chore: update lock file

feat!: bump to v7
chore(deps): bump actions/setup-node from 3.8.0 to 3.8.1 (#3987 )
2023-08-21 17:39:50 +02:00 · 2023-08-21 17:38:13 +02:00 · 2023-08-21 16:51:37 +02:00 · 2023-08-21 00:13:04 +00:00 · 2023-08-20 18:52:54 +02:00 · 2023-08-20 17:09:32 +02:00
1823 changed files with 204087 additions and 157851 deletions
--- a/.babelrc
+++ b/.babelrc
@@ -10,5 +10,9 @@
    ],
    "@babel/typescript"
  ],
-  "ignore": ["**/*.d.ts"]
+  "ignore": ["**/*.d.ts"],
+  "plugins": [
+    "@babel/plugin-proposal-optional-chaining",
+    "@babel/plugin-proposal-nullish-coalescing-operator"
+  ]
 }
--- a/.changeset/afraid-mice-obey.md
+++ b/.changeset/afraid-mice-obey.md
@@ -1,15 +0,0 @@
---
-'@verdaccio/types': minor
-'@verdaccio/ui-theme': minor
-'@verdaccio/web': minor
---
-
-allow disable login on ui and endpoints
-
-To be able disable the login, set `login: false`, anything else would enable login. This flag will disable access via UI and web endpoints.
-
-```yml
-web:
-  title: verdaccio
-  login: false
-```
--- a/.changeset/big-lobsters-sin.md
+++ b/.changeset/big-lobsters-sin.md
@@ -1,23 +0,0 @@
---
-'@verdaccio/local-storage': major
-'@verdaccio/url': major
-'verdaccio-aws-s3-storage': major
-'verdaccio-google-cloud': major
-'verdaccio-memory': major
-'@verdaccio/store': major
---
-
-# async storage plugin bootstrap
-
-Gives a storage plugin the ability to perform asynchronous tasks on initialization
-
-## Breaking change
-
-Plugin must have an init method in which asynchronous tasks can be executed
-
-```js
-public async init(): Promise<void> {
-   this.data = await this._fetchLocalPackages();
-   this._sync();
-}
-```
--- a/.changeset/breezy-mayflies-pull.md
+++ b/.changeset/breezy-mayflies-pull.md
@@ -5,35 +5,40 @@
 '@verdaccio/config': major
 '@verdaccio/core': major
 '@verdaccio/file-locking': major
-'verdaccio-htpasswd': major
-'@verdaccio/readme': major
-'@verdaccio/fastify-migration': major
-'@verdaccio/streams': major
 '@verdaccio/tarball': major
 '@verdaccio/types': major
 '@verdaccio/url': major
 '@verdaccio/hooks': major
 '@verdaccio/loaders': major
 '@verdaccio/logger': major
+'@verdaccio/logger-7': major
+'@verdaccio/logger-commons': major
+'@verdaccio/logger-prettify': major
 '@verdaccio/middleware': major
-'@verdaccio/mock': major
 '@verdaccio/node-api': major
-'@verdaccio/active-directory': major
 'verdaccio-audit': major
 'verdaccio-auth-memory': major
-'verdaccio-aws-s3-storage': major
-'verdaccio-google-cloud': major
+'verdaccio-htpasswd': major
+'@verdaccio/local-storage': major
 'verdaccio-memory': major
 '@verdaccio/ui-theme': major
+'@verdaccio/proxy': major
+'@verdaccio/search': major
 '@verdaccio/server': major
+'@verdaccio/server-fastify': major
+'@verdaccio/signature': major
 '@verdaccio/cli-standalone': major
 '@verdaccio/store': major
-'@verdaccio/dev-types': major
+'docusaurus-plugin-contributors': major
+'@verdaccio/eslint-config': major
+'@verdaccio/test-helper': major
+'customprefix-auth': major
+'@verdaccio/ui-components': major
 '@verdaccio/utils': major
 'verdaccio': major
 '@verdaccio/web': major
+'@verdaccio/website': major
+'@verdaccio/local-publish': patch
 ---

-Remove Node 12 support
-
- We need move to the new `undici` and does not support Node.js 12
+feat!: bump to v7
--- a/.changeset/bright-poems-obey.md
+++ b/.changeset/bright-poems-obey.md
@@ -1,37 +0,0 @@
---
-'@verdaccio/api': major
-'@verdaccio/fastify-migration': major
-'@verdaccio/tarball': major
-'@verdaccio/local-storage': major
-'verdaccio-memory': major
-'@verdaccio/server': major
-'@verdaccio/store': major
-'@verdaccio/utils': major
---
-
-refactor: download manifest endpoint and integrate fastify
-
-Much simpler API for fetching a package
-
-```
- const manifest = await storage.getPackageNext({
-      name,
-      uplinksLook: true,
-      req,
-      version: queryVersion,
-      requestOptions,
- });
-```
-
-> not perfect, the `req` still is being passed to the proxy (this has to be refactored at proxy package) and then removed from here, in proxy we pass the request instance to the `request` library.
