chore: update versions (6-next) (#3920)

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

.changeset/chilly-trains-juggle.md

@@ -0,0 +1,8 @@
+---
+'@verdaccio/config': patch
+---
+
+Respect the `changePassword` configuration flag to enable changing the password through the web API.
+
+> **Note**
+> This feature is still experimental and not fully supported in the default web application.

.changeset/eighty-snails-admire.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/server-fastify': patch
+'@verdaccio/web': patch
+---
+
+Fix the password validation logic for the `/reset_password` route to ensure that the password is only reset if it is valid.

.changeset/khaki-carrots-crash.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/ui-theme': minor
+'@verdaccio/ui-components': minor
+---
+
+feat: ui bugfixes and improvements

.changeset/pre.json

@@ -58,7 +58,8 @@
     "@verdaccio/logger-7": "6.0.0-6-next.1",
     "@verdaccio/logger-commons": "6.0.0-6-next.25",
     "@verdaccio/e2e-cli-pnpm8": "1.0.1-6-next.6",
-    "@verdaccio/signature": "6.0.0-6-next.1"
+    "@verdaccio/signature": "6.0.0-6-next.1",
+    "@verdaccio/search": "6.0.0-6-next.1"
   },
   "changesets": [
     "afraid-mice-obey",
@@ -74,11 +75,13 @@
     "chatty-pillows-perform",
     "chilled-ways-fetch",
     "chilly-glasses-occur",
+    "chilly-trains-juggle",
     "clever-pugs-warn",
     "dry-planes-tap",
     "dull-monkeys-search",
     "early-jokes-nail",
     "eight-bottles-own",
+    "eighty-snails-admire",
     "eleven-brooms-hunt",
     "eleven-spoons-matter",
     "fair-lemons-beam",
@@ -106,6 +109,7 @@
     "heavy-ravens-lay",
     "hip-hounds-destroy",
     "honest-maps-hear",
+    "khaki-carrots-crash",
     "kind-bears-nail",
     "kind-ladybugs-admire",
     "late-adults-love",
@@ -132,6 +136,7 @@
     "plenty-spiders-melt",
     "plenty-tables-refuse",
     "poor-suns-film",
+    "pretty-clouds-help",
     "pretty-hounds-tap",
     "proud-jeans-walk",
     "proud-jobs-hope",
@@ -139,11 +144,15 @@
     "red-chefs-float",
     "red-yaks-sell",
     "rich-badgers-begin",
+    "rich-bananas-chew",
     "rich-ghosts-rule",
     "shaggy-carrots-unite",
     "shaggy-parrots-smash",
     "shiny-chefs-heal",
     "shy-ducks-cover",
+    "silly-moose-watch",
+    "six-boats-sparkle",
+    "slimy-eggs-explain",
     "slow-carrots-relate",
     "slow-snails-sniff",
     "smart-apricots-kneel",
@@ -156,15 +165,19 @@
     "spicy-snakes-sip",
     "strange-ladybugs-nail",
     "strong-socks-type",
+    "stupid-sloths-leave",
     "swift-pumpkins-knock",
     "ten-parents-breathe",
     "tender-bags-call",
+    "tender-pots-yawn",
+    "tender-tigers-hammer",
     "thick-countries-move",
     "thick-geese-wash",
     "thick-readers-hang",
     "three-moles-drop",
     "three-pots-sit",
     "tiny-seals-join",
+    "tough-days-search",
     "tricky-taxis-watch",
     "twelve-crabs-guess",
     "two-dolls-check",

.changeset/pretty-clouds-help.md

@@ -0,0 +1,9 @@
+---
+'@verdaccio/config': minor
+'@verdaccio/core': minor
+'@verdaccio/types': minor
+'@verdaccio/server': minor
+'@verdaccio/store': minor
+---
+
+feat: trustProxy property

.changeset/rich-bananas-chew.md

@@ -0,0 +1,7 @@
+---
+'@verdaccio/api': patch
+'@verdaccio/core': patch
+'@verdaccio/middleware': patch
+---
+
+fix: official package "-" cannot be synced

.changeset/silly-moose-watch.md

@@ -0,0 +1,5 @@
+---
+'verdaccio-htpasswd': patch
+---
+
+fix wrong htpasswd file location

.changeset/six-boats-sparkle.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/search': minor
+---
+
+feat: add search package utilities

.changeset/slimy-eggs-explain.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/logger-commons': patch
+---
+
+fix: restore wrong dependency version

.changeset/stupid-sloths-leave.md

@@ -0,0 +1,7 @@
+---
+'@verdaccio/logger-7': patch
+'@verdaccio/logger-commons': patch
+'@verdaccio/logger-prettify': patch
+---
+
+fix: restore pino legacy version

.changeset/tender-pots-yawn.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-theme': patch
+---
+
+fix menuKey for Khmer language

.changeset/tender-tigers-hammer.md

@@ -0,0 +1,7 @@
+---
+'@verdaccio/auth': minor
+'@verdaccio/core': minor
+'verdaccio-htpasswd': minor
+---
+
+feat: async bcrypt hash

.changeset/tough-days-search.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/ui-theme': patch
+'@verdaccio/ui-components': patch
+---
+
+fix: undefined field on missing count

.github/ISSUE_TEMPLATE/config.yml

@@ -8,7 +8,4 @@ contact_links:
     about: I want to report a security vulnerability
   - name: Chat 🏘
     url: https://discord.gg/7qWJxBf
-    about: For a quick question you should do it through our community chat
-  - name: User Interface Report 👩🏼‍🎨👨🏼‍🎨
-    url: https://github.com/verdaccio/ui/issues/new/choose
-    about: Any report related with the User Interface should be posted in another repository
+    about: Quick question? Try out Discord chat, you can get faster feedback

.github/workflows/changesets.yml

@@ -20,20 +20,19 @@ jobs:
     if: github.ref == 'refs/heads/master' && github.repository == 'verdaccio/verdaccio'
     steps:
       - name: checkout code repository
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           fetch-depth: 0
 
       - name: setup node.js
         uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
-          node-version: 14
-          registry-url: 'https://registry.npmjs.org'
+          node-version-file: '.nvmrc'
         env:
           NODE_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
 
       - name: install pnpm
-        run: npm i pnpm@6.32.15 -g
+        run: npm i pnpm@latest-8 -g
         env:
           NODE_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
 

.github/workflows/ci-windows.yml

@@ -18,21 +18,25 @@ jobs:
         env:
           NODE_ENV: production          
     steps:
-    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
     - name: Node
       uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
       with:
         node-version-file: '.nvmrc'
     - name: Install pnpm
-      run: npm i pnpm@6.32.15 -g
+      run: npm i pnpm@latest-8 -g
     - name: set store
       run: |
         mkdir ~/.pnpm-store
         pnpm config set store-dir ~/.pnpm-store
+    - name: set store
+      run: |
+        mkdir ~/.pnpm-store
+        pnpm config set store-dir ~/.pnpm-store            
     - name: Install
-      run: pnpm recursive install --frozen-lockfile --registry http://localhost:4873
+      run: pnpm install --registry http://localhost:4873
     - name: Cache .pnpm-store
-      uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3
+      uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
       with:
         path: ~/.pnpm-store
         key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -43,19 +47,23 @@ jobs:
     name: Lint
     needs: prepare
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
       - name: Node
         uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
-        run: npm i pnpm@6.32.15 -g
-      - uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3
+        run: npm i pnpm@latest-8 -g
+      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          mkdir ~/.pnpm-store
+          pnpm config set store-dir ~/.pnpm-store              
       - name: Install
-        run: pnpm recursive install --offline --frozen-lockfile --reporter=silence --ignore-scripts
+        run: pnpm install --offline --reporter=silence --ignore-scripts
       - name: Lint
         run: pnpm lint
   format:
@@ -63,19 +71,23 @@ jobs:
     name: Format
     needs: prepare
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
       - name: Use Node
         uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
-        run: npm i pnpm@6.32.15 -g
-      - uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3
+        run: npm i pnpm@latest-8 -g
+      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          mkdir ~/.pnpm-store
+          pnpm config set store-dir ~/.pnpm-store          
       - name: Install
-        run: pnpm recursive install --offline --frozen-lockfile --reporter=silence --ignore-scripts
+        run: pnpm install --offline --reporter=silence --ignore-scripts
       - name: Lint
         run: pnpm format:check
   build:
@@ -88,19 +100,23 @@ jobs:
     name: ${{ matrix.os }} / Node ${{ matrix.node_version }}
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
       - name: Use Node ${{ matrix.node_version }}
         uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
           node-version: ${{ matrix.node_version }}
       - name: Install pnpm
-        run: npm i pnpm@6.32.15 -g
-      - uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3
+        run: npm i pnpm@latest-8 -g
+      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          mkdir ~/.pnpm-store
+          pnpm config set store-dir ~/.pnpm-store          
       - name: Install
-        run: pnpm recursive install --offline --frozen-lockfile --reporter=silence --ignore-scripts --registry http://localhost:4873
+        run: pnpm install --offline --reporter=silence --ignore-scripts --registry http://localhost:4873
       - name: build
         run: pnpm build
       - name: Test
@@ -110,18 +126,22 @@ jobs:
     runs-on: windows-latest
     name: UI Test E2E
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
       - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
-        run: npm i pnpm@6.32.15 -g
-      - uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3
+        run: npm i pnpm@latest-8 -g
+      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          mkdir ~/.pnpm-store
+          pnpm config set store-dir ~/.pnpm-store              
       - name: Install
-        run: pnpm recursive install --offline --frozen-lockfile --reporter=silence --registry http://localhost:4873
+        run: pnpm install --offline --reporter=silence --registry http://localhost:4873
       - name: build
         run: pnpm build
       - name: Test UI

.github/workflows/ci.yml

@@ -21,13 +21,13 @@ jobs:
     name: setup verdaccio
     services:
       verdaccio:
-        image: verdaccio/verdaccio:nightly-master
+        image: verdaccio/verdaccio:5
         ports:
           - 4873:4873
         env:
           NODE_ENV: production          
     steps:
-    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
     - name: Node
       uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
       with:
@@ -35,15 +35,15 @@ jobs:
     - name: Install pnpm
       run: |
         corepack enable
-        corepack prepare --activate pnpm@6.32.15
+        corepack prepare --activate pnpm@latest-8
     - name: set store
       run: |
         mkdir ~/.pnpm-store
         pnpm config set store-dir ~/.pnpm-store
     - name: Install
-      run: pnpm recursive install --frozen-lockfile --registry http://localhost:4873
+      run: pnpm install  --registry http://localhost:4873
     - name: Cache .pnpm-store
-      uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3
+      uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
       with:
         path: ~/.pnpm-store
         key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -54,7 +54,7 @@ jobs:
     name: Lint
     needs: prepare
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
       - name: Node
         uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
@@ -62,13 +62,16 @@ jobs:
       - name: Install pnpm
         run: |
           corepack enable
-          corepack prepare --activate pnpm@6.32.15
-      - uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3
+          corepack prepare --activate pnpm@latest-8
+      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          pnpm config set store-dir ~/.pnpm-store              
       - name: Install
-        run: pnpm recursive install --offline --frozen-lockfile --reporter=silence --ignore-scripts
+        run: pnpm install --offline   --ignore-scripts
       - name: Lint
         run: pnpm lint
   format:
@@ -76,7 +79,7 @@ jobs:
     name: Format
     needs: prepare
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
       - name: Use Node
         uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
@@ -84,13 +87,16 @@ jobs:
       - name: Install pnpm
         run: |
           corepack enable
-          corepack prepare --activate pnpm@6.32.15
-      - uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3
+          corepack prepare --activate pnpm@latest-8
+      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          pnpm config set store-dir ~/.pnpm-store              
       - name: Install
-        run: pnpm recursive install --offline --frozen-lockfile --reporter=silence --ignore-scripts
+        run: pnpm install --offline   --ignore-scripts
       - name: Lint
         run: pnpm format:check
   test:
@@ -103,7 +109,7 @@ jobs:
     name: ${{ matrix.os }} / Node ${{ matrix.node_version }}
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
       - name: Use Node ${{ matrix.node_version }}
         uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
@@ -111,13 +117,16 @@ jobs:
       - name: Install pnpm
         run: |
           corepack enable
-          corepack prepare --activate pnpm@6.32.15
-      - uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3
+          corepack prepare --activate pnpm@latest-8
+      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          pnpm config set store-dir ~/.pnpm-store              
       - name: Install
-        run: pnpm recursive install --offline --frozen-lockfile --reporter=silence --ignore-scripts --registry http://localhost:4873
+        run: pnpm install --offline   --ignore-scripts --registry http://localhost:4873
       - name: build
         run: pnpm build
       - name: Test
@@ -126,27 +135,30 @@ jobs:
     needs: [test]
     runs-on: ubuntu-latest
     name: synchronize translations
-    if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
+    if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
       - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
         run: |
           corepack enable
-          corepack prepare --activate pnpm@6.32.15
-      - uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3
+          corepack prepare --activate pnpm@latest-8
+      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          pnpm config set store-dir ~/.pnpm-store              
       - name: Install
         ## we need scripts, pupetter downloads aditional content
-        run: pnpm recursive install --frozen-lockfile --registry http://localhost:4873
+        run: pnpm install  --registry http://localhost:4873
       - name: build
         run: pnpm build
       - name: generate website translations
-        run: pnpm write-translations --filter ...@verdaccio/website
+        run: pnpm --filter ...@verdaccio/website write-translations
       - name: sync
         env:
           CROWDIN_VERDACCIO_API_KEY: ${{ secrets.CROWDIN_VERDACCIO_API_KEY }}

.github/workflows/codeql-analysis.yml

@@ -21,7 +21,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           # We must fetch at least the immediate parents so that if this is
           # a pull request then we can checkout the head.
@@ -34,7 +34,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@32dc499307d133bb5085bae78498c0ac2cf762d5 # tag=v2
+        uses: github/codeql-action/init@46ed16ded91731b2df79a2893d3aea8e9f03b5c4 # v2
 
       # Override language selection by uncommenting this and choosing your languages
       # with:
@@ -42,7 +42,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@32dc499307d133bb5085bae78498c0ac2cf762d5 # tag=v2
+        uses: github/codeql-action/autobuild@46ed16ded91731b2df79a2893d3aea8e9f03b5c4 # v2
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -56,4 +56,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@32dc499307d133bb5085bae78498c0ac2cf762d5 # tag=v2
+        uses: github/codeql-action/analyze@46ed16ded91731b2df79a2893d3aea8e9f03b5c4 # v2

.github/workflows/docker-proxy-apache-e2e.yml

@@ -15,7 +15,7 @@ jobs:
 
     steps:
     - name: Checkout
-      uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3
+      uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
       
     - name: Start containers
       run: docker-compose -f "./e2e/docker/apache-verdaccio/docker-compose.yaml" up -d --build

.github/workflows/docker-proxy-nginx-e2e.yml

@@ -12,7 +12,7 @@ jobs:
 
     steps:
     - name: Checkout
-      uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3
+      uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
       
     - name: Start containers
       run: docker-compose -f "./e2e/docker/proxy-nginx/docker-compose.yaml" up -d --build

