chore: update versions (6-next) (#3341)

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

.babelrc

@@ -1,26 +1,14 @@
 {
-  "presets": [ [
-    "@babel/env",
-    {
-      "useBuiltIns": "usage",
-      "corejs": {
-        "version": 3, "proposals": true
-      },
-      "targets": {
-        "node": 12
+  "presets": [
+    [
+      "@babel/env",
+      {
+        "targets": {
+          "node": 16
+        }
       }
-    }
-  ],
+    ],
     "@babel/typescript"
   ],
-  "plugins": [
-    "babel-plugin-dynamic-import-node",
-    "@babel/proposal-class-properties",
-    "@babel/proposal-object-rest-spread",
-    "@babel/plugin-proposal-optional-chaining",
-    "@babel/plugin-proposal-nullish-coalescing-operator"
-    ],
-  "ignore": [
-    "**/*.d.ts"
-  ]
+  "ignore": ["**/*.d.ts"]
 }

.changeset/angry-nails-appear.md

@@ -0,0 +1,52 @@
+---
+'@verdaccio/api': major
+'@verdaccio/auth': major
+'@verdaccio/cli': major
+'@verdaccio/config': major
+'@verdaccio/core': major
+'@verdaccio/file-locking': major
+'@verdaccio/readme': major
+'@verdaccio/tarball': major
+'@verdaccio/types': major
+'@verdaccio/url': major
+'@verdaccio/hooks': major
+'@verdaccio/loaders': major
+'@verdaccio/logger': major
+'@verdaccio/logger-prettify': major
+'@verdaccio/middleware': major
+'@verdaccio/node-api': major
+'verdaccio-audit': major
+'verdaccio-auth-memory': major
+'verdaccio-htpasswd': major
+'@verdaccio/local-storage': major
+'verdaccio-memory': major
+'@verdaccio/ui-theme': major
+'@verdaccio/proxy': major
+'@verdaccio/server': major
+'@verdaccio/store': major
+'@verdaccio/utils': major
+'verdaccio': major
+'@verdaccio/web': major
+---
+
+feat!: replace deprecated request dependency by got
+
+This is a big refactoring of the core, fetching dependencies, improve code, more tests and better stability. This is essential for the next release, will take some time but would allow modularize more the core.
+
+## Notes
+
+- Remove deprecated `request` by other `got`, retry improved, custom Agent ( got does not include it built-in)
+- Remove `async` dependency from storage (used by core) it was linked with proxy somehow safe to remove now
+- Refactor with promises instead callback wherever is possible
+- ~Document the API~
+- Improve testing, integration tests
+- Bugfix
+- Clean up old validations
+- Improve performance
+
+## 💥 Breaking changes
+
+- Plugin API methods were callbacks based are returning promises, this will break current storage plugins, check documentation for upgrade.
+- Write Tarball, Read Tarball methods parameters change, a new set of options like `AbortController` signals are being provided to the `addAbortSignal` can be internally used with Streams when a request is aborted. eg: `addAbortSignal(signal, fs.createReadStream(pathName));`
+- `@verdaccio/streams` stream abort support is legacy is being deprecated removed
+- Remove AWS and Google Cloud packages for future refactoring [#2574](https://github.com/verdaccio/verdaccio/pull/2574).

.changeset/bright-poems-obey.md

@@ -0,0 +1,37 @@
+---
+'@verdaccio/api': major
+'@verdaccio/server-fastify': major
+'@verdaccio/tarball': major
+'@verdaccio/local-storage': major
+'verdaccio-memory': major
+'@verdaccio/server': major
+'@verdaccio/store': major
+'@verdaccio/utils': major
+---
+
+refactor: download manifest endpoint and integrate fastify
+
+Much simpler API for fetching a package
+
+```
+ const manifest = await storage.getPackageNext({
+      name,
+      uplinksLook: true,
+      req,
+      version: queryVersion,
+      requestOptions,
+ });
+```
+
+> not perfect, the `req` still is being passed to the proxy (this has to be refactored at proxy package) and then removed from here, in proxy we pass the request instance to the `request` library.
+
+### Details
+
+- `async/await` sugar for getPackage()
+- Improve and reuse code between current implementation and new fastify endpoint (add scaffolding for request manifest)
+- Improve performance
+- Add new tests
+
+### Breaking changes
+
+All storage plugins will stop to work since the storage uses `getPackageNext` method which is Promise based, I won't replace this now because will force me to update all plugins, I'll follow up in another PR. Currently will throw http 500

.changeset/brown-cycles-laugh.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/cli': patch
+---
+
+chore: improve error logger message

.changeset/brown-pandas-wink.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-theme': patch
+---
+
+add banner support ukraine

.changeset/chilled-ways-fetch.md

@@ -0,0 +1,5 @@
+---
+'verdaccio-memory': patch
+---
+
+Fix storing tarballs with identical names from different packages in memory plugin

.changeset/clever-pugs-warn.md

@@ -0,0 +1,11 @@
+---
+'@verdaccio/cli': major
+'@verdaccio/core': major
+'@verdaccio/types': major
+'@verdaccio/logger': major
+'@verdaccio/logger-prettify': major
+'verdaccio-audit': major
+'@verdaccio/eslint-config': major
+---
+
+feat: migrate to pino.js 8

.changeset/dry-planes-tap.md

@@ -6,7 +6,7 @@
 '@verdaccio/commons-api': major
 '@verdaccio/core': major
 '@verdaccio/local-storage': major
-'@verdaccio/fastify-migration': major
+'@verdaccio/server-fastify': major
 '@verdaccio/streams': major
 '@verdaccio/types': major
 '@verdaccio/hooks': major

.changeset/dull-monkeys-search.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-theme': patch
+---
+
+show verdaccio logo in the footer even when custom brand is set

.changeset/eleven-brooms-hunt.md

@@ -0,0 +1,11 @@
+---
+'@verdaccio/api': minor
+'@verdaccio/core': minor
+'@verdaccio/tarball': minor
+'@verdaccio/middleware': minor
+'verdaccio-audit': minor
+'@verdaccio/utils': minor
+'@verdaccio/web': minor
+---
+
+refactor: improve docker image build with strict dependencies and prod build

.changeset/eleven-spoons-matter.md

@@ -0,0 +1,38 @@
+---
+'@verdaccio/api': major
+'@verdaccio/auth': major
+'@verdaccio/cli': major
+'@verdaccio/config': major
+'@verdaccio/core': major
+'@verdaccio/file-locking': major
+'verdaccio-htpasswd': major
+'@verdaccio/readme': major
+'@verdaccio/server-fastify': major
+'@verdaccio/streams': major
+'@verdaccio/tarball': major
+'@verdaccio/types': major
+'@verdaccio/url': major
+'@verdaccio/hooks': major
+'@verdaccio/loaders': major
+'@verdaccio/logger': major
+'@verdaccio/middleware': major
+'@verdaccio/node-api': major
+'@verdaccio/active-directory': major
+'verdaccio-audit': major
+'verdaccio-auth-memory': major
+'verdaccio-aws-s3-storage': major
+'verdaccio-google-cloud': major
+'verdaccio-memory': major
+'@verdaccio/ui-theme': major
+'@verdaccio/server': major
+'@verdaccio/cli-standalone': major
+'@verdaccio/store': major
+'@verdaccio/dev-types': major
+'@verdaccio/utils': major
+'verdaccio': major
+'@verdaccio/web': major
+---
+
+Remove Node 12 support
+
+- We need move to the new `undici` and does not support Node.js 12

.changeset/fair-lemons-beam.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/logger-prettify': minor
+'@verdaccio/logger': patch
+---
+
+hydrate template placeholders in log messages when format is set to 'json'

.changeset/famous-tigers-doubt.md

@@ -0,0 +1,42 @@
+---
+'@verdaccio/api': patch
+'@verdaccio/auth': patch
+'@verdaccio/cli': patch
+'@verdaccio/core': patch
+'@verdaccio/file-locking': patch
+'@verdaccio/readme': patch
+'@verdaccio/tarball': patch
+'@verdaccio/types': patch
+'@verdaccio/url': patch
+'@verdaccio/hooks': patch
+'@verdaccio/loaders': patch
+'@verdaccio/logger': patch
+'@verdaccio/node-api': patch
+'verdaccio-audit': patch
+'verdaccio-auth-memory': patch
+'verdaccio-htpasswd': patch
+'@verdaccio/local-storage': patch
+'verdaccio-memory': patch
+'@verdaccio/ui-theme': patch
+'@verdaccio/proxy': patch
+'@verdaccio/server': patch
+'@verdaccio/server-fastify': patch
+'@verdaccio/cli-standalone': patch
+'@verdaccio/store': patch
+'docusaurus-plugin-contributors': patch
+'@verdaccio/test-helper': patch
+'verdaccio': patch
+'@verdaccio/web': patch
+'@verdaccio/test-cli-commons': patch
+'@verdaccio/e2e-cli-npm6': patch
+'@verdaccio/e2e-cli-npm7': patch
+'@verdaccio/e2e-cli-npm8': patch
+'@verdaccio/e2e-cli-pnpm6': patch
+'@verdaccio/e2e-cli-pnpm7': patch
+'@verdaccio/e2e-cli-yarn1': patch
+'@verdaccio/e2e-cli-yarn2': patch
+'@verdaccio/e2e-cli-yarn3': patch
+'@verdaccio/e2e-cli-yarn4': patch
+---
+
+fix(deps): @verdaccio/utils should be a prod dep of local-storage

.changeset/few-cooks-destroy.md

@@ -15,7 +15,6 @@
 '@verdaccio/logger': major
 '@verdaccio/logger-prettify': major
 '@verdaccio/middleware': major
-'@verdaccio/mock': major
 '@verdaccio/node-api': major
 '@verdaccio/active-directory': major
 'verdaccio-audit': major
@@ -30,7 +29,6 @@
 '@verdaccio/utils': major
 'verdaccio': major
 '@verdaccio/web': major
-'@verdaccio/website': major
 ---
 
 feat!: experiments config renamed to flags

.changeset/fuzzy-drinks-taste.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-theme': minor
+---
+
+fix: remove engines from ui-theme

.changeset/fuzzy-onions-draw.md

@@ -0,0 +1,10 @@
+---
+'@verdaccio/api': minor
+'@verdaccio/server-fastify': minor
+'@verdaccio/hooks': minor
+'@verdaccio/logger-prettify': minor
+'@verdaccio/proxy': minor
+'@verdaccio/store': minor
+---
+
+abort search request support for proxy

.changeset/gentle-trains-switch.md

@@ -15,7 +15,6 @@
 '@verdaccio/logger': major
 '@verdaccio/logger-prettify': major
 '@verdaccio/middleware': major
-'@verdaccio/mock': major
 '@verdaccio/node-api': major
 '@verdaccio/proxy': major
 '@verdaccio/server': major

.changeset/green-yaks-divide.md

@@ -0,0 +1,29 @@
+---
+'@verdaccio/api': minor
+'@verdaccio/cli': minor
+'@verdaccio/core': minor
+'@verdaccio/node-api': minor
+'@verdaccio/server': minor
+'@verdaccio/server-fastify': minor
+'verdaccio': minor
+---
+
+chore: env variable for launch fastify
+
+- Update fastify to major release `v4.3.0`
+- Update CLI launcher
+
+via CLI
+
+```
+VERDACCIO_SERVER=fastify verdaccio
+```
+
+with docker
+
+```
+docker run -it --rm --name verdaccio \
+  -e "VERDACCIO_SERVER=8080" -p 8080:8080 \
+  -e "VERDACCIO_SERVER=fastify" \
+  verdaccio/verdaccio
+```

.changeset/healthy-pants-smash.md

@@ -0,0 +1,7 @@
+---
+'@verdaccio/ui-theme': patch
+'@verdaccio/test-helper': patch
+'@verdaccio/web': patch
+---
+
+fix: #3174 set correctly ui values to html render

.changeset/heavy-ravens-lay.md

@@ -1,6 +1,6 @@
 ---
 '@verdaccio/cli': minor
-'@verdaccio/fastify-migration': minor
+'@verdaccio/server-fastify': minor
 ---
 
 [Fastify] Add ping endpoint

.changeset/hip-hounds-destroy.md

@@ -17,7 +17,6 @@
 '@verdaccio/logger': patch
 '@verdaccio/logger-prettify': patch
 '@verdaccio/middleware': patch
-'@verdaccio/mock': patch
 '@verdaccio/node-api': patch
 '@verdaccio/active-directory': patch
 'verdaccio-audit': patch
@@ -31,9 +30,6 @@
 '@verdaccio/utils': patch
 'verdaccio': patch
 '@verdaccio/web': patch
-'@verdaccio/e2e-cli': patch
-'@verdaccio/e2e-ui': patch
-'@verdaccio/website': patch
 ---
 
 chore: add release step to private regisry on merge changeset pr

.changeset/kind-bears-nail.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-theme': patch
+---
+
+feat: add types and package module icons on sidebar

.changeset/light-walls-begin.md

@@ -0,0 +1,7 @@
+---
+'@verdaccio/ui-theme': minor
+'@verdaccio/server': minor
+'@verdaccio/web': minor
+---
+
+feat: align with v5 ui endpoints and ui small bugfix

.changeset/loud-shoes-jog.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-theme': patch
+---
+
+chore: force publish

.changeset/lovely-drinks-argue.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/loaders': patch
+---
+
+always create plugin instance with new

.changeset/many-vans-care.md

@@ -1,6 +1,5 @@
 ---
 '@verdaccio/tarball': patch
-'@verdaccio/mock': patch
 '@verdaccio/ui-theme': patch
 '@verdaccio/server': patch
 '@verdaccio/utils': patch

.changeset/neat-toes-report.md

@@ -15,7 +15,6 @@
 '@verdaccio/logger': minor
 '@verdaccio/logger-prettify': minor
 '@verdaccio/middleware': minor
-'@verdaccio/mock': minor
 '@verdaccio/node-api': minor
 '@verdaccio/active-directory': minor
 'verdaccio-audit': minor

.changeset/neat-toys-float.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-theme': patch
+---
+
+fix: replace ts icon by td and fix commonjs icon