-
-### Details
-
- `async/await` sugar for getPackage()
- Improve and reuse code between current implementation and new fastify endpoint (add scaffolding for request manifest)
- Improve performance
- Add new tests
-
-### Breaking changes
-
-All storage plugins will stop to work since the storage uses `getPackageNext` method which is Promise based, I won't replace this now because will force me to update all plugins, I'll follow up in another PR. Currently will throw http 500
--- a/.changeset/calm-pants-impress.md
+++ b/.changeset/calm-pants-impress.md
@@ -1,5 +0,0 @@
---
-'verdaccio-aws-s3-storage': patch
---
-
-Fix the prefix used to delete from s3 when unpublishing packages
--- a/.changeset/config.json
+++ b/.changeset/config.json
@@ -2,9 +2,17 @@
  "$schema": "https://unpkg.com/@changesets/config@1.3.0/schema.json",
  "changelog": "@changesets/cli/changelog",
  "commit": false,
-  "linked": [],
+  "fixed": [
+    [
+      "verdaccio",
+      "@verdaccio/cli",
+      "@verdaccio/core",
+      "@verdaccio/config",
+      "@verdaccio/node-api",
+      "@verdaccio/ui-theme"
+    ]
+  ],
  "access": "public",
  "baseBranch": "master",
-  "updateInternalDependencies": "patch",
-  "ignore": []
+  "updateInternalDependencies": "patch"
 }
--- a/.changeset/dry-planes-tap.md
+++ b/.changeset/dry-planes-tap.md
@@ -1,59 +0,0 @@
---
-'@verdaccio/api': major
-'@verdaccio/auth': major
-'@verdaccio/cli': major
-'@verdaccio/config': major
-'@verdaccio/commons-api': major
-'@verdaccio/core': major
-'@verdaccio/local-storage': major
-'@verdaccio/fastify-migration': major
-'@verdaccio/streams': major
-'@verdaccio/types': major
-'@verdaccio/hooks': major
-'verdaccio-audit': major
-'verdaccio-aws-s3-storage': major
-'verdaccio-google-cloud': major
-'verdaccio-memory': major
-'@verdaccio/ui-theme': major
-'@verdaccio/proxy': major
-'@verdaccio/server': major
-'@verdaccio/store': major
-'@verdaccio/eslint-config': major
-'@verdaccio/dev-types': major
-'@verdaccio/utils': major
-'verdaccio': major
-'@verdaccio/web': major
---
-
-refactor: search v1 endpoint and local-database
-
- refactor search `api v1` endpoint, improve performance
- remove usage of `async` dependency https://github.com/verdaccio/verdaccio/issues/1225
- refactor method storage class
- create new module `core` to reduce the ammount of modules with utilities
- use `undici` instead `node-fetch`
- use `fastify` instead `express` for functional test
-
-### Breaking changes
-
- plugin storage API changes
- remove old search endpoint (return 404)
- filter local private packages at plugin level
-
-The storage api changes for methods `get`, `add`, `remove` as promise base. The `search` methods also changes and recieves a `query` object that contains all query params from the client.
-
-```ts
-export interface IPluginStorage<T> extends IPlugin {
-  add(name: string): Promise<void>;
-  remove(name: string): Promise<void>;
-  get(): Promise<any>;
-  init(): Promise<void>;
-  getSecret(): Promise<string>;
-  setSecret(secret: string): Promise<any>;
-  getPackageStorage(packageInfo: string): IPackageStorage;
-  search(query: searchUtils.SearchQuery): Promise<searchUtils.SearchItem[]>;
-  saveToken(token: Token): Promise<any>;
-  deleteToken(user: string, tokenKey: string): Promise<any>;
-  readTokens(filter: TokenFilter): Promise<Token[]>;
-}
-```
--- a/.changeset/eleven-brooms-hunt.md
+++ b/.changeset/eleven-brooms-hunt.md
@@ -1,11 +0,0 @@
---
-'@verdaccio/api': minor
-'@verdaccio/core': minor
-'@verdaccio/tarball': minor
-'@verdaccio/middleware': minor
-'verdaccio-audit': minor
-'@verdaccio/utils': minor
-'@verdaccio/web': minor
---
-
-refactor: improve docker image build with strict dependencies and prod build
--- a/.changeset/fair-lemons-beam.md
+++ b/.changeset/fair-lemons-beam.md
@@ -1,6 +0,0 @@
---
-'@verdaccio/logger-prettify': minor
-'@verdaccio/logger': patch
---
-
-hydrate template placeholders in log messages when format is set to 'json'
--- a/.changeset/few-cooks-destroy.md
+++ b/.changeset/few-cooks-destroy.md
@@ -1,46 +0,0 @@
---
-'@verdaccio/api': major
-'@verdaccio/auth': major
-'@verdaccio/cli': major
-'@verdaccio/config': major
-'@verdaccio/commons-api': major
-'@verdaccio/file-locking': major
-'verdaccio-htpasswd': major
-'@verdaccio/local-storage': major
-'@verdaccio/readme': major
-'@verdaccio/streams': major
-'@verdaccio/types': major
-'@verdaccio/hooks': major
-'@verdaccio/loaders': major
-'@verdaccio/logger': major
-'@verdaccio/logger-prettify': major
-'@verdaccio/middleware': major
-'@verdaccio/mock': major
-'@verdaccio/node-api': major
-'@verdaccio/active-directory': major
-'verdaccio-audit': major
-'verdaccio-auth-memory': major
-'verdaccio-aws-s3-storage': major
-'verdaccio-google-cloud': major
-'verdaccio-memory': major
-'@verdaccio/proxy': major
-'@verdaccio/server': major
-'@verdaccio/store': major
-'@verdaccio/dev-types': major
-'@verdaccio/utils': major
-'verdaccio': major
-'@verdaccio/web': major
-'@verdaccio/website': major
---
-
-feat!: experiments config renamed to flags
-
- The `experiments` configuration is renamed to `flags`. The functionality is exactly the same.
-
-```js
-flags: token: false;
-search: false;
-```
-
- The `self_path` property from the config file is being removed in favor of `config_file` full path.
