3a56c99ec77e5807)] - feat: add forceSyncHistory options (#271) (killa <<killa123@126.com>>)
-
-1.8.0 / 2022-07-21
-==================
-
-**features**
-  * [[`b49a38c`](http://github.com/cnpm/cnpmcore/commit/b49a38c77e044c978e6de32a9d3e257cc90ea7c1)] - feat: use Model with inject (#269) (killa <<killa123@126.com>>)
-
-1.7.1 / 2022-07-20
-==================
-
-**fixes**
-  * [[`52fca55`](http://github.com/cnpm/cnpmcore/commit/52fca55aa883865f0ae70bfc1ff274c313b8f76a)] - fix: show package not use cache if isSync (#268) (killa <<killa123@126.com>>)
-
-1.7.0 / 2022-07-12
-==================
-
-**others**
-  * [[`4f7ce8b`](http://github.com/cnpm/cnpmcore/commit/4f7ce8b4b2a5806a225ce67228388e14388b7059)] - deps: upgrade leoric to 2.x (#262) (killa <<killa123@126.com>>)
-
-1.6.0 / 2022-07-11
-==================
-
-**features**
-  * [[`1b9a9c7`](http://github.com/cnpm/cnpmcore/commit/1b9a9c70f66d8393e3b132f18713461a9243db73)] - feat: mirror nydus binaries (#261) (killa <<killa123@126.com>>)
-
-**others**
-  * [[`c1256bf`](http://github.com/cnpm/cnpmcore/commit/c1256bf3807bcc9a5c8be2ec5bf5ca8a5eef112e)] - 🐛 FIX: Ignore 403 status on s3 download fail (#260) (fengmk2 <<fengmk2@gmail.com>>)
-  * [[`d685772`](http://github.com/cnpm/cnpmcore/commit/d6857724307fb0df0c4c118491784b30d19a9a15)] - 🐛 FIX: skia-canvas should use NodePreGypBinary (#259) (fengmk2 <<fengmk2@gmail.com>>)
-
-1.5.0 / 2022-07-09
-==================
-
-**features**
-  * [[`b15b10c`](http://github.com/cnpm/cnpmcore/commit/b15b10c5c6cfb32bcc2b1d94434cdd16871ae565)] - feat(mirror): add skia-canvas mirror (#258) (Beace <<beaceshimin@gmail.com>>)
-
-**others**
-  * [[`2bd6ed0`](http://github.com/cnpm/cnpmcore/commit/2bd6ed0e5dace1d8840c342ecf4c86e8973dc6b7)] - 👌 IMPROVE: use tegg@1.2.0 (fengmk2 <<fengmk2@gmail.com>>)
-
-1.4.0 / 2022-06-28
-==================
-
-**features**
-  * [[`57da0a3`](http://github.com/cnpm/cnpmcore/commit/57da0a3c7e56d6613b57391948949ffea24ec058)] - feat: add configuration enableNopmClientAndVersionCheck (laibao101 <<369632567@qq.com>>)
-
-**others**
-  * [[`bf62932`](http://github.com/cnpm/cnpmcore/commit/bf62932f2e5224de6e34b873bf690a6e887b94b0)] - 🤖 TEST: Fix unstable test cases on OSS env (#254) (fengmk2 <<fengmk2@gmail.com>>)
-
-1.3.2 / 2022-06-27
-==================
-
-**fixes**
-  * [[`c63159d`](http://github.com/cnpm/cnpmcore/commit/c63159d8df804fe711b664606fe42be42010eb38)] - fix: valid npm client with correct pattern (#252) (TZ | 天猪 <<atian25@qq.com>>)
-
-**others**
-  * [[`d578baf`](http://github.com/cnpm/cnpmcore/commit/d578bafff07a0f9d4dd75393492cffc7f5d2660b)] - 🐛 FIX: Ignore exists seq on changes worker (#253) (fengmk2 <<fengmk2@gmail.com>>)
-
-1.3.1 / 2022-06-24
-==================
-
-**fixes**
-  * [[`4ea0ef6`](http://github.com/cnpm/cnpmcore/commit/4ea0ef63b7af9fd4dcc247c2c2ac8e4d579f941a)] - fix: query changes with order by id asc (#251) (killa <<killa123@126.com>>)
-
-1.3.0 / 2022-06-24
-==================
-
-**features**
-  * [[`0948a71`](http://github.com/cnpm/cnpmcore/commit/0948a71a40ac4897d129ef56830665dc028f07c7)] - feat: read enableChangesStream when sync changes stream (#250) (killa <<killa123@126.com>>)
-
-1.2.0 / 2022-06-20
-==================
-
-**others**
-  * [[`c0d8b52`](http://github.com/cnpm/cnpmcore/commit/c0d8b52ea09736ac11b0ef780aec781d172fb94c)] - refactor: move CacheAdapter to ContextProto (#249) (killa <<killa123@126.com>>)
-
-1.1.0 / 2022-06-20
-==================
-
-**features**
-  * [[`66b411e`](http://github.com/cnpm/cnpmcore/commit/66b411ea5bf6192dc9509df408525078e7128a27)] - feat: add type for exports (#248) (killa <<killa123@126.com>>)
-
-1.0.0 / 2022-06-17
-==================
-
-**others**
-  * [[`5cadbf4`](http://github.com/cnpm/cnpmcore/commit/5cadbf4b22bee7d85cd14526f5d6c6e2cd3a2e4b)] - refactor: add infra module (#245) (killa <<killa123@126.com>>),fatal: No names found, cannot describe anything.
-
--- a/INTEGRATE.md
+++ b/INTEGRATE.md
@@ -0,0 +1,227 @@
+# 🥚 如何在 [tegg](https://github.com/eggjs/egg/blob/next/tegg) 中集成 cnpmcore
+
+> 文档中的示例项目可以在 [这里](https://github.com/eggjs/examples/commit/bed580fe053ae573f8b63f6788002ff9c6e7a142) 查看，在开始前请确保已阅读 [DEVELOPER.md](DEVELOPER.md) 中的相关文档，完成本地开发环境搭建。
+
+在生产环境中，我们也可以直接部署 cnpmcore 系统，实现完整的 Registry 镜像功能。
+但通常，在企业内部会有一些内部的中间件服务或限制，例如文件存储、缓存服务、登录鉴权流程等。
+
+除了源码部署、二次开发的方式，我们还提供了 npm 包的方式，便于 [tegg](https://github.com/eggjs/egg/blob/next/tegg) 应用集成。
+这样既可以享受到丰富的自定义扩展能力，又可以享受到 cnpmcore 持续迭代的功能演进。
+
+下面，让我们以 [tegg](https://github.com/eggjs/egg/blob/next/tegg) 初始化的应用为例，以 npm 包的方式集成 cnpmcore，并扩展登录功能，以支持企业内 [SSO](https://en.wikipedia.org/wiki/Single_sign-on) 登录。
+
+## 🚀 快速开始
+
+### 🆕 新建一个 tegg 应用
+
+> 我们以 <https://github.com/eggjs/examples/tree/master/hello-tegg> 为例
+
+```shell
+.
+├── app
+│   ├── biz
+│   ├── controller
+│   └── middleware
+├── config
+│   ├── config.default.ts
+│   └── plugin.ts
+├── package.json
+├── test
+│   ├── biz
+│   └── controller
+└── tsconfig.json
+```
+
+### 📦︎ 安装 cnpmcore 修改对应配置
+
+```shell
+npm i cnpmcore
+```
+
+1. 修改 `ts-config.json` 配置，这是因为 cnpmcore 使用了 [subPath](https://nodejs.org/api/packages.html#subpath-exports)
+
+```json
+{
+  "extends": "@eggjs/tsconfig",
+  "compilerOptions": {
+    "baseUrl": "./",
+    "target": "ES2021"
+  }
+}
+```
+
+2. 修改 `config/plugin.ts` 文件，开启 cnpmcore 依赖的一些插件
+
+```typescript
+import tracerPlugin from '@eggjs/tracer';
+import typeboxValidatePlugin from '@eggjs/typebox-validate';
+import redisPlugin from '@eggjs/redis';
+
+// 开启如下插件
+export default {
+  ...redisPlugin(),
+  ...tracerPlugin(),
+  ...typeboxValidatePlugin(),
+}
+```
+
+3. 修改 `config.default.ts` 文件，可以直接覆盖默认配置
+
+```typescript
+import { SyncMode } from 'cnpmcore/common/constants';
+import { cnpmcoreConfig } from 'cnpmcore/common/config';
+
+export default () => {
+  const config = {};
+  config.cnpmcore = {
+    ...cnpmcoreConfig,
+    enableChangesStream: false,
+    syncMode: SyncMode.all,
+    allowPublicRegistration: true,
+    // 放开注册配置
+  };
+  return config;
+}
+```
+
+### 🧑‍🤝‍🧑 集成 cnpmcore
+
+1. 创建文件夹，用于存放自定义的 infra module，这里以 app/infra 为例
+
+```shell
+├── infra
+│   ├── AuthAdapter.ts
+│   ├── NFSAdapter.ts
+│   ├── QueueAdapter.ts
+│   └── package.json
+```
+
+* 添加 `package.json` ，声明 infra 作为一个 eggModule 单元
+
+```JSON
+{
+  "name": "infra",
+  "eggModule": {
+    "name": "infra"
+  }
+}
+```
+
+* 添加 `XXXAdapter.ts` 在对应的 Adapter 中继承 cnpmcore 默认的 Adapter，以 AuthAdapter 为例
+
+```typescript
+  import { AccessLevel, SingletonProto } from 'egg';
+  import { AuthAdapter } from 'cnpmcore/infra/AuthAdapter';
+
+  @SingletonProto({
+    name: 'authAdapter',
+    accessLevel: AccessLevel.PUBLIC,
+  })
+  export class MyAuthAdapter extends AuthAdapter {
+  }
+```
+
+2. 添加 `config/module.json`，将 cnpmcore 作为一个 module 集成进我们新增的 tegg 应用中
+
+```json
+[
+  {
+    "path": "../app/biz"
+  },
+  {
+    "path": "../app/infra"
+  },
+  {
+    "package": "cnpmcore/common"
+  },
+  {
+    "package": "cnpmcore/core"
+  },
+  {
+    "package": "cnpmcore/port"
+  },
+  {
+    "package": "cnpmcore/repository"
+  }
+]
+```
+
+### ✍🏻 重载 AuthAdapter 实现
+
+我们以 AuthAdapter 为例，来实现 npm cli 的 SSO 登录的功能。
+
+我们需要实现了 getAuthUrl 和 ensureCurrentUser 这两个方法:
+
+  1. getAuthUrl 引导用户访问企业内实际的登录中心。
+  2. ensureCurrentUser 当用户完成访问后，需要回调到应用进行鉴权流程。
+我们约定通过 `POST /-/v1/login/sso/:sessionId` 这个路由来进行登录验证。
+当然，你也可以任意修改地址和登录回调，只需保证更新 redis 中的 token 状态即可。
+
+修改 AuthAdapter.ts 文件
+
+```typescript
+import { AccessLevel, Context, SingletonProto } from 'egg';
+import { AuthAdapter } from 'cnpmcore/infra/AuthAdapter';
+import { randomUUID } from 'crypto';
+import { AuthUrlResult, userResult } from 'cnpmcore/dist/app/common/typing';
+
+const ONE_DAY = 3600 * 24;
+
+@SingletonProto({
+  name: 'authAdapter',
+  accessLevel: AccessLevel.PUBLIC,
+})
+export class MyAuthAdapter extends AuthAdapter {
+  async getAuthUrl(ctx: Context): Promise<AuthUrlResult> {
+    const sessionId = randomUUID();
+    await this.redis.setex(sessionId, ONE_DAY, '');
+    return {
+      // 替换实际企业内的登录中心地址，这里我们以系统内默认的 hello 路由为例
+      loginUrl: `${ctx.origin}/hello?name=${sessionId}`,
+      doneUrl: `${ctx.href}/done/session/${sessionId}`,
+    };
+  }
+
+  async ensureCurrentUser(): Promise<userResult | null> {
+    return {
+      name: 'hello',
+      email: 'hello@cnpmjs.org',
+    };
+  }
+}
+
+```
+
+修改 HelloController 的实现，实际也可以通过登录中心回调、页面确认等方式实现
+
+```typescript
+// 触发回调接口，会自动完成用户创建
+await this.httpclient.request(`${ctx.origin}/-/v1/login/sso/${name}`, { method: 'POST' });
+```
+
+## 🎉 功能验证
+
+1. 在命令行输入 `npm login --registry=http://127.0.0.1:7001`
+
+```shell
+npm login --registry=http://127.0.0.1:7001
+npm notice Log in on http://127.0.0.1:7001/
+Login at:
+http://127.0.0.1:7001/hello?name=e44e8c43-211a-4bcd-ae78-c4cbb1a78ae7
+Press ENTER to open in the browser...
+```
+
+2. 界面提示回车打开浏览器访问登录中心，也就是我们在 getAuthUrl，返回的 loginUrl 配置
+
+3. 由于我们 mock 了对应实现，界面会直接显示登录成功
+
+```shell
+Logged in on http://127.0.0.1:7001/.
+```
+
+4. 在命令行输入 `npm whoami --registry=http://127.0.0.1:7001` 验证
+
+```shell
+npm whoami --registry=http://127.0.0.1:7001
+hello
+```
--- a/README.md
+++ b/README.md
@@ -1,36 +1,41 @@
 # Private NPM Registry for Enterprise

-[![Node.js CI](https://github.com/cnpm/cnpmcore/actions/workflows/nodejs.yml/badge.svg)](https://github.com/cnpm/cnpmcore/actions/workflows/nodejs.yml)
-[![codecov](https://codecov.io/gh/cnpm/cnpmcore/branch/main/graph/badge.svg)](https://codecov.io/gh/cnpm/cnpmcore)
-[![CodeQL](https://github.com/cnpm/cnpmcore/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/cnpm/cnpmcore/actions/workflows/codeql-analysis.yml)
-[![emoji-log](https://cdn.rawgit.com/ahmadawais/stuff/ca97874/emoji-log/non-flat-round.svg)](https://github.com/ahmadawais/Emoji-Log/)
+[![Node.js CI](https://github.com/cnpm/cnpmcore/actions/workflows/nodejs.yml/badge.svg?branch=master)](https://github.com/cnpm/cnpmcore/actions/workflows/nodejs.yml)
+[![codecov](https://codecov.io/gh/cnpm/cnpmcore/master/main/graph/badge.svg)](https://app.codecov.io/gh/cnpm/cnpmcore/tree/master)
 [![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fcnpm%2Fcnpmcore.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fcnpm%2Fcnpmcore?ref=badge_shield)
+[![Node.js Version](https://img.shields.io/node/v/cnpmcore.svg?style=flat)](https://nodejs.org/en/download/)
+[![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square)](https://makeapullrequest.com)
+![CodeRabbit Pull Request Reviews](https://img.shields.io/coderabbit/prs/github/cnpm/cnpmcore)
+[![NPM Version](https://img.shields.io/npm/v/cnpmcore)](https://www.npmjs.com/package/cnpmcore)
+[![NPM Downloads](https://img.shields.io/npm/dm/cnpmcore)](https://www.npmjs.com/package/cnpmcore)
+[![NPM License](https://img.shields.io/npm/l/cnpmcore)](https://github.com/cnpm/cnpmcore/blob/master/LICENSE)

-Reimplementation based on [cnpmjs.org](https://github.com/cnpm/cnpmjs.org) with TypeScript.
+Reimplement based on [cnpmjs.org](https://github.com/cnpm/cnpmjs.org) with TypeScript.

 ## Registry HTTP API

-See https://github.com/cnpm/cnpmjs.org/blob/master/docs/registry-api.md#npm-registry-api
+See [registry-api.md](docs/registry-api.md)
+
+## Internal API for Direct HTTP Requests
+
+See [internal-api.md](docs/internal-api.md) for comprehensive documentation of cnpmcore's internal APIs that allow direct HTTP requests for package synchronization, administration, and other advanced operations.

 ## How to contribute

 See [DEVELOPER.md](DEVELOPER.md)

+## How to integrate
+
+See [INTEGRATE.md](INTEGRATE.md)
+
 ## License

 [MIT](LICENSE)

-<!-- GITCONTRIBUTOR_START -->
-
 ## Contributors

-|[<img src="https://avatars.githubusercontent.com/u/156269?v=4" width="100px;"/><br/><sub><b>fengmk2</b></sub>](https://github.com/fengmk2)<br/>|[<img src="https://avatars.githubusercontent.com/u/6897780?v=4" width="100px;"/><br/><sub><b>killagu</b></sub>](https://github.com/killagu)<br/>|[<img src="https://avatars.githubusercontent.com/u/5574625?v=4" width="100px;"/><br/><sub><b>elrrrrrrr</b></sub>](https://github.com/elrrrrrrr)<br/>|[<img src="https://avatars.githubusercontent.com/u/26033663?v=4" width="100px;"/><br/><sub><b>Zian502</b></sub>](https://github.com/Zian502)<br/>|[<img src="https://avatars.githubusercontent.com/u/13284978?v=4" width="100px;"/><br/><sub><b>Beace</b></sub>](https://github.com/Beace)<br/>|[<img src="https://avatars.githubusercontent.com/u/227713?v=4" width="100px;"/><br/><sub><b>atian25</b></sub>](https://github.com/atian25)<br/>|
-| :---: | :---: | :---: | :---: | :---: | :---: |
-|[<img src="https://avatars.githubusercontent.com/u/17879221?v=4" width="100px;"/><br/><sub><b>laibao101</b></sub>](https://github.com/laibao101)<br/>|[<img src="https://avatars.githubusercontent.com/u/8198408?v=4" width="100px;"/><br/><sub><b>BlackHole1</b></sub>](https://github.com/BlackHole1)<br/>|[<img src="https://avatars.githubusercontent.com/u/1814071?v=4" width="100px;"/><br/><sub><b>xiekw2010</b></sub>](https://github.com/xiekw2010)<br/>|[<img src="https://avatars.githubusercontent.com/u/13471233?v=4" width="100px;"/><br/><sub><b>OpportunityLiu</b></sub>](https://github.com/OpportunityLiu)<br/>|[<img src="https://avatars.githubusercontent.com/u/958063?v=4" width="100px;"/><br/><sub><b>thonatos</b></sub>](https://github.com/thonatos)<br/>|[<img src="https://avatars.githubusercontent.com/u/11039003?v=4" width="100px;"/><br/><sub><b>chenpx976</b></sub>](https://github.com/chenpx976)<br/>|
-[<img src="https://avatars.githubusercontent.com/u/29791463?v=4" width="100px;"/><br/><sub><b>fossabot</b></sub>](https://github.com/fossabot)<br/>|[<img src="https://avatars.githubusercontent.com/u/1119126?v=4" width="100px;"/><br/><sub><b>looksgood</b></sub>](https://github.com/looksgood)<br/>|[<img src="https://avatars.githubusercontent.com/u/3478550?v=4" width="100px;"/><br/><sub><b>coolyuantao</b></sub>](https://github.com/coolyuantao)<br/>
+[![Contributors](https://contrib.rocks/image?repo=cnpm/cnpmcore)](https://github.com/cnpm/cnpmcore/graphs/contributors)

-This project follows the git-contributor [spec](https://github.com/xudafeng/git-contributor), auto updated at `Sun Aug 28 2022 19:00:22 GMT+0800`.
-
-<!-- GITCONTRIBUTOR_END -->
+Made with [contributors-img](https://contrib.rocks).

 [![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fcnpm%2Fcnpmcore.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2Fcnpm%2Fcnpmcore?ref=badge_large)
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -6,7 +6,7 @@ Currently being supported with security updates.

 | Version  | Supported          |
 | -------- | ------------------ |
-| >= 1.0.0 | :white_check_mark: |
+| >= 3.0.0 | :white_check_mark: |

 ## Reporting a Vulnerability

@@ -35,7 +35,7 @@ When the security team receives a security bug report, they will assign it
 to a primary handler. This person will coordinate the fix and release
 process, involving the following steps:

-  * Confirm the problem and determine the affected versions.
-  * Audit code to find any potential similar problems.
-  * Prepare fixes for all releases still under maintenance. These fixes
+* Confirm the problem and determine the affected versions.
+* Audit code to find any potential similar problems.
+* Prepare fixes for all releases still under maintenance. These fixes
    will be released as fast as possible to NPM.
--- a/app.ts
+++ b/app.ts
@@ -1,6 +1,8 @@
-import path from 'path';
-import { readFile } from 'fs/promises';
-import { Application } from 'egg';
+import path from 'node:path';
+import { readFile } from 'node:fs/promises';
+import type { Application, ILifecycleBoot } from 'egg';
+
+import { ChangesStreamService } from './app/core/service/ChangesStreamService.ts';

 declare module 'egg' {
  interface Application {
@@ -8,7 +10,7 @@ declare module 'egg' {
  }
 }

-export default class CnpmcoreAppHook {
+export default class CnpmcoreAppHook implements ILifecycleBoot {
  private readonly app: Application;

  constructor(app: Application) {
@@ -16,11 +18,34 @@ export default class CnpmcoreAppHook {
    this.app.binaryHTML = '';
  }

+  configWillLoad() {
+    const app = this.app;
+    // https://github.com/eggjs/egg/blob/next/tegg/plugin/orm/src/app.ts#L37
+    // store query sql to log
+    app.config.orm.logger = {
+      ...app.config.orm.logger,
+      logQuery(sql: string, duration: number) {
+        app.getLogger('sqlLogger').info('[%s] %s', duration, sql);
+      },
+    };
+  }
+
  // https://eggjs.org/zh-cn/basics/app-start.html
  async didReady() {
    // ready binary.html and replace registry
    const filepath = path.join(this.app.baseDir, 'app/port/binary.html');
-    const text = await readFile(filepath, 'utf-8');
-    this.app.binaryHTML = text.replace('{{registry}}', this.app.config.cnpmcore.registry);
+    const text = await readFile(filepath, 'utf8');
+    this.app.binaryHTML = text.replace(
+      '{{registry}}',
+      this.app.config.cnpmcore.registry
+    );
+  }
+
+  // 应用退出时执行
+  // 需要暂停当前执行的 changesStream task
+  async beforeClose() {
+    const changesStreamService =
+      await this.app.getEggObject(ChangesStreamService);
+    await changesStreamService.suspendSync(true);
  }
 }
--- a/app/common/AbstractService.ts
+++ b/app/common/AbstractService.ts
@@ -1,14 +1,8 @@
-import {
-  Inject,
-} from '@eggjs/tegg';
-import {
-  EggAppConfig,
-  EggLogger,
-} from 'egg';
+import { EggAppConfig, Logger, Inject } from 'egg';

 export abstract class AbstractService {
  @Inject()
  protected readonly config: EggAppConfig;
  @Inject()
-  protected readonly logger: EggLogger;
+  protected readonly logger: Logger;
 }
--- a/app/common/CryptoUtil.ts
+++ b/app/common/CryptoUtil.ts
@@ -0,0 +1,36 @@
+import { generateKeyPairSync } from 'node:crypto';
+import NodeRSA from 'node-rsa';
+
+// generate rsa key pair
+export function genRSAKeys(): { publicKey: string, privateKey: string } {
+  const key = generateKeyPairSync('rsa', {
+    modulusLength: 512,
+  });
+  const publicKey = key.publicKey.export({
+    type: 'pkcs1',
+    format: 'pem',
+  }).toString('base64');
+  const privateKey = key.privateKey.export({
+    type: 'pkcs1',
+    format: 'pem',
+  }).toString('base64');
+  return { publicKey, privateKey };
+}
+
+// encrypt rsa private key
+export function encryptRSA(publicKey: string, plainText: string): string {
+  const key = new NodeRSA(publicKey, 'pkcs1-public-pem', {
+    encryptionScheme: 'pkcs1',
+    environment: 'browser',
+  });
+  return key.encrypt(plainText, 'base64');
+}
+
+// decrypt rsa private key
+export function decryptRSA(privateKey: string, encryptedBase64: string): string {
+  const key = new NodeRSA(privateKey, 'pkcs1-private-pem', {
+    encryptionScheme: 'pkcs1',
+    environment: 'browser',
+  });
+  return key.decrypt(encryptedBase64, 'utf8');
+}
--- a/app/common/ErrorUtil.ts
+++ b/app/common/ErrorUtil.ts
@@ -0,0 +1,29 @@
+const TimeoutErrorNames = new Set([
+  'HttpClientRequestTimeoutError',
+  'HttpClientConnectTimeoutError',
+  'ConnectionError',
+  'ConnectTimeoutError',
+  'BodyTimeoutError',
+  'ResponseTimeoutError',
+]);
+
+export function isTimeoutError(err: Error) {
+  if (TimeoutErrorNames.has(err.name)) {
+    return true;
+  }
+  if (err instanceof AggregateError && err.errors) {
+    for (const subError of err.errors) {
+      if (TimeoutErrorNames.has(subError.name)) {
+        return true;
+      }
+    }
+  }
+  if (
+    'cause' in err &&
+    err.cause instanceof Error &&
+    TimeoutErrorNames.has(err.cause.name)
+  ) {
+    return true;
+  }
+  return false;
+}
--- a/app/common/FileUtil.ts
+++ b/app/common/FileUtil.ts
@@ -1,56 +1,41 @@
-import { mkdir, rm } from 'fs/promises';
-import { createWriteStream } from 'fs';
-import { setTimeout } from 'timers/promises';
-import path from 'path';
-import url from 'url';
-import { randomBytes } from 'crypto';
-import { EggContextHttpClient } from 'egg';
-import dayjs from './dayjs';
+// oxlint-disable import/exports-last
+import { mkdir, rm } from 'node:fs/promises';
+import { createWriteStream } from 'node:fs';
+import { setTimeout } from 'node:timers/promises';
+import path from 'node:path';
+import url from 'node:url';
+import { randomBytes } from 'node:crypto';
+import type { EggContextHttpClient, HttpClientResponse } from 'egg';
+import mime from 'mime-types';
+import dayjs from './dayjs.ts';

-export async function createTempfile(dataDir: string, filename: string) {
-  // will auto clean on CleanTempDir Schedule
-  const tmpdir = path.join(dataDir, 'downloads', dayjs().format('YYYY/MM/DD'));
-  await mkdir(tmpdir, { recursive: true });
-
-  // The filename is a URL (from dist.tarball), which needs to be truncated, (`getconf NAME_MAX /` # max filename length: 255 bytes)
-  // https://github.com/cnpm/cnpmjs.org/pull/1345
-  const tmpfile = path.join(tmpdir, `${randomBytes(10).toString('hex')}-${path.basename(url.parse(filename).pathname!)}`);
-  return tmpfile;
-}
-
-export async function downloadToTempfile(httpclient: EggContextHttpClient,
-  dataDir: string, url: string, ignoreDownloadStatuses?: number[], retries = 3) {
-  let lastError: any;
-  while (retries > 0) {
-    try {
-      return await _downloadToTempfile(httpclient, dataDir, url, ignoreDownloadStatuses);
-    } catch (err: any) {
-      if (err.name === 'DownloadNotFoundError') throw err;
-      lastError = err;
-    }
-    retries--;
-    if (retries > 0) {
-      // sleep 1s ~ 4s in random
-      await setTimeout(1000 + Math.random() * 4000);
-    }
-  }
-  throw lastError;
-}
-
-async function _downloadToTempfile(httpclient: EggContextHttpClient,
-  dataDir: string, url: string, ignoreDownloadStatuses?: number[]) {
+async function _downloadToTempfile(
+  httpclient: EggContextHttpClient,
+  dataDir: string,
+  url: string,
+  optionalConfig?: DownloadToTempfileOptionalConfig
+): Promise<Tempfile> {
  const tmpfile = await createTempfile(dataDir, url);
  const writeStream = createWriteStream(tmpfile);
  try {
    // max 10 mins to download
    // FIXME: should show download progress
-    const { status, headers, res } = await httpclient.request(url, {
-      timeout: 60000 * 10,
+    const requestHeaders: Record<string, string> = {};
+    if (optionalConfig?.remoteAuthToken) {
+      requestHeaders.authorization = `Bearer ${optionalConfig.remoteAuthToken}`;
+    }
+    const { status, headers, res } = (await httpclient.request(url, {
+      timeout: 60_000 * 10,
+      headers: requestHeaders,
      writeStream,
      timing: true,
      followRedirect: true,
-    });
-    if (status === 404 || (ignoreDownloadStatuses && ignoreDownloadStatuses.includes(status))) {
+    })) as HttpClientResponse;
+    if (
+      status === 404 ||
+      (optionalConfig?.ignoreDownloadStatuses &&
+        optionalConfig.ignoreDownloadStatuses.includes(status))
+    ) {
      const err = new Error(`Not found, status(${status})`);
      err.name = 'DownloadNotFoundError';
      throw err;
@@ -70,3 +55,107 @@ async function _downloadToTempfile(httpclient: EggContextHttpClient,
    throw err;
  }
 }
+
+export interface DownloadToTempfileOptionalConfig {
+  retries?: number;
+  ignoreDownloadStatuses?: number[];
+  remoteAuthToken?: string;
+}
+
+export async function createTempDir(dataDir: string, dirname?: string) {
+  // will auto clean on CleanTempDir Schedule
+  let tmpdir = path.join(dataDir, 'downloads', dayjs().format('YYYY/MM/DD'));
+  if (dirname) {
+    tmpdir = path.join(tmpdir, dirname);
+  }
+  await mkdir(tmpdir, { recursive: true });
+  return tmpdir;
+}
+
+export async function createTempfile(dataDir: string, filename: string) {
+  const tmpdir = await createTempDir(dataDir);
+  // The filename is a URL (from dist.tarball), which needs to be truncated, (`getconf NAME_MAX /` # max filename length: 255 bytes)
+  // https://github.com/cnpm/cnpmjs.org/pull/1345
+  const tmpfile = path.join(
+    tmpdir,
+    // oxlint-disable-next-line typescript-eslint/no-non-null-assertion
+    `${randomBytes(10).toString('hex')}-${path.basename(url.parse(filename).pathname!)}`
+  );
+  return tmpfile;
+}
+
+export async function downloadToTempfile(
+  httpclient: EggContextHttpClient,
+  dataDir: string,
+  url: string,
+  optionalConfig?: DownloadToTempfileOptionalConfig
+) {
+  let retries = optionalConfig?.retries || 3;
+  let lastError: Error | undefined;
+  while (retries > 0) {
+    try {
+      return await _downloadToTempfile(
+        httpclient,
+        dataDir,
+        url,
+        optionalConfig
+      );
+    } catch (err) {
+      if (err.name === 'DownloadNotFoundError') throw err;
+      lastError = err;
+    }
+    retries--;
+    if (retries > 0) {
+      // sleep 1s ~ 4s in random
+      const delay =
+        process.env.NODE_ENV === 'test' ? 1 : 1000 + Math.random() * 4000;
+      await setTimeout(delay);
+    }
+  }
+  // oxlint-disable-next-line no-throw-literal
+  throw lastError;
+}
+export interface Tempfile {
+  tmpfile: string;
+  headers: HttpClientResponse['res']['headers'];
+  timing: HttpClientResponse['res']['timing'];
+}
+
+const DEFAULT_CONTENT_TYPE = 'application/octet-stream';
+const PLAIN_TEXT = 'text/plain';
+const WHITE_FILENAME_CONTENT_TYPES = {
+  license: PLAIN_TEXT,
+  readme: PLAIN_TEXT,
+  history: PLAIN_TEXT,
+  changelog: PLAIN_TEXT,
+  '.npmignore': PLAIN_TEXT,
+  '.jshintignore': PLAIN_TEXT,
+  '.eslintignore': PLAIN_TEXT,
+  '.jshintrc': 'application/json',
+  '.eslintrc': 'application/json',
+} as const;
+
+const CONTENT_TYPE_BLACKLIST = new Set(['application/xml', 'text/html']);
+
+export function ensureContentType(contentType: string) {
+  if (CONTENT_TYPE_BLACKLIST.has(contentType)) {
+    return 'text/plain';
+  }
+  return contentType;
+}
+
+export function mimeLookup(filepath: string) {
+  const filename = path.basename(filepath).toLowerCase();
+  if (filename.endsWith('.ts')) return PLAIN_TEXT;
+  if (filename.endsWith('.lock')) return PLAIN_TEXT;
+  const defaultContentType = mime.lookup(filename);
+  // https://github.com/cnpm/cnpmcore/issues/693#issuecomment-2955268229
+  const contentType =
+    defaultContentType ||
+    WHITE_FILENAME_CONTENT_TYPES[
+      filename as keyof typeof WHITE_FILENAME_CONTENT_TYPES
+    ] ||
+    DEFAULT_CONTENT_TYPE;
+
+  return ensureContentType(contentType);
+}
--- a/app/common/PackageUtil.ts
+++ b/app/common/PackageUtil.ts
@@ -1,5 +1,15 @@
-import { createReadStream } from 'fs';
-import * as ssri from 'ssri';
+import { createReadStream } from 'node:fs';
+import { Readable } from 'node:stream';
+import { pipeline } from 'node:stream/promises';
+
+import { fromData, fromStream, type HashLike } from 'ssri';
+// @ts-expect-error no types available
+import tar from '@fengmk2/tar';
+
+import type {
+  AuthorType,
+  PackageJSONType,
+} from '../repository/PackageRepository.ts';

 // /@cnpm%2ffoo
 // /@cnpm%2Ffoo
@@ -7,28 +17,44 @@ import * as ssri from 'ssri';
 // /foo
 // name max length is 214 chars
 // https://www.npmjs.com/package/path-to-regexp#custom-matching-parameters
-export const FULLNAME_REG_STRING = '@[^/]{1,220}\/[^/]{1,220}|@[^%]+\%2[fF][^/]{1,220}|[^@/]{1,220}';
+export const FULLNAME_REG_STRING =
+  '@[^/]{1,220}/[^/]{1,220}|@[^%]+%2[fF][^/]{1,220}|[^@/]{1,220}';

 export function getScopeAndName(fullname: string): string[] {
  if (fullname.startsWith('@')) {
    return fullname.split('/', 2);
  }
-  return [ '', fullname ];
+  return ['', fullname];
 }

 export function getFullname(scope: string, name: string): string {
  return scope ? `${scope}/${name}` : name;
 }

-export async function calculateIntegrity(contentOrFile: Uint8Array | string) {
-  let integrityObj;
+export function cleanUserPrefix(username: string): string {
+  return username.replace(/^.*:/, '');
+}
+
+export function getPrefixedName(prefix: string, username: string): string {
+  return prefix ? `${prefix}${username}` : username;
+}
+
+export interface Integrity {
+  integrity: string;
+  shasum: string;
+}
+
+export async function calculateIntegrity(
+  contentOrFile: Uint8Array | string
+): Promise<Integrity> {
+  let integrityObj: HashLike;
  if (typeof contentOrFile === 'string') {
-    integrityObj = await ssri.fromStream(createReadStream(contentOrFile), {
-      algorithms: [ 'sha512', 'sha1' ],
+    integrityObj = await fromStream(createReadStream(contentOrFile), {
+      algorithms: ['sha512', 'sha1'],
    });
  } else {
-    integrityObj = ssri.fromData(contentOrFile, {
-      algorithms: [ 'sha512', 'sha1' ],
+    integrityObj = fromData(contentOrFile, {
+      algorithms: ['sha512', 'sha1'],
    });
  }
  const integrity = integrityObj.sha512[0].toString() as string;
@@ -36,20 +62,109 @@ export async function calculateIntegrity(contentOrFile: Uint8Array | string) {
  return { integrity, shasum };
 }

-export function formatTarball(registry: string, scope: string, name: string, version: string) {
+export function formatTarball(
+  registry: string,
+  scope: string,
+  name: string,
+  version: string
+) {
  const fullname = getFullname(scope, name);
  return `${registry}/${fullname}/-/${name}-${version}.tgz`;
 }

-export function detectInstallScript(manifest: any) {
+export function detectInstallScript(manifest: {
+  scripts?: Record<string, string>;
+}) {
  // https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md#abbreviated-version-object
  let hasInstallScript = false;
  const scripts = manifest.scripts;
-  if (scripts) {
-    // https://www.npmjs.com/package/fix-has-install-script
-    if (scripts.install || scripts.preinstall || scripts.postinstall) {
-      hasInstallScript = true;
-    }
+  // https://www.npmjs.com/package/fix-has-install-script
+  if (scripts?.install || scripts?.preinstall || scripts?.postinstall) {
+    hasInstallScript = true;
  }
  return hasInstallScript;
 }
+
+/** 判断一个版本压缩包中是否包含 npm-shrinkwrap.json */
+export async function hasShrinkWrapInTgz(
+  contentOrFile: Uint8Array | string
+): Promise<boolean> {
+  let readable: Readable;
+  if (typeof contentOrFile === 'string') {
+    readable = createReadStream(contentOrFile);
+  } else {
+    readable = new Readable({
+      read() {
+        this.push(contentOrFile);
+        this.push(null);
+      },
+    });
+  }
+
+  let hasShrinkWrap = false;
+  const abortController = new AbortController();
+  const parser = tar.t({
+    // options.strict 默认为 false，会忽略 Recoverable errors，例如 tar 解析失败
+    // 详见 https://github.com/isaacs/node-tar#warnings-and-errors
+    // oxlint-disable-next-line typescript-eslint/no-explicit-any
+    onentry(entry: any) {
+      if (entry.path === 'package/npm-shrinkwrap.json') {
+        hasShrinkWrap = true;
+        abortController.abort();
+      }
+    },
+  });
+
+  try {
+    await pipeline(readable, parser, { signal: abortController.signal });
+    return hasShrinkWrap;
+  } catch (e) {
+    if (e.code === 'ABORT_ERR') {
+      return hasShrinkWrap;
+    }
+    throw Object.assign(
+      new Error('[hasShrinkWrapInTgz] Fail to parse input file'),
+      { cause: e }
+    );
+  }
+}
+
+/** 写入 ES 时，格式化 author */
+export function formatAuthor(
+  author: string | AuthorType | undefined
+): AuthorType | undefined {
+  if (author === undefined) {
+    return author;
+  }
+
+  if (typeof author === 'string') {
+    return { name: author };
+  }
+
+  return author;
+}
+
+export async function extractPackageJSON(
+  tarballBytes: Buffer
+): Promise<PackageJSONType> {
+  // oxlint-disable-next-line promise/avoid-new
+  return new Promise((resolve, reject) => {
+    Readable.from(tarballBytes).pipe(
+      tar.t({
+        filter: (name: string) => name === 'package/package.json',
+        onentry: async (entry: Readable) => {
+          const chunks: Buffer[] = [];
+          for await (const chunk of entry) {
+            chunks.push(chunk);
+          }
+          try {
+            const data = Buffer.concat(chunks);
+            return resolve(JSON.parse(data.toString()));
+          } catch {
+            reject(new Error('Error parsing package.json'));
+          }
+        },
+      })
+    );
+  });
+}
--- a/app/common/SyncUtil.ts
+++ b/app/common/SyncUtil.ts
@@ -1,6 +1,6 @@
-import { EggContext } from '@eggjs/tegg';
+import type { Context } from 'egg';

