chore: update versions (next-8) (#4903)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.26.12 to 3.27.0.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](4d85deb854...662472033e)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.babelrc

@@ -1,26 +1,14 @@
 {
-  "presets": [ [
-    "@babel/env",
-    {
-      "useBuiltIns": "usage",
-      "corejs": {
-        "version": 3, "proposals": true
-      },
-      "targets": {
-        "node": 14
+  "presets": [
+    [
+      "@babel/env",
+      {
+        "targets": {
+          "node": 18
+        }
       }
-    }
-  ],
+    ],
     "@babel/typescript"
   ],
-  "plugins": [
-    "babel-plugin-dynamic-import-node",
-    "@babel/proposal-class-properties",
-    "@babel/proposal-object-rest-spread",
-    "@babel/plugin-proposal-optional-chaining",
-    "@babel/plugin-proposal-nullish-coalescing-operator"
-    ],
-  "ignore": [
-    "**/*.d.ts"
-  ]
+  "ignore": ["**/*.d.ts"]
 }

.changeset/afraid-mice-obey.md

@@ -1,15 +0,0 @@
----
-'@verdaccio/types': minor
-'@verdaccio/ui-theme': minor
-'@verdaccio/web': minor
----
-
-allow disable login on ui and endpoints
-
-To be able disable the login, set `login: false`, anything else would enable login. This flag will disable access via UI and web endpoints.
-
-```yml
-web:
-  title: verdaccio
-  login: false
-```

.changeset/angry-doors-tan.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/middleware': patch
+---
+
+fix(middleware): pass version to allow check

.changeset/beige-lions-type.md

@@ -1,39 +1,37 @@
 ---
-'@verdaccio/api': major
-'@verdaccio/auth': major
-'@verdaccio/cli': major
-'@verdaccio/config': major
-'@verdaccio/core': major
+'generator-verdaccio-plugin': major
+'@verdaccio/logger-prettify': major
+'@verdaccio/logger-commons': major
+'@verdaccio/local-storage': major
+'verdaccio-auth-memory': major
 '@verdaccio/file-locking': major
 'verdaccio-htpasswd': major
-'@verdaccio/readme': major
-'@verdaccio/fastify-migration': major
-'@verdaccio/streams': major
-'@verdaccio/tarball': major
-'@verdaccio/types': major
-'@verdaccio/url': major
-'@verdaccio/hooks': major
-'@verdaccio/loaders': major
-'@verdaccio/logger': major
-'@verdaccio/middleware': major
-'@verdaccio/mock': major
-'@verdaccio/node-api': major
-'@verdaccio/active-directory': major
-'verdaccio-audit': major
-'verdaccio-auth-memory': major
-'verdaccio-aws-s3-storage': major
-'verdaccio-google-cloud': major
-'verdaccio-memory': major
 '@verdaccio/ui-theme': major
+'verdaccio-memory': major
+'@verdaccio/search-indexer': major
 '@verdaccio/server': major
+'@verdaccio/server-fastify': major
+'@verdaccio/logger': major
+'verdaccio-audit': major
+'@verdaccio/ui-components': major
+'@verdaccio/tarball': major
+'@verdaccio/eslint-config': major
+'@verdaccio/test-cli-commons': major
+'@verdaccio/types': major
+'@verdaccio/middleware': major
 '@verdaccio/cli-standalone': major
-'@verdaccio/store': major
-'@verdaccio/dev-types': major
-'@verdaccio/utils': major
+'@verdaccio/core': major
+'@verdaccio/signature': major
 'verdaccio': major
+'@verdaccio/url': major
+'@verdaccio/node-api': major
 '@verdaccio/web': major
+'@verdaccio/loaders': major
+'@verdaccio/config': major
+'@verdaccio/search': major
+'@verdaccio/hooks': major
+'@verdaccio/proxy': major
+'@verdaccio/store': major
 ---
 
-Remove Node 12 support
-
-- We need move to the new `undici` and does not support Node.js 12
+chore: move v7 next to v8 next

.changeset/big-lobsters-sin.md

@@ -1,23 +0,0 @@
----
-'@verdaccio/local-storage': major
-'@verdaccio/url': major
-'verdaccio-aws-s3-storage': major
-'verdaccio-google-cloud': major
-'verdaccio-memory': major
-'@verdaccio/store': major
----
-
-# async storage plugin bootstrap
-
-Gives a storage plugin the ability to perform asynchronous tasks on initialization
-
-## Breaking change
-
-Plugin must have an init method in which asynchronous tasks can be executed
-
-```js
-public async init(): Promise<void> {
-   this.data = await this._fetchLocalPackages();
-   this._sync();
-}
-```

.changeset/blue-paws-cheer.md

@@ -0,0 +1,7 @@
+---
+'@verdaccio/server': patch
+'@verdaccio/middleware': patch
+'@verdaccio/core': patch
+---
+
+chore: request header constants

.changeset/calm-pants-impress.md

@@ -1,5 +0,0 @@
----
-'verdaccio-aws-s3-storage': patch
----
-
-Fix the prefix used to delete from s3 when unpublishing packages

.changeset/chatty-apricots-report.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/auth': major
+---
+
+chore: move v7 next to v8 next

.changeset/config.json

@@ -2,9 +2,17 @@
   "$schema": "https://unpkg.com/@changesets/config@1.3.0/schema.json",
   "changelog": "@changesets/cli/changelog",
   "commit": false,
-  "linked": [],
+  "fixed": [
+    [
+      "verdaccio",
+      "@verdaccio/cli",
+      "@verdaccio/core",
+      "@verdaccio/config",
+      "@verdaccio/node-api",
+      "@verdaccio/ui-theme"
+    ]
+  ],
   "access": "public",
   "baseBranch": "master",
-  "updateInternalDependencies": "patch",
-  "ignore": []
+  "updateInternalDependencies": "patch"
 }

.changeset/dry-planes-tap.md

@@ -1,59 +0,0 @@
----
-'@verdaccio/api': major
-'@verdaccio/auth': major
-'@verdaccio/cli': major
-'@verdaccio/config': major
-'@verdaccio/commons-api': major
-'@verdaccio/core': major
-'@verdaccio/local-storage': major
-'@verdaccio/fastify-migration': major
-'@verdaccio/streams': major
-'@verdaccio/types': major
-'@verdaccio/hooks': major
-'verdaccio-audit': major
-'verdaccio-aws-s3-storage': major
-'verdaccio-google-cloud': major
-'verdaccio-memory': major
-'@verdaccio/ui-theme': major
-'@verdaccio/proxy': major
-'@verdaccio/server': major
-'@verdaccio/store': major
-'@verdaccio/eslint-config': major
-'@verdaccio/dev-types': major
-'@verdaccio/utils': major
-'verdaccio': major
-'@verdaccio/web': major
----
-
-refactor: search v1 endpoint and local-database
-
-- refactor search `api v1` endpoint, improve performance
-- remove usage of `async` dependency https://github.com/verdaccio/verdaccio/issues/1225
-- refactor method storage class
-- create new module `core` to reduce the ammount of modules with utilities
-- use `undici` instead `node-fetch`
-- use `fastify` instead `express` for functional test
-
-### Breaking changes
-
-- plugin storage API changes
-- remove old search endpoint (return 404)
-- filter local private packages at plugin level
-
-The storage api changes for methods `get`, `add`, `remove` as promise base. The `search` methods also changes and recieves a `query` object that contains all query params from the client.
-
-```ts
-export interface IPluginStorage<T> extends IPlugin {
-  add(name: string): Promise<void>;
-  remove(name: string): Promise<void>;
-  get(): Promise<any>;
-  init(): Promise<void>;
-  getSecret(): Promise<string>;
-  setSecret(secret: string): Promise<any>;
-  getPackageStorage(packageInfo: string): IPackageStorage;
-  search(query: searchUtils.SearchQuery): Promise<searchUtils.SearchItem[]>;
-  saveToken(token: Token): Promise<any>;
-  deleteToken(user: string, tokenKey: string): Promise<any>;
-  readTokens(filter: TokenFilter): Promise<Token[]>;
-}
-```

.changeset/few-cooks-destroy.md

@@ -1,46 +0,0 @@
----
-'@verdaccio/api': major
-'@verdaccio/auth': major
-'@verdaccio/cli': major
-'@verdaccio/config': major
-'@verdaccio/commons-api': major
-'@verdaccio/file-locking': major
-'verdaccio-htpasswd': major
-'@verdaccio/local-storage': major
-'@verdaccio/readme': major
-'@verdaccio/streams': major
-'@verdaccio/types': major
-'@verdaccio/hooks': major
-'@verdaccio/loaders': major
-'@verdaccio/logger': major
-'@verdaccio/logger-prettify': major
-'@verdaccio/middleware': major
-'@verdaccio/mock': major
-'@verdaccio/node-api': major
-'@verdaccio/active-directory': major
-'verdaccio-audit': major
-'verdaccio-auth-memory': major
-'verdaccio-aws-s3-storage': major
-'verdaccio-google-cloud': major
-'verdaccio-memory': major
-'@verdaccio/proxy': major
-'@verdaccio/server': major
-'@verdaccio/store': major
-'@verdaccio/dev-types': major
-'@verdaccio/utils': major
-'verdaccio': major
-'@verdaccio/web': major
-'@verdaccio/website': major
----
-
-feat!: experiments config renamed to flags
-
-- The `experiments` configuration is renamed to `flags`. The functionality is exactly the same.
-
-```js
-flags: token: false;
-search: false;
-```
-
-- The `self_path` property from the config file is being removed in favor of `config_file` full path.
-- Refactor `config` module, better types and utilities

.changeset/few-mangos-grow.md

@@ -1,5 +0,0 @@
----
-'@verdaccio/ui-theme': minor
----
-
-upgrade to react@17 and other dependencies

.changeset/fifty-jars-rest.md

@@ -1,6 +0,0 @@
----
-'@verdaccio/middleware': patch
-'@verdaccio/web': patch
----
-
-Remove @ts-ignore and any in packages/web/src/endpoint/package.ts

.changeset/fuzzy-onions-draw.md

@@ -1,10 +0,0 @@
----
-'@verdaccio/api': minor
-'@verdaccio/fastify-migration': minor
-'@verdaccio/hooks': minor
-'@verdaccio/logger-prettify': minor
-'@verdaccio/proxy': minor
-'@verdaccio/store': minor
----
-
-abort search request support for proxy

.changeset/gentle-parrots-lay.md

@@ -1,11 +0,0 @@
----
-'@verdaccio/config': minor
-'@verdaccio/local-storage': minor
-'@verdaccio/e2e-ui': minor
----
-
-Some verdaccio modules depend on 'mkdirp' library which provides recursive directory creation functionality.
-NodeJS can do this out of the box since v.10.12. The last commit in 'mkdirp' was made in early 2016, and it's mid 2021 now.
-Time to stick with a built-in library solution!
-
-- All 'mkdirp' calls are replaced with appropriate 'fs' calls.

.changeset/gentle-stingrays-repeat.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/local-storage': patch
+'@verdaccio/store': patch
+---
+
+fix: code scan issues

.changeset/gentle-trains-switch.md

@@ -1,44 +0,0 @@
----
-'@verdaccio/api': major
-'@verdaccio/auth': major
-'@verdaccio/cli': major
-'@verdaccio/config': major
-'@verdaccio/commons-api': major
-'@verdaccio/file-locking': major
-'verdaccio-htpasswd': major
-'@verdaccio/local-storage': major
-'@verdaccio/readme': major
-'@verdaccio/streams': major
-'@verdaccio/types': major
-'@verdaccio/hooks': major
-'@verdaccio/loaders': major
-'@verdaccio/logger': major
-'@verdaccio/logger-prettify': major
-'@verdaccio/middleware': major
-'@verdaccio/mock': major
-'@verdaccio/node-api': major
-'@verdaccio/proxy': major
-'@verdaccio/server': major
-'@verdaccio/store': major
-'@verdaccio/dev-types': major
-'@verdaccio/utils': major
-'verdaccio': major
-'@verdaccio/web': major
----
-
-- Replace signature handler for legacy tokens by removing deprecated crypto.createDecipher by createCipheriv
-- Introduce environment variables for legacy tokens
-
-### Code Improvements
-
-- Add debug library for improve developer experience
-
-### Breaking change
-
-- The new signature invalidates all previous tokens generated by Verdaccio 4 or previous versions.
-- The secret key must have 32 characters long.
-
-### New environment variables
-
-- `VERDACCIO_LEGACY_ALGORITHM`: Allows to define the specific algorithm for the token signature which by default is `aes-256-ctr`
-- `VERDACCIO_LEGACY_ENCRYPTION_KEY`: By default, the token stores in the database, but using this variable allows to get it from memory

.changeset/gold-vans-tease.md

@@ -1,5 +0,0 @@
----
-'@verdaccio/utils': patch
----
-
-Fixed the validation of the name when searching for a tarball that have scoped package name

.changeset/healthy-bikes-behave.md

@@ -1,21 +0,0 @@
----
-'@verdaccio/cli': patch
-'@verdaccio/types': patch
-'@verdaccio/node-api': patch
-'@verdaccio/server': patch
----
-
-fix: restore logger on init
-
-Enable logger after parse configuration and log the very first step on startup phase.
-
-```bash
- warn --- experiments are enabled, it is recommended do not use experiments in production comment out this section to disable it
- info --- support for experiment [token]  is disabled
- info --- support for experiment [search]  is disabled
-(node:50831) Warning: config.logs is deprecated, rename configuration to "config.log"
-(Use `node --trace-warnings ...` to show where the warning was created)
- info --- http address http://localhost:4873/
- info --- version: 6.0.0-6-next.11
- info --- server started
-```

.changeset/healthy-poets-compare.md

@@ -1,11 +0,0 @@
----
-'@verdaccio/config': patch
----
-
-Feature
-
-- add option to set storage from environment variable VERDACCIO_STORAGE_PATH
-
-#### Related tickets
-
-https://github.com/verdaccio/verdaccio/issues/1681

.changeset/heavy-ravens-lay.md

@@ -1,6 +0,0 @@
----
-'@verdaccio/cli': minor
-'@verdaccio/fastify-migration': minor
----
-
-[Fastify] Add ping endpoint

.changeset/hip-eggs-serve.md

@@ -0,0 +1,5 @@
+---
+'verdaccio-htpasswd': patch
+---
+
+chore: add debug code to htpasswd package

.changeset/hip-hounds-destroy.md

@@ -1,39 +0,0 @@
----
-'@verdaccio/local-storage': patch
-'@verdaccio/ui-theme': patch
-'@verdaccio/server': patch
-'@verdaccio/api': patch
-'@verdaccio/auth': patch
-'@verdaccio/cli': patch
-'@verdaccio/config': patch
-'@verdaccio/commons-api': patch
-'@verdaccio/file-locking': patch
-'verdaccio-htpasswd': patch
-'@verdaccio/readme': patch
-'@verdaccio/streams': patch
-'@verdaccio/types': patch
-'@verdaccio/hooks': patch
-'@verdaccio/loaders': patch
-'@verdaccio/logger': patch
-'@verdaccio/logger-prettify': patch
-'@verdaccio/middleware': patch
-'@verdaccio/mock': patch
-'@verdaccio/node-api': patch
-'@verdaccio/active-directory': patch
-'verdaccio-audit': patch
-'verdaccio-auth-memory': patch
-'verdaccio-aws-s3-storage': patch
-'verdaccio-google-cloud': patch
-'verdaccio-memory': patch
-'@verdaccio/proxy': patch
-'@verdaccio/store': patch
-'@verdaccio/dev-types': patch
-'@verdaccio/utils': patch
-'verdaccio': patch
-'@verdaccio/web': patch
-'@verdaccio/e2e-cli': patch
-'@verdaccio/e2e-ui': patch
-'@verdaccio/website': patch
----
-
-chore: add release step to private regisry on merge changeset pr

.changeset/late-adults-love.md

@@ -1,20 +0,0 @@
----
-'@verdaccio/api': minor
-'verdaccio-htpasswd': minor
-'@verdaccio/local-storage': minor
----
-
-feat: remove level dependency by lowdb for npm token cli as storage
-
-### new npm token database
-
-There will be a new database located in your storage named `.token-db.json` which
-will store all references to created tokens, **it does not store tokens**, just
-mask of them and related metadata required to reference them.
-
-#### Breaking change
-
-If you were relying on `npm token` experiment. This PR will replace the
-used database (level) by a json plain based one (lowbd) which does not
-require Node.js C++ compilation step and has less dependencies. Since was
-a experiment there is no migration step.