.changeset/olive-candles-speak.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-theme': minor
+---
+
+feat: integrate rematch for ui state storage

.changeset/orange-flowers-cover.md

@@ -0,0 +1,43 @@
+---
+'@verdaccio/config': minor
+'@verdaccio/types': minor
+'@verdaccio/ui-theme': minor
+---
+
+feat: rework web header for mobile, add new settings and raw manifest button
+
+### New set of variables to hide features
+
+Add set of new variables that allow hide different parts of the UI, buttons, footer or download tarballs. _All are
+enabled by default_.
+
+```yaml
+# login: true <-- already exist but worth the reminder
+# showInfo: true
+# showSettings: true
+# In combination with darkMode you can force specific theme
+# showThemeSwitch: true
+# showFooter: true
+# showSearch: true
+# showDownloadTarball: true
+```
+
+> If you disable `showThemeSwitch` and force `darkMode: true` the local storage settings would be
+> ignored and force all themes to the one in the configuration file.
+
+Future could be extended to
+
+### Raw button to display manifest package
+
+A new experimental feature (enabled by default), button named RAW to be able navigate on the package manifest directly on the ui, kudos to [react-json-view](https://www.npmjs.com/package/react-json-view) that allows an easy integration, not configurable yet until get more feedback.
+
+```yaml
+showRaw: true
+```
+
+#### Rework header buttons
+
+- The header has been rework, the mobile was not looking broken.
+- Removed info button in the header and moved to a dialog
+- Info dialog now contains more information about the project, license and the aid content for Ukrania now is inside of the info modal.
+- Separate settings and info to avoid collapse too much info (for mobile still need some work)

.changeset/perfect-candles-clap.md

@@ -0,0 +1,34 @@
+---
+'@verdaccio/api': minor
+'@verdaccio/auth': minor
+'@verdaccio/cli': minor
+'@verdaccio/config': minor
+'@verdaccio/core': minor
+'verdaccio-htpasswd': minor
+'@verdaccio/local-storage': minor
+'@verdaccio/server-fastify': minor
+'@verdaccio/tarball': minor
+'@verdaccio/types': minor
+'@verdaccio/url': minor
+'@verdaccio/hooks': minor
+'@verdaccio/loaders': minor
+'@verdaccio/logger': minor
+'@verdaccio/middleware': minor
+'@verdaccio/node-api': minor
+'@verdaccio/active-directory': minor
+'verdaccio-auth-memory': minor
+'verdaccio-aws-s3-storage': minor
+'verdaccio-google-cloud': minor
+'verdaccio-memory': minor
+'@verdaccio/ui-theme': minor
+'@verdaccio/proxy': minor
+'@verdaccio/server': minor
+'@verdaccio/cli-standalone': minor
+'@verdaccio/store': minor
+'@verdaccio/utils': minor
+'verdaccio': minor
+'@verdaccio/web': minor
+'@verdaccio/e2e-ui': minor
+---
+
+refactor: remove @verdaccio/commons-api in favor @verdaccio/core and remove duplications

.changeset/plenty-spiders-melt.md

@@ -15,7 +15,6 @@
 '@verdaccio/logger': minor
 '@verdaccio/logger-prettify': minor
 '@verdaccio/middleware': minor
-'@verdaccio/mock': minor
 '@verdaccio/node-api': minor
 '@verdaccio/proxy': minor
 '@verdaccio/server': minor
@@ -24,7 +23,6 @@
 '@verdaccio/utils': minor
 'verdaccio': minor
 '@verdaccio/web': minor
-'@verdaccio/website': minor
 ---
 
 feat: add typescript project references settings

.changeset/pre.json

@@ -6,19 +6,16 @@
     "@verdaccio/auth": "6.0.0-alpha.0",
     "@verdaccio/cli": "6.0.0-alpha.0",
     "@verdaccio/config": "6.0.0-alpha.0",
-    "@verdaccio/commons-api": "11.0.0-alpha.0",
     "@verdaccio/file-locking": "11.0.0-alpha.0",
     "verdaccio-htpasswd": "11.0.0-alpha.0",
     "@verdaccio/local-storage": "11.0.0-alpha.0",
     "@verdaccio/readme": "11.0.0-alpha.0",
-    "@verdaccio/streams": "11.0.0-alpha.0",
     "@verdaccio/types": "11.0.0-alpha.0",
     "@verdaccio/hooks": "6.0.0-alpha.0",
     "@verdaccio/loaders": "6.0.0-alpha.0",
     "@verdaccio/logger": "6.0.0-alpha.0",
     "@verdaccio/logger-prettify": "6.0.0-alpha.0",
     "@verdaccio/middleware": "6.0.0-alpha.0",
-    "@verdaccio/mock": "6.0.0-alpha.0",
     "@verdaccio/node-api": "6.0.0-alpha.0",
     "@verdaccio/proxy": "6.0.0-alpha.0",
     "@verdaccio/server": "6.0.0-alpha.0",
@@ -34,38 +31,72 @@
     "verdaccio-google-cloud": "11.0.0-alpha.0",
     "verdaccio-memory": "11.0.0-alpha.0",
     "@verdaccio/ui-theme": "6.0.0-alpha.1",
-    "@verdaccio/e2e-cli": "1.0.0",
-    "@verdaccio/e2e-ui": "1.0.0",
     "@verdaccio/cli-standalone": "6.0.0-alpha.3",
     "@verdaccio/tarball": "11.0.0-alpha.3",
     "@verdaccio/url": "11.0.0-alpha.3",
-    "@verdaccio/fastify-migration": "6.0.0-6-next.9",
+    "@verdaccio/server-fastify": "6.0.0-6-next.9",
     "@verdaccio/eslint-config": "1.0.0",
     "@verdaccio/benchmark": "1.0.0",
-    "@verdaccio/website": "5.1.3",
-    "@verdaccio/core": "6.0.0-next.0"
+    "@verdaccio/core": "6.0.0-next.0",
+    "@verdaccio/test-helper": "1.0.0",
+    "docusaurus-plugin-contributors": "1.0.0",
+    "@verdaccio/website": "5.4.0",
+    "@verdaccio/test-cli-commons": "1.0.1-6-next.1",
+    "@verdaccio/e2e-cli-npm6": "1.0.1-6-next.1",
+    "@verdaccio/e2e-cli-npm7": "1.0.1-6-next.1",
+    "@verdaccio/e2e-cli-npm8": "1.0.1-6-next.1",
+    "@verdaccio/e2e-cli-pnpm6": "1.0.1-6-next.1",
+    "@verdaccio/e2e-cli-pnpm7": "1.0.1-6-next.1",
+    "@verdaccio/e2e-cli-yarn1": "1.0.1-6-next.1",
+    "@verdaccio/e2e-cli-yarn2": "1.0.1-6-next.1",
+    "@verdaccio/e2e-cli-yarn3": "1.0.1-6-next.1",
+    "@verdaccio/e2e-cli-yarn4": "1.0.1-6-next.1",
+    "@verdaccio/local-publish": "0.0.1"
   },
   "changesets": [
     "afraid-mice-obey",
+    "angry-nails-appear",
     "big-lobsters-sin",
+    "bright-poems-obey",
+    "brown-cycles-laugh",
+    "brown-pandas-wink",
     "calm-pants-impress",
+    "chilled-ways-fetch",
+    "clever-pugs-warn",
     "dry-planes-tap",
+    "dull-monkeys-search",
+    "eleven-brooms-hunt",
+    "eleven-spoons-matter",
+    "fair-lemons-beam",
+    "famous-tigers-doubt",
     "few-cooks-destroy",
     "few-mangos-grow",
     "fifty-jars-rest",
+    "fuzzy-drinks-taste",
+    "fuzzy-onions-draw",
     "gentle-parrots-lay",
     "gentle-trains-switch",
     "gold-vans-tease",
+    "green-yaks-divide",
     "healthy-bikes-behave",
+    "healthy-pants-smash",
     "healthy-poets-compare",
     "heavy-ravens-lay",
     "hip-hounds-destroy",
+    "kind-bears-nail",
     "late-adults-love",
     "late-parents-act",
+    "light-walls-begin",
     "little-stingrays-rule",
+    "loud-shoes-jog",
+    "lovely-drinks-argue",
     "many-vans-care",
     "modern-spies-tell",
     "neat-toes-report",
+    "neat-toys-float",
+    "olive-candles-speak",
+    "orange-flowers-cover",
+    "perfect-candles-clap",
     "perfect-emus-clean",
     "perfect-kangaroos-agree",
     "plenty-news-remember",
@@ -73,13 +104,32 @@
     "plenty-tables-refuse",
     "pretty-hounds-tap",
     "proud-jeans-walk",
+    "proud-jobs-hope",
     "red-chefs-float",
+    "red-yaks-sell",
+    "rich-ghosts-rule",
+    "shaggy-carrots-unite",
+    "shaggy-parrots-smash",
     "shiny-chefs-heal",
+    "slow-carrots-relate",
     "smart-apricots-kneel",
+    "smart-beds-cross",
+    "smooth-owls-pump",
+    "sour-buses-shout",
     "spicy-frogs-press",
+    "spicy-snakes-sip",
+    "strange-ladybugs-nail",
+    "swift-pumpkins-knock",
+    "ten-parents-breathe",
     "tender-bags-call",
+    "thick-countries-move",
+    "thick-readers-hang",
+    "three-moles-drop",
     "three-pots-sit",
+    "tiny-seals-join",
+    "tricky-taxis-watch",
     "two-dolls-check",
-    "wild-jokes-beam"
+    "wild-jokes-beam",
+    "witty-ties-speak"
   ]
 }

.changeset/pretty-hounds-tap.md

@@ -15,7 +15,6 @@
 '@verdaccio/logger': patch
 '@verdaccio/logger-prettify': patch
 '@verdaccio/middleware': patch
-'@verdaccio/mock': patch
 '@verdaccio/node-api': patch
 '@verdaccio/proxy': patch
 '@verdaccio/server': patch

.changeset/proud-jeans-walk.md

@@ -1,9 +1,8 @@
 ---
 'verdaccio-htpasswd': patch
 '@verdaccio/local-storage': patch
-'@verdaccio/fastify-migration': patch
+'@verdaccio/server-fastify': patch
 '@verdaccio/hooks': patch
-'@verdaccio/mock': patch
 '@verdaccio/node-api': patch
 ---
 

.changeset/proud-jobs-hope.md

@@ -0,0 +1,42 @@
+---
+'@verdaccio/api': major
+'@verdaccio/cli': major
+'@verdaccio/config': major
+'@verdaccio/core': major
+'@verdaccio/types': major
+'@verdaccio/logger': major
+'@verdaccio/node-api': major
+'verdaccio-aws-s3-storage': major
+'verdaccio-google-cloud': major
+'verdaccio-htpasswd': major
+'@verdaccio/local-storage': major
+'verdaccio-memory': major
+'@verdaccio/ui-theme': major
+'@verdaccio/proxy': major
+'@verdaccio/server': major
+'verdaccio': major
+'@verdaccio/web': major
+---
+
+feat!: config.logs throw an error, logging config not longer accept array or logs property
+
+### 💥 Breaking change
+
+This is valid
+
+```yaml
+log: { type: stdout, format: pretty, level: http }
+```
+
+This is invalid
+
+```yaml
+logs: { type: stdout, format: pretty, level: http }
+```
+
+or
+
+```yaml
+logs:
+  - [{ type: stdout, format: pretty, level: http }]
+```

.changeset/red-yaks-sell.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/logger': patch
+---
+
+Fix re-opening log files using SIGUSR2

.changeset/rich-ghosts-rule.md

@@ -0,0 +1,9 @@
+---
+'@verdaccio/types': major
+'@verdaccio/ui-theme': major
+'@verdaccio/dev-types': major
+'@verdaccio/web': major
+'@verdaccio/e2e-ui': major
+---
+
+feat: upgrade to material ui 5

.changeset/shaggy-carrots-unite.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/logger': patch
+---
+
+do not show deprecation warning on default logger config

.changeset/shaggy-parrots-smash.md

@@ -0,0 +1,8 @@
+---
+'@verdaccio/cli': minor
+'@verdaccio/core': minor
+'@verdaccio/logger': minor
+'@verdaccio/node-api': minor
+---
+
+feat: use warning codes for deprecation warnings

.changeset/slow-carrots-relate.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/config': minor
+'@verdaccio/web': minor
+---
+
+feat(web): add a config item to web，let the developer can select whet……her enable the html cache

.changeset/smart-beds-cross.md

@@ -0,0 +1,20 @@
+---
+'@verdaccio/api': minor
+'@verdaccio/config': minor
+'@verdaccio/core': minor
+'@verdaccio/types': minor
+'@verdaccio/local-storage': minor
+'@verdaccio/ui-theme': minor
+'@verdaccio/proxy': minor
+'@verdaccio/server': minor
+'@verdaccio/store': minor
+'@verdaccio/test-helper': minor
+'@verdaccio/web': minor
+---
+
+feat: ui search support for remote, local and private packages
+
+The command `npm search` search globally and return all matches, with this improvement the user interface
+is powered with the same capabilities.
+
+The UI also tag where is the origin the package with a tag, also provide the latest version and description of the package.

.changeset/smooth-owls-pump.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-theme': patch
+---
+
+ui: basic grammatical fixes in the Ukraine Message

.changeset/sour-buses-shout.md

@@ -0,0 +1,10 @@
+---
+'@verdaccio/server-fastify': minor
+'@verdaccio/store': minor
+'@verdaccio/utils': minor
+'@verdaccio/web': minor
+---
+
+feat: migrate web sidebar endpoint to fastify
+
+reuse utils methods between packages

.changeset/spicy-snakes-sip.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-theme': patch
+---
+
+fix: specific version package detail page not showing

.changeset/strange-ladybugs-nail.md

@@ -0,0 +1,9 @@
+---
+'@verdaccio/types': minor
+---
+
+feat: add dist.signatures to core/types
+
+According to [`npm`](https://docs.npmjs.com/about-registry-signatures): _"Signatures are provided in the package's `packument` in each published version within the `dist` object"_
+
+Here's an [example of a package version from the public npm registry with `dist.signatures`](https://registry.npmjs.org/light-cycle/1.4.3).