-export function isSyncWorkerRequest(ctx: EggContext) {
+export function isSyncWorkerRequest(ctx: Context) {
  // sync request will contain this query params
  let isSyncWorkerRequest = ctx.query.cache === '0';
  if (!isSyncWorkerRequest) {
--- a/app/common/UserUtil.ts
+++ b/app/common/UserUtil.ts
@@ -1,7 +1,8 @@
-import crypto from 'crypto';
+import crypto from 'node:crypto';
 import base from 'base-x';
 import { crc32 } from '@node-rs/crc32';
-import * as ssri from 'ssri';
+import { checkData, create } from 'ssri';
+import UAParser from 'ua-parser-js';

 const base62 = base('0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ');

@@ -28,14 +29,28 @@ export function checkToken(token: string, prefix: string): boolean {
 }

 export function integrity(plain: string): string {
-  return ssri.create().update(plain).digest()
+  return create().update(plain).digest()
    .toString();
 }

 export function checkIntegrity(plain: string, expectedIntegrity: string): boolean {
-  return ssri.checkData(plain, expectedIntegrity);
+  return !!checkData(plain, expectedIntegrity);
 }

 export function sha512(plain: string): string {
  return crypto.createHash('sha512').update(plain).digest('hex');
 }
+
+export function getUAInfo(userAgent?: string) {
+  if (!userAgent) return null;
+  return new UAParser(userAgent);
+}
+
+export function getBrowserTypeForWebauthn(userAgent?: string) {
+  const ua = getUAInfo(userAgent);
+  if (!ua) return null;
+  const os = ua.getOS();
+  if (os.name === 'iOS' || os.name === 'Android') return 'mobile';
+  if (os.name === 'Mac OS') return ua.getBrowser().name;
+  return null;
+}
--- a/app/common/adapter/BugVersionStore.ts
+++ b/app/common/adapter/BugVersionStore.ts
@@ -1,5 +1,6 @@
-import { AccessLevel, SingletonProto } from '@eggjs/tegg';
-import { BugVersion } from '../../core/entity/BugVersion';
+import { AccessLevel, SingletonProto } from 'egg';
+
+import type { BugVersion } from '../../core/entity/BugVersion.ts';

@SingletonProto({
  accessLevel: AccessLevel.PUBLIC,
--- a/app/common/adapter/CacheAdapter.ts
+++ b/app/common/adapter/CacheAdapter.ts
@@ -1,18 +1,16 @@
-import {
-  ContextProto,
-  AccessLevel,
-  Inject,
-} from '@eggjs/tegg';
-import { Redis } from 'ioredis';
+import { AccessLevel, Inject, SingletonProto } from 'egg';
+// FIXME: @eggjs/redis should use ioredis v5
+// https://github.com/eggjs/redis/issues/35
+import type { Redis } from 'ioredis';

 const ONE_DAY = 3600 * 24;

-@ContextProto({
+@SingletonProto({
  accessLevel: AccessLevel.PUBLIC,
 })
 export class CacheAdapter {
  @Inject()
-  private readonly redis: Redis;
+  private readonly redis: Redis; // 由 redis 插件引入

  async setBytes(key: string, bytes: Buffer) {
    await this.redis.setex(key, ONE_DAY, bytes);
@@ -38,7 +36,7 @@ export class CacheAdapter {
    const lockName = this.getLockName(key);
    const existsTimestamp = await this.redis.get(lockName);
    if (existsTimestamp) {
-      if (Date.now() - parseInt(existsTimestamp) < seconds * 1000) {
+      if (Date.now() - Number.parseInt(existsTimestamp) < seconds * 1000) {
        return null;
      }
      // lock timeout, delete it
@@ -62,12 +60,13 @@ export class CacheAdapter {

  async usingLock(key: string, seconds: number, func: () => Promise<void>) {
    const lockTimestamp = await this.lock(key, seconds);
-    if (!lockTimestamp) return;
+    if (!lockTimestamp) return false;
    try {
      await func();
    } finally {
      await this.unlock(key, lockTimestamp);
    }
+    return true;
  }

  private getLockName(key: string) {
--- a/app/common/adapter/NFSAdapter.ts
+++ b/app/common/adapter/NFSAdapter.ts
@@ -1,18 +1,15 @@
-import { Readable } from 'stream';
-import {
-  ContextProto,
-  AccessLevel,
-  Inject,
-} from '@eggjs/tegg';
-import { Pointcut } from '@eggjs/tegg/aop';
-import { EggLogger } from 'egg';
-import { AsyncTimer } from '../aop/AsyncTimer';
-import { NFSClient } from '../typing';
-import { IncomingHttpHeaders } from 'http';
+import type { Readable } from 'node:stream';
+import type { IncomingHttpHeaders } from 'node:http';
+
+import { AccessLevel, Inject, SingletonProto, Logger } from 'egg';
+import { Pointcut } from 'egg/aop';
+
+import { AsyncTimer } from '../aop/AsyncTimer.ts';
+import type { NFSClient } from '../typing.ts';

 const INSTANCE_NAME = 'nfsAdapter';

-@ContextProto({
+@SingletonProto({
  name: INSTANCE_NAME,
  accessLevel: AccessLevel.PUBLIC,
 })
@@ -21,17 +18,27 @@ export class NFSAdapter {
  private readonly nfsClient: NFSClient;

  @Inject()
-  private readonly logger: EggLogger;
+  private readonly logger: Logger;

  @Pointcut(AsyncTimer)
  async uploadBytes(storeKey: string, bytes: Uint8Array) {
-    this.logger.info('[%s:uploadBytes] key: %s, bytes: %d', INSTANCE_NAME, storeKey, bytes.length);
+    this.logger.info(
+      '[%s:uploadBytes] key: %s, bytes: %d',
+      INSTANCE_NAME,
+      storeKey,
+      bytes.length
+    );
    await this.nfsClient.uploadBytes(bytes, { key: storeKey });
  }

  // will return next store position
  @Pointcut(AsyncTimer)
-  async appendBytes(storeKey: string, bytes: Uint8Array, position?: string, headers?: IncomingHttpHeaders) {
+  async appendBytes(
+    storeKey: string,
+    bytes: Uint8Array,
+    position?: string,
+    headers?: IncomingHttpHeaders
+  ) {
    // make sure position is undefined by the first time
    if (!position) position = undefined;
    const options = {
@@ -45,13 +52,30 @@ export class NFSAdapter {

  @Pointcut(AsyncTimer)
  async uploadFile(storeKey: string, file: string) {
-    this.logger.info('[%s:uploadFile] key: %s, file: %s', INSTANCE_NAME, storeKey, file);
+    this.logger.info(
+      '[%s:uploadFile] key: %s, file: %s',
+      INSTANCE_NAME,
+      storeKey,
+      file
+    );
    await this.nfsClient.upload(file, { key: storeKey });
  }

+  @Pointcut(AsyncTimer)
+  async downloadFile(storeKey: string, file: string, timeout: number) {
+    this.logger.info(
+      '[%s:downloadFile] key: %s, file: %s, timeout: %s',
+      INSTANCE_NAME,
+      storeKey,
+      file,
+      timeout
+    );
+    await this.nfsClient.download(storeKey, file, { timeout });
+  }
+
  @Pointcut(AsyncTimer)
  async remove(storeKey: string) {
-    this.logger.info('[%s:remove] key: %s, file: %s', INSTANCE_NAME, storeKey);
+    this.logger.info('[%s:remove] key: %s', INSTANCE_NAME, storeKey);
    await this.nfsClient.remove(storeKey);
  }

@@ -72,7 +96,9 @@ export class NFSAdapter {
    }
  }

-  async getDownloadUrlOrStream(storeKey: string): Promise<string | Readable | undefined> {
+  async getDownloadUrlOrStream(
+    storeKey: string
+  ): Promise<string | Readable | undefined> {
    const downloadUrl = await this.getDownloadUrl(storeKey);
    if (downloadUrl) {
      return downloadUrl;
--- a/app/common/adapter/NPMRegistry.ts
+++ b/app/common/adapter/NPMRegistry.ts
@@ -1,30 +1,36 @@
-import { setTimeout } from 'timers/promises';
+import { setTimeout } from 'node:timers/promises';
+
 import {
  ContextProto,
-  AccessLevel,
-  Inject,
-} from '@eggjs/tegg';
-import {
-  EggLogger,
-  EggContextHttpClient,
+  AccessLevel, Inject,
  EggAppConfig,
+  HttpClient,
+  Logger,
+  HttpClientRequestOptions,
+  HttpClientResponse,
 } from 'egg';
-import { HttpMethod } from 'urllib';
+
+import type { PackageManifestType } from '../../repository/PackageRepository.ts';
+import { isTimeoutError } from '../ErrorUtil.ts';
+
+type HttpMethod = HttpClientRequestOptions['method'];

 const INSTANCE_NAME = 'npmRegistry';

+export type RegistryResponse = { method: HttpMethod } & HttpClientResponse;
+
@ContextProto({
  name: INSTANCE_NAME,
  accessLevel: AccessLevel.PUBLIC,
 })
 export class NPMRegistry {
  @Inject()
-  private readonly logger: EggLogger;
+  private readonly logger: Logger;
  @Inject()
-  private readonly httpclient: EggContextHttpClient;
+  private readonly httpClient: HttpClient;
  @Inject()
  private config: EggAppConfig;
-  private timeout = 10000;
+  private timeout = 10_000;
  public registryHost: string;

  get registry(): string {
@@ -35,67 +41,119 @@ export class NPMRegistry {
    this.registryHost = registryHost;
  }

-  public async getFullManifests(fullname: string, retries = 3) {
+  public async getFullManifests(
+    fullname: string,
+    optionalConfig?: { retries?: number; remoteAuthToken?: string }
+  ): Promise<{ method: HttpMethod } & HttpClientResponse<PackageManifestType>> {
+    let retries = optionalConfig?.retries || 3;
    // set query t=timestamp, make sure CDN cache disable
    // cache=0 is sync worker request flag
    const url = `${this.registry}/${encodeURIComponent(fullname)}?t=${Date.now()}&cache=0`;
-    let lastError: any;
+    let lastError: Error | undefined;
    while (retries > 0) {
      try {
        // large package: https://r.cnpmjs.org/%40procore%2Fcore-icons
        // https://r.cnpmjs.org/intraactive-sdk-ui 44s
-        return await this.request('GET', url, undefined, { timeout: 120000 });
-      } catch (err: any) {
-        if (err.name === 'ResponseTimeoutError') throw err;
+        const authorization = this.genAuthorizationHeader(
+          optionalConfig?.remoteAuthToken
+        );
+        return await this.request('GET', url, undefined, {
+          timeout: 120_000,
+          headers: { authorization },
+        });
+      } catch (err) {
+        if (isTimeoutError(err)) {
+          throw err;
+        }
        lastError = err;
      }
      retries--;
      if (retries > 0) {
        // sleep 1s ~ 4s in random
-        await setTimeout(1000 + Math.random() * 4000);
+        const delay =
+          process.env.NODE_ENV === 'test' ? 1 : 1000 + Math.random() * 4000;
+        await setTimeout(delay);
      }
    }
+    // oxlint-disable-next-line no-throw-literal
    throw lastError;
  }

  // app.put('/:name/sync', sync.sync);
-  public async createSyncTask(fullname: string) {
+  public async createSyncTask(
+    fullname: string,
+    optionalConfig?: { remoteAuthToken?: string }
+  ): Promise<RegistryResponse> {
+    const authorization = this.genAuthorizationHeader(
+      optionalConfig?.remoteAuthToken
+    );
    const url = `${this.registry}/${encodeURIComponent(fullname)}/sync?sync_upstream=true&nodeps=true`;
    // {
    //   ok: true,
    //   logId: logId
    // };
-    return await this.request('PUT', url);
+    return await this.request('PUT', url, undefined, { authorization });
  }

  // app.get('/:name/sync/log/:id', sync.getSyncLog);
-  public async getSyncTask(fullname: string, id: string, offset: number) {
+  public async getSyncTask(
+    fullname: string,
+    id: string,
+    offset: number,
+    optionalConfig?: { remoteAuthToken?: string }
+  ): Promise<RegistryResponse> {
+    const authorization = this.genAuthorizationHeader(
+      optionalConfig?.remoteAuthToken
+    );
    const url = `${this.registry}/${encodeURIComponent(fullname)}/sync/log/${id}?offset=${offset}`;
    // { ok: true, syncDone: syncDone, log: log }
-    return await this.request('GET', url);
+    return await this.request('GET', url, undefined, { authorization });
  }

-  public async getDownloadRanges(registry: string, fullname: string, start: string, end: string) {
+  public async getDownloadRanges(
+    registry: string,
+    fullname: string,
+    start: string,
+    end: string,
+    optionalConfig?: { remoteAuthToken?: string }
+  ): Promise<RegistryResponse> {
+    const authorization = this.genAuthorizationHeader(
+      optionalConfig?.remoteAuthToken
+    );
    const url = `${registry}/downloads/range/${start}:${end}/${encodeURIComponent(fullname)}`;
-    return await this.request('GET', url);
+    return await this.request('GET', url, undefined, { authorization });
  }

-  private async request(method: HttpMethod, url: string, params?: object, options?: object) {
-    const res = await this.httpclient.request(url, {
+  private async request(
+    method: HttpMethod,
+    url: string,
+    params?: object,
+    options?: object
+  ): Promise<RegistryResponse> {
+    const res = (await this.httpClient.request(url, {
      method,
      data: params,
      dataType: 'json',
      timing: true,
+      retry: 3,
      timeout: this.timeout,
      followRedirect: true,
      gzip: true,
      ...options,
-    });
-    this.logger.info('[NPMRegistry:request] %s %s, status: %s', method, url, res.status);
-    return {
+    })) as HttpClientResponse;
+    this.logger.info(
+      '[NPMRegistry:request] %s %s, status: %s',
      method,
      url,
+      res.status
+    );
+    return {
+      method,
      ...res,
    };
  }
+
+  public genAuthorizationHeader(remoteAuthToken?: string) {
+    return remoteAuthToken ? `Bearer ${remoteAuthToken}` : '';
+  }
 }
--- a/app/common/adapter/binary/AbstractBinary.ts
+++ b/app/common/adapter/binary/AbstractBinary.ts
@@ -1,69 +1,108 @@
-import { EggContextHttpClient, EggLogger } from 'egg';
-import { BinaryTaskConfig } from '../../../../config/binaries';
+import {
+  Inject,
+  QualifierImplDecoratorUtil,
+  type ImplDecorator,
+  HttpClient,
+  Logger,
+} from 'egg';

-export type BinaryItem = {
+import type { BinaryType } from '../../enum/Binary.ts';
+import type {
+  BinaryName,
+  BinaryTaskConfig,
+} from '../../../../config/binaries.ts';
+
+const platforms = ['darwin', 'linux', 'win32'] as const;
+export interface BinaryItem {
  name: string;
  isDir: boolean;
  url: string;
  size: string | number;
  date: string;
  ignoreDownloadStatuses?: number[];
-};
+}

-export type FetchResult = {
+export interface FetchResult {
  items: BinaryItem[];
+  // oxlint-disable-next-line typescript-eslint/no-explicit-any
  nextParams?: any;
-};
+}
+
+export const BINARY_ADAPTER_ATTRIBUTE = Symbol('BINARY_ADAPTER_ATTRIBUTE');

 export abstract class AbstractBinary {
-  protected httpclient: EggContextHttpClient;
-  protected logger: EggLogger;
-  protected binaryConfig: BinaryTaskConfig;
+  @Inject()
+  protected logger: Logger;

-  constructor(httpclient: EggContextHttpClient, logger: EggLogger, binaryConfig: BinaryTaskConfig) {
-    this.httpclient = httpclient;
-    this.logger = logger;
-    this.binaryConfig = binaryConfig;
+  @Inject()
+  protected httpclient: HttpClient;
+
+  abstract initFetch(binaryName: BinaryName): Promise<void>;
+  abstract fetch(
+    dir: string,
+    binaryName: BinaryName,
+    lastData?: Record<string, unknown>
+  ): Promise<FetchResult | undefined>;
+
+  // eslint-disable-next-line @typescript-eslint/no-unused-vars
+  async finishFetch(_success: boolean, _binaryName: BinaryName): Promise<void> {
+    // do not thing by default
  }

-  abstract fetch(dir: string, params?: any): Promise<FetchResult | undefined>;
-
  protected async requestXml(url: string) {
    const { status, data, headers } = await this.httpclient.request(url, {
-      timeout: 20000,
+      timeout: 30_000,
      followRedirect: true,
      gzip: true,
    });
    const xml = data.toString() as string;
    if (status !== 200) {
-      this.logger.warn('[AbstractBinary.requestXml:non-200-status] url: %s, status: %s, headers: %j, xml: %j', url, status, headers, xml);
+      this.logger.warn(
+        '[AbstractBinary.requestXml:non-200-status] url: %s, status: %s, headers: %j, xml: %j',
+        url,
+        status,
+        headers,
+        xml
+      );
      return '';
    }
    return xml;
  }

-  protected async requestJSON(url: string) {
+  // oxlint-disable-next-line typescript-eslint/no-explicit-any
+  protected async requestJSON<T = any>(
+    url: string,
+    requestHeaders?: Record<string, string>
+  ): Promise<T> {
    const { status, data, headers } = await this.httpclient.request(url, {
-      timeout: 20000,
+      timeout: 30_000,
      dataType: 'json',
      followRedirect: true,
      gzip: true,
+      headers: requestHeaders,
    });
    if (status !== 200) {
-      this.logger.warn('[AbstractBinary.requestJSON:non-200-status] url: %s, status: %s, headers: %j', url, status, headers);
-      return data;
+      this.logger.warn(
+        '[AbstractBinary.requestJSON:non-200-status] url: %s, status: %s, headers: %j',
+        url,
+        status,
+        headers
+      );
+      return data as T;
    }
-    return data;
+    return data as T;
  }

  // https://nodejs.org/api/n-api.html#n_api_node_api_version_matrix
  protected async listNodeABIVersions() {
    const nodeABIVersions: number[] = [];
-    const versions = await this.requestJSON('https://nodejs.org/dist/index.json');
+    const versions = await this.requestJSON(
+      'https://nodejs.org/dist/index.json'
+    );
    for (const version of versions) {
      if (!version.modules) continue;
-      const modulesVersion = parseInt(version.modules);
-      // node v6.0.0 moduels 48 min
+      const modulesVersion = Number.parseInt(version.modules);
+      // node v6.0.0 modules 48 min
      if (modulesVersion >= 48 && !nodeABIVersions.includes(modulesVersion)) {
        nodeABIVersions.push(modulesVersion);
      }
@@ -73,25 +112,31 @@ export abstract class AbstractBinary {

  protected listNodePlatforms() {
    // https://nodejs.org/api/os.html#osplatform
-    return [ 'darwin', 'linux', 'win32' ];
+    return platforms;
  }

-  protected listNodeArchs() {
-    if (this.binaryConfig.options?.nodeArchs) return this.binaryConfig.options.nodeArchs;
+  protected listNodeArchs(binaryConfig?: BinaryTaskConfig) {
+    if (binaryConfig?.options?.nodeArchs) return binaryConfig.options.nodeArchs;
    // https://nodejs.org/api/os.html#osarch
    return {
-      linux: [ 'arm', 'arm64', 's390x', 'ia32', 'x64' ],
-      darwin: [ 'arm64', 'ia32', 'x64' ],
-      win32: [ 'ia32', 'x64' ],
+      linux: ['arm', 'arm64', 's390x', 'ia32', 'x64'],
+      darwin: ['arm64', 'ia32', 'x64'],
+      win32: ['ia32', 'x64'],
    };
  }

-  protected listNodeLibcs() {
+  protected listNodeLibcs(): Record<(typeof platforms)[number], string[]> {
    // https://github.com/lovell/detect-libc/blob/master/lib/detect-libc.js#L42
    return {
-      linux: [ 'glibc', 'musl' ],
-      darwin: [ 'unknown' ],
-      win32: [ 'unknown' ],
+      darwin: ['unknown'],
+      linux: ['glibc', 'musl'],
+      win32: ['unknown'],
    };
  }
 }
+
+export const BinaryAdapter: ImplDecorator<AbstractBinary, typeof BinaryType> =
+  QualifierImplDecoratorUtil.generatorDecorator(
+    AbstractBinary,
+    BINARY_ADAPTER_ATTRIBUTE
+  );
--- a/app/common/adapter/binary/ApiBinary.ts
+++ b/app/common/adapter/binary/ApiBinary.ts
@@ -1,19 +1,43 @@
-import { EggContextHttpClient, EggLogger } from 'egg';
-import { AbstractBinary, FetchResult, BinaryItem } from './AbstractBinary';
-import { BinaryTaskConfig } from '../../../../config/binaries';
+import { Inject, SingletonProto, EggAppConfig } from 'egg';

+import { BinaryType } from '../../enum/Binary.ts';
+import {
+  AbstractBinary,
+  BinaryAdapter,
+  type BinaryItem,
+  type FetchResult,
+} from './AbstractBinary.ts';
+
+@SingletonProto()
+@BinaryAdapter(BinaryType.Api)
 export class ApiBinary extends AbstractBinary {
-  private apiUrl: string;
-  constructor(httpclient: EggContextHttpClient, logger: EggLogger, binaryConfig: BinaryTaskConfig, apiUrl: string) {
-    super(httpclient, logger, binaryConfig);
-    this.apiUrl = apiUrl;
+  @Inject()
+  private readonly config: EggAppConfig;
+
+  async initFetch() {
+    // do nothing
+    return;
  }

-  async fetch(dir: string): Promise<FetchResult | undefined> {
-    const url = `${this.apiUrl}/${this.binaryConfig.category}${dir}`;
+  async fetch(
+    dir: string,
+    binaryName: string,
+    lastData?: Record<string, unknown>
+  ): Promise<FetchResult | undefined> {
+    const apiUrl =
+      this.config.cnpmcore.syncBinaryFromAPISource ||
+      `${this.config.cnpmcore.sourceRegistry}/-/binary`;
+    let url = `${apiUrl}/${binaryName}${dir}`;
+    if (lastData && lastData.lastSyncTime) {
+      url += `?since=${lastData.lastSyncTime}&limit=100`;
+    }
+
    const data = await this.requestJSON(url);
    if (!Array.isArray(data)) {
-      this.logger.warn('[ApiBinary.fetch:response-data-not-array] data: %j', data);
+      this.logger.warn(
+        '[ApiBinary.fetch:response-data-not-array] data: %j',
+        data
+      );
      return;
    }
    const items: BinaryItem[] = [];
@@ -22,6 +46,7 @@ export class ApiBinary extends AbstractBinary {
        name: item.name,
        isDir: item.type === 'dir',
        url: item.url,
+        // oxlint-disable-next-line unicorn/explicit-length-check
        size: item.size || '-',
        date: item.date,
      });
--- a/app/common/adapter/binary/BucketBinary.ts
+++ b/app/common/adapter/binary/BucketBinary.ts
@@ -1,22 +1,51 @@
-import path from 'path';
-import { AbstractBinary, FetchResult, BinaryItem } from './AbstractBinary';
+import path from 'node:path';

+import { SingletonProto } from 'egg';
+
+import binaries, {
+  type BinaryName,
+  type BinaryTaskConfig,
+} from '../../../../config/binaries.ts';
+import { BinaryType } from '../../enum/Binary.ts';
+import {
+  AbstractBinary,
+  BinaryAdapter,
+  type BinaryItem,
+  type FetchResult,
+} from './AbstractBinary.ts';
+
+@SingletonProto()
+@BinaryAdapter(BinaryType.Bucket)
 export class BucketBinary extends AbstractBinary {
-  async fetch(dir: string): Promise<FetchResult | undefined> {
-    // /foo/ => foo/
-    const subDir = dir.substring(1);
-    const url = `${this.binaryConfig.distUrl}?delimiter=/&prefix=${encodeURIComponent(subDir)}`;
-    const xml = await this.requestXml(url);
-    return { items: this.parseItems(xml, dir), nextParams: null };
+  async initFetch() {
+    // do nothing
+    return;
  }

-  protected parseItems(xml: string, dir: string) {
+  async fetch(
+    dir: string,
+    binaryName: BinaryName
+  ): Promise<FetchResult | undefined> {
+    // /foo/ => foo/
+    const binaryConfig = binaries[binaryName];
+    const subDir = dir.slice(1);
+    const url = `${binaryConfig.distUrl}?delimiter=/&prefix=${encodeURIComponent(subDir)}`;
+    const xml = await this.requestXml(url);
+    return { items: this.parseItems(xml, dir, binaryConfig), nextParams: null };
+  }
+
+  protected parseItems(
+    xml: string,
+    dir: string,
+    binaryConfig: BinaryTaskConfig
+  ): BinaryItem[] {
    const items: BinaryItem[] = [];
    // https://nwjs2.s3.amazonaws.com/?prefix=v0.59.0%2Fx64%2F
    // https://chromedriver.storage.googleapis.com/?delimiter=/&prefix=
    // <Contents><Key>2.0/chromedriver_linux32.zip</Key><Generation>1380149859530000</Generation><MetaGeneration>2</MetaGeneration><LastModified>2013-09-25T22:57:39.349Z</LastModified><ETag>"c0d96102715c4916b872f91f5bf9b12c"</ETag><Size>7262134</Size><Owner/></Contents><Contents>
    // <Contents><Key>v0.59.0/nwjs-v0.59.0-linux-ia32.tar.gz</Key><LastModified>2015-11-02T02:34:18.000Z</LastModified><ETag>&quot;b1b7a52928e9f874bad0cabf7f74ba8e&quot;</ETag><Size>22842</Size><StorageClass>STANDARD</StorageClass></Contents>
-    const fileRe = /<Contents><Key>([^<]+?)<\/Key>(?:<Generation>\d+?<\/Generation>)?(?:<MetaGeneration>\d+?<\/MetaGeneration>)?<LastModified>([^<]+?)<\/LastModified><ETag>[^<]+?<\/ETag><Size>(\d+?)<\/Size>/g;
+    const fileRe =
+      /<Contents><Key>([^<]+?)<\/Key>(?:<Generation>\d+?<\/Generation>)?(?:<MetaGeneration>\d+?<\/MetaGeneration>)?<LastModified>([^<]+?)<\/LastModified><ETag>[^<]+?<\/ETag><Size>(\d+?)<\/Size>/g;
    let matchs = xml.matchAll(fileRe);
    for (const m of matchs) {
      const fullname = m[1].trim();
@@ -31,17 +60,18 @@ export class BucketBinary extends AbstractBinary {

      const name = path.basename(fullname);
      const date = m[2].trim();
-      const size = parseInt(m[3].trim());
+      const size = Number.parseInt(m[3].trim());
      items.push({
        name,
        isDir: false,
-        url: `${this.binaryConfig.distUrl}${fullname}`,
+        url: `${binaryConfig.distUrl}${fullname}`,
        size,
        date,
      });
    }
    // <CommonPrefixes><Prefix>v0.59.0/x64/</Prefix></CommonPrefixes>
-    const dirRe = /<CommonPrefixes><Prefix>([^<]+?)<\/Prefix><\/CommonPrefixes>/g;
+    const dirRe =
+      /<CommonPrefixes><Prefix>([^<]+?)<\/Prefix><\/CommonPrefixes>/g;
    matchs = xml.matchAll(dirRe);
    for (const m of matchs) {
      // <Prefix>AWSLogs/</Prefix>
@@ -50,11 +80,11 @@ export class BucketBinary extends AbstractBinary {
      const fullname = m[1].trim();
      const name = `${path.basename(fullname)}/`;
      const fullpath = `${dir}${name}`;
-      if (this.binaryConfig.ignoreDirs?.includes(fullpath)) continue;
+      if (binaryConfig.ignoreDirs?.includes(fullpath)) continue;
      let date = '-';
      // root dir children, should set date to '2022-04-19T01:00:00Z', sync per hour
      if (dir === '/') {
-        date = new Date().toISOString().split(':', 1)[0] + ':00:00Z';
+        date = `${new Date().toISOString().split(':', 1)[0]}:00:00Z`;
      }
      items.push({
        name,
--- a/app/common/adapter/binary/ChromeForTestingBinary.ts
+++ b/app/common/adapter/binary/ChromeForTestingBinary.ts
@@ -0,0 +1,180 @@
+import { basename } from 'node:path';
+
+import { SingletonProto } from 'egg';
+
+import { BinaryType } from '../../enum/Binary.ts';
+import {
+  AbstractBinary,
+  BinaryAdapter,
+  type BinaryItem,
+  type FetchResult,
+} from './AbstractBinary.ts';
+
+@SingletonProto()
+@BinaryAdapter(BinaryType.ChromeForTesting)
+export class ChromeForTestingBinary extends AbstractBinary {
+  static lastTimestamp = '';
+  #timestamp = '';
+
+  private dirItems?: {
+    [key: string]: BinaryItem[];
+  };
+
+  async initFetch() {
+    this.dirItems = undefined;
+  }
+
+  async finishFetch(success: boolean) {
+    if (
+      success &&
+      this.#timestamp &&
+      ChromeForTestingBinary.lastTimestamp !== this.#timestamp
+    ) {
+      ChromeForTestingBinary.lastTimestamp = this.#timestamp;
+    }
+  }
+
+  async #syncDirItems() {
+    this.dirItems = {};
+    this.dirItems['/'] = [];
+    const jsonApiEndpoint =
+      'https://googlechromelabs.github.io/chrome-for-testing/known-good-versions-with-downloads.json';
+    const { data, status, headers } = await this.httpclient.request(
+      jsonApiEndpoint,
+      {
+        dataType: 'json',
+        timeout: 30_000,
+        followRedirect: true,
+        gzip: true,
+      }
+    );
+    if (status !== 200) {
+      this.logger.warn(
+        '[ChromeForTestingBinary.request:non-200-status] url: %s, status: %s, headers: %j, data: %j',
+        jsonApiEndpoint,
+        status,
+        headers,
+        data
+      );
+      return;
+    }
+    this.#timestamp = data.timestamp;
+    const hasNewData = this.#timestamp !== ChromeForTestingBinary.lastTimestamp;
+    this.logger.info(
+      '[ChromeForTestingBinary] remote data timestamp: %j, last timestamp: %j, hasNewData: %s',
+      this.#timestamp,
+      ChromeForTestingBinary.lastTimestamp,
+      hasNewData
+    );
+    if (!hasNewData) {
+      return;
+    }
+
+    this.dirItems['/'].push({
+      name: 'known-good-versions-with-downloads.json',
+      date: data.timestamp,
+      size: '-',
+      isDir: false,
+      url: jsonApiEndpoint,
+    });
+    this.dirItems['/'].push({
+      name: 'latest-patch-versions-per-build.json',
+      date: data.timestamp,
+      size: '-',
+      isDir: false,
+      url: 'https://googlechromelabs.github.io/chrome-for-testing/latest-patch-versions-per-build.json',
+    });
+    this.dirItems['/'].push({
+      name: 'last-known-good-versions.json',
+      date: data.timestamp,
+      size: '-',
+      isDir: false,
+      url: 'https://googlechromelabs.github.io/chrome-for-testing/last-known-good-versions.json',
+    });
+
+    // "timestamp": "2023-09-16T00:21:21.964Z",
+    // "versions": [
+    //   {
+    //     "version": "113.0.5672.0",
+    //     "revision": "1121455",
+    //     "downloads": {
+    //       "chrome": [
+    //         {
+    //           "platform": "linux64",
+    //           "url": "https://edgedl.me.gvt1.com/edgedl/chrome/chrome-for-testing/113.0.5672.0/linux64/chrome-linux64.zip"
+    //         },
+    //         {
+    //           "platform": "mac-arm64",
+    //           "url": "https://edgedl.me.gvt1.com/edgedl/chrome/chrome-for-testing/113.0.5672.0/mac-arm64/chrome-mac-arm64.zip"
+    //         },
+    //         {
+    //           "platform": "mac-x64",
+    //           "url": "https://edgedl.me.gvt1.com/edgedl/chrome/chrome-for-testing/113.0.5672.0/mac-x64/chrome-mac-x64.zip"
+    //         },
+    //         {
+    //           "platform": "win32",
+    //           "url": "https://edgedl.me.gvt1.com/edgedl/chrome/chrome-for-testing/113.0.5672.0/win32/chrome-win32.zip"
+    //         },
+    //         {
+    //           "platform": "win64",
+    //           "url": "https://edgedl.me.gvt1.com/edgedl/chrome/chrome-for-testing/113.0.5672.0/win64/chrome-win64.zip"
+    //         }
+    //       ]
+    //     }
+    //   },
+    const versions = data.versions as {
+      version: string;
+      revision: string;
+      downloads: {
+        [key: string]: {
+          platform: string;
+          url: string;
+        }[];
+      };
+    }[];
+    for (const item of versions) {
+      this.dirItems['/'].push({
+        name: `${item.version}/`,
+        date: item.revision,
+        size: '-',
+        isDir: true,
+        url: '',
+      });
+      const versionDir = `/${item.version}/`;
+      if (!this.dirItems[versionDir]) {
+        this.dirItems[versionDir] = [];
+      }
+      for (const category in item.downloads) {
+        const downloads = item.downloads[category];
+        for (const download of downloads) {
+          const platformDir = `${versionDir}${download.platform}/`;
+          if (!this.dirItems[platformDir]) {
+            this.dirItems[platformDir] = [];
+            this.dirItems[versionDir].push({
+              name: `${download.platform}/`,
+              date: item.revision,
+              size: '-',
+              isDir: true,
+              url: '',
+            });
+          }
+          this.dirItems[platformDir].push({
+            name: basename(download.url),
+            date: data.timestamp,
+            size: '-',
+            isDir: false,
+            url: download.url,
+          });
+        }
+      }
+    }
+  }
+
+  async fetch(dir: string): Promise<FetchResult | undefined> {
+    // use https://github.com/GoogleChromeLabs/chrome-for-testing#json-api-endpoints
+    if (!this.dirItems) {
+      await this.#syncDirItems();
+    }
+    return { items: this.dirItems?.[dir] ?? [], nextParams: null };
+  }
+}
--- a/app/common/adapter/binary/CypressBinary.ts
+++ b/app/common/adapter/binary/CypressBinary.ts
@@ -1,9 +1,23 @@
-import { AbstractBinary, FetchResult, BinaryItem } from './AbstractBinary';
+import { SingletonProto } from 'egg';