- Refactor `config` module, better types and utilities
--- a/.changeset/few-mangos-grow.md
+++ b/.changeset/few-mangos-grow.md
@@ -1,5 +0,0 @@
---
-'@verdaccio/ui-theme': minor
---
-
-upgrade to react@17 and other dependencies
--- a/.changeset/fifty-jars-rest.md
+++ b/.changeset/fifty-jars-rest.md
@@ -1,6 +0,0 @@
---
-'@verdaccio/middleware': patch
-'@verdaccio/web': patch
---
-
-Remove @ts-ignore and any in packages/web/src/endpoint/package.ts
--- a/.changeset/fuzzy-drinks-taste.md
+++ b/.changeset/fuzzy-drinks-taste.md
@@ -1,5 +0,0 @@
---
-'@verdaccio/ui-theme': minor
---
-
-fix: remove engines from ui-theme
--- a/.changeset/fuzzy-onions-draw.md
+++ b/.changeset/fuzzy-onions-draw.md
@@ -1,10 +0,0 @@
---
-'@verdaccio/api': minor
-'@verdaccio/fastify-migration': minor
-'@verdaccio/hooks': minor
-'@verdaccio/logger-prettify': minor
-'@verdaccio/proxy': minor
-'@verdaccio/store': minor
---
-
-abort search request support for proxy
--- a/.changeset/gentle-parrots-lay.md
+++ b/.changeset/gentle-parrots-lay.md
@@ -1,11 +0,0 @@
---
-'@verdaccio/config': minor
-'@verdaccio/local-storage': minor
-'@verdaccio/e2e-ui': minor
---
-
-Some verdaccio modules depend on 'mkdirp' library which provides recursive directory creation functionality.
-NodeJS can do this out of the box since v.10.12. The last commit in 'mkdirp' was made in early 2016, and it's mid 2021 now.
-Time to stick with a built-in library solution!
-
- All 'mkdirp' calls are replaced with appropriate 'fs' calls.
--- a/.changeset/gentle-trains-switch.md
+++ b/.changeset/gentle-trains-switch.md
@@ -1,44 +0,0 @@
---
-'@verdaccio/api': major
-'@verdaccio/auth': major
-'@verdaccio/cli': major
-'@verdaccio/config': major
-'@verdaccio/commons-api': major
-'@verdaccio/file-locking': major
-'verdaccio-htpasswd': major
-'@verdaccio/local-storage': major
-'@verdaccio/readme': major
-'@verdaccio/streams': major
-'@verdaccio/types': major
-'@verdaccio/hooks': major
-'@verdaccio/loaders': major
-'@verdaccio/logger': major
-'@verdaccio/logger-prettify': major
-'@verdaccio/middleware': major
-'@verdaccio/mock': major
-'@verdaccio/node-api': major
-'@verdaccio/proxy': major
-'@verdaccio/server': major
-'@verdaccio/store': major
-'@verdaccio/dev-types': major
-'@verdaccio/utils': major
-'verdaccio': major
-'@verdaccio/web': major
---
-
- Replace signature handler for legacy tokens by removing deprecated crypto.createDecipher by createCipheriv
- Introduce environment variables for legacy tokens
-
-### Code Improvements
-
- Add debug library for improve developer experience
-
-### Breaking change
-
- The new signature invalidates all previous tokens generated by Verdaccio 4 or previous versions.
- The secret key must have 32 characters long.
-
-### New environment variables
-
- `VERDACCIO_LEGACY_ALGORITHM`: Allows to define the specific algorithm for the token signature which by default is `aes-256-ctr`
- `VERDACCIO_LEGACY_ENCRYPTION_KEY`: By default, the token stores in the database, but using this variable allows to get it from memory
--- a/.changeset/gold-vans-tease.md
+++ b/.changeset/gold-vans-tease.md
@@ -1,5 +0,0 @@
---
-'@verdaccio/utils': patch
---
-
-Fixed the validation of the name when searching for a tarball that have scoped package name
--- a/.changeset/healthy-bikes-behave.md
+++ b/.changeset/healthy-bikes-behave.md
@@ -1,21 +0,0 @@
---
-'@verdaccio/cli': patch
-'@verdaccio/types': patch
-'@verdaccio/node-api': patch
-'@verdaccio/server': patch
---
-
-fix: restore logger on init
-
-Enable logger after parse configuration and log the very first step on startup phase.
-
-```bash
- warn --- experiments are enabled, it is recommended do not use experiments in production comment out this section to disable it
- info --- support for experiment [token]  is disabled
- info --- support for experiment [search]  is disabled
-(node:50831) Warning: config.logs is deprecated, rename configuration to "config.log"
-(Use `node --trace-warnings ...` to show where the warning was created)
- info --- http address http://localhost:4873/
- info --- version: 6.0.0-6-next.11
- info --- server started
-```
--- a/.changeset/healthy-poets-compare.md
+++ b/.changeset/healthy-poets-compare.md
@@ -1,11 +0,0 @@
---
-'@verdaccio/config': patch
---
-
-Feature
-
- add option to set storage from environment variable VERDACCIO_STORAGE_PATH
-
-#### Related tickets
-
-https://github.com/verdaccio/verdaccio/issues/1681
--- a/.changeset/heavy-ravens-lay.md
+++ b/.changeset/heavy-ravens-lay.md
@@ -1,6 +0,0 @@
---
-'@verdaccio/cli': minor
-'@verdaccio/fastify-migration': minor
---
-
-[Fastify] Add ping endpoint
--- a/.changeset/hip-hounds-destroy.md
+++ b/.changeset/hip-hounds-destroy.md
@@ -1,39 +0,0 @@
---
-'@verdaccio/local-storage': patch
-'@verdaccio/ui-theme': patch
-'@verdaccio/server': patch
-'@verdaccio/api': patch
-'@verdaccio/auth': patch
-'@verdaccio/cli': patch
-'@verdaccio/config': patch
-'@verdaccio/commons-api': patch
-'@verdaccio/file-locking': patch
-'verdaccio-htpasswd': patch
-'@verdaccio/readme': patch
-'@verdaccio/streams': patch
-'@verdaccio/types': patch
-'@verdaccio/hooks': patch
-'@verdaccio/loaders': patch
-'@verdaccio/logger': patch
-'@verdaccio/logger-prettify': patch
-'@verdaccio/middleware': patch
-'@verdaccio/mock': patch
-'@verdaccio/node-api': patch
-'@verdaccio/active-directory': patch
-'verdaccio-audit': patch
-'verdaccio-auth-memory': patch
-'verdaccio-aws-s3-storage': patch
-'verdaccio-google-cloud': patch
-'verdaccio-memory': patch
-'@verdaccio/proxy': patch
-'@verdaccio/store': patch
-'@verdaccio/dev-types': patch
-'@verdaccio/utils': patch
-'verdaccio': patch
-'@verdaccio/web': patch
-'@verdaccio/e2e-cli': patch
-'@verdaccio/e2e-ui': patch
-'@verdaccio/website': patch
---
-
-chore: add release step to private regisry on merge changeset pr
--- a/.changeset/kind-bears-nail.md
+++ b/.changeset/kind-bears-nail.md
@@ -1,5 +0,0 @@
---
-'@verdaccio/ui-theme': patch
---
-
-feat: add types and package module icons on sidebar
--- a/.changeset/late-adults-love.md
+++ b/.changeset/late-adults-love.md
@@ -1,20 +0,0 @@
---
-'@verdaccio/api': minor
-'verdaccio-htpasswd': minor
-'@verdaccio/local-storage': minor
---
-
-feat: remove level dependency by lowdb for npm token cli as storage
-
-### new npm token database
-
-There will be a new database located in your storage named `.token-db.json` which
-will store all references to created tokens, **it does not store tokens**, just
-mask of them and related metadata required to reference them.