.github/workflows/docker-publish.yml

@@ -23,8 +23,8 @@ jobs:
   docker:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
-      - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # tag=v1
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
+      - uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # tag=v1
       - uses: docker/setup-buildx-action@v1
         with:
           driver-opts: network=host

.github/workflows/e2e-ci.yml

@@ -15,21 +15,21 @@ jobs:
         env:
           NODE_ENV: production
     steps:
-    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
     - name: Use Node
       uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
       with:
         node-version-file: '.nvmrc'
     - name: Install pnpm
-      run: npm i pnpm@6.32.15 -g
+      run: npm i pnpm@latest-8 -g
     - name: set store
       run: |
         mkdir ~/.pnpm-store
         pnpm config set store-dir ~/.pnpm-store
     - name: Install
-      run: pnpm recursive install --frozen-lockfile --reporter=silence --ignore-scripts --registry http://localhost:4873
+      run: pnpm install --reporter=silence --ignore-scripts --registry http://localhost:4873
     - name: Cache .pnpm-store
-      uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3
+      uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
       with:
         path: ~/.pnpm-store
         key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
@@ -39,23 +39,26 @@ jobs:
     needs: [prepare]
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
       - name: Use Node 16
         uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
-        run: npm i pnpm@6.32.15 -g
-      - uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3
+        run: npm i pnpm@latest-8 -g
+      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+      - name: set store
+        run: |
+          pnpm config set store-dir ~/.pnpm-store              
       - name: Install
-        run: pnpm recursive install --frozen-lockfile --reporter=silence --registry http://localhost:4873
+        run: pnpm recursive install --reporter=silence --registry http://localhost:4873
       - name: build
         run: pnpm build
       - name: Cache packages
-        uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3
+        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
         id: cache-packages
         with:
           path: ./packages/
@@ -80,19 +83,22 @@ jobs:
     name: ${{ matrix.pkg }}/ ubuntu-latest / ${{ matrix.node }}
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
       - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
           node-version: ${{ matrix.node }}
       - name: Install pnpm
-        run: npm i pnpm@6.32.15 -g
-      - uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3
+        run: npm i pnpm@latest-8 -g
+      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+      - name: set store
+        run: |
+          pnpm config set store-dir ~/.pnpm-store              
       - name: Install
-        run: pnpm recursive install --offline --frozen-lockfile --reporter=silence --ignore-scripts --registry http://localhost:4873
-      - uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3
+        run: pnpm install --offline --reporter=silence --ignore-scripts --registry http://localhost:4873
+      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
         with:
           path: ./packages/
           key: pkg-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
@@ -101,6 +107,6 @@ jobs:
       #     path: ./e2e/
       #     key: test-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
       - name: build e2e
-        run: pnpm run build --filter=./e2e      
+        run:  pnpm --filter @verdaccio/test-cli-commons build
       - name: Test CLI
         run: NODE_ENV=production pnpm test --filter ...@verdaccio/e2e-cli-${{matrix.pkg}}

.github/workflows/e2e-ui.yml

@@ -15,7 +15,7 @@ jobs:
         env:
           NODE_ENV: production
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
       - name: Use Node
         uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
@@ -23,9 +23,9 @@ jobs:
       - name: Install pnpm
         run: |
          corepack enable
-         corepack prepare --activate pnpm@6.32.15
+         corepack prepare --activate pnpm@latest-8
       - name: Install
-        run: pnpm install --frozen-lockfile --reporter=silence --registry http://localhost:4873
+        run: pnpm install --reporter=silence --registry http://localhost:4873
       - name: build
         run: pnpm build
       - name: Test UI

.github/workflows/static-data.yml

@@ -19,7 +19,7 @@ jobs:
     name: Run script
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           persist-credentials: false
           fetch-depth: 0
@@ -27,11 +27,11 @@ jobs:
         with:
           node-version: 18.x
       - name: install pnpm
-        run: sudo npm i pnpm@latest-6 -g
+        run: sudo npm i pnpm@latest-8 -g
       - name: install dependencies
         run: pnpm install
       - name: Build Translations percentage
-        run: pnpm build --filter "@verdaccio/crowdin-translations"
+        run: pnpm --filter @verdaccio/crowdin-translations build
       - name: update contributors
         run: pnpm run contributors
         env:

.github/workflows/ui-components.yml

@@ -27,7 +27,7 @@ jobs:
     env:
       NODE_OPTIONS: --max_old_space_size=4096
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
 
       - name: Use Node
         uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
@@ -35,7 +35,7 @@ jobs:
           node-version-file: '.nvmrc'
 
       - name: Cache pnpm modules
-        uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3
+        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
         env:
           cache-name: cache-pnpm-modules
         with:
@@ -47,9 +47,9 @@ jobs:
       - name: Install pnpm
         run: |
           corepack enable
-            corepack prepare --activate pnpm@6.32.15
+            corepack prepare --activate pnpm@latest-8
       - name: Install
-        run: pnpm recursive install --frozen-lockfile  
+        run: pnpm install  
       - name: Build storybook
         run: pnpm ui:storybook:build
       - name: Copy public content
@@ -57,7 +57,7 @@ jobs:
         run: cp -R packages/ui-components/public/* packages/ui-components/storybook-static
       - name: 🔥 Deploy Production UI Netlify
         if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
-        uses: verdaccio/action-netlify-deploy@v2.0.0
+        uses: verdaccio/action-netlify-deploy@1c086d59169edeec9254672c7de17d2ceac3928f # v2.0.0
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           netlify-auth-token: ${{ secrets.NETLIFY_AUTH_TOKEN }}
@@ -65,7 +65,7 @@ jobs:
           build-dir: './packages/ui-components/storybook-static'          
       - name: 🤖 Deploy Preview UI Components Netlify
         if: github.repository == 'verdaccio/verdaccio'
-        uses: verdaccio/action-netlify-deploy@v2.0.0
+        uses: semoal/action-netlify-deploy@1a53f098745bf78555d11b436f5ee3af87e6b566
         id: netlify_preview_ui
         with:
           draft: true

.github/workflows/website.yml

@@ -23,7 +23,7 @@ jobs:
     env:
       NODE_OPTIONS: --max_old_space_size=4096
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
 
       - name: Use Node 16
         uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
@@ -31,7 +31,7 @@ jobs:
           node-version: 16
 
       - name: Cache pnpm modules
-        uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3
+        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
         env:
           cache-name: cache-pnpm-modules
         with:
@@ -42,16 +42,16 @@ jobs:
 
       - uses: pnpm/action-setup@c3b53f6a16e57305370b4ae5a540c2077a1d50dd # tag=v2.2.4
         with:
-          version: 6.32.15
+          version: latest-8
           run_install: |
             - recursive: true
               args: [--frozen-lockfile]
       - name: Build 
         run: pnpm build
       - name: Build Translations percentage
-        run: pnpm build --filter "@verdaccio/crowdin-translations"
+        run: pnpm --filter @verdaccio/crowdin-translations build
       - name: Cache Docusaurus Build
-        uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3
+        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
         with:
           path: website/node_modules/.cache/webpack
           key: cache/webpack-${{github.ref}}-${{ hashFiles('**/pnpm-lock.yaml') }}
@@ -66,7 +66,7 @@ jobs:
           CROWDIN_VERDACCIO_API_KEY: ${{ secrets.CROWDIN_VERDACCIO_API_KEY }}
           SENTRY_KEY: ${{ secrets.SENTRY_KEY }}
           CONTEXT: production
-        run: pnpm netlify:build:production --filter ...@verdaccio/website
+        run: pnpm --filter @verdaccio/website netlify:build:production
 
       - name: 🔥 Deploy Production Netlify
         if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
@@ -81,7 +81,7 @@ jobs:
       - name: Build Deployment Preview
         env:
           CONTEXT: deploy-preview
-        run: pnpm netlify:build:deployPreview --filter ...@verdaccio/website
+        run: pnpm --filter ...@verdaccio/website netlify:build:deployPreview
 
       - name: 🤖 Deploy Preview Netlify
         if: github.repository == 'verdaccio/verdaccio'
@@ -100,7 +100,7 @@ jobs:
       - name: Audit preview URL with Lighthouse
         if: github.repository == 'verdaccio/verdaccio'
         id: lighthouse_audit
-        uses: treosh/lighthouse-ci-action@e0fe113967eee84b631d526ed18ce001f35fe9e9 # tag=9.3.1
+        uses: treosh/lighthouse-ci-action@03becbfc543944dd6e7534f7ff768abb8a296826 # tag=10.1.0
         with:
           urls: |
             ${{ steps.netlify_preview.outputs.preview-url }}
@@ -109,7 +109,7 @@ jobs:
 
       - name: Format lighthouse score
         id: format_lighthouse_score
-        uses: actions/github-script@98814c53be79b1d30f795b907e553d8679345975 # tag=v6
+        uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # tag=v6
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           script: |
@@ -134,7 +134,7 @@ jobs:
       - name: Add comment to PR
         if: github.repository == 'verdaccio/verdaccio'
         id: comment_to_pr
-        uses: marocchino/sticky-pull-request-comment@3d60a5b2dae89d44e0c6ddc69dd7536aec2071cd # tag=v2
+        uses: marocchino/sticky-pull-request-comment@f61b6cf21ef2fcc468f4345cdfcc9bda741d2343 # v2
         with:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           number: ${{ github.event.issue.number }}

.npmrc

@@ -1,4 +1,3 @@
 always-auth = true
-recursive-install = true
 loglevel=info
 fetch-retries="10"

CONTRIBUTING.md

@@ -44,7 +44,7 @@ This setting would cause the `pnpm install` command to install incorrect version
 To begin your development setup, please install the latest version of pnpm globally:
 
 ```
-npm i -g pnpm@latest-6
+npm i -g pnpm@latest-8
 ```
 
 With pnpm installed, the first step is installing all dependencies:

Dockerfile

@@ -1,7 +1,7 @@
 FROM --platform=${BUILDPLATFORM:-linux/amd64} node:18-alpine as builder
 
 ENV NODE_ENV=development \
-    VERDACCIO_BUILD_REGISTRY=https://registry.verdaccio.org
+    VERDACCIO_BUILD_REGISTRY=https://registry.npmjs.org
 
 RUN apk --no-cache add openssl ca-certificates wget && \
     apk --no-cache add g++ gcc libgcc libstdc++ linux-headers make python3 && \
@@ -11,13 +11,13 @@ RUN apk --no-cache add openssl ca-certificates wget && \
 
 WORKDIR /opt/verdaccio-build
 COPY . .
-RUN npm -g i pnpm@6.32.15 && \
+RUN npm -g i pnpm@latest-8 && \
     pnpm config set registry $VERDACCIO_BUILD_REGISTRY && \
-    pnpm recursive install --frozen-lockfile --ignore-scripts && \
+    pnpm install --frozen-lockfile --ignore-scripts && \
     rm -Rf test && \
-    pnpm run build && \
-    pnpm install -P
-# FIXME: need to remove devDependencies from the build
+    pnpm run build
+# FIXME: need to remove devDependencies from the build    
+# NODE_ENV=production pnpm install --frozen-lockfile --ignore-scripts
 # RUN pnpm install --prod --ignore-scripts
 
 FROM node:18-alpine

README.md

@@ -275,6 +275,7 @@ You can find and chat with then over Discord, click [here](http://chat.verdaccio
 ## Who is using Verdaccio?
 
 - [create-react-app](https://github.com/facebook/create-react-app/blob/master/CONTRIBUTING.md#customizing-e2e-registry-configuration) _(+86.2k ⭐️)_
+- [Grafana](https://github.com/grafana/grafana/search?q=verdaccio) _(+54.9k ⭐️)_
 - [Gatsby](https://github.com/gatsbyjs/gatsby) _(+49.2k ⭐️)_
 - [Babel.js](https://github.com/babel/babel) _(+38.5k ⭐️)_
 - [Docusaurus](https://github.com/facebook/docusaurus) _(+34k ⭐️)_
@@ -285,8 +286,8 @@ You can find and chat with then over Discord, click [here](http://chat.verdaccio
 - [Aurelia Framework](https://github.com/aurelia/framework) _(+11.6k ⭐️)_
 - [pnpm](https://github.com/pnpm/pnpm) _(+10.1k ⭐️)_
 - [ethereum/web3.js](https://github.com/ethereum/web3.js) _(+9.8k ⭐️)_
+- [Webiny CMS](https://github.com/webiny/webiny-js) _(+6.6k ⭐️)_
 - [NX](https://github.com/nrwl/nx) _(+6.1k ⭐️)_
-- [webiny-js](https://github.com/webiny/webiny-js) _(+4.3k ⭐️)_
 - [Mozilla Neutrino](https://github.com/neutrinojs/neutrino) _(+3.7k ⭐️)_
 - [workshopper how to npm](https://github.com/workshopper/how-to-npm) _(+1k ⭐️)_
 - [Amazon SDK v3](https://github.com/aws/aws-sdk-js-v3)

SECURITY.md

@@ -28,7 +28,7 @@ At Verdaccio, we consider the security of our systems a top priority. But no mat
 
 If you discover a security vulnerability, please use one of the following means of communications to report it to us:
 
-- Report the security issue to the Node.js Security WG through the [HackerOne program](https://hackerone.com/nodejs-ecosystem) for ecosystem modules on npm, or to [Snyk Security Team](https://snyk.io/vulnerability-disclosure). They will help triage the security issue and work with all involved parties to remediate and release a fix.
+- Report the security issue to [Snyk Security Team](https://snyk.io/vulnerability-disclosure). They will help triage the security issue and work with all involved parties to remediate and release a fix.
 