.changeset/late-parents-act.md

@@ -1,6 +0,0 @@
----
-'@verdaccio/hooks': patch
-'@verdaccio/proxy': patch
----
-
-refactor: migrate request to node-fetch at hooks package

.changeset/little-stingrays-rule.md

@@ -1,5 +0,0 @@
----
-'verdaccio-audit': patch
----
-
-fix: several issues which caused the audit to fail (#2335)

.changeset/long-eyes-drum.md

@@ -4,32 +4,34 @@
 '@verdaccio/cli': minor
 '@verdaccio/config': minor
 '@verdaccio/core': minor
-'verdaccio-htpasswd': minor
-'@verdaccio/local-storage': minor
-'@verdaccio/fastify-migration': minor
+'@verdaccio/file-locking': minor
 '@verdaccio/tarball': minor
 '@verdaccio/types': minor
 '@verdaccio/url': minor
 '@verdaccio/hooks': minor
 '@verdaccio/loaders': minor
 '@verdaccio/logger': minor
+'@verdaccio/logger-commons': minor
+'@verdaccio/logger-prettify': minor
 '@verdaccio/middleware': minor
-'@verdaccio/mock': minor
 '@verdaccio/node-api': minor
-'@verdaccio/active-directory': minor
+'verdaccio-audit': minor
 'verdaccio-auth-memory': minor
-'verdaccio-aws-s3-storage': minor
-'verdaccio-google-cloud': minor
+'verdaccio-htpasswd': minor
+'@verdaccio/local-storage': minor
 'verdaccio-memory': minor
 '@verdaccio/ui-theme': minor
 '@verdaccio/proxy': minor
+'@verdaccio/search': minor
+'@verdaccio/search-indexer': minor
 '@verdaccio/server': minor
-'@verdaccio/cli-standalone': minor
+'@verdaccio/signature': minor
 '@verdaccio/store': minor
+'generator-verdaccio-plugin': minor
+'@verdaccio/ui-components': minor
 '@verdaccio/utils': minor
 'verdaccio': minor
 '@verdaccio/web': minor
-'@verdaccio/e2e-ui': minor
 ---
 
-refactor: remove @verdaccio/commons-api in favor @verdaccio/core and remove duplications
+feat: update logger pino to latest

.changeset/lucky-crabs-enjoy.md

@@ -0,0 +1,8 @@
+---
+'@verdaccio/api': patch
+'@verdaccio/core': patch
+'@verdaccio/middleware': patch
+'@verdaccio/proxy': patch
+---
+
+fix(middleware): error 404 when getting scoped tarballs

.changeset/many-vans-care.md

@@ -1,16 +0,0 @@
----
-'@verdaccio/tarball': patch
-'@verdaccio/mock': patch
-'@verdaccio/ui-theme': patch
-'@verdaccio/server': patch
-'@verdaccio/utils': patch
-'verdaccio': patch
----
-
-Bug Fixes
-
-- fix escaped slash in namespaced packages
-
-#### Related tickets
-
-https://github.com/verdaccio/verdaccio/pull/2193

.changeset/modern-spies-tell.md

@@ -1,6 +0,0 @@
----
-'@verdaccio/ui-theme': minor
-'verdaccio': minor
----
-
-feat: ui theme plugin part of the application

.changeset/neat-toes-report.md

@@ -1,51 +0,0 @@
----
-'@verdaccio/api': minor
-'@verdaccio/auth': minor
-'@verdaccio/cli': minor
-'@verdaccio/config': minor
-'@verdaccio/commons-api': minor
-'@verdaccio/file-locking': minor
-'verdaccio-htpasswd': minor
-'@verdaccio/local-storage': minor
-'@verdaccio/readme': minor
-'@verdaccio/streams': minor
-'@verdaccio/types': minor
-'@verdaccio/hooks': minor
-'@verdaccio/loaders': minor
-'@verdaccio/logger': minor
-'@verdaccio/logger-prettify': minor
-'@verdaccio/middleware': minor
-'@verdaccio/mock': minor
-'@verdaccio/node-api': minor
-'@verdaccio/active-directory': minor
-'verdaccio-audit': minor
-'verdaccio-auth-memory': minor
-'verdaccio-aws-s3-storage': minor
-'verdaccio-google-cloud': minor
-'verdaccio-memory': minor
-'@verdaccio/ui-theme': minor
-'@verdaccio/proxy': minor
-'@verdaccio/server': minor
-'@verdaccio/store': minor
-'@verdaccio/dev-types': minor
-'@verdaccio/utils': minor
-'verdaccio': minor
-'@verdaccio/web': minor
----
-
-feat: add server rate limit protection to all request
-
-To modify custom values, use the server settings property.
-
-```markdown
-server:
-
-## https://www.npmjs.com/package/express-rate-limit#configuration-options
-
-rateLimit:
-windowMs: 1000
-max: 10000
-```
-
-The values are intended to be high, if you want to improve security of your server consider
-using different values.

.changeset/nine-countries-remember.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/middleware': patch
+---
+
+fix(middleware): encoding of scope package name

.changeset/olive-candles-speak.md

@@ -1,5 +0,0 @@
----
-'@verdaccio/ui-theme': minor
----
-
-feat: integrate rematch for ui state storage

.changeset/perfect-emus-clean.md

@@ -1,5 +0,0 @@
----
-'@verdaccio/cli': major
----
-
-feat: node 14 as minimum for running cli

.changeset/perfect-kangaroos-agree.md

@@ -1,5 +0,0 @@
----
-'@verdaccio/cli': major
----
-
-feat: use clipanion over commander

.changeset/plenty-news-remember.md

@@ -1,30 +0,0 @@
----
-'@verdaccio/auth': major
-'verdaccio-htpasswd': major
-'verdaccio-audit': major
-'@verdaccio/server': major
-'@verdaccio/cli-standalone': major
----
-
-feat: standalone registry with no dependencies
-
-## Usage
-
-To install a server with no dependencies
-
-```bash
-npm install -g @verdaccio/standalone
-```
-
-with no internet required
-
-```bash
-npm install -g ./tarball.tar.gz
-```
-
-Bundles htpasswd and audit plugins.
-
-### Breaking Change
-
-It does not allow anymore the `auth` and `middleware` property at config file empty,
-it will fallback to those plugins by default.

.changeset/plenty-spiders-melt.md

@@ -1,36 +0,0 @@
----
-'@verdaccio/api': minor
-'@verdaccio/auth': minor
-'@verdaccio/cli': minor
-'@verdaccio/config': minor
-'@verdaccio/commons-api': minor
-'@verdaccio/file-locking': minor
-'verdaccio-htpasswd': minor
-'@verdaccio/local-storage': minor
-'@verdaccio/readme': minor
-'@verdaccio/streams': minor
-'@verdaccio/types': minor
-'@verdaccio/hooks': minor
-'@verdaccio/loaders': minor
-'@verdaccio/logger': minor
-'@verdaccio/logger-prettify': minor
-'@verdaccio/middleware': minor
-'@verdaccio/mock': minor
-'@verdaccio/node-api': minor
-'@verdaccio/proxy': minor
-'@verdaccio/server': minor
-'@verdaccio/store': minor
-'@verdaccio/dev-types': minor
-'@verdaccio/utils': minor
-'verdaccio': minor
-'@verdaccio/web': minor
-'@verdaccio/website': minor
----
-
-feat: add typescript project references settings
-
-Reading https://ebaytech.berlin/optimizing-multi-package-apps-with-typescript-project-references-d5c57a3b4440 I realized I can use project references to solve the issue to pre-compile modules on develop mode.
-
-It allows to navigate (IDE) trough the packages without need compile the packages.
-
-Add two `tsconfig`, one using the previous existing configuration that is able to produce declaration files (`tsconfig.build`) and a new one `tsconfig` which is enables [_projects references_](https://www.typescriptlang.org/docs/handbook/project-references.html).

.changeset/plenty-tables-refuse.md

@@ -1,6 +0,0 @@
----
-'@verdaccio/cli': minor
-'@verdaccio/node-api': minor
----
-
-feat: improve cli loggin on start up

.changeset/pre.json

@@ -1,90 +1,78 @@
 {
   "mode": "pre",
-  "tag": "6-next",
+  "tag": "next-8",
   "initialVersions": {
-    "@verdaccio/api": "6.0.0-alpha.0",
-    "@verdaccio/auth": "6.0.0-alpha.0",
-    "@verdaccio/cli": "6.0.0-alpha.0",
-    "@verdaccio/config": "6.0.0-alpha.0",
-    "@verdaccio/file-locking": "11.0.0-alpha.0",
-    "verdaccio-htpasswd": "11.0.0-alpha.0",
-    "@verdaccio/local-storage": "11.0.0-alpha.0",
-    "@verdaccio/readme": "11.0.0-alpha.0",
-    "@verdaccio/streams": "11.0.0-alpha.0",
-    "@verdaccio/types": "11.0.0-alpha.0",
-    "@verdaccio/hooks": "6.0.0-alpha.0",
-    "@verdaccio/loaders": "6.0.0-alpha.0",
-    "@verdaccio/logger": "6.0.0-alpha.0",
-    "@verdaccio/logger-prettify": "6.0.0-alpha.0",
-    "@verdaccio/middleware": "6.0.0-alpha.0",
-    "@verdaccio/mock": "6.0.0-alpha.0",
-    "@verdaccio/node-api": "6.0.0-alpha.0",
-    "@verdaccio/proxy": "6.0.0-alpha.0",
-    "@verdaccio/server": "6.0.0-alpha.0",
-    "@verdaccio/store": "6.0.0-alpha.0",
-    "@verdaccio/dev-types": "6.0.0-alpha.0",
-    "@verdaccio/utils": "6.0.0-alpha.0",
-    "verdaccio": "6.0.0-alpha.0",
-    "@verdaccio/web": "6.0.0-alpha.0",
-    "@verdaccio/active-directory": "11.0.0-alpha.0",
-    "verdaccio-audit": "11.0.0-alpha.0",
-    "verdaccio-auth-memory": "11.0.0-alpha.0",
-    "verdaccio-aws-s3-storage": "11.0.0-alpha.0",
-    "verdaccio-google-cloud": "11.0.0-alpha.0",
-    "verdaccio-memory": "11.0.0-alpha.0",
-    "@verdaccio/ui-theme": "6.0.0-alpha.1",
-    "@verdaccio/e2e-cli": "1.0.0",
-    "@verdaccio/e2e-ui": "1.0.0",
-    "@verdaccio/cli-standalone": "6.0.0-alpha.3",
-    "@verdaccio/tarball": "11.0.0-alpha.3",
-    "@verdaccio/url": "11.0.0-alpha.3",
-    "@verdaccio/fastify-migration": "6.0.0-6-next.9",
-    "@verdaccio/eslint-config": "1.0.0",
-    "@verdaccio/benchmark": "1.0.0",
-    "@verdaccio/website": "5.1.3",
-    "@verdaccio/core": "6.0.0-next.0",
-    "@verdaccio/helper": "1.0.0"
+    "@verdaccio/test-cli-commons": "1.1.0",
+    "@verdaccio/e2e-cli-npm9": "1.0.1",
+    "@verdaccio/e2e-cli-npm6": "1.0.1",
+    "@verdaccio/e2e-cli-npm7": "1.0.1",
+    "@verdaccio/e2e-cli-npm8": "1.0.1",
+    "@verdaccio/e2e-cli-pnpm8": "1.0.1",
+    "@verdaccio/e2e-cli-pnpm9": "1.0.1",
+    "@verdaccio/e2e-cli-yarn1": "1.0.1",
+    "@verdaccio/e2e-cli-yarn2": "1.0.1",
+    "@verdaccio/e2e-cli-yarn3": "1.0.1",
+    "@verdaccio/e2e-cli-yarn4": "1.0.1",
+    "@verdaccio/e2e-ui": "2.0.0",
+    "@verdaccio/api": "7.0.0",
+    "@verdaccio/auth": "7.0.0",
+    "@verdaccio/cli": "7.0.0",
+    "@verdaccio/config": "7.0.0",
+    "@verdaccio/core": "7.0.0",
+    "@verdaccio/file-locking": "12.0.0",
+    "@verdaccio/tarball": "12.0.0",
+    "@verdaccio/types": "12.0.0",
+    "@verdaccio/url": "12.0.0",
+    "@verdaccio/hooks": "7.0.0",
+    "@verdaccio/loaders": "7.0.0",
+    "@verdaccio/logger": "7.0.0",
+    "@verdaccio/logger-commons": "7.0.0",
+    "@verdaccio/logger-prettify": "7.0.0",
+    "@verdaccio/middleware": "7.0.0",
+    "@verdaccio/node-api": "7.0.0",
+    "verdaccio-audit": "12.0.0",
+    "verdaccio-auth-memory": "12.0.0",
+    "verdaccio-htpasswd": "12.0.0",
+    "@verdaccio/local-storage": "12.0.0",
+    "verdaccio-memory": "12.0.0",
+    "@verdaccio/ui-theme": "7.0.0",
+    "@verdaccio/proxy": "7.0.0",
+    "@verdaccio/search": "7.0.0",
+    "@verdaccio/search-indexer": "7.0.0",
+    "@verdaccio/server": "7.0.0",
+    "@verdaccio/server-fastify": "7.0.0",
+    "@verdaccio/signature": "7.0.0",
+    "@verdaccio/cli-standalone": "7.0.0",
+    "@verdaccio/store": "7.0.0",
+    "docusaurus-plugin-contributors": "2.0.0",
+    "@verdaccio/eslint-config": "3.0.0",
+    "generator-verdaccio-plugin": "5.0.0",
+    "@verdaccio/test-helper": "3.0.0",
+    "@verdaccio/local-publish": "0.0.2",
+    "@verdaccio/crowdin-translations": "1.0.0",
+    "customprefix-auth": "2.0.0",
+    "@verdaccio/ui-components": "3.0.0",
+    "@verdaccio/utils": "7.0.0",
+    "verdaccio": "7.0.0",
+    "@verdaccio/web": "7.0.0",
+    "@verdaccio/website": "6.0.0"
   },
   "changesets": [
-    "afraid-mice-obey",
-    "big-lobsters-sin",
-    "calm-pants-impress",
-    "dry-planes-tap",
-    "eleven-spoons-matter",
-    "few-cooks-destroy",
-    "few-mangos-grow",
-    "fifty-jars-rest",
-    "fuzzy-onions-draw",
-    "gentle-parrots-lay",
-    "gentle-trains-switch",
-    "gold-vans-tease",
-    "healthy-bikes-behave",
-    "healthy-poets-compare",
-    "heavy-ravens-lay",
-    "hip-hounds-destroy",
-    "late-adults-love",
-    "late-parents-act",
-    "little-stingrays-rule",
-    "many-vans-care",
-    "modern-spies-tell",
-    "neat-toes-report",
-    "olive-candles-speak",
-    "perfect-candles-clap",
-    "perfect-emus-clean",
-    "perfect-kangaroos-agree",
-    "plenty-news-remember",
-    "plenty-spiders-melt",
-    "plenty-tables-refuse",
-    "pretty-hounds-tap",
-    "proud-jeans-walk",
-    "red-chefs-float",
-    "shaggy-carrots-unite",
-    "shiny-chefs-heal",
-    "smart-apricots-kneel",
-    "spicy-frogs-press",
-    "tender-bags-call",
-    "three-pots-sit",
-    "two-dolls-check",
-    "wild-jokes-beam"
+    "angry-doors-tan",
+    "beige-lions-type",
+    "blue-paws-cheer",
+    "chatty-apricots-report",
+    "gentle-stingrays-repeat",
+    "hip-eggs-serve",
+    "long-eyes-drum",
+    "lucky-crabs-enjoy",
+    "nine-countries-remember",
+    "quick-seas-deny",
+    "rotten-melons-notice",
+    "rude-birds-design",
+    "serious-apes-rule",
+    "sweet-crabs-deliver",
+    "violet-boxes-float",
+    "weak-cherries-serve"
   ]
 }

.changeset/pretty-hounds-tap.md

@@ -1,29 +0,0 @@
----
-'@verdaccio/api': patch
-'@verdaccio/auth': patch
-'@verdaccio/cli': patch
-'@verdaccio/config': patch
-'@verdaccio/commons-api': patch
-'@verdaccio/file-locking': patch
-'verdaccio-htpasswd': patch
-'@verdaccio/local-storage': patch
-'@verdaccio/readme': patch
-'@verdaccio/streams': patch
-'@verdaccio/types': patch
-'@verdaccio/hooks': patch
-'@verdaccio/loaders': patch
-'@verdaccio/logger': patch
-'@verdaccio/logger-prettify': patch
-'@verdaccio/middleware': patch
-'@verdaccio/mock': patch
-'@verdaccio/node-api': patch
-'@verdaccio/proxy': patch
-'@verdaccio/server': patch
-'@verdaccio/store': patch
-'@verdaccio/dev-types': patch
-'@verdaccio/utils': patch
-'verdaccio': patch
-'@verdaccio/web': patch
----
-
-Enable prerelease mode with **changesets**

.changeset/proud-jeans-walk.md

@@ -1,10 +0,0 @@
----
-'verdaccio-htpasswd': patch
-'@verdaccio/local-storage': patch
-'@verdaccio/fastify-migration': patch
-'@verdaccio/hooks': patch
-'@verdaccio/mock': patch
-'@verdaccio/node-api': patch
----
-
-Added core-js missing from dependencies though referenced in .js sources

.changeset/quick-seas-deny.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/loaders': minor
+---
+
+chore: remove logger as dependency

.changeset/red-chefs-float.md

@@ -1,11 +0,0 @@
----
-'@verdaccio/store': patch
-'@verdaccio/web': patch
----
-
-Fix the search by exact name of the package
-
-Full package name queries was not finding anithing. It was happening
-becouse of stemmer of [lunr.js](https://lunrjs.com/).
-
-To fix this, the stemmer of [lunr.js](https://lunrjs.com/) was removed from search pipeline.