.changeset/swift-pumpkins-knock.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/auth': patch
+'verdaccio-htpasswd': patch
+---
+
+Refactor htpasswd plugin to use the bcryptjs 'compare' api call instead of 'comparSync'. Add a new configuration value named 'slow_verify_ms' to the htpasswd plugin that when exceeded during password verification will log a warning message.

.changeset/ten-parents-breathe.md

@@ -0,0 +1,7 @@
+---
+'@verdaccio/auth': minor
+'@verdaccio/server-fastify': minor
+'@verdaccio/web': minor
+---
+
+dist tags Implementation on Fastify

.changeset/thick-countries-move.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/logger': major
+'@verdaccio/logger-prettify': major
+---
+
+feat: upgrade to pino v7

.changeset/thick-readers-hang.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-theme': patch
+---
+
+fix: fixes some style issues on mobile, particularly related to the Ukraine support message - [@s-h-a-d-o-w](https://github.com/s-h-a-d-o-w)

.changeset/three-moles-drop.md

@@ -0,0 +1,7 @@
+---
+'@verdaccio/api': minor
+'@verdaccio/store': minor
+'@verdaccio/utils': minor
+---
+
+refactor: improve versions and dist-tag filters

.changeset/three-pots-sit.md

@@ -14,7 +14,6 @@
 '@verdaccio/logger': patch
 '@verdaccio/logger-prettify': patch
 '@verdaccio/middleware': patch
-'@verdaccio/mock': patch
 '@verdaccio/node-api': patch
 '@verdaccio/proxy': patch
 '@verdaccio/server': patch

.changeset/tiny-seals-join.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-theme': minor
+---
+
+feat: improve registry info dialog and language switch

.changeset/tricky-taxis-watch.md

@@ -0,0 +1,28 @@
+---
+'@verdaccio/api': minor
+'@verdaccio/types': minor
+'@verdaccio/local-storage': minor
+'@verdaccio/server-fastify': minor
+'@verdaccio/store': minor
+'@verdaccio/test-helper': minor
+'@verdaccio/web': minor
+---
+
+feat: implement abbreviated manifest
+
+Enable abbreviated manifest data by adding the header:
+
+```
+curl -H "Accept: application/vnd.npm.install-v1+json" https://registry.npmjs.org/verdaccio
+```
+
+It returns a filtered manifest, additionally includes the [time](https://github.com/pnpm/rfcs/pull/2) field by request.
+
+Current support for packages managers:
+
+- npm: yes
+- pnpm: yes
+- yarn classic: yes
+- yarn modern (+2.x): [no](https://github.com/yarnpkg/berry/pull/3981#issuecomment-1076566096)
+
+https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md#abbreviated-metadata-format

.changeset/witty-ties-speak.md

@@ -0,0 +1,11 @@
+---
+'@verdaccio/api': patch
+'@verdaccio/cli': patch
+'@verdaccio/core': patch
+'@verdaccio/types': patch
+'@verdaccio/store': patch
+'@verdaccio/test-helper': patch
+'@verdaccio/local-publish': patch
+---
+
+fix: handle upload scoped tarball

.eslintignore

@@ -11,3 +11,6 @@ wiki/
 dist/
 docs/
 test/functional/store/*
+docker-examples/**/lib/**/*.js
+test/cli/e2e-yarn4/bin/yarn-4.0.0-rc.14.cjs
+yarn.js

.github/ISSUE_TEMPLATE/config.yml

@@ -7,7 +7,7 @@ contact_links:
     url: https://github.com/verdaccio/verdaccio/security/policy
     about: I want to report a security vulnerability
   - name: Chat 🏘
-    url: http://chat.verdaccio.org
+    url: https://discord.gg/7qWJxBf
     about: For a quick question you should do it through our community chat
   - name: User Interface Report 👩🏼‍🎨👨🏼‍🎨
     url: https://github.com/verdaccio/ui/issues/new/choose

.github/workflows/benchmark.yml

@@ -4,23 +4,26 @@ name: ci - benchmark
 on:
   workflow_dispatch:
   schedule:
-    # 3 times day
+    # 1 time peer week
     # collecting enough data to draw some graphics
-    - cron: '0 1 * * *'
+    - cron: '0 1 * * 1'
   # push:
   #   branches:
   #     - master
+permissions:
+  contents: read
+
 jobs:
   prepare: 
     name: Prepare build
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v2
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3
+      - uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3
         with:
-          node-version: 14.x
+          node-version: 16.x
       - name: install pnpm
-        run: sudo npm i pnpm@6.6.1 -g
+        run: sudo npm i pnpm@latest-6 -g
       - name: set store
         run: | 
           mkdir ~/.pnpm-store
@@ -30,7 +33,7 @@ jobs:
       - name: install dependencies
         run: pnpm install
       - name: Cache .pnpm-store
-        uses: actions/cache@v2
+        uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 # tag=v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -41,7 +44,7 @@ jobs:
       - name: tar packages
         run: |      
           tar -czvf ${{ github.workspace }}/pkg.tar.gz -C ${{ github.workspace }}/packages .
-      - uses: actions/upload-artifact@v2
+      - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3
         with:
           name: verdaccio-artifact
           path: pkg.tar.gz
@@ -57,24 +60,24 @@ jobs:
           # - local
           - 3.13.1
           - 4.12.2
-          - 5.1.3
-          - 6.0.0-6-next.22
+          - 5.10.2
+          - 6.0.0-6-next.40
     name: Benchmark autocannon
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v2
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3
+      - uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3
         with:
-          node-version: 14.x
-      - uses: actions/download-artifact@v2
+          node-version: 16.x
+      - uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # tag=v3
         with:
           name: verdaccio-artifact
       - name: untar packages
         run: tar -xzvf pkg.tar.gz -C ${{ github.workspace }}/packages          
       - name: install pnpm
         # require fixed version
-        run: sudo npm i pnpm@6.6.1 -g
-      - uses: actions/cache@v2
+        run: sudo npm i pnpm@latest-6 -g
+      - uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 # tag=v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}   
@@ -87,7 +90,7 @@ jobs:
         shell: bash
         env:
           DEBUG: metrics*
-      - uses: actions/upload-artifact@v2
+      - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3
         with:
           name: verdaccio-metrics-api
           path: ./api-results-${{matrix.verdaccioVersion}}-${{matrix.benchmark}}.json  
@@ -118,24 +121,24 @@ jobs:
           # old versions to compare same test along previous releases
           - 3.13.1
           - 4.12.2
-          - 5.1.3
-          - 6.0.0-6-next.22
+          - 5.10.2
+          - 6.0.0-6-next.40
     name: Benchmark hyperfine
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v2
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3
+      - uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3
         with:
-          node-version: 14.x
-      - uses: actions/download-artifact@v2
+          node-version: 16.x
+      - uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # tag=v3
         with:
           name: verdaccio-artifact
       - name: untar packages
         run: tar -xzvf pkg.tar.gz -C ${{ github.workspace }}/packages          
       - name: install pnpm
         # require fixed version
-        run: sudo npm i pnpm@6.6.1 -g
-      - uses: actions/cache@v2
+        run: sudo npm i pnpm@latest-6 -g
+      - uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 # tag=v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}   
@@ -153,7 +156,7 @@ jobs:
         shell: bash
       - name: rename
         run: mv ./hyper-results.json ./hyper-results-${{matrix.verdaccioVersion}}-${{matrix.benchmark}}.json
-      - uses: actions/upload-artifact@v2
+      - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3
         with:
           name: verdaccio-metrics
           path: ./hyper-results-${{matrix.verdaccioVersion}}-${{matrix.benchmark}}.json  

.github/workflows/changesets.yml

@@ -20,12 +20,12 @@ jobs:
     if: github.ref == 'refs/heads/master' && github.repository == 'verdaccio/verdaccio'
     steps:
       - name: checkout code repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3
         with:
           fetch-depth: 0
 
       - name: setup node.js
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3
         with:
           node-version: 14
           registry-url: 'https://registry.npmjs.org'
@@ -33,7 +33,7 @@ jobs:
           NODE_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
 
       - name: install pnpm
-        run: npm i pnpm@6.10.3 -g
+        run: npm i pnpm@6.32.15 -g
         env:
           NODE_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
 
@@ -46,7 +46,12 @@ jobs:
         run: pnpm install
         env:
           NODE_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
-
+      - name: crowdin download
+        env:
+          CROWDIN_VERDACCIO_PROJECT_ID: ${{ secrets.CROWDIN_VERDACCIO_PROJECT_ID }}
+          CROWDIN_VERDACCIO_API_KEY: ${{ secrets.CROWDIN_VERDACCIO_API_KEY }}
+          CONTEXT: production
+        run: pnpm crowdin:download       
       - name: build
         run: pnpm build
 
@@ -58,7 +63,7 @@ jobs:
           title: 'chore: update versions'
           publish: pnpm ci:publish
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.CHANGESET_RELEASE_TOKEN }}
           NPM_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
           NODE_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
           NPM_CONFIG_REGISTRY: https://registry.npmjs.org

.github/workflows/ci.yml

@@ -2,42 +2,44 @@ name: CI
 
 on:
   push:
-    branches:
-      - master
-      - 'changeset-release/master'
   pull_request:
     paths:
       - .changeset/**
       - .github/workflows/ci.yml
       - 'packages/**'
+      - 'test/**'
+      - 'docker-examples/**'
       - 'jest/**'
       - 'package.json'
       - 'pnpm-workspace.yaml'
+permissions:
+  contents: read
+
 jobs:
   prepare:
     runs-on: ubuntu-latest
     name: setup verdaccio
     services:
       verdaccio:
-        image: verdaccio/verdaccio:5
+        image: verdaccio/verdaccio:nightly-master
         ports:
           - 4873:4873
     steps:
-    - uses: actions/checkout@v2.3.1
-    - name: Use Node 14
-      uses: actions/setup-node@v1
+    - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3
+    - name: Use Node 16
+      uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3
       with:
-        node-version: 14 
+        node-version: 16
     - name: Install pnpm
-      run: npm i pnpm@6.10.3 -g
+      run: npm i pnpm@6.32.15 -g
     - name: set store
-      run: | 
+      run: |
         mkdir ~/.pnpm-store
         pnpm config set store-dir ~/.pnpm-store
     - name: Install
       run: pnpm recursive install --frozen-lockfile --registry http://localhost:4873
     - name: Cache .pnpm-store
-      uses: actions/cache@v2
+      uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 # tag=v3
       with:
         path: ~/.pnpm-store
         key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -48,17 +50,17 @@ jobs:
     name: Lint
     needs: prepare
     steps:
-      - uses: actions/checkout@v2.3.1
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3
       - name: Use Node 16
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3
         with:
           node-version: 16
       - name: Install pnpm
-        run: npm i pnpm@6.10.3 -g
-      - uses: actions/cache@v2
+        run: npm i pnpm@6.32.15 -g
+      - uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 # tag=v3
         with:
           path: ~/.pnpm-store
-          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}     
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
       - name: Install
         run: pnpm recursive install --frozen-lockfile --ignore-scripts
       - name: Lint
@@ -68,152 +70,121 @@ jobs:
     name: Format
     needs: prepare
     steps:
-      - uses: actions/checkout@v2.3.1
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3
       - name: Use Node 16
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3
         with:
           node-version: 16
       - name: Install pnpm
-        run: npm i pnpm@6.10.3 -g
-      - uses: actions/cache@v2
+        run: npm i pnpm@6.32.15 -g
+      - uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 # tag=v3
         with:
           path: ~/.pnpm-store
-          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}     
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
       - name: Install
         run: pnpm recursive install --frozen-lockfile --ignore-scripts
       - name: Lint
         run: pnpm format:check
   build:
-    runs-on: ubuntu-latest
-    name: build
     needs: [format, lint]
+    strategy:
+      fail-fast: true
+      matrix:
+        os: [ubuntu-latest, windows-latest]
+        node_version: [16, 18]
+    name: ${{ matrix.os }} / Node ${{ matrix.node_version }}
+    runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@v2.3.1
-      - name: Use Node 16
-        uses: actions/setup-node@v1
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3
+      - name: Use Node ${{ matrix.node_version }}
+        uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3
         with:
-          node-version: 16
+          node-version: ${{ matrix.node_version }}
       - name: Install pnpm
-        run: npm i pnpm@6.10.3 -g
-      - uses: actions/cache@v2
+        run: npm i pnpm@6.32.15 -g
+      - uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 # tag=v3
         with:
           path: ~/.pnpm-store
-          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}     
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
       - name: Install
         run: pnpm recursive install --frozen-lockfile --ignore-scripts
       - name: build
         run: pnpm build
-      - name: tar packages
-        run: |      
-          tar -czvf ${{ github.workspace }}/pkg.tar.gz -C ${{ github.workspace }}/packages .
-      - uses: actions/upload-artifact@v2
-        with:
-          name: verdaccio-artifact
-          path: pkg.tar.gz            
-  test:
-    needs: build
-    strategy:
-      fail-fast: true
-      matrix:
-        os: [ubuntu-latest]
-        node_version: [14]
-    name: ${{ matrix.os }} / Node ${{ matrix.node_version }}
-    runs-on: ${{ matrix.os }}
-    steps:
-      - uses: actions/checkout@v2.3.1
-      - name: Use Node ${{ matrix.node_version }}
-        uses: actions/setup-node@v1
-        with:
-          node-version: ${{ matrix.node_version }}
-      - uses: actions/download-artifact@v2
-        with:
-          name: verdaccio-artifact
-      - name: untar packages
-        run: tar -xzvf pkg.tar.gz -C ${{ github.workspace }}/packages    
-      - name: Install pnpm
-        run: npm i pnpm@6.10.3 -g
-      - uses: actions/cache@v2
-        with:
-          path: ~/.pnpm-store
-          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}                                          
-      - name: Install
-        run: pnpm recursive install --frozen-lockfile --ignore-scripts 
       - name: Test
         run: pnpm test
   ci-e2e-ui:
-    needs: build
+    needs: [format, lint]
     runs-on: ubuntu-latest
-    name: UI Test E2E Node 14
+    name: UI Test E2E Node 16
     steps:
-      - uses: actions/checkout@v2.3.1
-      - uses: actions/setup-node@v1
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3
+      - uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3
         with:
-          node-version: 14
-      - uses: actions/download-artifact@v2
-        with:
-          name: verdaccio-artifact
-      - name: untar packages
-        run: tar -xzvf pkg.tar.gz -C ${{ github.workspace }}/packages    
+          node-version: 16
       - name: Install pnpm
-        run: npm i pnpm@6.10.3 -g
-      - uses: actions/cache@v2
+        run: npm i pnpm@6.32.15 -g
+      - uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 # tag=v3
         with:
           path: ~/.pnpm-store
-          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}                                          
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
       - name: Install
-        ## we need scripts, pupetter downloads aditional content
-        run: pnpm recursive install --frozen-lockfile 
+        run: pnpm recursive install --frozen-lockfile
+      - name: build
+        run: pnpm build
       - name: Test UI
         run: pnpm test:e2e:ui
-        env:
-          DEBUG: verdaccio:e2e*       
+        # env:
+        #  DEBUG: verdaccio:e2e*
   ci-e2e-cli:
-    needs: build
+    needs: [format, lint]
     runs-on: ubuntu-latest
-    name: CLI Test E2E Node 14
+    name: CLI Test E2E Node 16
     steps:
-      - uses: actions/checkout@v2.3.1
-      - uses: actions/setup-node@v1
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3
+      - uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3
         with:
-          node-version: 14
-      - uses: actions/download-artifact@v2
-        with:
-          name: verdaccio-artifact
-      - name: untar packages
-        run: tar -xzvf pkg.tar.gz -C ${{ github.workspace }}/packages    
+          node-version: 16
       - name: Install pnpm
-        run: npm i pnpm@6.10.3 -g
-      - uses: actions/cache@v2
+        run: npm i pnpm@6.32.15 -g
+      - uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 # tag=v3
         with:
           path: ~/.pnpm-store
-          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}                                          
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
       - name: Install
         ## we need scripts, pupetter downloads aditional content
         run: pnpm recursive install --frozen-lockfile
-      - name: Test CLI
-        run: pnpm test:e2e:cli
-        env:
-          DEBUG: verdaccio*          
-  test-windows:
-    needs: [format, lint]
-    runs-on: windows-latest
-    name: windows test node 14
-    steps:
-      - uses: actions/checkout@v2.3.1
-      - name: Use Node 14
-        uses: actions/setup-node@v1
-        with:
-          node-version: 14
-      - name: Install pnpm
-        run: npm i pnpm@6.10.3 -g
-       # pnpm cache is not working for windows (we need a solution)
-      - uses: actions/cache@v2
-        with:
-          path: ~/.pnpm-store
-          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}                                            
-      - name: Install
-        run: pnpm recursive install --frozen-lockfile --ignore-scripts 
       - name: build
         run: pnpm build
-      - name: Test
-        run: pnpm test
+      - name: Test CLI
+        run: pnpm test:e2e:cli
+        # env:
+        #   DEBUG: verdaccio*
+  sync-translations:
+    needs: [ci-e2e-cli, ci-e2e-ui]
+    runs-on: ubuntu-latest
+    name: synchronize translations
+    if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
+    steps:
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3
+      - uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3
+        with:
+          node-version: 16
+      - name: Install pnpm
+        run: npm i pnpm@6.32.15 -g
+      - uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 # tag=v3
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: Install
+        ## we need scripts, pupetter downloads aditional content
+        run: pnpm recursive install --frozen-lockfile
+      - name: build
+        run: pnpm build
+      - name: generate website translations
+        run: pnpm write-translations --filter ...@verdaccio/website
+      - name: sync
+        env:
+          CROWDIN_VERDACCIO_PROJECT_ID: ${{ secrets.CROWDIN_VERDACCIO_PROJECT_ID }}
+          CROWDIN_VERDACCIO_API_KEY: ${{ secrets.CROWDIN_VERDACCIO_API_KEY }}
+          CONTEXT: production
+        run: pnpm crowdin:sync