-
-#### Breaking change
-
-If you were relying on `npm token` experiment. This PR will replace the
-used database (level) by a json plain based one (lowbd) which does not
-require Node.js C++ compilation step and has less dependencies. Since was
-a experiment there is no migration step.
--- a/.changeset/late-parents-act.md
+++ b/.changeset/late-parents-act.md
@@ -1,6 +0,0 @@
---
-'@verdaccio/hooks': patch
-'@verdaccio/proxy': patch
---
-
-refactor: migrate request to node-fetch at hooks package
--- a/.changeset/light-walls-begin.md
+++ b/.changeset/light-walls-begin.md
@@ -1,7 +0,0 @@
---
-'@verdaccio/ui-theme': minor
-'@verdaccio/server': minor
-'@verdaccio/web': minor
---
-
-feat: align with v5 ui endpoints and ui small bugfix
--- a/.changeset/little-stingrays-rule.md
+++ b/.changeset/little-stingrays-rule.md
@@ -1,5 +0,0 @@
---
-'verdaccio-audit': patch
---
-
-fix: several issues which caused the audit to fail (#2335)
--- a/.changeset/loud-shoes-jog.md
+++ b/.changeset/loud-shoes-jog.md
@@ -1,5 +0,0 @@
---
-'@verdaccio/ui-theme': patch
---
-
-chore: force publish
--- a/.changeset/many-vans-care.md
+++ b/.changeset/many-vans-care.md
@@ -1,16 +0,0 @@
---
-'@verdaccio/tarball': patch
-'@verdaccio/mock': patch
-'@verdaccio/ui-theme': patch
-'@verdaccio/server': patch
-'@verdaccio/utils': patch
-'verdaccio': patch
---
-
-Bug Fixes
-
- fix escaped slash in namespaced packages
-
-#### Related tickets
-
-https://github.com/verdaccio/verdaccio/pull/2193
--- a/.changeset/modern-spies-tell.md
+++ b/.changeset/modern-spies-tell.md
@@ -1,6 +0,0 @@
---
-'@verdaccio/ui-theme': minor
-'verdaccio': minor
---
-
-feat: ui theme plugin part of the application
--- a/.changeset/neat-toes-report.md
+++ b/.changeset/neat-toes-report.md
@@ -1,51 +0,0 @@
---
-'@verdaccio/api': minor
-'@verdaccio/auth': minor
-'@verdaccio/cli': minor
-'@verdaccio/config': minor
-'@verdaccio/commons-api': minor
-'@verdaccio/file-locking': minor
-'verdaccio-htpasswd': minor
-'@verdaccio/local-storage': minor
-'@verdaccio/readme': minor
-'@verdaccio/streams': minor
-'@verdaccio/types': minor
-'@verdaccio/hooks': minor
-'@verdaccio/loaders': minor
-'@verdaccio/logger': minor
-'@verdaccio/logger-prettify': minor
-'@verdaccio/middleware': minor
-'@verdaccio/mock': minor
-'@verdaccio/node-api': minor
-'@verdaccio/active-directory': minor
-'verdaccio-audit': minor
-'verdaccio-auth-memory': minor
-'verdaccio-aws-s3-storage': minor
-'verdaccio-google-cloud': minor
-'verdaccio-memory': minor
-'@verdaccio/ui-theme': minor
-'@verdaccio/proxy': minor
-'@verdaccio/server': minor
-'@verdaccio/store': minor
-'@verdaccio/dev-types': minor
-'@verdaccio/utils': minor
-'verdaccio': minor
-'@verdaccio/web': minor
---
-
-feat: add server rate limit protection to all request
-
-To modify custom values, use the server settings property.
-
-```markdown
-server:
-
-## https://www.npmjs.com/package/express-rate-limit#configuration-options
-
-rateLimit:
-windowMs: 1000
-max: 10000
-```
-
-The values are intended to be high, if you want to improve security of your server consider
-using different values.