 Note that time-frame and processes are subject to each program’s own policy.
 

docker-examples/README.md

@@ -10,7 +10,7 @@ The following examples aim to be demonstrative and can be either improved or upd
 - [v5 examples](v5/README.md)
 - [v6 examples](v6/README.md)
 
-## Aditional data
+## Additional data
 
 This folder aims to create a collection of Docker and Kubernetes examples.
 

e2e/cli/cli-commons/package.json

@@ -5,16 +5,16 @@
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
   "devDependencies": {
-    "@verdaccio/config": "workspace:6.0.0-6-next.66",
-    "@verdaccio/core": "workspace:6.0.0-6-next.66",
-    "@verdaccio/types": "workspace:11.0.0-6-next.24",
+    "@verdaccio/config": "workspace:6.0.0-6-next.73",
+    "@verdaccio/core": "workspace:6.0.0-6-next.73",
+    "@verdaccio/types": "workspace:11.0.0-6-next.25",
     "debug": "4.3.4",
     "fs-extra": "10.1.0",
     "got": "11.8.6",
     "js-yaml": "4.1.0",
     "get-port": "5.1.1",
     "lodash": "4.17.21",
-    "verdaccio": "workspace:6.0.0-6-next.66"
+    "verdaccio": "workspace:6.0.0-6-next.73"
   },
   "scripts": {
     "test": "jest",

e2e/cli/e2e-npm6/audit.spec.ts

@@ -33,9 +33,6 @@ describe('audit a package', () => {
       );
       const parsedBody = JSON.parse(resp.stdout as string);
       expect(parsedBody.metadata).toBeDefined();
-      expect(parsedBody.actions).toBeDefined();
-      expect(parsedBody.advisories).toBeDefined();
-      expect(parsedBody.muted).toBeDefined();
     }
   );
 

e2e/cli/e2e-npm6/package.json

@@ -4,7 +4,7 @@
   "version": "1.0.1-6-next.7",
   "dependencies": {
     "@verdaccio/test-cli-commons": "workspace:1.1.0-6-next.7",
-    "npm": "6.14.18"
+    "npm": "9.7.1"
   },
   "scripts": {
     "test": "jest"

e2e/cli/e2e-npm7/package.json

@@ -4,7 +4,7 @@
   "version": "1.0.1-6-next.7",
   "dependencies": {
     "@verdaccio/test-cli-commons": "workspace:1.1.0-6-next.7",
-    "npm": "7.24.2"
+    "npm": "9.7.1"
   },
   "scripts": {
     "test": "jest"

e2e/cli/e2e-npm8/package.json

@@ -4,7 +4,7 @@
   "version": "1.0.1-6-next.7",
   "dependencies": {
     "@verdaccio/test-cli-commons": "workspace:1.1.0-6-next.7",
-    "npm": "8.19.4"
+    "npm": "9.7.1"
   },
   "scripts": {
     "test": "jest"

e2e/cli/e2e-npm9/package.json

@@ -4,7 +4,7 @@
   "version": "1.0.1-6-next.7",
   "dependencies": {
     "@verdaccio/test-cli-commons": "workspace:1.1.0-6-next.7",
-    "npm": "9.6.0"
+    "npm": "9.7.1"
   },
   "scripts": {
     "test": "jest"

e2e/ui/package.json

@@ -3,12 +3,12 @@
   "name": "@verdaccio/e2e-ui",
   "version": "2.0.0-6-next.4",
   "devDependencies": {
-    "verdaccio": "workspace:6.0.0-6-next.66",
-    "@verdaccio/core": "workspace:6.0.0-6-next.66",
-    "@verdaccio/config": "workspace:6.0.0-6-next.66",
+    "verdaccio": "workspace:6.0.0-6-next.73",
+    "@verdaccio/core": "workspace:6.0.0-6-next.73",
+    "@verdaccio/config": "workspace:6.0.0-6-next.73",
     "@verdaccio/test-helper": "workspace:2.0.0-6-next.8",
     "debug": "4.3.4",
-    "cypress": "11.2.0",
+    "cypress": "^11.2.0",
     "get-port": "5.1.1"
   },
   "scripts": {

e2e/ui/pre-setup.js

@@ -1,4 +0,0 @@
-require('@babel/register')({
-  extensions: ['.ts', '.js'],
-});
-module.exports = require('./setup');

e2e/ui/setup.js

@@ -1,26 +0,0 @@
-const fs = require('fs');
-const os = require('os');
-const path = require('path');
-
-const { green } = require('colorette');
-const puppeteer = require('puppeteer');
-
-const DIR = path.join(os.tmpdir(), 'jest_puppeteer_global_setup');
-
-module.exports = async function () {
-  // eslint-disable-next-line no-console
-  console.log(green('Setup Puppeteer'));
-  const browser = await puppeteer.launch({
-    isMobile: false,
-    ignoreHTTPSErrors: true,
-    // invert values for local testing
-    devtools: false,
-    headless: true,
-    // slowMo: 6000,
-    // invert values for local testing
-    args: ['--no-sandbox'],
-  });
-  global.__BROWSER__ = browser;
-  fs.mkdirSync(DIR, { recursive: true, force: true });
-  fs.writeFileSync(path.join(DIR, 'wsEndpoint'), browser.wsEndpoint());
-};

e2e/ui/teardown.js

@@ -1,14 +0,0 @@
-const os = require('os');
-const path = require('path');
-
-const { green } = require('kleur');
-const rimraf = require('rimraf');
-
-const DIR = path.join(os.tmpdir(), 'jest_puppeteer_global_setup');
-
-module.exports = async function () {
-  // eslint-disable-next-line no-console
-  console.log(green('Teardown Puppeteer'));
-  await global.__BROWSER__.close();
-  rimraf.sync(DIR);
-};

package.json

@@ -15,70 +15,79 @@
     "url": "https://opencollective.com/verdaccio"
   },
   "devDependencies": {
-    "@babel/cli": "7.20.7",
-    "@babel/core": "7.20.7",
+    "@babel/cli": "7.21.5",
+    "@babel/core": "7.21.8",
+    "@babel/eslint-parser": "7.21.8",
     "@babel/node": "7.20.7",
     "@babel/plugin-proposal-class-properties": "7.18.6",
-    "@babel/plugin-proposal-decorators": "7.20.7",
+    "@babel/plugin-proposal-decorators": "7.21.0",
     "@babel/plugin-proposal-export-namespace-from": "7.18.9",
     "@babel/plugin-proposal-function-sent": "7.18.6",
     "@babel/plugin-proposal-json-strings": "7.18.6",
     "@babel/plugin-proposal-nullish-coalescing-operator": "7.18.6",
     "@babel/plugin-proposal-numeric-separator": "7.18.6",
     "@babel/plugin-proposal-object-rest-spread": "7.20.7",
-    "@babel/plugin-proposal-optional-chaining": "7.20.7",
+    "@babel/plugin-proposal-optional-chaining": "7.21.0",
     "@babel/plugin-proposal-throw-expressions": "7.18.6",
     "@babel/plugin-syntax-dynamic-import": "7.8.3",
     "@babel/plugin-syntax-import-meta": "7.10.4",
     "@babel/plugin-transform-async-to-generator": "7.20.7",
-    "@babel/plugin-transform-classes": "7.20.7",
-    "@babel/plugin-transform-runtime": "7.19.6",
-    "@babel/preset-env": "7.20.2",
+    "@babel/plugin-transform-classes": "7.21.0",
+    "@babel/plugin-transform-runtime": "7.21.4",
+    "@babel/preset-env": "7.21.5",
     "@babel/preset-react": "7.18.6",
-    "@babel/preset-typescript": "7.18.6",
-    "@babel/register": "7.18.9",
-    "@babel/runtime": "7.20.7",
+    "@babel/preset-typescript": "7.21.5",
+    "@babel/register": "7.21.0",
+    "@babel/runtime": "7.21.5",
     "@changesets/changelog-github": "0.4.8",
     "@changesets/cli": "2.24.4",
-    "@changesets/get-dependents-graph": "1.3.5",
-    "@crowdin/cli": "3.9.1",
+    "@changesets/get-dependents-graph": "1.3.6",
+    "@crowdin/cli": "3.10.1",
     "@dianmora/contributors": "5.0.0",
-    "@emotion/react": "11.10.5",
-    "@emotion/styled": "11.10.5",
+    "@emotion/react": "11.10.6",
+    "@emotion/styled": "11.10.6",
     "@testing-library/dom": "8.19.1",
     "@testing-library/jest-dom": "5.16.5",
-    "@testing-library/react": "12.1.4",
+    "@testing-library/react": "12.1.5",
     "@trivago/prettier-plugin-sort-imports": "^4.0.0",
-    "@types/async": "3.2.16",
+    "@types/async": "3.2.20",
+    "@types/body-parser": "1.19.2",
+    "@types/connect": "3.4.35",
+    "@types/cookiejar": "2.1.2",
+    "@types/debug": "^4.1.7",
     "@types/express": "4.17.15",
+    "@types/express-serve-static-core": "4.17.31",
     "@types/http-errors": "1.8.2",
     "@types/jest": "27.5.2",
     "@types/jsonwebtoken": "8.5.9",
-    "@types/lodash": "4.14.191",
+    "@types/lodash": "4.14.195",
     "@types/mime": "2.0.3",
     "@types/minimatch": "3.0.5",
-    "@types/node": "16.18.10",
-    "@types/node-fetch": "2.6.2",
+    "@types/node": "16.18.38",
+    "@types/node-fetch": "2.6.4",
+    "@types/qs": "6.9.7",
+    "@types/range-parser": "1.2.4",
     "@types/react": "18.0.26",
     "@types/react-dom": "18.0.9",
     "@types/react-router-dom": "5.3.3",
     "@types/react-virtualized": "9.21.21",
     "@types/redux": "3.6.0",
     "@types/request": "2.48.8",
-    "@types/semver": "7.3.13",
+    "@types/semver": "7.5.0",
+    "@types/serve-static": "1.13.10",
+    "@types/superagent": "4.1.18",
     "@types/supertest": "2.0.12",
-    "@types/testing-library__jest-dom": "5.14.5",
-    "@types/validator": "13.7.12",
-    "@types/webpack": "5.28.0",
+    "@types/testing-library__jest-dom": "5.14.6",
+    "@types/validator": "13.7.17",
+    "@types/webpack": "5.28.1",
     "@types/webpack-env": "1.18.0",
-    "@typescript-eslint/eslint-plugin": "5.52.0",
-    "@typescript-eslint/parser": "5.52.0",
+    "@typescript-eslint/eslint-plugin": "5.59.8",
+    "@typescript-eslint/parser": "5.59.8",
     "@verdaccio/crowdin-translations": "workspace:*",
     "@verdaccio/eslint-config": "workspace:*",
     "@verdaccio/types": "workspace:*",
     "@verdaccio/ui-theme": "workspace:*",
     "babel-core": "7.0.0-bridge.0",
-    "babel-eslint": "10.1.0",
     "babel-jest": "29.4.3",
     "babel-plugin-dynamic-import-node": "2.3.3",
     "babel-plugin-emotion": "10.2.2",
@@ -86,7 +95,7 @@
     "cross-env": "7.0.3",
     "debug": "4.3.4",
     "detect-secrets": "1.0.6",
-    "eslint": "8.34.0",
+    "eslint": "8.42.0",
     "fs-extra": "10.1.0",
     "got": "11.8.6",
     "husky": "7.0.4",
@@ -97,12 +106,12 @@
     "jest-environment-jsdom-global": "3.1.2",
     "jest-environment-node": "29.3.1",
     "jest-junit": "12.3.0",
-    "kleur": "3.0.3",
+    "kleur": "4.1.5",
     "lint-staged": "11.2.6",
     "nock": "13.2.9",
     "nodemon": "2.0.20",
     "npm-run-all": "4.1.5",
-    "prettier": "2.8.4",
+    "prettier": "2.8.8",
     "react": "18.2.0",
     "react-dom": "18.2.0",
     "rimraf": "3.0.2",
@@ -119,22 +128,22 @@
   "scripts": {
     "prepare": "husky install",
     "husky:pre-commit": "lint-staged",
-    "clean": "pnpm run clean --filter=./packages",
-    "build": "pnpm run build --filter=./packages && pnpm run build --filter=./e2e",
+    "clean": "pnpm --filter \"./packages/**\" clean",
+    "build": "pnpm --filter \"./packages/**\" build && pnpm --filter @verdaccio/test-cli-commons build",
     "docker": "docker build -t verdaccio/verdaccio:local . --no-cache",
     "format": "prettier --write \"**/*.{js,jsx,ts,tsx,json,yml,yaml,md}\"",
     "format:check": "prettier --check \"**/*.{js,jsx,ts,tsx,json,yml,yaml,md}\"",
     "lint": "eslint --max-warnings 100 \"**/*.{js,jsx,ts,tsx}\"",
-    "test": "pnpm recursive test --filter ./packages",
-    "test:e2e:cli": "pnpm test --filter ...@verdaccio/e2e-cli-* -- --coverage=false",
-    "test:e2e:ui": "pnpm test --filter ...@verdaccio/e2e-ui",
+    "test": "pnpm --filter \"./packages/**\" test",
+    "test:e2e:cli": "pnpm --filter ...@verdaccio/e2e-cli-* test -- --coverage=false",
+    "test:e2e:ui": "pnpm --filter ...@verdaccio/e2e-ui test",
     "start": "concurrently --kill-others \"pnpm _start:server\" \"pnpm _start:web\"",
     "contributors": "ts-node ./scripts/contributors-update.ts",
     "script:addson": "ts-node ./scripts/addon-update.ts",
     "start:watch": "concurrently --kill-others \"pnpm _build:watch\" \"pnpm _start:server\" \"pnpm _debug:reload\"",
     "_build:watch": "pnpm run --parallel watch --filter ./packages",
     "_start:server": "node --inspect packages/verdaccio/debug/bootstrap.js --listen 8000",
-    "_start:web": "pnpm start --filter ...@verdaccio/ui-theme",
+    "_start:web": "pnpm --filter ...@verdaccio/ui-theme start",
     "_debug:reload": "nodemon -d 3 packages/verdaccio/debug/bootstrap.js",
     "start:ts": "ts-node packages/verdaccio/src/start.ts -- --listen 8000",
     "debug": "node --trace-warnings --trace-uncaught --inspect packages/verdaccio/debug/bootstrap.js",
@@ -147,17 +156,17 @@
     "ci:version:changeset": "changeset version",
     "ci:publish": "changeset publish",
     "ts:ref": "update-ts-references --discardComments",
-    "website": "pnpm build --filter ...@verdaccio/website",
-    "ui:storybook:build": "pnpm build-storybook --filter ...@verdaccio/ui-components",
-    "ui:storybook": "pnpm storybook --filter ...@verdaccio/ui-components",
+    "website": "pnpm --filter ...@verdaccio/website build",
+    "ui:storybook:build": "pnpm --filter ...@verdaccio/ui-components build-storybook",
+    "ui:storybook": "pnpm --filter ...@verdaccio/ui-components storybook",
     "translations": "local-crowdin-api translations",
     "crowdin:upload": "crowdin upload sources --auto-update --config ./crowdin.yaml",
     "crowdin:download": "crowdin download --verbose --config ./crowdin.yaml",
-    "crowdin:sync": "pnpm crowdin:upload && pnpm crowdin:download --verbose",
+    "crowdin:sync": "pnpm crowdin:upload && pnpm crowdin:download",
     "postinstall": "husky install",
-    "local:registry": "pnpm start --filter ...@verdaccio/local-publish",
+    "local:registry": "pnpm --filter ...@verdaccio/local-publish start",
     "local:snapshots": "changeset version --snapshot",
-    "local:publish": "cross-env npm_config_registry=http://localhost:4873 pnpm ci:publish -- --no-git-tag",
+    "local:publish": "cross-env npm_config_registry=http://localhost:4873 changeset publish --no-git-tag",
     "local:publish:release": "concurrently \"pnpm local:registry\" \"pnpm local:publish\""
   },
   "pnpm": {
@@ -167,8 +176,7 @@
     }
   },
   "engines": {
-    "node": ">=16.5",
-    "pnpm": ">=6.32.3 <7.0.0"
+    "node": ">=16.5"
   },
   "license": "MIT",
   "lint-staged": {