.github/workflows/codeql-analysis.yml

@@ -8,13 +8,20 @@ on:
   schedule:
     - cron: '0 2 * * 4'
 
+permissions:
+  contents: read
+
 jobs:
   CodeQL-Build:
+    permissions:
+      actions: read  # for github/codeql-action/init to get workflow details
+      contents: read  # for actions/checkout to fetch code
+      security-events: write  # for github/codeql-action/autobuild to send a status report
     runs-on: ubuntu-latest
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2.3.1
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3
         with:
           # We must fetch at least the immediate parents so that if this is
           # a pull request then we can checkout the head.
@@ -27,7 +34,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v1
+        uses: github/codeql-action/init@c7f292ea4f542c473194b33813ccd4c207a6c725 # tag=v2
 
       # Override language selection by uncommenting this and choosing your languages
       # with:
@@ -35,7 +42,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v1
+        uses: github/codeql-action/autobuild@c7f292ea4f542c473194b33813ccd4c207a6c725 # tag=v2
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -49,4 +56,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v1
+        uses: github/codeql-action/analyze@c7f292ea4f542c473194b33813ccd4c207a6c725 # tag=v2

.github/workflows/contributors.yml

@@ -0,0 +1,48 @@
+---
+name: contributors
+
+on:
+  workflow_dispatch:
+  schedule:
+    # twice peer week
+    - cron: '0 0 * * 1,4'
+  # for now, scheduled, we can enable on push master but not make much sense now
+  # push:
+  #   branches:
+  #     - master
+jobs:
+  prepare:
+    name: Run script
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3
+        with:
+          persist-credentials: false
+          fetch-depth: 0
+      - uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3
+        with:
+          node-version: 17.x
+      - name: install pnpm
+        run: sudo npm i pnpm@latest-6 -g
+      - name: set store
+        run: | 
+          mkdir ~/.pnpm-store
+          pnpm config set store-dir ~/.pnpm-store
+      - name: setup pnpm config registry
+        run: pnpm config set registry https://registry.verdaccio.org
+      - name: install dependencies
+        run: pnpm install
+      - name: update contributors
+        run: pnpm run contributors
+        env:
+          TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: format
+        run: pnpm format
+      - name: Commit & Push changes
+        uses: actions-js/push@a52398fac807b0c1e5f1492c969b477c8560a0ba # tag=v1.3
+        with:
+          github_token: ${{ secrets.TOKEN_VERDACCIOBOT_GITHUB }}
+          message: "chore: updated contributors list"
+          branch: master
+          author_email: verdaccio.npm@gmail.com
+          author_name: verdacciobot

.github/workflows/docker-publish.yml

@@ -19,8 +19,8 @@ jobs:
   docker:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: docker/setup-qemu-action@v1
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3
+      - uses: docker/setup-qemu-action@27d0a4f181a40b142cce983c5393082c365d1480 # tag=v1
       - uses: docker/setup-buildx-action@v1
         with:
           driver-opts: network=host

.github/workflows/website.yml

@@ -3,20 +3,12 @@ name: Verdaccio Website CI
 on:
   workflow_dispatch:
   pull_request:
-    types:
-      - opened
-      - synchronize
     paths:
-      - 'website/**'
-      - 'package.json'
-      - './.github/workflows/website.yml'
+        - 'website/**'
+        - './.github/workflows/website.yml'
   push:
     branches:
-      - 'master'
-    paths:
-      - 'website/**'
-      - 'package.json'
-      - './.github/workflows/website.yml'
+      - 'master'  
 
 jobs:
   build:
@@ -24,15 +16,15 @@ jobs:
     env:
       NODE_OPTIONS: --max_old_space_size=4096
     steps:
-      - uses: actions/checkout@v2.3.1
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3
 
-      - name: Use Node 14
-        uses: actions/setup-node@v2
+      - name: Use Node 16
+        uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3
         with:
-          node-version: 14
+          node-version: 16
 
       - name: Cache pnpm modules
-        uses: actions/cache@v2
+        uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 # tag=v3
         env:
           cache-name: cache-pnpm-modules
         with:
@@ -41,20 +33,16 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-build-${{ env.cache-name }}-${{ matrix.node-version }}-
 
-      - uses: pnpm/action-setup@v2.0.1
+      - uses: pnpm/action-setup@10693b3829bf86eb2572aef5f3571dcf5ca9287d # tag=v2.2.2
         with:
-          version: 6.10.2
+          version: 6.32.15
           run_install: |
             - recursive: true
               args: [--frozen-lockfile]
-
-      - name: Lint And Pretty
-        run: |
-          pnpm eslint:check --filter ...@verdaccio/website
-          pnpm prettier:check --filter ...@verdaccio/website
-
+      - name: Build Plugins
+        run: pnpm build --filter "docusaurus-plugin-contributors"
       - name: Cache Docusaurus Build
-        uses: actions/cache@v2
+        uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 # tag=v3
         with:
           path: website/node_modules/.cache/webpack
           key: cache/webpack-${{github.ref}}-${{ hashFiles('**/pnpm-lock.yaml') }}
@@ -73,7 +61,7 @@ jobs:
 
       - name: 🔥 Deploy Production Netlify
         if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
-        uses: semoal/action-netlify-deploy@master
+        uses: semoal/action-netlify-deploy@1a53f098745bf78555d11b436f5ee3af87e6b566
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           netlify-auth-token: ${{ secrets.NETLIFY_AUTH_TOKEN }}
@@ -82,14 +70,13 @@ jobs:
 
       # Will deploy to Preview URL, only when a pull request is open with changes on the website
       - name: Build Deployment Preview
-        if: github.event_name == 'pull_request' && github.ref != 'refs/heads/master' && github.event.label.name == 'trigger-preview'
         env:
           CONTEXT: deploy-preview
         run: pnpm netlify:build:deployPreview --filter ...@verdaccio/website
 
       - name: 🤖 Deploy Preview Netlify
-        if: github.event_name == 'pull_request' && github.ref != 'refs/heads/master' && github.event.label.name == 'trigger-preview'
-        uses: semoal/action-netlify-deploy@master
+        if: github.repository == 'verdaccio/verdaccio'
+        uses: semoal/action-netlify-deploy@1a53f098745bf78555d11b436f5ee3af87e6b566
         id: netlify_preview
         with:
           draft: true
@@ -102,9 +89,9 @@ jobs:
           build-dir: './website/build'
 
       - name: Audit preview URL with Lighthouse
-        if: github.event_name == 'pull_request' && github.ref != 'refs/heads/master' && github.event.label.name == 'trigger-preview'
+        if: github.repository == 'verdaccio/verdaccio'
         id: lighthouse_audit
-        uses: treosh/lighthouse-ci-action@v3
+        uses: treosh/lighthouse-ci-action@b4dfae3eb959c5226e2c5c6afd563d493188bfaf # tag=9.3.0
         with:
           urls: |
             ${{ steps.netlify_preview.outputs.preview-url }}
@@ -112,9 +99,8 @@ jobs:
           temporaryPublicStorage: true
 
       - name: Format lighthouse score
-        if: github.event_name == 'pull_request' && github.ref != 'refs/heads/master' && github.event.label.name == 'trigger-preview'
         id: format_lighthouse_score
-        uses: actions/github-script@v3
+        uses: actions/github-script@c713e510dbd7d213d92d41b7a7805a986f4c5c66 # tag=v6
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           script: |
@@ -137,12 +123,13 @@ jobs:
              core.setOutput("comment", comment);
 
       - name: Add comment to PR
-        if: github.event_name == 'pull_request' && github.ref != 'refs/heads/master' && github.event.label.name == 'trigger-preview'
+        if: github.repository == 'verdaccio/verdaccio'
         id: comment_to_pr
-        uses: marocchino/sticky-pull-request-comment@v1
+        uses: marocchino/sticky-pull-request-comment@39c5b5dc7717447d0cba270cd115037d32d28443 # tag=v2
         with:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           number: ${{ github.event.issue.number }}
+          delete: true
           header: lighthouse
           message: |
             ${{ steps.format_lighthouse_score.outputs.comment }}

.gitignore

@@ -34,6 +34,9 @@ packages/standalone/dist/
 
 ## ui
 packages/plugins/ui-theme/static
+/packages/plugins/ui-theme/src/i18n/download_translations/
+!/packages/plugins/ui-theme/src/i18n/crowdin/ui.json
+
 
 # CI Pnpm cache
 .pnpm-store/
@@ -43,7 +46,8 @@ api-results.json
 hyper-results.json
 hyper-results*.json
 api-results*.json
+.clinic/
 
 #docs 
-api/
-packages/core/core/docs
+./api
+**/docs/**

.husky/pre-commit

@@ -0,0 +1,5 @@
+#!/bin/sh
+. "$(dirname "$0")/_/husky.sh"
+
+#./node_modules/.bin/lint-staged
+npm run husky:pre-commit

.nvmrc

@@ -1 +1 @@
-14
+16

.prettierignore

@@ -19,8 +19,8 @@ node_modules/
 packages/core/local-storage/_storage/**
 packages/partials/storage_default_storage/
 packages/standalone/dist/bundle.js
+packages/verdaccio/dist/bundle.js
 docker-examples/v5/reverse_proxy/nginx/relative_path/storage/*
-docker-examples/
 build/
 .vscode/
 .github/
@@ -31,3 +31,5 @@ api/**
 packages/core/local-storage/tests/__fixtures__/test-storage/
 packages/plugins/ui-theme/static/
 .verdaccio-db.json
+test/cli/e2e-yarn4/bin/yarn-4.0.0-rc.14.cjs
+yarn.js

.prettierrc

@@ -1,11 +0,0 @@
-{
-  "endOfLine": "lf",
-  "useTabs": false,
-  "printWidth": 100,
-  "tabWidth": 2,
-  "singleQuote": true,
-  "bracketSpacing": true,
-  "jsxBracketSameLine": true,
-  "trailingComma": "es5",
-  "semi": true
-}