.changeset/rotten-melons-notice.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/middleware': patch
+---
+
+chore(middleware): fix syntax of test files

.changeset/rude-birds-design.md

@@ -0,0 +1,5 @@
+---
+'verdaccio': patch
+---
+
+chore: encode parts of URL

.changeset/serious-apes-rule.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-components': patch
+---
+
+chore(ui): replace react-json-view

.changeset/shaggy-carrots-unite.md

@@ -1,5 +0,0 @@
----
-'@verdaccio/logger': patch
----
-
-do not show deprecation warning on default logger config

.changeset/shiny-chefs-heal.md

@@ -1,5 +0,0 @@
----
-'@verdaccio/api': patch
----
-
-testing changesets

.changeset/smart-apricots-kneel.md

@@ -1,79 +0,0 @@
----
-'@verdaccio/ui-theme': major
-'@verdaccio/cli-standalone': major
-'@verdaccio/web': major
----
-
-feat: flexible user interface generator
-
-**breaking change**
-
-The UI does not provide a pre-generated `index.html`, instead the server generates
-the body of the web application based in few parameters:
-
-- Webpack manifest
-- User configuration details
-
-It allows inject html tags, javascript and new CSS to make the page even more flexible.
-
-### Web new properties for dynamic template
-
-The new set of properties are made in order allow inject _html_ and _JavaScript_ scripts within the template. This
-might be useful for scenarios like Google Analytics scripts or custom html in any part of the body.
-
-- metaScripts: html injected before close the `head` element.
-- scriptsBodyAfter: html injected before close the `body` element.
-- bodyAfter: html injected after _verdaccio_ JS scripts.
-
-```yaml
-web:
-  scriptsBodyAfter:
-    - '<script type="text/javascript" src="https://my.company.com/customJS.min.js"></script>'
-  metaScripts:
-    - '<script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>'
-    - '<script type="text/javascript" src="https://browser.sentry-cdn.com/5.15.5/bundle.min.js"></script>'
-    - '<meta name="robots" content="noindex" />'
-  bodyBefore:
-    - '<div id="myId">html before webpack scripts</div>'
-  bodyAfter:
-    - '<div id="myId">html after webpack scripts</div>'
-```
-
-### UI plugin changes
-
-- `index.html` is not longer used, template is generated based on `manifest.json` generated by webpack.
-- Plugin must export:
-  - the manifest file.
-  - the manifest files: matcher (array of id that generates required scripts to run the ui)
-  - static path: The absolute path where the files are located in `node_modules`
-
-```
-exports.staticPath = path.join(__dirname, 'static');
-exports.manifest = require('./static/manifest.json');
-exports.manifestFiles = {
-  js: ['runtime.js', 'vendors.js', 'main.js'],
-  css: [],
-  ico: 'favicon.ico',
-};
-```
-
-- Remove font files
-- CSS is inline on JS (this will help with #2046)
-
-### Docker v5 Examples
-
-- Move all current examples to v4 folder
-- Remove any v3 example
-- Create v5 folder with Nginx Example
-
-#### Related tickets
-
-https://github.com/verdaccio/verdaccio/issues/1523
-https://github.com/verdaccio/verdaccio/issues/1297
-https://github.com/verdaccio/verdaccio/issues/1593
-https://github.com/verdaccio/verdaccio/discussions/1539
-https://github.com/verdaccio/website/issues/264
-https://github.com/verdaccio/verdaccio/issues/1565
-https://github.com/verdaccio/verdaccio/issues/1251
-https://github.com/verdaccio/verdaccio/issues/2029
-https://github.com/verdaccio/docker-examples/issues/29

.changeset/spicy-frogs-press.md

@@ -1,32 +0,0 @@
----
-'verdaccio-htpasswd': major
----
-
-feat: allow other password hashing algorithms (#1917)
-
-**breaking change**
-
-The current implementation of the `htpasswd` module supports multiple hash formats on verify, but only `crypt` on sign in.
-`crypt` is an insecure old format, so to improve the security of the new `verdaccio` release we introduce the support of multiple hash algorithms on sign in step.
-
-### New hashing algorithms
-
-The new possible hash algorithms to use are `bcrypt`, `md5`, `sha1`. `bcrypt` is chosen as a default, because of its customizable complexity and overall reliability. You can read more about them [here](https://httpd.apache.org/docs/2.4/misc/password_encryptions.html).
-
-Two new properties are added to `auth` section in the configuration file:
-
-- `algorithm` to choose the way you want to hash passwords.
-- `rounds` is used to determine `bcrypt` complexity. So one can improve security according to increasing computational power.
-
-Example of the new `auth` config file section:
-
-```yaml
-auth:
-htpasswd:
-  file: ./htpasswd
-  max_users: 1000
-  # Hash algorithm, possible options are: "bcrypt", "md5", "sha1", "crypt".
-  algorithm: bcrypt
-  # Rounds number for "bcrypt", will be ignored for other algorithms.
-  rounds: 10
-```

.changeset/sweet-crabs-deliver.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-components': patch
+---
+
+chore(ui): typing for Theme

.changeset/tender-bags-call.md

@@ -1,9 +0,0 @@
----
-'@verdaccio/logger': major
----
-
-logging prettifier only in development mode
-
-- Verdaccio prettify `@verdaccio/logger-prettify` the logging which looks beautiful. But there are scenarios which does not make sense in production. This feature enables disable by default the prettifies if production `NODE_ENV` is enabled.
-- Updates pino.js to `^6.7.0`.
-- Suppress the warning when prettifier is enabled `suppressFlushSyncWarning`

.changeset/three-pots-sit.md

@@ -1,33 +0,0 @@
----
-'@verdaccio/api': patch
-'@verdaccio/auth': patch
-'@verdaccio/cli': patch
-'@verdaccio/config': patch
-'@verdaccio/commons-api': patch
-'@verdaccio/file-locking': patch
-'verdaccio-htpasswd': patch
-'@verdaccio/local-storage': patch
-'@verdaccio/readme': patch
-'@verdaccio/types': patch
-'@verdaccio/hooks': patch
-'@verdaccio/loaders': patch
-'@verdaccio/logger': patch
-'@verdaccio/logger-prettify': patch
-'@verdaccio/middleware': patch
-'@verdaccio/mock': patch
-'@verdaccio/node-api': patch
-'@verdaccio/proxy': patch
-'@verdaccio/server': patch
-'@verdaccio/store': patch
-'@verdaccio/dev-types': patch
-'@verdaccio/utils': patch
-'verdaccio': patch
----
-
-ESLint Warnings Fixed
-
-Related to issue #1461
-
-- max-len: most of the sensible max-len errors are fixed
-- no-unused-vars: most of these types of errors are fixed by deleting not needed declarations
-- @typescript-eslint/no-unused-vars: same as above

.changeset/two-dolls-check.md

@@ -1,28 +0,0 @@
----
-'@verdaccio/cli': major
-'@verdaccio/config': major
-'@verdaccio/types': major
-'@verdaccio/logger': major
-'@verdaccio/node-api': major
-'verdaccio-google-cloud': major
-'verdaccio': major
----
-
-feat: node api new structure based on promise
-
-```js
-import { runServer } from '@verdaccio/node-api';
-// or
-import { runServer } from 'verdaccio';
-
-const app = await runServer(); // default configuration
-const app = await runServer('./config/config.yaml');
-const app = await runServer({ configuration });
-app.listen(4000, (event) => {
-  // do something
-});
-```
-
-### Breaking Change
-
-If you are using the node-api, the new structure is Promise based and less arguments.

.changeset/violet-boxes-float.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/store': patch
+'@verdaccio/tarball': patch
+---
+
+fix(api): add logging when requesting tarball

.changeset/weak-cherries-serve.md

@@ -0,0 +1,18 @@
+---
+'@verdaccio/logger-commons': patch
+'@verdaccio/file-locking': patch
+'@verdaccio/ui-theme': patch
+'@verdaccio/search-indexer': patch
+'@verdaccio/server': patch
+'@verdaccio/server-fastify': patch
+'@verdaccio/test-helper': patch
+'@verdaccio/middleware': patch
+'verdaccio': patch
+'@verdaccio/node-api': patch
+'@verdaccio/auth': patch
+'@verdaccio/api': patch
+'@verdaccio/cli': patch
+'@verdaccio/web': patch
+---
+
+chore: auth package requires logger as parameter

.changeset/wild-jokes-beam.md

@@ -1,32 +0,0 @@
----
-'@verdaccio/types': minor
-'@verdaccio/ui-theme': minor
-'@verdaccio/web': minor
----
-
-web: allow ui hide package managers on sidebar
-
-If there is a package manager of preference over others, you can define the package managers to be displayed on the detail page and sidebar, just define in the `config.yaml` and web section the list of package managers to be displayed.
-
-```
-web:
-  title: Verdaccio
-  sort_packages: asc
-  primary_color: #cccccc
-  pkgManagers:
-    - pnpm
-    - yarn
-    # - npm
-```
-
-To disable all package managers, just define empty:
-
-```
-web:
-  title: Verdaccio
-  sort_packages: asc
-  primary_color: #cccccc
-  pkgManagers:
-```
-
-and the section would be hidden.

.dockerignore

@@ -22,7 +22,6 @@ jest
 docs
 contrib
 docker-examples
-website
 systemd
 
 # output from test runs and similar things

.eslintignore

@@ -11,3 +11,10 @@ wiki/
 dist/
 docs/
 test/functional/store/*
+docker-examples/**/lib/**/*.js
+test/cli/e2e-yarn4/bin/yarn-4.0.0-rc.14.cjs
+yarn.js
+# storybook
+packages/ui-components/storybook-static
+dist.js
+bundle.js

.github/ISSUE_TEMPLATE/config.yml

@@ -8,7 +8,4 @@ contact_links:
     about: I want to report a security vulnerability
   - name: Chat 🏘
     url: https://discord.gg/7qWJxBf
-    about: For a quick question you should do it through our community chat
-  - name: User Interface Report 👩🏼‍🎨👨🏼‍🎨
-    url: https://github.com/verdaccio/ui/issues/new/choose
-    about: Any report related with the User Interface should be posted in another repository
+    about: Quick question? Try out Discord chat, you can get faster feedback

.github/dependabot.yml

@@ -8,18 +8,11 @@ updates:
   # Maintain dependencies for GitHub Actions
   - package-ecosystem: 'github-actions'
     directory: '/'
-    schedule:
-      interval: 'weekly'
-
-  # Maintain dependencies for npm
-  - package-ecosystem: 'npm'
-    directory: '/'
-    schedule:
-      interval: 'daily'
-    allow:
-      - dependency-name: '@verdaccio/*'
-      - dependency-name: 'verdaccio-*'
+    open-pull-requests-limit: 1
+    prefix: "[github-actions] "
     assignees:
-      - 'verdacciobot'
+      - 'verdacciobot'    
+    schedule:
+      interval: 'monthly'
     labels:
       - 'bot: dependencies'

.github/disabled/ci-windows.yml

@@ -0,0 +1,148 @@
+name: CI windows
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '5 0 * * SUN' 
+permissions:
+  contents: read
+jobs:
+  prepare:
+    runs-on: ubuntu-latest
+    name: setup verdaccio
+    services:
+      verdaccio:
+        image: verdaccio/verdaccio:nightly-master
+        ports:
+          - 4873:4873
+        env:
+          NODE_ENV: production          
+    steps:
+    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v3
+    - name: Node
+      uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3
+      with:
+        node-version-file: '.nvmrc'
+    - name: Install pnpm
+      run: |
+        corepack enable
+        corepack install
+    - name: set store
+      run: |
+        mkdir ~/.pnpm-store
+        pnpm config set store-dir ~/.pnpm-store
+    - name: Install
+      run: pnpm install  --registry http://localhost:4873
+    - name: Cache .pnpm-store
+      uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v3
+      with:
+        path: ~/.pnpm-store
+        key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+        restore-keys: |
+          pnpm-
+  lint:
+    runs-on: windows-latest
+    name: Lint
+    needs: prepare
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v3
+      - name: Node
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3
+        with:
+          node-version-file: '.nvmrc'
+      - name: Install pnpm
+        run: npm i pnpm@latest-8 -g
+      - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v3
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          mkdir ~/.pnpm-store
+          pnpm config set store-dir ~/.pnpm-store              
+      - name: Install
+        run: pnpm install --offline --reporter=silence --ignore-scripts
+      - name: Lint
+        run: pnpm lint
+  format:
+    runs-on: windows-latest
+    name: Format
+    needs: prepare
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v3
+      - name: Use Node
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3
+        with:
+          node-version-file: '.nvmrc'
+      - name: Install pnpm
+        run: npm i pnpm@latest-8 -g
+      - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v3
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          mkdir ~/.pnpm-store
+          pnpm config set store-dir ~/.pnpm-store          
+      - name: Install
+        run: pnpm install --offline --reporter=silence --ignore-scripts
+      - name: Lint
+        run: pnpm format:check
+  build:
+    needs: [format, lint]
+    strategy:
+      fail-fast: true
+      matrix:
+        os: [windows-latest]
+        node_version: [18]
+    name: ${{ matrix.os }} / Node ${{ matrix.node_version }}
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v3
+      - name: Use Node ${{ matrix.node_version }}
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3
+        with:
+          node-version: ${{ matrix.node_version }}
+      - name: Install pnpm
+        run: npm i pnpm@latest-8 -g
+      - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v3
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          mkdir ~/.pnpm-store
+          pnpm config set store-dir ~/.pnpm-store          
+      - name: Install
+        run: pnpm install --offline --reporter=silence --ignore-scripts --registry http://localhost:4873
+      - name: build
+        run: pnpm build
+      - name: Test
+        run: pnpm test
+  ci-e2e-ui:
+    needs: [format, lint]
+    runs-on: windows-latest
+    name: UI Test E2E
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v3
+      - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3
+        with:
+          node-version-file: '.nvmrc'
+      - name: Install pnpm
+        run: npm i pnpm@latest-8 -g
+      - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v3
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          mkdir ~/.pnpm-store
+          pnpm config set store-dir ~/.pnpm-store              
+      - name: Install
+        run: pnpm install --offline --reporter=silence --registry http://localhost:4873
+      - name: build
+        run: pnpm build
+      - name: Test UI
+        run: pnpm test:e2e:ui
+        # env:
+        #  DEBUG: verdaccio:e2e*

.github/disabled/docker-plugins-e2e.yml

@@ -0,0 +1,39 @@
+name: E2E Docker Proxy Plugins Test
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - 'master'
+  schedule:
+    # run every sunday
+    - cron: '0 0 * * 0'
+jobs:
+  docker:
+    timeout-minutes: 10
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3
+      
+    - name: Start containers
+      run: docker compose -f "./e2e/docker/docker-build-install-plugin/docker-compose.yaml" up -d --build
+
+    - name: Install node
+      uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3
+      with:
+        node-version: 18
+
+    - name: verdaccio cli
+      run: npm install -g verdaccio --registry=http://localhost:4873
+    - name: gastby cli 
+      run:  npm install -g gatsby-cli --registry http://localhost:4873
+    - name: netlify cli 
+      run:  npm install -g netlify-cli --registry http://localhost:4873
+    - name: angular cli 
+      run:  npm install -g @angular/cli --registry http://localhost:4873
+
+    - name: Stop containers
+      if: always()
+      run: docker compose -f "./e2e/docker/docker-build-install-plugin/docker-compose.yaml" down