packages/api/CHANGELOG.md

@@ -1,5 +1,94 @@
 # @verdaccio/api
 
+## 6.0.0-6-next.56
+
+### Patch Changes
+
+- f859d2b1a: fix: official package "-" cannot be synced
+- Updated dependencies [f859d2b1a]
+  - @verdaccio/core@6.0.0-6-next.73
+  - @verdaccio/middleware@6.0.0-6-next.52
+  - @verdaccio/auth@6.0.0-6-next.52
+  - @verdaccio/config@6.0.0-6-next.73
+  - @verdaccio/store@6.0.0-6-next.53
+  - @verdaccio/utils@6.0.0-6-next.41
+  - @verdaccio/logger@6.0.0-6-next.41
+
+## 6.0.0-6-next.55
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.72
+- @verdaccio/config@6.0.0-6-next.72
+- @verdaccio/auth@6.0.0-6-next.51
+- @verdaccio/middleware@6.0.0-6-next.51
+- @verdaccio/store@6.0.0-6-next.52
+- @verdaccio/utils@6.0.0-6-next.40
+- @verdaccio/logger@6.0.0-6-next.40
+
+## 6.0.0-6-next.54
+
+### Patch Changes
+
+- Updated dependencies [679c19c1b]
+  - @verdaccio/config@6.0.0-6-next.71
+  - @verdaccio/auth@6.0.0-6-next.50
+  - @verdaccio/middleware@6.0.0-6-next.50
+  - @verdaccio/store@6.0.0-6-next.51
+  - @verdaccio/logger@6.0.0-6-next.39
+  - @verdaccio/core@6.0.0-6-next.71
+  - @verdaccio/utils@6.0.0-6-next.39
+
+## 6.0.0-6-next.53
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.38
+- @verdaccio/auth@6.0.0-6-next.49
+- @verdaccio/middleware@6.0.0-6-next.49
+- @verdaccio/store@6.0.0-6-next.50
+- @verdaccio/core@6.0.0-6-next.70
+- @verdaccio/config@6.0.0-6-next.70
+- @verdaccio/utils@6.0.0-6-next.38
+
+## 6.0.0-6-next.52
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/auth@6.0.0-6-next.48
+  - @verdaccio/core@6.0.0-6-next.69
+  - @verdaccio/config@6.0.0-6-next.69
+  - @verdaccio/middleware@6.0.0-6-next.48
+  - @verdaccio/store@6.0.0-6-next.49
+  - @verdaccio/utils@6.0.0-6-next.37
+  - @verdaccio/logger@6.0.0-6-next.37
+
+## 6.0.0-6-next.51
+
+### Patch Changes
+
+- @verdaccio/auth@6.0.0-6-next.47
+- @verdaccio/core@6.0.0-6-next.68
+- @verdaccio/config@6.0.0-6-next.68
+- @verdaccio/middleware@6.0.0-6-next.47
+- @verdaccio/store@6.0.0-6-next.48
+- @verdaccio/utils@6.0.0-6-next.36
+- @verdaccio/logger@6.0.0-6-next.36
+
+## 6.0.0-6-next.50
+
+### Patch Changes
+
+- Updated dependencies [16e38df8]
+  - @verdaccio/config@6.0.0-6-next.67
+  - @verdaccio/core@6.0.0-6-next.67
+  - @verdaccio/store@6.0.0-6-next.47
+  - @verdaccio/auth@6.0.0-6-next.46
+  - @verdaccio/middleware@6.0.0-6-next.46
+  - @verdaccio/utils@6.0.0-6-next.35
+  - @verdaccio/logger@6.0.0-6-next.35
+
 ## 6.0.0-6-next.49
 
 ### Patch Changes

packages/api/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/api",
-  "version": "6.0.0-6-next.49",
+  "version": "6.0.0-6-next.56",
   "description": "loaders logic",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -39,26 +39,25 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@verdaccio/auth": "workspace:6.0.0-6-next.45",
-    "@verdaccio/config": "workspace:6.0.0-6-next.66",
-    "@verdaccio/core": "workspace:6.0.0-6-next.66",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.34",
-    "@verdaccio/middleware": "workspace:6.0.0-6-next.45",
-    "@verdaccio/store": "workspace:6.0.0-6-next.46",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.34",
+    "@verdaccio/auth": "workspace:6.0.0-6-next.52",
+    "@verdaccio/config": "workspace:6.0.0-6-next.73",
+    "@verdaccio/core": "workspace:6.0.0-6-next.73",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.41",
+    "@verdaccio/middleware": "workspace:6.0.0-6-next.52",
+    "@verdaccio/store": "workspace:6.0.0-6-next.53",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.41",
     "abortcontroller-polyfill": "1.7.5",
     "cookies": "0.8.0",
     "debug": "4.3.4",
-    "body-parser": "1.20.1",
+    "body-parser": "1.20.2",
     "express": "4.18.2",
     "lodash": "4.17.21",
     "mime": "2.6.0",
-    "semver": "7.3.8"
+    "semver": "7.5.4"
   },
   "devDependencies": {
-    "@types/node": "16.18.10",
-    "@verdaccio/server": "workspace:6.0.0-6-next.55",
-    "@verdaccio/types": "workspace:11.0.0-6-next.24",
+    "@verdaccio/server": "workspace:6.0.0-6-next.62",
+    "@verdaccio/types": "workspace:11.0.0-6-next.25",
     "@verdaccio/test-helper": "workspace:2.0.0-6-next.8",
     "supertest": "6.3.3",
     "nock": "13.2.9",

packages/api/src/index.ts

@@ -50,7 +50,6 @@ export default function (config: Config, auth: Auth, storage: Storage): Router {
   app.use(encodeScopePackage);
   // for "npm whoami"
   whoami(app);
-  pkg(app, auth, storage);
   profile(app, auth, config);
   // @deprecated endpoint, 404 by default
   search(app);
@@ -62,5 +61,6 @@ export default function (config: Config, auth: Auth, storage: Storage): Router {
   // @ts-ignore
   v1Search(app, auth, storage);
   token(app, auth, storage, config);
+  pkg(app, auth, storage);
   return app;
 }

packages/auth/CHANGELOG.md

@@ -1,5 +1,98 @@
 # @verdaccio/auth
 
+## 6.0.0-6-next.52
+
+### Patch Changes
+
+- Updated dependencies [f859d2b1a]
+  - @verdaccio/core@6.0.0-6-next.73
+  - @verdaccio/config@6.0.0-6-next.73
+  - @verdaccio/loaders@6.0.0-6-next.42
+  - verdaccio-htpasswd@11.0.0-6-next.43
+  - @verdaccio/utils@6.0.0-6-next.41
+  - @verdaccio/signature@6.0.0-6-next.2
+  - @verdaccio/logger@6.0.0-6-next.41
+
+## 6.0.0-6-next.51
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.72
+- @verdaccio/config@6.0.0-6-next.72
+- @verdaccio/loaders@6.0.0-6-next.41
+- verdaccio-htpasswd@11.0.0-6-next.42
+- @verdaccio/utils@6.0.0-6-next.40
+- @verdaccio/signature@6.0.0-6-next.2
+- @verdaccio/logger@6.0.0-6-next.40
+
+## 6.0.0-6-next.50
+
+### Patch Changes
+
+- Updated dependencies [679c19c1b]
+  - @verdaccio/config@6.0.0-6-next.71
+  - @verdaccio/loaders@6.0.0-6-next.40
+  - verdaccio-htpasswd@11.0.0-6-next.41
+  - @verdaccio/signature@6.0.0-6-next.2
+  - @verdaccio/logger@6.0.0-6-next.39
+  - @verdaccio/core@6.0.0-6-next.71
+  - @verdaccio/utils@6.0.0-6-next.39
+
+## 6.0.0-6-next.49
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.38
+- @verdaccio/loaders@6.0.0-6-next.39
+- verdaccio-htpasswd@11.0.0-6-next.40
+- @verdaccio/core@6.0.0-6-next.70
+- @verdaccio/config@6.0.0-6-next.70
+- @verdaccio/utils@6.0.0-6-next.38
+- @verdaccio/signature@6.0.0-6-next.2
+
+## 6.0.0-6-next.48
+
+### Minor Changes
+
+- c9d1af0e: feat: async bcrypt hash
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+  - verdaccio-htpasswd@11.0.0-6-next.39
+  - @verdaccio/config@6.0.0-6-next.69
+  - @verdaccio/loaders@6.0.0-6-next.38
+  - @verdaccio/utils@6.0.0-6-next.37
+  - @verdaccio/signature@6.0.0-6-next.2
+  - @verdaccio/logger@6.0.0-6-next.37
+
+## 6.0.0-6-next.47
+
+### Patch Changes
+
+- Updated dependencies [09753cc1]
+  - verdaccio-htpasswd@11.0.0-6-next.38
+  - @verdaccio/core@6.0.0-6-next.68
+  - @verdaccio/config@6.0.0-6-next.68
+  - @verdaccio/loaders@6.0.0-6-next.37
+  - @verdaccio/utils@6.0.0-6-next.36
+  - @verdaccio/signature@6.0.0-6-next.2
+  - @verdaccio/logger@6.0.0-6-next.36
+
+## 6.0.0-6-next.46
+
+### Patch Changes
+
+- Updated dependencies [16e38df8]
+  - @verdaccio/config@6.0.0-6-next.67
+  - @verdaccio/core@6.0.0-6-next.67
+  - @verdaccio/loaders@6.0.0-6-next.36
+  - verdaccio-htpasswd@11.0.0-6-next.37
+  - @verdaccio/signature@6.0.0-6-next.2
+  - @verdaccio/utils@6.0.0-6-next.35
+  - @verdaccio/logger@6.0.0-6-next.35
+
 ## 6.0.0-6-next.45
 
 ### Patch Changes

packages/auth/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/auth",
-  "version": "6.0.0-6-next.45",
+  "version": "6.0.0-6-next.52",
   "description": "logger",
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
@@ -39,19 +39,19 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.66",
-    "@verdaccio/config": "workspace:6.0.0-6-next.66",
-    "@verdaccio/loaders": "workspace:6.0.0-6-next.35",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.34",
+    "@verdaccio/core": "workspace:6.0.0-6-next.73",
+    "@verdaccio/config": "workspace:6.0.0-6-next.73",
+    "@verdaccio/loaders": "workspace:6.0.0-6-next.42",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.41",
     "@verdaccio/signature": "workspace:6.0.0-6-next.2",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.34",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.41",
     "debug": "4.3.4",
     "express": "4.18.2",
     "lodash": "4.17.21",
-    "verdaccio-htpasswd": "workspace:11.0.0-6-next.36"
+    "verdaccio-htpasswd": "workspace:11.0.0-6-next.43"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:11.0.0-6-next.24"
+    "@verdaccio/types": "workspace:11.0.0-6-next.25"
   },
   "funding": {
     "type": "opencollective",

packages/auth/test/auth.spec.ts

@@ -8,7 +8,7 @@ import { Config } from '@verdaccio/types';
 import { Auth } from '../src';
 import { authPluginFailureConf, authPluginPassThrougConf, authProfileConf } from './helper/plugin';
 
-setup({});
+setup({ level: 'debug', type: 'stdout' });
 
 describe('AuthTest', () => {
   test('should init correctly', async () => {
@@ -29,6 +29,18 @@ describe('AuthTest', () => {
     expect(auth).toBeDefined();
   });
 
+  test('should load custom algorithm', async () => {
+    const config: Config = new AppConfig({
+      ...authProfileConf,
+      auth: { htpasswd: { algorithm: 'sha1', file: './foo' } },
+    });
+    config.checkSecretKey('12345');
+
+    const auth: Auth = new Auth(config);
+    await auth.init();
+    expect(auth).toBeDefined();
+  });
+
   describe('test authenticate method', () => {
     describe('test authenticate states', () => {
       test('should be a success login', async () => {

packages/cli/CHANGELOG.md

@@ -1,5 +1,72 @@
 # @verdaccio/cli
 
+## 6.0.0-6-next.73
+
+### Patch Changes
+
+- Updated dependencies [f859d2b1a]
+  - @verdaccio/core@6.0.0-6-next.73
+  - @verdaccio/config@6.0.0-6-next.73
+  - @verdaccio/node-api@6.0.0-6-next.73
+  - @verdaccio/logger@6.0.0-6-next.41
+
+## 6.0.0-6-next.72
+
+### Patch Changes
+
+- @verdaccio/node-api@6.0.0-6-next.72
+- @verdaccio/core@6.0.0-6-next.72
+- @verdaccio/config@6.0.0-6-next.72
+- @verdaccio/logger@6.0.0-6-next.40
+
+## 6.0.0-6-next.71
+
+### Patch Changes
+
+- Updated dependencies [679c19c1b]
+  - @verdaccio/config@6.0.0-6-next.71
+  - @verdaccio/node-api@6.0.0-6-next.71
+  - @verdaccio/logger@6.0.0-6-next.39
+  - @verdaccio/core@6.0.0-6-next.71
+
+## 6.0.0-6-next.70
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.38
+- @verdaccio/node-api@6.0.0-6-next.70
+- @verdaccio/core@6.0.0-6-next.70
+- @verdaccio/config@6.0.0-6-next.70
+
+## 6.0.0-6-next.69
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+  - @verdaccio/config@6.0.0-6-next.69
+  - @verdaccio/node-api@6.0.0-6-next.69
+  - @verdaccio/logger@6.0.0-6-next.37
+
+## 6.0.0-6-next.68
+
+### Patch Changes
+
+- @verdaccio/node-api@6.0.0-6-next.68
+- @verdaccio/core@6.0.0-6-next.68
+- @verdaccio/config@6.0.0-6-next.68
+- @verdaccio/logger@6.0.0-6-next.36
+
+## 6.0.0-6-next.67
+
+### Patch Changes
+
+- Updated dependencies [16e38df8]
+  - @verdaccio/config@6.0.0-6-next.67
+  - @verdaccio/core@6.0.0-6-next.67
+  - @verdaccio/node-api@6.0.0-6-next.67
+  - @verdaccio/logger@6.0.0-6-next.35
+
 ## 6.0.0-6-next.66
 
 ### Patch Changes

packages/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/cli",
-  "version": "6.0.0-6-next.66",
+  "version": "6.0.0-6-next.73",
   "author": {
     "name": "Juan Picado",
     "email": "juanpicado19@gmail.com"
@@ -44,14 +44,14 @@
     "start": "ts-node src/index.ts"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.66",
-    "@verdaccio/config": "workspace:6.0.0-6-next.66",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.34",
-    "@verdaccio/node-api": "workspace:6.0.0-6-next.66",
-    "clipanion": "3.2.0",
+    "@verdaccio/core": "workspace:6.0.0-6-next.73",
+    "@verdaccio/config": "workspace:6.0.0-6-next.73",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.41",
+    "@verdaccio/node-api": "workspace:6.0.0-6-next.73",
+    "clipanion": "3.2.1",
     "envinfo": "7.8.1",
-    "kleur": "3.0.3",
-    "semver": "7.3.8"
+    "kleur": "4.1.5",
+    "semver": "7.5.4"
   },
   "devDependencies": {
     "ts-node": "10.9.1"

packages/config/CHANGELOG.md

@@ -1,5 +1,66 @@
 # @verdaccio/config
 
+## 6.0.0-6-next.73
+
+### Patch Changes
+
+- Updated dependencies [f859d2b1a]
+  - @verdaccio/core@6.0.0-6-next.73
+  - @verdaccio/utils@6.0.0-6-next.41
+
+## 6.0.0-6-next.72
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.72
+- @verdaccio/utils@6.0.0-6-next.40
+
+## 6.0.0-6-next.71
+
+### Patch Changes
+
+- 679c19c1b: Respect the `changePassword` configuration flag to enable changing the password through the web API.
+
+  > **Note**
+  > This feature is still experimental and not fully supported in the default web application.
+
+  - @verdaccio/core@6.0.0-6-next.71
+  - @verdaccio/utils@6.0.0-6-next.39
+
+## 6.0.0-6-next.70
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.70
+- @verdaccio/utils@6.0.0-6-next.38
+
+## 6.0.0-6-next.69
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+  - @verdaccio/utils@6.0.0-6-next.37
+
+## 6.0.0-6-next.68
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.68
+- @verdaccio/utils@6.0.0-6-next.36
+
+## 6.0.0-6-next.67
+
+### Minor Changes
+
+- 16e38df8: feat: trustProxy property
+
+### Patch Changes
+
+- Updated dependencies [16e38df8]
+  - @verdaccio/core@6.0.0-6-next.67
+  - @verdaccio/utils@6.0.0-6-next.35
+
 ## 6.0.0-6-next.66
 