.vscode/launch.json

@@ -4,88 +4,12 @@
   // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
   "version": "0.2.0",
   "configurations": [
-
-  {
-    "name": "Attach",
-    "port": 9229,
-    "request": "attach",
-    "skipFiles": [
-      "<node_internals>/**"
-    ],
-    "type": "pwa-node"
-  },
     {
-      "name": "Verdaccio Debug",
+      "name": "Attach",
       "port": 9229,
       "request": "attach",
       "skipFiles": ["<node_internals>/**"],
       "type": "pwa-node"
-    },
-    {
-      "type": "node",
-      "request": "launch",
-      "name": "CLI Babel Registry",
-      "stopOnEntry": false,
-      "program": "${workspaceFolder}/debug/bootstrap.js",
-      "args": ["-l", "0.0.0.0:4873"],
-      "env": {
-        "BABEL_ENV": "registry"
-      },
-      "preLaunchTask": "npm: build:webui",
-      "console": "integratedTerminal"
-    },
-    {
-      "name": "Unit Tests",
-      "type": "node",
-      "request": "launch",
-      "program": "${workspaceRoot}/node_modules/bin/jest",
-      "stopOnEntry": false,
-      "args": ["--debug=true"],
-      "cwd": "${workspaceRoot}",
-      "runtimeExecutable": null,
-      "runtimeArgs": ["--nolazy"],
-      "env": {
-        "NODE_ENV": "test",
-        "TZ": "UTC"
-      },
-      "console": "integratedTerminal"
-    },
-    {
-      "name": "Functional Tests",
-      "type": "node",
-      "request": "launch",
-      "program": "${workspaceRoot}/node_modules/.bin/jest",
-      "stopOnEntry": false,
-      "args": [
-        "--config",
-        "./test/jest.config.functional.js",
-        "--testPathPattern",
-        "./test/functional/index*",
-        "--debug=false",
-        "--verbose",
-        "--useStderr",
-        "--detectOpenHandles"
-      ],
-      "cwd": "${workspaceRoot}",
-      "env": {
-        "BABEL_ENV": "testOldEnv",
-        "VERDACCIO_DEBUG": "true",
-        "VERDACCIO_DEBUG_INJECT": "true",
-        "NODE_DEBUG": "TO_DEBUG_REQUEST_REMOVE_THIS_request"
-      },
-      "preLaunchTask": "pre-test",
-      "console": "integratedTerminal",
-      "runtimeExecutable": null,
-      "runtimeArgs": ["--nolazy"]
-    },
-    {
-      "type": "node",
-      "request": "launch",
-      "name": "Verdaccio Compiled",
-      "preLaunchTask": "npm: code:build",
-      "program": "${workspaceRoot}/bin/verdaccio",
-      "args": ["-l", "0.0.0.0:4873"],
-      "console": "integratedTerminal"
     }
   ]
 }

.vscode/settings.json

@@ -2,7 +2,7 @@
 {
   "files.exclude": {
     "**/.nyc_output": true,
-    "**/build": true,
+    "**/build": false,
     "**/coverage": true,
     ".idea": true,
     "storage_default_storage": true,

.vscode/tasks.json

@@ -1,21 +0,0 @@
-{
-  // See https://go.microsoft.com/fwlink/?LinkId=733558
-  // for the documentation about the tasks.json format
-  "version": "2.0.0",
-  "tasks": [
-    {
-      "type": "npm",
-      "script": "build:webui",
-      "problemMatcher": []
-    },
-    {
-      "type": "npm",
-      "script": "code:build",
-      "problemMatcher": []
-    },
-    {
-      "label": "pre-test",
-      "dependsOn": ["npm: code:build", "npm: test:clean"]
-    }
-  ]
-}

CONTRIBUTING.md

@@ -19,6 +19,7 @@ guidelines for you:
     - [What's is not considered a bug?](#whats-is-not-considered-a-bug)
     - [Issue Search](#issue-search)
     - [Chat](#chat)
+  - [Translations](#translations)
   - [Request Features](#request-features)
   - [Contributing Guidelines](#contributing-guidelines)
     - [Submitting a Pull Request](#submitting-a-pull-request)
@@ -69,7 +70,7 @@ This setting would cause the `pnpm install` command to install incorrect version
 To begin your development setup, please install the latest version of pnpm globally:
 
 ```
-npm i -g pnpm
+npm i -g pnpm@latest-6
 ```
 
 With pnpm installed, the first step is installing all dependencies:
@@ -128,9 +129,21 @@ More details in the debug section
 
 ### Running and debugging
 
+> Check the debugging guidelines [here](https://github.com/verdaccio/verdaccio/wiki/Debugging-Verdaccio)
+
 We use [`debug`](https://www.npmjs.com/package/debug) to add helpful debugging
 output to the code. Each package has it owns namespace.
 
+#### Useful Scripts
+
+To run the application from the source code, ensure the project has been built with `pnpm build`, once this is done, there are few commands that helps to run server:
+
+- `pnpm start`: Runs server on port `8000` and UI on port `4873`. This is particularly useful if you want to contribute to the UI, since it runs with hot reload.
+- `pnpm debug`: Run the server in debug mode `--inspect`. UI runs too but without hot reload. For automatic break use `pnpm debug:break`.
+- `pnpm debug:fastify`: To contribute on the [fastify migration](https://github.com/verdaccio/verdaccio/discussions/2155) this is a temporary command for such purpose.
+- `pnpm website`: Build the website, for more commands to run the _website_, run `cd website` and then `pnpm serve`, website will run on port `3000`.
+- `pnpm docker`: Build the docker image. Requires `docker` command available in your system.
+
 #### Debugging compiled code
 
 Currently you can only run pre-compiled packages in debug mode. To enable debug
@@ -170,7 +183,7 @@ a report in our [issue tracker](https://github.com/verdaccio/verdaccio/issues).
 - _Features clearly flagged as not supported_
 - _Node.js issues installation in any platform_: If you cannot install the
   global package (this is considered external issue)
-- Any ticket which has beed flagged as an [external issue
+- Any ticket which has been flagged as an [external issue
   ](https://github.com/verdaccio/verdaccio/labels/external-issue)
 
 If you intend to report a **security** issue, please follow our [Security policy
@@ -190,10 +203,28 @@ affecting multiple people.
 
 ### Chat
 
-Questions can be asked via [Discord](http://chat.verdaccio.org/)
+Questions can be asked via [Discord](https://discord.gg/7qWJxBf)
 
 **Please use the `#help` channel.**
 
+## Translations
+
+All translations are provided by the `crowdin` platform:
+[https://translate.verdaccio.org/](https://translate.verdaccio.org/)
+
+If you want to contribute by adding translations, create an account (GitHub could be used as fast alternative), in the platform you can contribute to two areas, the website or improve User Interface translations.
+
+If a language is not listed, ask for it in the [Discord](https://discord.gg/7qWJxBf) channel #contribute channel.
+
+For adding a new **language** on the UI follow these steps:
+
+1. Ensure the **language** has been enabled, must be visible in the `crowdin` platform.
+2. Find in the explorer the file `en.US.json` in the path `packages/plugins/ui-theme/src/i18n/crowdin/ui.json` and complete the translations, **not need to find approval on this**.
+3. Into the project, add a new field into `packages/plugins/ui-theme/src/i18n/crowdin/ui.json` file, in the section `lng`, the new language, eg: `{ lng: {korean:"Korean"}}`. (This file is English based, once the PR has been merged, this string will be available in crowdin for translate to the targeted language).
+4. Add the language, [flag icon](https://www.npmjs.com/package/country-flag-icons), and the menu key fort he new language eg: `menuKey: 'lng.korean'` to the file `packages/plugins/ui-theme/src/i18n/enabledLanguages.ts`.
+5. For local testing, read `packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md`.
+6. Add a `changeset` file, see more info below.
+
 ## Request Features
 
 New feature requests are welcome. Analyse whether the idea fits within scope of
@@ -203,7 +234,7 @@ the project. Adding in context and the use-case will really help!
 
 - A detailed description the advantages of your request
 - Whether or not it's compatible with `npm`, `pnpm` and [_yarn classic_
-  ](https://github.com/yarnpkg/yarn) or [_yarn berry_
+  ](https://github.com/yarnpkg/yarn) or [_yarn modern_
   ](https://github.com/yarnpkg/berry).
 - A potential implementation or design
 - Whatever else is on your mind! 🤓
@@ -247,7 +278,7 @@ clean git history.
 #### Before Commit
 
 Before committing, **you must ensure there are no linting errors and
-all tests pass.** To do this, run these commands before create the PR:
+all tests pass.** To do this, run these commands before creating the PR:
 
 ```bash
 pnpm lint
@@ -300,8 +331,8 @@ We use [changesets](https://github.com/atlassian/changesets) in order to
 generate a detailed Changelog as possible.
 
 Adding a changeset with your Pull Request is essential if you want your
-contribution to get merged (unless is a change that does not affect library
-functionality, eg: typo, docs, readme, add additional test or linting code). To
+contribution to get merged (unless it does not affect functionality or
+user-facing content, eg: docs, readme, adding test or typo/lint fixes). To
 create a changeset please run:
 
 ```
@@ -389,3 +420,25 @@ If you want to develop your own plugin:
 3. You are free to host your plugin in your repository
 4. Provide a detailed description of your plugin to help users understand how to
    use it
+
+## Testing your changes in a local registry
+
+Once you have perform your changes in the code base, the build and tests passes you can publish a local version:
+
+- Ensure you have build all modules (or the one you have modified)
+- Run `pnpm local:publish:release` to launch a local registry and publish all packages into it. This command will be alive until server is killed (Control Key + C)
+
+```
+pnpm build
+pnpm local:publish:release
+```
+
+The last step consist on install globally the package from the local registry.
+
+```
+npm i -g verdaccio --registry=http://localhost:4873
+
+verdaccio
+```
+
+If you perform more changes in the source code, repeat this process, there is not _hot reloading_ support.

Dockerfile

@@ -1,25 +1,26 @@
-FROM --platform=${BUILDPLATFORM:-linux/amd64} node:14.17.6-alpine as builder
+FROM --platform=${BUILDPLATFORM:-linux/amd64} node:16-alpine as builder
 
 ENV NODE_ENV=development \
     VERDACCIO_BUILD_REGISTRY=https://registry.verdaccio.org
 
 RUN apk --no-cache add openssl ca-certificates wget && \
-    apk --no-cache add g++ gcc libgcc libstdc++ linux-headers make python && \
+    apk --no-cache add g++ gcc libgcc libstdc++ linux-headers make python3 && \
     wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub && \
     wget -q https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.25-r0/glibc-2.25-r0.apk && \
     apk add glibc-2.25-r0.apk
 
 WORKDIR /opt/verdaccio-build
 COPY . .
-
-RUN npm -g i pnpm@6.10.3 && \
+RUN npm -g i pnpm@6.32.15 && \
     pnpm config set registry $VERDACCIO_BUILD_REGISTRY && \
     pnpm recursive install --frozen-lockfile --ignore-scripts && \
-    pnpm run build
+    rm -Rf test && \
+    pnpm run build && \
+    pnpm install -P
 # FIXME: need to remove devDependencies from the build
 # RUN pnpm install --prod --ignore-scripts
 
-FROM node:14.17.6-alpine
+FROM node:16-alpine
 LABEL maintainer="https://github.com/verdaccio/verdaccio"
 
 ENV VERDACCIO_APPDIR=/opt/verdaccio \

README.md

@@ -1,10 +1,19 @@
+[![BannerUK](https://cdn.verdaccio.dev/readme/banner-uk.svg)](https://donate.redcrossredcrescent.org/ua/donate/~my-donation?_cv=1)
+
+> Verdaccio stands for **peace**, stop the war, we will be yellow / blue 🇺🇦 until that happens.
+
 ![verdaccio logo](https://cdn.verdaccio.dev/readme/verdaccio@2x.png)
 
 ![verdaccio gif](https://cdn.verdaccio.dev/readme/readme-website.png)
 
 # Version 6 (Development branch)
 
-> Looking for Verdaccio 5? Check branch `5.x`.
+> Looking for Verdaccio 5 version? Check the branch `5.x`
+> The plugins for the `v5.x` that are hosted within this organization are located
+> at the [`verdaccio/monorepo`](https://github.com/verdaccio/monorepo) repository, while for the v6.x
+> are hosted on this project `./packages/plugins`, keep on mind `v6.x` plugins will eventually would be
+> incompatible with `v5.x` versions.
+> Note that contributing guidelines might be different based on the branch.
 
 [Verdaccio](https://verdaccio.org/) is a simple, **zero-config-required local private npm registry**.
 No need for an entire database just to get started! Verdaccio comes out of the box with
@@ -26,13 +35,28 @@ Google Cloud Storage** or create your own plugin.
 