+import { BinaryType } from '../../enum/Binary.ts';
+import {
+  AbstractBinary,
+  BinaryAdapter,
+  type BinaryItem,
+  type FetchResult,
+} from './AbstractBinary.ts';
+
+@SingletonProto()
+@BinaryAdapter(BinaryType.Cypress)
 export class CypressBinary extends AbstractBinary {
-  private dirItems: {
+  private dirItems?: {
    [key: string]: BinaryItem[];
-  };
+  } | null;
+
+  async initFetch() {
+    this.dirItems = undefined;
+  }

  async fetch(dir: string): Promise<FetchResult | undefined> {
    if (!this.dirItems) {
@@ -12,7 +26,7 @@ export class CypressBinary extends AbstractBinary {
      this.dirItems = {};
      this.dirItems['/'] = [];
      for (const version in data.versions) {
-        const major = parseInt(version.split('.', 1)[0]);
+        const major = Number.parseInt(version.split('.', 1)[0]);
        // need >= 4.0.0
        // https://npmmirror.com/mirrors/cypress/4.0.0/
        if (major < 4) continue;
@@ -31,10 +45,26 @@ export class CypressBinary extends AbstractBinary {
        // "https://cdn.cypress.io/desktop/4.0.0/darwin-x64/cypress.zip"
        // "https://cdn.cypress.io/desktop/4.0.0/linux-x64/cypress.zip"
        // "https://cdn.cypress.io/desktop/4.0.0/win32-x64/cypress.zip"
+        // "https://cdn.cypress.io/desktop/9.2.0/darwin-arm64/cypress.zip"
        // "https://cdn.cypress.io/desktop/9.2.0/darwin-x64/cypress.zip"
        // "https://cdn.cypress.io/desktop/9.2.0/linux-x64/cypress.zip"
+        // "https://cdn.cypress.io/desktop/9.2.0/linux-arm64/cypress.zip"
        // "https://cdn.cypress.io/desktop/9.2.0/win32-x64/cypress.zip"
-        const platforms = [ 'darwin-x64', 'linux-x64', 'win32-x64' ];
+        // https://github.com/cypress-io/cypress/blob/develop/scripts/binary/index.js#L146
+        // const systems = [
+        //   { platform: 'linux', arch: 'x64' },
+        //   { platform: 'linux', arch: 'arm64' },
+        //   { platform: 'darwin', arch: 'x64' },
+        //   { platform: 'darwin', arch: 'arm64' },
+        //   { platform: 'win32', arch: 'x64' },
+        // ]
+        const platforms = [
+          'darwin-x64',
+          'darwin-arm64',
+          'linux-x64',
+          'linux-arm64',
+          'win32-x64',
+        ];
        for (const platform of platforms) {
          this.dirItems[subDir].push({
            name: `${platform}/`,
--- a/app/common/adapter/binary/EdgedriverBinary.ts
+++ b/app/common/adapter/binary/EdgedriverBinary.ts
@@ -0,0 +1,227 @@
+import path from 'node:path';
+
+import { SingletonProto } from 'egg';
+
+import {
+  AbstractBinary,
+  BinaryAdapter,
+  type BinaryItem,
+  type FetchResult,
+} from './AbstractBinary.ts';
+import { BinaryType } from '../../enum/Binary.ts';
+
+@SingletonProto()
+@BinaryAdapter(BinaryType.Edgedriver)
+export class EdgedriverBinary extends AbstractBinary {
+  private dirItems?: {
+    [key: string]: BinaryItem[];
+  };
+
+  async initFetch() {
+    this.dirItems = undefined;
+  }
+
+  async #syncDirItems() {
+    this.dirItems = {};
+    this.dirItems['/'] = [];
+    const jsonApiEndpoint = 'https://edgeupdates.microsoft.com/api/products';
+    const { data, status, headers } = await this.httpclient.request(
+      jsonApiEndpoint,
+      {
+        dataType: 'json',
+        timeout: 30_000,
+        followRedirect: true,
+        gzip: true,
+      }
+    );
+    if (status !== 200) {
+      this.logger.warn(
+        '[EdgedriverBinary.request:non-200-status] url: %s, status: %s, headers: %j, data: %j',
+        jsonApiEndpoint,
+        status,
+        headers,
+        data
+      );
+      return;
+    }
+    this.logger.info('[EdgedriverBinary] remote data length: %s', data.length);
+    // [
+    //   {
+    //     "Product": "Stable",
+    //     "Releases": [
+    //       {
+    //         "ReleaseId": 73376,
+    //         "Platform": "iOS",
+    //         "Architecture": "arm64",
+    //         "CVEs": [],
+    //         "ProductVersion": "124.0.2478.89",
+    //         "Artifacts": [],
+    //         "PublishedTime": "2024-05-07T02:57:00",
+    //         "ExpectedExpiryDate": "2025-05-07T02:57:00"
+    //       },
+    //       {
+    //         "ReleaseId": 73629,
+    //         "Platform": "Windows",
+    //         "Architecture": "x86",
+    //         "CVEs": [
+    //           "CVE-2024-4559",
+    //           "CVE-2024-4671"
+    //         ],
+    //         "ProductVersion": "124.0.2478.97",
+    //         "Artifacts": [
+    //           {
+    //             "ArtifactName": "msi",
+    //             "Location": "https://msedge.sf.dl.delivery.mp.microsoft.com/filestreamingservice/files/aa1c9fe3-bb9c-4a80-9ff7-5c109701fbfe/MicrosoftEdgeEnterpriseX86.msi",
+    //             "Hash": "4CEF7B907D3E2371E953C41190E32C3560CEE7D3F16D7550CA156DC976EBCB80",
+    //             "HashAlgorithm": "SHA256",
+    //             "SizeInBytes": 162029568
+    //           }
+    //         ],
+    //         "PublishedTime": "2024-05-11T06:47:00",
+    //         "ExpectedExpiryDate": "2025-05-10T16:59:00"
+    //       },
+    //       {
+    //         "ReleaseId": 73630,
+    //         "Platform": "Linux",
+    //         "Architecture": "x64",
+    //         "CVEs": [
+    //           "CVE-2024-4559"
+    //         ],
+    //         "ProductVersion": "124.0.2478.97",
+    //         "Artifacts": [
+    //           {
+    //             "ArtifactName": "rpm",
+    //             "Location": "https://packages.microsoft.com/yumrepos/edge/microsoft-edge-stable-124.0.2478.97-1.x86_64.rpm",
+    //             "Hash": "32D9C333544DDD9C56FED54844E89EF00F3E5620942C07B9B68D214016687895",
+    //             "HashAlgorithm": "SHA256",
+    //             "SizeInBytes": 169877932
+    //           },
+    //           {
+    //             "ArtifactName": "deb",
+    //             "Location": "https://packages.microsoft.com/repos/edge/pool/main/m/microsoft-edge-stable/microsoft-edge-stable_124.0.2478.97-1_amd64.deb",
+    //             "Hash": "85D0AD1D63847B3DD54F0F214D18A2B54462BB43291536E773AD1B8B29BBF799",
+    //             "HashAlgorithm": "SHA256",
+    //             "SizeInBytes": 167546042
+    //           }
+    //         ],
+    //         "PublishedTime": "2024-05-10T17:01:00",
+    //         "ExpectedExpiryDate": "2025-05-10T17:01:00"
+    //       },
+    // {
+    //   "Product": "EdgeUpdate",
+    //   "Releases": [
+    //     {
+    //       "ReleaseId": 73493,
+    //       "Platform": "Windows",
+    //       "Architecture": "x86",
+    //       "CVEs": [],
+    //       "ProductVersion": "1.3.187.37",
+    //       "Artifacts": [
+    //         {
+    //           "ArtifactName": "exe",
+    //           "Location": "https://msedge.sf.dl.delivery.mp.microsoft.com/filestreamingservice/files/a2fa84fe-796b-4f80-b1cd-f4d1f5731aa8/MicrosoftEdgeUpdateSetup_X86_1.3.187.37.exe",
+    //           "Hash": "503088D22461FEE5D7B6B011609D73FFD5869D3ACE1DBB0F00F8F3B9D122C514",
+    //           "HashAlgorithm": "SHA256",
+    //           "SizeInBytes": 1622072
+    //         }
+    //       ],
+    //       "PublishedTime": "2024-05-08T05:44:00",
+    //       "ExpectedExpiryDate": "2025-05-08T05:44:00"
+    //     }
+    //   ]
+    // }
+    const products = data as {
+      Product: string;
+      Releases: {
+        ReleaseId: number;
+        Platform: string;
+        Architecture: string;
+        CVEs: string[];
+        ProductVersion: string;
+        Artifacts: {
+          ArtifactName: string;
+          Location: string;
+          Hash: string;
+          HashAlgorithm: string;
+          SizeInBytes: string;
+        }[];
+        PublishedTime: string;
+        ExpectedExpiryDate: string;
+      }[];
+    }[];
+    const existsVersions = new Set<string>();
+    for (const product of products) {
+      if (product.Product === 'EdgeUpdate') continue;
+      for (const release of product.Releases) {
+        if (!release.Artifacts || release.Artifacts.length === 0) continue;
+        if (existsVersions.has(release.ProductVersion)) continue;
+        this.dirItems['/'].push({
+          name: `${release.ProductVersion}/`,
+          date: release.PublishedTime,
+          size: '-',
+          isDir: true,
+          url: '',
+        });
+        existsVersions.add(release.ProductVersion);
+      }
+    }
+  }
+
+  async fetch(dir: string): Promise<FetchResult | undefined> {
+    if (!this.dirItems) {
+      await this.#syncDirItems();
+    }
+    // fetch root dir
+    if (dir === '/') {
+      return { items: this.dirItems?.[dir] ?? [], nextParams: null };
+    }
+
+    // fetch sub dir
+    // /foo/ => foo/
+    const subDir = dir.slice(1);
+    // https://msedgewebdriverstorage.blob.core.windows.net/edgewebdriver?prefix=124.0.2478.97/&delimiter=/&maxresults=100&restype=container&comp=list
+    const url = `https://msedgewebdriverstorage.blob.core.windows.net/edgewebdriver?prefix=${encodeURIComponent(subDir)}&delimiter=/&maxresults=100&restype=container&comp=list`;
+    const xml = await this.requestXml(url);
+    return { items: this.#parseItems(xml), nextParams: null };
+  }
+
+  #parseItems(xml: string): BinaryItem[] {
+    const items: BinaryItem[] = [];
+    // <Blob><Name>124.0.2478.97/edgedriver_arm64.zip</Name><Url>https://msedgewebdriverstorage.blob.core.windows.net/edgewebdriver/124.0.2478.97/edgedriver_arm64.zip</Url><Properties><Last-Modified>Fri, 10 May 2024 18:35:44 GMT</Last-Modified><Etag>0x8DC712000713C13</Etag><Content-Length>9191362</Content-Length><Content-Type>application/octet-stream</Content-Type><Content-Encoding /><Content-Language /><Content-MD5>1tjPTf5JU6KKB06Qf1JOGw==</Content-MD5><Cache-Control /><BlobType>BlockBlob</BlobType><LeaseStatus>unlocked</LeaseStatus></Properties></Blob>
+    const fileRe =
+      /<Blob><Name>([^<]+?)<\/Name><Url>([^<]+?)<\/Url><Properties><Last-Modified>([^<]+?)<\/Last-Modified><Etag>(?:[^<]+?)<\/Etag><Content-Length>(\d+)<\/Content-Length>/g;
+    const matchItems = xml.matchAll(fileRe);
+    for (const m of matchItems) {
+      const fullname = m[1].trim();
+      // <Blob>
+      //   <Name>124.0.2478.97/edgedriver_arm64.zip</Name>
+      //   <Url>https://msedgewebdriverstorage.blob.core.windows.net/edgewebdriver/124.0.2478.97/edgedriver_arm64.zip</Url>
+      //   <Properties>
+      //     <Last-Modified>Fri, 10 May 2024 18:35:44 GMT</Last-Modified>
+      //     <Etag>0x8DC712000713C13</Etag>
+      //     <Content-Length>9191362</Content-Length>
+      //     <Content-Type>application/octet-stream</Content-Type>
+      //     <Content-Encoding/>
+      //     <Content-Language/>
+      //     <Content-MD5>1tjPTf5JU6KKB06Qf1JOGw==</Content-MD5>
+      //     <Cache-Control/>
+      //     <BlobType>BlockBlob</BlobType>
+      //     <LeaseStatus>unlocked</LeaseStatus>
+      //   </Properties>
+      // </Blob>
+      // ignore size = 0 dir
+      const name = path.basename(fullname);
+      const url = m[2].trim();
+      const date = m[3].trim();
+      const size = Number.parseInt(m[4].trim());
+      items.push({
+        name,
+        isDir: false,
+        url,
+        size,
+        date,
+      });
+    }
+    return items;
+  }
+}
--- a/app/common/adapter/binary/ElectronBinary.ts
+++ b/app/common/adapter/binary/ElectronBinary.ts
@@ -1,9 +1,22 @@
-import { BinaryItem, FetchResult } from './AbstractBinary';
-import { GithubBinary } from './GithubBinary';
+import { SingletonProto } from 'egg';

+import binaries, { type BinaryName } from '../../../../config/binaries.ts';
+import { BinaryType } from '../../enum/Binary.ts';
+import { GithubBinary } from './GithubBinary.ts';
+import {
+  BinaryAdapter,
+  type BinaryItem,
+  type FetchResult,
+} from './AbstractBinary.ts';
+
+@SingletonProto()
+@BinaryAdapter(BinaryType.Electron)
 export class ElectronBinary extends GithubBinary {
-  async fetch(dir: string): Promise<FetchResult | undefined> {
-    const releases = await this.initReleases();
+  async fetch(
+    dir: string,
+    binaryName: BinaryName = 'electron'
+  ): Promise<FetchResult | undefined> {
+    const releases = await this.initReleases(binaryName, binaries.electron);
    if (!releases) return;

    let items: BinaryItem[] = [];
@@ -19,7 +32,7 @@ export class ElectronBinary extends GithubBinary {
        // v14.2.6 => 14.2.6
        if (/^v\d+?\./.test(item.tag_name)) {
          items.push({
-            name: `${item.tag_name.substring(1)}/`,
+            name: `${item.tag_name.slice(1)}/`,
            isDir: true,
            url: item.url,
            size: '-',
@@ -29,8 +42,11 @@ export class ElectronBinary extends GithubBinary {
      }
    } else {
      for (const item of releases) {
-        if (dir === `/${item.tag_name}/` || dir === `/${item.tag_name.substring(1)}/`) {
-          items = this.formatItems(item);
+        if (
+          dir === `/${item.tag_name}/` ||
+          dir === `/${item.tag_name.slice(1)}/`
+        ) {
+          items = this.formatItems(item, binaries.electron);
          break;
        }
      }
--- a/app/common/adapter/binary/FirefoxBinary.ts
+++ b/app/common/adapter/binary/FirefoxBinary.ts
@@ -0,0 +1,145 @@
+import { basename } from 'node:path';
+
+import { SingletonProto } from 'egg';
+
+import binaries, { type BinaryName } from '../../../../config/binaries.ts';
+import { BinaryType } from '../../enum/Binary.ts';
+import {
+  AbstractBinary,
+  BinaryAdapter,
+  type BinaryItem,
+  type FetchResult,
+} from './AbstractBinary.ts';
+
+@SingletonProto()
+@BinaryAdapter(BinaryType.Firefox)
+export class FirefoxBinary extends AbstractBinary {
+  async initFetch() {
+    // do nothing
+    return;
+  }
+
+  // Only fetch Firefox versions >= 100.0.0 to avoid too old versions
+  async fetch(
+    dir: string,
+    binaryName: BinaryName
+  ): Promise<FetchResult | undefined> {
+    const binaryConfig = binaries[binaryName];
+    const url = `${binaryConfig.distUrl}${dir}`;
+    const html = await this.requestXml(url);
+
+    // Mozilla archive has format like:
+    // <tr>
+    //         <td>Dir</td>
+    //         <td><a href="/pub/firefox/releases/131.0.3/update/">update/</a></td>
+    //         <td></td>
+    //         <td></td>
+    // </tr>
+    // <tr>
+    //         <td>File</td>
+    //         <td><a href="/pub/firefox/releases/131.0.3/SHA256SUMS.asc">SHA256SUMS.asc</a></td>
+    //         <td>833</td>
+    //         <td>12-Apr-2025 08:52</td>
+    // </tr>
+
+    // Parse Mozilla directory listing format - handles two different formats:
+    // Format 1 (main index): <td><a href="/path/">name/</a></td>
+    // Format 2 (version dir): <td>Type</td><td><a href="/path/">name</a></td><td>size</td><td>date</td>
+    
+    // Try the detailed format first (with Type/Size/Date columns)
+    const detailedRe = /<tr>\s*<td>(Dir|File)<\/td>\s*<td><a href="([^"]+?)"[^>]*?>[^<]+?<\/a><\/td>\s*<td>([^<]*?)<\/td>\s*<td>([^<]*?)<\/td>\s*<\/tr>/gi;
+    const detailedMatches = Array.from(html.matchAll(detailedRe));
+    
+    let matchs: RegExpMatchArray[];
+    let useDetailedFormat = false;
+    
+    if (detailedMatches.length > 0) {
+      // Use detailed format
+      matchs = detailedMatches;
+      useDetailedFormat = true;
+    } else {
+      // Fallback to simple format
+      const simpleRe = /<td><a href="([^"]+?)"[^>]*?>[^<]+?<\/a><\/td>/gi;
+      matchs = Array.from(html.matchAll(simpleRe));
+    }
+    
+    const items: BinaryItem[] = [];
+    
+    for (const m of matchs) {
+      let href: string;
+      let isDir: boolean;
+      let size: string;
+      let date: string;
+      
+      if (useDetailedFormat) {
+        // Detailed format: [fullMatch, type, href, size, date]
+        const type = m[1]; // "Dir" or "File"
+        href = m[2];
+        size = m[3].trim() || '-';
+        date = m[4].trim() || '-';
+        isDir = type === 'Dir';
+      } else {
+        // Simple format: [fullMatch, href]
+        href = m[1];
+        isDir = href.endsWith('/');
+        size = '-';
+        date = '-';
+      }
+      
+      // Extract the name from the href path
+      // href could be "/pub/firefox/releases/130.0/" or just "130.0/"
+      let name = href;
+      if (href.startsWith('/')) {
+        // Extract the last part of the path
+        const parts = href.split('/').filter(Boolean);
+        name = parts[parts.length - 1] ?? '';
+        if (href.endsWith('/')) {
+          name += '/';
+        }
+      }
+      
+      if (!isDir) {
+        // Keep the full name for files
+        name = basename(name);
+      }
+      
+      // Skip parent directory links
+      if (name === '../' || href === '/pub/firefox/' || href.endsWith('/..') || href === '/pub/firefox/releases/') continue;
+      
+      // Filter out old Firefox versions (< 100.0.0) for directories - apply to main index (root directory)
+      if (isDir && name !== '../' && dir === '/') {
+        const versionName = name.slice(0, -1); // Remove trailing '/'
+        // Skip non-version directories that are just special names
+        if (/^\d+\.\d+/.test(versionName)) {
+          try {
+            const major = Number.parseInt(versionName.split('.')[0]);
+            if (major < 100) {
+              continue; // Skip versions < 100.0.0
+            }
+          } catch {
+            // If version parsing fails, skip this directory
+            continue;
+          }
+        }
+        // Also skip named directories that aren't version numbers
+        else if (!['latest', 'latest-beta', 'latest-esr'].includes(versionName)) {
+          continue;
+        }
+      }
+      
+      const fileUrl = isDir ? '' : `${url}${name}`;
+      if (binaryConfig.ignoreFiles?.includes(`${dir}${name}`)) continue;
+
+      const item = {
+        name,
+        isDir,
+        url: fileUrl,
+        size,
+        date,
+        ignoreDownloadStatuses: binaryConfig.options?.ignoreDownloadStatuses,
+      };
+      items.push(item);
+    }
+    return { items, nextParams: null };
+  }
+}
--- a/app/common/adapter/binary/GithubBinary.ts
+++ b/app/common/adapter/binary/GithubBinary.ts
@@ -1,35 +1,64 @@
-import { AbstractBinary, FetchResult, BinaryItem } from './AbstractBinary';
+import { SingletonProto } from 'egg';

+import binaries, { type BinaryName, type BinaryTaskConfig } from '../../../../config/binaries.ts';
+import { BinaryType } from '../../enum/Binary.ts';
+import { AbstractBinary, BinaryAdapter, type BinaryItem, type FetchResult } from './AbstractBinary.ts';
+
+@SingletonProto()
+@BinaryAdapter(BinaryType.GitHub)
 export class GithubBinary extends AbstractBinary {
-  private releases?: any[];
+  // oxlint-disable-next-line typescript-eslint/no-explicit-any
+  private releases: Record<string, any[] | undefined> = {};

-  protected async initReleases() {
-    if (!this.releases) {
+  async initFetch(binaryName: BinaryName) {
+    this.releases[binaryName] = undefined;
+  }
+
+  protected async initReleases(binaryName: BinaryName, binaryConfig: BinaryTaskConfig) {
+    if (!this.releases[binaryName]) {
      // https://docs.github.com/en/rest/reference/releases get three pages
      // https://api.github.com/repos/electron/electron/releases
      // https://api.github.com/repos/electron/electron/releases?per_page=100&page=3
+      // oxlint-disable-next-line typescript-eslint/no-explicit-any
      let releases: any[] = [];
-      const maxPage = this.binaryConfig.options?.maxPage || 1;
+      const maxPage = binaryConfig.options?.maxPage || 1;
+      const perPage = binaryConfig.options?.perPage || 100;
      for (let i = 0; i < maxPage; i++) {
-        const url = `https://api.github.com/repos/${this.binaryConfig.repo}/releases?per_page=100&page=${i + 1}`;
-        const data = await this.requestJSON(url);
+        const url = `https://api.github.com/repos/${binaryConfig.repo}/releases?per_page=${perPage}&page=${i + 1}`;
+        const requestHeaders: Record<string, string> = {};
+        if (process.env.GITHUB_TOKEN) {
+          requestHeaders.Authorization = `token ${process.env.GITHUB_TOKEN}`;
+        }
+        const data = await this.requestJSON(url, requestHeaders);
        if (!Array.isArray(data)) {
+          // {"message":"API rate limit exceeded for 47.57.239.54. (But here's the good news: Authenticated requests get a higher rate limit. Check out the documentation for more details.)","documentation_url":"https://docs.github.com/rest/overview/resources-in-the-rest-api#rate-limiting"}
+          if (typeof data?.message === 'string' && data.message.includes('rate limit')) {
+            this.logger.info('[GithubBinary.fetch:hit-rate-limit] skip sync this time, data: %j, url: %s', data, url);
+            return;
+          }
          this.logger.warn('[GithubBinary.fetch:response-data-not-array] data: %j, url: %s', data, url);
          return;
        }
        releases = releases.concat(data);
      }
-      this.releases = releases;
+      this.releases[binaryName] = releases;
    }
-    return this.releases;
+    return this.releases[binaryName];
  }

-  protected formatItems(releaseItem: any) {
+  // oxlint-disable-next-line typescript-eslint/no-explicit-any
+  protected formatItems(releaseItem: any, binaryConfig: BinaryTaskConfig) {
    const items: BinaryItem[] = [];
-    // 200MB
-    const maxFileSize = 1024 * 1024 * 200;
+    // 250MB
+    const maxFileSize = 1024 * 1024 * 250;
    for (const asset of releaseItem.assets) {
-      if (asset.size > maxFileSize) continue;
+      if (asset.size > maxFileSize) {
+        this.logger.info(
+          '[GithubBinary.formatItems] asset reach max file size(> 250MB), ignore download it, asset: %j',
+          asset
+        );
+        continue;
+      }
      items.push({
        name: asset.name,
        isDir: false,
@@ -45,7 +74,7 @@ export class GithubBinary extends AbstractBinary {
      items.push({
        name: `${releaseItem.tag_name}.tar.gz`,
        isDir: false,
-        url: `https://github.com/${this.binaryConfig.repo}/archive/${releaseItem.tag_name}.tar.gz`,
+        url: `https://github.com/${binaryConfig.repo}/archive/${releaseItem.tag_name}.tar.gz`,
        size: '-',
        date: releaseItem.published_at,
      });
@@ -54,7 +83,7 @@ export class GithubBinary extends AbstractBinary {
      items.push({
        name: `${releaseItem.tag_name}.zip`,
        isDir: false,
-        url: `https://github.com/${this.binaryConfig.repo}/archive/${releaseItem.tag_name}.zip`,
+        url: `https://github.com/${binaryConfig.repo}/archive/${releaseItem.tag_name}.zip`,
        size: '-',
        date: releaseItem.published_at,
      });
@@ -62,8 +91,9 @@ export class GithubBinary extends AbstractBinary {
    return items;
  }

-  async fetch(dir: string): Promise<FetchResult | undefined> {
-    const releases = await this.initReleases();
+  async fetch(dir: string, binaryName: BinaryName): Promise<FetchResult | undefined> {
+    const binaryConfig = binaries[binaryName];
+    const releases = await this.initReleases(binaryName, binaryConfig);
    if (!releases) return;

    let items: BinaryItem[] = [];
@@ -80,7 +110,7 @@ export class GithubBinary extends AbstractBinary {
    } else {
      for (const item of releases) {
        if (dir === `/${item.tag_name}/`) {
-          items = this.formatItems(item);
+          items = this.formatItems(item, binaryConfig);
          break;
        }
      }
--- a/app/common/adapter/binary/ImageminBinary.ts
+++ b/app/common/adapter/binary/ImageminBinary.ts
@@ -1,94 +1,110 @@
-import { AbstractBinary, FetchResult, BinaryItem } from './AbstractBinary';
+import { SingletonProto } from 'egg';

+import binaries, { type BinaryName } from '../../../../config/binaries.ts';
+import { BinaryType } from '../../enum/Binary.ts';
+import {
+  AbstractBinary,
+  BinaryAdapter,
+  type BinaryItem,
+  type FetchResult,
+} from './AbstractBinary.ts';
+
+@SingletonProto()
+@BinaryAdapter(BinaryType.Imagemin)
 export class ImageminBinary extends AbstractBinary {
-  private dirItems: {
-    [key: string]: BinaryItem[];
-  };
+  async initFetch() {
+    // do nothing
+    return;
+  }

-  async fetch(dir: string): Promise<FetchResult | undefined> {
-    if (!this.dirItems) {
-      this.dirItems = {};
-      const npmPackageName = this.binaryConfig.options?.npmPackageName ?? this.binaryConfig.category;
-      const pkgUrl = `https://registry.npmjs.com/${npmPackageName}`;
-      const data = await this.requestJSON(pkgUrl);
-      this.dirItems = {};
-      this.dirItems['/'] = [];
-      // mini version 4.0.0
-      // https://github.com/imagemin/jpegtran-bin/blob/v4.0.0/lib/index.js
-      // https://github.com/imagemin/pngquant-bin/blob/v4.0.0/lib/index.js
-      for (const version in data.versions) {
-        const major = parseInt(version.split('.', 1)[0]);
-        if (major < 4) continue;
-        // >= 4.0.0
-        const date = data.time[version];
-        // https://raw.githubusercontent.com/imagemin/jpegtran-bin/v${pkg.version}/vendor/`
-        this.dirItems['/'].push({
-          name: `v${version}/`,
+  async fetch(
+    dir: string,
+    binaryName: BinaryName
+  ): Promise<FetchResult | undefined> {
+    const binaryConfig = binaries[binaryName];
+    const dirItems: {
+      [key: string]: BinaryItem[];
+    } = {};
+    const npmPackageName = binaryConfig.options?.npmPackageName ?? binaryName;
+    const pkgUrl = `https://registry.npmjs.com/${npmPackageName}`;
+    const data = await this.requestJSON(pkgUrl);
+    dirItems['/'] = [];
+    // mini version 4.0.0
+    // https://github.com/imagemin/jpegtran-bin/blob/v4.0.0/lib/index.js
+    // https://github.com/imagemin/pngquant-bin/blob/v4.0.0/lib/index.js
+    for (const version in data.versions) {
+      const major = Number.parseInt(version.split('.', 1)[0]);
+      if (major < 4) continue;
+      // >= 4.0.0
+      const date = data.time[version];
+      // https://raw.githubusercontent.com/imagemin/jpegtran-bin/v${pkg.version}/vendor/`
+      dirItems['/'].push({
+        name: `v${version}/`,
+        date,
+        size: '-',
+        isDir: true,
+        url: '',
+      });
+      const versionDir = `/v${version}/`;
+      dirItems[versionDir] = [];
+      dirItems[versionDir].push({
+        name: 'vendor/',
+        date,
+        size: '-',
+        isDir: true,
+        url: '',
+      });
+      const versionVendorDir = `/v${version}/vendor/`;
+      dirItems[versionVendorDir] = [];
+      for (const platform of binaryConfig.options?.nodePlatforms ?? []) {
+        dirItems[versionVendorDir].push({
+          name: `${platform}/`,
          date,
          size: '-',
          isDir: true,
          url: '',
        });
-        const versionDir = `/v${version}/`;
-        this.dirItems[versionDir] = [];
-        this.dirItems[versionDir].push({
-          name: 'vendor/',
-          date,
-          size: '-',
-          isDir: true,
-          url: '',
-        });
-        const versionVendorDir = `/v${version}/vendor/`;
-        this.dirItems[versionVendorDir] = [];
-        for (const platform of this.binaryConfig.options!.nodePlatforms!) {
-          this.dirItems[versionVendorDir].push({
-            name: `${platform}/`,
-            date,
-            size: '-',
-            isDir: true,
-            url: '',
-          });
-          const platformDir = `/v${version}/vendor/${platform}/`;
-          this.dirItems[platformDir] = [];
-          const archs = this.binaryConfig.options!.nodeArchs![platform];
-          if (archs.length === 0) {
-            for (const name of this.binaryConfig.options!.binFiles![platform]) {
-              this.dirItems[platformDir].push({
+        const platformDir = `/v${version}/vendor/${platform}/`;
+        dirItems[platformDir] = [];
+        const archs = binaryConfig.options?.nodeArchs?.[platform] ?? [];
+        if (archs.length === 0) {
+          for (const name of binaryConfig.options?.binFiles?.[platform] ?? []) {
+            dirItems[platformDir].push({
+              name,
+              date,
+              size: '-',
+              isDir: false,
+              url: `${binaryConfig.distUrl}/${binaryConfig.repo}${platformDir}${name}`,
+              ignoreDownloadStatuses: [404],
+            });
+          }
+        } else {
+          for (const arch of archs) {
+            dirItems[platformDir].push({
+              name: `${arch}/`,
+              date,
+              size: '-',
+              isDir: true,
+              url: '',
+            });
+            const platformArchDir = `/v${version}/vendor/${platform}/${arch}/`;
+            dirItems[platformArchDir] = [];
+
+            for (const name of binaryConfig.options?.binFiles?.[platform] ??
+              []) {
+              dirItems[platformArchDir].push({
                name,
                date,
                size: '-',
                isDir: false,
-                url: `${this.binaryConfig.distUrl}/${this.binaryConfig.repo}${platformDir}${name}`,
-                ignoreDownloadStatuses: [ 404 ],
+                url: `${binaryConfig.distUrl}/${binaryConfig.repo}${platformArchDir}${name}`,
+                ignoreDownloadStatuses: [404],
              });
            }
-          } else {
-            for (const arch of archs) {
-              this.dirItems[platformDir].push({
-                name: `${arch}/`,
-                date,
-                size: '-',
-                isDir: true,
-                url: '',
-              });
-              const platformArchDir = `/v${version}/vendor/${platform}/${arch}/`;
-              this.dirItems[platformArchDir] = [];
-
-              for (const name of this.binaryConfig.options!.binFiles![platform]) {
-                this.dirItems[platformArchDir].push({
-                  name,
-                  date,
-                  size: '-',
-                  isDir: false,
-                  url: `${this.binaryConfig.distUrl}/${this.binaryConfig.repo}${platformArchDir}${name}`,
-                  ignoreDownloadStatuses: [ 404 ],
-                });
-              }
-            }
          }
        }
      }
    }
-    return { items: this.dirItems[dir] };
+    return { items: dirItems[dir] };
  }
 }
--- a/app/common/adapter/binary/NodeBinary.ts
+++ b/app/common/adapter/binary/NodeBinary.ts
@@ -1,34 +1,108 @@
-import { AbstractBinary, FetchResult, BinaryItem } from './AbstractBinary';
+import { basename } from 'node:path';

+import { SingletonProto } from 'egg';
+import dayjs from 'dayjs';
+
+import binaries, { type BinaryName } from '../../../../config/binaries.ts';
+import { BinaryType } from '../../enum/Binary.ts';
+import {
+  AbstractBinary,
+  BinaryAdapter,
+  type BinaryItem,
+  type FetchResult,
+} from './AbstractBinary.ts';
+
+@SingletonProto()
+@BinaryAdapter(BinaryType.Node)
 export class NodeBinary extends AbstractBinary {
-  async fetch(dir: string): Promise<FetchResult | undefined> {
-    const url = `${this.binaryConfig.distUrl}${dir}`;
+  async initFetch() {
+    // do nothing
+    return;
+  }
+
+  async fetch(
+    dir: string,
+    binaryName: BinaryName
+  ): Promise<FetchResult | undefined> {
+    const binaryConfig = binaries[binaryName];
+    const url = `${binaryConfig.distUrl}${dir}`;
    const html = await this.requestXml(url);
+
    // <a href="v9.8.0/">v9.8.0/</a>                                            08-Mar-2018 01:55                   -
    // <a href="v9.9.0/">v9.9.0/</a>                                            21-Mar-2018 15:47                   -
    // <a href="index.json">index.json</a>                                         17-Dec-2021 23:16              219862
    // <a href="index.tab">index.tab</a>                                          17-Dec-2021 23:16              136319
    // <a href="node-0.0.1.tar.gz">node-0.0.1.tar.gz</a>                                  26-Aug-2011 16:22             2846972
    // <a href="node-v14.0.0-nightly20200119b318926634-linux-armv7l.tar.xz">node-v14.0.0-nightly20200119b318926634-linux-ar..&gt;</a> 19-Jan-2020 06:07            18565976
-    const re = /<a href="([^\"]+?)"[^>]*?>[^<]+?<\/a>\s+?([\w\-]+? \w{2}\:\d{2})\s+?(\d+|\-)/ig;
+
+    // new html format
+    //     <a href="docs/">docs/</a>                                                             -                   -
+    // <a href="win-x64/">win-x64/</a>                                                          -                   -
+    // <a href="win-x86/">win-x86/</a>                                                          -                   -
+    // <a href="/dist/v18.15.0/SHASUMS256.txt.asc">SHASUMS256.txt.asc</a>                                 04-Nov-2024 17:29               3.7 KB
+    // <a href="/dist/v18.15.0/SHASUMS256.txt.sig">SHASUMS256.txt.sig</a>                                 04-Nov-2024 17:29                310 B
+    // <a href="/dist/v18.15.0/SHASUMS256.txt">SHASUMS256.txt</a>                                     04-Nov-2024 17:29               3.2 KB
+
+    // <a href="/dist/latest-v20.x/SHASUMS256.txt.asc">SHASUMS256.txt.asc</a>                                 03 Sept 2025, 18:20               4.7 KB
+    // <a href="/dist/latest-v20.x/SHASUMS256.txt.sig">SHASUMS256.txt.sig</a>                                 03 Sept 2025, 18:20                566 B
+    // <a href="/dist/latest-v20.x/SHASUMS256.txt">SHASUMS256.txt</a>                                     03 Sept 2025, 18:19               3.8 KB
+    // <a href="/dist/latest-v20.x/node-v20.19.5-aix-ppc64.tar.gz">node-v20.19.5-aix-ppc64.tar.gz</a>                     03 Sept 2025, 18:19                60 MB
+    // <a href="/dist/latest-v20.x/node-v20.19.5-arm64.msi">node-v20.19.5-arm64.msi</a>                            03 Sept 2025, 18:19                24 MB
+    // <a href="/dist/latest-v20.x/node-v20.19.5-darwin-arm64.tar.gz">node-v20.19.5-darwin-arm64.tar.gz</a>                  03 Sept 2025, 18:19                41 MB
+    // <a href="/dist/latest-v20.x/node-v20.19.5-darwin-arm64.tar.xz">node-v20.19.5-darwin-arm64.tar.xz</a>                  03 Sept 2025, 18:19                21 MB
+    // <a href="/dist/latest-v20.x/node-v20.19.5-darwin-x64.tar.gz">node-v20.19.5-darwin-x64.tar.gz</a>                    03 Sept 2025, 18:19                43 MB
+    // <a href="/dist/latest-v20.x/node-v20.19.5-darwin-x64.tar.xz">node-v20.19.5-darwin-x64.tar.xz</a>                    03 Sept 2025, 18:19                23 MB
+    // <a href="/dist/latest-v20.x/node-v20.19.5-headers.tar.gz">node-v20.19.5-headers.tar.gz</a>                       03 Sept 2025, 18:19               8.7 MB
+    // <a href="/dist/latest-v20.x/node-v20.19.5-headers.tar.xz">node-v20.19.5-headers.tar.xz</a>                       03 Sept 2025, 18:19               524 KB
+    // <a href="/dist/latest-v20.x/node-v20.19.5-linux-arm64.tar.gz">node-v20.19.5-linux-arm64.tar.gz</a>                   03 Sept 2025, 18:19                47 MB
+    // <a href="/dist/latest-v20.x/node-v20.19.5-linux-arm64.tar.xz">node-v20.19.5-linux-arm64.tar.xz</a>                   03 Sept 2025, 18:19                25 MB
+    // <a href="/dist/latest-v20.x/node-v20.19.5-linux-armv7l.tar.gz">node-v20.19.5-linux-armv7l.tar.gz</a>                  03 Sept 2025, 18:19                43 MB
+    // <a href="/dist/latest-v20.x/node-v20.19.5-linux-armv7l.tar.xz">node-v20.19.5-linux-armv7l.tar.xz</a>                  03 Sept 2025, 18:19                22 MB
+    // <a href="/dist/latest-v20.x/node-v20.19.5-linux-ppc64le.tar.gz">node-v20.19.5-linux-ppc64le.tar.gz</a>                 03 Sept 2025, 18:19                49 MB
+    // <a href="/dist/latest-v20.x/node-v20.19.5-linux-ppc64le.tar.xz">node-v20.19.5-linux-ppc64le.tar.xz</a>                 03 Sept 2025, 18:19                26 MB
+    // <a href="/dist/latest-v20.x/node-v20.19.5-linux-s390x.tar.gz">node-v20.19.5-linux-s390x.tar.gz</a>                   03 Sept 2025, 18:19                47 MB
+    // <a href="/dist/latest-v20.x/node-v20.19.5-linux-s390x.tar.xz">node-v20.19.5-linux-s390x.tar.xz</a>                   03 Sept 2025, 18:19                25 MB
+    // <a href="/dist/latest-v20.x/node-v20.19.5-linux-x64.tar.gz">node-v20.19.5-linux-x64.tar.gz</a>                     03 Sept 2025, 18:19                47 MB
+    // <a href="/dist/latest-v20.x/node-v20.19.5-linux-x64.tar.xz">node-v20.19.5-linux-x64.tar.xz</a>                     03 Sept 2025, 18:19                26 MB
+    // <a href="/dist/latest-v20.x/node-v20.19.5-win-arm64.7z">node-v20.19.5-win-arm64.7z</a>                         03 Sept 2025, 18:19                17 MB
+    // <a href="/dist/latest-v20.x/node-v20.19.5-win-arm64.zip">node-v20.19.5-win-arm64.zip</a>                        03 Sept 2025, 18:19                26 MB
+    // <a href="/dist/latest-v20.x/node-v20.19.5-win-x64.7z">node-v20.19.5-win-x64.7z</a>                           03 Sept 2025, 18:19                19 MB
+    // <a href="/dist/latest-v20.x/node-v20.19.5-win-x64.zip">node-v20.19.5-win-x64.zip</a>                          03 Sept 2025, 18:19                30 MB
+    // <a href="/dist/latest-v20.x/node-v20.19.5-win-x86.7z">node-v20.19.5-win-x86.7z</a>                           03 Sept 2025, 18:19                18 MB
+    // <a href="/dist/latest-v20.x/node-v20.19.5-win-x86.zip">node-v20.19.5-win-x86.zip</a>                          03 Sept 2025, 18:19                28 MB
+    // <a href="/dist/latest-v20.x/node-v20.19.5-x64.msi">node-v20.19.5-x64.msi</a>                              03 Sept 2025, 18:19                27 MB
+    // <a href="/dist/latest-v20.x/node-v20.19.5-x86.msi">node-v20.19.5-x86.msi</a>                              03 Sept 2025, 18:19                25 MB
+    // <a href="/dist/latest-v20.x/node-v20.19.5.pkg">node-v20.19.5.pkg</a>                                  03 Sept 2025, 18:19                72 MB
+    // <a href="/dist/latest-v20.x/node-v20.19.5.tar.gz">node-v20.19.5.tar.gz</a>                               03 Sept 2025, 18:19                89 MB
+    // <a href="/dist/latest-v20.x/node-v20.19.5.tar.xz">node-v20.19.5.tar.xz</a>                               03 Sept 2025, 18:19                43 MB
+
+    // date format: 19-Jan-2020 06:07 or 03 Sept 2025, 18:19
+    const re =
+      /<a href="([^"]+?)"[^>]*?>[^<]+?<\/a>\s+?((?:[\w-]+? \w{2}:\d{2})|(?:\d{2} [A-Za-z]{3,9} \d{4}, \d{2}:\d{2})|-)\s+?([\d.\-\s\w]+)/gi;
    const matchs = html.matchAll(re);
    const items: BinaryItem[] = [];
    for (const m of matchs) {
-      const name = m[1];
+      let name = m[1];
      const isDir = name.endsWith('/');
+      if (!isDir) {
+        // /dist/v18.15.0/SHASUMS256.txt => SHASUMS256.txt
+        name = basename(name);
+      }
      const fileUrl = isDir ? '' : `${url}${name}`;
-      const date = m[2];
-      const size = m[3];
+      const date = m[2] === '-' ? '-' : dayjs(m[2]).format('DD-MMM-YYYY HH:mm');
+      const size = m[3].trim();
      if (size === '0') continue;
-      if (this.binaryConfig.ignoreFiles?.includes(`${dir}${name}`)) continue;
+      if (binaryConfig.ignoreFiles?.includes(`${dir}${name}`)) continue;