.github/workflows/benchmark.yml

@@ -1,171 +0,0 @@
----
-name: ci - benchmark
-
-on:
-  workflow_dispatch:
-  schedule:
-    # 3 times day
-    # collecting enough data to draw some graphics
-    - cron: '0 1 * * *'
-  # push:
-  #   branches:
-  #     - master
-jobs:
-  prepare: 
-    name: Prepare build
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v2
-        with:
-          node-version: 14.x
-      - name: install pnpm
-        run: sudo npm i pnpm@6.6.1 -g
-      - name: set store
-        run: | 
-          mkdir ~/.pnpm-store
-          pnpm config set store-dir ~/.pnpm-store     
-      - name: setup pnpm config registry
-        run: pnpm config set registry https://registry.verdaccio.org
-      - name: install dependencies
-        run: pnpm install
-      - name: Cache .pnpm-store
-        uses: actions/cache@v2
-        with:
-          path: ~/.pnpm-store
-          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
-          restore-keys: |
-            pnpm-              
-      - name: build
-        run: pnpm build
-      - name: tar packages
-        run: |      
-          tar -czvf ${{ github.workspace }}/pkg.tar.gz -C ${{ github.workspace }}/packages .
-      - uses: actions/upload-artifact@v2
-        with:
-          name: verdaccio-artifact
-          path: pkg.tar.gz
-  benchmark-autocannon:
-    needs: prepare
-    strategy:
-      fail-fast: false
-      matrix:
-        benchmark:
-          - info
-          - tarball
-        verdaccioVersion:
-          # - local
-          - 3.13.1
-          - 4.12.2
-          - 5.1.3
-          - 6.0.0-6-next.24
-    name: Benchmark autocannon
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v2
-        with:
-          node-version: 14.x
-      - uses: actions/download-artifact@v2
-        with:
-          name: verdaccio-artifact
-      - name: untar packages
-        run: tar -xzvf pkg.tar.gz -C ${{ github.workspace }}/packages          
-      - name: install pnpm
-        # require fixed version
-        run: sudo npm i pnpm@6.6.1 -g
-      - uses: actions/cache@v2
-        with:
-          path: ~/.pnpm-store
-          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}   
-      - name: install dependencies
-        run: pnpm install    
-      - name: start registry
-        run: ./scripts/benchmark-prepare.sh ${{matrix.verdaccioVersion}}        
-      - name: benchmark        
-        run: pnpm benchmark:api -- -v ${{matrix.verdaccioVersion}} -f ${{matrix.benchmark}}       
-        shell: bash
-        env:
-          DEBUG: metrics*
-      - uses: actions/upload-artifact@v2
-        with:
-          name: verdaccio-metrics-api
-          path: ./api-results-${{matrix.verdaccioVersion}}-${{matrix.benchmark}}.json  
-          if-no-files-found: error
-          retention-days: 10 
-      - name: submit metrics
-        run: pnpm benchmark:submit
-        env:
-          DEBUG: metrics
-          METRICS_SOURCE: autocannon
-          METRICS_URL: ${{ secrets.METRICS_URL }}
-          METRICS_TOKEN: ${{ secrets.METRICS_TOKEN }}
-          METRICS_BENCHMARK: ${{matrix.benchmark}}
-          METRICS_VERSION: ${{matrix.verdaccioVersion}}
-          METRICS_COMMIT_HASH: ${{ github.sha }}
-          METRICS_FILE_NAME: 'api-results'   
-  benchmark:
-    needs: prepare
-    strategy:
-      fail-fast: false
-      matrix:
-        benchmark:
-          - info
-          - tarball
-        verdaccioVersion:
-          # future 6.x (wip)
-          # - local (master branch)
-          # old versions to compare same test along previous releases
-          - 3.13.1
-          - 4.12.2
-          - 5.1.3
-          - 6.0.0-6-next.24
-    name: Benchmark hyperfine
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v2
-        with:
-          node-version: 14.x
-      - uses: actions/download-artifact@v2
-        with:
-          name: verdaccio-artifact
-      - name: untar packages
-        run: tar -xzvf pkg.tar.gz -C ${{ github.workspace }}/packages          
-      - name: install pnpm
-        # require fixed version
-        run: sudo npm i pnpm@6.6.1 -g
-      - uses: actions/cache@v2
-        with:
-          path: ~/.pnpm-store
-          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}   
-      - name: install dependencies
-        run: pnpm install
-      - name: install hyperfine
-        run: |
-          wget https://github.com/sharkdp/hyperfine/releases/download/v1.11.0/hyperfine_1.11.0_amd64.deb
-          sudo dpkg -i hyperfine_1.11.0_amd64.deb
-      - name: start registry
-        run: ./scripts/benchmark-prepare.sh ${{matrix.verdaccioVersion}}
-      - name: benchmark        
-        run: ./scripts/benchmark-run.sh ${{matrix.benchmark}}
-        # https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#using-a-specific-shell
-        shell: bash
-      - name: rename
-        run: mv ./hyper-results.json ./hyper-results-${{matrix.verdaccioVersion}}-${{matrix.benchmark}}.json
-      - uses: actions/upload-artifact@v2
-        with:
-          name: verdaccio-metrics
-          path: ./hyper-results-${{matrix.verdaccioVersion}}-${{matrix.benchmark}}.json  
-          if-no-files-found: error
-          retention-days: 10 
-      - name: submit metrics
-        run: pnpm benchmark:submit
-        env:
-          DEBUG: metrics
-          METRICS_SOURCE: hyperfine
-          METRICS_URL: ${{ secrets.METRICS_URL }}
-          METRICS_TOKEN: ${{ secrets.METRICS_TOKEN }}
-          METRICS_BENCHMARK: ${{matrix.benchmark}}
-          METRICS_VERSION: ${{matrix.verdaccioVersion}}
-          METRICS_COMMIT_HASH: ${{ github.sha }}

.github/workflows/changesets.yml

@@ -20,22 +20,21 @@ jobs:
     if: github.ref == 'refs/heads/master' && github.repository == 'verdaccio/verdaccio'
     steps:
       - name: checkout code repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
 
       - name: setup node.js
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
-          node-version: 14
-          registry-url: 'https://registry.npmjs.org'
+          node-version-file: '.nvmrc'
         env:
           NODE_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
 
-      - name: install pnpm
-        run: npm i pnpm@6.10.3 -g
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
+      - name: Install pnpm
+        run: |
+          corepack enable
+          corepack install
 
       - name: setup pnpm config
         run: pnpm config set store-dir $PNPM_CACHE_FOLDER
@@ -47,8 +46,7 @@ jobs:
         env:
           NODE_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
       - name: crowdin download
-        env:
-          CROWDIN_VERDACCIO_PROJECT_ID: ${{ secrets.CROWDIN_VERDACCIO_PROJECT_ID }}
+        env:          
           CROWDIN_VERDACCIO_API_KEY: ${{ secrets.CROWDIN_VERDACCIO_API_KEY }}
           CONTEXT: production
         run: pnpm crowdin:download       
@@ -56,14 +54,16 @@ jobs:
         run: pnpm build
 
       - name: create versions
-        uses: verdaccio/changeset-action@master
+        uses: changesets/action@master
         with:
           version: pnpm ci:version
           commit: 'chore: update versions'
           title: 'chore: update versions'
           publish: pnpm ci:publish
+          createGithubReleases: false
+          setupGitUser: false
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.CHANGESET_RELEASE_TOKEN }}
           NPM_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
           NODE_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
           NPM_CONFIG_REGISTRY: https://registry.npmjs.org

.github/workflows/ci.yml

@@ -2,65 +2,79 @@ name: CI
 
 on:
   push:
-    branches:
-      - master
-      - 'changeset-release/master'
   pull_request:
     paths:
       - .changeset/**
       - .github/workflows/ci.yml
       - 'packages/**'
+      - 'test/**'
+      - 'docker-examples/**'
       - 'jest/**'
       - 'package.json'
       - 'pnpm-workspace.yaml'
+permissions:
+  contents: read
+concurrency:
+  group: ci-${{ github.ref }}
+  cancel-in-progress: true  
+
 jobs:
   prepare:
     runs-on: ubuntu-latest
     name: setup verdaccio
     services:
       verdaccio:
-        image: verdaccio/verdaccio:5
+        image: verdaccio/verdaccio:6
         ports:
           - 4873:4873
+        env:
+          NODE_ENV: production
     steps:
-    - uses: actions/checkout@v2.3.1
-    - name: Use Node 14
-      uses: actions/setup-node@v1
-      with:
-        node-version: 14 
-    - name: Install pnpm
-      run: npm i pnpm@6.10.3 -g
-    - name: set store
-      run: | 
-        mkdir ~/.pnpm-store
-        pnpm config set store-dir ~/.pnpm-store
-    - name: Install
-      run: pnpm recursive install --frozen-lockfile --registry http://localhost:4873
-    - name: Cache .pnpm-store
-      uses: actions/cache@v2
-      with:
-        path: ~/.pnpm-store
-        key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
-        restore-keys: |
-          pnpm-
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Node
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          node-version-file: '.nvmrc'
+      - name: Install pnpm
+        run: |
+          corepack enable
+          corepack install
+      - name: set store
+        run: |
+          mkdir ~/.pnpm-store
+          pnpm config set store-dir ~/.pnpm-store
+      - name: Install
+        run: pnpm install  --registry http://localhost:4873
+      - name: Cache .pnpm-store
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.0.2
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+          restore-keys: |
+            pnpm-
   lint:
     runs-on: ubuntu-latest
     name: Lint
     needs: prepare
     steps:
-      - uses: actions/checkout@v2.3.1
-      - name: Use Node 16
-        uses: actions/setup-node@v1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Node
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
-          node-version: 16
+          node-version-file: '.nvmrc'
       - name: Install pnpm
-        run: npm i pnpm@6.10.3 -g
-      - uses: actions/cache@v2
+        run: |
+          corepack enable
+          corepack install
+      - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.0.2
         with:
           path: ~/.pnpm-store
-          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}     
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          pnpm config set store-dir ~/.pnpm-store
       - name: Install
-        run: pnpm recursive install --frozen-lockfile --ignore-scripts
+        run: pnpm install --ignore-scripts
       - name: Lint
         run: pnpm lint
   format:
@@ -68,195 +82,88 @@ jobs:
     name: Format
     needs: prepare
     steps:
-      - uses: actions/checkout@v2.3.1
-      - name: Use Node 16
-        uses: actions/setup-node@v1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Use Node
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
-          node-version: 16
+          node-version-file: '.nvmrc'
       - name: Install pnpm
-        run: npm i pnpm@6.10.3 -g
-      - uses: actions/cache@v2
+        run: |
+          corepack enable
+          corepack install
+      - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.0.2
         with:
           path: ~/.pnpm-store
-          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}     
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          pnpm config set store-dir ~/.pnpm-store
       - name: Install
-        run: pnpm recursive install --frozen-lockfile --ignore-scripts
+        run: pnpm install --ignore-scripts
       - name: Lint
         run: pnpm format:check
-
-  build:
-    runs-on: ubuntu-latest
-    name: build
-    needs: [format, lint]
-    steps:
-      - uses: actions/checkout@v2.3.1
-      - name: Use Node 16
-        uses: actions/setup-node@v1
-        with:
-          node-version: 16
-      - name: Install pnpm
-        run: npm i pnpm@6.10.3 -g
-      - uses: actions/cache@v2
-        with:
-          path: ~/.pnpm-store
-          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}     
-      - name: Install
-        run: pnpm recursive install --frozen-lockfile --ignore-scripts
-      - name: crowdin download
-        env:
-          CROWDIN_VERDACCIO_PROJECT_ID: ${{ secrets.CROWDIN_VERDACCIO_PROJECT_ID }}
-          CROWDIN_VERDACCIO_API_KEY: ${{ secrets.CROWDIN_VERDACCIO_API_KEY }}
-          CONTEXT: production
-        run: pnpm crowdin:download
-        ## this step is optional, translations are not mandatory for PR
-        ## secrets keys are not available on forks, the failure here is guaranteed
-        continue-on-error: true  
-      - name: build
-        run: pnpm build
-      - name: tar packages
-        run: |      
-          tar -czvf ${{ github.workspace }}/pkg.tar.gz -C ${{ github.workspace }}/packages .
-      - uses: actions/upload-artifact@v2
-        with:
-          name: verdaccio-artifact
-          path: pkg.tar.gz            
   test:
-    needs: build
+    needs: [prepare]
     strategy:
       fail-fast: true
       matrix:
         os: [ubuntu-latest]
-        ## Node 16 breaks UI test, jest issue
-        node_version: [14]
+        node_version: [18, 20, 21, 22, 23]
     name: ${{ matrix.os }} / Node ${{ matrix.node_version }}
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@v2.3.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Use Node ${{ matrix.node_version }}
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version: ${{ matrix.node_version }}
-      - uses: actions/download-artifact@v2
-        with:
-          name: verdaccio-artifact
-      - name: untar packages
-        run: tar -xzvf pkg.tar.gz -C ${{ github.workspace }}/packages    
       - name: Install pnpm
-        run: npm i pnpm@6.10.3 -g
-      - uses: actions/cache@v2
+        run: |
+          corepack enable
+          corepack prepare
+      - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.0.2
         with:
           path: ~/.pnpm-store
-          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}                                          
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          pnpm config set store-dir ~/.pnpm-store
       - name: Install
-        run: pnpm recursive install --frozen-lockfile --ignore-scripts 
-      - name: Test
-        run: pnpm test
-  ci-e2e-ui:
-    needs: build
-    runs-on: ubuntu-latest
-    name: UI Test E2E Node 14
-    steps:
-      - uses: actions/checkout@v2.3.1
-      - uses: actions/setup-node@v1
-        with:
-          node-version: 14
-      - uses: actions/download-artifact@v2
-        with:
-          name: verdaccio-artifact
-      - name: untar packages
-        run: tar -xzvf pkg.tar.gz -C ${{ github.workspace }}/packages    
-      - name: Install pnpm
-        run: npm i pnpm@6.10.3 -g
-      - uses: actions/cache@v2
-        with:
-          path: ~/.pnpm-store
-          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}                                          
-      - name: Install
-        ## we need scripts, pupetter downloads aditional content
-        run: pnpm recursive install --frozen-lockfile 
-      - name: Test UI
-        run: pnpm test:e2e:ui
-        # env:
-        #  DEBUG: verdaccio:e2e*       
-  ci-e2e-cli:
-    needs: build
-    runs-on: ubuntu-latest
-    name: CLI Test E2E Node 14
-    steps:
-      - uses: actions/checkout@v2.3.1
-      - uses: actions/setup-node@v1
-        with:
-          node-version: 14
-      - uses: actions/download-artifact@v2
-        with:
-          name: verdaccio-artifact
-      - name: untar packages
-        run: tar -xzvf pkg.tar.gz -C ${{ github.workspace }}/packages    
-      - name: Install pnpm
-        run: npm i pnpm@6.10.3 -g
-      - uses: actions/cache@v2
-        with:
-          path: ~/.pnpm-store
-          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}                                          
-      - name: Install
-        ## we need scripts, pupetter downloads aditional content
-        run: pnpm recursive install --frozen-lockfile
-      - name: Test CLI
-        run: pnpm test:e2e:cli
-        # env:
-        #   DEBUG: verdaccio* 
-  test-windows:
-    needs: [format, lint]
-    runs-on: windows-latest
-    name: windows test node 14
-    steps:
-      - uses: actions/checkout@v2.3.1
-      - name: Use Node 14
-        uses: actions/setup-node@v1
-        with:
-          node-version: 14
-      - name: Install pnpm
-        run: npm i pnpm@6.10.3 -g
-       # pnpm cache is not working for windows (we need a solution)
-      - uses: actions/cache@v2
-        with:
-          path: ~/.pnpm-store
-          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}                                            
-      - name: Install
-        run: pnpm recursive install --frozen-lockfile --ignore-scripts 
+        run: pnpm install --ignore-scripts --registry http://localhost:4873
       - name: build
         run: pnpm build
       - name: Test
         run: pnpm test
   sync-translations:
-    needs: [ci-e2e-cli, ci-e2e-ui, test-windows, test]
+    needs: [test]
     runs-on: ubuntu-latest
     name: synchronize translations
-    if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
+    if: (github.event_name == 'push' && github.ref == 'refs/heads/master' && github.repository == 'verdaccio/verdaccio') || github.event_name == 'workflow_dispatch'
     steps:
-      - uses: actions/checkout@v2.3.1
-      - uses: actions/setup-node@v1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
-          node-version: 14
-      - uses: actions/download-artifact@v2
-        with:
-          name: verdaccio-artifact
-      - name: untar packages
-        run: tar -xzvf pkg.tar.gz -C ${{ github.workspace }}/packages    
+          node-version-file: '.nvmrc'
       - name: Install pnpm
-        run: npm i pnpm@6.10.3 -g
-      - uses: actions/cache@v2
+        run: |
+          corepack enable
+          corepack install
+      - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.0.2
         with:
           path: ~/.pnpm-store
-          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}                                          
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          pnpm config set store-dir ~/.pnpm-store
       - name: Install
         ## we need scripts, pupetter downloads aditional content
-        run: pnpm recursive install --frozen-lockfile
+        run: pnpm install --registry http://localhost:4873
+      - name: build
+        run: pnpm build
       - name: generate website translations
-        run: pnpm write-translations --filter ...@verdaccio/website       
+        run: pnpm --filter ...@verdaccio/website write-translations
       - name: sync
         env:
-          CROWDIN_VERDACCIO_PROJECT_ID: ${{ secrets.CROWDIN_VERDACCIO_PROJECT_ID }}
           CROWDIN_VERDACCIO_API_KEY: ${{ secrets.CROWDIN_VERDACCIO_API_KEY }}
           CONTEXT: production
-        run: pnpm crowdin:sync              
+        run: pnpm crowdin:sync

.github/workflows/codeql-analysis.yml

@@ -1,6 +1,10 @@
 name: 'Code scanning - action'
 
 on:
+  push:
+    paths:
+      - .github/workflows/codeql-analysis.yml
+      - 'packages/**'
   pull_request:
     paths:
       - .github/workflows/codeql-analysis.yml
@@ -8,26 +12,37 @@ on:
   schedule:
     - cron: '0 2 * * 4'
 
+permissions:
+  contents: read
+
+concurrency:
+  group: code-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   CodeQL-Build:
+    permissions:
+      actions: read  # for github/codeql-action/init to get workflow details
+      contents: read  # for actions/checkout to fetch code
+      security-events: write  # for github/codeql-action/autobuild to send a status report
     runs-on: ubuntu-latest
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2.3.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           # We must fetch at least the immediate parents so that if this is
           # a pull request then we can checkout the head.
           fetch-depth: 2
 
-      # If this run was triggered by a pull request event, then checkout
-      # the head of the pull request instead of the merge commit.
-      - run: git checkout HEAD^2
-        if: ${{ github.event_name == 'pull_request' }}
-
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v1
+        uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v2
+        with:
+          config: |
+            paths-ignore:
+              - packages/config/test/partials/config/js/invalid.js
+              - packages/middleware/test/static/js
 
       # Override language selection by uncommenting this and choosing your languages
       # with:
@@ -35,7 +50,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v1
+        uses: github/codeql-action/autobuild@662472033e021d55d94146f66f6058822b0b39fd # v2
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -49,4 +64,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v1
+        uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # v2