 [![Twitter followers](https://img.shields.io/twitter/follow/verdaccio_npm.svg?style=social&label=Follow)](https://twitter.com/verdaccio_npm)
 [![Github](https://img.shields.io/github/stars/verdaccio/verdaccio.svg?style=social&label=Stars)](https://github.com/verdaccio/verdaccio/stargazers)
+[![StandWithUkraine](https://raw.githubusercontent.com/vshymanskyy/StandWithUkraine/main/badges/StandWithUkraine.svg)](https://github.com/vshymanskyy/StandWithUkraine/blob/main/docs/README.md)
 
 ## Install
 
+> Latest Node.js v16 required
+
 Install with npm:
 
 ```bash
-npm install --global verdaccio@6-next
+npm install --location=global verdaccio@6-next
+```
+
+With `yarn`
+
+```bash
+yarn global add verdaccio@6-next
+```
+
+With `pnpm`
+
+```bash
+pnpm i -g verdaccio@6-next
 ```
 
 or
@@ -41,9 +65,30 @@ or
 docker pull verdaccio/verdaccio:nightly-master
 ```
 
+or with _helm_ [official chart](https://github.com/verdaccio/charts).
+
+```bash
+helm repo add verdaccio https://charts.verdaccio.org
+helm repo update
+helm install verdaccio/verdaccio
+```
+
+Furthermore, you can read the [**Debugging Guidelines**](https://github.com/verdaccio/verdaccio/wiki/Debugging-Verdaccio) and the [**Docker Examples**](https://github.com/verdaccio/verdaccio/tree/master/docker-examples) for more advanced development.
+
+## Plugins
+
+You can develop your own [plugins](https://verdaccio.org/docs/plugins) with the [verdaccio generator](https://github.com/verdaccio/generator-verdaccio-plugin). Installing [Yeoman](https://yeoman.io/) is required.
+
+```
+npm install --location=global yo
+npm install --location=global generator-verdaccio-plugin
+```
+
+Learn more [here](https://verdaccio.org/docs/dev-plugins) how to develop plugins. Share your plugins with the community.
+
 ## Donations
 
-Verdaccio is run by **volunteers**; nobody is working full-time on it. If you find this project to be useful and would like to support its development, consider making a donation - **your logo might end up in this readme.** 😉
+Verdaccio is run by **volunteers**; nobody is working full-time on it. If you find this project to be useful and would like to support its development, consider do a long support donation - **and your logo will be on this section of the readme.**
 
 **[Donate](https://github.com/sponsors/verdaccio)** 💵👍🏻 starting from _$1/month_ or just one single contribution.
 
@@ -69,19 +114,31 @@ If you want to use a modified version of some 3rd-party package (for example, yo
 ### E2E Testing
 
 Verdaccio has proved to be a lightweight registry that can be
-booted in a couple of seconds, fast enough for any CI. Many open source projects use verdaccio for end to end testing, to mention some examples, **create-react-app**, **mozilla neutrino**, **pnpm**, **storybook**, **alfresco** or **eclipse theia**. You can read more in dedicated article to E2E in our blog.
+booted in a couple of seconds, fast enough for any CI. Many open source projects use verdaccio for end to end testing, to mention some examples, **create-react-app**, **mozilla neutrino**, **pnpm**, **storybook**, **babel.js**, **angular-cli** or **docusaurus**. You can read more in [here](https://verdaccio.org/docs/e2e).
 
-## Talks
+Furthermore, here few examples how to start:
 
-### **Testing the integrity of your React components by publishing in a private registry - React Finland 2021**.
+- [e2e-ci-example-gh-actions](https://github.com/juanpicado/e2e-ci-example-gh-actions)
+- [verdaccio-end-to-end-tests](https://github.com/juanpicado/verdaccio-end-to-end-tests)
+- [verdaccio-fork](https://github.com/juanpicado/verdaccio-fork)
 
-[![beerjscrb](https://cdn.verdaccio.dev/readme/react-finland-2021-jpicado.jpeg)](https://www.youtube.com/watch?v=5olfi5wbgF4)
+## Watch our Videos
+
+**Node Congress 2022, February 2022, Online Free**
+
+<div>
+   <a href="https://portal.gitnation.org/contents/five-ways-of-taking-advantage-of-verdaccio-your-private-and-proxy-nodejs-registry">
+     <img src="https://cdn.verdaccio.dev/readme/nodejscongress2022.jpg" alt="nodejs" width="200"/>
+  </a>
+</div>
 
 You might want to check out as well our previous talks:
 
+- [Using Docker and Verdaccio to make Integration Testing Easy - **Docker All Hands #4 December - 2021**](https://www.youtube.com/watch?v=zRI0skF1f8I)
+- [**Juan Picado** – Testing the integrity of React components by publishing in a private registry - React Finland - 2021](https://www.youtube.com/watch?v=bRKZbrlQqLY&t=16s&ab_channel=ReactFinland)
 - [BeerJS Cba Meetup No. 53 May 2021 - **Juan Picado**](https://www.youtube.com/watch?v=6SyjqBmS49Y&ab_channel=BeerJSCba)
-- [Node.js Dependency Confusion Attacks - April 2021 - **Juan Picado\***](https://www.youtube.com/watch?v=qTRADSp3Hpo)
-- [**OpenJS World 2020** about \*Cover your Projects with a Multi purpose Lightweight Node.js Registry - **Juan Picado\***](https://www.youtube.com/watch?v=oVCjDWeehAQ)
+- [Node.js Dependency Confusion Attacks - April 2021 - **Juan Picado**](https://www.youtube.com/watch?v=qTRADSp3Hpo)
+- [**OpenJS World 2020** about \*Cover your Projects with a Multi purpose Lightweight Node.js Registry - **Juan Picado**](https://www.youtube.com/watch?v=oVCjDWeehAQ)
 - [ViennaJS Meetup - Introduction to Verdaccio by **Priscila Olivera** and **Juan Picado**](https://www.youtube.com/watch?v=hDIFKzmoCa)
 - [Open Source? trivago - Verdaccio (**Ayush** and **Juan Picado**) January 2020](https://www.youtube.com/watch?v=A5CWxJC9xzc)
 - [GitNation Open Source Stage - How we have built a Node.js Registry with React - **Juan Picado** December 2019](https://www.youtube.com/watch?v=gpjC8Qp9B9A)
@@ -98,7 +155,7 @@ verdaccio
 You would need set some npm configuration, this is optional.
 
 ```bash
-$ npm set registry http://localhost:4873/
+npm set registry http://localhost:4873/
 ```
 
 For one-off commands or to avoid setting the registry globally:
@@ -122,7 +179,7 @@ npm adduser --registry http://localhost:4873
 > if you use HTTPS, add an appropriate CA information ("null" means get CA list from OS)
 
 ```bash
-$ npm set ca null
+npm set ca null
 ```
 
 #### 2. publish your package
@@ -152,7 +209,7 @@ To run the docker container:
 docker run -it --rm --name verdaccio -p 4873:4873 verdaccio/verdaccio
 ```
 
-Docker examples are available [in this repository](https://github.com/verdaccio/docker-examples).
+Docker examples are available [in this repository](https://github.com/verdaccio/verdaccio/tree/master/docker-examples).
 
 ## Compatibility
 
@@ -190,7 +247,20 @@ Verdaccio aims to support all features of a standard npm client that make sense
 
 If you want to report a security vulnerability, please follow the steps which we have defined for you in our [security policy](https://github.com/verdaccio/verdaccio/security/policy).
 
-## Core Team
+## Special Thanks
+
+Thanks to the following companies to help us to achieve our goals providing free open source licenses. Every company provides enough resources to move this project forward.
+
+| Company      | Logo                                                                                                                            | License                                                                           |
+| ------------ | ------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------- |
+| JetBrains    | [![jetbrain](assets/thanks/jetbrains/logo.png)](https://www.jetbrains.com/)                                                     | JetBrains provides licenses for products for active maintainers, renewable yearly |
+| Crowdin      | [![crowdin](assets/thanks/crowdin/logo.png)](https://crowdin.com/)                                                              | Crowdin provides platform for translations                                        |
+| BrowserStack | [![browserstack](https://cdn.verdaccio.dev/readme/browserstack_logo.png)](https://www.browserstack.com/)                        | BrowserStack provides plan to run End to End testing for the UI                   |
+| Netlify      | [![netlify](https://www.netlify.com/img/global/badges/netlify-color-accent.svg)](https://www.netlify.com/)                      | Netlify provides pro plan for website deployment                                  |
+| Algolia      | [![algolia](https://cdn.verdaccio.dev/sponsor/logo/algolia/logo.png)](https://algolia.com/)                                     | Algolia provides search services for the website                                  |
+| Docker       | [![docker](https://cdn.verdaccio.dev/sponsor/logo/docker/docker.png)](https://www.docker.com/community/open-source/application) | Docker offers unlimited pulls and unlimited egress to any and all users           |
+
+## Maintainers
 
 | [Juan Picado](https://github.com/juanpicado)                                   | [Ayush Sharma](https://github.com/ayusharma)                             | [Sergio Hg](https://github.com/sergiohgz)                                 |
 | ------------------------------------------------------------------------------ | ------------------------------------------------------------------------ | ------------------------------------------------------------------------- |
@@ -207,6 +277,7 @@ You can find and chat with then over Discord, click [here](http://chat.verdaccio
 - [create-react-app](https://github.com/facebook/create-react-app/blob/master/CONTRIBUTING.md#customizing-e2e-registry-configuration) _(+86.2k ⭐️)_
 - [Gatsby](https://github.com/gatsbyjs/gatsby) _(+49.2k ⭐️)_
 - [Babel.js](https://github.com/babel/babel) _(+38.5k ⭐️)_
+- [Docusaurus](https://github.com/facebook/docusaurus) _(+34k ⭐️)_
 - [Vue CLI](https://github.com/vuejs/vue-cli) _(+27.4k ⭐️)_
 - [Angular CLI](https://github.com/angular/angular-cli) _(+24.3k ⭐️)_
 - [Uppy](https://github.com/transloadit/uppy) _(+23.8k ⭐️)_
@@ -221,7 +292,7 @@ You can find and chat with then over Discord, click [here](http://chat.verdaccio
 - [Amazon SDK v3](https://github.com/aws/aws-sdk-js-v3)
 - [Amazon Encryption SDK for Javascript](https://github.com/aws/aws-encryption-sdk-javascript)
 
-🤓 Don't be shy, you also can be in [the list](https://github.com/verdaccio/website/blob/master/docs/who-is-using.md).
+🤓 Don't be shy, add yourself to this readme.
 
 ## Open Collective Sponsors
 
@@ -244,18 +315,6 @@ Thank you to all our backers! 🙏 [[Become a backer](https://opencollective.com
 
 [![backers](https://opencollective.com/verdaccio/backers.svg?width=890)](https://opencollective.com/verdaccio#backers)
 
-## Special Thanks
-
-Thanks to the following companies to help us to achieve our goals providing free open source licenses.
-
-[![jetbrain](assets/thanks/jetbrains/logo.png)](https://www.jetbrains.com/)
-[![crowdin](assets/thanks/crowdin/logo.png)](https://crowdin.com/)
-[![browserstack](https://cdn.verdaccio.dev/readme/browserstack_logo.png)](https://www.browserstack.com/)
-[![netlify](https://www.netlify.com/img/global/badges/netlify-color-accent.svg)](https://www.netlify.com/)
-[![algolia](https://cdn.verdaccio.dev/sponsor/logo/algolia/logo.png)](https://algolia.com/)
-
-Verdaccio also is part of to the [Docker Open Source Program](https://www.docker.com/blog/expanded-support-for-open-source-software-projects/).
-
 ## Contributors
 
 This project exists thanks to all the people who contribute. [[Contribute](CONTRIBUTING.md)].
@@ -270,7 +329,7 @@ If you have any issue you can try the following options, do no desist to ask or
 - [Donations](https://github.com/sponsors/verdaccio)
 - [Reporting an issue](https://github.com/verdaccio/verdaccio/issues/new/choose)
 - [Running discussions](https://github.com/verdaccio/verdaccio/issues?q=is%3Aissue+is%3Aopen+label%3Adiscuss)
-- [Chat](http://chat.verdaccio.org/)
+- [Chat](https://discord.gg/7qWJxBf)
 - [Logos](https://verdaccio.org/docs/en/logo)
 - [Docker Examples](https://github.com/verdaccio/verdaccio/tree/master/docker-examples)
 - [FAQ](https://github.com/verdaccio/verdaccio/discussions/categories/q-a)

crowdin.yaml

@@ -5,6 +5,10 @@ preserve_hierarchy: true
 
 files:
   [
+    {
+      source: 'packages/plugins/ui-theme/src/i18n/crowdin/**/*',
+      translation: '/packages/plugins/ui-theme/src/i18n/download_translations/%locale%/**/%original_file_name%',
+    },
     {
       source: '/website/i18n/en/**/*',
       translation: '/website/i18n/%locale%/**/%original_file_name%',
@@ -13,4 +17,4 @@ files:
       source: '/website/docs/**/*',
       translation: '/website/i18n/%locale%/docusaurus-plugin-content-docs/current/**/%original_file_name%',
     }
-  ]
+  ]

docker-examples/README.md

@@ -8,12 +8,14 @@ The following examples aim to be demonstrative and can be either improved or upd
 
 - [v4 examples](v4/README.md)
 - [v5 examples](v5/README.md)
+- [v6 examples](v6/README.md)
 
 ## Aditional data
 
 This folder aims to create a collection of Docker and Kubernetes examples.
 