-      items.push({
+      const item = {
        name,
        isDir,
        url: fileUrl,
        size,
        date,
-      });
+        ignoreDownloadStatuses: binaryConfig.options?.ignoreDownloadStatuses,
+      };
+      items.push(item);
    }
    return { items, nextParams: null };
  }
--- a/app/common/adapter/binary/NodePreGypBinary.ts
+++ b/app/common/adapter/binary/NodePreGypBinary.ts
@@ -1,186 +1,266 @@
-import { join } from 'path';
-import { AbstractBinary, FetchResult, BinaryItem } from './AbstractBinary';
+import { join } from 'node:path';

+import { SingletonProto } from 'egg';
+
+import binaries, { type BinaryName } from '../../../../config/binaries.ts';
+import { BinaryType } from '../../enum/Binary.ts';
+import {
+  AbstractBinary,
+  BinaryAdapter,
+  type BinaryItem,
+  type FetchResult,
+} from './AbstractBinary.ts';
+
+@SingletonProto()
+@BinaryAdapter(BinaryType.NodePreGyp)
 export class NodePreGypBinary extends AbstractBinary {
-  private dirItems: {
-    [key: string]: BinaryItem[];
-  };
+  async initFetch() {
+    // do nothing
+    return;
+  }

  // https://github.com/mapbox/node-pre-gyp
-  async fetch(dir: string): Promise<FetchResult | undefined> {
-    if (!this.dirItems) {
-      this.dirItems = {};
-      const pkgUrl = `https://registry.npmjs.com/${this.binaryConfig.category}`;
-      const data = await this.requestJSON(pkgUrl);
-      this.dirItems = {};
-      this.dirItems['/'] = [];
-      const nodeABIVersions = await this.listNodeABIVersions();
-      const nodePlatforms = this.listNodePlatforms();
-      const nodeArchs = this.listNodeArchs();
-      const nodeLibcs = this.listNodeLibcs();
-      for (const version in data.versions) {
-        const date = data.time[version];
-        const pkgVersion = data.versions[version];
-        if (!pkgVersion.binary) continue;
-        // https://github.com/mapbox/node-pre-gyp#package_name
-        // defaults to {module_name}-v{version}-{node_abi}-{platform}-{arch}.tar.gz
-        let binaryFile = pkgVersion.binary.package_name
-          || '{module_name}-v{version}-{node_abi}-{platform}-{arch}.tar.gz';
-        if (!binaryFile) continue;
-        const moduleName = pkgVersion.binary.module_name || pkgVersion.name;
-        binaryFile = binaryFile.replace('{version}', version)
-          .replace('{module_name}', moduleName);
+  async fetch(
+    dir: string,
+    binaryName: BinaryName
+  ): Promise<FetchResult | undefined> {
+    const binaryConfig = binaries[binaryName];
+    const npmPackageName = binaryConfig.options?.npmPackageName ?? binaryName;
+    const pkgUrl = `https://registry.npmjs.com/${npmPackageName}`;
+    const data = await this.requestJSON(pkgUrl);
+    const dirItems: {
+      [key: string]: BinaryItem[];
+    } = {
+      '/': [],
+    };
+    const nodeABIVersions = await this.listNodeABIVersions();
+    const nodePlatforms = this.listNodePlatforms();
+    const nodeArchs = this.listNodeArchs(binaryConfig);
+    const nodeLibcs = this.listNodeLibcs();
+    for (const version in data.versions) {
+      const date = data.time[version];
+      const pkgVersion = data.versions[version];
+      if (!pkgVersion.binary) continue;
+      // https://github.com/mapbox/node-pre-gyp#package_name
+      // defaults to {module_name}-v{version}-{node_abi}-{platform}-{arch}.tar.gz
+      let binaryFile =
+        pkgVersion.binary.package_name ||
+        '{module_name}-v{version}-{node_abi}-{platform}-{arch}.tar.gz';
+      if (!binaryFile) continue;
+      const moduleName = pkgVersion.binary.module_name || pkgVersion.name;
+      binaryFile = binaryFile
+        .replace('{version}', version)
+        .replace('{module_name}', moduleName);

-        let currentDir = this.dirItems['/'];
-        let versionPrefix = '';
-        let remotePath = pkgVersion.binary.remote_path;
-        const napiVersions = pkgVersion.binary.napi_versions ?? [];
-        if (this.binaryConfig.options?.requiredNapiVersions && napiVersions.length === 0) continue;
-        if (remotePath?.includes('{version}')) {
-          const dirName = remotePath.includes('v{version}') ? `v${version}` : version;
-          versionPrefix = `/${dirName}`;
-          this.dirItems['/'].push({
-            name: `${dirName}/`,
-            date,
-            size: '-',
-            isDir: true,
-            url: '',
-          });
-          currentDir = this.dirItems[`/${dirName}/`] = [];
-        }
+      let currentDir = dirItems['/'];
+      let versionPrefix = '';
+      let remotePath = pkgVersion.binary.remote_path;
+      const napiVersions = pkgVersion.binary.napi_versions ?? [];
+      if (
+        binaryConfig.options?.requiredNapiVersions &&
+        napiVersions.length === 0
+      )
+        continue;
+      if (remotePath?.includes('{version}')) {
+        const dirName = remotePath.includes('v{version}')
+          ? `v${version}`
+          : version;
+        versionPrefix = `/${dirName}`;
+        dirItems['/'].push({
+          name: `${dirName}/`,
+          date,
+          size: '-',
+          isDir: true,
+          url: '',
+        });
+        currentDir = [];
+        dirItems[`/${dirName}/`] = currentDir;
+      }

-        // https://node-precompiled-binaries.grpc.io/?delimiter=/&prefix=grpc/v1.24.11/
-        // https://github.com/grpc/grpc-node/blob/grpc%401.24.x/packages/grpc-native-core/package.json#L50
-        // "binary": {
-        //   "module_name": "grpc_node",
-        //   "module_path": "src/node/extension_binary/{node_abi}-{platform}-{arch}-{libc}",
-        //   "host": "https://node-precompiled-binaries.grpc.io/",
-        //   "remote_path": "{name}/v{version}",
-        //   "package_name": "{node_abi}-{platform}-{arch}-{libc}.tar.gz"
-        // },
-        if (binaryFile.includes('{node_abi}')
-            && binaryFile.includes('{platform}')
-            && binaryFile.includes('{arch}')
-            && binaryFile.includes('{libc}')) {
-          for (const nodeAbi of nodeABIVersions) {
-            for (const platform of nodePlatforms) {
-              const archs = nodeArchs[platform];
-              const libcs = nodeLibcs[platform];
-              for (const arch of archs) {
-                for (const libc of libcs) {
-                  const name = binaryFile.replace('{node_abi}', `node-v${nodeAbi}`)
-                    .replace('{platform}', platform)
-                    .replace('{arch}', arch)
-                    .replace('{libc}', libc);
-                  currentDir.push({
-                    name,
-                    date,
-                    size: '-',
-                    isDir: false,
-                    url: `${this.binaryConfig.distUrl}/${this.binaryConfig.category}${versionPrefix}/${name}`,
-                    ignoreDownloadStatuses: [ 404 ],
-                  });
-                }
-              }
-            }
-          }
-        } else if (binaryFile.includes('{node_abi}')
-            && binaryFile.includes('{platform}')
-            && binaryFile.includes('{arch}')) {
-          for (const nodeAbi of nodeABIVersions) {
-            for (const platform of nodePlatforms) {
-              const archs = nodeArchs[platform];
-              for (const arch of archs) {
-                const name = binaryFile.replace('{node_abi}', `node-v${nodeAbi}`)
-                  .replace('{platform}', platform)
-                  .replace('{arch}', arch);
-                currentDir.push({
-                  name,
-                  date,
-                  size: '-',
-                  isDir: false,
-                  url: `${this.binaryConfig.distUrl}/${this.binaryConfig.category}${versionPrefix}/${name}`,
-                  ignoreDownloadStatuses: [ 404 ],
-                });
-              }
-            }
-          }
-        } else if (binaryFile.includes('{platform}-{arch}-{node_napi_label}-{libc}') && napiVersions.length > 0) {
-          // https://skia-canvas.s3.us-east-1.amazonaws.com/v0.9.30/darwin-arm64-napi-v6-unknown.tar.gz
-          // https://github.com/samizdatco/skia-canvas/blob/2a75801d7cce3b4e4e6ad015a173daefaa8465e6/package.json#L48
-          // "binary": {
-          //   "module_name": "index",
-          //   "module_path": "./lib/v{napi_build_version}",
-          //   "remote_path": "./v{version}",
-          //   "package_name": "{platform}-{arch}-{node_napi_label}-{libc}.tar.gz",
-          //   "host": "https://skia-canvas.s3.us-east-1.amazonaws.com",
-          //   "napi_versions": [
-          //     6
-          //   ]
-          // },
+      // https://node-precompiled-binaries.grpc.io/?delimiter=/&prefix=grpc/v1.24.11/
+      // https://github.com/grpc/grpc-node/blob/grpc%401.24.x/packages/grpc-native-core/package.json#L50
+      // "binary": {
+      //   "module_name": "grpc_node",
+      //   "module_path": "src/node/extension_binary/{node_abi}-{platform}-{arch}-{libc}",
+      //   "host": "https://node-precompiled-binaries.grpc.io/",
+      //   "remote_path": "{name}/v{version}",
+      //   "package_name": "{node_abi}-{platform}-{arch}-{libc}.tar.gz"
+      // },
+      if (
+        binaryFile.includes('{node_abi}') &&
+        binaryFile.includes('{platform}') &&
+        binaryFile.includes('{arch}') &&
+        binaryFile.includes('{libc}')
+      ) {
+        for (const nodeAbi of nodeABIVersions) {
          for (const platform of nodePlatforms) {
            const archs = nodeArchs[platform];
            const libcs = nodeLibcs[platform];
            for (const arch of archs) {
              for (const libc of libcs) {
-                for (const napiVersion of napiVersions) {
-                  const name = binaryFile.replace('{platform}', platform)
-                    .replace('{arch}', arch)
-                    .replace('{node_napi_label}', `napi-v${napiVersion}`)
-                    .replace('{libc}', libc);
-                  currentDir.push({
-                    name,
-                    date,
-                    size: '-',
-                    isDir: false,
-                    url: `${this.binaryConfig.distUrl}${versionPrefix}/${name}`,
-                    ignoreDownloadStatuses: [ 404, 403 ],
-                  });
-                }
+                const name = binaryFile
+                  .replace('{node_abi}', `node-v${nodeAbi}`)
+                  .replace('{platform}', platform)
+                  .replace('{arch}', arch)
+                  .replace('{libc}', libc);
+                currentDir.push({
+                  name,
+                  date,
+                  size: '-',
+                  isDir: false,
+                  url: `${binaryConfig.distUrl}/${binaryName}${versionPrefix}/${name}`,
+                  ignoreDownloadStatuses: [404],
+                });
              }
            }
          }
-        } else if (binaryFile.includes('{platform}') && binaryFile.includes('{arch}')) {
-          // https://github.com/grpc/grpc-node/blob/master/packages/grpc-tools/package.json#L29
-          // "binary": {
-          //   "module_name": "grpc_tools",
-          //   "host": "https://node-precompiled-binaries.grpc.io/",
-          //   "remote_path": "{name}/v{version}",
-          //   "package_name": "{platform}-{arch}.tar.gz",
-          //   "module_path": "bin"
-          // },
-          // handle {configuration}
-          // "binary": {
-          //   "module_name": "wrtc",
-          //   "module_path": "./build/{configuration}/",
-          //   "remote_path": "./{module_name}/v{version}/{configuration}/",
-          //   "package_name": "{platform}-{arch}.tar.gz",
-          //   "host": "https://node-webrtc.s3.amazonaws.com"
-          // },
+        }
+      } else if (
+        binaryFile.includes('{node_abi}') &&
+        binaryFile.includes('{platform}') &&
+        binaryFile.includes('{arch}')
+      ) {
+        for (const nodeAbi of nodeABIVersions) {
          for (const platform of nodePlatforms) {
            const archs = nodeArchs[platform];
            for (const arch of archs) {
-              const binaryFileName = binaryFile.replace('{platform}', platform)
+              const name = binaryFile
+                .replace('{node_abi}', `node-v${nodeAbi}`)
+                .replace('{platform}', platform)
                .replace('{arch}', arch);
-              remotePath = remotePath.replace('{module_name}', moduleName)
-                .replace('{name}', this.binaryConfig.category)
+              currentDir.push({
+                name,
+                date,
+                size: '-',
+                isDir: false,
+                url: `${binaryConfig.distUrl}/${binaryName}${versionPrefix}/${name}`,
+                ignoreDownloadStatuses: [404],
+              });
+            }
+          }
+        }
+      } else if (
+        binaryFile.includes('{platform}-{arch}-{node_napi_label}-{libc}') &&
+        napiVersions.length > 0
+      ) {
+        // https://skia-canvas.s3.us-east-1.amazonaws.com/v0.9.30/darwin-arm64-napi-v6-unknown.tar.gz
+        // https://github.com/samizdatco/skia-canvas/blob/2a75801d7cce3b4e4e6ad015a173daefaa8465e6/package.json#L48
+        // "binary": {
+        //   "module_name": "index",
+        //   "module_path": "./lib/v{napi_build_version}",
+        //   "remote_path": "./v{version}",
+        //   "package_name": "{platform}-{arch}-{node_napi_label}-{libc}.tar.gz",
+        //   "host": "https://skia-canvas.s3.us-east-1.amazonaws.com",
+        //   "napi_versions": [
+        //     6
+        //   ]
+        // },
+        for (const platform of nodePlatforms) {
+          const archs = nodeArchs[platform];
+          const libcs = nodeLibcs[platform];
+          for (const arch of archs) {
+            for (const libc of libcs) {
+              for (const napiVersion of napiVersions) {
+                const name = binaryFile
+                  .replace('{platform}', platform)
+                  .replace('{arch}', arch)
+                  .replace('{node_napi_label}', `napi-v${napiVersion}`)
+                  .replace('{libc}', libc);
+                currentDir.push({
+                  name,
+                  date,
+                  size: '-',
+                  isDir: false,
+                  url: `${binaryConfig.distUrl}${versionPrefix}/${name}`,
+                  ignoreDownloadStatuses: [404, 403],
+                });
+              }
+            }
+          }
+        }
+      } else if (binaryFile.includes('{platform}-{arch}-{node_napi_label}')) {
+        // "_id": "skia-canvas@0.9.22",
+        // "binary": {
+        //   "module_name": "index",
+        //   "module_path": "./lib/v{napi_build_version}",
+        //   "remote_path": "./v{version}",
+        //   "package_name": "{platform}-{arch}-{node_napi_label}.tar.gz",
+        //   "host": "https://skia-canvas.s3.us-east-1.amazonaws.com",
+        //   "napi_versions": [
+        //     6
+        //   ]
+        // },
+        for (const platform of nodePlatforms) {
+          const archs = nodeArchs[platform];
+          for (const arch of archs) {
+            for (const napiVersion of napiVersions) {
+              const binaryFileName = binaryFile
+                .replace('{platform}', platform)
+                .replace('{arch}', arch)
+                .replace('{node_napi_label}', napiVersion);
+              remotePath = remotePath
+                .replace('{module_name}', moduleName)
+                .replace('{name}', binaryName)
                .replace('{version}', version)
                .replace('{configuration}', 'Release');
              const binaryFilePath = join('/', remotePath, binaryFileName);
-              const remoteUrl = `${this.binaryConfig.distUrl}${binaryFilePath}`;
+              const remoteUrl = `${binaryConfig.distUrl}${binaryFilePath}`;
              currentDir.push({
                name: binaryFileName,
                date,
                size: '-',
                isDir: false,
                url: remoteUrl,
-                ignoreDownloadStatuses: [ 404 ],
+                ignoreDownloadStatuses: [404],
              });
            }
          }
        }
+      } else if (
+        binaryFile.includes('{platform}') &&
+        binaryFile.includes('{arch}')
+      ) {
+        // https://github.com/grpc/grpc-node/blob/master/packages/grpc-tools/package.json#L29
+        // "binary": {
+        //   "module_name": "grpc_tools",
+        //   "host": "https://node-precompiled-binaries.grpc.io/",
+        //   "remote_path": "{name}/v{version}",
+        //   "package_name": "{platform}-{arch}.tar.gz",
+        //   "module_path": "bin"
+        // },
+        // handle {configuration}
+        // "binary": {
+        //   "module_name": "wrtc",
+        //   "module_path": "./build/{configuration}/",
+        //   "remote_path": "./{module_name}/v{version}/{configuration}/",
+        //   "package_name": "{platform}-{arch}.tar.gz",
+        //   "host": "https://node-webrtc.s3.amazonaws.com"
+        // },
+        for (const platform of nodePlatforms) {
+          const archs = nodeArchs[platform];
+          for (const arch of archs) {
+            const binaryFileName = binaryFile
+              .replace('{platform}', platform)
+              .replace('{arch}', arch);
+            remotePath = remotePath
+              .replace('{module_name}', moduleName)
+              .replace('{name}', binaryName)
+              .replace('{version}', version)
+              .replace('{configuration}', 'Release');
+            const binaryFilePath = join('/', remotePath, binaryFileName);
+            const remoteUrl = `${binaryConfig.distUrl}${binaryFilePath}`;
+            currentDir.push({
+              name: binaryFileName,
+              date,
+              size: '-',
+              isDir: false,
+              url: remoteUrl,
+              ignoreDownloadStatuses: [404],
+            });
+          }
+        }
      }
    }
-    return { items: this.dirItems[dir] };
+    return { items: dirItems[dir] };
  }
 }
--- a/app/common/adapter/binary/NwjsBinary.ts
+++ b/app/common/adapter/binary/NwjsBinary.ts
@@ -1,14 +1,27 @@
-import { FetchResult, BinaryItem } from './AbstractBinary';
-import { BucketBinary } from './BucketBinary';
+import { SingletonProto } from 'egg';

+import binaries from '../../../../config/binaries.ts';
+import { BinaryType } from '../../enum/Binary.ts';
+import {
+  BinaryAdapter,
+  type BinaryItem,
+  type FetchResult,
+} from './AbstractBinary.ts';
+import { BucketBinary } from './BucketBinary.ts';
+
+@SingletonProto()
+@BinaryAdapter(BinaryType.Nwjs)
 export class NwjsBinary extends BucketBinary {
  private s3Url = 'https://nwjs2.s3.amazonaws.com/?delimiter=/&prefix=';

  async fetch(dir: string): Promise<FetchResult | undefined> {
+    const binaryConfig = binaries.nwjs;
    const isRootDir = dir === '/';
    // /foo/ => foo/
-    const subDir = dir.substring(1);
-    const url = isRootDir ? this.binaryConfig.distUrl : `${this.s3Url}${encodeURIComponent(subDir)}`;
+    const subDir = dir.slice(1);
+    const url = isRootDir
+      ? binaryConfig.distUrl
+      : `${this.s3Url}${encodeURIComponent(subDir)}`;
    const xml = await this.requestXml(url);
    if (!xml) return;

@@ -19,7 +32,8 @@ export class NwjsBinary extends BucketBinary {
      // <tr><td valign="top"><img src="/icons/folder.gif" alt="[DIR]"></td><td><a href="v0.15.0-rc1/">v0.15.0-rc1/</a></td><td align="right">06-May-2016 12:24  </td><td align="right">  - </td><td>&nbsp;</td></tr>
      // <tr><td valign="top"><img src="/icons/folder.gif" alt="[DIR]"></td><td><a href="v0.15.0-rc2/">v0.15.0-rc2/</a></td><td align="right">13-May-2016 20:13  </td><td align="right">  - </td><td>&nbsp;</td></tr>
      const items: BinaryItem[] = [];
-      const re = /<td><a [^>]+?>([^<]+?\/)<\/a><\/td><td [^>]+?>([^>]+?)<\/td>/ig;
+      const re =
+        /<td><a [^>]+?>([^<]+?\/)<\/a><\/td><td [^>]+?>([^>]+?)<\/td>/gi;
      const matchs = xml.matchAll(re);
      for (const m of matchs) {
        const name = m[1].trim();
@@ -37,6 +51,6 @@ export class NwjsBinary extends BucketBinary {
      return { items, nextParams: null };
    }

-    return { items: this.parseItems(xml, dir), nextParams: null };
+    return { items: this.parseItems(xml, dir, binaryConfig), nextParams: null };
  }
 }
--- a/app/common/adapter/binary/PlaywrightBinary.ts
+++ b/app/common/adapter/binary/PlaywrightBinary.ts
@@ -1,7 +1,15 @@
+import util from 'node:util';
+import path from 'node:path';

-import { AbstractBinary, BinaryItem, FetchResult } from './AbstractBinary';
-import util from 'util';
-import path from 'path';
+import { SingletonProto } from 'egg';
+
+import { BinaryType } from '../../enum/Binary.ts';
+import {
+  AbstractBinary,
+  BinaryAdapter,
+  type BinaryItem,
+  type FetchResult,
+} from './AbstractBinary.ts';

 const PACKAGE_URL = 'https://registry.npmjs.com/playwright-core';
 const DOWNLOAD_HOST = 'https://playwright.azureedge.net/';
@@ -9,164 +17,408 @@ const DOWNLOAD_HOST = 'https://playwright.azureedge.net/';
 // https://github.com/microsoft/playwright/blob/main/packages/playwright-core/src/server/registry/index.ts
 /* eslint-disable quote-props */
 const DOWNLOAD_PATHS = {
-  'chromium': {
+  chromium: {
    '<unknown>': undefined,
-    'generic-linux': 'builds/chromium/%s/chromium-linux.zip',
-    'generic-linux-arm64': 'builds/chromium/%s/chromium-linux-arm64.zip',
-    'ubuntu18.04': 'builds/chromium/%s/chromium-linux.zip',
-    'ubuntu20.04': 'builds/chromium/%s/chromium-linux.zip',
-    'ubuntu22.04': 'builds/chromium/%s/chromium-linux.zip',
-    'ubuntu18.04-arm64': 'builds/chromium/%s/chromium-linux-arm64.zip',
+    'ubuntu18.04-x64': undefined,
+    'ubuntu20.04-x64': 'builds/chromium/%s/chromium-linux.zip',
+    'ubuntu22.04-x64': 'builds/chromium/%s/chromium-linux.zip',
+    'ubuntu24.04-x64': 'builds/chromium/%s/chromium-linux.zip',
+    'ubuntu18.04-arm64': undefined,
    'ubuntu20.04-arm64': 'builds/chromium/%s/chromium-linux-arm64.zip',
    'ubuntu22.04-arm64': 'builds/chromium/%s/chromium-linux-arm64.zip',
+    'ubuntu24.04-arm64': 'builds/chromium/%s/chromium-linux-arm64.zip',
+    'debian11-x64': 'builds/chromium/%s/chromium-linux.zip',
+    'debian11-arm64': 'builds/chromium/%s/chromium-linux-arm64.zip',
+    'debian12-x64': 'builds/chromium/%s/chromium-linux.zip',
+    'debian12-arm64': 'builds/chromium/%s/chromium-linux-arm64.zip',
    'mac10.13': 'builds/chromium/%s/chromium-mac.zip',
    'mac10.14': 'builds/chromium/%s/chromium-mac.zip',
    'mac10.15': 'builds/chromium/%s/chromium-mac.zip',
-    'mac11': 'builds/chromium/%s/chromium-mac.zip',
+    mac11: 'builds/chromium/%s/chromium-mac.zip',
    'mac11-arm64': 'builds/chromium/%s/chromium-mac-arm64.zip',
-    'mac12': 'builds/chromium/%s/chromium-mac.zip',
+    mac12: 'builds/chromium/%s/chromium-mac.zip',
    'mac12-arm64': 'builds/chromium/%s/chromium-mac-arm64.zip',
-    'win64': 'builds/chromium/%s/chromium-win64.zip',
+    mac13: 'builds/chromium/%s/chromium-mac.zip',
+    'mac13-arm64': 'builds/chromium/%s/chromium-mac-arm64.zip',
+    mac14: 'builds/chromium/%s/chromium-mac.zip',
+    'mac14-arm64': 'builds/chromium/%s/chromium-mac-arm64.zip',
+    mac15: 'builds/chromium/%s/chromium-mac.zip',
+    'mac15-arm64': 'builds/chromium/%s/chromium-mac-arm64.zip',
+    win64: 'builds/chromium/%s/chromium-win64.zip',
+  },
+  'chromium-headless-shell': {
+    '<unknown>': undefined,
+    'ubuntu18.04-x64': undefined,
+    'ubuntu20.04-x64': 'builds/chromium/%s/chromium-headless-shell-linux.zip',
+    'ubuntu22.04-x64': 'builds/chromium/%s/chromium-headless-shell-linux.zip',
+    'ubuntu24.04-x64': 'builds/chromium/%s/chromium-headless-shell-linux.zip',
+    'ubuntu18.04-arm64': undefined,
+    'ubuntu20.04-arm64':
+      'builds/chromium/%s/chromium-headless-shell-linux-arm64.zip',
+    'ubuntu22.04-arm64':
+      'builds/chromium/%s/chromium-headless-shell-linux-arm64.zip',
+    'ubuntu24.04-arm64':
+      'builds/chromium/%s/chromium-headless-shell-linux-arm64.zip',
+    'debian11-x64': 'builds/chromium/%s/chromium-headless-shell-linux.zip',
+    'debian11-arm64':
+      'builds/chromium/%s/chromium-headless-shell-linux-arm64.zip',
+    'debian12-x64': 'builds/chromium/%s/chromium-headless-shell-linux.zip',
+    'debian12-arm64':
+      'builds/chromium/%s/chromium-headless-shell-linux-arm64.zip',
+    'mac10.13': undefined,
+    'mac10.14': undefined,
+    'mac10.15': undefined,
+    mac11: 'builds/chromium/%s/chromium-headless-shell-mac.zip',
+    'mac11-arm64': 'builds/chromium/%s/chromium-headless-shell-mac-arm64.zip',
+    mac12: 'builds/chromium/%s/chromium-headless-shell-mac.zip',
+    'mac12-arm64': 'builds/chromium/%s/chromium-headless-shell-mac-arm64.zip',
+    mac13: 'builds/chromium/%s/chromium-headless-shell-mac.zip',
+    'mac13-arm64': 'builds/chromium/%s/chromium-headless-shell-mac-arm64.zip',
+    mac14: 'builds/chromium/%s/chromium-headless-shell-mac.zip',
+    'mac14-arm64': 'builds/chromium/%s/chromium-headless-shell-mac-arm64.zip',
+    mac15: 'builds/chromium/%s/chromium-headless-shell-mac.zip',
+    'mac15-arm64': 'builds/chromium/%s/chromium-headless-shell-mac-arm64.zip',
+    win64: 'builds/chromium/%s/chromium-headless-shell-win64.zip',
  },
  'chromium-tip-of-tree': {
    '<unknown>': undefined,
-    'generic-linux': 'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-linux.zip',
-    'generic-linux-arm64': 'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-linux-arm64.zip',
-    'ubuntu18.04': 'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-linux.zip',
-    'ubuntu20.04': 'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-linux.zip',
-    'ubuntu22.04': 'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-linux.zip',
-    'ubuntu18.04-arm64': 'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-linux-arm64.zip',
-    'ubuntu20.04-arm64': 'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-linux-arm64.zip',
-    'ubuntu22.04-arm64': 'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-linux-arm64.zip',
+    'ubuntu18.04-x64': undefined,
+    'ubuntu20.04-x64':
+      'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-linux.zip',
+    'ubuntu22.04-x64':
+      'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-linux.zip',
+    'ubuntu24.04-x64':
+      'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-linux.zip',
+    'ubuntu18.04-arm64': undefined,
+    'ubuntu20.04-arm64':
+      'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-linux-arm64.zip',
+    'ubuntu22.04-arm64':
+      'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-linux-arm64.zip',
+    'ubuntu24.04-arm64':
+      'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-linux-arm64.zip',
+    'debian11-x64':
+      'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-linux.zip',
+    'debian11-arm64':
+      'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-linux-arm64.zip',
+    'debian12-x64':
+      'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-linux.zip',
+    'debian12-arm64':
+      'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-linux-arm64.zip',
    'mac10.13': 'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-mac.zip',
    'mac10.14': 'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-mac.zip',
    'mac10.15': 'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-mac.zip',
-    'mac11': 'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-mac.zip',
-    'mac11-arm64': 'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-mac-arm64.zip',
-    'mac12': 'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-mac.zip',
-    'mac12-arm64': 'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-mac-arm64.zip',
-    'win64': 'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-win64.zip',
+    mac11: 'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-mac.zip',
+    'mac11-arm64':
+      'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-mac-arm64.zip',
+    mac12: 'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-mac.zip',
+    'mac12-arm64':
+      'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-mac-arm64.zip',
+    mac13: 'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-mac.zip',
+    'mac13-arm64':
+      'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-mac-arm64.zip',
+    mac14: 'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-mac.zip',
+    'mac14-arm64':
+      'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-mac-arm64.zip',
+    mac15: 'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-mac.zip',
+    'mac15-arm64':
+      'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-mac-arm64.zip',
+    win64: 'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-win64.zip',
  },
-  'chromium-with-symbols': {
+  'chromium-tip-of-tree-headless-shell': {
    '<unknown>': undefined,
-    'generic-linux': 'builds/chromium/%s/chromium-with-symbols-linux.zip',
-    'generic-linux-arm64': 'builds/chromium/%s/chromium-with-symbols-linux-arm64.zip',
-    'ubuntu18.04': 'builds/chromium/%s/chromium-with-symbols-linux.zip',
-    'ubuntu20.04': 'builds/chromium/%s/chromium-with-symbols-linux.zip',
-    'ubuntu22.04': 'builds/chromium/%s/chromium-with-symbols-linux.zip',
-    'ubuntu18.04-arm64': 'builds/chromium/%s/chromium-with-symbols-linux-arm64.zip',
-    'ubuntu20.04-arm64': 'builds/chromium/%s/chromium-with-symbols-linux-arm64.zip',
-    'ubuntu22.04-arm64': 'builds/chromium/%s/chromium-with-symbols-linux-arm64.zip',
-    'mac10.13': 'builds/chromium/%s/chromium-with-symbols-mac.zip',
-    'mac10.14': 'builds/chromium/%s/chromium-with-symbols-mac.zip',
-    'mac10.15': 'builds/chromium/%s/chromium-with-symbols-mac.zip',
-    'mac11': 'builds/chromium/%s/chromium-with-symbols-mac.zip',
-    'mac11-arm64': 'builds/chromium/%s/chromium-with-symbols-mac-arm64.zip',
-    'mac12': 'builds/chromium/%s/chromium-with-symbols-mac.zip',
-    'mac12-arm64': 'builds/chromium/%s/chromium-with-symbols-mac-arm64.zip',
-    'win64': 'builds/chromium/%s/chromium-with-symbols-win64.zip',
+    'ubuntu18.04-x64': undefined,
+    'ubuntu20.04-x64':
+      'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-headless-shell-linux.zip',
+    'ubuntu22.04-x64':
+      'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-headless-shell-linux.zip',
+    'ubuntu24.04-x64':
+      'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-headless-shell-linux.zip',
+    'ubuntu18.04-arm64': undefined,
+    'ubuntu20.04-arm64':
+      'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-headless-shell-linux-arm64.zip',
+    'ubuntu22.04-arm64':
+      'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-headless-shell-linux-arm64.zip',
+    'ubuntu24.04-arm64':
+      'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-headless-shell-linux-arm64.zip',
+    'debian11-x64':
+      'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-headless-shell-linux.zip',
+    'debian11-arm64':
+      'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-headless-shell-linux-arm64.zip',
+    'debian12-x64':
+      'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-headless-shell-linux.zip',
+    'debian12-arm64':
+      'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-headless-shell-linux-arm64.zip',
+    'mac10.13': undefined,
+    'mac10.14': undefined,
+    'mac10.15': undefined,
+    mac11:
+      'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-headless-shell-mac.zip',
+    'mac11-arm64':
+      'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-headless-shell-mac-arm64.zip',
+    mac12:
+      'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-headless-shell-mac.zip',
+    'mac12-arm64':
+      'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-headless-shell-mac-arm64.zip',
+    mac13:
+      'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-headless-shell-mac.zip',
+    'mac13-arm64':
+      'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-headless-shell-mac-arm64.zip',
+    mac14:
+      'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-headless-shell-mac.zip',
+    'mac14-arm64':
+      'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-headless-shell-mac-arm64.zip',
+    mac15:
+      'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-headless-shell-mac.zip',
+    'mac15-arm64':
+      'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-headless-shell-mac-arm64.zip',
+    win64:
+      'builds/chromium-tip-of-tree/%s/chromium-tip-of-tree-headless-shell-win64.zip',
  },
-  'firefox': {
+  firefox: {
    '<unknown>': undefined,
-    'generic-linux': 'builds/firefox/%s/firefox-ubuntu-20.04.zip',
-    'generic-linux-arm64': 'builds/firefox/%s/firefox-ubuntu-20.04-arm64.zip',
-    'ubuntu18.04': 'builds/firefox/%s/firefox-ubuntu-18.04.zip',
-    'ubuntu20.04': 'builds/firefox/%s/firefox-ubuntu-20.04.zip',
-    'ubuntu22.04': 'builds/firefox/%s/firefox-ubuntu-22.04.zip',
+    'ubuntu18.04-x64': undefined,
+    'ubuntu20.04-x64': 'builds/firefox/%s/firefox-ubuntu-20.04.zip',
+    'ubuntu22.04-x64': 'builds/firefox/%s/firefox-ubuntu-22.04.zip',
+    'ubuntu24.04-x64': 'builds/firefox/%s/firefox-ubuntu-24.04.zip',
    'ubuntu18.04-arm64': undefined,
    'ubuntu20.04-arm64': 'builds/firefox/%s/firefox-ubuntu-20.04-arm64.zip',
    'ubuntu22.04-arm64': 'builds/firefox/%s/firefox-ubuntu-22.04-arm64.zip',
-    'mac10.13': 'builds/firefox/%s/firefox-mac-11.zip',
-    'mac10.14': 'builds/firefox/%s/firefox-mac-11.zip',
-    'mac10.15': 'builds/firefox/%s/firefox-mac-11.zip',
-    'mac11': 'builds/firefox/%s/firefox-mac-11.zip',
-    'mac11-arm64': 'builds/firefox/%s/firefox-mac-11-arm64.zip',
-    'mac12': 'builds/firefox/%s/firefox-mac-11.zip',
-    'mac12-arm64': 'builds/firefox/%s/firefox-mac-11-arm64.zip',
-    'win64': 'builds/firefox/%s/firefox-win64.zip',
+    'ubuntu24.04-arm64': 'builds/firefox/%s/firefox-ubuntu-24.04-arm64.zip',
+    'debian11-x64': 'builds/firefox/%s/firefox-debian-11.zip',
+    'debian11-arm64': 'builds/firefox/%s/firefox-debian-11-arm64.zip',
+    'debian12-x64': 'builds/firefox/%s/firefox-debian-12.zip',
+    'debian12-arm64': 'builds/firefox/%s/firefox-debian-12-arm64.zip',
+    'mac10.13': 'builds/firefox/%s/firefox-mac.zip',
+    'mac10.14': 'builds/firefox/%s/firefox-mac.zip',
+    'mac10.15': 'builds/firefox/%s/firefox-mac.zip',
+    mac11: 'builds/firefox/%s/firefox-mac.zip',
+    'mac11-arm64': 'builds/firefox/%s/firefox-mac-arm64.zip',
+    mac12: 'builds/firefox/%s/firefox-mac.zip',
+    'mac12-arm64': 'builds/firefox/%s/firefox-mac-arm64.zip',
+    mac13: 'builds/firefox/%s/firefox-mac.zip',
+    'mac13-arm64': 'builds/firefox/%s/firefox-mac-arm64.zip',
+    mac14: 'builds/firefox/%s/firefox-mac.zip',
+    'mac14-arm64': 'builds/firefox/%s/firefox-mac-arm64.zip',
+    mac15: 'builds/firefox/%s/firefox-mac.zip',
+    'mac15-arm64': 'builds/firefox/%s/firefox-mac-arm64.zip',
+    win64: 'builds/firefox/%s/firefox-win64.zip',
  },
  'firefox-beta': {
    '<unknown>': undefined,
-    'generic-linux': 'builds/firefox-beta/%s/firefox-beta-ubuntu-20.04.zip',
-    'generic-linux-arm64': undefined,
-    'ubuntu18.04': 'builds/firefox-beta/%s/firefox-beta-ubuntu-18.04.zip',
-    'ubuntu20.04': 'builds/firefox-beta/%s/firefox-beta-ubuntu-20.04.zip',
-    'ubuntu22.04': 'builds/firefox-beta/%s/firefox-beta-ubuntu-22.04.zip',
+    'ubuntu18.04-x64': undefined,
+    'ubuntu20.04-x64': 'builds/firefox-beta/%s/firefox-beta-ubuntu-20.04.zip',
+    'ubuntu22.04-x64': 'builds/firefox-beta/%s/firefox-beta-ubuntu-22.04.zip',
+    'ubuntu24.04-x64': 'builds/firefox-beta/%s/firefox-beta-ubuntu-24.04.zip',
    'ubuntu18.04-arm64': undefined,
    'ubuntu20.04-arm64': undefined,
-    'ubuntu22.04-arm64': 'builds/firefox-beta/%s/firefox-beta-ubuntu-22.04-arm64.zip',
-    'mac10.13': 'builds/firefox-beta/%s/firefox-beta-mac-11.zip',
-    'mac10.14': 'builds/firefox-beta/%s/firefox-beta-mac-11.zip',
-    'mac10.15': 'builds/firefox-beta/%s/firefox-beta-mac-11.zip',
-    'mac11': 'builds/firefox-beta/%s/firefox-beta-mac-11.zip',
-    'mac11-arm64': 'builds/firefox-beta/%s/firefox-beta-mac-11-arm64.zip',
-    'mac12': 'builds/firefox-beta/%s/firefox-beta-mac-11.zip',
-    'mac12-arm64': 'builds/firefox-beta/%s/firefox-beta-mac-11-arm64.zip',
-    'win64': 'builds/firefox-beta/%s/firefox-beta-win64.zip',
+    'ubuntu22.04-arm64':
+      'builds/firefox-beta/%s/firefox-beta-ubuntu-22.04-arm64.zip',
+    'ubuntu24.04-arm64':
+      'builds/firefox-beta/%s/firefox-beta-ubuntu-24.04-arm64.zip',
+    'debian11-x64': 'builds/firefox-beta/%s/firefox-beta-debian-11.zip',
+    'debian11-arm64': 'builds/firefox-beta/%s/firefox-beta-debian-11-arm64.zip',
+    'debian12-x64': 'builds/firefox-beta/%s/firefox-beta-debian-12.zip',
+    'debian12-arm64': 'builds/firefox-beta/%s/firefox-beta-debian-12-arm64.zip',
+    'mac10.13': 'builds/firefox-beta/%s/firefox-beta-mac.zip',
+    'mac10.14': 'builds/firefox-beta/%s/firefox-beta-mac.zip',
+    'mac10.15': 'builds/firefox-beta/%s/firefox-beta-mac.zip',
+    mac11: 'builds/firefox-beta/%s/firefox-beta-mac.zip',
+    'mac11-arm64': 'builds/firefox-beta/%s/firefox-beta-mac-arm64.zip',
+    mac12: 'builds/firefox-beta/%s/firefox-beta-mac.zip',
+    'mac12-arm64': 'builds/firefox-beta/%s/firefox-beta-mac-arm64.zip',
+    mac13: 'builds/firefox-beta/%s/firefox-beta-mac.zip',
+    'mac13-arm64': 'builds/firefox-beta/%s/firefox-beta-mac-arm64.zip',
+    mac14: 'builds/firefox-beta/%s/firefox-beta-mac.zip',
+    'mac14-arm64': 'builds/firefox-beta/%s/firefox-beta-mac-arm64.zip',
+    mac15: 'builds/firefox-beta/%s/firefox-beta-mac.zip',
+    'mac15-arm64': 'builds/firefox-beta/%s/firefox-beta-mac-arm64.zip',
+    win64: 'builds/firefox-beta/%s/firefox-beta-win64.zip',
  },
-  'webkit': {
+  webkit: {
    '<unknown>': undefined,
-    'generic-linux': 'builds/webkit/%s/webkit-ubuntu-20.04.zip',
-    'generic-linux-arm64': 'builds/webkit/%s/webkit-ubuntu-20.04-arm64.zip',
-    'ubuntu18.04': 'builds/webkit/%s/webkit-ubuntu-18.04.zip',
-    'ubuntu20.04': 'builds/webkit/%s/webkit-ubuntu-20.04.zip',
-    'ubuntu22.04': 'builds/webkit/%s/webkit-ubuntu-22.04.zip',
+    'ubuntu18.04-x64': undefined,
+    'ubuntu20.04-x64': 'builds/webkit/%s/webkit-ubuntu-20.04.zip',
+    'ubuntu22.04-x64': 'builds/webkit/%s/webkit-ubuntu-22.04.zip',
+    'ubuntu24.04-x64': 'builds/webkit/%s/webkit-ubuntu-24.04.zip',
    'ubuntu18.04-arm64': undefined,
    'ubuntu20.04-arm64': 'builds/webkit/%s/webkit-ubuntu-20.04-arm64.zip',
    'ubuntu22.04-arm64': 'builds/webkit/%s/webkit-ubuntu-22.04-arm64.zip',
+    'ubuntu24.04-arm64': 'builds/webkit/%s/webkit-ubuntu-24.04-arm64.zip',
+    'debian11-x64': 'builds/webkit/%s/webkit-debian-11.zip',
+    'debian11-arm64': 'builds/webkit/%s/webkit-debian-11-arm64.zip',
+    'debian12-x64': 'builds/webkit/%s/webkit-debian-12.zip',
+    'debian12-arm64': 'builds/webkit/%s/webkit-debian-12-arm64.zip',
    'mac10.13': undefined,
-    'mac10.14': 'builds/deprecated-webkit-mac-10.14/%s/deprecated-webkit-mac-10.14.zip',
-    'mac10.15': 'builds/webkit/%s/webkit-mac-10.15.zip',
-    'mac11': 'builds/webkit/%s/webkit-mac-11.zip',
+    'mac10.14':
+      'builds/deprecated-webkit-mac-10.14/%s/deprecated-webkit-mac-10.14.zip',
+    'mac10.15':
+      'builds/deprecated-webkit-mac-10.15/%s/deprecated-webkit-mac-10.15.zip',
+    mac11: 'builds/webkit/%s/webkit-mac-11.zip',
    'mac11-arm64': 'builds/webkit/%s/webkit-mac-11-arm64.zip',
-    'mac12': 'builds/webkit/%s/webkit-mac-12.zip',
+    mac12: 'builds/webkit/%s/webkit-mac-12.zip',
    'mac12-arm64': 'builds/webkit/%s/webkit-mac-12-arm64.zip',
-    'win64': 'builds/webkit/%s/webkit-win64.zip',
+    mac13: 'builds/webkit/%s/webkit-mac-13.zip',
+    'mac13-arm64': 'builds/webkit/%s/webkit-mac-13-arm64.zip',
+    mac14: 'builds/webkit/%s/webkit-mac-14.zip',
+    'mac14-arm64': 'builds/webkit/%s/webkit-mac-14-arm64.zip',
+    mac15: 'builds/webkit/%s/webkit-mac-15.zip',
+    'mac15-arm64': 'builds/webkit/%s/webkit-mac-15-arm64.zip',
+    win64: 'builds/webkit/%s/webkit-win64.zip',
  },
-  'ffmpeg': {
+  ffmpeg: {
    '<unknown>': undefined,
-    'generic-linux': 'builds/ffmpeg/%s/ffmpeg-linux.zip',
-    'generic-linux-arm64': 'builds/ffmpeg/%s/ffmpeg-linux-arm64.zip',
-    'ubuntu18.04': 'builds/ffmpeg/%s/ffmpeg-linux.zip',
-    'ubuntu20.04': 'builds/ffmpeg/%s/ffmpeg-linux.zip',
-    'ubuntu22.04': 'builds/ffmpeg/%s/ffmpeg-linux.zip',
-    'ubuntu18.04-arm64': 'builds/ffmpeg/%s/ffmpeg-linux-arm64.zip',
+    'ubuntu18.04-x64': undefined,
+    'ubuntu20.04-x64': 'builds/ffmpeg/%s/ffmpeg-linux.zip',
+    'ubuntu22.04-x64': 'builds/ffmpeg/%s/ffmpeg-linux.zip',
+    'ubuntu24.04-x64': 'builds/ffmpeg/%s/ffmpeg-linux.zip',
+    'ubuntu18.04-arm64': undefined,
    'ubuntu20.04-arm64': 'builds/ffmpeg/%s/ffmpeg-linux-arm64.zip',
    'ubuntu22.04-arm64': 'builds/ffmpeg/%s/ffmpeg-linux-arm64.zip',
+    'ubuntu24.04-arm64': 'builds/ffmpeg/%s/ffmpeg-linux-arm64.zip',
+    'debian11-x64': 'builds/ffmpeg/%s/ffmpeg-linux.zip',
+    'debian11-arm64': 'builds/ffmpeg/%s/ffmpeg-linux-arm64.zip',
+    'debian12-x64': 'builds/ffmpeg/%s/ffmpeg-linux.zip',
+    'debian12-arm64': 'builds/ffmpeg/%s/ffmpeg-linux-arm64.zip',
    'mac10.13': 'builds/ffmpeg/%s/ffmpeg-mac.zip',
    'mac10.14': 'builds/ffmpeg/%s/ffmpeg-mac.zip',
    'mac10.15': 'builds/ffmpeg/%s/ffmpeg-mac.zip',
-    'mac11': 'builds/ffmpeg/%s/ffmpeg-mac.zip',
+    mac11: 'builds/ffmpeg/%s/ffmpeg-mac.zip',
    'mac11-arm64': 'builds/ffmpeg/%s/ffmpeg-mac-arm64.zip',
-    'mac12': 'builds/ffmpeg/%s/ffmpeg-mac.zip',
+    mac12: 'builds/ffmpeg/%s/ffmpeg-mac.zip',
    'mac12-arm64': 'builds/ffmpeg/%s/ffmpeg-mac-arm64.zip',
-    'win64': 'builds/ffmpeg/%s/ffmpeg-win64.zip',
+    mac13: 'builds/ffmpeg/%s/ffmpeg-mac.zip',
+    'mac13-arm64': 'builds/ffmpeg/%s/ffmpeg-mac-arm64.zip',
+    mac14: 'builds/ffmpeg/%s/ffmpeg-mac.zip',
+    'mac14-arm64': 'builds/ffmpeg/%s/ffmpeg-mac-arm64.zip',
+    mac15: 'builds/ffmpeg/%s/ffmpeg-mac.zip',
+    'mac15-arm64': 'builds/ffmpeg/%s/ffmpeg-mac-arm64.zip',
+    win64: 'builds/ffmpeg/%s/ffmpeg-win64.zip',
  },
-};
+  winldd: {
+    '<unknown>': undefined,
+    'ubuntu18.04-x64': undefined,
+    'ubuntu20.04-x64': undefined,
+    'ubuntu22.04-x64': undefined,
+    'ubuntu24.04-x64': undefined,
+    'ubuntu18.04-arm64': undefined,
+    'ubuntu20.04-arm64': undefined,
+    'ubuntu22.04-arm64': undefined,
+    'ubuntu24.04-arm64': undefined,
+    'debian11-x64': undefined,
+    'debian11-arm64': undefined,
+    'debian12-x64': undefined,
+    'debian12-arm64': undefined,
+    'mac10.13': undefined,
+    'mac10.14': undefined,
+    'mac10.15': undefined,
+    mac11: undefined,
+    'mac11-arm64': undefined,
+    mac12: undefined,
+    'mac12-arm64': undefined,
+    mac13: undefined,
+    'mac13-arm64': undefined,
+    mac14: undefined,
+    'mac14-arm64': undefined,
+    mac15: undefined,
+    'mac15-arm64': undefined,
+    win64: 'builds/winldd/%s/winldd-win64.zip',
+  },
+  android: {
+    '<unknown>': 'builds/android/%s/android.zip',
+    'ubuntu18.04-x64': undefined,
+    'ubuntu20.04-x64': 'builds/android/%s/android.zip',
+    'ubuntu22.04-x64': 'builds/android/%s/android.zip',
+    'ubuntu24.04-x64': 'builds/android/%s/android.zip',
+    'ubuntu18.04-arm64': undefined,
+    'ubuntu20.04-arm64': 'builds/android/%s/android.zip',
+    'ubuntu22.04-arm64': 'builds/android/%s/android.zip',
+    'ubuntu24.04-arm64': 'builds/android/%s/android.zip',
+    'debian11-x64': 'builds/android/%s/android.zip',
+    'debian11-arm64': 'builds/android/%s/android.zip',
+    'debian12-x64': 'builds/android/%s/android.zip',
+    'debian12-arm64': 'builds/android/%s/android.zip',
+    'mac10.13': 'builds/android/%s/android.zip',
+    'mac10.14': 'builds/android/%s/android.zip',
+    'mac10.15': 'builds/android/%s/android.zip',
+    mac11: 'builds/android/%s/android.zip',
+    'mac11-arm64': 'builds/android/%s/android.zip',
+    mac12: 'builds/android/%s/android.zip',
+    'mac12-arm64': 'builds/android/%s/android.zip',
+    mac13: 'builds/android/%s/android.zip',
+    'mac13-arm64': 'builds/android/%s/android.zip',
+    mac14: 'builds/android/%s/android.zip',
+    'mac14-arm64': 'builds/android/%s/android.zip',
+    mac15: 'builds/android/%s/android.zip',
+    'mac15-arm64': 'builds/android/%s/android.zip',
+    win64: 'builds/android/%s/android.zip',
+  },
+} as const;