.github/workflows/docker-proxy-apache-e2e.yml

@@ -0,0 +1,49 @@
+name: E2E Docker Proxy Apache Test
+
+concurrency:
+  group: docker-apache-${{ github.ref }}
+  cancel-in-progress: true  
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - 'master'
+  schedule:
+    # run every sunday
+    - cron: '0 0 * * 0'
+jobs:
+  docker:
+    timeout-minutes: 10
+    runs-on: ubuntu-20.04
+    env:
+      NODE_OPTIONS: --max_old_space_size=4096
+    steps:
+    - name: Checkout
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      
+    - name: Start containers
+      run: docker compose -f "./e2e/docker/apache-verdaccio/docker-compose.yaml" up -d --build
+
+    - name: Install node
+      uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+      with:
+        node-version-file: '.nvmrc'
+    - name: npm setup
+      run: |
+        npm config set fetch-retries="10"
+        npm config set fetch-retry-factor="50"
+        npm config set fetch-retry-mintimeout="20000"
+        npm config set fetch-retry-maxtimeout="80000"          
+    - name: verdaccio cli
+      run: npm install -g verdaccio --registry http://localhost
+    - name: gastby cli 
+      run:  npm install -g gatsby-cli --registry http://localhost
+    # - name: netlify cli 
+    #   run:  npm install -g netlify-cli --registry http://localhost
+    - name: angular cli 
+      run:  npm install -g @angular/cli --registry http://localhost
+
+    - name: Stop containers
+      if: always()
+      run: docker compose -f "./e2e/docker/apache-verdaccio/docker-compose.yaml" down

.github/workflows/docker-proxy-nginx-e2e.yml

@@ -0,0 +1,47 @@
+name: E2E Docker Proxy Nginx Test
+
+concurrency:
+  group: docker-nginx-${{ github.ref }}
+  cancel-in-progress: true  
+
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - 'master'
+jobs:
+  docker:
+    timeout-minutes: 10
+    runs-on: ubuntu-20.04
+    env:
+      NODE_OPTIONS: --max_old_space_size=4096
+    steps:
+    - name: Checkout
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      
+    - name: Start containers
+      run: docker compose -f "./e2e/docker/proxy-nginx/docker-compose.yaml" up -d --build
+
+    - name: Install node
+      uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+      with:
+        node-version-file: '.nvmrc'
+    - name: npm setup
+      run: |
+        npm config set fetch-retries="10"
+        npm config set fetch-retry-factor="50"
+        npm config set fetch-retry-mintimeout="20000"
+        npm config set fetch-retry-maxtimeout="80000"      
+    - name: verdaccio cli
+      run: npm install -g verdaccio --registry http://localhost
+    - name: gastby cli 
+      run:  npm install -g gatsby-cli --registry http://localhost
+    #- name: netlify cli 
+    #  run:  npm install -g netlify-cli --registry http://localhost
+    - name: angular cli 
+      run:  npm install -g @angular/cli --registry http://localhost
+
+    - name: Stop containers
+      if: always()
+      run: docker compose -f "./e2e/docker/proxy-nginx/docker-compose.yaml" down

.github/workflows/docker-publish.yml

@@ -15,12 +15,17 @@ on:
       - 'master'
     tags:
       - 'v*'
+
+permissions:
+  contents: read  #  to fetch code (actions/checkout)
+
 jobs:
   docker:
     runs-on: ubuntu-latest
+    if: github.repository == 'verdaccio/verdaccio'
     steps:
-      - uses: actions/checkout@v2
-      - uses: docker/setup-qemu-action@v1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # tag=v1
       - uses: docker/setup-buildx-action@v1
         with:
           driver-opts: network=host
@@ -36,16 +41,17 @@ jobs:
           images: ${{ github.repository }}
           tag-custom: nightly-master
           tag-custom-only: ${{ github.ref == 'refs/heads/master' }}
+          tag-latest: false
           tag-semver: |
             {{version}}
             {{major}}
             {{major}}.{{minor}}
       - name: Build & Push
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v6
         with:
           context: .
           file: ./Dockerfile
-          platforms: linux/amd64
+          platforms: linux/amd64,linux/arm64
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.docker_meta.outputs.tags }}
           labels: ${{ steps.docker_meta.outputs.labels }}

.github/workflows/e2e-ci.yml

@@ -0,0 +1,218 @@
+name: E2E CLI
+
+on: [pull_request]
+permissions:
+  contents: read
+concurrency:
+  group: e2e-ci-${{ github.ref }}
+  cancel-in-progress: true
+jobs:
+  prepare:
+    runs-on: ubuntu-latest
+    name: setup e2e verdaccio
+    services:
+      verdaccio:
+        image: verdaccio/verdaccio:nightly-master
+        ports:
+          - 4873:4873
+        env:
+          NODE_ENV: production
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Use Node
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          node-version-file: '.nvmrc'
+      - name: Install pnpm
+        run: |
+          corepack enable
+          corepack prepare 
+      - name: set store
+        run: |
+          mkdir ~/.pnpm-store
+          pnpm config set store-dir ~/.pnpm-store
+      - name: Install
+        run: pnpm install --reporter=silence --ignore-scripts --registry http://localhost:4873
+      - name: Cache .pnpm-store
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.0.2
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+          restore-keys: |
+            pnpm-
+  build:
+    needs: [prepare]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Use Node 
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          node-version-file: '.nvmrc'
+      - name: Install pnpm
+        run: |
+          corepack enable
+          corepack prepare 
+      - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.0.2
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+      - name: set store
+        run: |
+          pnpm config set store-dir ~/.pnpm-store
+      - name: Install
+        run: pnpm recursive install --reporter=silence --registry http://localhost:4873
+      - name: build
+        run: pnpm build
+      - name: Cache packages
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.0.2
+        id: cache-packages
+        with:
+          path: ./packages/
+          key: pkg-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+          restore-keys: |
+            packages-
+      # - name: Cache test
+      #   uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
+      #   id: cache-test
+      #   with:
+      #     path: ./e2e/
+      #     key: test-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+      #     restore-keys: |
+      #       test-
+  e2e-cli-npm:
+    needs: [prepare, build]
+    strategy:
+      fail-fast: false      
+      matrix:
+        pkg:
+          [
+            npm6,
+            npm7,
+            npm8,
+            npm9,
+            npm10
+          ]
+        node: [20, 21]
+    name: ${{ matrix.pkg }}/ ubuntu-latest / ${{ matrix.node }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          node-version: ${{ matrix.node }}
+      - name: Install pnpm
+        run: |
+          corepack enable
+          corepack prepare 
+      - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.0.2
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+      - name: set store
+        run: |
+          pnpm config set store-dir ~/.pnpm-store
+      - name: Install
+        run: pnpm install --offline --reporter=silence --ignore-scripts --registry http://localhost:4873
+      - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.0.2
+        with:
+          path: ./packages/
+          key: pkg-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+      # - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
+      #   with:
+      #     path: ./e2e/
+      #     key: test-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+      - name: build e2e
+        run: pnpm --filter @verdaccio/test-cli-commons build
+      - name: Test CLI
+        run: NODE_ENV=production pnpm test --filter ...@verdaccio/e2e-cli-${{matrix.pkg}}
+
+  e2e-cli-pnpm:
+    needs: [prepare, build]
+    strategy:
+      fail-fast: true
+      matrix:
+        pkg:
+          [
+            pnpm8,
+            pnpm9,
+          ]
+        node: [20, 21]
+    name: ${{ matrix.pkg }}/ ubuntu-latest / ${{ matrix.node }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          node-version: ${{ matrix.node }}
+      - name: Install pnpm
+        run: |
+          corepack enable
+          corepack prepare
+      - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.0.2
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+      - name: set store
+        run: |
+          pnpm config set store-dir ~/.pnpm-store
+      - name: Install
+        run: pnpm install --loglevel debug --ignore-scripts --registry http://localhost:4873
+      - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.0.2
+        with:
+          path: ./packages/
+          key: pkg-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+      # - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
+      #   with:
+      #     path: ./e2e/
+      #     key: test-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+      - name: build e2e
+        run: pnpm --filter @verdaccio/test-cli-commons build
+      - name: Test CLI
+        run: NODE_ENV=production pnpm test --filter ...@verdaccio/e2e-cli-${{matrix.pkg}}
+  e2e-cli-yarn:
+    needs: [prepare, build]
+    strategy:
+      fail-fast: false
+      matrix:
+        pkg:
+          [           
+            yarn1,
+            yarn2,
+            yarn3,
+            yarn4
+          ]
+        node: [20, 21]
+    name: ${{ matrix.pkg }}/ ubuntu-latest / ${{ matrix.node }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          node-version: ${{ matrix.node }}
+      - name: Install pnpm
+        run: |
+          corepack enable
+          corepack prepare 
+      - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.0.2
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+      - name: set store
+        run: |
+          pnpm config set store-dir ~/.pnpm-store
+      - name: Install
+        run: pnpm install --offline --reporter=silence --ignore-scripts --registry http://localhost:4873
+      - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.0.2
+        with:
+          path: ./packages/
+          key: pkg-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+      # - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
+      #   with:
+      #     path: ./e2e/
+      #     key: test-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+      - name: build e2e
+        run: pnpm --filter @verdaccio/test-cli-commons build
+      - name: Test CLI
+        run: NODE_ENV=production pnpm test --filter ...@verdaccio/e2e-cli-${{matrix.pkg}}
+      

.github/workflows/e2e-ui.yml

@@ -0,0 +1,39 @@
+name: E2E UI
+
+on: [pull_request]
+permissions:
+  contents: read
+concurrency:
+  group: e2e-ui-${{ github.ref }}
+  cancel-in-progress: true  
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    name: UI Test E2E
+    services:
+      verdaccio:
+        image: verdaccio/verdaccio:6
+        ports:
+          - 4873:4873
+        env:
+          NODE_ENV: production
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Use Node
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          node-version-file: '.nvmrc'
+      - name: Install pnpm
+        run: |
+          corepack enable
+          corepack prepare
+      - name: Install
+        run: pnpm install --reporter=silence --registry http://localhost:4873
+      - name: build
+        run: pnpm build
+      - name: Test UI
+        run: pnpm test:e2e:ui
+      - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        with:
+          name: videos
+          path: /home/runner/work/verdaccio/verdaccio/e2e/ui/cypress/videos

.github/workflows/plugin-generator-e2e.yaml

@@ -0,0 +1,52 @@
+name: E2E Generator Verdaccio Plugin
+
+on:
+  pull_request:
+  workflow_dispatch:
+  push:
+    branches:
+      - 'master'
+
+concurrency:
+  group: generator-plugin-${{ github.ref }}
+  cancel-in-progress: true  
+
+jobs:
+  e2e-plugin-generator:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node-version: [18,20, 21]
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          node-version: ${{ matrix.node-version }}
+      - name: Install pnpm
+        run: |
+          corepack enable
+          corepack install
+      - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.0.2
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: install
+        run: pnpm install
+      - name: build
+        run: pnpm build
+      - name: install verdaccio
+        run: npm install -g verdaccio@5
+      - name: Start server
+        run: verdaccio -c e2e/docker/generator-e2e/generator.yaml &
+      - name: ping server
+        run: curl http://localhost:4873/-/ping
+      - name: login
+        run: npx npm-cli-login -u test -p test -e test@domain.test -r http://localhost:4873
+      - name: publish
+        run: pnpm local:publish
+      - name: install yeoman
+        run: npm install -g yo@4 --loglevel=info
+      - name: install generator
+        run: npm install -g generator-verdaccio-plugin --loglevel=info --registry http://localhost:4873
+# Future: add a test to verify the plugin is working with prompt 

.github/workflows/shared-docker-publish.yml

@@ -0,0 +1,56 @@
+name: Docker publish to docker.io
+
+on:
+  workflow_call:
+    inputs:
+      tag-latest:
+        required: true
+        type: boolean
+        description: 'Tag as latest'
+        default: false
+      tag-custom: 
+        required: true
+        type: string
+        description: 'Custom tag'
+        default: 'nightly-master'
+      tag-custom-only:
+        required: true
+        type: boolean
+        description: 'Custom tag only'
+        default: false      
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    if: github.repository == 'verdaccio/verdaccio'
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # tag=v1
+      - uses: docker/setup-buildx-action@v1
+        with:
+          driver-opts: network=host
+      - uses: docker/login-action@v1
+        name: Login Docker Hub
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Prepare docker image tags
+        id: docker_meta
+        uses: crazy-max/ghaction-docker-meta@v1
+        with:
+          images: ${{ github.repository }}
+          tag-custom: ${{ inputs.tag-custom }}
+          tag-custom-only: ${{ inputs.tag-custom-only }}
+          tag-latest: ${{ inputs.tag-latest }}
+          tag-semver: |
+            {{version}}
+            {{major}}
+            {{major}}.{{minor}}
+      - name: Build & Push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.docker_meta.outputs.tags }}
+          labels: ${{ steps.docker_meta.outputs.labels }}

.github/workflows/static-data.yml

@@ -0,0 +1,55 @@
+---
+name: static data
+
+on:
+  workflow_dispatch:
+  schedule:
+    # twice peer week
+    - cron: '0 0 * * 1,4'
+  # for now, scheduled, we can enable on push master but not make much sense now
+  # push:
+  #   branches:
+  #     - master
+
+permissions:
+  contents: read  #  to fetch code (actions/checkout)
+
+jobs:
+  prepare:
+    name: Run script
+    runs-on: ubuntu-latest
+    if: github.repository == 'verdaccio/verdaccio'
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+          fetch-depth: 0
+      - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          node-version: 18.x
+      - name: install pnpm
+        run: sudo npm i pnpm@latest-8 -g
+      - name: install dependencies
+        run: pnpm install
+      - name: Build Translations percentage
+        run: pnpm --filter @verdaccio/crowdin-translations build
+      - name: update contributors
+        run: pnpm run contributors
+        env:
+          TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: update addson data
+        run: pnpm script:addson
+      - name: update translations
+        run: pnpm run translations
+        env:
+          TOKEN: ${{ secrets.CROWDIN_VERDACCIO_API_KEY }}          
+      - name: format
+        run: pnpm format
+      - name: Commit & Push changes
+        uses: actions-js/push@5a7cbd780d82c0c937b5977586e641b2fd94acc5 # tag=v1.5
+        with:
+          github_token: ${{ secrets.TOKEN_VERDACCIOBOT_GITHUB }}
+          message: "chore: updated static data"
+          branch: master
+          author_email: verdaccio.npm@gmail.com
+          author_name: verdacciobot

.github/workflows/test-docker-build.yml

@@ -0,0 +1,13 @@
+on:
+  workflow_call:
+
+jobs:
+  testDocker:
+    name: Test Docker Build
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+    - name: Build
+      run: docker build .
+      env:
+        VERDACCIO_BUILD_REGISTRY: https://registry.npmjs.org

.github/workflows/test-publish-package.yml

@@ -0,0 +1,13 @@
+on:
+  workflow_call:
+
+jobs:
+  testVerdaccio:
+    name: Test Verdaccio Publish
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+    - name: Publish
+      uses: verdaccio/github-actions/publish@f2e0370cfa5d74d24c325017b701bfddc9cc2e5d # tag=v0.4.0
+      with:
+        args: -d

.github/workflows/ui-components.yml

@@ -0,0 +1,58 @@
+name: UI Components
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 * * *' 
+
+permissions:
+  contents: read  #  to fetch code (actions/checkout)
+
+env:
+  DEBUG: verdaccio*
+
+jobs:
+  deploy:
+    permissions:
+      contents: read  #  to fetch code (actions/checkout)
+      deployments: write
+      pull-requests: write  #  to comment on pull-requests
+
+    runs-on: ubuntu-latest
+    if: github.repository == 'verdaccio/verdaccio'
+    env:
+      NODE_OPTIONS: --max_old_space_size=4096
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Use Node
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          node-version-file: '.nvmrc'
+
+      - name: Cache pnpm modules
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.0.2
+        env:
+          cache-name: cache-pnpm-modules
+        with:
+          path: ~/.pnpm-store
+          key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ matrix.node-version }}-${{ hashFiles('**/pnpm-lock.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-build-${{ env.cache-name }}-${{ matrix.node-version }}-
+
+      - name: Install pnpm
+        run: |
+          corepack enable
+            corepack prepare --activate pnpm@8.9.0
+      - name: Install
+        run: pnpm install  
+      - name: Build storybook
+        run: pnpm ui:storybook:build
+      - name: Copy public content
+        # the msw.js worker is need it at the storybook-static folder in production
+        run: cp -R packages/ui-components/public/* packages/ui-components/storybook-static
+      - name: Deploy to Netlify
+        env:
+          NETLIFY_SITE_ID: ${{ secrets.NETLIFY_UI_SITE_ID }}
+          NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
+        run: pnpm --filter ...@verdaccio/ui-components netlify:ui:deploy