 ### Patch Changes

packages/config/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/config",
-  "version": "6.0.0-6-next.66",
+  "version": "6.0.0-6-next.73",
   "description": "logger",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -38,8 +38,8 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.66",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.34",
+    "@verdaccio/core": "workspace:6.0.0-6-next.73",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.41",
     "debug": "4.3.4",
     "js-yaml": "4.1.0",
     "lodash": "4.17.21",

packages/config/src/conf/default.yaml

@@ -106,6 +106,9 @@ server:
   # A regex for the password validation /.{3}$/ (3 characters min)
   # An example to limit to 10 characters minimum
   # passwordValidationRegex: /.{10}$/
+  # Allow `req.ip` to resolve properly when Verdaccio is behind a proxy or load-balancer
+  # See: https://expressjs.com/en/guide/behind-proxies.html
+  # trustProxy: '127.0.0.1'
 
 # https://verdaccio.org/docs/configuration#offline-publish
 # publish:

packages/config/src/conf/docker.yaml

@@ -112,6 +112,9 @@ server:
   # A regex for the password validation /.{3}$/ (3 characters min)
   # An example to limit to 10 characters minimum
   # passwordValidationRegex: /.{10}$/
+  # Allow `req.ip` to resolve properly when Verdaccio is behind a proxy or load-balancer
+  # See: https://expressjs.com/en/guide/behind-proxies.html
+  # trustProxy: '127.0.0.1'
 
 # https://verdaccio.org/docs/configuration#offline-publish
 # publish:

packages/config/src/config.ts

@@ -84,6 +84,7 @@ class Config implements AppConfig {
     this.serverSettings = serverSettings;
     this.flags = {
       searchRemote: config.flags?.searchRemote ?? true,
+      changePassword: config.flags?.changePassword ?? false,
     };
     this.user_agent = config.user_agent;
 

packages/core/core/CHANGELOG.md

@@ -1,5 +1,31 @@
 # @verdaccio/core
 
+## 6.0.0-6-next.73
+
+### Patch Changes
+
+- f859d2b1a: fix: official package "-" cannot be synced
+
+## 6.0.0-6-next.72
+
+## 6.0.0-6-next.71
+
+## 6.0.0-6-next.70
+
+## 6.0.0-6-next.69
+
+### Minor Changes
+
+- c9d1af0e: feat: async bcrypt hash
+
+## 6.0.0-6-next.68
+
+## 6.0.0-6-next.67
+
+### Minor Changes
+
+- 16e38df8: feat: trustProxy property
+
 ## 6.0.0-6-next.66
 
 ## 6.0.0-6-next.65

packages/core/core/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/core",
-  "version": "6.0.0-6-next.66",
+  "version": "6.0.0-6-next.73",
   "description": "core utilities",
   "keywords": [
     "private",
@@ -33,18 +33,18 @@
     "access": "public"
   },
   "dependencies": {
-    "http-errors": "1.8.1",
+    "http-errors": "2.0.0",
     "http-status-codes": "2.2.0",
-    "semver": "7.3.8",
-    "ajv": "8.11.2",
+    "semver": "7.5.4",
+    "ajv": "8.12.0",
     "process-warning": "1.0.0",
-    "core-js": "3.28.0"
+    "core-js": "3.30.2"
   },
   "devDependencies": {
     "lodash": "4.17.21",
     "typedoc": "0.23.25",
     "typedoc-plugin-missing-exports": "latest",
-    "@verdaccio/types": "workspace:11.0.0-6-next.24"
+    "@verdaccio/types": "workspace:11.0.0-6-next.25"
   },
   "scripts": {
     "clean": "rimraf ./build",

packages/core/core/src/constants.ts

@@ -13,6 +13,7 @@ export const HEADER_TYPE = {
   CONTENT_TYPE: 'content-type',
   CONTENT_LENGTH: 'content-length',
   ACCEPT_ENCODING: 'accept-encoding',
+  AUTHORIZATION: 'authorization',
 };
 
 export const CHARACTER_ENCODING = {
@@ -70,6 +71,7 @@ export const HTTP_STATUS = {
   INTERNAL_ERROR: httpCodes.INTERNAL_SERVER_ERROR,
   SERVICE_UNAVAILABLE: httpCodes.SERVICE_UNAVAILABLE,
   LOOP_DETECTED: 508,
+  CANNOT_HANDLE: 590,
 };
 
 export const ERROR_CODE = {
@@ -109,3 +111,10 @@ export const PACKAGE_ACCESS = {
   SCOPE: '@*/*',
   ALL: '**',
 };
+
+export enum HtpasswdHashAlgorithm {
+  md5 = 'md5',
+  sha1 = 'sha1',
+  crypt = 'crypt',
+  bcrypt = 'bcrypt',
+}

packages/core/core/src/index.ts

@@ -23,6 +23,7 @@ export {
   DEFAULT_PASSWORD_VALIDATION,
   DEFAULT_USER,
   USERS,
+  HtpasswdHashAlgorithm,
 } from './constants';
 const validationUtils = validatioUtils;
 export {

packages/core/core/src/plugin-utils.ts

@@ -170,5 +170,5 @@ export interface IBasicAuth {
 }
 
 export interface ManifestFilter<T> extends Plugin<T> {
-  filterMetadata(packageInfo: Manifest): Promise<Manifest>;
+  filter_metadata(packageInfo: Manifest): Promise<Manifest>;
 }

packages/core/core/test/validation-utilts.spec.ts

@@ -10,6 +10,10 @@ import {
 
 describe('validatePackage', () => {
   test('should validate package names', () => {
+    expect(validatePackage('-')).toBeTruthy();
+    expect(validatePackage('--')).toBeTruthy();
+    expect(validatePackage('a')).toBeTruthy();
+    expect(validatePackage('a-')).toBeTruthy();
     expect(validatePackage('package-name')).toBeTruthy();
     expect(validatePackage('@scope/package-name')).toBeTruthy();
   });
@@ -21,6 +25,7 @@ describe('validatePackage', () => {
     expect(validatePackage('node_modules')).toBeFalsy();
     expect(validatePackage('__proto__')).toBeFalsy();
     expect(validatePackage('favicon.ico')).toBeFalsy();
+    expect(validatePackage('%')).toBeFalsy();
   });
 });
 
@@ -75,6 +80,7 @@ describe('validateName', () => {
   test('good ones', () => {
     expect(validateName('verdaccio')).toBeTruthy();
     expect(validateName('some.weird.package-zzz')).toBeTruthy();
+    expect(validateName('--0.0.1.tgz')).toBeTruthy();
     expect(validateName('old-package@0.1.2.tgz')).toBeTruthy();
     // fix https://github.com/verdaccio/verdaccio/issues/1400
     expect(validateName('-build-infra')).toBeTruthy();

packages/core/file-locking/package.json

@@ -39,7 +39,7 @@
     "lockfile": "1.0.4"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:11.0.0-6-next.24"
+    "@verdaccio/types": "workspace:11.0.0-6-next.25"
   },
   "scripts": {
     "clean": "rimraf ./build",

packages/core/tarball/CHANGELOG.md

@@ -1,5 +1,64 @@
 # Change Log
 
+## 11.0.0-6-next.42
+
+### Patch Changes
+
+- Updated dependencies [f859d2b1a]
+  - @verdaccio/core@6.0.0-6-next.73
+  - @verdaccio/url@11.0.0-6-next.39
+  - @verdaccio/utils@6.0.0-6-next.41
+
+## 11.0.0-6-next.41
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.72
+- @verdaccio/url@11.0.0-6-next.38
+- @verdaccio/utils@6.0.0-6-next.40
+
+## 11.0.0-6-next.40
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.71
+- @verdaccio/url@11.0.0-6-next.37
+- @verdaccio/utils@6.0.0-6-next.39
+
+## 11.0.0-6-next.39
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.70
+- @verdaccio/url@11.0.0-6-next.36
+- @verdaccio/utils@6.0.0-6-next.38
+
+## 11.0.0-6-next.38
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+  - @verdaccio/url@11.0.0-6-next.35
+  - @verdaccio/utils@6.0.0-6-next.37
+
+## 11.0.0-6-next.37
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.68
+- @verdaccio/url@11.0.0-6-next.34
+- @verdaccio/utils@6.0.0-6-next.36
+
+## 11.0.0-6-next.36
+
+### Patch Changes
+
+- Updated dependencies [16e38df8]
+  - @verdaccio/core@6.0.0-6-next.67
+  - @verdaccio/url@11.0.0-6-next.33
+  - @verdaccio/utils@6.0.0-6-next.35
+
 ## 11.0.0-6-next.35
 
 ### Patch Changes

packages/core/tarball/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/tarball",
-  "version": "11.0.0-6-next.35",
+  "version": "11.0.0-6-next.42",
   "description": "tarball utilities resolver",
   "keywords": [
     "private",
@@ -34,13 +34,13 @@
   },
   "dependencies": {
     "debug": "4.3.4",
-    "@verdaccio/core": "workspace:6.0.0-6-next.66",
-    "@verdaccio/url": "workspace:11.0.0-6-next.32",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.34",
+    "@verdaccio/core": "workspace:6.0.0-6-next.73",
+    "@verdaccio/url": "workspace:11.0.0-6-next.39",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.41",
     "lodash": "4.17.21"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:11.0.0-6-next.24",
+    "@verdaccio/types": "workspace:11.0.0-6-next.25",
     "node-mocks-http": "1.12.1"
   },
   "scripts": {

packages/core/types/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Change Log
 
+## 11.0.0-6-next.25
+
+### Minor Changes
+
+- 16e38df8: feat: trustProxy property
+
 ## 11.0.0-6-next.24
 
 ### Patch Changes

packages/core/types/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/types",
-  "version": "11.0.0-6-next.24",
+  "version": "11.0.0-6-next.25",
   "description": "verdaccio types definitions",
   "keywords": [
     "private",
@@ -30,17 +30,16 @@
   "publishConfig": {
     "access": "public"
   },
-  "main": "build/types.d.ts",
-  "types": "build/types.d.ts",
+  "main": "src/types.ts",
+  "types": "src/types.ts",
   "scripts": {
     "clean": "rimraf ./build",
     "test": "pnpm type-check",
     "build:docs": "typedoc --options ./typedoc.json --tsconfig tsconfig.build.json",
     "type-check": "tsc --noEmit -p tsconfig.build.json",
-    "build": "tsc --emitDeclarationOnly -p tsconfig.build.json"
+    "build": "echo 0"
   },
   "devDependencies": {
-    "@types/node": "16.18.10",
     "typedoc": "0.23.25"
   },
   "typedoc": {

packages/core/types/src/configuration.ts

@@ -18,9 +18,6 @@ export type LoggerLevel = 'http' | 'fatal' | 'warn' | 'info' | 'debug' | 'trace'
 
 export type LoggerConfigItem = {
   type?: LoggerType;
-  /**
-   * The format
-   */
   format?: LoggerFormat;
   path?: string;
   level?: string;
@@ -226,6 +223,8 @@ export type ServerSettingsConf = {
    */
   pluginPrefix?: string;
   passwordValidationRegex?: RegExp;
+  // docs on `trustProxy` can be found at: https://expressjs.com/en/guide/behind-proxies.html
+  trustProxy?: string;
 };
 
 /**

packages/core/types/src/manifest.ts

@@ -89,6 +89,12 @@ export interface Tags {
   [key: string]: Version;
 }
 
+export interface PeerDependenciesMeta {
+  [dependencyName: string]: {
+    optional?: boolean;
+  };
+}
+
 export interface Version {
   name: string;
   version: string;
@@ -116,6 +122,7 @@ export interface Version {
   peerDependencies?: Dependencies;
   devDependencies?: Dependencies;
   optionalDependencies?: Dependencies;
+  peerDependenciesMeta?: PeerDependenciesMeta;
   bundleDependencies?: Dependencies;
   keywords?: string | string[];
   nodeVersion?: string;
@@ -127,6 +134,8 @@ export interface Version {
   funding?: { type: string; url: string };
   engines?: Engines;
   hasInstallScript?: boolean;
+  cpu?: string[];
+  os?: string[];
 }
 
 export interface Dependencies {

packages/core/url/CHANGELOG.md

@@ -1,5 +1,50 @@
 # Change Log
 
+## 11.0.0-6-next.39
+
+### Patch Changes
+
+- Updated dependencies [f859d2b1a]
+  - @verdaccio/core@6.0.0-6-next.73
+
+## 11.0.0-6-next.38
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.72
+
+## 11.0.0-6-next.37
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.71
+
+## 11.0.0-6-next.36
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.70
+
+## 11.0.0-6-next.35
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+
+## 11.0.0-6-next.34
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.68
+
+## 11.0.0-6-next.33
+
+### Patch Changes
+
+- Updated dependencies [16e38df8]
+  - @verdaccio/core@6.0.0-6-next.67
+
 ## 11.0.0-6-next.32
 
 ### Patch Changes

packages/core/url/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/url",
-  "version": "11.0.0-6-next.32",
+  "version": "11.0.0-6-next.39",
   "description": "url utilities resolver",
   "keywords": [
     "private",
@@ -33,13 +33,13 @@
     "access": "public"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.66",
+    "@verdaccio/core": "workspace:6.0.0-6-next.73",
     "debug": "4.3.4",
     "lodash": "4.17.21",
     "validator": "13.9.0"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:11.0.0-6-next.24",
+    "@verdaccio/types": "workspace:11.0.0-6-next.25",
     "node-mocks-http": "1.12.1"
   },
   "scripts": {

packages/hooks/CHANGELOG.md

@@ -1,5 +1,57 @@
 # @verdaccio/hooks
 
+## 6.0.0-6-next.43
+
+### Patch Changes
+
+- Updated dependencies [f859d2b1a]
+  - @verdaccio/core@6.0.0-6-next.73
+  - @verdaccio/logger@6.0.0-6-next.41
+
+## 6.0.0-6-next.42
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.72
+- @verdaccio/logger@6.0.0-6-next.40
+
+## 6.0.0-6-next.41
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.39
+- @verdaccio/core@6.0.0-6-next.71
+
+## 6.0.0-6-next.40
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.38
+- @verdaccio/core@6.0.0-6-next.70
+
+## 6.0.0-6-next.39
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+  - @verdaccio/logger@6.0.0-6-next.37
+
+## 6.0.0-6-next.38
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.68
+- @verdaccio/logger@6.0.0-6-next.36
+
+## 6.0.0-6-next.37
+
+### Patch Changes
+
+- Updated dependencies [16e38df8]
+  - @verdaccio/core@6.0.0-6-next.67
+  - @verdaccio/logger@6.0.0-6-next.35
+
 ## 6.0.0-6-next.36
 