--- a/.changeset/neat-toys-float.md
+++ b/.changeset/neat-toys-float.md
@@ -1,5 +0,0 @@
---
-'@verdaccio/ui-theme': patch
---
-
-fix: replace ts icon by td and fix commonjs icon
--- a/.changeset/olive-candles-speak.md
+++ b/.changeset/olive-candles-speak.md
@@ -1,5 +0,0 @@
---
-'@verdaccio/ui-theme': minor
---
-
-feat: integrate rematch for ui state storage
--- a/.changeset/perfect-candles-clap.md
+++ b/.changeset/perfect-candles-clap.md
@@ -1,35 +0,0 @@
---
-'@verdaccio/api': minor
-'@verdaccio/auth': minor
-'@verdaccio/cli': minor
-'@verdaccio/config': minor
-'@verdaccio/core': minor
-'verdaccio-htpasswd': minor
-'@verdaccio/local-storage': minor
-'@verdaccio/fastify-migration': minor
-'@verdaccio/tarball': minor
-'@verdaccio/types': minor
-'@verdaccio/url': minor
-'@verdaccio/hooks': minor
-'@verdaccio/loaders': minor
-'@verdaccio/logger': minor
-'@verdaccio/middleware': minor
-'@verdaccio/mock': minor
-'@verdaccio/node-api': minor
-'@verdaccio/active-directory': minor
-'verdaccio-auth-memory': minor
-'verdaccio-aws-s3-storage': minor
-'verdaccio-google-cloud': minor
-'verdaccio-memory': minor
-'@verdaccio/ui-theme': minor
-'@verdaccio/proxy': minor
-'@verdaccio/server': minor
-'@verdaccio/cli-standalone': minor
-'@verdaccio/store': minor
-'@verdaccio/utils': minor
-'verdaccio': minor
-'@verdaccio/web': minor
-'@verdaccio/e2e-ui': minor
---
-
-refactor: remove @verdaccio/commons-api in favor @verdaccio/core and remove duplications
--- a/.changeset/perfect-emus-clean.md
+++ b/.changeset/perfect-emus-clean.md
@@ -1,5 +0,0 @@
---
-'@verdaccio/cli': major
---
-
-feat: node 14 as minimum for running cli
--- a/.changeset/perfect-kangaroos-agree.md
+++ b/.changeset/perfect-kangaroos-agree.md
@@ -1,5 +0,0 @@
---
-'@verdaccio/cli': major
---
-
-feat: use clipanion over commander
--- a/.changeset/plenty-news-remember.md
+++ b/.changeset/plenty-news-remember.md
@@ -1,30 +0,0 @@
---
-'@verdaccio/auth': major
-'verdaccio-htpasswd': major
-'verdaccio-audit': major
-'@verdaccio/server': major
-'@verdaccio/cli-standalone': major
---
-
-feat: standalone registry with no dependencies
-
-## Usage
-
-To install a server with no dependencies
-
-```bash
-npm install -g @verdaccio/standalone
-```
-
-with no internet required
-
-```bash
-npm install -g ./tarball.tar.gz
-```
-
-Bundles htpasswd and audit plugins.
-
-### Breaking Change
-
-It does not allow anymore the `auth` and `middleware` property at config file empty,
-it will fallback to those plugins by default.
--- a/.changeset/plenty-spiders-melt.md
+++ b/.changeset/plenty-spiders-melt.md
@@ -1,36 +0,0 @@
---
-'@verdaccio/api': minor
-'@verdaccio/auth': minor
-'@verdaccio/cli': minor
-'@verdaccio/config': minor
-'@verdaccio/commons-api': minor
-'@verdaccio/file-locking': minor
-'verdaccio-htpasswd': minor
-'@verdaccio/local-storage': minor
-'@verdaccio/readme': minor
-'@verdaccio/streams': minor
-'@verdaccio/types': minor
-'@verdaccio/hooks': minor
-'@verdaccio/loaders': minor
-'@verdaccio/logger': minor
-'@verdaccio/logger-prettify': minor
-'@verdaccio/middleware': minor
-'@verdaccio/mock': minor
-'@verdaccio/node-api': minor
-'@verdaccio/proxy': minor
-'@verdaccio/server': minor
-'@verdaccio/store': minor
-'@verdaccio/dev-types': minor
-'@verdaccio/utils': minor
-'verdaccio': minor
-'@verdaccio/web': minor
-'@verdaccio/website': minor
---
-
-feat: add typescript project references settings
-
-Reading https://ebaytech.berlin/optimizing-multi-package-apps-with-typescript-project-references-d5c57a3b4440 I realized I can use project references to solve the issue to pre-compile modules on develop mode.
-
-It allows to navigate (IDE) trough the packages without need compile the packages.
-
-Add two `tsconfig`, one using the previous existing configuration that is able to produce declaration files (`tsconfig.build`) and a new one `tsconfig` which is enables [_projects references_](https://www.typescriptlang.org/docs/handbook/project-references.html).