.github/workflows/website.yml

@@ -2,147 +2,78 @@ name: Verdaccio Website CI
 
 on:
   workflow_dispatch:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-    paths:
-      - 'website/**'
-      - 'package.json'
-      - './.github/workflows/website.yml'
-  push:
-    branches:
-      - 'master'
-    paths:
-      - 'website/**'
-      - 'package.json'
-      - './.github/workflows/website.yml'
+
+permissions:
+  contents: read  #  to fetch code (actions/checkout)
+
+concurrency:
+  group: website-${{ github.ref }}
+  cancel-in-progress: true
 
 jobs:
   build:
+    permissions:
+      contents: read  #  to fetch code (actions/checkout)
+      deployments: write
+      pull-requests: write  #  to comment on pull-requests
+
     runs-on: ubuntu-latest
+    if: github.repository == 'verdaccio/verdaccio'
+    name: setup verdaccio
+    services:
+      verdaccio:
+        image: verdaccio/verdaccio:6
+        ports:
+          - 4873:4873
+        env:
+          NODE_ENV: production
     env:
       NODE_OPTIONS: --max_old_space_size=4096
     steps:
-      - uses: actions/checkout@v2.3.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - name: Use Node 14
-        uses: actions/setup-node@v2
+      - name: Node
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
-          node-version: 14
-
-      - name: Cache pnpm modules
-        uses: actions/cache@v2
-        env:
-          cache-name: cache-pnpm-modules
+          node-version-file: '.nvmrc'
+      - name: Install pnpm
+        run: |
+          corepack enable
+          corepack install
+      - name: set store
+        run: |
+          mkdir ~/.pnpm-store
+          pnpm config set store-dir ~/.pnpm-store
+      - name: Install
+        run: pnpm install  --registry http://localhost:4873
+      - name: Cache .pnpm-store
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.0.2
         with:
           path: ~/.pnpm-store
-          key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ matrix.node-version }}-${{ hashFiles('**/pnpm-lock.yaml') }}
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
           restore-keys: |
-            ${{ runner.os }}-build-${{ env.cache-name }}-${{ matrix.node-version }}-
-
-      - uses: pnpm/action-setup@v2.0.1
-        with:
-          version: 6.10.2
-          run_install: |
-            - recursive: true
-              args: [--frozen-lockfile]
-
-      - name: Lint And Pretty
-        run: |
-          pnpm eslint:check --filter ...@verdaccio/website
-          pnpm prettier:check --filter ...@verdaccio/website
-
+            pnpm-
+      - name: Build
+        run: pnpm build
+      - name: Build Translations percentage
+        run: pnpm --filter @verdaccio/crowdin-translations build
       - name: Cache Docusaurus Build
-        uses: actions/cache@v2
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.0.2
         with:
           path: website/node_modules/.cache/webpack
           key: cache/webpack-${{github.ref}}-${{ hashFiles('**/pnpm-lock.yaml') }}
           restore-keys: cache/webpack-${{github.ref}}
-
-      # Will deploy to production on:
-        # 1st: When a push occurs on master branch
-        # 2nd: When we force the worflow dispatch through the UI
       - name: Build Production
-        if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
+        if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
         env:
-          CROWDIN_VERDACCIO_PROJECT_ID: ${{ secrets.CROWDIN_VERDACCIO_PROJECT_ID }}
           CROWDIN_VERDACCIO_API_KEY: ${{ secrets.CROWDIN_VERDACCIO_API_KEY }}
+          SENTRY_KEY: ${{ secrets.SENTRY_KEY }}
           CONTEXT: production
-        run: pnpm netlify:build:production --filter ...@verdaccio/website
-
-      - name: 🔥 Deploy Production Netlify
-        if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
-        uses: semoal/action-netlify-deploy@master
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          netlify-auth-token: ${{ secrets.NETLIFY_AUTH_TOKEN }}
-          netlify-site-id: ${{ secrets.NETLIFY_SITE_ID }}
-          build-dir: './website/build'
-
-      # Will deploy to Preview URL, only when a pull request is open with changes on the website
-      - name: Build Deployment Preview
-        if: github.event_name == 'pull_request' && github.ref != 'refs/heads/master' && github.event.label.name == 'trigger-preview'
+        run: pnpm --filter @verdaccio/website netlify:build
+      - name: Deploy to Netlify
+        if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
         env:
-          CONTEXT: deploy-preview
-        run: pnpm netlify:build:deployPreview --filter ...@verdaccio/website
+          NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }}
+          NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
+        run: pnpm --filter ...@verdaccio/website netlify:deploy
 
-      - name: 🤖 Deploy Preview Netlify
-        if: github.event_name == 'pull_request' && github.ref != 'refs/heads/master' && github.event.label.name == 'trigger-preview'
-        uses: semoal/action-netlify-deploy@master
-        id: netlify_preview
-        with:
-          draft: true
-          comment-on-pull-request: true
-          github-deployment-is-production: false
-          github-deployment-is-transient: true
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          netlify-auth-token: ${{ secrets.NETLIFY_AUTH_TOKEN }}
-          netlify-site-id: ${{ secrets.NETLIFY_SITE_ID }}
-          build-dir: './website/build'
-
-      - name: Audit preview URL with Lighthouse
-        if: github.event_name == 'pull_request' && github.ref != 'refs/heads/master' && github.event.label.name == 'trigger-preview'
-        id: lighthouse_audit
-        uses: treosh/lighthouse-ci-action@v3
-        with:
-          urls: |
-            ${{ steps.netlify_preview.outputs.preview-url }}
-          uploadArtifacts: true
-          temporaryPublicStorage: true
-
-      - name: Format lighthouse score
-        if: github.event_name == 'pull_request' && github.ref != 'refs/heads/master' && github.event.label.name == 'trigger-preview'
-        id: format_lighthouse_score
-        uses: actions/github-script@v3
-        with:
-          github-token: ${{secrets.GITHUB_TOKEN}}
-          script: |
-            const result = ${{ steps.lighthouse_audit.outputs.manifest }}[0].summary
-            const links = ${{ steps.lighthouse_audit.outputs.links }}
-            const formatResult = (res) => Math.round((res * 100))
-            Object.keys(result).forEach(key => result[key] = formatResult(result[key]))
-            const score = res => res >= 90 ? '🟢' : res >= 50 ? '🟠' : '🔴'
-            const comment = [
-                `⚡️ [Lighthouse report](${Object.values(links)[0]}) for the changes in this PR:`,
-                '| Category | Score |',
-                '| --- | --- |',
-                `| ${score(result.performance)} Performance | ${result.performance} |`,
-                `| ${score(result.accessibility)} Accessibility | ${result.accessibility} |`,
-                `| ${score(result['best-practices'])} Best practices | ${result['best-practices']} |`,
-                `| ${score(result.seo)} SEO | ${result.seo} |`,
-                ' ',
-                `*Lighthouse ran on [${Object.keys(links)[0]}](${Object.keys(links)[0]})*`
-            ].join('\n')
-             core.setOutput("comment", comment);
-
-      - name: Add comment to PR
-        if: github.event_name == 'pull_request' && github.ref != 'refs/heads/master' && github.event.label.name == 'trigger-preview'
-        id: comment_to_pr
-        uses: marocchino/sticky-pull-request-comment@v1
-        with:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          number: ${{ github.event.issue.number }}
-          header: lighthouse
-          message: |
-            ${{ steps.format_lighthouse_score.outputs.comment }}

.github/workflows/x-e2e-angular-cli-workflow.yml

@@ -0,0 +1,114 @@
+on:
+  workflow_call:
+
+jobs:
+  npm8:
+    name: 'npm8:angular example'
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: 'Use Node.js'
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          node-version-file: '.nvmrc'
+      - name: 'install latest npm'
+        run: npm i -g npm@next-8
+      - name: Install Dependencies
+        run: yarn install
+      - name: 'Run verdaccio in the background'
+        run: |
+          nohup yarn node ./scripts/run-verdaccio.js --config ./scripts/e2e-config.yaml &
+      - name: 'Ping to verdaccio'
+        run: |
+          npm ping --registry http://localhost:4873
+      - name: 'Running the integration test'
+        run: |
+          source scripts/e2e-setup-ci.sh
+          echo "registry=http://localhost:4873" > ~/.npmrc
+          npm config set loglevel="silent"
+          npm config set fetch-retries="5"
+          npm config set fetch-retry-factor="50"
+          npm config set fetch-retry-mintimeout="20000"
+          npm config set fetch-retry-maxtimeout="80000"
+          npm install -g @angular/cli
+          ng new verdaccio-angular --interactive=false
+
+          cd verdaccio-angular
+          npm install @angular-devkit/core@next @babel/preset-env @babel/core -D
+
+          npm run ng build --aot
+  npm9:
+    name: 'npm9:angular example'
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: 'Use Node.js'
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          node-version-file: '.nvmrc'
+      - name: 'install latest npm 9'
+        run: npm i -g npm@next-9          
+      - name: Install Dependencies
+        run: yarn install
+      - name: 'Run verdaccio in the background'
+        run: |
+          nohup yarn node ./scripts/run-verdaccio.js --config ./scripts/e2e-config.yaml &
+      - name: 'Ping to verdaccio'
+        run: |
+          npm ping --registry http://localhost:4873
+      - name: 'Running the integration test'
+        run: |
+          source scripts/e2e-setup-ci.sh
+          echo "registry=http://localhost:4873" > ~/.npmrc
+          npm config set loglevel="silent"
+          npm config set fetch-retries="5"
+          npm config set fetch-retry-factor="50"
+          npm config set fetch-retry-mintimeout="20000"
+          npm config set fetch-retry-maxtimeout="80000"
+          npm install -g @angular/cli
+          ng new verdaccio-angular --interactive=false
+
+          cd verdaccio-angular
+          npm install @angular-devkit/core@next @babel/preset-env @babel/core -D
+          npm run ng build --aot
+  npm10:
+    name: 'npm10:angular example'
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: 'Use Node.js'
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          node-version-file: '.nvmrc'
+      - name: 'install latest npm 10'
+        run: npm i -g npm@next-10         
+      - name: Install Dependencies
+        run: yarn install
+      - name: 'Run verdaccio in the background'
+        run: |
+          nohup yarn node ./scripts/run-verdaccio.js --config ./scripts/e2e-config.yaml &
+      - name: 'Ping to verdaccio'
+        run: |
+          npm ping --registry http://localhost:4873
+      - name: 'Running the integration test'
+        run: |
+          source scripts/e2e-setup-ci.sh
+          echo "registry=http://localhost:4873" > ~/.npmrc
+          npm config set loglevel="info"
+          npm config set fetch-retries="5"
+          npm config set fetch-retry-factor="50"
+          npm config set fetch-retry-mintimeout="20000"
+          npm config set fetch-retry-maxtimeout="80000"
+          npm install -g @angular/cli
+          ng new verdaccio-angular --interactive=false
+
+          cd verdaccio-angular
+          npm install @angular-devkit/core@next @babel/preset-env @babel/core -D
+
+          npm run ng build --aot

.github/workflows/x-e2e-audit-workflow.yml

@@ -0,0 +1,31 @@
+on:
+  workflow_call:
+  
+jobs:
+  npm10:
+    name: 'npm10:audit example'
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: 'Use Node.js'
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          node-version-file: '.nvmrc'
+      - name: 'install latest npm 10'
+        run: npm i -g npm@next-10  
+      - name: Install Dependencies
+        run: yarn install
+      - name: 'Run verdaccio in the background'
+        run: |
+          nohup yarn node ./scripts/run-verdaccio.js  --config ./scripts/e2e-config.yaml  &
+      - name: 'Ping to verdaccio'
+        run: |
+          npm ping --registry http://localhost:4873
+      - name: 'Running the integration test'
+        run: |
+          source scripts/e2e-setup-ci.sh
+          npm init --yes
+          npm install next --registry http://localhost:4873  --loglevel info
+          npm audit

.github/workflows/x-e2e-gatsbyjs-cli-workflow.yml

@@ -0,0 +1,74 @@
+on:
+  workflow_call:
+  
+jobs:
+  npm9:
+    name: 'npm9:gatsby example'
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: 'Use Node.js'
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          node-version-file: '.nvmrc'
+      - name: 'install npm 9'
+        run: npm i -g npm@next-9
+      - name: Install Dependencies
+        run: yarn install
+      - name: 'Run verdaccio in the background'
+        run: |
+          nohup yarn node ./scripts/run-verdaccio.js --config ./scripts/e2e-config.yaml &
+      - name: 'Ping to verdaccio'
+        run: |
+          npm ping --registry http://localhost:4873
+      - name: 'Running the integration test'
+        run: |
+          source scripts/e2e-setup-ci.sh
+          echo "registry=http://localhost:4873
+          loglevel="info"
+          fetch-retries=10
+          fetch-retry-factor=2
+          fetch-retry-mintimeout=10000
+          fetch-retry-maxtimeout=80000" > ~/.npmrc
+          npm config list
+          npm i -g gatsby@latest
+          gatsby new my-gatsby
+          cd my-gatsby
+          npm run build          
+  npm10:
+    name: 'npm10:gatsby example'
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: 'Use Node.js'
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          node-version-file: '.nvmrc'
+      - name: 'install npm 10'
+        run: npm i -g npm@next-10
+      - name: Install Dependencies
+        run: yarn install
+      - name: 'Run verdaccio in the background'
+        run: |
+          nohup yarn node ./scripts/run-verdaccio.js --config ./scripts/e2e-config.yaml &
+      - name: 'Ping to verdaccio'
+        run: |
+          npm ping --registry http://localhost:4873
+      - name: 'Running the integration test'
+        run: |
+          source scripts/e2e-setup-ci.sh
+          echo "registry=http://localhost:4873
+          loglevel="info"
+          fetch-retries=10
+          fetch-retry-factor=2
+          fetch-retry-mintimeout=10000
+          fetch-retry-maxtimeout=80000" > ~/.npmrc
+          npm config list
+          npm i -g gatsby@latest
+          gatsby new my-gatsby
+          cd my-gatsby
+          npm run build          

.github/workflows/x-e2e-jest-workflow.yml

@@ -0,0 +1,234 @@
+on:
+  workflow_call:
+  
+jobs:
+  yarn:
+    name: 'yarn:jest example'
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: 'Use Node.js'
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          node-version-file: '.nvmrc'
+      - name: Install Dependencies
+        run: yarn install
+      - name: 'Run verdaccio in the background'
+        run: |
+          nohup yarn node ./scripts/run-verdaccio.js --config ./scripts/e2e-config.yaml &
+      - name: 'Ping to verdaccio'
+        run: |
+          npm ping --registry http://localhost:4873
+      - name: 'Running the integration test'
+        run: |
+          source scripts/e2e-setup-ci.sh
+          yarn init --yes
+          yarn add jest@29.5.0 --registry http://localhost:4873
+
+          echo "it('should pass', () => { expect(true).toBeTruthy(); });" | tee pass.test.js
+          yarn jest pass.test.js
+
+          yarn add left-pad --registry http://localhost:4873 --verbose
+          echo "const leftPad = require('left-pad'); it('should resolve a module', () => { expect(typeof leftPad).toBe('function');});" | tee module.test.js
+          yarn jest module.test.js
+  yarn2:
+    name: 'yarn2:jest example'
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: 'Use Node.js'
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          node-version-file: '.nvmrc'
+      - name: Install Dependencies
+        run: yarn install
+      - name: 'Run verdaccio in the background'
+        run: |
+          nohup yarn node ./scripts/run-verdaccio.js --config ./scripts/e2e-config.yaml &
+      - name: 'Ping to verdaccio'
+        run: |
+          npm ping --registry http://localhost:4873
+      - name: 'Running the integration test'
+        run: |
+          source scripts/e2e-setup-ci.sh
+          yarn init --yes
+          yarn set version berry
+          yarn config set npmRegistryServer "http://localhost:4873"
+          yarn config set unsafeHttpWhitelist --json '["localhost"]'
+          yarn add jest@29.5.0
+
+          echo "it('should pass', () => { expect(true).toBeTruthy(); });" | tee pass.test.js
+          yarn jest pass.test.js
+
+          yarn add left-pad
+          echo "const leftPad = require('left-pad'); it('should resolve a module', () => { expect(typeof leftPad).toBe('function');});" | tee module.test.js
+          yarn jest module.test.js
+  npm8:
+    name: 'npm8:jest example'
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: 'Use Node.js'
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          node-version-file: '.nvmrc'
+      - name: 'install latest npm'
+        run: npm i -g npm@next-8
+      - name: Install Dependencies
+        run: yarn install
+      - name: 'Run verdaccio in the background'
+        run: |
+          nohup yarn node ./scripts/run-verdaccio.js  --config ./scripts/e2e-config.yaml  &
+      - name: 'Ping to verdaccio'
+        run: |
+          npm ping --registry http://localhost:4873
+      - name: 'Running the integration test'
+        run: |
+          source scripts/e2e-setup-ci.sh
+          npm init --yes
+          npm install jest@29.5.0 --registry http://localhost:4873 --loglevel info
+
+          echo "it('should pass', () => { expect(true).toBeTruthy(); });" | tee pass.test.js
+          yarn jest pass.test.js
+
+          yarn add left-pad --registry http://localhost:4873 --verbose
+          echo "const leftPad = require('left-pad'); it('should resolve a module', () => { expect(typeof leftPad).toBe('function');});" | tee module.test.js
+          yarn jest module.test.js
+  npm9:
+    name: 'npm9:jest example'
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: 'Use Node.js'
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          node-version-file: '.nvmrc'
+      - name: 'install latest npm 9'
+        run: npm i -g npm@next-9
+      - name: Install Dependencies
+        run: yarn install
+      - name: 'Run verdaccio in the background'
+        run: |
+          nohup yarn node ./scripts/run-verdaccio.js  --config ./scripts/e2e-config.yaml  &
+      - name: 'Ping to verdaccio'
+        run: |
+          npm ping --registry http://localhost:4873
+      - name: 'Running the integration test'
+        run: |
+          source scripts/e2e-setup-ci.sh
+          npm init --yes
+          npm install jest@29.4.2 --registry http://localhost:4873 --loglevel info 
+
+          echo "it('should pass', () => { expect(true).toBeTruthy(); });" | tee pass.test.js
+          yarn jest pass.test.js
+
+          yarn add left-pad --registry http://localhost:4873 --verbose
+          echo "const leftPad = require('left-pad'); it('should resolve a module', () => { expect(typeof leftPad).toBe('function');});" | tee module.test.js
+          yarn jest module.test.js          
+  npm10:
+    name: 'npm10:jest example'
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: 'Use Node.js'
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          node-version-file: '.nvmrc'
+      - name: 'install latest npm 10'
+        run: npm i -g npm@next-10  
+      - name: Install Dependencies
+        run: yarn install
+      - name: 'Run verdaccio in the background'
+        run: |
+          nohup yarn node ./scripts/run-verdaccio.js  --config ./scripts/e2e-config.yaml  &
+      - name: 'Ping to verdaccio'
+        run: |
+          npm ping --registry http://localhost:4873
+      - name: 'Running the integration test'
+        run: |
+          source scripts/e2e-setup-ci.sh
+          npm init --yes
+          npm install jest@29.4.2 --registry http://localhost:4873  --loglevel info 
+
+          echo "it('should pass', () => { expect(true).toBeTruthy(); });" | tee pass.test.js
+          yarn jest pass.test.js
+
+          yarn add left-pad --registry http://localhost:4873 --verbose
+          echo "const leftPad = require('left-pad'); it('should resolve a module', () => { expect(typeof leftPad).toBe('function');});" | tee module.test.js
+          yarn jest module.test.js          
+  pnpm8:
+    name: 'pnpm8:jest example'
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: 'Use Node.js'
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          node-version-file: '.nvmrc'
+      - name: 'install latest pnpm'
+        run: npm i -g pnpm@latest-8
+      - name: Install Dependencies
+        run: yarn install
+      - name: 'Run verdaccio in the background'
+        run: |
+          nohup yarn node ./scripts/run-verdaccio.js &
+      - name: 'Ping to verdaccio'
+        run: |
+          pnpm ping --registry http://localhost:4873
+      - name: 'Running the integration test'
+        run: |
+          source scripts/e2e-setup-ci.sh
+          pnpm init
+          pnpm install jest@29.5.0 --registry http://localhost:4873  --loglevel info 
+
+          echo "it('should pass', () => { expect(true).toBeTruthy(); });" | tee pass.test.js
+          yarn jest pass.test.js
+
+          yarn add left-pad --registry http://localhost:4873 --verbose
+          echo "const leftPad = require('left-pad'); it('should resolve a module', () => { expect(typeof leftPad).toBe('function');});" | tee module.test.js
+          yarn jest module.test.js
+  pnpm9:
+    name: 'pnpm:9:jest example'
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: 'Use Node.js'
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          node-version-file: '.nvmrc'
+      - name: 'install latest pnpm'
+        run: npm i -g pnpm@latest-9
+      - name: Install Dependencies
+        run: yarn install
+      - name: 'Run verdaccio in the background'
+        run: |
+          yarn node ./scripts/run-verdaccio.js &
+      - name: 'Ping to verdaccio'
+        run: |
+          pnpm ping --registry http://localhost:4873
+      - name: 'Running the integration test'
+        run: |
+          source scripts/e2e-setup-ci.sh
+          pnpm init
+          pnpm install jest@29.5.0 --registry http://localhost:4873 --loglevel info 
+
+          echo "it('should pass', () => { expect(true).toBeTruthy(); });" | tee pass.test.js
+          yarn jest pass.test.js
+
+          yarn add left-pad --registry http://localhost:4873 --verbose
+          echo "const leftPad = require('left-pad'); it('should resolve a module', () => { expect(typeof leftPad).toBe('function');});" | tee module.test.js
+          yarn jest module.test.js