 For more information about the **Helm** Chart, please check it [owns repo](https://github.com/verdaccio/charts).
+
 ### Kubernetes
 
 - Kubernetes (minikube) + Verdaccio (Basic Configuration)

docker-examples/v4/amazon-s3-docker-example/README.md

@@ -4,6 +4,9 @@ Verdaccio running with [Localstack](https://github.com/localstack/localstack) pr
 
 ## Usage
 
+> You might need to create bucket manually here
+> aws --endpoint-url=http://localhost:4572 s3 mb s3://localstack.s3.plugin.test
+
 ```
 docker-compose up --force-recreate --build --always-recreate-deps
 ```

docker-examples/v4/amazon-s3-docker-example/conf/config.yaml

@@ -13,7 +13,6 @@ uplinks:
 
 packages:
   '@*/*':
-    # scoped packages
     access: $all
     publish: $all
     proxy: npmjs

docker-examples/v4/amazon-s3-docker-example/docker-compose.yaml

@@ -14,7 +14,7 @@ services:
     links:
       - localstack-s3
   localstack-s3:
-    image: localstack/localstack:latest
+    image: localstack/localstack:0.10.9
     container_name: localstack-s3-1
     environment:
       - DEBUG=0

docker-examples/v4/amazon-s3-docker-example/localStack-resources/Dockerfile

@@ -1,4 +1,4 @@
-FROM python:2.7
+FROM python:3.7-alpine
 
 ENV AWS_ACCESS_KEY_ID='[something]'
 ENV AWS_SECRET_ACCESS_KEY='[something]'
@@ -7,4 +7,4 @@ ENV AWS_S3_ENDPOINT='http://localstack-s3:4572'
 RUN pip install awscli
 COPY entry.sh /entry.sh
 RUN chmod +x /entry.sh
-ENTRYPOINT ["/entry.sh"]
+ENTRYPOINT ["/entry.sh"]

docker-examples/v4/amazon-s3-docker-example/localStack-resources/entry.sh

@@ -1,3 +1,3 @@
 #!/bin/bash
 
-aws --endpoint-url http://localstack-s3:4572 s3 mb s3://localstack.s3.plugin.test --region eu-west-2
+aws --endpoint-url http://localstack-s3:4572 s3 mb s3://localstack.s3.plugin.test --region eu-west-2

docker-examples/v4/docker-local-storage-volume/conf/config.yaml

@@ -7,7 +7,7 @@
 # see https://github.com/verdaccio/verdaccio/blob/master/wiki/docker.md#docker-and-custom-port-configuration
 #
 # Look here for more config file examples:
-# https://github.com/verdaccio/verdaccio/tree/master/conf
+# https://github.com/verdaccio/verdaccio/tree/master/packages/config/src/conf
 #
 
 # path to a directory with all packages

docker-examples/v4/docker-plugin-external/plugins/verdaccio-memory/lib/index.js

@@ -10,7 +10,7 @@ let _localMemory = require('./local-memory');
 let _localMemory2 = _interopRequireDefault(_localMemory);
 
 function _interopRequireDefault(obj) {
-  return obj && obj.__esModule ? obj : {default: obj};
+  return obj && obj.__esModule ? obj : { default: obj };
 }
 
 exports.LocalMemory = _localMemory2.default;

docker-examples/v4/docker-plugin-external/plugins/verdaccio-memory/lib/local-memory.js

@@ -9,7 +9,7 @@ let _memoryHandler = require('./memory-handler');
 let _memoryHandler2 = _interopRequireDefault(_memoryHandler);
 
 function _interopRequireDefault(obj) {
-  return obj && obj.__esModule ? obj : {default: obj};
+  return obj && obj.__esModule ? obj : { default: obj };
 }
 
 const DEFAULT_LIMIT = 1000;
@@ -43,8 +43,8 @@ class LocalMemory {
       cb(null);
     } else {
       this.logger.info(
-          {limit: this.limit},
-          'Storage memory has reached limit of @{limit} packages',
+        { limit: this.limit },
+        'Storage memory has reached limit of @{limit} packages'
       );
       cb(new Error('Storage memory has reached limit of limit packages'));
     }

docker-examples/v4/docker-plugin-external/plugins/verdaccio-memory/lib/memory-handler.js

@@ -16,7 +16,7 @@ let _memoryFs2 = _interopRequireDefault(_memoryFs);
 let _streams = require('@verdaccio/streams');
 
 function _interopRequireDefault(obj) {
-  return obj && obj.__esModule ? obj : {default: obj};
+  return obj && obj.__esModule ? obj : { default: obj };
 }
 
 // $FlowFixMe
@@ -111,8 +111,8 @@ class MemoryHandler {
     const uploadStream = new _streams.UploadTarball();
     const temporalName = `/${name}`;
 
-    process.nextTick(function() {
-      fs.exists(temporalName, function(exists) {
+    process.nextTick(function () {
+      fs.exists(temporalName, function (exists) {
         if (exists) {
           return uploadStream.emit('error', fSError(fileExist));
         }
@@ -122,7 +122,7 @@ class MemoryHandler {
 
           uploadStream.pipe(file);
 
-          uploadStream.done = function() {
+          uploadStream.done = function () {
             const onEnd = function onEnd() {
               uploadStream.emit('success');
             };
@@ -130,7 +130,7 @@ class MemoryHandler {
             uploadStream.on('end', onEnd);
           };
 
-          uploadStream.abort = function() {
+          uploadStream.abort = function () {
             uploadStream.emit('error', fSError('transmision aborted', 400));
             file.end();
           };
@@ -150,8 +150,8 @@ class MemoryHandler {
 
     const readTarballStream = new _streams.ReadTarball();
 
-    process.nextTick(function() {
-      fs.exists(pathName, function(exists) {
+    process.nextTick(function () {
+      fs.exists(pathName, function (exists) {
         if (!exists) {
           readTarballStream.emit('error', noPackageFoundError());
         } else {
@@ -164,7 +164,7 @@ class MemoryHandler {
             readTarballStream.emit('error', error);
           });
 
-          readTarballStream.abort = function() {
+          readTarballStream.abort = function () {
             readStream.destroy(fSError('read has been aborted', 400));
           };
         }

docker-examples/v4/ldap-verdaccio/conf/config.yaml

@@ -7,7 +7,7 @@
 # see https://github.com/verdaccio/verdaccio/blob/master/wiki/docker.md#docker-and-custom-port-configuration
 #
 # Look here for more config file examples:
-# https://github.com/verdaccio/verdaccio/tree/master/conf
+# https://github.com/verdaccio/verdaccio/tree/master/packages/config/src/conf
 #
 
 # path to a directory with all packages

docker-examples/v4/multi-registry-uplink/server1/conf/config.yaml

@@ -7,7 +7,7 @@
 # see https://github.com/verdaccio/verdaccio/blob/master/wiki/docker.md#docker-and-custom-port-configuration
 #
 # Look here for more config file examples:
-# https://github.com/verdaccio/verdaccio/tree/master/conf
+# https://github.com/verdaccio/verdaccio/tree/master/packages/config/src/conf
 #
 
 # path to a directory with all packages

docker-examples/v4/multi-registry-uplink/server2/conf/config.yaml

@@ -7,7 +7,7 @@
 # see https://github.com/verdaccio/verdaccio/blob/master/wiki/docker.md#docker-and-custom-port-configuration
 #
 # Look here for more config file examples:
-# https://github.com/verdaccio/verdaccio/tree/master/conf
+# https://github.com/verdaccio/verdaccio/tree/master/packages/config/src/conf
 #
 
 # path to a directory with all packages

docker-examples/v4/multi-registry-uplink/server3/conf/config.yaml

@@ -7,7 +7,7 @@
 # see https://github.com/verdaccio/verdaccio/blob/master/wiki/docker.md#docker-and-custom-port-configuration
 #
 # Look here for more config file examples:
-# https://github.com/verdaccio/verdaccio/tree/master/conf
+# https://github.com/verdaccio/verdaccio/tree/master/packages/config/src/conf
 #
 
 # path to a directory with all packages

docker-examples/v4/reverse_proxy/nginx/relative_path/conf/v4/config.yaml

@@ -19,7 +19,7 @@ security:
       expiresIn: 7d
 
 ## IMPORTANT
-## This setup is required for relative path 
+## This setup is required for relative path
 url_prefix: /verdaccio/
 server:
   behindProxy: true

docker-examples/v5/README.md

@@ -1,5 +1,14 @@
 # Verdaccio 5
 
-> Before run examples, build the local image by running `pnpm docker`. 
+> Before run examples, build the local image by running `pnpm docker`.
 
 - [Docker + Nginx + Verdaccio](reverse_proxy/nginx/README.md)
+
+## Using Plugins with Docker
+
+List of different approaches
+
+> Note these options could be improved, feel free to submit upgrades
+
+- [Docker + Install plugins from a registry](plugins/docker-build-install-plugin/README.md)
+- [Docker + Install local plugin](plugins/docker-local-plugin/README.md)

docker-examples/v5/plugins/docker-build-install-plugin/Dockerfile

@@ -0,0 +1,25 @@
+# Docs based on https://github.com/xlts-dev/verdaccio-prometheus-middleware#installation
+
+# Docker multi-stage build - https://docs.docker.com/develop/develop-images/multistage-build/
+# Use an alpine node image to install the plugin
+FROM node:lts-alpine as builder
+
+# Install the metrics middleware plugin
+# npm docs
+# --global-style https://docs.npmjs.com/cli/v7/commands/npm-install#global-style
+# --no-bin-links https://docs.npmjs.com/cli/v7/commands/npm-install#bin-links
+# --omit=optional 
+RUN mkdir -p /verdaccio/plugins \
+  && cd /verdaccio/plugins \
+  && npm install --global-style --no-bin-links --omit=optional verdaccio-auth-memory@latest
+
+# The final built image will be based on the standard Verdaccio docker image.
+FROM verdaccio/verdaccio:5
+
+# Copy the plugin files over from the 'builder' node image.
+# The `$VERDACCIO_USER_UID` env variable is defined in the base `verdaccio/verdaccio` image.
+# Refer to: https://github.com/verdaccio/verdaccio/blob/v5.2.0/Dockerfile#L32
+ADD docker.yaml /verdaccio/conf/config.yaml  
+COPY --chown=$VERDACCIO_USER_UID:root --from=builder \
+  /verdaccio/plugins/node_modules/verdaccio-auth-memory \
+  /verdaccio/plugins/verdaccio-auth-memory

docker-examples/v5/plugins/docker-build-install-plugin/README.md

@@ -0,0 +1,46 @@
+# Installing a plugin with Docker build
+
+On this small tutorial (based on [`verdaccio-prometheus-middleware`](https://github.com/xlts-dev/verdaccio-prometheus-middleware) example) you will be able to use a published package in any random registry (npmjs by default) and use it withing a docker image without mapping need it.
+
+> Since verdaccio:5 uses `yarn@2` to run the application, this tutorial is a workaround but future prove since verdaccio 6 uses `pnpm` to build the docker image.
+
+There are two main steps to highlight:
+
+- `docker.yaml`: This is a copy of the original configuration file for docker and with small modifications to use the plugin [`verdaccio-auth-memory`](https://www.npmjs.com/package/verdaccio-auth-memory) and custom web title for demonstration.
+- The `Dockerfile` take advance of the docker multi-stage build to install the plugin into the `verdaccio/plugins` folder withing the image, then we apply the right permissions `--chown=$VERDACCIO_USER_UID:root` so the plugin is recognized.
+
+## Run it
+
+Build this image.
+
+```bash
+docker build -t verdaccio/verdaccio:local .
+```
+
+and to run it
+
+```bash
+docker run -it --rm --name verdaccio -p 4873:4873 verdaccio/verdaccio:local
+```
+
+## Usage
+
+```dockerfile
+# Docker multi-stage build - https://docs.docker.com/develop/develop-images/multistage-build/
+# Use an alpine node image to install the plugin
+FROM node:lts-alpine as builder
+
+RUN mkdir -p /verdaccio/plugins \
+  && cd /verdaccio/plugins \
+  && npm install --global-style --no-bin-links --omit=optional verdaccio-auth-memory@latest
+
+FROM verdaccio/verdaccio:5
+
+# copy your modified config.yaml into the image
+ADD docker.yaml /verdaccio/conf/config.yaml
+
+COPY --chown=$VERDACCIO_USER_UID:root --from=builder \
+  /verdaccio/plugins/node_modules/verdaccio-auth-memory \
+  /verdaccio/plugins/verdaccio-auth-memory
+
+```

docker-examples/v5/plugins/docker-build-install-plugin/docker.yaml

@@ -0,0 +1,197 @@
+#
+# This is the default configuration file. It allows all users to do anything,
+# please read carefully the documentation and best practices to
+# improve security.
+#
+# Do not configure host and port under `listen` in this file
+# as it will be ignored when using docker.
+# see https://verdaccio.org/docs/en/docker#docker-and-custom-port-configuration
+#
+# Look here for more config file examples:
+# https://github.com/verdaccio/verdaccio/tree/5.x/conf
+#
+# Read about the best practices
+# https://verdaccio.org/docs/best
+
+# path to a directory with all packages
+storage: /verdaccio/storage/data
+# path to a directory with plugins to include
+plugins: /verdaccio/plugins
+
+# https://verdaccio.org/docs/webui
+web:
+  title: Verdaccio Publish Config Test
+  # comment out to disable gravatar support
+  # gravatar: false
+  # by default packages are ordercer ascendant (asc|desc)
+  # sort_packages: asc
+  # convert your UI to the dark side
+  # darkMode: true
+  # html_cache: true
+  # by default all features are displayed
+  # login: true
+  # showInfo: true
+  # showSettings: true
+  # In combination with darkMode you can force specific theme
+  # showThemeSwitch: true
+  # showFooter: true
+  # showSearch: true
+  # showRaw: true
+  # showDownloadTarball: true
+  #  HTML tags injected after manifest <scripts/>
+  # scriptsBodyAfter:
+  #    - '<script type="text/javascript" src="https://my.company.com/customJS.min.js"></script>'
+  #  HTML tags injected before ends </head>
+  #  metaScripts:
+  #    - '<script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>'
+  #    - '<script type="text/javascript" src="https://browser.sentry-cdn.com/5.15.5/bundle.min.js"></script>'
+  #    - '<meta name="robots" content="noindex" />'
+  #  HTML tags injected first child at <body/>
+  #  bodyBefore:
+  #    - '<div id="myId">html before webpack scripts</div>'
+  #  Public path for template manifest scripts (only manifest)
+  #  publicPath: http://somedomain.org/
+
+# https://verdaccio.org/docs/configuration#authentication
+auth:
+  auth-memory:
+    users:
+      foo:
+        name: foo
+        password: s3cret
+      bar:
+        name: bar
+        password: s3cret
+
+# https://verdaccio.org/docs/configuration#uplinks
+# a list of other known repositories we can talk to
+uplinks:
+  npmjs:
+    url: https://registry.npmjs.org/
+
+# Learn how to protect your packages
+# https://verdaccio.org/docs/protect-your-dependencies/
+# https://verdaccio.org/docs/configuration#packages
+packages:
+  '@*/*':
+    # scoped packages
+    access: $all
+    publish: $authenticated
+    unpublish: $authenticated
+    proxy: npmjs
+
+  '**':
+    # allow all users (including non-authenticated users) to read and
+    # publish all packages
+    #
+    # you can specify usernames/groupnames (depending on your auth plugin)
+    # and three keywords: "$all", "$anonymous", "$authenticated"
+    access: $all
+
+    # allow all known users to publish/publish packages
+    # (anyone can register by default, remember?)
+    publish: $authenticated
+    unpublish: $authenticated
+
+    # if package is not available locally, proxy requests to 'npmjs' registry
+    proxy: npmjs
+
+# To improve your security configuration and  avoid dependency confusion
+# consider removing the proxy property for private packages
+# https://verdaccio.org/docs/best#remove-proxy-to-increase-security-at-private-packages
+
+# https://verdaccio.org/docs/configuration#server
+# You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections.
+# A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout.
+# WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.
+server:
+  keepAliveTimeout: 60
+
+# https://verdaccio.org/docs/configuration#offline-publish
+# publish:
+#   allow_offline: false
+
+# https://verdaccio.org/docs/configuration#url-prefix
+# url_prefix: /verdaccio/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/my_prefix'
+# // url -> https://somedomain.org/my_prefix/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/'
+# // url -> https://somedomain.org/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org/first_prefix';
+# url_prefix: '/second_prefix'
+# // url -> https://somedomain.org/second_prefix/'
+
+# https://verdaccio.org/docs/configuration#security
+# security:
+#   api:
+#     legacy: true
+#     jwt:
+#       sign:
+#         expiresIn: 29d
+#       verify:
+#         someProp: [value]
+#    web:
+#      sign:
+#        expiresIn: 1h # 1 hour by default
+#      verify:
+#         someProp: [value]
+
+# https://verdaccio.org/docs/configuration#user-rate-limit
+# userRateLimit:
+#   windowMs: 50000
+#   max: 1000
+
+# https://verdaccio.org/docs/configuration#max-body-size
+# max_body_size: 10mb
+
+# https://verdaccio.org/docs/configuration#listen-port
+# listen:
+# - localhost:4873            # default value
+# - http://localhost:4873     # same thing
+# - 0.0.0.0:4873              # listen on all addresses (INADDR_ANY)
+# - https://example.org:4873  # if you want to use https
+# - "[::1]:4873"                # ipv6
+# - unix:/tmp/verdaccio.sock    # unix socket
+
+# The HTTPS configuration is useful if you do not consider use a HTTP Proxy
+# https://verdaccio.org/docs/configuration#https
+# https:
+#   key: ./path/verdaccio-key.pem
+#   cert: ./path/verdaccio-cert.pem
+#   ca: ./path/verdaccio-csr.pem
+
+# https://verdaccio.org/docs/configuration#proxy
+# http_proxy: http://something.local/
+# https_proxy: https://something.local/
+
+# https://verdaccio.org/docs/configuration#notifications
+# notify:
+#   method: POST
+#   headers: [{ "Content-Type": "application/json" }]
+#   endpoint: https://usagge.hipchat.com/v2/room/3729485/notification?auth_token=mySecretToken
+#   content: '{"color":"green","message":"New package published: * {{ name }}*","notify":true,"message_format":"text"}'
+
+middlewares:
+  audit:
+    enabled: true
+
+# https://verdaccio.org/docs/logger
+# log settings
+logs: { type: stdout, format: pretty, level: http }
+#experiments:
+#  # support for npm token command
+#  token: false
+#  # enable tarball URL redirect for hosting tarball with a different server, the tarball_url_redirect can be a template string
+#  tarball_url_redirect: 'https://mycdn.com/verdaccio/${packageName}/${filename}'
+#  # the tarball_url_redirect can be a function, takes packageName and filename and returns the url, when working with a js configuration file
+#  tarball_url_redirect(packageName, filename) {
+#    const signedUrl = // generate a signed url
+#    return signedUrl;
+#  }
+
+# translate your registry, api i18n not available yet
+# i18n:
+# list of the available translations https://github.com/verdaccio/verdaccio/blob/master/packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md
+#   web: en-US