--- a/.changeset/plenty-tables-refuse.md
+++ b/.changeset/plenty-tables-refuse.md
@@ -1,6 +0,0 @@
---
-'@verdaccio/cli': minor
-'@verdaccio/node-api': minor
---
-
-feat: improve cli loggin on start up
--- a/.changeset/pre.json
+++ b/.changeset/pre.json
@@ -1,109 +1,61 @@
 {
  "mode": "pre",
-  "tag": "6-next",
+  "tag": "next",
  "initialVersions": {
-    "@verdaccio/api": "6.0.0-alpha.0",
-    "@verdaccio/auth": "6.0.0-alpha.0",
-    "@verdaccio/cli": "6.0.0-alpha.0",
-    "@verdaccio/config": "6.0.0-alpha.0",
-    "@verdaccio/file-locking": "11.0.0-alpha.0",
-    "verdaccio-htpasswd": "11.0.0-alpha.0",
-    "@verdaccio/local-storage": "11.0.0-alpha.0",
-    "@verdaccio/readme": "11.0.0-alpha.0",
-    "@verdaccio/streams": "11.0.0-alpha.0",
-    "@verdaccio/types": "11.0.0-alpha.0",
-    "@verdaccio/hooks": "6.0.0-alpha.0",
-    "@verdaccio/loaders": "6.0.0-alpha.0",
-    "@verdaccio/logger": "6.0.0-alpha.0",
-    "@verdaccio/logger-prettify": "6.0.0-alpha.0",
-    "@verdaccio/middleware": "6.0.0-alpha.0",
-    "@verdaccio/mock": "6.0.0-alpha.0",
-    "@verdaccio/node-api": "6.0.0-alpha.0",
-    "@verdaccio/proxy": "6.0.0-alpha.0",
-    "@verdaccio/server": "6.0.0-alpha.0",
-    "@verdaccio/store": "6.0.0-alpha.0",
-    "@verdaccio/dev-types": "6.0.0-alpha.0",
-    "@verdaccio/utils": "6.0.0-alpha.0",
-    "verdaccio": "6.0.0-alpha.0",
-    "@verdaccio/web": "6.0.0-alpha.0",
-    "@verdaccio/active-directory": "11.0.0-alpha.0",
-    "verdaccio-audit": "11.0.0-alpha.0",
-    "verdaccio-auth-memory": "11.0.0-alpha.0",
-    "verdaccio-aws-s3-storage": "11.0.0-alpha.0",
-    "verdaccio-google-cloud": "11.0.0-alpha.0",
-    "verdaccio-memory": "11.0.0-alpha.0",
-    "@verdaccio/ui-theme": "6.0.0-alpha.1",
-    "@verdaccio/e2e-cli": "1.0.0",
-    "@verdaccio/e2e-ui": "1.0.0",
-    "@verdaccio/cli-standalone": "6.0.0-alpha.3",
-    "@verdaccio/tarball": "11.0.0-alpha.3",
-    "@verdaccio/url": "11.0.0-alpha.3",
-    "@verdaccio/fastify-migration": "6.0.0-6-next.9",
-    "@verdaccio/eslint-config": "1.0.0",
-    "@verdaccio/benchmark": "1.0.0",
-    "@verdaccio/core": "6.0.0-next.0",
-    "@verdaccio/helper": "1.0.0",
-    "docusaurus-plugin-contributors": "1.0.0",
-    "@verdaccio/website": "5.4.0"
+    "@verdaccio/test-cli-commons": "1.1.0",
+    "@verdaccio/e2e-cli-npm6": "1.0.1",
+    "@verdaccio/e2e-cli-npm7": "1.0.1",
+    "@verdaccio/e2e-cli-npm8": "1.0.1",
+    "@verdaccio/e2e-cli-npm9": "1.0.1",
+    "@verdaccio/e2e-cli-pnpm6": "1.0.1",
+    "@verdaccio/e2e-cli-pnpm7": "1.0.1",
+    "@verdaccio/e2e-cli-pnpm8": "1.0.1",
+    "@verdaccio/e2e-cli-yarn1": "1.0.1",
+    "@verdaccio/e2e-cli-yarn2": "1.0.1",
+    "@verdaccio/e2e-cli-yarn3": "1.0.1",
+    "@verdaccio/e2e-cli-yarn4": "1.0.1",
+    "@verdaccio/e2e-ui": "2.0.0",
+    "@verdaccio/api": "6.0.0",
+    "@verdaccio/auth": "6.0.0",
+    "@verdaccio/cli": "6.0.0",
+    "@verdaccio/config": "6.0.0",
+    "@verdaccio/core": "6.0.0",
+    "@verdaccio/file-locking": "11.0.0",
+    "@verdaccio/tarball": "11.0.0",
+    "@verdaccio/types": "11.0.0",
+    "@verdaccio/url": "11.0.0",
+    "@verdaccio/hooks": "6.0.0",
+    "@verdaccio/loaders": "6.0.0",
+    "@verdaccio/logger": "6.0.0",
+    "@verdaccio/logger-7": "6.0.0",
+    "@verdaccio/logger-commons": "6.0.0",
+    "@verdaccio/logger-prettify": "6.0.0",
+    "@verdaccio/middleware": "6.0.0",
+    "@verdaccio/node-api": "6.0.0",
+    "verdaccio-audit": "11.0.0",
+    "verdaccio-auth-memory": "11.0.0",
+    "verdaccio-htpasswd": "11.0.0",
+    "@verdaccio/local-storage": "11.0.0",
+    "verdaccio-memory": "11.0.0",
+    "@verdaccio/ui-theme": "6.0.0",
+    "@verdaccio/proxy": "6.0.0",
+    "@verdaccio/search": "6.0.0",
+    "@verdaccio/server": "6.0.0",
+    "@verdaccio/server-fastify": "6.0.0",
+    "@verdaccio/signature": "6.0.0",
+    "@verdaccio/cli-standalone": "6.0.0",
+    "@verdaccio/store": "6.0.0",
+    "docusaurus-plugin-contributors": "1.0.1",
+    "@verdaccio/eslint-config": "2.0.0",
+    "@verdaccio/test-helper": "2.0.0",
+    "@verdaccio/crowdin-translations": "1.0.0",
+    "customprefix-auth": "1.0.0",
+    "@verdaccio/ui-components": "2.0.0",
+    "@verdaccio/utils": "6.0.0",
+    "verdaccio": "6.0.0",
+    "@verdaccio/web": "6.0.0",
+    "@verdaccio/website": "5.20.2",
+    "@verdaccio/local-publish": "0.0.1"
  },
-  "changesets": [
-    "afraid-mice-obey",
-    "big-lobsters-sin",
-    "bright-poems-obey",
-    "calm-pants-impress",
-    "dry-planes-tap",
-    "eleven-brooms-hunt",
-    "eleven-spoons-matter",
-    "fair-lemons-beam",
-    "few-cooks-destroy",
-    "few-mangos-grow",
-    "fifty-jars-rest",
-    "fuzzy-drinks-taste",
-    "fuzzy-onions-draw",
-    "gentle-parrots-lay",
-    "gentle-trains-switch",
-    "gold-vans-tease",
-    "healthy-bikes-behave",
-    "healthy-poets-compare",