.github/workflows/x-release-snapshot.yml

@@ -0,0 +1,28 @@
+on:
+  workflow_call:
+  
+jobs:
+  release:
+    name: Release Snapshot
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+    - name: Use Node (latest)
+      uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+      with:
+        node-version-file: '.nvmrc'
+    - name: Install
+      run: yarn install
+    - name: Build
+      run: yarn build
+    - name: Declare some variables
+      shell: bash
+      run: |
+        echo "sha_short=$(git rev-parse --short "$GITHUB_SHA")" >> "$GITHUB_ENV"
+    - name: Bump up package
+      run: npm version prerelease --no-git-tag-version --preid ${{ env.sha_short }}   
+    - name: Publish
+      run: sh scripts/publish-prerelease.sh
+      env:
+        REGISTRY_AUTH_TOKEN: ${{ secrets.VERDACCIO_REGISTRY_TOKEN_CANARY }}
+        REGISTRY_URL: rg.verdaccio.org

.github/workflows/x-release.yml

@@ -0,0 +1,28 @@
+on:
+  workflow_call:
+  
+jobs:
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+    - name: Use Node (latest)
+      uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+      with:
+        node-version-file: '.nvmrc'
+    - name: Install
+      run: yarn install
+    - name: Build
+      run: yarn build
+    - name: Types
+      run: yarn code:types      
+    - name: Publish
+      run: sh scripts/publish.sh
+      env:
+        REGISTRY_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
+        REGISTRY_URL: registry.npmjs.org
+    - name: Create release notes
+      run: sh scripts/github-release.sh
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/x-smok-test-docker.yml

@@ -0,0 +1,32 @@
+on:
+  workflow_call:
+    inputs:
+      docker_tag:
+        required: true
+        type: string
+        description: 'Docker tag to use for the verdaccio image'
+        default: '5'
+      module_tag:
+        required: true
+        type: string
+        description: 'Npmjs module tag to use for the verdaccio image'
+        default: '@latest'   
+  
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          node-version-file: '.nvmrc'
+      - name: Docker test
+        run: |
+            docker run -d -it --rm --name verdaccio -p 4873:4873 verdaccio/verdaccio:${{ inputs.docker_tag }}
+      - name: verdaccio cli 
+        run:  npm install -g verdaccio${{inputs.module_tag }} --registry http://localhost:4873                        
+      - name: gastby cli 
+        run:  npm install -g gatsby-cli --registry http://localhost:4873
+      - name: netlify cli 
+        run:  npm install -g netlify-cli --registry http://localhost:4873
+      - name: angular cli 
+        run:  npm install -g @angular/cli --registry http://localhost:4873

.github/workflows/x-smok-test-module.yml

@@ -0,0 +1,45 @@
+on:
+  workflow_call:
+    inputs:
+      docker_tag:
+        required: true
+        type: string
+        description: 'Docker tag to use for the verdaccio image'
+        default: '5'  
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Use Node (latest)
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          node-version-file: '.nvmrc'
+      - name: Docker test
+        run: |
+            docker run -d -it --rm --name verdaccio -p 4873:4873 verdaccio/verdaccio:${{ inputs.docker_tag }}
+      - name: login    
+        run: npx npm-cli-login -u test -p 1234 -e test@domain.test -r http://localhost:4873                 
+      - name: Install
+        run: yarn
+      - name: Build
+        run: yarn build
+      - name: Types
+        run: yarn code:types
+      - name: Bump up package
+        run: npm version prerelease --no-git-tag-version --preid $(date +%s%N)
+      - name: publish verdaccio 
+        run:  npm publish --registry http://localhost:4873
+      - name: install verdaccio 
+        run:  npm i -g verdaccio --loglevel info --registry http://localhost:4873
+      - name: verdaccio version 
+        run:  verdaccio --version
+      - name: 'Running the integration test'
+        run: |
+          source scripts/e2e-setup-ci.sh
+          npm init --force
+          npm install jest --registry http://localhost:4873
+          npm install verdaccio --registry http://localhost:4873
+          echo "test('require module should works', () => { const {runServer} = require('verdaccio') });" | tee module.spec.js
+          cat module.spec.js
+          yarn jest    

.github/workflows/yarn-ci-lint.yml

@@ -0,0 +1,21 @@
+on:
+  workflow_call:
+
+jobs:
+  ci-lint:
+    name: Node Lint
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+    - name: Use Node 
+      uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+      with:
+        node-version-file: '.nvmrc'
+    - name: Install
+      run: yarn install --immutable
+    - name: Format
+      run: yarn format:check
+    - name: Lint
+      run: yarn lint
+    - name: Lint Lockfile
+      run: yarn lint:lockfile

.github/workflows/yarn-ci.yml

@@ -0,0 +1,24 @@
+on:
+  workflow_call:
+    inputs:
+      node_version:
+        required: true
+        type: string
+jobs:
+  ci:
+    name: Node ${{ inputs.node_version }}
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+    - name: Use Node ${{ inputs.node_version }}
+      uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+      with:
+        node-version: ${{ inputs.node_version }}
+    - name: Install
+      run: yarn install --immutable
+    - name: Build
+      run: yarn build
+    - name: Types
+      run: yarn code:types            
+    - name: Test
+      run: yarn test

.gitignore

@@ -41,12 +41,18 @@ packages/plugins/ui-theme/static
 # CI Pnpm cache
 .pnpm-store/
 
-# benchmark
-api-results.json
-hyper-results.json
-hyper-results*.json
-api-results*.json
+#docs
+website/docs/api/**/*.md
+website/docs/api/**/*.yml
+!website/docs/api/index.md
+packages/**/docs
 
-#docs 
-./api
-packages/core/core/docs
+# cypress
+e2e/ui/cypress/videos/**/*
+e2e/ui/cypress/screenshots/**/*
+
+# storybook
+packages/ui-components/storybook-static
+
+# plugin generator
+packages/tools/generator-verdaccio-plugin/generators/

.netlify/netlify-plugin-pnpm/index.js

@@ -1,10 +0,0 @@
-module.exports = {
-  onPreBuild: async ({ utils: { build, run } }) => {
-    try {
-      await run.command("npm install -g pnpm")
-      await run.command("pnpm install --ignore-scripts --frozen-lockfile")
-    } catch (error) {
-      return build.failBuild(error)
-    }
-  }
-}

.netlify/netlify-plugin-pnpm/manifest.yml

@@ -1,2 +0,0 @@
-name: netlify-plugin-pnpm
-inputs: []

.npmrc

@@ -1,5 +1 @@
-always-auth = true
-recursive-install = true
-registry = https://registry.verdaccio.org
-loglevel=info
 fetch-retries="10"

.nvmrc

@@ -1 +1 @@
-16
+20

.prettierignore

@@ -8,19 +8,21 @@
 **/wrong.package.json
 crowdin.yaml
 /docs/website
-/website/*
 /website/translated_docs/
 CHANGELOG.md
 CONTRIBUTORS.md
 node_modules/
 **/coverage/**
 **/static/*.js
+**/dist/*.js
+website/.docusaurus/**/*
+website/i18n/**/*
 **/build/*.js
 packages/core/local-storage/_storage/**
 packages/partials/storage_default_storage/
 packages/standalone/dist/bundle.js
+packages/verdaccio/dist/bundle.js
 docker-examples/v5/reverse_proxy/nginx/relative_path/storage/*
-docker-examples/
 build/
 .vscode/
 .github/
@@ -31,3 +33,7 @@ api/**
 packages/core/local-storage/tests/__fixtures__/test-storage/
 packages/plugins/ui-theme/static/
 .verdaccio-db.json
+test/cli/e2e-yarn4/bin/yarn-4.0.0-rc.14.cjs
+yarn.js
+website/docs/api/*
+packages/ui-components/storybook-static/*

.prettierrc

@@ -5,7 +5,11 @@
   "tabWidth": 2,
   "singleQuote": true,
   "bracketSpacing": true,
-  "jsxBracketSameLine": true,
   "trailingComma": "es5",
-  "semi": true
+  "semi": true,
+  "plugins": ["@trivago/prettier-plugin-sort-imports"],
+  "importOrder": ["^@verdaccio/(.*)$", "^[./]"],
+  "importOrderSeparation": true,
+  "importOrderParserPlugins": ["typescript", "classProperties", "jsx"],
+  "importOrderSortSpecifiers": true
 }

.vscode/launch.json

@@ -4,88 +4,12 @@
   // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
   "version": "0.2.0",
   "configurations": [
-
-  {
-    "name": "Attach",
-    "port": 9229,
-    "request": "attach",
-    "skipFiles": [
-      "<node_internals>/**"
-    ],
-    "type": "pwa-node"
-  },
     {
-      "name": "Verdaccio Debug",
+      "name": "Attach",
       "port": 9229,
       "request": "attach",
       "skipFiles": ["<node_internals>/**"],
       "type": "pwa-node"
-    },
-    {
-      "type": "node",
-      "request": "launch",
-      "name": "CLI Babel Registry",
-      "stopOnEntry": false,
-      "program": "${workspaceFolder}/debug/bootstrap.js",
-      "args": ["-l", "0.0.0.0:4873"],
-      "env": {
-        "BABEL_ENV": "registry"
-      },
-      "preLaunchTask": "npm: build:webui",
-      "console": "integratedTerminal"
-    },
-    {
-      "name": "Unit Tests",
-      "type": "node",
-      "request": "launch",
-      "program": "${workspaceRoot}/node_modules/bin/jest",
-      "stopOnEntry": false,
-      "args": ["--debug=true"],
-      "cwd": "${workspaceRoot}",
-      "runtimeExecutable": null,
-      "runtimeArgs": ["--nolazy"],
-      "env": {
-        "NODE_ENV": "test",
-        "TZ": "UTC"
-      },
-      "console": "integratedTerminal"
-    },
-    {
-      "name": "Functional Tests",
-      "type": "node",
-      "request": "launch",
-      "program": "${workspaceRoot}/node_modules/.bin/jest",
-      "stopOnEntry": false,
-      "args": [
-        "--config",
-        "./test/jest.config.functional.js",
-        "--testPathPattern",
-        "./test/functional/index*",
-        "--debug=false",
-        "--verbose",
-        "--useStderr",
-        "--detectOpenHandles"
-      ],
-      "cwd": "${workspaceRoot}",
-      "env": {
-        "BABEL_ENV": "testOldEnv",
-        "VERDACCIO_DEBUG": "true",
-        "VERDACCIO_DEBUG_INJECT": "true",
-        "NODE_DEBUG": "TO_DEBUG_REQUEST_REMOVE_THIS_request"
-      },
-      "preLaunchTask": "pre-test",
-      "console": "integratedTerminal",
-      "runtimeExecutable": null,
-      "runtimeArgs": ["--nolazy"]
-    },
-    {
-      "type": "node",
-      "request": "launch",
-      "name": "Verdaccio Compiled",
-      "preLaunchTask": "npm: code:build",
-      "program": "${workspaceRoot}/bin/verdaccio",
-      "args": ["-l", "0.0.0.0:4873"],
-      "console": "integratedTerminal"
     }
   ]
 }

.vscode/settings.json

@@ -1,12 +1,10 @@
 // Place your settings in this file to overwrite default and user settings.
 {
   "files.exclude": {
-    "**/.nyc_output": true,
     "**/build": false,
     "**/coverage": true,
     ".idea": true,
-    "storage_default_storage": true,
-    ".yarn": true
   },
-  "typescript.tsdk": "node_modules/typescript/lib"
+  "editor.defaultFormatter": "esbenp.prettier-vscode",
+  "editor.formatOnSave": true
 }

.vscode/tasks.json

@@ -1,21 +0,0 @@
-{
-  // See https://go.microsoft.com/fwlink/?LinkId=733558
-  // for the documentation about the tasks.json format
-  "version": "2.0.0",
-  "tasks": [
-    {
-      "type": "npm",
-      "script": "build:webui",
-      "problemMatcher": []
-    },
-    {
-      "type": "npm",
-      "script": "code:build",
-      "problemMatcher": []
-    },
-    {
-      "label": "pre-test",
-      "dependsOn": ["npm: code:build", "npm: test:clean"]
-    }
-  ]
-}

CONTRIBUTING.md

@@ -1,59 +1,35 @@
 # Contributing
 
-> Any change matters, whatever the size, just do it.
+> This guidelines refers to the main (`master`) that host the v6.x, if you want to contribute to `5.x` please read the following [link](https://github.com/verdaccio/verdaccio/blob/5.x/CONTRIBUTING.md).
 
-We're happy that you're considering contributing! To help, we've prepared these
-guidelines for you:
+We're happy that you're considering contributing!
 
-**Table of Contents**
-
-- [Contributing](#contributing)
-  - [How Do I Contribute?](#how-do-i-contribute)
-  - [Development Setup](#development-setup)
-    - [Building the project](#building-the-project)
-    - [Running test](#running-test)
-    - [Running and debugging](#running-and-debugging)
-    - [Debugging compiled code](#debugging-compiled-code)
-  - [Reporting Bugs](#reporting-bugs)
-    - [Read the documentation](#read-the-documentation)
-    - [What's is not considered a bug?](#whats-is-not-considered-a-bug)
-    - [Issue Search](#issue-search)
-    - [Chat](#chat)
-  - [Translations](#translations)
-  - [Request Features](#request-features)
-  - [Contributing Guidelines](#contributing-guidelines)
-    - [Submitting a Pull Request](#submitting-a-pull-request)
-    - [Make Changes and Commit](#make-changes-and-commit)
-      - [Caveats](#caveats)
-      - [Before Commit](#before-commit)
-      - [Commit Guidelines](#commit-guidelines)
-    - [Adding a changeset](#adding-a-changeset)
-    - [Update Tests](#update-tests)
-  - [Develop Plugins](#develop-plugins)
+To help you getting started we've prepared these guidelines for you, any change matter, just do it:
 
 ## How Do I Contribute?
 
 There are many ways to contribute:
 
-- Report a bug
-- Request a feature you think would be great for Verdaccio
-- Fix bugs
-- Test and triage bugs reported by others
-- Work on requested/approved features
-- Improve the codebase (linting, naming, comments, test descriptions, etc...)
+- [Report a bug](#reporting-bugs)
+- [Request a feature you think would be great for Verdaccio](#feature-request)
+- [Fixing bugs](https://github.com/verdaccio/verdaccio/issues?q=is%3Aopen+is%3Aissue+label%3A%22issue%3A+bug%22)
+- [Test and triage bugs reported by others](https://github.com/verdaccio/verdaccio/issues?q=is%3Aopen+is%3Aissue+label%3Aissue_needs_triage)
+- [Working on requested/approved features](https://github.com/verdaccio/verdaccio/issues?q=is%3Aopen+is%3Aissue+label%3A%22topic%3A+feature+request%22+)
+- [Improve the codebase (linting, naming, comments, test descriptions, etc...)](https://github.com/verdaccio/verdaccio/discussions/1461)
+- Improve code coverage for unit testing for every module, [end to end](https://github.com/verdaccio/verdaccio/tree/master/e2e/cli) or [UI test](https://github.com/verdaccio/verdaccio/tree/master/e2e/ui) (with cypress).
 