+@SingletonProto()
+@BinaryAdapter(BinaryType.Playwright)
 export class PlaywrightBinary extends AbstractBinary {
  private dirItems?: Record<string, BinaryItem[]>;
+  async initFetch() {
+    this.dirItems = undefined;
+  }
+
  async fetch(dir: string): Promise<FetchResult | undefined> {
    if (!this.dirItems) {
      const packageData = await this.requestJSON(PACKAGE_URL);
      const nowDateISO = new Date().toISOString();
+      const buildDirs: BinaryItem[] = [];
+      for (const browserName of Object.keys(DOWNLOAD_PATHS)) {
+        if (
+          browserName === 'chromium-headless-shell' ||
+          browserName === 'chromium-tip-of-tree-headless-shell'
+        ) {
+          continue;
+        }
+        buildDirs.push({
+          name: `${browserName}/`,
+          isDir: true,
+          url: '',
+          size: '-',
+          date: nowDateISO,
+        });
+      }
      this.dirItems = {
-        '/': [{ name: 'builds/', isDir: true, url: '', size: '-', date: nowDateISO }],
-        '/builds/': Object.keys(DOWNLOAD_PATHS).map(
-          dist => ({ name: `${dist}/`, isDir: true, url: '', size: '-', date: nowDateISO })),
-        ...Object.fromEntries(Object.keys(DOWNLOAD_PATHS).map(dist => [ `/builds/${dist}/`, []])),
+        '/': [
+          {
+            name: 'builds/',
+            isDir: true,
+            url: '',
+            size: '-',
+            date: nowDateISO,
+          },
+        ],
+        '/builds/': buildDirs,
      };
+      for (const browserName of Object.keys(DOWNLOAD_PATHS)) {
+        if (
+          browserName === 'chromium-headless-shell' ||
+          browserName === 'chromium-tip-of-tree-headless-shell'
+        ) {
+          continue;
+        }
+        this.dirItems[`/builds/${browserName}/`] = [];
+      }

      // Only download beta and release versions of packages to reduce amount of request
      const packageVersions = Object.keys(packageData.versions)
        .filter(version => version.match(/^(?:\d+\.\d+\.\d+)(?:-beta-\d+)?$/))
        // select recently update 20 items
        .slice(-20);
-      const browsers: { name: string; revision: string; browserVersion: string; revisionOverrides?: Record<string, string> }[] = [];
+      const browsers: {
+        name: keyof typeof DOWNLOAD_PATHS;
+        revision: string;
+        browserVersion: string;
+        revisionOverrides?: Record<string, string>;
+      }[] = [];
      await Promise.all(
        packageVersions.map(version =>
          this.requestJSON(
-            `https://unpkg.com/playwright-core@${version}/browsers.json`,
+            `https://unpkg.com/playwright-core@${version}/browsers.json`
          )
            .then(data => {
              // browsers: [
@@ -179,25 +431,76 @@ export class PlaywrightBinary extends AbstractBinary {
              //   },
              // ]
              browsers.push(...data.browsers);
+              return data;
            })
            .catch(err => {
-              this.logger.warn('[PlaywrightBinary.fetch:error] Playwright version %s browser data request failed: %s', version, err);
-            }),
-        ),
+              /* c8 ignore next 2 */
+              this.logger.warn(
+                '[PlaywrightBinary.fetch:error] Playwright version %s browser data request failed: %s',
+                version,
+                err
+              );
+            })
+        )
      );
+      // if chromium-headless-shell not exists on browsers, copy chromium to chromium-headless-shell
+      if (
+        !browsers.some(browser => browser.name === 'chromium-headless-shell')
+      ) {
+        const chromium = browsers.find(browser => browser.name === 'chromium');
+        // {
+        //   "name": "chromium",
+        //   "revision": "1155",
+        //   "installByDefault": true,
+        //   "browserVersion": "133.0.6943.16"
+        // }
+        if (chromium) {
+          browsers.push({
+            ...chromium,
+            name: 'chromium-headless-shell',
+          });
+        }
+      }
+      // if chromium-tip-of-tree-headless-shell not exists on browsers, copy chromium-tip-of-tree to chromium-tip-of-tree-headless-shell
+      if (
+        !browsers.some(
+          browser => browser.name === 'chromium-tip-of-tree-headless-shell'
+        )
+      ) {
+        const chromiumTipOfTree = browsers.find(
+          browser => browser.name === 'chromium-tip-of-tree'
+        );
+        if (chromiumTipOfTree) {
+          browsers.push({
+            ...chromiumTipOfTree,
+            name: 'chromium-tip-of-tree-headless-shell',
+          });
+        }
+      }

      for (const browser of browsers) {
        const downloadPaths = DOWNLOAD_PATHS[browser.name];
        if (!downloadPaths) continue;
-        for (const [ platform, remotePath ] of Object.entries(downloadPaths)) {
+        let browserDirname = browser.name;
+        if (browser.name === 'chromium-headless-shell') {
+          // chromium-headless-shell should be under chromium
+          // https://playwright.azureedge.net/builds/chromium/1155/chromium-headless-shell-mac-arm64.zip
+          browserDirname = 'chromium';
+        } else if (browser.name === 'chromium-tip-of-tree-headless-shell') {
+          // chromium-tip-of-tree-headless-shell should be under chromium-tip-of-tree
+          // https://playwright.azureedge.net/builds/chromium-tip-of-tree/1293/chromium-tip-of-tree-headless-shell-mac-arm64.zip
+          browserDirname = 'chromium-tip-of-tree';
+        }
+        for (const [platform, remotePath] of Object.entries(downloadPaths)) {
          if (typeof remotePath !== 'string') continue;
-          const revision = browser.revisionOverrides?.[platform] ?? browser.revision;
+          const revision =
+            browser.revisionOverrides?.[platform] ?? browser.revision;
          const itemDate = browser.browserVersion || revision;
          const url = DOWNLOAD_HOST + util.format(remotePath, revision);
          const name = path.basename(remotePath);
-          const dir = `/builds/${browser.name}/${revision}/`;
+          const dir = `/builds/${browserDirname}/${revision}/`;
          if (!this.dirItems[dir]) {
-            this.dirItems[`/builds/${browser.name}/`].push({
+            this.dirItems[`/builds/${browserDirname}/`].push({
              name: `${revision}/`,
              isDir: true,
              url: '',
@@ -206,8 +509,14 @@ export class PlaywrightBinary extends AbstractBinary {
            });
            this.dirItems[dir] = [];
          }
-          if (!this.dirItems[dir].find(item => item.name === name)) {
-            this.dirItems[dir].push({ name, isDir: false, url, size: '-', date: itemDate });
+          if (!this.dirItems[dir].some(item => item.name === name)) {
+            this.dirItems[dir].push({
+              name,
+              isDir: false,
+              url,
+              size: '-',
+              date: itemDate,
+            });
          }
        }
      }
@@ -216,4 +525,3 @@ export class PlaywrightBinary extends AbstractBinary {
    return { items: this.dirItems[dir] ?? [], nextParams: null };
  }
 }
-
--- a/app/common/adapter/binary/PrismaBinary.ts
+++ b/app/common/adapter/binary/PrismaBinary.ts
@@ -0,0 +1,145 @@
+import path from 'node:path';
+
+import { SingletonProto } from 'egg';
+
+import binaries, { type BinaryName } from '../../../../config/binaries.ts';
+import { BinaryType } from '../../enum/Binary.ts';
+import {
+  AbstractBinary,
+  BinaryAdapter,
+  type BinaryItem,
+  type FetchResult,
+} from './AbstractBinary.ts';
+
+@SingletonProto()
+@BinaryAdapter(BinaryType.Prisma)
+export class PrismaBinary extends AbstractBinary {
+  private dirItems: {
+    [key: string]: BinaryItem[];
+  } = {};
+
+  async initFetch() {
+    // https://github.com/cnpm/cnpmcore/issues/473#issuecomment-1562115738
+    const pkgUrl = 'https://registry.npmjs.com/@prisma/engines';
+    const data = await this.requestJSON(pkgUrl);
+    const modified = data.time.modified;
+    this.dirItems = {};
+    this.dirItems['/'] = [
+      {
+        name: 'all_commits/',
+        date: modified,
+        size: '-',
+        isDir: true,
+        url: '',
+      },
+    ];
+    this.dirItems['/all_commits/'] = [];
+    const commitIdMap: Record<string, boolean> = {};
+    // https://list-binaries.prisma-orm.workers.dev/?delimiter=/&prefix=all_commits/61023c35d2c8762f66f09bc4183d2f630b541d08/
+    for (const version in data.versions) {
+      const major = Number.parseInt(version.split('.', 1)[0]);
+      // need >= 3.0.0
+      if (major < 3) continue;
+      const date = data.time[version];
+      const pkg = data.versions[version];
+      // https://registry.npmjs.com/@prisma/engines/4.14.1
+      // https://registry.npmjs.com/@prisma/engines/5.7.0 should read from dependencies
+      const enginesVersion =
+        pkg.devDependencies?.['@prisma/engines-version'] ||
+        pkg.dependencies?.['@prisma/engines-version'] ||
+        '';
+      // "@prisma/engines-version": "4.14.0-67.d9a4c5988f480fa576d43970d5a23641aa77bc9c"
+      // "@prisma/engines-version": "5.7.0-41.79fb5193cf0a8fdbef536e4b4a159cad677ab1b9"
+      const matched = /\.(\w{30,})$/.exec(enginesVersion);
+      if (!matched) continue;
+      const commitId = matched[1];
+      if (commitIdMap[commitId]) continue;
+      commitIdMap[commitId] = true;
+      this.dirItems['/all_commits/'].push({
+        name: `${commitId}/`,
+        date,
+        size: '-',
+        isDir: true,
+        url: '',
+      });
+    }
+  }
+
+  async fetch(
+    dir: string,
+    binaryName: BinaryName
+  ): Promise<FetchResult | undefined> {
+    const existsItems = this.dirItems[dir];
+    if (existsItems) {
+      return { items: existsItems, nextParams: null };
+    }
+    // /foo/ => foo/
+    const binaryConfig = binaries[binaryName];
+    const subDir = dir.slice(1);
+    const url = `${binaryConfig.distUrl}?delimiter=/&prefix=${encodeURIComponent(subDir)}`;
+    const result = await this.requestJSON(url);
+    return { items: this.#parseItems(result), nextParams: null };
+  }
+
+  // oxlint-disable-next-line typescript-eslint/no-explicit-any
+  #parseItems(result: any): BinaryItem[] {
+    const items: BinaryItem[] = [];
+    // objects": [
+    //   {
+    //   "uploaded": "2023-05-23T15:43:05.772Z",
+    //   "checksums": {
+    //   "md5": "d41d8cd98f00b204e9800998ecf8427e"
+    //   },
+    //   "httpEtag": "\"d41d8cd98f00b204e9800998ecf8427e\"",
+    //   "etag": "d41d8cd98f00b204e9800998ecf8427e",
+    //   "size": 0,
+    //   "version": "7e77b6b8c1d214f2c6be3c959749b5a6",
+    //   "key": "all_commits/61023c35d2c8762f66f09bc4183d2f630b541d08/darwin-arm64/.finished"
+    //   },
+    // {
+    //   "uploaded": "2023-05-23T15:41:33.861Z",
+    //   "checksums": {
+    //   "md5": "4822215a13ae372ae82afd12689fce37"
+    //   },
+    //   "httpEtag": "\"4822215a13ae372ae82afd12689fce37\"",
+    //   "etag": "4822215a13ae372ae82afd12689fce37",
+    //   "size": 96,
+    //   "version": "7e77b6ba29d4e776023e4fa62825c13a",
+    //   "key": "all_commits/61023c35d2c8762f66f09bc4183d2f630b541d08/darwin-arm64/libquery_engine.dylib.node.gz.sha256"
+    //   },
+    // https://list-binaries.prisma-orm.workers.dev/?delimiter=/&prefix=all_commits/61023c35d2c8762f66f09bc4183d2f630b541d08/darwin-arm64/
+    const objects: {
+      uploaded: string;
+      size: number;
+      key: string;
+    }[] = result.objects || [];
+    for (const o of objects) {
+      const fullname = o.key;
+      // ignore size = 0
+      if (o.size === 0) continue;
+      const name = path.basename(fullname);
+      items.push({
+        name,
+        isDir: false,
+        // https://binaries.prisma.sh/all_commits/2452cc6313d52b8b9a96999ac0e974d0aedf88db/darwin-arm64/prisma-fmt.gz
+        url: `https://binaries.prisma.sh/${fullname}`,
+        size: o.size,
+        date: o.uploaded,
+      });
+    }
+    // delimitedPrefixes: [ 'all_commits/61023c35d2c8762f66f09bc4183d2f630b541d08/darwin-arm64/' ]
+    // https://list-binaries.prisma-orm.workers.dev/?delimiter=/&prefix=all_commits/61023c35d2c8762f66f09bc4183d2f630b541d08/
+    const delimitedPrefixes: string[] = result.delimitedPrefixes || [];
+    for (const fullname of delimitedPrefixes) {
+      const name = `${path.basename(fullname)}/`;
+      items.push({
+        name,
+        isDir: true,
+        url: '',
+        size: '-',
+        date: new Date().toISOString(),
+      });
+    }
+    return items;
+  }
+}
--- a/app/common/adapter/binary/PuppeteerBinary.ts
+++ b/app/common/adapter/binary/PuppeteerBinary.ts
@@ -1,76 +1,51 @@
-import { AbstractBinary, FetchResult, BinaryItem } from './AbstractBinary';
+import { SingletonProto } from 'egg';
+import { XMLParser } from 'fast-xml-parser';

+import { BinaryType } from '../../enum/Binary.ts';
+import {
+  AbstractBinary,
+  BinaryAdapter,
+  type BinaryItem,
+  type FetchResult,
+} from './AbstractBinary.ts';
+
+export const platforms = ['Linux_x64', 'Mac', 'Mac_Arm', 'Win', 'Win_x64'];
+
+const MAX_DEPTH = 1;
+
+@SingletonProto()
+@BinaryAdapter(BinaryType.Puppeteer)
 export class PuppeteerBinary extends AbstractBinary {
-  private dirItems: {
+  private dirItems?: {
    [key: string]: BinaryItem[];
  };

-  async fetch(dir: string): Promise<FetchResult | undefined> {
+  async initFetch() {
+    this.dirItems = undefined;
+  }
+
+  async fetch(
+    dir: string,
+    _binaryName: string,
+    lastData?: Record<string, unknown>
+  ): Promise<FetchResult | undefined> {
    if (!this.dirItems) {
-      const pkgUrl = 'https://registry.npmjs.com/puppeteer';
-      const data = await this.requestJSON(pkgUrl);
+      const s3Url = 'https://chromium-browser-snapshots.storage.googleapis.com';
+      const chromiumRevisions = new Map<string, string>();
      this.dirItems = {};
      this.dirItems['/'] = [];
-      const chromiumRevisions = new Map<string, string>();
-      for (const version in data.versions) {
-        // find chromium versions
-        const pkg = data.versions[version];
-        const revision = pkg.puppeteer?.chromium_revision ? String(pkg.puppeteer.chromium_revision) : '';
-        if (revision && !chromiumRevisions.has(revision)) {
-          chromiumRevisions.set(revision, data.time[version]);
-        }
-      }
-
-      // https://unpkg.com/puppeteer@5.1.0/lib/cjs/revisions.js
-      // https://unpkg.com/puppeteer@latest/lib/cjs/puppeteer/revisions.js
-      // exports.PUPPETEER_REVISIONS = {
-      //   chromium: '768783',
-      //   firefox: 'latest',
-      // };
-      const unpkgURL = 'https://unpkg.com/puppeteer@latest/lib/cjs/puppeteer/revisions.js';
-      const text = await this.requestXml(unpkgURL);
-      const m = /chromium:\s+\'(\d+)\'\,/.exec(text);
-      if (m && !chromiumRevisions.has(m[1])) {
-        chromiumRevisions.set(m[1], new Date().toISOString());
-      }
-
-      // download LAST_CHANGE
-      // https://github.com/chaopeng/chromium-downloader/blob/master/get-chromium#L28
-      const LAST_CHANGE_URL = 'https://www.googleapis.com/download/storage/v1/b/chromium-browser-snapshots/o/Linux_x64%2FLAST_CHANGE?alt=media';
-      const lastRevision = await this.requestXml(LAST_CHANGE_URL);
-      if (lastRevision) {
-        chromiumRevisions.set(lastRevision, new Date().toISOString());
-      }
-
-      // old versions
-      // v5.0.0
-      chromiumRevisions.set('756035', data.time['5.0.0']);
-      // v5.2.0
-      chromiumRevisions.set('768783', data.time['5.2.0']);
-      // v5.2.1
-      chromiumRevisions.set('782078', data.time['5.2.1']);
-      // v5.3.0
-      chromiumRevisions.set('800071', data.time['5.3.0']);
-      // v5.4.0
-      chromiumRevisions.set('809590', data.time['5.4.0']);
-      // v5.5.0
-      chromiumRevisions.set('818858', data.time['5.5.0']);
-      // v6.0.0
-      chromiumRevisions.set('843427', data.time['6.0.0']);
-      // "7.0.0"
-      chromiumRevisions.set('848005', data.time['7.0.0']);
-      // https://github.com/puppeteer/puppeteer/blob/v8.0.0/src/revisions.ts#L23
-      // "8.0.0":"2021-02-26T08:36:50.107Z"
-      chromiumRevisions.set('856583', data.time['8.0.0']);
-      // "9.0.0":"2021-04-21T11:27:32.513Z"
-      chromiumRevisions.set('869685', data.time['9.0.0']);
-      // "10.0.0":"2021-05-31T12:42:27.486Z"
-      chromiumRevisions.set('884014', data.time['10.0.0']);
-      // "11.0.0":"2021-11-03T09:29:12.751Z"
-      chromiumRevisions.set('901912', data.time['11.0.0']);
-
-      const platforms = [ 'Linux_x64', 'Mac', 'Mac_Arm', 'Win', 'Win_x64' ];
      for (const platform of platforms) {
+        const revision = lastData?.[platform] as string;
+        if (!revision) {
+          // 丢弃库中历史不带 lastData 的任务，防止遍历任务过多
+          this.logger.info(
+            'drop puppeteer task if has no last data for platform %s, lastPlatform',
+            platform,
+            lastData
+          );
+          return;
+        }
+        let marker = revision ? `${platform}/${revision}/REVISIONS` : undefined;
        this.dirItems['/'].push({
          name: `${platform}/`,
          date: new Date().toISOString(),
@@ -79,8 +54,35 @@ export class PuppeteerBinary extends AbstractBinary {
          url: '',
        });
        this.dirItems[`/${platform}/`] = [];
+        let i = 0;
+        do {
+          let requestUrl = `${s3Url}?prefix=${platform}&max-keys=100`;
+          if (marker) {
+            requestUrl += `&marker=${marker}`;
+          }
+          const xml = await this.requestXml(requestUrl);
+          const parser = new XMLParser();
+          const obj = parser.parse(xml);
+          if (
+            obj.ListBucketResult.IsTruncated === true &&
+            obj.ListBucketResult.NextMarker
+          ) {
+            marker = obj.ListBucketResult.NextMarker;
+          } else {
+            marker = undefined;
+          }
+          for (const content of obj.ListBucketResult.Contents) {
+            // /Linux_x64/1041455/REVISIONS
+            if (content.Key.endsWith('/REVISIONS')) {
+              const revision = content.Key.split('/')[1].trim();
+              chromiumRevisions.set(revision, content.LastModified);
+            }
+          }
+          // 最多遍历 100 次防止内存爆炸，下次同步任务会继续
+        } while (i++ < MAX_DEPTH && marker !== undefined);
      }
-      for (const [ revision, date ] of chromiumRevisions.entries()) {
+
+      for (const [revision, date] of chromiumRevisions.entries()) {
        // https://github.com/puppeteer/puppeteer/blob/eebf452d38b79bb2ea1a1ba84c3d2ea6f2f9f899/src/node/BrowserFetcher.ts#L40
        // chrome: {
        //   linux: '%s/chromium-browser-snapshots/Linux_x64/%d/%s.zip',
@@ -105,7 +107,7 @@ export class PuppeteerBinary extends AbstractBinary {
              size: '-',
              isDir: false,
              url: `https://storage.googleapis.com/chromium-browser-snapshots/${platform}/${revision}/${name}`,
-              ignoreDownloadStatuses: [ 404 ],
+              ignoreDownloadStatuses: [404],
            },
          ];
        }
@@ -116,15 +118,14 @@ export class PuppeteerBinary extends AbstractBinary {
  }

  // https://github.com/puppeteer/puppeteer/blob/eebf452d38b79bb2ea1a1ba84c3d2ea6f2f9f899/src/node/BrowserFetcher.ts#L72
-  private archiveName(
-    platform: string,
-    revision: string,
-  ): string {
+  private archiveName(platform: string, revision: string): string {
    if (platform === 'Linux_x64') return 'chrome-linux';
    if (platform === 'Mac' || platform === 'Mac_Arm') return 'chrome-mac';
    if (platform === 'Win' || platform === 'Win_x64') {
      // Windows archive name changed at r591479.
-      return parseInt(revision, 10) > 591479 ? 'chrome-win' : 'chrome-win32';
+      return Number.parseInt(revision, 10) > 591_479
+        ? 'chrome-win'
+        : 'chrome-win32';
    }
    return '';
  }
--- a/app/common/adapter/binary/SqlcipherBinary.ts
+++ b/app/common/adapter/binary/SqlcipherBinary.ts
@@ -1,79 +1,92 @@
-import { AbstractBinary, FetchResult, BinaryItem } from './AbstractBinary';
+import { SingletonProto } from 'egg';

+import { BinaryType } from '../../enum/Binary.ts';
+import {
+  AbstractBinary,
+  BinaryAdapter,
+  type BinaryItem,
+  type FetchResult,
+} from './AbstractBinary.ts';
+
+@SingletonProto()
+@BinaryAdapter(BinaryType.Sqlcipher)
 export class SqlcipherBinary extends AbstractBinary {
-  private dirItems: {
-    [key: string]: BinaryItem[];
-  };
+  async initFetch() {
+    // do nothing
+    return;
+  }

  async fetch(dir: string): Promise<FetchResult | undefined> {
-    if (!this.dirItems) {
-      this.dirItems = {};
-      const s3Url = 'https://journeyapps-node-binary.s3.amazonaws.com/@journeyapps/sqlcipher';
-      const pkgUrl = 'https://registry.npmjs.com/@journeyapps/sqlcipher';
-      const data = await this.requestJSON(pkgUrl);
-      this.dirItems = {};
-      this.dirItems['/'] = [];
-      // https://github.com/journeyapps/node-sqlcipher/blob/master/.circleci/config.yml#L407
-      // https://github.com/journeyapps/node-sqlcipher/issues/35#issuecomment-698924173
-      // https://journeyapps-node-binary.s3.amazonaws.com/@journeyapps/sqlcipher/v5.3.0/napi-v3-darwin-arm64.tar.gz
-      // https://journeyapps-node-binary.s3.amazonaws.com/@journeyapps/sqlcipher/v5.3.0/napi-v6-darwin-arm64.tar.gz
-      // https://journeyapps-node-binary.s3.amazonaws.com/@journeyapps/sqlcipher/v5.3.0/napi-v3-darwin-x64.tar.gz
-      // https://journeyapps-node-binary.s3.amazonaws.com/@journeyapps/sqlcipher/v5.3.0/napi-v6-darwin-x64.tar.gz
+    const dirItems: {
+      [key: string]: BinaryItem[];
+    } = {
+      '/': [],
+    };
+    const s3Url =
+      'https://journeyapps-node-binary.s3.amazonaws.com/@journeyapps/sqlcipher';
+    const pkgUrl = 'https://registry.npmjs.com/@journeyapps/sqlcipher';
+    const data = await this.requestJSON(pkgUrl);
+    // https://github.com/journeyapps/node-sqlcipher/blob/master/.circleci/config.yml#L407
+    // https://github.com/journeyapps/node-sqlcipher/issues/35#issuecomment-698924173
+    // https://journeyapps-node-binary.s3.amazonaws.com/@journeyapps/sqlcipher/v5.3.0/napi-v3-darwin-arm64.tar.gz
+    // https://journeyapps-node-binary.s3.amazonaws.com/@journeyapps/sqlcipher/v5.3.0/napi-v6-darwin-arm64.tar.gz
+    // https://journeyapps-node-binary.s3.amazonaws.com/@journeyapps/sqlcipher/v5.3.0/napi-v3-darwin-x64.tar.gz
+    // https://journeyapps-node-binary.s3.amazonaws.com/@journeyapps/sqlcipher/v5.3.0/napi-v6-darwin-x64.tar.gz