-    "heavy-ravens-lay",
-    "hip-hounds-destroy",
-    "kind-bears-nail",
-    "late-adults-love",
-    "late-parents-act",
-    "light-walls-begin",
-    "little-stingrays-rule",
-    "loud-shoes-jog",
-    "many-vans-care",
-    "modern-spies-tell",
-    "neat-toes-report",
-    "neat-toys-float",
-    "olive-candles-speak",
-    "perfect-candles-clap",
-    "perfect-emus-clean",
-    "perfect-kangaroos-agree",
-    "plenty-news-remember",
-    "plenty-spiders-melt",
-    "plenty-tables-refuse",
-    "pretty-hounds-tap",
-    "proud-jeans-walk",
-    "red-chefs-float",
-    "red-yaks-sell",
-    "rich-ghosts-rule",
-    "shaggy-carrots-unite",
-    "shaggy-parrots-smash",
-    "shiny-chefs-heal",
-    "smart-apricots-kneel",
-    "sour-buses-shout",
-    "spicy-frogs-press",
-    "spicy-snakes-sip",
-    "swift-pumpkins-knock",
-    "ten-parents-breathe",
-    "tender-bags-call",
-    "thick-countries-move",
-    "three-moles-drop",
-    "three-pots-sit",
-    "tiny-seals-join",
-    "two-dolls-check",
-    "wild-jokes-beam"
-  ]
+  "changesets": ["breezy-mayflies-pull"]
 }
--- a/.changeset/pretty-hounds-tap.md
+++ b/.changeset/pretty-hounds-tap.md
@@ -1,28 +0,0 @@
---
-'@verdaccio/api': patch
-'@verdaccio/auth': patch
-'@verdaccio/cli': patch
-'@verdaccio/config': patch
-'@verdaccio/commons-api': patch
-'@verdaccio/file-locking': patch
-'verdaccio-htpasswd': patch
-'@verdaccio/local-storage': patch
-'@verdaccio/readme': patch
-'@verdaccio/streams': patch
-'@verdaccio/types': patch
-'@verdaccio/hooks': patch
-'@verdaccio/loaders': patch
-'@verdaccio/logger': patch
-'@verdaccio/logger-prettify': patch
-'@verdaccio/middleware': patch
-'@verdaccio/node-api': patch
-'@verdaccio/proxy': patch
-'@verdaccio/server': patch
-'@verdaccio/store': patch
-'@verdaccio/dev-types': patch
-'@verdaccio/utils': patch
-'verdaccio': patch
-'@verdaccio/web': patch
---
-
-Enable prerelease mode with **changesets**
--- a/.changeset/proud-jeans-walk.md
+++ b/.changeset/proud-jeans-walk.md
@@ -1,10 +0,0 @@
---
-'verdaccio-htpasswd': patch
-'@verdaccio/local-storage': patch
-'@verdaccio/fastify-migration': patch
-'@verdaccio/hooks': patch
-'@verdaccio/mock': patch
-'@verdaccio/node-api': patch
---
-
-Added core-js missing from dependencies though referenced in .js sources
--- a/.changeset/red-chefs-float.md
+++ b/.changeset/red-chefs-float.md
@@ -1,11 +0,0 @@
---
-'@verdaccio/store': patch
-'@verdaccio/web': patch
---
-
-Fix the search by exact name of the package
-
-Full package name queries was not finding anithing. It was happening
-becouse of stemmer of [lunr.js](https://lunrjs.com/).
-
-To fix this, the stemmer of [lunr.js](https://lunrjs.com/) was removed from search pipeline.
--- a/.changeset/red-yaks-sell.md
+++ b/.changeset/red-yaks-sell.md
@@ -1,5 +0,0 @@
---
-'@verdaccio/logger': patch
---
-
-Fix re-opening log files using SIGUSR2
--- a/.changeset/rich-ghosts-rule.md
+++ b/.changeset/rich-ghosts-rule.md
@@ -1,10 +0,0 @@
---
-'@verdaccio/types': major
-'@verdaccio/ui-theme': major
-'@verdaccio/dev-types': major
-'@verdaccio/web': major
-'@verdaccio/e2e-ui': major
-'@verdaccio/website': major
---
-
-feat: upgrade to material ui 5
--- a/.changeset/shaggy-carrots-unite.md
+++ b/.changeset/shaggy-carrots-unite.md
@@ -1,5 +0,0 @@
---
-'@verdaccio/logger': patch
---
-
-do not show deprecation warning on default logger config
--- a/.changeset/shaggy-parrots-smash.md
+++ b/.changeset/shaggy-parrots-smash.md
@@ -1,8 +0,0 @@
---
-'@verdaccio/cli': minor
-'@verdaccio/core': minor
-'@verdaccio/logger': minor
-'@verdaccio/node-api': minor
---
-
-feat: use warning codes for deprecation warnings
--- a/.changeset/shiny-chefs-heal.md
+++ b/.changeset/shiny-chefs-heal.md
@@ -1,5 +0,0 @@
---
-'@verdaccio/api': patch
---
-
-testing changesets
--- a/.changeset/smart-apricots-kneel.md
+++ b/.changeset/smart-apricots-kneel.md
@@ -1,79 +0,0 @@
---
-'@verdaccio/ui-theme': major
-'@verdaccio/cli-standalone': major
-'@verdaccio/web': major
---
-
-feat: flexible user interface generator
-
-**breaking change**
-
-The UI does not provide a pre-generated `index.html`, instead the server generates
-the body of the web application based in few parameters:
-
- Webpack manifest
- User configuration details
-
-It allows inject html tags, javascript and new CSS to make the page even more flexible.
-
-### Web new properties for dynamic template
-
-The new set of properties are made in order allow inject _html_ and _JavaScript_ scripts within the template. This
-might be useful for scenarios like Google Analytics scripts or custom html in any part of the body.
-
- metaScripts: html injected before close the `head` element.
- scriptsBodyAfter: html injected before close the `body` element.
- bodyAfter: html injected after _verdaccio_ JS scripts.