 ### Patch Changes

packages/hooks/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/hooks",
-  "version": "6.0.0-6-next.36",
+  "version": "6.0.0-6-next.43",
   "description": "loaders logic",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -29,18 +29,17 @@
     "node": ">=16"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.66",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.34",
-    "core-js": "3.28.0",
+    "@verdaccio/core": "workspace:6.0.0-6-next.73",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.41",
+    "core-js": "3.30.2",
     "debug": "4.3.4",
     "handlebars": "4.7.7",
     "undici": "4.16.0"
   },
   "devDependencies": {
-    "@types/node": "16.18.10",
-    "@verdaccio/auth": "workspace:6.0.0-6-next.45",
-    "@verdaccio/config": "workspace:6.0.0-6-next.66",
-    "@verdaccio/types": "workspace:11.0.0-6-next.24"
+    "@verdaccio/auth": "workspace:6.0.0-6-next.52",
+    "@verdaccio/config": "workspace:6.0.0-6-next.73",
+    "@verdaccio/types": "workspace:11.0.0-6-next.25"
   },
   "scripts": {
     "clean": "rimraf ./build",

packages/loaders/CHANGELOG.md

@@ -1,5 +1,47 @@
 # @verdaccio/loaders
 
+## 6.0.0-6-next.42
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.41
+
+## 6.0.0-6-next.41
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.40
+
+## 6.0.0-6-next.40
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.39
+
+## 6.0.0-6-next.39
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.38
+
+## 6.0.0-6-next.38
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.37
+
+## 6.0.0-6-next.37
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.36
+
+## 6.0.0-6-next.36
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.35
+
 ## 6.0.0-6-next.35
 
 ### Patch Changes

packages/loaders/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/loaders",
-  "version": "6.0.0-6-next.35",
+  "version": "6.0.0-6-next.42",
   "description": "loaders logic",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -13,14 +13,14 @@
     "url": "https://github.com/verdaccio/verdaccio"
   },
   "dependencies": {
-    "@verdaccio/logger": "workspace:6.0.0-6-next.34",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.41",
     "debug": "4.3.4",
     "lodash": "4.17.21"
   },
   "devDependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.66",
-    "@verdaccio/config": "workspace:6.0.0-6-next.66",
-    "@verdaccio/types": "workspace:11.0.0-6-next.24",
+    "@verdaccio/core": "workspace:6.0.0-6-next.73",
+    "@verdaccio/config": "workspace:6.0.0-6-next.73",
+    "@verdaccio/types": "workspace:11.0.0-6-next.25",
     "@verdaccio-scope/verdaccio-auth-foo": "0.0.2",
     "verdaccio-auth-memory": "workspace:*",
     "customprefix-auth": "1.0.0-6-next.0"

packages/logger/logger-7/CHANGELOG.md

@@ -1,5 +1,50 @@
 # @verdaccio/logger-7
 
+## 6.0.0-6-next.18
+
+### Patch Changes
+
+- @verdaccio/logger-commons@6.0.0-6-next.41
+
+## 6.0.0-6-next.17
+
+### Patch Changes
+
+- @verdaccio/logger-commons@6.0.0-6-next.40
+
+## 6.0.0-6-next.16
+
+### Patch Changes
+
+- Updated dependencies [84b2dffdb]
+  - @verdaccio/logger-commons@6.0.0-6-next.39
+
+## 6.0.0-6-next.15
+
+### Patch Changes
+
+- 4a33e269: fix: restore pino legacy version
+- Updated dependencies [4a33e269]
+  - @verdaccio/logger-commons@6.0.0-6-next.38
+
+## 6.0.0-6-next.14
+
+### Patch Changes
+
+- @verdaccio/logger-commons@6.0.0-6-next.37
+
+## 6.0.0-6-next.13
+
+### Patch Changes
+
+- @verdaccio/logger-commons@6.0.0-6-next.36
+
+## 6.0.0-6-next.12
+
+### Patch Changes
+
+- @verdaccio/logger-commons@6.0.0-6-next.35
+
 ## 6.0.0-6-next.11
 
 ### Patch Changes

packages/logger/logger-7/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/logger-7",
-  "version": "6.0.0-6-next.11",
+  "version": "6.0.0-6-next.18",
   "description": "logger for verdaccio 5.x version",
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
@@ -38,11 +38,11 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/logger-commons": "workspace:6.0.0-6-next.34",
+    "@verdaccio/logger-commons": "workspace:6.0.0-6-next.41",
     "pino": "7.11.0"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:11.0.0-6-next.24"
+    "@verdaccio/types": "workspace:11.0.0-6-next.25"
   },
   "funding": {
     "type": "opencollective",

packages/logger/logger-commons/CHANGELOG.md

@@ -1,5 +1,54 @@
 # @verdaccio/logger-commons
 
+## 6.0.0-6-next.41
+
+### Patch Changes
+
+- Updated dependencies [f859d2b1a]
+  - @verdaccio/core@6.0.0-6-next.73
+
+## 6.0.0-6-next.40
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.72
+
+## 6.0.0-6-next.39
+
+### Patch Changes
+
+- 84b2dffdb: fix: restore wrong dependency version
+  - @verdaccio/core@6.0.0-6-next.71
+
+## 6.0.0-6-next.38
+
+### Patch Changes
+
+- 4a33e269: fix: restore pino legacy version
+- Updated dependencies [4a33e269]
+  - @verdaccio/logger-prettify@6.0.0-6-next.10
+  - @verdaccio/core@6.0.0-6-next.70
+
+## 6.0.0-6-next.37
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+
+## 6.0.0-6-next.36
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.68
+
+## 6.0.0-6-next.35
+
+### Patch Changes
+
+- Updated dependencies [16e38df8]
+  - @verdaccio/core@6.0.0-6-next.67
+
 ## 6.0.0-6-next.34
 
 ### Patch Changes

packages/logger/logger-commons/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/logger-commons",
-  "version": "6.0.0-6-next.34",
+  "version": "6.0.0-6-next.41",
   "description": "logger",
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
@@ -38,14 +38,14 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.66",
-    "@verdaccio/logger-prettify": "workspace:6.0.0-6-next.9",
+    "@verdaccio/core": "workspace:6.0.0-6-next.73",
+    "@verdaccio/logger-prettify": "workspace:6.0.0-6-next.10",
     "debug": "4.3.4",
-    "colorette": "2.0.19"
+    "colorette": "2.0.20"
   },
   "devDependencies": {
-    "pino": "8.10.0",
-    "@verdaccio/types": "workspace:11.0.0-6-next.24"
+    "pino": "7.11.0",
+    "@verdaccio/types": "workspace:11.0.0-6-next.25"
   },
   "funding": {
     "type": "opencollective",

packages/logger/logger-prettify/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @verdaccio/logger-prettify
 
+## 6.0.0-6-next.10
+
+### Patch Changes
+
+- 4a33e269: fix: restore pino legacy version
+
 ## 6.0.0-6-next.9
 
 ### Patch Changes

packages/logger/logger-prettify/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/logger-prettify",
-  "version": "6.0.0-6-next.9",
+  "version": "6.0.0-6-next.10",
   "description": "logger",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -40,12 +40,12 @@
   "dependencies": {
     "dayjs": "1.11.7",
     "pino-abstract-transport": "1.0.0",
-    "colorette": "2.0.19",
+    "colorette": "2.0.20",
     "lodash": "4.17.21",
-    "sonic-boom": "3.2.1"
+    "sonic-boom": "3.3.0"
   },
   "devDependencies": {
-    "pino": "8.10.0"
+    "pino": "8.12.1"
   },
   "funding": {
     "type": "opencollective",

packages/logger/logger/CHANGELOG.md

@@ -1,5 +1,49 @@
 # @verdaccio/logger
 
+## 6.0.0-6-next.41
+
+### Patch Changes
+
+- @verdaccio/logger-commons@6.0.0-6-next.41
+
+## 6.0.0-6-next.40
+
+### Patch Changes
+
+- @verdaccio/logger-commons@6.0.0-6-next.40
+
+## 6.0.0-6-next.39
+
+### Patch Changes
+
+- Updated dependencies [84b2dffdb]
+  - @verdaccio/logger-commons@6.0.0-6-next.39
+
+## 6.0.0-6-next.38
+
+### Patch Changes
+
+- Updated dependencies [4a33e269]
+  - @verdaccio/logger-commons@6.0.0-6-next.38
+
+## 6.0.0-6-next.37
+
+### Patch Changes
+
+- @verdaccio/logger-commons@6.0.0-6-next.37
+
+## 6.0.0-6-next.36
+
+### Patch Changes
+
+- @verdaccio/logger-commons@6.0.0-6-next.36
+
+## 6.0.0-6-next.35
+
+### Patch Changes
+
+- @verdaccio/logger-commons@6.0.0-6-next.35
+
 ## 6.0.0-6-next.34
 
 ### Patch Changes

packages/logger/logger/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/logger",
-  "version": "6.0.0-6-next.34",
+  "version": "6.0.0-6-next.41",
   "description": "logger",
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
@@ -38,11 +38,11 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/logger-commons": "workspace:6.0.0-6-next.34",
-    "pino": "8.10.0"
+    "@verdaccio/logger-commons": "workspace:6.0.0-6-next.41",
+    "pino": "8.14.1"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:11.0.0-6-next.24"
+    "@verdaccio/types": "workspace:11.0.0-6-next.25"
   },
   "funding": {
     "type": "opencollective",

packages/middleware/CHANGELOG.md

@@ -1,5 +1,73 @@
 # @verdaccio/middleware
 
+## 6.0.0-6-next.52
+
+### Patch Changes
+
+- f859d2b1a: fix: official package "-" cannot be synced
+- Updated dependencies [f859d2b1a]
+  - @verdaccio/core@6.0.0-6-next.73
+  - @verdaccio/config@6.0.0-6-next.73
+  - @verdaccio/url@11.0.0-6-next.39
+  - @verdaccio/utils@6.0.0-6-next.41
+
+## 6.0.0-6-next.51
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.72
+- @verdaccio/config@6.0.0-6-next.72
+- @verdaccio/url@11.0.0-6-next.38
+- @verdaccio/utils@6.0.0-6-next.40
+
+## 6.0.0-6-next.50
+
+### Patch Changes
+
+- Updated dependencies [679c19c1b]
+  - @verdaccio/config@6.0.0-6-next.71
+  - @verdaccio/core@6.0.0-6-next.71
+  - @verdaccio/url@11.0.0-6-next.37
+  - @verdaccio/utils@6.0.0-6-next.39
+
+## 6.0.0-6-next.49
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.70
+- @verdaccio/config@6.0.0-6-next.70
+- @verdaccio/url@11.0.0-6-next.36
+- @verdaccio/utils@6.0.0-6-next.38
+
+## 6.0.0-6-next.48
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+  - @verdaccio/config@6.0.0-6-next.69
+  - @verdaccio/url@11.0.0-6-next.35
+  - @verdaccio/utils@6.0.0-6-next.37
+
+## 6.0.0-6-next.47
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.68
+- @verdaccio/config@6.0.0-6-next.68
+- @verdaccio/url@11.0.0-6-next.34
+- @verdaccio/utils@6.0.0-6-next.36
+
+## 6.0.0-6-next.46
+
+### Patch Changes
+
+- Updated dependencies [16e38df8]
+  - @verdaccio/config@6.0.0-6-next.67
+  - @verdaccio/core@6.0.0-6-next.67
+  - @verdaccio/url@11.0.0-6-next.33
+  - @verdaccio/utils@6.0.0-6-next.35
+
 ## 6.0.0-6-next.45
 
 ### Patch Changes

packages/middleware/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/middleware",
-  "version": "6.0.0-6-next.45",
+  "version": "6.0.0-6-next.52",
   "description": "express middleware utils",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -38,12 +38,12 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.66",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.34",
-    "@verdaccio/config": "workspace:6.0.0-6-next.66",
-    "@verdaccio/url": "workspace:11.0.0-6-next.32",
+    "@verdaccio/core": "workspace:6.0.0-6-next.73",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.41",
+    "@verdaccio/config": "workspace:6.0.0-6-next.73",
+    "@verdaccio/url": "workspace:11.0.0-6-next.39",
     "debug": "4.3.4",
-    "lru-cache": "7.16.1",
+    "lru-cache": "7.18.3",
     "express": "4.18.2",
     "lodash": "4.17.21",
     "mime": "2.6.0",
@@ -54,8 +54,8 @@
     "url": "https://opencollective.com/verdaccio"
   },
   "devDependencies": {
-    "@verdaccio/logger": "workspace:6.0.0-6-next.34",
-    "body-parser": "1.20.1",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.41",
+    "body-parser": "1.20.2",
     "supertest": "6.3.3"
   }
 }

packages/middleware/src/middlewares/validation.ts

@@ -1,27 +1,17 @@
-import { errorUtils } from '@verdaccio/core';
-import {
-  validateName as utilValidateName,
-  validatePackage as utilValidatePackage,
-} from '@verdaccio/utils';
+import { errorUtils, validationUtils } from '@verdaccio/core';
 
 export function validateName(_req, _res, next, value: string, name: string) {
-  if (value === '-') {
-    // special case in couchdb usually
-    next('route');
-  } else if (utilValidateName(value)) {
+  if (validationUtils.validateName(value)) {
     next();
   } else {
-    next(errorUtils.getForbidden('invalid ' + name));
+    next(errorUtils.getBadRequest('invalid ' + name));
   }
 }
 
 export function validatePackage(_req, _res, next, value: string, name: string) {
-  if (value === '-') {
-    // special case in couchdb usually
-    next('route');
-  } else if (utilValidatePackage(value)) {
+  if (validationUtils.validatePackage(value)) {
     next();
   } else {
-    next(errorUtils.getForbidden('invalid ' + name));
+    next(errorUtils.getBadRequest('invalid ' + name));
   }
 }

packages/middleware/test/params.spec.ts

@@ -2,55 +2,9 @@ import request from 'supertest';
 
 import { HTTP_STATUS } from '@verdaccio/core';
 
-import { match, validateName, validatePackage } from '../src';
+import { match } from '../src';
 import { getApp } from './helper';
 