-      // https://journeyapps-node-binary.s3.amazonaws.com/@journeyapps/sqlcipher/v5.3.0/napi-v6-linux-x64.tar.gz
-      // https://journeyapps-node-binary.s3.amazonaws.com/@journeyapps/sqlcipher/v5.3.0/napi-v3-linux-x64.tar.gz
+    // https://journeyapps-node-binary.s3.amazonaws.com/@journeyapps/sqlcipher/v5.3.0/napi-v6-linux-x64.tar.gz
+    // https://journeyapps-node-binary.s3.amazonaws.com/@journeyapps/sqlcipher/v5.3.0/napi-v3-linux-x64.tar.gz

-      // https://journeyapps-node-binary.s3.amazonaws.com/@journeyapps/sqlcipher/v5.3.0/napi-v6-win32-arm64.tar.gz
-      // https://journeyapps-node-binary.s3.amazonaws.com/@journeyapps/sqlcipher/v5.3.0/napi-v3-win32-arm64.tar.gz
-      // https://journeyapps-node-binary.s3.amazonaws.com/@journeyapps/sqlcipher/v5.3.0/napi-v3-win32-ia32.tar.gz
-      // https://journeyapps-node-binary.s3.amazonaws.com/@journeyapps/sqlcipher/v5.3.0/napi-v6-win32-ia32.tar.gz
-      // https://journeyapps-node-binary.s3.amazonaws.com/@journeyapps/sqlcipher/v5.3.0/napi-v3-win32-x64.tar.gz
-      // https://journeyapps-node-binary.s3.amazonaws.com/@journeyapps/sqlcipher/v5.3.0/napi-v6-win32-x64.tar.gz
-      const nodePlatformAndArchs = [
-        'linux-x64',
-        'darwin-x64',
-        'darwin-arm64',
-        'win32-x64',
-        'win32-arm64',
-        'win32-ia32',
-      ];
-      for (const version in data.versions) {
-        const major = parseInt(version.split('.', 1)[0]);
-        if (major < 5) continue;
-        // >= 5.0.0
-        const pkgVersion = data.versions[version];
-        const napiVersions = pkgVersion.binary && pkgVersion.binary.napi_versions || [];
-        const date = data.time[version];
-        this.dirItems['/'].push({
-          name: `v${version}/`,
-          date,
-          size: '-',
-          isDir: true,
-          url: '',
-        });
-        const versionDir = `/v${version}/`;
-        this.dirItems[versionDir] = [];
-        for (const nodePlatformAndArch of nodePlatformAndArchs) {
-          // napi
-          for (const napiVersion of napiVersions) {
-            // >= 5.0.0
-            // "package_name": "napi-v{napi_build_version}-{platform}-{arch}.tar.gz",
-            // "napi_versions": [
-            //   3, 6
-            // ]
-            const name = `napi-v${napiVersion}-${nodePlatformAndArch}.tar.gz`;
-            this.dirItems[versionDir].push({
-              name,
-              date,
-              size: '-',
-              isDir: false,
-              url: `${s3Url}/v${version}/${name}`,
-              ignoreDownloadStatuses: [ 404, 403 ],
-            });
-          }
+    // https://journeyapps-node-binary.s3.amazonaws.com/@journeyapps/sqlcipher/v5.3.0/napi-v6-win32-arm64.tar.gz
+    // https://journeyapps-node-binary.s3.amazonaws.com/@journeyapps/sqlcipher/v5.3.0/napi-v3-win32-arm64.tar.gz
+    // https://journeyapps-node-binary.s3.amazonaws.com/@journeyapps/sqlcipher/v5.3.0/napi-v3-win32-ia32.tar.gz
+    // https://journeyapps-node-binary.s3.amazonaws.com/@journeyapps/sqlcipher/v5.3.0/napi-v6-win32-ia32.tar.gz
+    // https://journeyapps-node-binary.s3.amazonaws.com/@journeyapps/sqlcipher/v5.3.0/napi-v3-win32-x64.tar.gz
+    // https://journeyapps-node-binary.s3.amazonaws.com/@journeyapps/sqlcipher/v5.3.0/napi-v6-win32-x64.tar.gz
+    const nodePlatformAndArchs = [
+      'linux-x64',
+      'darwin-x64',
+      'darwin-arm64',
+      'win32-x64',
+      'win32-arm64',
+      'win32-ia32',
+    ];
+    for (const version in data.versions) {
+      const major = Number.parseInt(version.split('.', 1)[0]);
+      if (major < 5) continue;
+      // >= 5.0.0
+      const pkgVersion = data.versions[version];
+      const napiVersions =
+        (pkgVersion.binary && pkgVersion.binary.napi_versions) || [];
+      const date = data.time[version];
+      dirItems['/'].push({
+        name: `v${version}/`,
+        date,
+        size: '-',
+        isDir: true,
+        url: '',
+      });
+      const versionDir = `/v${version}/`;
+      dirItems[versionDir] = [];
+      for (const nodePlatformAndArch of nodePlatformAndArchs) {
+        // napi
+        for (const napiVersion of napiVersions) {
+          // >= 5.0.0
+          // "package_name": "napi-v{napi_build_version}-{platform}-{arch}.tar.gz",
+          // "napi_versions": [
+          //   3, 6
+          // ]
+          const name = `napi-v${napiVersion}-${nodePlatformAndArch}.tar.gz`;
+          dirItems[versionDir].push({
+            name,
+            date,
+            size: '-',
+            isDir: false,
+            url: `${s3Url}/v${version}/${name}`,
+            ignoreDownloadStatuses: [404, 403],
+          });
        }
      }
    }
-    return { items: this.dirItems[dir] };
+    return { items: dirItems[dir] };
  }
 }
--- a/app/common/adapter/changesStream/AbstractChangesStream.ts
+++ b/app/common/adapter/changesStream/AbstractChangesStream.ts
@@ -1,32 +1,38 @@
 import {
-  ImplDecorator,
  Inject,
  QualifierImplDecoratorUtil,
-} from '@eggjs/tegg';
-import { RegistryType } from '../../../common/enum/Registry';
-import { Registry } from '../../../core/entity/Registry';
-import {
-  EggHttpClient,
-  EggLogger,
+  type ImplDecorator,
+  Logger,
+  HttpClient,
 } from 'egg';

+import type { RegistryType } from '../../../common/enum/Registry.ts';
+import type { Registry } from '../../../core/entity/Registry.ts';
+
 export const CHANGE_STREAM_ATTRIBUTE = 'CHANGE_STREAM_ATTRIBUTE';
-export type ChangesStreamChange = {
+export interface ChangesStreamChange {
  seq: string;
  fullname: string;
-};
+}

 export abstract class AbstractChangeStream {
  @Inject()
-  protected logger: EggLogger;
+  protected logger: Logger;

  @Inject()
-  protected httpclient: EggHttpClient;
+  protected httpClient: HttpClient;

  abstract getInitialSince(registry: Registry): Promise<string>;
-  abstract fetchChanges(registry: Registry, since: string): AsyncGenerator<ChangesStreamChange>;
+  abstract fetchChanges(
+    registry: Registry,
+    since: string
+  ): AsyncGenerator<ChangesStreamChange>;

-  getChangesStreamUrl(registry: Registry, since: string, limit?: number): string {
+  getChangesStreamUrl(
+    registry: Registry,
+    since: string,
+    limit?: number
+  ): string {
    const url = new URL(registry.changeStream);
    url.searchParams.set('since', since);
    if (limit) {
@@ -36,5 +42,10 @@ export abstract class AbstractChangeStream {
  }
 }

-export const RegistryChangesStream: ImplDecorator<AbstractChangeStream, typeof RegistryType> =
-  QualifierImplDecoratorUtil.generatorDecorator(AbstractChangeStream, CHANGE_STREAM_ATTRIBUTE);
+export const RegistryChangesStream: ImplDecorator<
+  AbstractChangeStream,
+  typeof RegistryType
+> = QualifierImplDecoratorUtil.generatorDecorator(
+  AbstractChangeStream,
+  CHANGE_STREAM_ATTRIBUTE
+);
--- a/app/common/adapter/changesStream/CnpmcoreChangesStream.ts
+++ b/app/common/adapter/changesStream/CnpmcoreChangesStream.ts
@@ -1,35 +1,43 @@
-import { ContextProto } from '@eggjs/tegg';
-import { RegistryType } from '../../../common/enum/Registry';
-import { Registry } from '../../../core/entity/Registry';
-import { E500 } from 'egg-errors';
-import { AbstractChangeStream, RegistryChangesStream } from './AbstractChangesStream';
+import { SingletonProto } from 'egg';
+import { E500 } from 'egg/errors';

-@ContextProto()
+import { RegistryType } from '../../../common/enum/Registry.ts';
+import type { Registry } from '../../../core/entity/Registry.ts';
+import {
+  AbstractChangeStream,
+  RegistryChangesStream,
+} from './AbstractChangesStream.ts';
+
+@SingletonProto()
@RegistryChangesStream(RegistryType.Cnpmcore)
 export class CnpmcoreChangesStream extends AbstractChangeStream {
-
  async getInitialSince(registry: Registry): Promise<string> {
-    const db = (new URL(registry.changeStream)).origin;
-    const { status, data } = await this.httpclient.request(db, {
+    const db = new URL(registry.changeStream).origin;
+    const { status, data } = await this.httpClient.request(db, {
      followRedirect: true,
-      timeout: 10000,
+      timeout: 10_000,
      dataType: 'json',
    });
    if (!data.update_seq) {
      throw new E500(`get getInitialSince failed: ${data.update_seq}`);
    }
    const since = String(data.update_seq - 10);
-    this.logger.warn('[NpmChangesStream.getInitialSince:firstSeq] GET %s status: %s, data: %j, since: %s',
-      registry.name, status, data, since);
+    this.logger.warn(
+      '[NpmChangesStream.getInitialSince:firstSeq] GET %s status: %s, data: %j, since: %s',
+      registry.name,
+      status,
+      data,
+      since
+    );
    return since;
  }

-  async* fetchChanges(registry: Registry, since: string) {
+  async *fetchChanges(registry: Registry, since: string) {
    const db = this.getChangesStreamUrl(registry, since);
    // json mode
-    const { data } = await this.httpclient.request(db, {
+    const { data } = await this.httpClient.request(db, {
      followRedirect: true,
-      timeout: 30000,
+      timeout: 30_000,
      dataType: 'json',
      gzip: true,
    });
--- a/app/common/adapter/changesStream/CnpmjsorgChangesStream.ts
+++ b/app/common/adapter/changesStream/CnpmjsorgChangesStream.ts
@@ -1,48 +1,69 @@
-import { ContextProto } from '@eggjs/tegg';
-import { RegistryType } from '../../../common/enum/Registry';
-import { Registry } from '../../../core/entity/Registry';
-import { E500 } from 'egg-errors';
-import { AbstractChangeStream, RegistryChangesStream } from './AbstractChangesStream';
+import { SingletonProto } from 'egg';
+import { E500 } from 'egg/errors';

-const MAX_LIMIT = 10000;
+import { RegistryType } from '../../../common/enum/Registry.ts';
+import type { Registry } from '../../../core/entity/Registry.ts';
+import {
+  AbstractChangeStream,
+  RegistryChangesStream,
+} from './AbstractChangesStream.ts';

-@ContextProto()
+const MAX_LIMIT = 10_000;
+
+interface FetchResults {
+  results: {
+    seq: number;
+    type: string;
+    id: string;
+    changes: Record<string, string>[];
+    gmt_modified: Date;
+  }[];
+}
+
+@SingletonProto()
@RegistryChangesStream(RegistryType.Cnpmjsorg)
 export class CnpmjsorgChangesStream extends AbstractChangeStream {
-
  // cnpmjsorg 未实现 update_seq 字段
  // 默认返回当前时间戳字符串
  async getInitialSince(registry: Registry): Promise<string> {
-    const since = String((new Date()).getTime());
-    this.logger.warn(`[CnpmjsorgChangesStream.getInitialSince] since: ${since}, skip query ${registry.changeStream}`);
+    const since = String(Date.now());
+    this.logger.warn(
+      `[CnpmjsorgChangesStream.getInitialSince] since: ${since}, skip query ${registry.changeStream}`
+    );
    return since;
  }

-  private async tryFetch(registry: Registry, since: string, limit = 1000) {
+  private async tryFetch(
+    registry: Registry,
+    since: string,
+    limit = 1000
+  ): Promise<{ data: FetchResults }> {
    if (limit > MAX_LIMIT) {
-      throw new E500(`limit too large, current since: ${since}, limit: ${limit}`);
+      throw new E500(
+        `limit too large, current since: ${since}, limit: ${limit}`
+      );
    }
    const db = this.getChangesStreamUrl(registry, since, limit);
    // json mode
-    const res = await this.httpclient.request(db, {
+    const res = await this.httpClient.request<FetchResults>(db, {
      followRedirect: true,
-      timeout: 30000,
+      timeout: 30_000,
      dataType: 'json',
      gzip: true,
    });
    const { results = [] } = res.data;
-    if (results?.length > 1) {
-      const [ first ] = results;
+    if (results?.length >= limit) {
+      const [first] = results;
      const last = results[results.length - 1];
-      if (first.gmt_modified === last.gmt_modified) {
-        return await this.tryFetch(registry, last.seq, limit + 1000);
+      if (first.gmt_modified === last?.gmt_modified) {
+        return await this.tryFetch(registry, since, limit + 1000);
      }
    }

    return res;
  }

-  async* fetchChanges(registry: Registry, since: string) {
+  async *fetchChanges(registry: Registry, since: string) {
    // ref: https://github.com/cnpm/cnpmjs.org/pull/1734
    // 由于 cnpmjsorg 无法计算准确的 seq
    // since 是一个时间戳，需要确保一次返回的结果中首尾两个 gmtModified 不相等
@@ -50,7 +71,7 @@ export class CnpmjsorgChangesStream extends AbstractChangeStream {

    if (data.results?.length > 0) {
      for (const change of data.results) {
-        const seq = new Date(change.gmt_modified).getTime() + '';
+        const seq = `${new Date(change.gmt_modified).getTime()}`;
        const fullname = change.id;
        if (seq && fullname && seq !== since) {
          const change = {
--- a/app/common/adapter/changesStream/NpmChangesStream.ts
+++ b/app/common/adapter/changesStream/NpmChangesStream.ts
@@ -1,55 +1,84 @@
-import { ContextProto } from '@eggjs/tegg';
-import { E500 } from 'egg-errors';
-import { RegistryType } from '../../../common/enum/Registry';
-import { Registry } from '../../../core/entity/Registry';
-import { AbstractChangeStream, ChangesStreamChange, RegistryChangesStream } from './AbstractChangesStream';
+import { SingletonProto } from 'egg';
+import { E500 } from 'egg/errors';

-@ContextProto()
+import { RegistryType } from '../../../common/enum/Registry.ts';
+import type { Registry } from '../../../core/entity/Registry.ts';
+import {
+  AbstractChangeStream,
+  RegistryChangesStream,
+  type ChangesStreamChange,
+} from './AbstractChangesStream.ts';
+
+@SingletonProto()
@RegistryChangesStream(RegistryType.Npm)
 export class NpmChangesStream extends AbstractChangeStream {
-
  async getInitialSince(registry: Registry): Promise<string> {
-    const db = (new URL(registry.changeStream)).origin;
-    const { status, data } = await this.httpclient.request(db, {
+    const db = new URL(registry.changeStream).origin;
+    const { status, data } = await this.httpClient.request(db, {
      followRedirect: true,
-      timeout: 10000,
+      timeout: 10_000,
      dataType: 'json',
+      headers: {
+        'npm-replication-opt-in': 'true',
+      },
    });
    const since = String(data.update_seq - 10);
    if (!data.update_seq) {
      throw new E500(`get getInitialSince failed: ${data.update_seq}`);
    }
-    this.logger.warn('[NpmChangesStream.getInitialSince] GET %s status: %s, data: %j, since: %s',
-      registry.name, registry.changeStream, status, data, since);
+    this.logger.warn(
+      '[NpmChangesStream.getInitialSince] GET %s status: %s, data: %j, since: %s',
+      registry.name,
+      registry.changeStream,
+      status,
+      data,
+      since
+    );
    return since;
  }

-  async* fetchChanges(registry: Registry, since: string) {
+  async *fetchChanges(
+    registry: Registry,
+    since: string
+  ): AsyncGenerator<ChangesStreamChange> {
+    // https://github.com/orgs/community/discussions/152515
    const db = this.getChangesStreamUrl(registry, since);
-    const { res } = await this.httpclient.request(db, {
-      streaming: true,
-      timeout: 10000,
+    const { data, headers } = await this.httpClient.request(db, {
+      timeout: 60_000,
+      headers: {
+        'npm-replication-opt-in': 'true',
+      },
+      dataType: 'json',
+      gzip: true,
    });
+    const count = data.results?.length;
+    const last_seq = data.last_seq;
+    this.logger.info(
+      '[NpmChangesStream.fetchChanges] %s, count: %s, last_seq: %s, headers: %j',
+      db,
+      count,
+      last_seq,
+      headers
+    );

-    let buf = '';
-    for await (const chunk of res) {
-      const text = chunk.toString();
-      const lines = text.split('\n');
-
-      for (const line of lines) {
-        const content = buf + line;
-        const match = /"seq":(\d+),"id":"([^"]+)"/g.exec(content);
-        const seq = match?.[1];
-        const fullname = match?.[2];
-        if (seq && fullname) {
-          buf = '';
-          const change: ChangesStreamChange = { fullname, seq };
+    if (data.results?.length > 0) {
+      for (const change of data.results) {
+        // {
+        //   seq: 2495018,
+        //   id: 'ng-create-all-project',
+        //   changes: [ { rev: '3-be3a014aab8e379ba28a28adb8e10142' }, [length]: 1 ],
+        //   deleted: true
+        // },
+        const seq = String(change.seq);
+        const fullname = change.id;
+        if (seq && fullname && seq !== since) {
+          const change = {
+            fullname,
+            seq,
+          };
          yield change;
-        } else {
-          buf += line;
        }
      }
    }
  }
-
 }
--- a/app/common/aop/AsyncTimer.ts
+++ b/app/common/aop/AsyncTimer.ts
@@ -1,27 +1,34 @@
-import { performance } from 'perf_hooks';
-import { Advice, AdviceContext, IAdvice } from '@eggjs/tegg/aop';
-import { Inject } from '@eggjs/tegg';
-import { EggLogger } from 'egg';
+import { performance } from 'node:perf_hooks';
+
+import { Advice, type AdviceContext, type IAdvice } from 'egg/aop';
+import { Inject, Logger } from 'egg';
+
+const START = Symbol('AsyncTimer#start');
+const SUCCEED = Symbol('AsyncTimer#succeed');

 // auto print async function call performance timer log into logger
@Advice()
 export class AsyncTimer implements IAdvice {
  @Inject()
-  private readonly logger: EggLogger;
-  private start: number;
-  private succeed = true;
+  private readonly logger: Logger;

-  async beforeCall() {
-    this.start = performance.now();
+  async beforeCall(ctx: AdviceContext) {
+    ctx.set(START, performance.now());
+    ctx.set(SUCCEED, true);
  }

-  async afterThrow() {
-    this.succeed = false;
+  async afterThrow(ctx: AdviceContext) {
+    ctx.set(SUCCEED, false);
  }

  async afterFinally(ctx: AdviceContext) {
-    const ms = Math.floor((performance.now() - this.start) * 1000) / 1000;
-    this.logger.info('[%s] [%s:%s|%s]',
-      ms, ctx.that.constructor.name, ctx.method, this.succeed ? 'T' : 'F');
+    const ms = Math.floor((performance.now() - ctx.get(START)) * 1000) / 1000;
+    this.logger.info(
+      '[%s] [%s:%s|%s]',
+      ms,
+      ctx.that.constructor.name,
+      ctx.method,
+      ctx.get(SUCCEED) ? 'T' : 'F'
+    );
  }
 }
--- a/app/common/constants.ts
+++ b/app/common/constants.ts
@@ -1,2 +1,33 @@
 export const BUG_VERSIONS = 'bug-versions';
 export const LATEST_TAG = 'latest';
+export const GLOBAL_WORKER = 'GLOBAL_WORKER';
+export const PROXY_CACHE_DIR_NAME = 'proxy-cache-packages';
+export const ABBREVIATED_META_TYPE = 'application/vnd.npm.install-v1+json';
+export const NOT_IMPLEMENTED_PATH = [ '/-/npm/v1/security/audits/quick', '/-/npm/v1/security/advisories/bulk' ];
+
+export enum SyncMode {
+  none = 'none',
+  admin = 'admin',
+  proxy = 'proxy',
+  exist = 'exist',
+  all = 'all',
+}
+export enum ChangesStreamMode {
+  json = 'json',
+  streaming = 'streaming',
+}
+export enum SyncDeleteMode {
+  ignore = 'ignore',
+  block = 'block',
+  delete = 'delete',
+}
+
+export enum PresetRegistryName {
+  default = 'default',
+  self = 'self',
+}
+
+export enum PackageAccessLevel {
+  write = 'write',
+  read = 'read',
+}
--- a/app/common/dayjs.ts
+++ b/app/common/dayjs.ts
@@ -1,5 +1,5 @@
 import dayjs from 'dayjs';
-import customParseFormat from 'dayjs/plugin/customParseFormat';
+import customParseFormat from 'dayjs/plugin/customParseFormat.js';
 dayjs.extend(customParseFormat);

 export default dayjs;
--- a/app/common/enum/Binary.ts
+++ b/app/common/enum/Binary.ts
@@ -0,0 +1,18 @@
+export enum BinaryType {
+  Api = 'api',
+  Bucket = 'bucket',
+  Cypress = 'cypress',
+  Electron = 'electron',
+  Firefox = 'firefox',
+  GitHub = 'github',
+  Imagemin = 'imagemin',
+  Node = 'node',
+  NodePreGyp = 'nodePreGyp',
+  Nwjs = 'nwjs',
+  Playwright = 'playwright',
+  Puppeteer = 'puppeteer',
+  Prisma = 'prisma',
+  Sqlcipher = 'sqlcipher',
+  ChromeForTesting = 'chromeForTesting',
+  Edgedriver = 'edgedriver',
+}
--- a/app/common/enum/Task.ts
+++ b/app/common/enum/Task.ts
@@ -2,6 +2,7 @@ export enum TaskType {
  SyncPackage = 'sync_package',
  ChangesStream = 'changes_stream',
  SyncBinary = 'sync_binary',
+  UpdateProxyCache = 'update_proxy_cache',
  CreateHook = 'create_hook',
  TriggerHook = 'trigger_hook',
 }
--- a/app/common/enum/Total.ts
+++ b/app/common/enum/Total.ts
@@ -0,0 +1,4 @@
+export enum TotalType {
+  PackageCount = 'packageCount',
+  PackageVersionCount = 'packageVersionCount',
+}
--- a/app/common/enum/User.ts
+++ b/app/common/enum/User.ts
@@ -1,5 +1,11 @@
 export enum LoginResultCode {
-  UserNotFound,
-  Success,
-  Fail,
+  UserNotFound = 0,
+  Success = 1,
+  Fail = 2,
+}
+
+export enum WanStatusCode {
+  UserNotFound = 0,
+  Unbound = 1,
+  Bound = 2,
 }
--- a/app/common/package.json
+++ b/app/common/package.json
@@ -2,5 +2,6 @@
  "name": "cnpmcore-common",
  "eggModule": {
    "name": "cnpmcoreCommon"
-  }
+  },
+  "type": "module"
 }
--- a/app/common/typing.ts
+++ b/app/common/typing.ts
@@ -1,5 +1,9 @@
-import { Readable } from 'stream';
-import { IncomingHttpHeaders } from 'http';
+import type { Readable } from 'node:stream';
+import type { IncomingHttpHeaders } from 'node:http';
+
+import type { Context } from 'egg';
+import type { estypes } from '@elastic/elasticsearch';
+import type { CnpmcoreConfig } from '../port/config.ts';

 export interface UploadResult {
  key: string;
@@ -16,8 +20,12 @@ export interface UploadOptions {

 export interface AppendOptions {
  key: string;
-  position?: string,
-  headers?: IncomingHttpHeaders,
+  position?: string;
+  headers?: IncomingHttpHeaders;
+}
+
+export interface DownloadOptions {
+  timeout: number;
 }

 export interface NFSClient {
@@ -33,6 +41,12 @@ export interface NFSClient {

  createDownloadStream(key: string): Promise<Readable | undefined>;

+  download(
+    key: string,
+    filepath: string,
+    options: DownloadOptions
+  ): Promise<void>;
+
  url?(key: string): string;
 }

@@ -41,3 +55,30 @@ export interface QueueAdapter {
  pop<T>(key: string): Promise<T | null>;
  length(key: string): Promise<number>;
 }
+
+export interface SearchAdapter {
+  // oxlint-disable-next-line typescript-eslint/no-explicit-any
+  search<T>(query: any): Promise<estypes.SearchHitsMetadata<T>>;
+  upsert<T>(id: string, document: T): Promise<string>;
+  delete(id: string): Promise<string>;
+}
+
+export interface AuthUrlResult {
+  loginUrl: string;
+  doneUrl: string;
+}
+
+export interface userResult {
+  name: string;
+  email: string;
+}
+export interface AuthClient {
+  getAuthUrl(ctx: Context): Promise<AuthUrlResult>;
+  ensureCurrentUser(): Promise<userResult | null>;
+}
+
+declare module 'egg' {
+  interface EggAppConfig {
+    cnpmcore: CnpmcoreConfig;
+  }
+}
--- a/app/core/entity/Binary.ts
+++ b/app/core/entity/Binary.ts
@@ -1,5 +1,5 @@
-import { Entity, EntityData } from './Entity';
-import { EasyData, EntityUtil } from '../util/EntityUtil';
+import { Entity, type EntityData } from './Entity.ts';
+import { EntityUtil, type EasyData } from '../util/EntityUtil.ts';

 interface BinaryData extends EntityData {
  binaryId: string;
@@ -21,7 +21,7 @@ export class Binary extends Entity {
  isDir: boolean;
  size: number;
  date: string;
-  sourceUrl?: string;
+  sourceUrl: string;
  ignoreDownloadStatuses?: number[];

  constructor(data: BinaryData) {
--- a/app/core/entity/BugVersion.ts
+++ b/app/core/entity/BugVersion.ts
@@ -8,15 +8,15 @@ export type BugVersionPackages = Record<string, BugVersionPackage>;
 export class BugVersion {
  private readonly data: BugVersionPackages;

-  constructor(data) {
+  constructor(data: BugVersionPackages) {
    this.data = data;
  }

-  listAllPackagesHasBugs(): Array<string> {
+  listAllPackagesHasBugs(): string[] {
    return Object.keys(this.data);
  }

-  listBugVersions(pkgName: string): Array<string> {
+  listBugVersions(pkgName: string): string[] {
    const bugVersionPackage = this.data[pkgName];
    if (!bugVersionPackage) {
      return [];
@@ -31,18 +31,24 @@ export class BugVersion {
  }

  // TODO manifest typing
+  // oxlint-disable-next-line typescript-eslint/no-explicit-any
  fixManifest(bugVersionManifest: any, fixVersionManifest: any): any {
    // If the tarball is same, manifest has fixed.
    if (bugVersionManifest.dist.tarball === fixVersionManifest.dist.tarball) {
      return;
    }
-    const advice = this.fixVersion(bugVersionManifest.name, bugVersionManifest.version);
+    const advice = this.fixVersion(
+      bugVersionManifest.name,
+      bugVersionManifest.version
+    );
    if (!advice) {
      return;
    }
-    const newManifest = JSON.parse(JSON.stringify(fixVersionManifest));
+    const newManifest = structuredClone(fixVersionManifest);
    const hotfixDeprecated = `[WARNING] Use ${advice.version} instead of ${bugVersionManifest.version}, reason: ${advice.reason}`;
-    newManifest.deprecated = bugVersionManifest.deprecated ? `${bugVersionManifest.deprecated} (${hotfixDeprecated})` : hotfixDeprecated;
+    newManifest.deprecated = bugVersionManifest.deprecated
+      ? `${bugVersionManifest.deprecated} (${hotfixDeprecated})`
+      : hotfixDeprecated;
    // don't change version
    newManifest.version = bugVersionManifest.version;
    return newManifest;
--- a/app/core/entity/Change.ts
+++ b/app/core/entity/Change.ts
@@ -1,10 +1,11 @@
-import { Entity, EntityData } from './Entity';
-import { EasyData, EntityUtil } from '../util/EntityUtil';
+import { Entity, type EntityData } from './Entity.ts';
+import { EntityUtil, type EasyData } from '../util/EntityUtil.ts';

 interface ChangeData extends EntityData {
  changeId: string;
  type: string;
  targetName: string;
+  // oxlint-disable-next-line typescript-eslint/no-explicit-any
  data: any;
 }

@@ -12,6 +13,7 @@ export class Change extends Entity {
  changeId: string;
  type: string;
  targetName: string;
+  // oxlint-disable-next-line typescript-eslint/no-explicit-any
  data: any;

  constructor(data: ChangeData) {
--- a/app/core/entity/Dist.ts
+++ b/app/core/entity/Dist.ts
@@ -1,5 +1,5 @@
-import { Entity, EntityData } from './Entity';
-import { EasyData, EntityUtil } from '../util/EntityUtil';
+import { Entity, type EntityData } from './Entity.ts';
+import { EntityUtil, type EasyData } from '../util/EntityUtil.ts';

 interface DistData extends EntityData {
  distId: string;
--- a/app/core/entity/Hook.ts
+++ b/app/core/entity/Hook.ts
@@ -1,9 +1,13 @@
-import { Entity, EntityData } from './Entity';
-import { EasyData, EntityUtil } from '../util/EntityUtil';
-import { HookType } from '../../common/enum/Hook';
-import crypto from 'crypto';
+import crypto from 'node:crypto';

-export type CreateHookData = Omit<EasyData<HookData, 'hookId'>, 'enable' | 'latestTaskId'>;
+import { Entity, type EntityData } from './Entity.ts';
+import { EntityUtil, type EasyData } from '../util/EntityUtil.ts';
+import type { HookType } from '../../common/enum/Hook.ts';
+
+export type CreateHookData = Omit<
+  EasyData<HookData, 'hookId'>,
+  'enable' | 'latestTaskId'
+>;

 export interface HookData extends EntityData {
  hookId: string;
@@ -39,18 +43,20 @@ export class Hook extends Entity {
  }

  static create(data: CreateHookData): Hook {
-    const hookData: EasyData<HookData, 'hookId'> = Object.assign({}, data, {
+    const hookData: EasyData<HookData, 'hookId'> = {
+      ...data,
      enable: true,
      latestTaskId: undefined,
-    });
+    };
    const newData = EntityUtil.defaultData(hookData, 'hookId');
    return new Hook(newData);
  }

  // payload 可能会特别大，如果做多次 stringify 浪费太多 cpu
-  signPayload(payload: object): { digest, payloadStr } {
+  signPayload(payload: object) {
    const payloadStr = JSON.stringify(payload);
-    const digest = crypto.createHmac('sha256', this.secret)
+    const digest = crypto
+      .createHmac('sha256', this.secret)
      .update(JSON.stringify(payload))
      .digest('hex');
    return {
--- a/app/core/entity/HookEvent.ts
+++ b/app/core/entity/HookEvent.ts
@@ -1,4 +1,4 @@
-import { HookEventType } from '../../common/enum/Hook';
+import { HookEventType } from '../../common/enum/Hook.ts';

 export interface PublishChangePayload {
  'dist-tag'?: string;
--- a/app/core/entity/Package.ts
+++ b/app/core/entity/Package.ts
@@ -1,7 +1,7 @@
-import { Entity, EntityData } from './Entity';
-import { EasyData, EntityUtil } from '../util/EntityUtil';
-import { Dist } from './Dist';
-import { getFullname } from '../../common/PackageUtil';
+import { Entity, type EntityData } from './Entity.ts';
+import { EntityUtil, type EasyData } from '../util/EntityUtil.ts';
+import { Dist } from './Dist.ts';
+import { getFullname } from '../../common/PackageUtil.ts';

 interface PackageData extends EntityData {
  scope: string;
@@ -22,6 +22,13 @@ export enum DIST_NAMES {
  ABBREVIATED_MANIFESTS = 'abbreviated_manifests.json',
 }

+export function isPkgManifest(fileType: DIST_NAMES) {
+  return (
+    fileType === DIST_NAMES.FULL_MANIFESTS ||
+    fileType === DIST_NAMES.ABBREVIATED_MANIFESTS
+  );
+}
+
 interface FileInfo {
  size: number;
  shasum: string;
@@ -84,6 +91,11 @@ export class Package extends Entity {
    return this.createDist(DIST_NAMES.ABBREVIATED_MANIFESTS, info);
  }

+  createPackageVersionFile(path: string, version: string, info: FileInfo) {
+    // path should starts with `/`, e.g.: '/foo/bar/index.js'
+    return this.createDist(`files${path}`, info, version);
+  }
+
  private distDir(filename: string, version?: string) {
    if (version) {
      return `/packages/${this.fullname}/${version}/${filename}`;
--- a/app/core/entity/PackageTag.ts
+++ b/app/core/entity/PackageTag.ts
@@ -1,5 +1,5 @@
-import { Entity, EntityData } from './Entity';
-import { EasyData, EntityUtil } from '../util/EntityUtil';
+import { Entity, type EntityData } from './Entity.ts';
+import { EntityUtil, type EasyData } from '../util/EntityUtil.ts';

 interface PackageTagData extends EntityData {
  packageId: string;
--- a/app/core/entity/PackageVersion.ts
+++ b/app/core/entity/PackageVersion.ts
@@ -1,6 +1,7 @@
-import { Dist } from './Dist';
-import { Entity, EntityData } from './Entity';
-import { EasyData, EntityUtil } from '../util/EntityUtil';
+import type { Dist } from './Dist.ts';
+import { Entity, type EntityData } from './Entity.ts';
+import { EntityUtil, type EasyData } from '../util/EntityUtil.ts';
+import { PaddingSemVer } from './PaddingSemVer.ts';

 interface PackageVersionData extends EntityData {
  packageId: string;
@@ -11,6 +12,8 @@ interface PackageVersionData extends EntityData {
  tarDist: Dist;
  readmeDist: Dist;
  publishTime: Date;
+  paddingVersion?: string | null;
+  isPreRelease?: boolean | null;
 }

 export class PackageVersion extends Entity {
@@ -22,6 +25,8 @@ export class PackageVersion extends Entity {
  tarDist: Dist;
  readmeDist: Dist;
  publishTime: Date;
+  paddingVersion: string;
+  isPreRelease: boolean;

  constructor(data: PackageVersionData) {
    super(data);
@@ -33,9 +38,19 @@ export class PackageVersion extends Entity {
    this.tarDist = data.tarDist;
    this.readmeDist = data.readmeDist;
    this.publishTime = data.publishTime;
+    if (data.paddingVersion && typeof data.isPreRelease === 'boolean') {
+      this.paddingVersion = data.paddingVersion;
+      this.isPreRelease = data.isPreRelease;
+    } else {
+      const paddingSemVer = new PaddingSemVer(this.version);
+      this.paddingVersion = paddingSemVer.paddingVersion;
+      this.isPreRelease = paddingSemVer.isPreRelease;
+    }
  }

-  static create(data: EasyData<PackageVersionData, 'packageVersionId'>): PackageVersion {
+  static create(
+    data: EasyData<PackageVersionData, 'packageVersionId'>
+  ): PackageVersion {
    const newData = EntityUtil.defaultData(data, 'packageVersionId');
    return new PackageVersion(newData);
  }
--- a/app/core/entity/PackageVersionBlock.ts
+++ b/app/core/entity/PackageVersionBlock.ts
@@ -1,5 +1,5 @@
-import { Entity, EntityData } from './Entity';
-import { EasyData, EntityUtil } from '../util/EntityUtil';
+import { Entity, type EntityData } from './Entity.ts';
+import { EntityUtil, type EasyData } from '../util/EntityUtil.ts';

 interface PackageVersionBlockData extends EntityData {
  packageVersionBlockId: string;
@@ -22,7 +22,9 @@ export class PackageVersionBlock extends Entity {
    this.reason = data.reason;
  }

-  static create(data: EasyData<PackageVersionBlockData, 'packageVersionBlockId'>): PackageVersionBlock {
+  static create(
+    data: EasyData<PackageVersionBlockData, 'packageVersionBlockId'>
+  ): PackageVersionBlock {
    const newData = EntityUtil.defaultData(data, 'packageVersionBlockId');
    return new PackageVersionBlock(newData);
  }
--- a/app/core/entity/PackageVersionFile.ts
+++ b/app/core/entity/PackageVersionFile.ts
@@ -0,0 +1,47 @@
+import { Entity, type EntityData } from './Entity.ts';
+import { EntityUtil, type EasyData } from '../util/EntityUtil.ts';
+import type { Dist } from './Dist.ts';
+
+interface PackageVersionFileData extends EntityData {
+  packageVersionFileId: string;
+  packageVersionId: string;
+  dist: Dist;
+  directory: string;
+  name: string;
+  contentType: string;
+  mtime: Date;
+}
+
+export class PackageVersionFile extends Entity {
+  packageVersionFileId: string;
+  packageVersionId: string;
+  dist: Dist;
+  directory: string;
+  name: string;
+  contentType: string;
+  mtime: Date;
+
+  constructor(data: PackageVersionFileData) {
+    super(data);
+    this.packageVersionFileId = data.packageVersionFileId;
+    this.packageVersionId = data.packageVersionId;
+    this.dist = data.dist;
+    this.directory = data.directory;
+    this.name = data.name;
+    this.contentType = data.contentType;
+    this.mtime = data.mtime;
+  }
+
+  get path() {
+    return this.directory === '/'
+      ? `/${this.name}`
+      : `${this.directory}/${this.name}`;
+  }
+
+  static create(
+    data: EasyData<PackageVersionFileData, 'packageVersionFileId'>
+  ): PackageVersionFile {
+    const newData = EntityUtil.defaultData(data, 'packageVersionFileId');
+    return new PackageVersionFile(newData);
+  }
+}
--- a/app/core/entity/PackageVersionManifest.ts
+++ b/app/core/entity/PackageVersionManifest.ts
@@ -1,10 +1,11 @@
-import { Entity, EntityData } from './Entity';
-import { EasyData, EntityUtil } from '../util/EntityUtil';
+import { Entity, type EntityData } from './Entity.ts';
+import { EntityUtil, type EasyData } from '../util/EntityUtil.ts';

 interface PackageVersionManifestData extends EntityData {
  packageId: string;
  packageVersionId: string;
  packageVersionManifestId: string;
+  // oxlint-disable-next-line typescript-eslint/no-explicit-any
  manifest: any;
 }