-The Verdaccio project is split into several areas:
+The Verdaccio project is split into several areas, the first three hosted in the main repository:
 
 - **Core**: The [core](https://github.com/verdaccio/verdaccio) is the main repository, built with **Node.js**.
 - **Website**: we use [**Docusaurus**](https://docusaurus.io/) for the **website** and if you are familiar with this technology, you might become the official webmaster.
 - **User Interface**: The [user Interface](https://github.com/verdaccio/ui) is based in **react** and **material-ui** and looking for front-end contributors.
 - **Kubernetes and Helm**: Ts the official repository for the [**Helm chart**](https://github.com/verdaccio/charts).
 
-> There are other areas to contribute, like documentation, translation which are
-> not hosted on this repo but check the last section of this notes for further
-> information.
+> There are other areas to contribute, like [documentation](https://github.com/verdaccio/verdaccio/tree/master/website/docs) or [translations](#translations}).
 
-## Development Setup
+## Prepare local setup {#local-setup}
+
+**Note**: The size of the Verdaccio project is quite significant. Unzipped it is about 33 MB. However, a full build with all node_modules installed takes about **2.8 GB** of disk space (~190k files)!
 
 Verdaccio uses [pnpm](https://pnpm.io) as the package manager for development in this repository.
 
@@ -67,61 +43,70 @@ package-lock=false
 
 This setting would cause the `pnpm install` command to install incorrect versions of package dependencies and the subsequent `pnpm build` step would likely fail.
 
-To begin your development setup, please install the latest version of pnpm globally:
+We use [corepack](https://github.com/nodejs/corepack) to install and use a specific (latest) version of pnpm. Please run the following commands which is use a specific version on Node.js and configure it to use a specific version of pnpm. The version of pnpm is specified in the `package.json` file in `packageManager` field.
 
+```shell
+nvm install
+corepack enable
 ```
-npm i -g pnpm
+
+`pnpm` version will be updated mainly by the maintainers but if you would like to set it to a specific version, you can do so by running the following command:
+
+> `packageManager` at the `package.json` defines the default version to be used.
+
+```shell
+corepack prepare
 ```
 
 With pnpm installed, the first step is installing all dependencies:
 
-```
+```shell
 pnpm install
 ```
 
 ### Building the project
 
-To build the project run
+Each package is independent, dependencies must be build first, run:
 
-```
+```shell
 pnpm build
 ```
 
 ### Running test
 
-```
+```shell
 pnpm test
 ```
 
-Verdaccio is a mono repository. To run the tests for for a specific package:
+Verdaccio is a mono repository. To run the tests for a specific package:
 
-```
+```shell
 cd packages/store
 pnpm test
 ```
 
-or an specific test in that package:
+or a specific test in that package:
 
-```
+```shell
 pnpm test test/merge.dist.tags.spec.ts
 ```
 
 or a single test unit:
 
-```
+```shell
 pnpm test test/merge.dist.tags.spec.ts -- -t 'simple'
 ```
 
 Coverage reporting is enabled by default, but you can turn it off to speed up
 test runs:
 
-```
+```shell
 pnpm test test/merge.dist.tags.spec.ts -- -t 'simple' --coverage=false
 ```
 
 You can enable increased [`debug`](https://www.npmjs.com/package/debug) output:
 
-```
+```shell
 DEBUG=verdaccio:* pnpm test
 ```
 
@@ -129,41 +114,101 @@ More details in the debug section
 
 ### Running and debugging
 
+> Check the debugging guidelines [here](https://github.com/verdaccio/verdaccio/wiki/Debugging-Verdaccio)
+
 We use [`debug`](https://www.npmjs.com/package/debug) to add helpful debugging
 output to the code. Each package has it owns namespace.
 
-#### Debugging compiled code
+#### Developing with local server
 
-Currently you can only run pre-compiled packages in debug mode. To enable debug
+To run the application from the source code, ensure the project has been built with `pnpm build`, once this is done, there are few commands that helps to run server:
+
+The command `pnpm start` runs web server on port `8000` and user interface (webpack-server) on port `4873`. This is particularly useful if you want to contribute to the UI, since it runs with hot reload. The request to the server are proxy through webpack proxy support through the port `4873`.
+
+The user interface is split in two packages, the `/packages/plugins/ui-theme` and the `/packages/ui-components`. The `ui-components` package uses _storybook_ in order to develop component, but if you need to reload ui components with `ui-theme` do the following.
+
+Go to `/packages/ui-component` and run `pnpm watch` to enable _babel_ in watch mode, every change on the components will be hot reloaded in combination with the `pnpm start` command.
+
+Any change on the server packages, must be build independently (server does not have hot reload, `pnpm start` should be triggered again).
+
+Any interaction with the server should be done through the port `8000` eg: `npm login --registry http://localhost:8000` .
+
+#### Useful commands
+
+- `pnpm debug`: Run the server in debug mode `--inspect`. UI runs too but without hot reload. For automatic break use `pnpm debug:break`.
+- `pnpm debug:fastify`: To contribute on the [fastify migration](https://github.com/verdaccio/verdaccio/discussions/2155) this is a temporary command for such purpose.
+- `pnpm website`: Build the website, for more commands to run the _website_, run `cd website` and then `pnpm serve`, website will run on port `3000`.
+- `pnpm docker`: Build the docker image. Requires `docker` command available in your system.
+
+#### Debugging compiled code {#debugging-compiled-code}
+
+Currently, you can only run pre-compiled packages in debug mode. To enable debug
 while running add the `verdaccio` namespace using the `DEBUG` environment
 variable, like this:
 
-```
+```shell
 DEBUG=verdaccio:* node packages/verdaccio/debug/bootstrap.js
 ```
 
 You can filter this output to just the packages you're interested in using
 namespaces:
 
-```
+```shell
 DEBUG=verdaccio:plugin:* node packages/verdaccio/debug/bootstrap.js
 ```
 
 The debug code is intended to analyze what is happening under the hood and none
 of the output is sent to the logger module.
 
-## Reporting Bugs
+> [See the full guide how to debug with Verdaccio](https://github.com/verdaccio/verdaccio/wiki/Debugging-Verdaccio)
+
+#### Testing your changes in a local registry {#testing-local-registry}
+
+Once you have performed your changes in the code base, the build and tests passes you can publish a local version:
+
+- Ensure you have built all modules by running `pnpm build` (or the one you have modified)
+- Run `pnpm local:publish:release` to launch a local registry and publish all packages into it. This command will be alive until server is killed (Control Key + C)
+
+```shell
+pnpm build
+pnpm local:publish:release
+```
+
+The last step consist on install globally the package from the local registry which runs on the default port (4873).
+
+```shell
+npm i -g verdaccio --registry=http://localhost:4873
+verdaccio
+```
+
+If you perform more changes in the source code, repeat this process, there is no _hot reloading_ support.
+
+## Feature Request {#feature-request}
+
+New feature requests are welcome. Analyse whether the idea fits within scope of the project. Adding in context and the use-case will really help!
+
+**Please provide:**
+
+- Create a [discussion](https://github.com/verdaccio/verdaccio/discussions/new).
+- A detailed description the advantages of your request.
+- Whether or not it's compatible with `npm`, `pnpm` and [_yarn classic_
+  ](https://github.com/yarnpkg/yarn) or [_yarn modern_
+  ](https://github.com/yarnpkg/berry).
+- A potential implementation or design
+- Whatever else is on your mind! 🤓
+
+## Reporting Bugs {#reporting-bugs}
 
 **Bugs are considered features that are not working as described in
 documentation.**
 
 If you've found a bug in Verdaccio **that isn't a security risk**, please file
-a report in our [issue tracker](https://github.com/verdaccio/verdaccio/issues).
+a report in our [issue tracker](https://github.com/verdaccio/verdaccio/issues), if you think a potential vulnerability please read the [security policy](https://verdaccio.org/community/security) .
 
 > **NOTE: Verdaccio still does not support all npm commands. Some were not
 > considered important and others have not been requested yet.**
 
-### What's is not considered a bug?
+### What is not considered a bug?
 
 - _Third party integrations_: proxies integrations, external plugins
 - _Package managers_: If a package manager does not support a specific command
@@ -171,13 +216,13 @@ a report in our [issue tracker](https://github.com/verdaccio/verdaccio/issues).
 - _Features clearly flagged as not supported_
 - _Node.js issues installation in any platform_: If you cannot install the
   global package (this is considered external issue)
-- Any ticket which has beed flagged as an [external issue
+- Any ticket which has been flagged as an [external issue
   ](https://github.com/verdaccio/verdaccio/labels/external-issue)
 
 If you intend to report a **security** issue, please follow our [Security policy
 guidelines](https://github.com/verdaccio/verdaccio/security/policy).
 
-### Issue Search
+### Issues {#issues}
 
 Before reporting a bug please:
 
@@ -189,53 +234,21 @@ In case any of those match with your search, up-vote it (using GitHub reactions)
 or add additional helpful details to the existing issue to show that it's
 affecting multiple people.
 
-### Chat
+### Contributing support
 
 Questions can be asked via [Discord](https://discord.gg/7qWJxBf)
 
-**Please use the `#help` channel.**
+**Please use the `#contribute` channel.**
 
-## Translations
+## Development Guidelines {#development-guidelines}
 
-All translations are provided by the `crowdin` platform:
-[https://translate.verdaccio.org/](https://translate.verdaccio.org/)
+It's recommended use a UNIX system for local development, Windows dev local support is not being tested and might not work. To ensure a fast code review and merge, please follow the next guidelines:
 
-If you want to contribute by adding translations, create an account (GitHub could be used as fast alternative), in the platform you can contribute to two areas, the website or improve User Interface translations.
+Any contribution gives you the right to be part of this organization as _collaborator_ and your avatar will be automatically added to the [contributors page](https://verdaccio.org/contributors).
 
-If a language is not listed, ask for it in the [Discord](https://discord.gg/7qWJxBf) channel #contribute channel.
+## Pull Request {#pull-request}
 
-For adding a new **language** on the UI follow these steps:
-
-1. Ensure the **language** has been enabled, must be visible in the `crowdin` platform.
-2. Find in the explorer the file `en.US.json` in the path `packages/plugins/ui-theme/src/i18n/crowdin/ui.json` and complete the translations, **not need to find approval on this**.
-3. Into the project, add a new field into `packages/plugins/ui-theme/src/i18n/crowdin/ui.json` file, in the section `lng`, the new language, eg: `{ lng: {korean:"Korean"}}`. (This file is English based, once the PR has been merged, this string will be available in crowdin for translate to the targeted language).
-4. Add the language, [flag icon](https://www.npmjs.com/package/country-flag-icons), and the menu key fort he new language eg: `menuKey: 'lng.korean'` to the file `packages/plugins/ui-theme/src/i18n/enabledLanguages.ts`.
-5. For local testing, read `packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md`.
-6. Add a `changeset` file, see more info below.
-
-## Request Features
-
-New feature requests are welcome. Analyse whether the idea fits within scope of
-the project. Adding in context and the use-case will really help!
-
-**Please provide:**
-
-- A detailed description the advantages of your request
-- Whether or not it's compatible with `npm`, `pnpm` and [_yarn classic_
-  ](https://github.com/yarnpkg/yarn) or [_yarn berry_
-  ](https://github.com/yarnpkg/berry).
-- A potential implementation or design
-- Whatever else is on your mind! 🤓
-
-## Contributing Guidelines
-
-It's very exciting to become a Verdaccio contributor 🙌🏼. To ensure a fast code
-review and merge, please follow the next guidelines:
-
-> Any contribution gives you the right to be part of this organization as
-> _collaborator_.
-
-### Submitting a Pull Request
+### Submitting a Pull Request {#submit-pull-request}
 
 The following are the steps you should follow when creating a pull request.
 Subsequent pull requests only need to follow step 3 and beyond.
@@ -259,14 +272,14 @@ information on [rebasing](https://git-scm.com/book/en/v2/Git-Branching-Rebasing)
 
 #### Caveats
 
-Feel free to commit as much times you want in your branch, but keep on mind on
+Feel free to commit as many times you want in your branch, but keep on mind on
 this repository we `git squash` on merge by default, as we like to maintain a
 clean git history.
 
-#### Before Commit
+#### Before Push {#before-push}
 
-Before committing, **you must ensure there are no linting errors and
-all tests pass.** To do this, run these commands before create the PR:
+Before committing or push, **you must ensure there are no linting errors and
+all tests passes**. To do verify, run these commands before creating the PR:
 
 ```bash
 pnpm lint
@@ -280,50 +293,21 @@ pnpm test
 
 All good? Perfect! You should create the pull request.
 
-#### Commit Guidelines
+#### Commit Guidelines {#commits}
 
-For example:
+On a pull request, commit messages are not important, please focus on document properly the pull request content. The commit message will be taken from the pull request title, it is recommended to use lowercase format.
 
-- `feat: A new feature`
-- `fix: A bug fix`
-
-A commit of the type feat introduces a new feature to the codebase (this
-correlates with MINOR in semantic versioning).
-
-e.g.:
-
-```
-feat: xxxxxxxxxx
-```
-
-A commit of the type fix patches a bug in your codebase (this correlates with
-PATCH in semantic versioning).
-
-e.g.:
-
-```
-fix: xxxxxxxxxxx
-```
-
-Commits types such as as `docs:`,`style:`,`refactor:`,`perf:`,`test:` and
-`chore:` are valid but have no effect on versioning: **please use them!**
-
-All commits message are going to be validated when they are created using
-_husky_ hooks.
-
-> Please try to provide one single commit to help a clean and easy merge process
-
-### Adding a changeset
+### Adding a changeset {#changeset}
 
 We use [changesets](https://github.com/atlassian/changesets) in order to
 generate a detailed Changelog as possible.
 
 Adding a changeset with your Pull Request is essential if you want your
-contribution to get merged (unless is a change that does not affect library
-functionality, eg: typo, docs, readme, add additional test or linting code). To
+contribution to get merged (unless it does not affect functionality or
+user-facing content, eg: docs, readme, adding test or typo/lint fixes). To
 create a changeset please run:
 
-```
+```shell
 pnpm changeset
 ```
 
@@ -375,7 +359,7 @@ The last step is to confirm your changeset or abort the operation:
 🦋  info /Users/user/verdaccio.clone/.changeset/light-scissors-smell.md
 ```
 
-Once the changeset is added (all will have an unique name) you can freely edit
+Once the changeset is added (all will have a unique name) you can freely edit
 using markdown, adding additional information, code snippets or whatever else
 you consider to be relevant.
 
@@ -395,7 +379,27 @@ If you need help with how testing works, please [refer to the following guide
 **If you are introducing new features, you MUST include new tests. PRs for
 features without tests will not be merged.**
 
-## Develop Plugins
+## Translations {#translations}
+
+All translations are provided by the **[crowdin](http://crowdin.com)** platform,
+[https://translate.verdaccio.org/](https://translate.verdaccio.org/)
+
+If you want to contribute by adding translations, create an account (GitHub could be used as fast alternative), in the platform you can contribute to two areas, the website or improve User Interface translations.
+
+> Languages with less the 40% of translations available are excluded by the build system.
+
+If a language is not listed, ask for it in the [Discord](https://discord.gg/7qWJxBf) channel #contribute channel.
+
+For adding a new **language** on the UI follow these steps:
+
+1. Ensure the **language** has been enabled, must be visible in the `crowdin` platform.
+2. Find in the explorer the file `en.US.json` in the path `packages/plugins/ui-theme/src/i18n/crowdin/ui.json` and complete the translations, **not need to find approval on this**.
+3. Into the project, add a new field into `packages/plugins/ui-theme/src/i18n/crowdin/ui.json` file, in the section `lng`, the new language, eg: `{ lng: {korean:"Korean"}}`. (This file is English based, once the PR has been merged, this string will be available in crowdin for translate to the targeted language).
+4. Add the language, [flag icon](https://www.npmjs.com/package/country-flag-icons), and the menu key for the new language eg: `menuKey: 'lng.korean'` to the file `packages/plugins/ui-theme/src/i18n/enabledLanguages.ts`.
+5. For local testing, read `packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md`.
+6. Add a `changeset` file, see more info below.
+
+## Develop Plugins {#develop-plugins}
 
 Plugins are add-ons that extend the functionality of the application.