-describe('validate params', () => {
-  test('should validate package name', async () => {
-    const app = getApp([]);
-    // @ts-ignore
-    app.param('package', validatePackage);
-    app.get('/pkg/:package', (req, res) => {
-      res.status(HTTP_STATUS.OK).json({});
-    });
-
-    return request(app).get('/pkg/react').expect(HTTP_STATUS.OK);
-  });
-
-  test('should fails validate package name', async () => {
-    const app = getApp([]);
-    // @ts-ignore
-    app.param('package', validatePackage);
-    app.get('/pkg/:package', (req, res) => {
-      res.status(HTTP_STATUS.OK).json({});
-    });
-
-    return request(app).get('/pkg/node_modules').expect(HTTP_STATUS.FORBIDDEN);
-  });
-
-  test('should fails file name package name', async () => {
-    const app = getApp([]);
-    // @ts-ignore
-    app.param('filename', validateName);
-    app.get('/file/:filename', (req, res) => {
-      res.status(HTTP_STATUS.OK).json({});
-    });
-
-    return request(app).get('/file/__proto__').expect(HTTP_STATUS.FORBIDDEN);
-  });
-
-  test('should validate file name package name', async () => {
-    const app = getApp([]);
-    // @ts-ignore
-    app.param('filename', validateName);
-    app.get('/file/:filename', (req, res) => {
-      res.status(HTTP_STATUS.OK).json({});
-    });
-
-    return request(app).get('/file/react.tar.gz').expect(HTTP_STATUS.OK);
-  });
-});
-
 describe('match', () => {
   test('should not match middleware', async () => {
     const app = getApp([]);

packages/middleware/test/validation.spec.ts

@@ -0,0 +1,92 @@
+import request from 'supertest';
+
+import { HTTP_STATUS } from '@verdaccio/core';
+
+import { validateName, validatePackage } from '../src';
+import { getApp } from './helper';
+
+describe('validate package name middleware', () => {
+  test.each(['jquery', '-'])('%s should be valid package name', (pkg) => {
+    const app = getApp([]);
+    app.param('pkg', validatePackage);
+    app.get('/:pkg', (_req, res) => {
+      res.status(HTTP_STATUS.OK).json({});
+    });
+
+    return request(app).get(`/${pkg}`).expect(HTTP_STATUS.OK);
+  });
+
+  test.each(['node_modules', '%'])('%s should be invalid package name', (pkg) => {
+    const app = getApp([]);
+    app.param('pkg', validatePackage);
+    app.get('/:pkg', (_req, res) => {
+      res.status(HTTP_STATUS.OK).json({});
+    });
+
+    return request(app).get(`/${pkg}`).expect(HTTP_STATUS.BAD_REQUEST);
+  });
+
+  test('should validate package name double level', async () => {
+    const app = getApp([]);
+    // @ts-ignore
+    app.param('package', validatePackage);
+    app.get('/pkg/:package', (req, res) => {
+      res.status(HTTP_STATUS.OK).json({});
+    });
+
+    return request(app).get('/pkg/react').expect(HTTP_STATUS.OK);
+  });
+
+  test('should fails validate package name double level', async () => {
+    const app = getApp([]);
+    // @ts-ignore
+    app.param('package', validatePackage);
+    app.get('/pkg/:package', (req, res) => {
+      res.status(HTTP_STATUS.OK).json({});
+    });
+
+    return request(app).get('/pkg/node_modules').expect(HTTP_STATUS.BAD_REQUEST);
+  });
+});
+
+describe('validate file name name middleware', () => {
+  test.each(['old-package@0.1.2.tgz', '--0.0.1.tgz'])('%s should be valid file name', (pkg) => {
+    const app = getApp([]);
+    app.param('pkg', validateName);
+    app.get('/:pkg', (_req, res) => {
+      res.status(HTTP_STATUS.OK).json({});
+    });
+
+    return request(app).get(`/${pkg}`).expect(HTTP_STATUS.OK);
+  });
+
+  test.each(['some%2Fthing', '.bin'])('%s should be invalid package name', (pkg) => {
+    const app = getApp([]);
+    app.param('pkg', validateName);
+    app.get('/:pkg', (_req, res) => {
+      res.status(HTTP_STATUS.OK).json({});
+    });
+
+    return request(app).get(`/${pkg}`).expect(HTTP_STATUS.BAD_REQUEST);
+  });
+
+  test('should fails file name package name', async () => {
+    const app = getApp([]);
+    app.param('filename', validateName);
+    app.get('/file/:filename', (req, res) => {
+      res.status(HTTP_STATUS.OK).json({});
+    });
+
+    return request(app).get('/file/__proto__').expect(HTTP_STATUS.BAD_REQUEST);
+  });
+
+  test('should validate file name package name', async () => {
+    const app = getApp([]);
+    app.param('filename', validateName);
+    app.get('/file/:filename', (req, res) => {
+      res.status(HTTP_STATUS.OK).json({});
+    });
+
+    return request(app).get('/file/react.tar.gz').expect(HTTP_STATUS.OK);
+  });
+});

packages/node-api/CHANGELOG.md

@@ -1,5 +1,80 @@
 # @verdaccio/node-api
 
+## 6.0.0-6-next.73
+
+### Patch Changes
+
+- Updated dependencies [f859d2b1a]
+  - @verdaccio/core@6.0.0-6-next.73
+  - @verdaccio/server@6.0.0-6-next.62
+  - @verdaccio/config@6.0.0-6-next.73
+  - @verdaccio/server-fastify@6.0.0-6-next.54
+  - @verdaccio/logger@6.0.0-6-next.41
+
+## 6.0.0-6-next.72
+
+### Patch Changes
+
+- Updated dependencies [702d5c497]
+  - @verdaccio/server-fastify@6.0.0-6-next.53
+  - @verdaccio/server@6.0.0-6-next.61
+  - @verdaccio/core@6.0.0-6-next.72
+  - @verdaccio/config@6.0.0-6-next.72
+  - @verdaccio/logger@6.0.0-6-next.40
+
+## 6.0.0-6-next.71
+
+### Patch Changes
+
+- Updated dependencies [679c19c1b]
+  - @verdaccio/config@6.0.0-6-next.71
+  - @verdaccio/server@6.0.0-6-next.60
+  - @verdaccio/server-fastify@6.0.0-6-next.52
+  - @verdaccio/logger@6.0.0-6-next.39
+  - @verdaccio/core@6.0.0-6-next.71
+
+## 6.0.0-6-next.70
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.38
+- @verdaccio/server@6.0.0-6-next.59
+- @verdaccio/server-fastify@6.0.0-6-next.51
+- @verdaccio/core@6.0.0-6-next.70
+- @verdaccio/config@6.0.0-6-next.70
+
+## 6.0.0-6-next.69
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+  - @verdaccio/server@6.0.0-6-next.58
+  - @verdaccio/server-fastify@6.0.0-6-next.50
+  - @verdaccio/config@6.0.0-6-next.69
+  - @verdaccio/logger@6.0.0-6-next.37
+
+## 6.0.0-6-next.68
+
+### Patch Changes
+
+- @verdaccio/server@6.0.0-6-next.57
+- @verdaccio/server-fastify@6.0.0-6-next.49
+- @verdaccio/core@6.0.0-6-next.68
+- @verdaccio/config@6.0.0-6-next.68
+- @verdaccio/logger@6.0.0-6-next.36
+
+## 6.0.0-6-next.67
+
+### Patch Changes
+
+- Updated dependencies [16e38df8]
+  - @verdaccio/config@6.0.0-6-next.67
+  - @verdaccio/core@6.0.0-6-next.67
+  - @verdaccio/server@6.0.0-6-next.56
+  - @verdaccio/server-fastify@6.0.0-6-next.48
+  - @verdaccio/logger@6.0.0-6-next.35
+
 ## 6.0.0-6-next.66
 
 ### Patch Changes

packages/node-api/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/node-api",
-  "version": "6.0.0-6-next.66",
+  "version": "6.0.0-6-next.73",
   "description": "node API",
   "main": "build/index.js",
   "types": "build/index.d.ts",
@@ -39,19 +39,17 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.66",
-    "@verdaccio/config": "workspace:6.0.0-6-next.66",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.34",
-    "@verdaccio/server": "workspace:6.0.0-6-next.55",
-    "@verdaccio/server-fastify": "workspace:6.0.0-6-next.47",
-    "core-js": "3.28.0",
+    "@verdaccio/core": "workspace:6.0.0-6-next.73",
+    "@verdaccio/config": "workspace:6.0.0-6-next.73",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.41",
+    "@verdaccio/server": "workspace:6.0.0-6-next.62",
+    "@verdaccio/server-fastify": "workspace:6.0.0-6-next.54",
+    "core-js": "3.30.2",
     "debug": "4.3.4",
     "lodash": "4.17.21"
   },
   "devDependencies": {
-    "@types/node": "16.18.10",
-    "@verdaccio/types": "workspace:11.0.0-6-next.24",
-    "jest-mock-process": "1.5.1",
+    "@verdaccio/types": "workspace:11.0.0-6-next.25",
     "selfsigned": "1.10.14",
     "supertest": "6.3.3"
   },

packages/plugins/audit/CHANGELOG.md

@@ -1,5 +1,58 @@
 # Change Log
 
+## 11.0.0-6-next.36
+
+### Patch Changes
+
+- Updated dependencies [f859d2b1a]
+  - @verdaccio/core@6.0.0-6-next.73
+  - @verdaccio/config@6.0.0-6-next.73
+
+## 11.0.0-6-next.35
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.72
+- @verdaccio/config@6.0.0-6-next.72
+
+## 11.0.0-6-next.34
+
+### Patch Changes
+
+- Updated dependencies [679c19c1b]
+  - @verdaccio/config@6.0.0-6-next.71
+  - @verdaccio/core@6.0.0-6-next.71
+
+## 11.0.0-6-next.33
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.70
+- @verdaccio/config@6.0.0-6-next.70
+
+## 11.0.0-6-next.32
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+  - @verdaccio/config@6.0.0-6-next.69
+
+## 11.0.0-6-next.31
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.68
+- @verdaccio/config@6.0.0-6-next.68
+
+## 11.0.0-6-next.30
+
+### Patch Changes
+
+- Updated dependencies [16e38df8]
+  - @verdaccio/config@6.0.0-6-next.67
+  - @verdaccio/core@6.0.0-6-next.67
+
 ## 11.0.0-6-next.29
 
 ### Patch Changes

packages/plugins/audit/package.json

@@ -1,6 +1,6 @@
 {
   "name": "verdaccio-audit",
-  "version": "11.0.0-6-next.29",
+  "version": "11.0.0-6-next.36",
   "description": "Verdaccio Middleware plugin to bypass npmjs audit",
   "keywords": [
     "private",
@@ -30,16 +30,16 @@
     "node": ">=12"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.66",
-    "@verdaccio/config": "workspace:6.0.0-6-next.66",
+    "@verdaccio/core": "workspace:6.0.0-6-next.73",
+    "@verdaccio/config": "workspace:6.0.0-6-next.73",
     "express": "4.18.2",
     "https-proxy-agent": "5.0.1",
     "node-fetch": "cjs"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:11.0.0-6-next.24",
-    "@verdaccio/auth": "workspace:6.0.0-6-next.45",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.34",
+    "@verdaccio/types": "workspace:11.0.0-6-next.25",
+    "@verdaccio/auth": "workspace:6.0.0-6-next.52",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.41",
     "nock": "13.2.9",
     "supertest": "6.3.3"
   },

packages/plugins/auth-memory/CHANGELOG.md

@@ -1,5 +1,50 @@
 # Change Log
 
+## 11.0.0-6-next.38
+
+### Patch Changes
+
+- Updated dependencies [f859d2b1a]
+  - @verdaccio/core@6.0.0-6-next.73
+
+## 11.0.0-6-next.37
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.72
+
+## 11.0.0-6-next.36
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.71
+
+## 11.0.0-6-next.35
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.70
+
+## 11.0.0-6-next.34
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+
+## 11.0.0-6-next.33
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.68
+
+## 11.0.0-6-next.32
+
+### Patch Changes
+
+- Updated dependencies [16e38df8]
+  - @verdaccio/core@6.0.0-6-next.67
+
 ## 11.0.0-6-next.31
 
 ### Patch Changes

packages/plugins/auth-memory/package.json

@@ -1,6 +1,6 @@
 {
   "name": "verdaccio-auth-memory",
-  "version": "11.0.0-6-next.31",
+  "version": "11.0.0-6-next.38",
   "description": "Auth plugin for Verdaccio that keeps users in memory",
   "keywords": [
     "private",
@@ -31,12 +31,13 @@
     "npm": ">=6"
   },
   "dependencies": {
-    "debug": "4.3.4",
-    "@verdaccio/core": "workspace:6.0.0-6-next.66"
+    "@verdaccio/core": "workspace:6.0.0-6-next.73",
+    "debug": "4.3.4"
   },
   "devDependencies": {
-    "@verdaccio/config": "workspace:6.0.0-6-next.66",
-    "@verdaccio/types": "workspace:11.0.0-6-next.24"
+    "@types/debug": "^4.1.7",
+    "@verdaccio/config": "workspace:6.0.0-6-next.73",
+    "@verdaccio/types": "workspace:11.0.0-6-next.25"
   },
   "scripts": {
     "clean": "rimraf ./build",

packages/plugins/aws-storage/package.json

@@ -32,7 +32,7 @@
   "types": "build/index.d.ts",
   "dependencies": {
     "@verdaccio/core": "workspace:6.0.0-6-next.5",
-    "aws-sdk": "2.1199.0"
+    "aws-sdk": "2.1354.0"
   },
   "devDependencies": {
     "@verdaccio/types": "workspace:11.0.0-6-next.12",

packages/plugins/htpasswd/CHANGELOG.md

@@ -1,5 +1,56 @@
 # Change Log
 
+## 11.0.0-6-next.43
+
+### Patch Changes
+
+- Updated dependencies [f859d2b1a]
+  - @verdaccio/core@6.0.0-6-next.73
+
+## 11.0.0-6-next.42
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.72
+
+## 11.0.0-6-next.41
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.71
+
+## 11.0.0-6-next.40
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.70
+
+## 11.0.0-6-next.39
+
+### Minor Changes
+
+- c9d1af0e: feat: async bcrypt hash
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+
+## 11.0.0-6-next.38
+
+### Patch Changes
+
+- 09753cc1: fix wrong htpasswd file location
+  - @verdaccio/core@6.0.0-6-next.68
+
+## 11.0.0-6-next.37
+
+### Patch Changes
+
+- Updated dependencies [16e38df8]
+  - @verdaccio/core@6.0.0-6-next.67
+  - @verdaccio/file-locking@11.0.0-6-next.7
+
 ## 11.0.0-6-next.36
 
 ### Patch Changes

packages/plugins/htpasswd/package.json

@@ -1,6 +1,6 @@
 {
   "name": "verdaccio-htpasswd",
-  "version": "11.0.0-6-next.36",
+  "version": "11.0.0-6-next.43",
   "description": "htpasswd auth plugin for Verdaccio",
   "keywords": [
     "private",
@@ -34,20 +34,20 @@
     "npm": ">=6"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.66",
+    "@verdaccio/core": "workspace:6.0.0-6-next.73",
     "@verdaccio/file-locking": "workspace:11.0.0-6-next.7",
     "apache-md5": "1.1.8",
     "bcryptjs": "2.4.3",
-    "core-js": "3.28.0",
-    "http-errors": "1.8.1",
+    "core-js": "3.30.2",
+    "http-errors": "2.0.0",
     "debug": "4.3.4",
     "unix-crypt-td-js": "1.1.4"
   },
   "devDependencies": {
     "@types/bcryptjs": "2.4.2",
-    "@verdaccio/types": "workspace:11.0.0-6-next.24",
-    "@verdaccio/config": "workspace:6.0.0-6-next.66",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.34",
+    "@verdaccio/types": "workspace:11.0.0-6-next.25",
+    "@verdaccio/config": "workspace:6.0.0-6-next.73",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.41",
     "mockdate": "3.0.5"
   },
   "scripts": {

packages/plugins/htpasswd/src/htpasswd.ts

@@ -1,13 +1,13 @@
 import buildDebug from 'debug';
 import fs from 'fs';
-import { dirname, join, resolve } from 'path';
+import { dirname, resolve } from 'path';
 