@@ -12,6 +13,7 @@ export class PackageVersionManifest extends Entity {
  packageId: string;
  packageVersionId: string;
  packageVersionManifestId: string;
+  // oxlint-disable-next-line typescript-eslint/no-explicit-any
  manifest: any;

  constructor(data: PackageVersionManifestData) {
@@ -22,7 +24,9 @@ export class PackageVersionManifest extends Entity {
    this.manifest = data.manifest;
  }

-  static create(data: EasyData<PackageVersionManifestData, 'packageVersionManifestId'>): PackageVersionManifest {
+  static create(
+    data: EasyData<PackageVersionManifestData, 'packageVersionManifestId'>
+  ): PackageVersionManifest {
    const newData = EntityUtil.defaultData(data, 'packageVersionManifestId');
    return new PackageVersionManifest(newData);
  }
--- a/app/core/entity/PaddingSemVer.ts
+++ b/app/core/entity/PaddingSemVer.ts
@@ -0,0 +1,53 @@
+import { SemVer, valid } from 'semver';
+
+export class PaddingSemVer {
+  private readonly semver: SemVer;
+  // 跳过 semver 中的 buildInfo, buildInfo 不参与版本比较
+  private _paddingVersion: string;
+  readonly isPreRelease: boolean;
+
+  constructor(semver: string | SemVer) {
+    // ignore invalid version, e.g.: '1000000000000000000.0.0' on https://registry.npmjs.com/latentflip-test
+    if (!valid(semver)) {
+      this.isPreRelease = true;
+      this._paddingVersion = PaddingSemVer.anyVersion();
+      return;
+    }
+    this.semver = new SemVer(semver);
+    // @ts-expect-error type definition is not correct
+    if (this.semver.includePrerelease) {
+      this.isPreRelease = true;
+    } else if (this.semver.prerelease && this.semver.prerelease.length > 0) {
+      this.isPreRelease = true;
+    } else {
+      this.isPreRelease = false;
+    }
+  }
+
+  get paddingVersion(): string {
+    if (!this._paddingVersion) {
+      this._paddingVersion =
+        PaddingSemVer.paddingVersion(this.semver.major) +
+        PaddingSemVer.paddingVersion(this.semver.minor) +
+        PaddingSemVer.paddingVersion(this.semver.patch);
+    }
+    return this._paddingVersion;
+  }
+
+  // 版本信息中为纯数字, JS 中支持的最大整型为 16 位
+  // 因此填充成 16 位对齐，如果版本号超过 16 位，则抛出异常
+  static paddingVersion(v: number) {
+    const t = String(v);
+    if (t.length <= 16) {
+      const padding = Array.from({ length: 16 - t.length })
+        .fill(0)
+        .join('');
+      return padding + t;
+    }
+    throw new Error(`v ${v} too long`);
+  }
+
+  static anyVersion() {
+    return '000000000000000000000000000000000000000000000000';
+  }
+}
--- a/app/core/entity/ProxyCache.ts
+++ b/app/core/entity/ProxyCache.ts
@@ -0,0 +1,43 @@
+import { Entity, type EntityData } from './Entity.ts';
+import { isPkgManifest, type DIST_NAMES } from './Package.ts';
+import type { EasyData } from '../util/EntityUtil.ts';
+import { PROXY_CACHE_DIR_NAME } from '../../common/constants.ts';
+interface ProxyCacheData extends EntityData {
+  fullname: string;
+  fileType: DIST_NAMES;
+  version?: string;
+}
+
+export type CreateProxyCacheData = Omit<
+  EasyData<ProxyCacheData, 'id'>,
+  'id' | 'filePath'
+>;
+
+export class ProxyCache extends Entity {
+  readonly fullname: string;
+  readonly fileType: DIST_NAMES;
+  readonly filePath: string;
+  readonly version?: string;
+
+  constructor(data: ProxyCacheData) {
+    super(data);
+    this.fullname = data.fullname;
+    this.fileType = data.fileType;
+    this.version = data.version;
+    if (isPkgManifest(data.fileType)) {
+      this.filePath = `/${PROXY_CACHE_DIR_NAME}/${data.fullname}/${data.fileType}`;
+    } else {
+      this.filePath = `/${PROXY_CACHE_DIR_NAME}/${data.fullname}/${data.version}/${data.fileType}`;
+    }
+  }
+
+  public static create(data: CreateProxyCacheData): ProxyCache {
+    const newData = { ...data, createdAt: new Date(), updatedAt: new Date() };
+    return new ProxyCache(newData);
+  }
+
+  public static update(data: ProxyCache): ProxyCache {
+    data.updatedAt = new Date();
+    return data;
+  }
+}
--- a/app/core/entity/Registry.ts
+++ b/app/core/entity/Registry.ts
@@ -1,6 +1,6 @@
-import { Entity, EntityData } from './Entity';
-import { EasyData, EntityUtil } from '../util/EntityUtil';
-import type { RegistryType } from '../../common/enum/Registry';
+import { Entity, type EntityData } from './Entity.ts';
+import { EntityUtil, type EasyData } from '../util/EntityUtil.ts';
+import type { RegistryType } from '../../common/enum/Registry.ts';

 interface RegistryData extends EntityData {
  name: string;
@@ -9,9 +9,13 @@ interface RegistryData extends EntityData {
  changeStream: string;
  userPrefix: string;
  type: RegistryType;
+  authToken?: string;
 }

-export type CreateRegistryData = Omit<EasyData<RegistryData, 'registryId'>, 'id'>;
+export type CreateRegistryData = Omit<
+  EasyData<RegistryData, 'registryId'>,
+  'id'
+>;

 export class Registry extends Entity {
  name: string;
@@ -20,6 +24,7 @@ export class Registry extends Entity {
  changeStream: string;
  userPrefix: string;
  type: RegistryType;
+  authToken?: string;

  constructor(data: RegistryData) {
    super(data);
@@ -29,10 +34,14 @@ export class Registry extends Entity {
    this.changeStream = data.changeStream;
    this.userPrefix = data.userPrefix;
    this.type = data.type;
+    this.authToken = data.authToken;
  }

  public static create(data: CreateRegistryData): Registry {
-    const newData = EntityUtil.defaultData(data, 'registryId');
+    const newData = EntityUtil.defaultData<RegistryData, 'registryId'>(
+      data,
+      'registryId'
+    );
    return new Registry(newData);
  }
 }
--- a/app/core/entity/Scope.ts
+++ b/app/core/entity/Scope.ts
@@ -1,5 +1,5 @@
-import { Entity, EntityData } from './Entity';
-import { EasyData, EntityUtil } from '../util/EntityUtil';
+import { Entity, type EntityData } from './Entity.ts';
+import { EntityUtil, type EasyData } from '../util/EntityUtil.ts';

 interface ScopeData extends EntityData {
  name: string;
--- a/app/core/entity/SqlRange.ts
+++ b/app/core/entity/SqlRange.ts
@@ -0,0 +1,84 @@
+import { Comparator, Range } from 'semver';
+import { PaddingSemVer } from './PaddingSemVer.ts';
+
+const OPERATOR_MAP = {
+  '<': '$lt',
+  '<=': '$lte',
+  '>': '$gt',
+  '>=': '$gte',
+  '': '$eq',
+};
+
+export class SqlRange {
+  private readonly range: Range;
+  private _containPreRelease: boolean;
+  readonly condition: object;
+
+  constructor(range: string | Range) {
+    this.range = new Range(range);
+    this._containPreRelease = false;
+    this.condition = this.generateWhere();
+  }
+
+  private comparatorToSql(comparator: Comparator) {
+    // @ts-expect-error type definition is not correct
+    if (comparator.semver === Comparator.ANY) {
+      return {
+        $and: [
+          {
+            isPreRelease: {
+              $lte: 0,
+            },
+          },
+          {
+            paddingVersion: {
+              $gte: PaddingSemVer.anyVersion(),
+            },
+          },
+        ],
+      };
+    }
+    const paddingSemver = new PaddingSemVer(comparator.semver);
+    const operator =
+      OPERATOR_MAP[comparator.operator as keyof typeof OPERATOR_MAP];
+    if (!operator) {
+      throw new Error(`unknown operator ${comparator.operator}`);
+    }
+    this._containPreRelease =
+      this._containPreRelease || paddingSemver.isPreRelease;
+    return {
+      $and: [
+        {
+          isPreRelease: {
+            $lte: paddingSemver.isPreRelease ? 1 : 0,
+          },
+        },
+        {
+          paddingVersion: {
+            [operator]: paddingSemver.paddingVersion,
+          },
+        },
+      ],
+    };
+  }
+
+  private comparatorSetToSql(comparatorSet: Comparator[]) {
+    const condition: object[] = [];
+    for (const comparator of comparatorSet) {
+      condition.push(this.comparatorToSql(comparator));
+    }
+    return { $and: condition };
+  }
+
+  private generateWhere() {
+    const conditions: object[] = [];
+    for (const rangeSet of this.range.set) {
+      conditions.push(this.comparatorSetToSql(rangeSet as Comparator[]));
+    }
+    return { $or: conditions };
+  }
+
+  get containPreRelease(): boolean {
+    return this._containPreRelease;
+  }
+}
--- a/app/core/entity/Task.ts
+++ b/app/core/entity/Task.ts
@@ -1,16 +1,22 @@
-import os from 'os';
-import path from 'path';
-import { Entity, EntityData } from './Entity';
-import { EasyData, EntityUtil } from '../util/EntityUtil';
-import { TaskType, TaskState } from '../../common/enum/Task';
-import dayjs from '../../common/dayjs';
-import { HookEvent } from './HookEvent';
+import os from 'node:os';
+import path from 'node:path';
+
+import { InternalServerError } from 'egg/errors';
+
+import { Entity, type EntityData } from './Entity.ts';
+import { EntityUtil, type EasyData } from '../util/EntityUtil.ts';
+import { TaskState, TaskType } from '../../common/enum/Task.ts';
+import { PROXY_CACHE_DIR_NAME } from '../../common/constants.ts';
+import dayjs from '../../common/dayjs.ts';
+import type { HookEvent } from './HookEvent.ts';
+import { isPkgManifest, type DIST_NAMES } from './Package.ts';

 export const HOST_NAME = os.hostname();
 export const PID = process.pid;

 export interface TaskBaseData {
  taskWorker: string;
+  shouldNotMerge?: boolean;
 }

 export interface TaskData<T = TaskBaseData> extends EntityData {
@@ -28,7 +34,7 @@ export interface TaskData<T = TaskBaseData> extends EntityData {
  bizId?: string;
 }

-export type SyncPackageTaskOptions = {
+export interface SyncPackageTaskOptions {
  authorId?: string;
  authorIp?: string;
  tips?: string;
@@ -37,7 +43,14 @@ export type SyncPackageTaskOptions = {
  // force sync history version
  forceSyncHistory?: boolean;
  registryId?: string;
-};
+  specificVersions?: string[];
+}
+
+export interface UpdateProxyCacheTaskOptions {
+  fullname: string;
+  version?: string;
+  fileType: DIST_NAMES;
+}

 export interface CreateHookTaskData extends TaskBaseData {
  hookEvent: HookEvent;
@@ -54,20 +67,37 @@ export interface CreateSyncPackageTaskData extends TaskBaseData {
  skipDependencies?: boolean;
  syncDownloadData?: boolean;
  forceSyncHistory?: boolean;
+  specificVersions?: string[];
 }

+export interface CreateUpdateProxyCacheTaskData extends TaskBaseData {
+  fullname: string;
+  version?: string;
+  fileType: DIST_NAMES;
+  filePath: string;
+}
+
+export type SyncBinaryTaskData = Record<string, unknown> & TaskBaseData;
+
 export interface ChangesStreamTaskData extends TaskBaseData {
  since: string;
-  last_package?: string,
-  last_package_created?: Date,
-  task_count?: number,
-  registryId?: string,
+  last_package?: string;
+  last_package_created?: Date;
+  task_count?: number;
+  registryId?: string;
+}
+
+export interface TaskUpdateCondition {
+  taskId: string;
+  attempts: number;
 }

 export type CreateHookTask = Task<CreateHookTaskData>;
 export type TriggerHookTask = Task<TriggerHookTaskData>;
 export type CreateSyncPackageTask = Task<CreateSyncPackageTaskData>;
 export type ChangesStreamTask = Task<ChangesStreamTaskData>;
+export type CreateUpdateProxyCacheTask = Task<CreateUpdateProxyCacheTaskData>;
+export type SyncBinaryTask = Task<SyncBinaryTaskData>;

 export class Task<T extends TaskBaseData = TaskBaseData> extends Entity {
  taskId: string;
@@ -109,12 +139,17 @@ export class Task<T extends TaskBaseData = TaskBaseData> extends Entity {
    this.data.taskWorker = `${HOST_NAME}:${PID}`;
  }

-  private static create<T extends TaskBaseData>(data: EasyData<TaskData<T>, 'taskId'>): Task<T> {
+  private static create<T extends TaskBaseData>(
+    data: EasyData<TaskData<T>, 'taskId'>
+  ): Task<T> {
    const newData = EntityUtil.defaultData(data, 'taskId');
    return new Task(newData);
  }

-  public static createSyncPackage(fullname: string, options?: SyncPackageTaskOptions): CreateSyncPackageTask {
+  public static createSyncPackage(
+    fullname: string,
+    options?: SyncPackageTaskOptions
+  ): CreateSyncPackageTask {
    const data = {
      type: TaskType.SyncPackage,
      state: TaskState.Waiting,
@@ -129,6 +164,7 @@ export class Task<T extends TaskBaseData = TaskBaseData> extends Entity {
        skipDependencies: options?.skipDependencies,
        syncDownloadData: options?.syncDownloadData,
        forceSyncHistory: options?.forceSyncHistory,
+        specificVersions: options?.specificVersions,
      },
    };
    const task = this.create(data);
@@ -136,7 +172,11 @@ export class Task<T extends TaskBaseData = TaskBaseData> extends Entity {
    return task;
  }

-  public static createChangesStream(targetName: string, registryId = '', since = ''): ChangesStreamTask {
+  public static createChangesStream(
+    targetName: string,
+    registryId = '',
+    since = ''
+  ): ChangesStreamTask {
    const data = {
      type: TaskType.ChangesStream,
      state: TaskState.Waiting,
@@ -184,7 +224,10 @@ export class Task<T extends TaskBaseData = TaskBaseData> extends Entity {
    return task;
  }

-  public static createTriggerHookTask(hookEvent: HookEvent, hookId: string): TriggerHookTask {
+  public static createTriggerHookTask(
+    hookEvent: HookEvent,
+    hookId: string
+  ): TriggerHookTask {
    const data = {
      type: TaskType.TriggerHook,
      state: TaskState.Waiting,
@@ -204,13 +247,17 @@ export class Task<T extends TaskBaseData = TaskBaseData> extends Entity {
    return task;
  }

-  public static createSyncBinary(targetName: string, lastData: any): Task {
+  public static createSyncBinary(
+    targetName: string,
+    lastData?: Record<string, unknown>
+  ): Task {
    const data = {
      type: TaskType.SyncBinary,
      state: TaskState.Waiting,
      targetName,
      authorId: `pid_${PID}`,
      authorIp: HOST_NAME,
+      bizId: `SyncBinary:${targetName}`,
      data: {
        // task execute worker
        taskWorker: '',
@@ -221,10 +268,60 @@ export class Task<T extends TaskBaseData = TaskBaseData> extends Entity {
    task.logPath = `/binaries/${targetName}/syncs/${dayjs().format('YYYY/MM/DDHHmm')}-${task.taskId}.log`;
    return task;
  }
+
+  needMergeWhenWaiting(): boolean {
+    // 历史任务补偿时，将 shouldNotMerge 设置为 true，避免合并
+    // 补偿任务单独执行
+    if (this.data.shouldNotMerge === true) {
+      return false;
+    }
+    // 仅合并二进制镜像与 npm 包
+    return [TaskType.SyncBinary, TaskType.SyncPackage].includes(this.type);
+  }
+
+  public static createUpdateProxyCache(
+    targetName: string,
+    options: UpdateProxyCacheTaskOptions
+  ): CreateUpdateProxyCacheTask {
+    if (!isPkgManifest(options.fileType)) {
+      throw new InternalServerError(
+        'should not update package version manifest.'
+      );
+    }
+    const filePath = `/${PROXY_CACHE_DIR_NAME}/${options.fullname}/${options.fileType}`;
+    const data = {
+      type: TaskType.UpdateProxyCache,
+      state: TaskState.Waiting,
+      targetName,
+      authorId: `pid_${PID}`,
+      authorIp: HOST_NAME,
+      data: {
+        taskWorker: '',
+        fullname: options.fullname,
+        version: options?.version,
+        fileType: options.fileType,
+        filePath,
+      },
+    };
+    const task = this.create(data);
+    task.logPath = `/${PROXY_CACHE_DIR_NAME}/${options.fullname}/update-manifest-log/${options.fileType.split('.json')[0]}-${dayjs().format('YYYY/MM/DDHHmm')}-${task.taskId}.log`;
+    return task;
+  }
+
+  start(): TaskUpdateCondition {
+    const condition = {
+      taskId: this.taskId,
+      attempts: this.attempts,
+    };
+    this.setExecuteWorker();
+    this.state = TaskState.Processing;
+    this.attempts += 1;
+    return condition;
+  }
 }

-export type SyncInfo = {
+export interface SyncInfo {
  lastSince: string;
  taskCount: number;
  lastPackage?: string;
-};
+}
--- a/app/core/entity/Token.ts
+++ b/app/core/entity/Token.ts
@@ -1,14 +1,41 @@
-import { Entity, EntityData } from './Entity';
-import { EasyData, EntityUtil } from '../util/EntityUtil';
+import dayjs from 'dayjs';

-interface TokenData extends EntityData {
+import { Entity, type EntityData } from './Entity.ts';
+import { EntityUtil, type EasyData } from '../util/EntityUtil.ts';
+
+export enum TokenType {
+  granular = 'granular',
+  classic = 'classic',
+}
+interface BaseTokenData extends EntityData {
  tokenId: string;
  tokenMark: string;
  tokenKey: string;
-  cidrWhitelist: string[];
+  cidrWhitelist?: string[];
  userId: string;
-  isReadonly: boolean;
-  isAutomation: boolean;
+  isReadonly?: boolean;
+  type?: TokenType | string;
+  lastUsedAt?: Date;
+}
+
+interface ClassicTokenData extends BaseTokenData {
+  isAutomation?: boolean;
+}
+interface GranularTokenData extends BaseTokenData {
+  name: string;
+  description?: string;
+  allowedScopes?: string[];
+  allowedPackages?: string[];
+  expires: number;
+  expiredAt: Date;
+}
+
+type TokenData = ClassicTokenData | GranularTokenData;
+
+export function isGranularToken(
+  data: TokenData | Token
+): data is GranularTokenData {
+  return data.type === TokenType.granular;
 }

 export class Token extends Entity {
@@ -19,7 +46,15 @@ export class Token extends Entity {
  readonly userId: string;
  readonly isReadonly: boolean;
  readonly isAutomation: boolean;
-  token?: string;
+  readonly type?: TokenType;
+  readonly name?: string;
+  readonly description?: string;
+  readonly allowedScopes?: string[];
+  readonly expiredAt?: Date;
+  readonly expires?: number;
+  lastUsedAt: Date | null;
+  allowedPackages?: string[];
+  token: string;

  constructor(data: TokenData) {
    super(data);
@@ -27,13 +62,30 @@ export class Token extends Entity {
    this.tokenId = data.tokenId;
    this.tokenMark = data.tokenMark;
    this.tokenKey = data.tokenKey;
-    this.cidrWhitelist = data.cidrWhitelist;
-    this.isReadonly = data.isReadonly;
-    this.isAutomation = data.isAutomation;
+    this.cidrWhitelist = data.cidrWhitelist || [];
+    this.isReadonly = data.isReadonly || false;
+    this.type = (data.type as TokenType) || TokenType.classic;
+    this.lastUsedAt = data.lastUsedAt || null;
+
+    if (isGranularToken(data)) {
+      this.name = data.name;
+      this.description = data.description;
+      this.allowedScopes = data.allowedScopes;
+      this.expiredAt = data.expiredAt;
+      this.allowedPackages = data.allowedPackages;
+      this.isAutomation = false;
+    } else {
+      this.isAutomation = data.isAutomation || false;
+    }
  }

  static create(data: EasyData<TokenData, 'tokenId'>): Token {
    const newData = EntityUtil.defaultData(data, 'tokenId');
+    if (isGranularToken(newData) && !newData.expiredAt) {
+      newData.expiredAt = dayjs(newData.createdAt)
+        .add(newData.expires, 'days')
+        .toDate();
+    }
    return new Token(newData);
  }
 }
--- a/app/core/entity/User.ts
+++ b/app/core/entity/User.ts
@@ -1,5 +1,6 @@
-import { Entity, EntityData } from './Entity';
-import { EasyData, EntityUtil } from '../util/EntityUtil';
+import { Entity, type EntityData } from './Entity.ts';
+import { EntityUtil, type EasyData } from '../util/EntityUtil.ts';
+import { cleanUserPrefix } from '../../common/PackageUtil.ts';

 interface UserData extends EntityData {
  userId: string;
@@ -15,6 +16,7 @@ interface UserData extends EntityData {
 export class User extends Entity {
  userId: string;
  name: string;
+  displayName: string;
  email: string;
  passwordSalt: string;
  passwordIntegrity: string;
@@ -26,6 +28,7 @@ export class User extends Entity {
    super(data);
    this.userId = data.userId;
    this.name = data.name;
+    this.displayName = cleanUserPrefix(this.name);
    this.email = data.email;
    this.passwordSalt = data.passwordSalt;
    this.passwordIntegrity = data.passwordIntegrity;
--- a/app/core/entity/WebauthnCredential.ts
+++ b/app/core/entity/WebauthnCredential.ts
@@ -0,0 +1,34 @@
+import { Entity, type EntityData } from './Entity.ts';
+import { EntityUtil, type EasyData } from '../util/EntityUtil.ts';
+
+interface WebauthnCredentialData extends EntityData {
+  wancId: string;
+  userId: string;
+  credentialId: string;
+  publicKey: string;
+  browserType?: string;
+}
+
+export class WebauthnCredential extends Entity {
+  wancId: string;
+  userId: string;
+  credentialId: string;
+  publicKey: string;
+  browserType?: string;
+
+  constructor(data: WebauthnCredentialData) {
+    super(data);
+    this.wancId = data.wancId;
+    this.userId = data.userId;
+    this.credentialId = data.credentialId;
+    this.publicKey = data.publicKey;
+    this.browserType = data.browserType;
+  }
+
+  static create(
+    data: EasyData<WebauthnCredentialData, 'wancId'>
+  ): WebauthnCredential {
+    const newData = EntityUtil.defaultData(data, 'wancId');
+    return new WebauthnCredential(newData);
+  }
+}
--- a/app/core/event/BugVersionFixHandler.ts
+++ b/app/core/event/BugVersionFixHandler.ts
@@ -1,24 +1,21 @@
-import { Event, Inject } from '@eggjs/tegg';
-import { EggLogger } from 'egg';
-import { PACKAGE_VERSION_ADDED } from './index';
-import { BUG_VERSIONS } from '../../common/constants';
-import { PackageManagerService } from '../service/PackageManagerService';
-import { BugVersionService } from '../service/BugVersionService';
+import { Event, Inject, Logger } from 'egg';
+
+import { PACKAGE_VERSION_ADDED } from './index.ts';
+import { BUG_VERSIONS } from '../../common/constants.ts';
+import type { BugVersionService } from '../service/BugVersionService.ts';

@Event(PACKAGE_VERSION_ADDED)
 export class BugVersionFixHandler {
  @Inject()
  private readonly bugVersionService: BugVersionService;
-  @Inject()
-  private readonly packageManagerService: PackageManagerService;

  @Inject()
-  private readonly logger: EggLogger;
+  private readonly logger: Logger;

  async handle(fullname: string) {
    if (fullname !== BUG_VERSIONS) return;
    try {
-      const bugVersion = await this.packageManagerService.getBugVersion();
+      const bugVersion = await this.bugVersionService.getBugVersion();
      if (!bugVersion) return;
      await this.bugVersionService.cleanBugVersionPackageCaches(bugVersion);
    } catch (e) {
--- a/app/core/event/CacheCleaner.ts
+++ b/app/core/event/CacheCleaner.ts
@@ -1,18 +1,19 @@
-import { Event, Inject } from '@eggjs/tegg';
+import { Event, Inject } from 'egg';
+
 import {
-  PACKAGE_UNPUBLISHED,
  PACKAGE_BLOCKED,
-  PACKAGE_UNBLOCKED,
-  PACKAGE_VERSION_ADDED,
-  PACKAGE_VERSION_REMOVED,
-  PACKAGE_TAG_ADDED,
-  PACKAGE_TAG_CHANGED,
-  PACKAGE_TAG_REMOVED,
  PACKAGE_MAINTAINER_CHANGED,
  PACKAGE_MAINTAINER_REMOVED,
  PACKAGE_META_CHANGED,
-} from './index';
-import { CacheService } from '../../core/service/CacheService';
+  PACKAGE_TAG_ADDED,
+  PACKAGE_TAG_CHANGED,
+  PACKAGE_TAG_REMOVED,
+  PACKAGE_UNBLOCKED,
+  PACKAGE_UNPUBLISHED,
+  PACKAGE_VERSION_ADDED,
+  PACKAGE_VERSION_REMOVED,
+} from './index.ts';
+import type { CacheService } from '../../core/service/CacheService.ts';

 class CacheCleanerEvent {
  @Inject()
@@ -24,77 +25,77 @@ class CacheCleanerEvent {
 }

@Event(PACKAGE_UNPUBLISHED)
-export class PackageUnpublished extends CacheCleanerEvent {
+export class PackageUnpublishedCacheCleanEvent extends CacheCleanerEvent {
  async handle(fullname: string) {
    await this.removeCache(fullname);
  }
 }

@Event(PACKAGE_BLOCKED)
-export class PackageBlocked extends CacheCleanerEvent {
+export class PackageBlockedCacheCleanEvent extends CacheCleanerEvent {
  async handle(fullname: string) {
    await this.removeCache(fullname);
  }
 }

@Event(PACKAGE_UNBLOCKED)
-export class PackageUnblocked extends CacheCleanerEvent {
+export class PackageUnblockedCacheCleanEvent extends CacheCleanerEvent {
  async handle(fullname: string) {
    await this.removeCache(fullname);
  }
 }

@Event(PACKAGE_VERSION_ADDED)
-export class PackageVersionAdded extends CacheCleanerEvent {
+export class PackageVersionAddedCacheCleanEvent extends CacheCleanerEvent {
  async handle(fullname: string) {
    await this.removeCache(fullname);
  }
 }

@Event(PACKAGE_VERSION_REMOVED)
-export class PackageVersionRemoved extends CacheCleanerEvent {
+export class PackageVersionRemovedCacheCleanEvent extends CacheCleanerEvent {
  async handle(fullname: string) {
    await this.removeCache(fullname);
  }
 }

@Event(PACKAGE_TAG_ADDED)
-export class PackageTagAdded extends CacheCleanerEvent {
+export class PackageTagAddedCacheCleanEvent extends CacheCleanerEvent {
  async handle(fullname: string) {
    await this.removeCache(fullname);
  }
 }

@Event(PACKAGE_TAG_CHANGED)
-export class PackageTagChanged extends CacheCleanerEvent {
+export class PackageTagChangedCacheCleanEvent extends CacheCleanerEvent {
  async handle(fullname: string) {
    await this.removeCache(fullname);
  }
 }

@Event(PACKAGE_TAG_REMOVED)
-export class PackageTagRemoved extends CacheCleanerEvent {
+export class PackageTagRemovedCacheCleanEvent extends CacheCleanerEvent {
  async handle(fullname: string) {
    await this.removeCache(fullname);
  }
 }

@Event(PACKAGE_MAINTAINER_CHANGED)
-export class PackageMaintainerChanged extends CacheCleanerEvent {
+export class PackageMaintainerChangedCacheCleanEvent extends CacheCleanerEvent {
  async handle(fullname: string) {
    await this.removeCache(fullname);
  }
 }

@Event(PACKAGE_MAINTAINER_REMOVED)
-export class PackageMaintainerRemoved extends CacheCleanerEvent {
+export class PackageMaintainerRemovedCacheCleanEvent extends CacheCleanerEvent {
  async handle(fullname: string) {
    await this.removeCache(fullname);
  }
 }

@Event(PACKAGE_META_CHANGED)
-export class PackageMetaChanged extends CacheCleanerEvent {
+export class PackageMetaChangedCacheCleanEvent extends CacheCleanerEvent {
  async handle(fullname: string) {
    await this.removeCache(fullname);
  }
--- a/app/core/event/ChangesStream.ts
+++ b/app/core/event/ChangesStream.ts
@@ -1,22 +1,24 @@
-import { EggAppConfig } from 'egg';
-import { Event, Inject } from '@eggjs/tegg';
+
+import { Event, Inject, Config } from 'egg';
+
 import {
-  PACKAGE_UNPUBLISHED,
-  PACKAGE_VERSION_ADDED,
-  PACKAGE_VERSION_REMOVED,
+  type PackageMetaChange,
+  PACKAGE_MAINTAINER_CHANGED,
+  PACKAGE_MAINTAINER_REMOVED,
+  PACKAGE_META_CHANGED,
  PACKAGE_TAG_ADDED,
  PACKAGE_TAG_CHANGED,
  PACKAGE_TAG_REMOVED,
-  PACKAGE_MAINTAINER_CHANGED,
-  PACKAGE_MAINTAINER_REMOVED,
-  PACKAGE_META_CHANGED, PackageMetaChange,
-} from './index';
-import { ChangeRepository } from '../../repository/ChangeRepository';
-import { Change } from '../entity/Change';
-import { HookEvent } from '../entity/HookEvent';
-import { Task } from '../entity/Task';
-import { User } from '../entity/User';
-import { TaskService } from '../service/TaskService';
+  PACKAGE_UNPUBLISHED,
+  PACKAGE_VERSION_ADDED,
+  PACKAGE_VERSION_REMOVED,
+} from './index.ts';
+import type { ChangeRepository } from '../../repository/ChangeRepository.ts';
+import { Change } from '../entity/Change.ts';
+import { HookEvent } from '../entity/HookEvent.ts';
+import { Task } from '../entity/Task.ts';
+import type { User } from '../entity/User.ts';
+import type { TaskService } from '../service/TaskService.ts';

 class ChangesStreamEvent {
  @Inject()
@@ -26,13 +28,17 @@ class ChangesStreamEvent {
  protected readonly taskService: TaskService;

  @Inject()
-  protected readonly config: EggAppConfig;
+  protected readonly config: Config;

  protected get hookEnable() {
-    return this.config.hookEnable;
+    return this.config.cnpmcore.hookEnable;
  }

-  protected async addChange(type: string, fullname: string, data: object): Promise<Change> {
+  protected async addChange(
+    type: string,
+    fullname: string,
+    data: object
+  ): Promise<Change> {
    const change = Change.create({
      type,
      targetName: fullname,
@@ -44,79 +50,101 @@ class ChangesStreamEvent {
 }

@Event(PACKAGE_UNPUBLISHED)
-export class PackageUnpublished extends ChangesStreamEvent {
+export class PackageUnpublishedChangesStreamEvent extends ChangesStreamEvent {
  async handle(fullname: string) {
    const change = await this.addChange(PACKAGE_UNPUBLISHED, fullname, {});
    if (this.hookEnable) {
-      const task = Task.createCreateHookTask(HookEvent.createUnpublishEvent(fullname, change.changeId));
+      const task = Task.createCreateHookTask(
+        HookEvent.createUnpublishEvent(fullname, change.changeId)
+      );
      await this.taskService.createTask(task, true);
    }
  }
 }

@Event(PACKAGE_VERSION_ADDED)
-export class PackageVersionAdded extends ChangesStreamEvent {
+export class PackageVersionAddedChangesStreamEvent extends ChangesStreamEvent {
  async handle(fullname: string, version: string, tag?: string) {
-    const change = await this.addChange(PACKAGE_VERSION_ADDED, fullname, { version });
+    const change = await this.addChange(PACKAGE_VERSION_ADDED, fullname, {
+      version,
+    });
    if (this.hookEnable) {
-      const task = Task.createCreateHookTask(HookEvent.createPublishEvent(fullname, change.changeId, version, tag));
+      const task = Task.createCreateHookTask(
+        HookEvent.createPublishEvent(fullname, change.changeId, version, tag)
+      );
      await this.taskService.createTask(task, true);
    }
  }
 }

@Event(PACKAGE_VERSION_REMOVED)
-export class PackageVersionRemoved extends ChangesStreamEvent {
+export class PackageVersionRemovedChangesStreamEvent extends ChangesStreamEvent {
  async handle(fullname: string, version: string, tag?: string) {
-    const change = await this.addChange(PACKAGE_VERSION_REMOVED, fullname, { version });
+    const change = await this.addChange(PACKAGE_VERSION_REMOVED, fullname, {
+      version,
+    });
    if (this.hookEnable) {
-      const task = Task.createCreateHookTask(HookEvent.createUnpublishEvent(fullname, change.changeId, version, tag));
+      const task = Task.createCreateHookTask(
+        HookEvent.createUnpublishEvent(fullname, change.changeId, version, tag)
+      );
      await this.taskService.createTask(task, true);
    }
  }
 }

@Event(PACKAGE_TAG_ADDED)
-export class PackageTagAdded extends ChangesStreamEvent {
+export class PackageTagAddedChangesStreamEvent extends ChangesStreamEvent {
  async handle(fullname: string, tag: string) {
    const change = await this.addChange(PACKAGE_TAG_ADDED, fullname, { tag });
    if (this.hookEnable) {
-      const task = Task.createCreateHookTask(HookEvent.createDistTagEvent(fullname, change.changeId, tag));
+      const task = Task.createCreateHookTask(
+        HookEvent.createDistTagEvent(fullname, change.changeId, tag)
+      );
      await this.taskService.createTask(task, true);
    }
  }
 }

@Event(PACKAGE_TAG_CHANGED)
-export class PackageTagChanged extends ChangesStreamEvent {
+export class PackageTagChangedChangesStreamEvent extends ChangesStreamEvent {
  async handle(fullname: string, tag: string) {
    const change = await this.addChange(PACKAGE_TAG_CHANGED, fullname, { tag });
    if (this.hookEnable) {
-      const task = Task.createCreateHookTask(HookEvent.createDistTagEvent(fullname, change.changeId, tag));
+      const task = Task.createCreateHookTask(
+        HookEvent.createDistTagEvent(fullname, change.changeId, tag)
+      );
      await this.taskService.createTask(task, true);
    }
  }
 }

@Event(PACKAGE_TAG_REMOVED)
-export class PackageTagRemoved extends ChangesStreamEvent {
+export class PackageTagRemovedChangesStreamEvent extends ChangesStreamEvent {
  async handle(fullname: string, tag: string) {
    const change = await this.addChange(PACKAGE_TAG_REMOVED, fullname, { tag });
    if (this.hookEnable) {
-      const task = Task.createCreateHookTask(HookEvent.createDistTagRmEvent(fullname, change.changeId, tag));
+      const task = Task.createCreateHookTask(
+        HookEvent.createDistTagRmEvent(fullname, change.changeId, tag)
+      );
      await this.taskService.createTask(task, true);
    }
  }
 }

@Event(PACKAGE_MAINTAINER_CHANGED)
-export class PackageMaintainerChanged extends ChangesStreamEvent {
+export class PackageMaintainerChangedChangesStreamEvent extends ChangesStreamEvent {
  async handle(fullname: string, maintainers: User[]) {
-    const change = await this.addChange(PACKAGE_MAINTAINER_CHANGED, fullname, {});
+    const change = await this.addChange(
+      PACKAGE_MAINTAINER_CHANGED,
+      fullname,
+      {}
+    );
    // TODO 应该比较差值，而不是全量推送
    if (this.hookEnable) {
      for (const maintainer of maintainers) {
-        const task = Task.createCreateHookTask(HookEvent.createOwnerEvent(fullname, change.changeId, maintainer.name));
+        const task = Task.createCreateHookTask(
+          HookEvent.createOwnerEvent(fullname, change.changeId, maintainer.name)
+        );
        await this.taskService.createTask(task, true);
      }
    }
@@ -124,24 +152,36 @@ export class PackageMaintainerChanged extends ChangesStreamEvent {
 }

@Event(PACKAGE_MAINTAINER_REMOVED)
-export class PackageMaintainerRemoved extends ChangesStreamEvent {
+export class PackageMaintainerRemovedChangesStreamEvent extends ChangesStreamEvent {
  async handle(fullname: string, maintainer: string) {
-    const change = await this.addChange(PACKAGE_MAINTAINER_REMOVED, fullname, { maintainer });
+    const change = await this.addChange(PACKAGE_MAINTAINER_REMOVED, fullname, {
+      maintainer,
+    });
    if (this.hookEnable) {
-      const task = Task.createCreateHookTask(HookEvent.createOwnerRmEvent(fullname, change.changeId, maintainer));
+      const task = Task.createCreateHookTask(
+        HookEvent.createOwnerRmEvent(fullname, change.changeId, maintainer)
+      );
      await this.taskService.createTask(task, true);
    }
  }
 }