docker-examples/v5/plugins/docker-local-plugin/Dockerfile

@@ -0,0 +1,26 @@
+# Docs based on https://github.com/xlts-dev/verdaccio-prometheus-middleware#installation
+# Docker multi-stage build - https://docs.docker.com/develop/develop-images/multistage-build/
+# Use an alpine node image to install the plugin
+FROM node:lts-alpine as builder
+
+RUN mkdir -p /verdaccio/plugins
+
+# Copy the local plugin into the docker image
+ADD plugins/verdaccio-docker-memory /verdaccio/plugins/verdaccio-docker-memory
+# Install the production dependencies (be careful install devDependencies here)
+RUN cd /verdaccio/plugins/verdaccio-docker-memory \
+  && npm install --production
+
+# The final built image will be based on the standard Verdaccio docker image.
+FROM verdaccio/verdaccio:5
+
+# Copy the plugin files over from the 'builder' node image.
+# The `$VERDACCIO_USER_UID` env variable is defined in the base `verdaccio/verdaccio` image.
+# Refer to: https://github.com/verdaccio/verdaccio/blob/v5.2.0/Dockerfile#L32
+# The local verdaccio-docker-memory is setup as storage
+ADD docker.yaml /verdaccio/conf/config.yaml  
+
+# Copy the plugin into the /verdaccio/plugins 
+COPY --chown=$VERDACCIO_USER_UID:root --from=builder \
+  /verdaccio/plugins/verdaccio-docker-memory \
+  /verdaccio/plugins/verdaccio-docker-memory

docker-examples/v5/plugins/docker-local-plugin/README.md

@@ -0,0 +1,42 @@
+# Installing a local plugin with Docker build
+
+On this small tutorial (based on [`verdaccio-prometheus-middleware`](https://github.com/xlts-dev/verdaccio-prometheus-middleware) example) you will be able to use a published package in any random registry (npmjs by default) and use it withing a docker image without mapping need it.
+
+> Since verdaccio:5 uses `yarn@2` to run the application, this tutorial is a workaround but future prove since verdaccio 6 uses `pnpm` to build the docker image.
+
+There are three main steps to highlight:
+
+- Note the custom plugin at `plugins/verdaccio-docker-memory` under the name `verdaccio-docker-memory`.
+- Install the _production_ dependencies for the plugin `verdaccio-docker-memory`
+- `docker.yaml`: This is a copy of the original configuration file for docker and with small modifications to use the local plugin `verdaccio-docker-memory`.
+- The `Dockerfile` take advance of the docker multi-stage build to copy the local plugin into the `verdaccio/plugins` folder withing the image, then we apply the right permissions `--chown=$VERDACCIO_USER_UID:root` so the plugin is recognized.
+
+## Run it
+
+Build this image.
+
+```bash
+docker build -t verdaccio/verdaccio:local .
+```
+
+and to run it
+
+```bash
+docker run -it --rm --name verdaccio -p 4873:4873 verdaccio/verdaccio:local
+```
+
+## Usage
+
+```dockerfile
+FROM node:lts-alpine as builder
+RUN mkdir -p /verdaccio/plugins
+ADD plugins/verdaccio-docker-memory /verdaccio/plugins/verdaccio-docker-memory
+RUN cd /verdaccio/plugins/verdaccio-docker-memory \
+  && ls -ls \
+  && npm install --production
+FROM verdaccio/verdaccio:5
+ADD docker.yaml /verdaccio/conf/config.yaml
+COPY --chown=$VERDACCIO_USER_UID:root --from=builder \
+  /verdaccio/plugins/verdaccio-docker-memory \
+  /verdaccio/plugins/verdaccio-docker-memory
+```

docker-examples/v5/plugins/docker-local-plugin/docker.yaml

@@ -0,0 +1,199 @@
+#
+# This is the default configuration file. It allows all users to do anything,
+# please read carefully the documentation and best practices to
+# improve security.
+#
+# Do not configure host and port under `listen` in this file
+# as it will be ignored when using docker.
+# see https://verdaccio.org/docs/en/docker#docker-and-custom-port-configuration
+#
+# Look here for more config file examples:
+# https://github.com/verdaccio/verdaccio/tree/5.x/conf
+#
+# Read about the best practices
+# https://verdaccio.org/docs/best
+
+# path to a directory with all packages
+storage: /verdaccio/storage/data
+
+store:
+  # dummy copy of https://www.npmjs.com/package/verdaccio-memory
+  docker-memory:
+    limit: 1000
+
+# path to a directory with plugins to include
+plugins: /verdaccio/plugins
+
+# https://verdaccio.org/docs/webui
+web:
+  title: Verdaccio This is a Test
+  # comment out to disable gravatar support
+  # gravatar: false
+  # by default packages are ordercer ascendant (asc|desc)
+  # sort_packages: asc
+  # convert your UI to the dark side
+  # darkMode: true
+  # html_cache: true
+  # by default all features are displayed
+  # login: true
+  # showInfo: true
+  # showSettings: true
+  # In combination with darkMode you can force specific theme
+  # showThemeSwitch: true
+  # showFooter: true
+  # showSearch: true
+  # showRaw: true
+  # showDownloadTarball: true
+  #  HTML tags injected after manifest <scripts/>
+  # scriptsBodyAfter:
+  #    - '<script type="text/javascript" src="https://my.company.com/customJS.min.js"></script>'
+  #  HTML tags injected before ends </head>
+  #  metaScripts:
+  #    - '<script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>'
+  #    - '<script type="text/javascript" src="https://browser.sentry-cdn.com/5.15.5/bundle.min.js"></script>'
+  #    - '<meta name="robots" content="noindex" />'
+  #  HTML tags injected first child at <body/>
+  #  bodyBefore:
+  #    - '<div id="myId">html before webpack scripts</div>'
+  #  Public path for template manifest scripts (only manifest)
+  #  publicPath: http://somedomain.org/
+
+auth:
+  htpasswd:
+    file: ./htpasswd
+    # Maximum amount of users allowed to register, defaults to "+inf".
+    # You can set this to -1 to disable registration.
+    # max_users: 1000
+
+# https://verdaccio.org/docs/configuration#uplinks
+# a list of other known repositories we can talk to
+uplinks:
+  npmjs:
+    url: https://registry.npmjs.org/
+
+# Learn how to protect your packages
+# https://verdaccio.org/docs/protect-your-dependencies/
+# https://verdaccio.org/docs/configuration#packages
+packages:
+  '@*/*':
+    # scoped packages
+    access: $all
+    publish: $authenticated
+    unpublish: $authenticated
+    proxy: npmjs
+
+  '**':
+    # allow all users (including non-authenticated users) to read and
+    # publish all packages
+    #
+    # you can specify usernames/groupnames (depending on your auth plugin)
+    # and three keywords: "$all", "$anonymous", "$authenticated"
+    access: $all
+
+    # allow all known users to publish/publish packages
+    # (anyone can register by default, remember?)
+    publish: $authenticated
+    unpublish: $authenticated
+
+    # if package is not available locally, proxy requests to 'npmjs' registry
+    proxy: npmjs
+
+# To improve your security configuration and  avoid dependency confusion
+# consider removing the proxy property for private packages
+# https://verdaccio.org/docs/best#remove-proxy-to-increase-security-at-private-packages
+
+# https://verdaccio.org/docs/configuration#server
+# You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections.
+# A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout.
+# WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.
+server:
+  keepAliveTimeout: 60
+
+# https://verdaccio.org/docs/configuration#offline-publish
+# publish:
+#   allow_offline: false
+
+# https://verdaccio.org/docs/configuration#url-prefix
+# url_prefix: /verdaccio/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/my_prefix'
+# // url -> https://somedomain.org/my_prefix/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/'
+# // url -> https://somedomain.org/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org/first_prefix';
+# url_prefix: '/second_prefix'
+# // url -> https://somedomain.org/second_prefix/'
+
+# https://verdaccio.org/docs/configuration#security
+# security:
+#   api:
+#     legacy: true
+#     jwt:
+#       sign:
+#         expiresIn: 29d
+#       verify:
+#         someProp: [value]
+#    web:
+#      sign:
+#        expiresIn: 1h # 1 hour by default
+#      verify:
+#         someProp: [value]
+
+# https://verdaccio.org/docs/configuration#user-rate-limit
+# userRateLimit:
+#   windowMs: 50000
+#   max: 1000
+
+# https://verdaccio.org/docs/configuration#max-body-size
+# max_body_size: 10mb
+
+# https://verdaccio.org/docs/configuration#listen-port
+# listen:
+# - localhost:4873            # default value
+# - http://localhost:4873     # same thing
+# - 0.0.0.0:4873              # listen on all addresses (INADDR_ANY)
+# - https://example.org:4873  # if you want to use https
+# - "[::1]:4873"                # ipv6
+# - unix:/tmp/verdaccio.sock    # unix socket
+
+# The HTTPS configuration is useful if you do not consider use a HTTP Proxy
+# https://verdaccio.org/docs/configuration#https
+# https:
+#   key: ./path/verdaccio-key.pem
+#   cert: ./path/verdaccio-cert.pem
+#   ca: ./path/verdaccio-csr.pem
+
+# https://verdaccio.org/docs/configuration#proxy
+# http_proxy: http://something.local/
+# https_proxy: https://something.local/
+
+# https://verdaccio.org/docs/configuration#notifications
+# notify:
+#   method: POST
+#   headers: [{ "Content-Type": "application/json" }]
+#   endpoint: https://usagge.hipchat.com/v2/room/3729485/notification?auth_token=mySecretToken
+#   content: '{"color":"green","message":"New package published: * {{ name }}*","notify":true,"message_format":"text"}'
+
+middlewares:
+  audit:
+    enabled: true
+
+# https://verdaccio.org/docs/logger
+# log settings
+logs: { type: stdout, format: pretty, level: http }
+#experiments:
+#  # support for npm token command
+#  token: false
+#  # enable tarball URL redirect for hosting tarball with a different server, the tarball_url_redirect can be a template string
+#  tarball_url_redirect: 'https://mycdn.com/verdaccio/${packageName}/${filename}'
+#  # the tarball_url_redirect can be a function, takes packageName and filename and returns the url, when working with a js configuration file
+#  tarball_url_redirect(packageName, filename) {
+#    const signedUrl = // generate a signed url
+#    return signedUrl;
+#  }
+
+# translate your registry, api i18n not available yet
+# i18n:
+# list of the available translations https://github.com/verdaccio/verdaccio/blob/master/packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md
+#   web: en-US

docker-examples/v5/plugins/docker-local-plugin/plugins/.eslintrc

@@ -0,0 +1,8 @@
+{
+  "rules": {
+    "max-len": 0,
+    "@typescript-eslint/prefer-optional-chain": 0,
+    "@typescript-eslint/no-unused-vars": 0,
+    "@typescript-eslint/explicit-member-accessibility": 0
+  }
+}