-import { pluginUtils } from '@verdaccio/core';
+import { constants, pluginUtils } from '@verdaccio/core';
 import { unlockFile } from '@verdaccio/file-locking';
 import { Callback, Logger } from '@verdaccio/types';
 
 import {
-  HtpasswdHashAlgorithm,
+  DEFAULT_BCRYPT_ROUNDS,
   HtpasswdHashConfig,
   addUserToHTPasswd,
   changePasswordToHTPasswd,
@@ -17,6 +17,8 @@ import {
   verifyPassword,
 } from './utils';
 
+type HtpasswdHashAlgorithm = constants.HtpasswdHashAlgorithm;
+
 const debug = buildDebug('verdaccio:plugin:htpasswd');
 
 export type HTPasswdConfig = {
@@ -27,7 +29,6 @@ export type HTPasswdConfig = {
   slow_verify_ms?: number;
 };
 
-export const DEFAULT_BCRYPT_ROUNDS = 10;
 export const DEFAULT_SLOW_VERIFY_MS = 200;
 
 /**
@@ -63,15 +64,19 @@ export default class HTPasswd
     let algorithm: HtpasswdHashAlgorithm;
     let rounds: number | undefined;
 
-    if (config.algorithm === undefined) {
-      algorithm = HtpasswdHashAlgorithm.bcrypt;
-    } else if (HtpasswdHashAlgorithm[config.algorithm] !== undefined) {
-      algorithm = HtpasswdHashAlgorithm[config.algorithm];
+    if (typeof config.algorithm === 'undefined') {
+      algorithm = constants.HtpasswdHashAlgorithm.bcrypt;
+    } else if (constants.HtpasswdHashAlgorithm[config.algorithm] !== undefined) {
+      algorithm = constants.HtpasswdHashAlgorithm[config.algorithm];
     } else {
-      throw new Error(`Invalid algorithm "${config.algorithm}"`);
+      this.logger.warn(
+        `The algorithm selected %s is invalid, switching to to default one "bcrypt", password validation can be affected`,
+        config.algorithm
+      );
+      algorithm = constants.HtpasswdHashAlgorithm.bcrypt;
     }
     debug(`password hash algorithm: ${algorithm}`);
-    if (algorithm === HtpasswdHashAlgorithm.bcrypt) {
+    if (algorithm === constants.HtpasswdHashAlgorithm.bcrypt) {
       rounds = config.rounds || DEFAULT_BCRYPT_ROUNDS;
     } else if (config.rounds !== undefined) {
       this.logger.warn({ algo: algorithm }, 'Option "rounds" is not valid for "@{algo}" algorithm');
@@ -90,7 +95,7 @@ export default class HTPasswd
       throw new Error('should specify "file" in config');
     }
     debug('config path: %s', options?.config?.configPath);
-    this.path = join(resolve(dirname(options?.config?.configPath ?? '')), file);
+    this.path = resolve(dirname(options?.config?.configPath), file);
     this.logger.info({ file: this.path }, 'using htpasswd file: @{file}');
     debug('htpasswd path:', this.path);
     if (config.slow_verify_ms) {
@@ -202,7 +207,7 @@ export default class HTPasswd
       }
 
       try {
-        this._writeFile(addUserToHTPasswd(body, user, password, this.hashConfig), cb);
+        this._writeFile(await addUserToHTPasswd(body, user, password, this.hashConfig), cb);
       } catch (err: any) {
         return cb(err);
       }

packages/plugins/htpasswd/src/utils.ts

@@ -3,18 +3,15 @@ import bcrypt from 'bcryptjs';
 import crypto from 'crypto';
 import createError, { HttpError } from 'http-errors';
 
-import { API_ERROR, HTTP_STATUS } from '@verdaccio/core';
+import { API_ERROR, HTTP_STATUS, constants } from '@verdaccio/core';
 import { readFile } from '@verdaccio/file-locking';
 import { Callback } from '@verdaccio/types';
 
 import crypt3 from './crypt3';
 
-export enum HtpasswdHashAlgorithm {
-  md5 = 'md5',
-  sha1 = 'sha1',
-  crypt = 'crypt',
-  bcrypt = 'bcrypt',
-}
+export const DEFAULT_BCRYPT_ROUNDS = 10;
+
+type HtpasswdHashAlgorithm = constants.HtpasswdHashAlgorithm;
 
 export interface HtpasswdHashConfig {
   algorithm: HtpasswdHashAlgorithm;
@@ -80,24 +77,24 @@ export async function verifyPassword(passwd: string, hash: string): Promise<bool
  * @param {HtpasswdHashConfig} hashConfig
  * @returns {string}
  */
-export function generateHtpasswdLine(
+export async function generateHtpasswdLine(
   user: string,
   passwd: string,
   hashConfig: HtpasswdHashConfig
-): string {
+): Promise<string> {
   let hash: string;
 
   switch (hashConfig.algorithm) {
-    case HtpasswdHashAlgorithm.bcrypt:
-      hash = bcrypt.hashSync(passwd, hashConfig.rounds);
+    case constants.HtpasswdHashAlgorithm.bcrypt:
+      hash = await bcrypt.hash(passwd, hashConfig.rounds || DEFAULT_BCRYPT_ROUNDS);
       break;
-    case HtpasswdHashAlgorithm.crypt:
+    case constants.HtpasswdHashAlgorithm.crypt:
       hash = crypt3(passwd);
       break;
-    case HtpasswdHashAlgorithm.md5:
+    case constants.HtpasswdHashAlgorithm.md5:
       hash = md5(passwd);
       break;
-    case HtpasswdHashAlgorithm.sha1:
+    case constants.HtpasswdHashAlgorithm.sha1:
       hash = '{SHA}' + crypto.createHash('sha1').update(passwd, 'utf8').digest('base64');
       break;
     default:
@@ -116,12 +113,12 @@ export function generateHtpasswdLine(
  * @param {HtpasswdHashConfig} hashConfig
  * @returns {string}
  */
-export function addUserToHTPasswd(
+export async function addUserToHTPasswd(
   body: string,
   user: string,
   passwd: string,
   hashConfig: HtpasswdHashConfig
-): string {
+): Promise<string> {
   if (user !== encodeURIComponent(user)) {
     const err = createError('username should not contain non-uri-safe characters');
 
@@ -129,7 +126,7 @@ export function addUserToHTPasswd(
     throw err;
   }
 
-  let newline = generateHtpasswdLine(user, passwd, hashConfig);
+  let newline = await generateHtpasswdLine(user, passwd, hashConfig);
 
   if (body.length && body[body.length - 1] !== '\n') {
     newline = '\n' + newline;
@@ -190,13 +187,14 @@ export async function sanityCheck(
 }
 
 /**
+ * /**
  * changePasswordToHTPasswd - change password for existing user
  * @param {string} body
  * @param {string} user
  * @param {string} passwd
  * @param {string} newPasswd
  * @param {HtpasswdHashConfig} hashConfig
- * @returns {string}
+ * @returns {Promise<string>}
  */
 export async function changePasswordToHTPasswd(
   body: string,
@@ -215,7 +213,7 @@ export async function changePasswordToHTPasswd(
   if (!passwordValid) {
     throw new Error(`Unable to change password for user '${user}': invalid old password`);
   }
-  const updatedUserLine = generateHtpasswdLine(username, newPasswd, hashConfig);
+  const updatedUserLine = await generateHtpasswdLine(username, newPasswd, hashConfig);
   lines.splice(userLineIndex, 1, updatedUserLine);
   return lines.join('\n');
 }

packages/plugins/htpasswd/tests/htpasswd.test.ts

@@ -1,26 +1,18 @@
-/* eslint-disable jest/no-mocks-import */
-// @ts-ignore: Module has no default export
 import bcrypt from 'bcryptjs';
-// @ts-ignore: Module has no default export
 import crypto from 'crypto';
-// @ts-ignore: Module has no default export
 import fs from 'fs';
 import MockDate from 'mockdate';
 import path from 'path';
 
 import { Config, parseConfigFile } from '@verdaccio/config';
-import { logger, setup } from '@verdaccio/logger';
-import { PluginOptions } from '@verdaccio/types';
+import { constants, pluginUtils } from '@verdaccio/core';
 
 import HTPasswd, { DEFAULT_SLOW_VERIFY_MS, HTPasswdConfig } from '../src/htpasswd';
-import { HtpasswdHashAlgorithm } from '../src/utils';
-
-setup();
 
 const options = {
-  logger,
+  logger: { warn: jest.fn(), info: jest.fn() },
   config: new Config(parseConfigFile(path.join(__dirname, './__fixtures__/config.yaml'))),
-} as any as PluginOptions<HTPasswdConfig>;
+} as any as pluginUtils.PluginOptions<HTPasswdConfig>;
 
 const config = {
   file: './htpasswd',
@@ -34,7 +26,8 @@ describe('HTPasswd', () => {
     wrapper = new HTPasswd(config, options);
     jest.resetModules();
     jest.clearAllMocks();
-    // @ts-ignore: Module has no default export
+
+    // @ts-ignore
     crypto.randomBytes = jest.fn(() => {
       return {
         toString: (): string => '$6',
@@ -43,7 +36,15 @@ describe('HTPasswd', () => {
   });
 
   describe('constructor()', () => {
-    const emptyPluginOptions = { config: {} } as any as PluginOptions<HTPasswdConfig>;
+    const error = jest.fn();
+    const warn = jest.fn();
+    const info = jest.fn();
+    const emptyPluginOptions = {
+      config: {
+        configPath: '',
+      },
+      logger: { warn, info, error },
+    } as any as pluginUtils.PluginOptions<HTPasswdConfig>;
 
     test('should ensure file path configuration exists', () => {
       expect(function () {
@@ -51,11 +52,14 @@ describe('HTPasswd', () => {
       }).toThrow(/should specify "file" in config/);
     });
 
-    test('should throw error about incorrect algorithm', () => {
-      expect(function () {
-        let invalidConfig = { algorithm: 'invalid', ...config } as HTPasswdConfig;
-        new HTPasswd(invalidConfig, emptyPluginOptions);
-      }).toThrow(/Invalid algorithm "invalid"/);
+    test('should switch to bcrypt if incorrect algorithm is set', () => {
+      let invalidConfig = { algorithm: 'invalid', ...config } as HTPasswdConfig;
+      new HTPasswd(invalidConfig, emptyPluginOptions);
+      expect(warn).toHaveBeenCalledWith(
+        'The algorithm selected %s is invalid, switching to to default one "bcrypt", password validation can be affected',
+        'invalid'
+      );
+      expect(info).toHaveBeenCalled();
     });
   });
 
@@ -95,21 +99,20 @@ describe('HTPasswd', () => {
     test('it should warn on slow password verification', (done) => {
       // @ts-ignore
       // eslint-disable-next-line @typescript-eslint/no-unused-vars
-      bcrypt.compare = jest.fn(async (_passwd, _hash) => {
-        await new Promise((resolve) => setTimeout(resolve, DEFAULT_SLOW_VERIFY_MS + 1));
-        return true;
+      bcrypt.compare = jest.fn((_passwd, _hash) => {
+        return new Promise((resolve) => setTimeout(resolve, DEFAULT_SLOW_VERIFY_MS + 1)).then(
+          () => true
+        );
       });
       const callback = (a, b): void => {
         expect(a).toBeNull();
         expect(b).toContain('bcrypt');
-        // TODO: figure out how to test the warning properly without mocking the logger
-        // maybe mocking pino? not sure.
-        // const mockWarn = options.logger.warn as jest.MockedFn<jest.MockableFunction>;
-        // expect(mockWarn.mock.calls.length).toBe(1);
-        // const [{ user, durationMs }, message] = mockWarn.mock.calls[0];
-        // expect(user).toEqual('bcrypt');
-        // expect(durationMs).toBeGreaterThan(DEFAULT_SLOW_VERIFY_MS);
-        // expect(message).toEqual('Password for user "@{user}" took @{durationMs}ms to verify');
+        const mockWarn = options.logger.warn as jest.MockedFn<jest.MockableFunction>;
+        expect(mockWarn.mock.calls.length).toBe(1);
+        const [{ user, durationMs }, message] = mockWarn.mock.calls[0];
+        expect(user).toEqual('bcrypt');
+        expect(durationMs).toBeGreaterThan(DEFAULT_SLOW_VERIFY_MS);
+        expect(message).toEqual('Password for user "@{user}" took @{durationMs}ms to verify');
         done();
       };
       wrapper.authenticate('bcrypt', 'password', callback);
@@ -128,7 +131,7 @@ describe('HTPasswd', () => {
     test('it should add the user', (done) => {
       let dataToWrite;
       // @ts-ignore
-      fs.writeFile = jest.fn((_name, data, callback) => {
+      fs.writeFile = jest.fn((name, data, callback) => {
         dataToWrite = data;
         callback();
       });
@@ -150,7 +153,7 @@ describe('HTPasswd', () => {
         jest.doMock('../src/utils.ts', () => {
           return {
             sanityCheck: (): Error => Error('some error'),
-            HtpasswdHashAlgorithm,
+            HtpasswdHashAlgorithm: constants.HtpasswdHashAlgorithm,
           };
         });
 
@@ -168,7 +171,7 @@ describe('HTPasswd', () => {
           return {
             sanityCheck: (): any => null,
             lockAndRead: (_a, b): any => b(new Error('lock error')),
-            HtpasswdHashAlgorithm,
+            HtpasswdHashAlgorithm: constants.HtpasswdHashAlgorithm,
           };
         });
 
@@ -188,7 +191,7 @@ describe('HTPasswd', () => {
             parseHTPasswd: (): void => {},
             lockAndRead: (_a, b): any => b(null, ''),
             unlockFile: (_a, b): any => b(),
-            HtpasswdHashAlgorithm,
+            HtpasswdHashAlgorithm: constants.HtpasswdHashAlgorithm,
           };
         });
 
@@ -202,11 +205,11 @@ describe('HTPasswd', () => {
       test('writeFile should return an Error', (done) => {
         jest.doMock('../src/utils.ts', () => {
           return {
-            sanityCheck: (): any => null,
+            sanityCheck: () => Promise.resolve(null),
             parseHTPasswd: (): void => {},
             lockAndRead: (_a, b): any => b(null, ''),
             addUserToHTPasswd: (): void => {},
-            HtpasswdHashAlgorithm,
+            HtpasswdHashAlgorithm: constants.HtpasswdHashAlgorithm,
           };
         });
         jest.doMock('fs', () => {
@@ -246,9 +249,6 @@ describe('HTPasswd', () => {
       test('reload should fails on check file', (done) => {
         jest.doMock('fs', () => {
           return {
-            readFile: (_name, callback): void => {
-              callback(new Error('stat error'), null);
-            },
             stat: (_name, callback): void => {
               callback(new Error('stat error'), null);
             },
@@ -268,9 +268,6 @@ describe('HTPasswd', () => {
       test('reload times match', (done) => {
         jest.doMock('fs', () => {
           return {
-            readFile: (_name, callback): void => {
-              callback(new Error('stat error'), null);
-            },
             stat: (_name, callback): void => {
               callback(null, {
                 mtime: null,