@Event(PACKAGE_META_CHANGED)
-export class PackageMetaChanged extends ChangesStreamEvent {
+export class PackageMetaChangedChangesStreamEvent extends ChangesStreamEvent {
  async handle(fullname: string, meta: PackageMetaChange) {
-    const change = await this.addChange(PACKAGE_META_CHANGED, fullname, { ...meta });
+    const change = await this.addChange(PACKAGE_META_CHANGED, fullname, {
+      ...meta,
+    });
    const { deprecateds } = meta;
    if (this.hookEnable) {
      for (const deprecated of deprecateds || []) {
-        const task = Task.createCreateHookTask(HookEvent.createDeprecatedEvent(fullname, change.changeId, deprecated.version));
+        const task = Task.createCreateHookTask(
+          HookEvent.createDeprecatedEvent(
+            fullname,
+            change.changeId,
+            deprecated.version
+          )
+        );
        await this.taskService.createTask(task, true);
      }
    }
--- a/app/core/event/StoreManifest.ts
+++ b/app/core/event/StoreManifest.ts
@@ -1,30 +1,38 @@
-import { Event, Inject } from '@eggjs/tegg';
-import {
-  EggAppConfig,
-} from 'egg';
-import { PACKAGE_VERSION_ADDED } from './index';
-import { getScopeAndName } from '../../common/PackageUtil';
-import { PackageVersionManifest as PackageVersionManifestEntity } from '../entity/PackageVersionManifest';
-import { PackageRepository } from '../../repository/PackageRepository';
-import { DistRepository } from '../../repository/DistRepository';
+import { Config, Event, Inject } from 'egg';
+
+import { PACKAGE_VERSION_ADDED } from './index.ts';
+import { getScopeAndName } from '../../common/PackageUtil.ts';
+import { PackageVersionManifest as PackageVersionManifestEntity } from '../entity/PackageVersionManifest.ts';
+import type { PackageRepository } from '../../repository/PackageRepository.ts';
+import type { DistRepository } from '../../repository/DistRepository.ts';

 class StoreManifestEvent {
  @Inject()
-  protected readonly config: EggAppConfig;
+  protected readonly config: Config;
  @Inject()
  private readonly packageRepository: PackageRepository;
  @Inject()
  private readonly distRepository: DistRepository;

-  protected async savePackageVersionManifest(fullname: string, version: string) {
-    if (!this.config.cnpmcore.enableStoreFullPackageVersionManifestsToDatabase) return;
+  protected async savePackageVersionManifest(
+    fullname: string,
+    version: string
+  ) {
+    if (!this.config.cnpmcore.enableStoreFullPackageVersionManifestsToDatabase)
+      return;

-    const [ scope, name ] = getScopeAndName(fullname);
+    const [scope, name] = getScopeAndName(fullname);
    const packageId = await this.packageRepository.findPackageId(scope, name);
    if (!packageId) return;
-    const packageVersion = await this.packageRepository.findPackageVersion(packageId, version);
+    const packageVersion = await this.packageRepository.findPackageVersion(
+      packageId,
+      version
+    );
    if (!packageVersion) return;
-    const manifest = await this.distRepository.findPackageVersionManifest(packageId, version);
+    const manifest = await this.distRepository.findPackageVersionManifest(
+      packageId,
+      version
+    );
    if (!manifest) return;
    const entity = PackageVersionManifestEntity.create({
      packageId,
@@ -36,7 +44,7 @@ class StoreManifestEvent {
 }

@Event(PACKAGE_VERSION_ADDED)
-export class PackageVersionAdded extends StoreManifestEvent {
+export class PackageVersionAddedStoreManifestEvent extends StoreManifestEvent {
  async handle(fullname: string, version: string) {
    await this.savePackageVersionManifest(fullname, version);
  }
--- a/app/core/event/SyncESPackage.ts
+++ b/app/core/event/SyncESPackage.ts
@@ -0,0 +1,53 @@
+// TODO sync event
+import { Config, Event, Inject } from 'egg';
+import {
+  PACKAGE_BLOCKED,
+  PACKAGE_MAINTAINER_CHANGED,
+  PACKAGE_MAINTAINER_REMOVED,
+  PACKAGE_META_CHANGED,
+  PACKAGE_TAG_ADDED,
+  PACKAGE_TAG_CHANGED,
+  PACKAGE_TAG_REMOVED,
+  PACKAGE_UNBLOCKED,
+  PACKAGE_UNPUBLISHED,
+  PACKAGE_VERSION_ADDED,
+  PACKAGE_VERSION_REMOVED,
+} from './index.ts';
+import type { PackageSearchService } from '../service/PackageSearchService.ts';
+
+class SyncESPackage {
+  @Inject()
+  protected readonly packageSearchService: PackageSearchService;
+
+  @Inject()
+  protected readonly config: Config;
+
+  protected async syncPackage(fullname: string) {
+    if (!this.config.cnpmcore.enableElasticsearch) return;
+    await this.packageSearchService.syncPackage(fullname, true);
+  }
+}
+
+@Event(PACKAGE_UNPUBLISHED)
+@Event(PACKAGE_BLOCKED)
+export class PackageUnpublishedSyncESEvent extends SyncESPackage {
+  async handle(fullname: string) {
+    if (!this.config.cnpmcore.enableElasticsearch) return;
+    await this.packageSearchService.removePackage(fullname);
+  }
+}
+
+@Event(PACKAGE_VERSION_ADDED)
+@Event(PACKAGE_META_CHANGED)
+@Event(PACKAGE_VERSION_REMOVED)
+@Event(PACKAGE_TAG_ADDED)
+@Event(PACKAGE_TAG_CHANGED)
+@Event(PACKAGE_TAG_REMOVED)
+@Event(PACKAGE_MAINTAINER_CHANGED)
+@Event(PACKAGE_MAINTAINER_REMOVED)
+@Event(PACKAGE_UNBLOCKED)
+export class PackageVersionAddedSyncESEvent extends SyncESPackage {
+  async handle(fullname: string) {
+    await this.syncPackage(fullname);
+  }
+}
--- a/app/core/event/SyncPackageVersionFile.ts
+++ b/app/core/event/SyncPackageVersionFile.ts
@@ -0,0 +1,91 @@
+import { Event, Inject, Config, Logger } from 'egg';
+import { ForbiddenError } from 'egg/errors';
+
+import {
+  PACKAGE_TAG_ADDED,
+  PACKAGE_TAG_CHANGED,
+  PACKAGE_VERSION_ADDED,
+} from './index.ts';
+import { getScopeAndName } from '../../common/PackageUtil.ts';
+import type { PackageManagerService } from '../service/PackageManagerService.ts';
+import type { PackageVersionFileService } from '../service/PackageVersionFileService.ts';
+
+class SyncPackageVersionFileEvent {
+  @Inject()
+  protected readonly config: Config;
+  @Inject()
+  protected readonly logger: Logger;
+  @Inject()
+  private readonly packageManagerService: PackageManagerService;
+  @Inject()
+  private readonly packageVersionFileService: PackageVersionFileService;
+
+  protected async syncPackageVersionFile(fullname: string, version: string) {
+    // must set enableUnpkg and enableSyncUnpkgFiles = true both
+    if (!this.config.cnpmcore.enableUnpkg) return;
+    if (!this.config.cnpmcore.enableSyncUnpkgFiles) return;
+    // ignore sync on unittest
+    if (
+      this.config.env === 'unittest' &&
+      fullname !== '@cnpm/unittest-unpkg-demo'
+    )
+      return;
+    const [scope, name] = getScopeAndName(fullname);
+    const { packageVersion } =
+      await this.packageManagerService.showPackageVersionByVersionOrTag(
+        scope,
+        name,
+        version
+      );
+    if (!packageVersion) return;
+    try {
+      await this.packageVersionFileService.syncPackageVersionFiles(
+        packageVersion
+      );
+    } catch (err) {
+      if (err instanceof ForbiddenError) {
+        this.logger.info(
+          '[SyncPackageVersionFileEvent.syncPackageVersionFile] ignore sync files, cause: %s',
+          err.message
+        );
+        return;
+      }
+      throw err;
+    }
+  }
+
+  protected async syncPackageReadmeToLatestVersion(fullname: string) {
+    const [scope, name] = getScopeAndName(fullname);
+    const { pkg, packageVersion } =
+      await this.packageManagerService.showPackageVersionByVersionOrTag(
+        scope,
+        name,
+        'latest'
+      );
+    if (!pkg || !packageVersion) return;
+    await this.packageVersionFileService.syncPackageReadme(pkg, packageVersion);
+  }
+}
+
+@Event(PACKAGE_VERSION_ADDED)
+export class PackageVersionAddedSyncPackageVersionFileEvent extends SyncPackageVersionFileEvent {
+  async handle(fullname: string, version: string) {
+    await this.syncPackageVersionFile(fullname, version);
+  }
+}
+
+@Event(PACKAGE_TAG_ADDED)
+export class PackageTagAddedSyncPackageVersionFileEvent extends SyncPackageVersionFileEvent {
+  async handle(fullname: string, tag: string) {
+    if (tag !== 'latest') return;
+    await this.syncPackageReadmeToLatestVersion(fullname);
+  }
+}
+
+@Event(PACKAGE_TAG_CHANGED)
+export class PackageTagChangedSyncPackageVersionFileEvent extends SyncPackageVersionFileEvent {
+  async handle(fullname: string, tag: string) {
+    if (tag !== 'latest') return;
+    await this.syncPackageReadmeToLatestVersion(fullname);
+  }
+}
--- a/app/core/event/TotalHandler.ts
+++ b/app/core/event/TotalHandler.ts
@@ -0,0 +1,23 @@
+import { Event, Inject } from 'egg';
+
+import { PACKAGE_ADDED, PACKAGE_VERSION_ADDED } from './index.ts';
+import type { TotalRepository } from '../../repository/TotalRepository.ts';
+
+class TotalHandlerEvent {
+  @Inject()
+  protected readonly totalRepository: TotalRepository;
+}
+
+@Event(PACKAGE_ADDED)
+export class PackageAddedTotalHandlerEvent extends TotalHandlerEvent {
+  async handle() {
+    await this.totalRepository.incrementPackageCount();
+  }
+}
+
+@Event(PACKAGE_VERSION_ADDED)
+export class PackageVersionAddedTotalHandlerEvent extends TotalHandlerEvent {
+  async handle() {
+    await this.totalRepository.incrementPackageVersionCount();
+  }
+}
--- a/app/core/event/index.ts
+++ b/app/core/event/index.ts
@@ -1,6 +1,6 @@
-import '@eggjs/tegg';
-import { User } from '../entity/User';
+import type { User } from '../entity/User.ts';

+export const PACKAGE_ADDED = 'PACKAGE_ADDED';
 export const PACKAGE_UNPUBLISHED = 'PACKAGE_UNPUBLISHED';
 export const PACKAGE_BLOCKED = 'PACKAGE_BLOCKED';
 export const PACKAGE_UNBLOCKED = 'PACKAGE_UNBLOCKED';
@@ -15,26 +15,43 @@ export const PACKAGE_META_CHANGED = 'PACKAGE_META_CHANGED';

 export interface PackageDeprecated {
  version: string;
-  deprecated: string;
+  deprecated?: string;
 }

 export interface PackageMetaChange {
-  deprecateds?: Array<PackageDeprecated>;
+  deprecateds?: PackageDeprecated[];
 }

-
-declare module '@eggjs/tegg' {
+declare module 'egg' {
  interface Events {
+    [PACKAGE_ADDED]: (fullname: string) => Promise<void>;
    [PACKAGE_UNPUBLISHED]: (fullname: string) => Promise<void>;
    [PACKAGE_BLOCKED]: (fullname: string) => Promise<void>;
    [PACKAGE_UNBLOCKED]: (fullname: string) => Promise<void>;
-    [PACKAGE_VERSION_ADDED]: (fullname: string, version: string, tag?: string) => Promise<void>;
-    [PACKAGE_VERSION_REMOVED]: (fullname: string, version: string, tag?: string) => Promise<void>;
+    [PACKAGE_VERSION_ADDED]: (
+      fullname: string,
+      version: string,
+      tag?: string
+    ) => Promise<void>;
+    [PACKAGE_VERSION_REMOVED]: (
+      fullname: string,
+      version: string,
+      tag?: string
+    ) => Promise<void>;
    [PACKAGE_TAG_ADDED]: (fullname: string, tag: string) => Promise<void>;
    [PACKAGE_TAG_CHANGED]: (fullname: string, tag: string) => Promise<void>;
    [PACKAGE_TAG_REMOVED]: (fullname: string, tag: string) => Promise<void>;
-    [PACKAGE_MAINTAINER_CHANGED]: (fullname: string, maintainers: User[]) => Promise<void>;
-    [PACKAGE_MAINTAINER_REMOVED]: (fullname: string, maintainer: string) => Promise<void>;
-    [PACKAGE_META_CHANGED]: (fullname: string, meta: PackageMetaChange) => Promise<void>;
+    [PACKAGE_MAINTAINER_CHANGED]: (
+      fullname: string,
+      maintainers: User[]
+    ) => Promise<void>;
+    [PACKAGE_MAINTAINER_REMOVED]: (
+      fullname: string,
+      maintainer: string
+    ) => Promise<void>;
+    [PACKAGE_META_CHANGED]: (
+      fullname: string,
+      meta: PackageMetaChange
+    ) => Promise<void>;
  }
 }
--- a/app/core/package.json
+++ b/app/core/package.json
@@ -2,5 +2,6 @@
  "name": "cnpmcore-core",
  "eggModule": {
    "name": "cnpmcoreCore"
-  }
+  },
+  "type": "module"
 }
--- a/app/core/service/BinarySyncerService.ts
+++ b/app/core/service/BinarySyncerService.ts
@@ -1,55 +1,39 @@
-import { rm } from 'fs/promises';
+import fs from 'node:fs/promises';
+
 import {
  AccessLevel,
-  ContextProto,
  Inject,
-} from '@eggjs/tegg';
-import {
-  EggContextHttpClient,
+  SingletonProto,
+  type EggObjectFactory,
+  HttpClient,
 } from 'egg';
-import fs from 'fs/promises';
-import binaries, { SyncerClass } from '../../../config/binaries';
-import { NFSAdapter } from '../../common/adapter/NFSAdapter';
-import { TaskType, TaskState } from '../../common/enum/Task';
-import { downloadToTempfile } from '../../common/FileUtil';
-import { BinaryRepository } from '../../repository/BinaryRepository';
-import { Task } from '../entity/Task';
-import { Binary } from '../entity/Binary';
-import { TaskService } from './TaskService';
-import { AbstractBinary, BinaryItem } from '../../common/adapter/binary/AbstractBinary';
-import { ApiBinary } from '../../common/adapter/binary/ApiBinary';
-import { AbstractService } from '../../common/AbstractService';
-import { NodeBinary } from '../../common/adapter/binary/NodeBinary';
-import { NwjsBinary } from '../../common/adapter/binary/NwjsBinary';
-import { BucketBinary } from '../../common/adapter/binary/BucketBinary';
-import { CypressBinary } from '../../common/adapter/binary/CypressBinary';
-import { SqlcipherBinary } from '../../common/adapter/binary/SqlcipherBinary';
-import { PuppeteerBinary } from '../../common/adapter/binary/PuppeteerBinary';
-import { GithubBinary } from '../../common/adapter/binary/GithubBinary';
-import { ElectronBinary } from '../../common/adapter/binary/ElectronBinary';
-import { NodePreGypBinary } from '../../common/adapter/binary/NodePreGypBinary';
-import { ImageminBinary } from '../../common/adapter/binary/ImageminBinary';
-import { PlaywrightBinary } from '../../common/adapter/binary/PlaywrightBinary';
+import { sortBy } from 'lodash-es';

-const BinaryClasses = {
-  [SyncerClass.NodeBinary]: NodeBinary,
-  [SyncerClass.NwjsBinary]: NwjsBinary,
-  [SyncerClass.BucketBinary]: BucketBinary,
-  [SyncerClass.CypressBinary]: CypressBinary,
-  [SyncerClass.SqlcipherBinary]: SqlcipherBinary,
-  [SyncerClass.PuppeteerBinary]: PuppeteerBinary,
-  [SyncerClass.GithubBinary]: GithubBinary,
-  [SyncerClass.ElectronBinary]: ElectronBinary,
-  [SyncerClass.NodePreGypBinary]: NodePreGypBinary,
-  [SyncerClass.ImageminBinary]: ImageminBinary,
-  [SyncerClass.PlaywrightBinary]: PlaywrightBinary,
-};
+import binaries, {
+  type BinaryName,
+  type CategoryName,
+} from '../../../config/binaries.ts';
+import type { BinaryRepository } from '../../repository/BinaryRepository.ts';
+import { Task, type SyncBinaryTask } from '../entity/Task.ts';
+import { Binary } from '../entity/Binary.ts';
+import type { TaskService } from './TaskService.ts';
+import type { NFSAdapter } from '../../common/adapter/NFSAdapter.ts';
+import { downloadToTempfile } from '../../common/FileUtil.ts';
+import { isTimeoutError } from '../../common/ErrorUtil.ts';
+import {
+  AbstractBinary,
+  type BinaryItem,
+} from '../../common/adapter/binary/AbstractBinary.ts';
+import { AbstractService } from '../../common/AbstractService.ts';
+import { BinaryType } from '../../common/enum/Binary.ts';
+import { TaskState, TaskType } from '../../common/enum/Task.ts';
+import { platforms } from '../../common/adapter/binary/PuppeteerBinary.ts';

 function isoNow() {
  return new Date().toISOString();
 }

-@ContextProto({
+@SingletonProto({
  accessLevel: AccessLevel.PUBLIC,
 })
 export class BinarySyncerService extends AbstractService {
@@ -58,134 +42,310 @@ export class BinarySyncerService extends AbstractService {
  @Inject()
  private readonly taskService: TaskService;
  @Inject()
-  private readonly httpclient: EggContextHttpClient;
+  private readonly httpClient: HttpClient;
  @Inject()
  private readonly nfsAdapter: NFSAdapter;
+  @Inject()
+  private readonly eggObjectFactory: EggObjectFactory;

-  public async findBinary(binaryName: string, parent: string, name: string) {
-    return await this.binaryRepository.findBinary(binaryName, parent, name);
+  // canvas/v2.6.1/canvas-v2.6.1-node-v57-linux-glibc-x64.tar.gz
+  // -> node-canvas-prebuilt/v2.6.1/node-canvas-prebuilt-v2.6.1-node-v57-linux-glibc-x64.tar.gz
+  // canvas 历史版本的 targetName 可能是 category 需要兼容
+  public async findBinary(
+    targetName: BinaryName | CategoryName,
+    parent: string,
+    name: string
+  ) {
+    return await this.binaryRepository.findBinary(targetName, parent, name);
  }

-  public async listDirBinaries(binary: Binary) {
-    return await this.binaryRepository.listBinaries(binary.category, `${binary.parent}${binary.name}`);
+  public async listDirBinaries(
+    binary: Binary,
+    options?: {
+      limit: number;
+      since: string;
+    }
+  ) {
+    return await this.binaryRepository.listBinaries(
+      binary.category,
+      `${binary.parent}${binary.name}`,
+      options
+    );
  }

-  public async listRootBinaries(binaryName: string) {
-    return await this.binaryRepository.listBinaries(binaryName, '/');
+  public async listRootBinaries(binaryName: BinaryName) {
+    // 通常 binaryName 和 category 是一样的，但是有些特殊的 binaryName 会有多个 category，比如 canvas
+    // 所以查询 canvas 的时候，需要将 binaryName 和 category 的数据都查出来
+    const { category } = binaries[binaryName];
+    const reqs = [this.binaryRepository.listBinaries(binaryName, '/')];
+    if (category && category !== binaryName) {
+      reqs.push(this.binaryRepository.listBinaries(category, '/'));
+    }
+
+    const [rootBinary, categoryBinary] = await Promise.all(reqs);
+
+    const versions = new Set(rootBinary.map(b => b.name));
+    if (categoryBinary) {
+      for (const b of categoryBinary) {
+        const version = b.name;
+        // 只将没有的版本添加进去
+        if (!versions.has(version)) {
+          rootBinary.push(b);
+        }
+      }
+    }
+
+    return rootBinary;
  }

  public async downloadBinary(binary: Binary) {
    return await this.nfsAdapter.getDownloadUrlOrStream(binary.storePath);
  }

-  public async createTask(binaryName: string, lastData?: any) {
-    return await this.taskService.createTask(Task.createSyncBinary(binaryName, lastData), false);
+  public async createTask(
+    binaryName: BinaryName,
+    lastData?: Record<string, unknown>
+  ) {
+    // chromium-browser-snapshots 产物极大，完整遍历 s3 bucket 耗时会太长
+    // 必须从上次同步的 revision 之后开始遍历
+    // 如果需要补偿数据，可以
+    if (binaryName === 'chromium-browser-snapshots') {
+      lastData = lastData || {};
+      for (const platform of platforms) {
+        if (lastData[platform]) continue;
+        const binaryDir = await this.binaryRepository.findLatestBinaryDir(
+          'chromium-browser-snapshots',
+          `/${platform}/`
+        );
+        if (binaryDir) {
+          lastData[platform] = binaryDir.name.slice(0, -1);
+        }
+      }
+      const latestBinary = await this.binaryRepository.findLatestBinary(
+        'chromium-browser-snapshots'
+      );
+      if (latestBinary && !lastData.lastSyncTime) {
+        lastData.lastSyncTime = latestBinary.date;
+      }
+    }
+    try {
+      return await this.taskService.createTask(
+        Task.createSyncBinary(binaryName, lastData),
+        false
+      );
+    } catch (e) {
+      this.logger.error(
+        '[BinarySyncerService.createTask] binaryName: %s, error: %s',
+        binaryName,
+        e
+      );
+    }
  }

-  public async findTask(taskId: string) {
-    return await this.taskService.findTask(taskId);
+  public async findTask(taskId: string): Promise<SyncBinaryTask | null> {
+    return (await this.taskService.findTask(taskId)) as SyncBinaryTask;
  }

-  public async findTaskLog(task: Task) {
+  public async findTaskLog(task: SyncBinaryTask) {
    return await this.taskService.findTaskLog(task);
  }

-  public async findExecuteTask() {
-    return await this.taskService.findExecuteTask(TaskType.SyncBinary);
+  public async findExecuteTask(): Promise<SyncBinaryTask | null> {
+    return (await this.taskService.findExecuteTask(
+      TaskType.SyncBinary
+    )) as SyncBinaryTask;
  }

-  public async executeTask(task: Task) {
-    const binaryName = task.targetName;
-    const binaryInstance = this.createBinaryInstance(binaryName);
+  public async executeTask(task: SyncBinaryTask) {
+    const binaryName = task.targetName as BinaryName;
+    const binaryAdapter = await this.getBinaryAdapter(binaryName);
    const logUrl = `${this.config.cnpmcore.registry}/-/binary/${binaryName}/syncs/${task.taskId}/log`;
    let logs: string[] = [];
-    logs.push(`[${isoNow()}] 🚧🚧🚧🚧🚧 Start sync binary "${binaryName}" 🚧🚧🚧🚧🚧`);
-    if (!binaryInstance) {
+    logs.push(
+      `[${isoNow()}] 🚧🚧🚧🚧🚧 Start sync binary "${binaryName}" 🚧🚧🚧🚧🚧`
+    );
+    if (!binaryAdapter) {
      task.error = 'unknow binaryName';
-      logs.push(`[${isoNow()}] ❌ Synced "${binaryName}" fail, ${task.error}, log: ${logUrl}`);
+      logs.push(
+        `[${isoNow()}] ❌ Synced "${binaryName}" fail, ${task.error}, log: ${logUrl}`
+      );
      logs.push(`[${isoNow()}] ❌❌❌❌❌ "${binaryName}" ❌❌❌❌❌`);
-      this.logger.error('[BinarySyncerService.executeTask:fail] taskId: %s, targetName: %s, %s',
-        task.taskId, task.targetName, task.error);
+      this.logger.error(
+        '[BinarySyncerService.executeTask:fail] taskId: %s, targetName: %s, %s',
+        task.taskId,
+        task.targetName,
+        task.error
+      );
      await this.taskService.finishTask(task, TaskState.Fail, logs.join('\n'));
      return;
    }

    await this.taskService.appendTaskLog(task, logs.join('\n'));
    logs = [];
-    this.logger.info('[BinarySyncerService.executeTask:start] taskId: %s, targetName: %s, log: %s',
-      task.taskId, task.targetName, logUrl);
+    this.logger.info(
+      '[BinarySyncerService.executeTask:start] taskId: %s, targetName: %s, log: %s',
+      task.taskId,
+      task.targetName,
+      logUrl
+    );
    try {
-      await this.syncDir(binaryInstance, task, '/');
+      const [hasDownloadError] = await this.syncDir(binaryAdapter, task, '/');
      logs.push(`[${isoNow()}] 🟢 log: ${logUrl}`);
      logs.push(`[${isoNow()}] 🟢🟢🟢🟢🟢 "${binaryName}" 🟢🟢🟢🟢🟢`);
-      await this.taskService.finishTask(task, TaskState.Success, logs.join('\n'));
-      this.logger.info('[BinarySyncerService.executeTask:success] taskId: %s, targetName: %s, log: %s',
-        task.taskId, task.targetName, logUrl);
-    } catch (err: any) {
-      task.error = err.message;
-      logs.push(`[${isoNow()}] ❌ Synced "${binaryName}" fail, ${task.error}, log: ${logUrl}`);
+      await this.taskService.finishTask(
+        task,
+        TaskState.Success,
+        logs.join('\n')
+      );
+      // 确保没有下载异常才算 success
+      await binaryAdapter.finishFetch(!hasDownloadError, binaryName);
+      this.logger.info(
+        '[BinarySyncerService.executeTask:success] taskId: %s, targetName: %s, log: %s, hasDownloadError: %s',
+        task.taskId,
+        task.targetName,
+        logUrl,
+        hasDownloadError
+      );
+    } catch (err) {
+      task.error = `${err.name}: ${err.message}`;
+      logs.push(
+        `[${isoNow()}] ❌ Synced "${binaryName}" fail, ${task.error}, log: ${logUrl}`
+      );
      logs.push(`[${isoNow()}] ❌❌❌❌❌ "${binaryName}" ❌❌❌❌❌`);
-      this.logger.error('[BinarySyncerService.executeTask:fail] taskId: %s, targetName: %s, %s',
-        task.taskId, task.targetName, task.error);
-      this.logger.error(err);
+      if (isTimeoutError(err)) {
+        this.logger.warn(
+          '[BinarySyncerService.executeTask:fail] taskId: %s, targetName: %s, %s',
+          task.taskId,
+          task.targetName,
+          task.error
+        );
+        this.logger.warn(err);
+      } else {
+        this.logger.error(
+          '[BinarySyncerService.executeTask:fail] taskId: %s, targetName: %s, %s',
+          task.taskId,
+          task.targetName,
+          task.error
+        );
+        this.logger.error(err);
+      }
+      await binaryAdapter.finishFetch(false, binaryName);
      await this.taskService.finishTask(task, TaskState.Fail, logs.join('\n'));
    }
  }

-  private async syncDir(binaryInstance: AbstractBinary, task: Task, dir: string, parentIndex = '') {
-    const binaryName = task.targetName;
-    const result = await binaryInstance.fetch(dir, task.data);
+  private async syncDir(
+    binaryAdapter: AbstractBinary,
+    task: SyncBinaryTask,
+    dir: string,
+    parentIndex = '',
+    latestVersionParent = '/'
+  ) {
+    const binaryName = task.targetName as BinaryName;
+    const result = await binaryAdapter.fetch(dir, binaryName, task.data);
    let hasDownloadError = false;
    let hasItems = false;
    if (result && result.items.length > 0) {
      hasItems = true;
      let logs: string[] = [];
-      const newItems = await this.diff(binaryName, dir, result.items);
-      logs.push(`[${isoNow()}][${dir}] 🚧 Syncing diff: ${result.items.length} => ${newItems.length}, Binary class: ${binaryInstance.constructor.name}`);
-      for (const [ index, { item, reason }] of newItems.entries()) {
+      const { newItems, latestVersionDir } = await this.diff(
+        binaryName,
+        dir,
+        result.items,
+        latestVersionParent
+      );
+      logs.push(
+        `[${isoNow()}][${dir}] 🚧 Syncing diff: ${result.items.length} => ${newItems.length}, Binary class: ${binaryAdapter.constructor.name}`
+      );
+      // re-check latest version
+      for (const [index, { item, reason }] of newItems.entries()) {
        if (item.isDir) {
-          logs.push(`[${isoNow()}][${dir}] 🚧 [${parentIndex}${index}] Start sync dir ${JSON.stringify(item)}, reason: ${reason}`);
+          logs.push(
+            `[${isoNow()}][${dir}] 🚧 [${parentIndex}${index}] Start sync dir ${JSON.stringify(item)}, reason: ${reason}`
+          );
          await this.taskService.appendTaskLog(task, logs.join('\n'));
          logs = [];
-          const [ hasError, hasSubItems ] = await this.syncDir(binaryInstance, task, `${dir}${item.name}`, `${parentIndex}${index}.`);
+          const [hasError, hasSubItems] = await this.syncDir(
+            binaryAdapter,
+            task,
+            `${dir}${item.name}`,
+            `${parentIndex}${index}.`,
+            latestVersionDir
+          );
          if (hasError) {
            hasDownloadError = true;
-          } else {
+          } else if (hasSubItems) {
            // if any file download error, let dir sync again next time
            // if empty dir, don't save it
-            if (hasSubItems) {
-              await this.saveBinaryItem(item);
-            }
+            await this.saveBinaryItem(item);
          }
        } else {
          // download to nfs
-          logs.push(`[${isoNow()}][${dir}] 🚧 [${parentIndex}${index}] Downloading ${JSON.stringify(item)}, reason: ${reason}`);
+          logs.push(
+            `[${isoNow()}][${dir}] 🚧 [${parentIndex}${index}] Downloading ${JSON.stringify(item)}, reason: ${reason}`
+          );
+          // skip exists binary file
+          const existsBinary = await this.binaryRepository.findBinary(
+            item.category,
+            item.parent,
+            item.name
+          );
+          if (existsBinary && existsBinary.date === item.date) {
+            logs.push(
+              `[${isoNow()}][${dir}] 🟢 [${parentIndex}${index}] binary file exists, skip download, binaryId: ${existsBinary.binaryId}`
+            );
+            this.logger.info(
+              '[BinarySyncerService.syncDir:skipDownload] binaryId: %s exists, storePath: %s',
+              existsBinary.binaryId,
+              existsBinary.storePath
+            );
+            continue;
+          }
          await this.taskService.appendTaskLog(task, logs.join('\n'));
          logs = [];
          let localFile = '';
          try {
-            const { tmpfile, headers, timing } =
-              await downloadToTempfile(this.httpclient, this.config.dataDir, item.sourceUrl!, item.ignoreDownloadStatuses);
-            logs.push(`[${isoNow()}][${dir}] 🟢 [${parentIndex}${index}] HTTP content-length: ${headers['content-length']}, timing: ${JSON.stringify(timing)}, ${item.sourceUrl} => ${tmpfile}`);
+            const { tmpfile, headers, timing } = await downloadToTempfile(
+              this.httpClient,
+              this.config.dataDir,
+              item.sourceUrl,
+              { ignoreDownloadStatuses: item.ignoreDownloadStatuses }
+            );
+            const log = `[${isoNow()}][${dir}] 🟢 [${parentIndex}${index}] HTTP content-length: ${headers['content-length']}, timing: ${JSON.stringify(timing)}, ${item.sourceUrl} => ${tmpfile}`;
+            logs.push(log);
+            this.logger.info(
+              '[BinarySyncerService.syncDir:downloadToTempfile] %s',
+              log
+            );
            localFile = tmpfile;
            const binary = await this.saveBinaryItem(item, tmpfile);
-            logs.push(`[${isoNow()}][${dir}] 🟢 [${parentIndex}${index}] Synced file success, binaryId: ${binary.binaryId}`);
+            logs.push(
+              `[${isoNow()}][${dir}] 🟢 [${parentIndex}${index}] Synced file success, binaryId: ${binary.binaryId}`
+            );
            await this.taskService.appendTaskLog(task, logs.join('\n'));
            logs = [];
-          } catch (err: any) {
+          } catch (err) {
            if (err.name === 'DownloadNotFoundError') {
-              this.logger.warn('Not found %s, skip it', item.sourceUrl);
-              logs.push(`[${isoNow()}][${dir}] 🧪️ [${parentIndex}${index}] Download ${item.sourceUrl} not found, skip it`);
+              this.logger.info('Not found %s, skip it', item.sourceUrl);
+              logs.push(
+                `[${isoNow()}][${dir}] 🧪️ [${parentIndex}${index}] Download ${item.sourceUrl} not found, skip it`
+              );
            } else {
-              this.logger.error('Download binary %s %s', item.sourceUrl, err);
+              if (err.name === 'DownloadStatusInvalidError') {
+                this.logger.warn('Download binary %s %s', item.sourceUrl, err);
+              } else {
+                this.logger.error('Download binary %s %s', item.sourceUrl, err);
+              }
              hasDownloadError = true;
-              logs.push(`[${isoNow()}][${dir}] ❌ [${parentIndex}${index}] Download ${item.sourceUrl} error: ${err}`);
+              logs.push(
+                `[${isoNow()}][${dir}] ❌ [${parentIndex}${index}] Download ${item.sourceUrl} error: ${err}`
+              );
            }
            await this.taskService.appendTaskLog(task, logs.join('\n'));
            logs = [];
          } finally {
            if (localFile) {
-              await rm(localFile, { force: true });
+              await fs.rm(localFile, { force: true });
            }
          }
        }
@@ -193,20 +353,35 @@ export class BinarySyncerService extends AbstractService {
      if (hasDownloadError) {
        logs.push(`[${isoNow()}][${dir}] ❌ Synced dir fail`);
      } else {
-        logs.push(`[${isoNow()}][${dir}] 🟢 Synced dir success`);
+        logs.push(
+          `[${isoNow()}][${dir}] 🟢 Synced dir success, hasItems: ${hasItems}`
+        );
      }
      await this.taskService.appendTaskLog(task, logs.join('\n'));
    }
-    return [ hasDownloadError, hasItems ];
+    return [hasDownloadError, hasItems];
  }

-  private async diff(binaryName: string, dir: string, fetchItems: BinaryItem[]) {
-    const existsItems = await this.binaryRepository.listBinaries(binaryName, dir);
+  // see https://github.com/cnpm/cnpmcore/issues/556
+  // 上游可能正在发布新版本、同步流程中断，导致同步的时候，文件列表不一致
+  // 如果的当前目录命中 latestVersionParent 父目录，那么就再校验一下当前目录
+  // 如果 existsItems 为空或者经过修改，那么就不需要 revalidate 了
+  private async diff(
+    binaryName: BinaryName,
+    dir: string,
+    fetchItems: BinaryItem[],
+    latestVersionParent = '/'
+  ) {
+    const existsItems = await this.binaryRepository.listBinaries(
+      binaryName,
+      dir
+    );
    const existsMap = new Map<string, Binary>();
    for (const item of existsItems) {
      existsMap.set(item.name, item);
    }
    const diffItems: { item: Binary; reason: string }[] = [];
+    let latestItem: BinaryItem | undefined;
    for (const item of fetchItems) {
      const existsItem = existsMap.get(item.name);
      if (!existsItem) {
@@ -231,9 +406,25 @@ export class BinarySyncerService extends AbstractService {
        existsItem.sourceUrl = item.url;
        existsItem.ignoreDownloadStatuses = item.ignoreDownloadStatuses;
        existsItem.date = item.date;
+      } else if (dir.endsWith(latestVersionParent)) {
+        if (!latestItem) {
+          latestItem = sortBy(fetchItems, ['date']).pop();
+        }
+        const isLatestItem = latestItem?.name === item.name;
+        if (isLatestItem && existsItem.isDir) {
+          diffItems.push({
+            item: existsItem,
+            reason: `revalidate latest version, latest parent dir is ${latestVersionParent}, current dir is ${dir}, current name is ${existsItem.name}`,
+          });
+          latestVersionParent = `${latestVersionParent}${existsItem.name}`;
+        }
      }
    }
-    return diffItems;
+
+    return {
+      newItems: diffItems,
+      latestVersionDir: latestVersionParent,
+    };
  }

  private async saveBinaryItem(binary: Binary, tmpfile?: string) {
@@ -241,24 +432,37 @@ export class BinarySyncerService extends AbstractService {
      const stat = await fs.stat(tmpfile);
      binary.size = stat.size;
      await this.nfsAdapter.uploadFile(binary.storePath, tmpfile);
-      this.logger.info('[BinarySyncerService.saveBinaryItem:uploadFile] binaryId: %s, size: %d, %s => %s',
-        binary.binaryId, stat.size, tmpfile, binary.storePath);
+      this.logger.info(
+        '[BinarySyncerService.saveBinaryItem:uploadFile] binaryId: %s, size: %d, %s => %s',
+        binary.binaryId,
+        stat.size,
+        tmpfile,
+        binary.storePath
+      );
    }
    await this.binaryRepository.saveBinary(binary);
    return binary;
  }

-  private createBinaryInstance(binaryName: string): AbstractBinary | undefined {
+  private async getBinaryAdapter(
+    binaryName: BinaryName
+  ): Promise<AbstractBinary | undefined> {
    const config = this.config.cnpmcore;
+    const binaryConfig = binaries[binaryName];
+
+    let binaryAdapter: AbstractBinary;
    if (config.sourceRegistryIsCNpm) {
-      const binaryConfig = binaries[binaryName];
-      const syncBinaryFromAPISource = config.syncBinaryFromAPISource || `${config.sourceRegistry}/-/binary`;
-      return new ApiBinary(this.httpclient, this.logger, binaryConfig, syncBinaryFromAPISource);
-    }
-    for (const binaryConfig of Object.values(binaries)) {
-      if (binaryConfig.category === binaryName) {
-        return new BinaryClasses[binaryConfig.syncer](this.httpclient, this.logger, binaryConfig);
-      }
+      binaryAdapter = await this.eggObjectFactory.getEggObject(
+        AbstractBinary,
+        BinaryType.Api
+      );
+    } else {
+      binaryAdapter = await this.eggObjectFactory.getEggObject(
+        AbstractBinary,
+        binaryConfig.type
+      );
    }
+    await binaryAdapter.initFetch(binaryName);
+    return binaryAdapter;
  }
 }
--- a/Show More
+++ b/Show More