-
-```yaml
-web:
-  scriptsBodyAfter:
-    - '<script type="text/javascript" src="https://my.company.com/customJS.min.js"></script>'
-  metaScripts:
-    - '<script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>'
-    - '<script type="text/javascript" src="https://browser.sentry-cdn.com/5.15.5/bundle.min.js"></script>'
-    - '<meta name="robots" content="noindex" />'
-  bodyBefore:
-    - '<div id="myId">html before webpack scripts</div>'
-  bodyAfter:
-    - '<div id="myId">html after webpack scripts</div>'
-```
-
-### UI plugin changes
-
- `index.html` is not longer used, template is generated based on `manifest.json` generated by webpack.
- Plugin must export:
-  - the manifest file.
-  - the manifest files: matcher (array of id that generates required scripts to run the ui)
-  - static path: The absolute path where the files are located in `node_modules`
-
-```
-exports.staticPath = path.join(__dirname, 'static');
-exports.manifest = require('./static/manifest.json');
-exports.manifestFiles = {
-  js: ['runtime.js', 'vendors.js', 'main.js'],
-  css: [],
-  ico: 'favicon.ico',
-};
-```
-
- Remove font files
- CSS is inline on JS (this will help with #2046)
-
-### Docker v5 Examples
-
- Move all current examples to v4 folder
- Remove any v3 example
- Create v5 folder with Nginx Example
-
-#### Related tickets
-
-https://github.com/verdaccio/verdaccio/issues/1523
-https://github.com/verdaccio/verdaccio/issues/1297
-https://github.com/verdaccio/verdaccio/issues/1593
-https://github.com/verdaccio/verdaccio/discussions/1539
-https://github.com/verdaccio/website/issues/264
-https://github.com/verdaccio/verdaccio/issues/1565
-https://github.com/verdaccio/verdaccio/issues/1251
-https://github.com/verdaccio/verdaccio/issues/2029
-https://github.com/verdaccio/docker-examples/issues/29
--- a/.changeset/sour-buses-shout.md
+++ b/.changeset/sour-buses-shout.md
@@ -1,11 +0,0 @@
---
-'@verdaccio/fastify-migration': minor
-'@verdaccio/store': minor
-'@verdaccio/utils': minor
-'@verdaccio/web': minor
-'@verdaccio/website': minor
---
-
-feat: migrate web sidebar endpoint to fastify
-
-reuse utils methods between packages
--- a/.changeset/spicy-frogs-press.md
+++ b/.changeset/spicy-frogs-press.md
@@ -1,32 +0,0 @@
---
-'verdaccio-htpasswd': major
---
-
-feat: allow other password hashing algorithms (#1917)
-
-**breaking change**
-
-The current implementation of the `htpasswd` module supports multiple hash formats on verify, but only `crypt` on sign in.
-`crypt` is an insecure old format, so to improve the security of the new `verdaccio` release we introduce the support of multiple hash algorithms on sign in step.
-
-### New hashing algorithms
-
-The new possible hash algorithms to use are `bcrypt`, `md5`, `sha1`. `bcrypt` is chosen as a default, because of its customizable complexity and overall reliability. You can read more about them [here](https://httpd.apache.org/docs/2.4/misc/password_encryptions.html).
-
-Two new properties are added to `auth` section in the configuration file:
-
- `algorithm` to choose the way you want to hash passwords.
- `rounds` is used to determine `bcrypt` complexity. So one can improve security according to increasing computational power.
-
-Example of the new `auth` config file section:
-
-```yaml
-auth:
-htpasswd:
-  file: ./htpasswd
-  max_users: 1000
-  # Hash algorithm, possible options are: "bcrypt", "md5", "sha1", "crypt".
-  algorithm: bcrypt
-  # Rounds number for "bcrypt", will be ignored for other algorithms.
-  rounds: 10
-```
--- a/.changeset/spicy-snakes-sip.md
+++ b/.changeset/spicy-snakes-sip.md
@@ -1,5 +0,0 @@
---
-'@verdaccio/ui-theme': patch
---
-
-fix: specific version package detail page not showing
--- a/.changeset/swift-pumpkins-knock.md
+++ b/.changeset/swift-pumpkins-knock.md
@@ -1,6 +0,0 @@
---
-'@verdaccio/auth': patch
-'verdaccio-htpasswd': patch
---
-
-Refactor htpasswd plugin to use the bcryptjs 'compare' api call instead of 'comparSync'. Add a new configuration value named 'slow_verify_ms' to the htpasswd plugin that when exceeded during password verification will log a warning message.
--- a/.changeset/ten-parents-breathe.md
+++ b/.changeset/ten-parents-breathe.md
@@ -1,7 +0,0 @@
---
-'@verdaccio/auth': minor
-'@verdaccio/fastify-migration': minor
-'@verdaccio/web': minor
---
-
-dist tags Implementation on Fastify
--- a/.changeset/tender-bags-call.md
+++ b/.changeset/tender-bags-call.md
@@ -1,9 +0,0 @@
---
-'@verdaccio/logger': major
---
-
-logging prettifier only in development mode
-
- Verdaccio prettify `@verdaccio/logger-prettify` the logging which looks beautiful. But there are scenarios which does not make sense in production. This feature enables disable by default the prettifies if production `NODE_ENV` is enabled.
- Updates pino.js to `^6.7.0`.
- Suppress the warning when prettifier is enabled `suppressFlushSyncWarning`
--- a/.changeset/thick-countries-move.md
+++ b/.changeset/thick-countries-move.md
@@ -1,6 +0,0 @@
---
-'@verdaccio/logger': major
-'@verdaccio/logger-prettify': major
---
-
-feat: upgrade to pino v7
--- a/.changeset/three-moles-drop.md
+++ b/.changeset/three-moles-drop.md
@@ -1,7 +0,0 @@
---
-'@verdaccio/api': minor
-'@verdaccio/store': minor
-'@verdaccio/utils': minor
---
-
-refactor: improve versions and dist-tag filters
--- a/.changeset/three-pots-sit.md
+++ b/.changeset/three-pots-sit.md
@@ -1,33 +0,0 @@
---
-'@verdaccio/api': patch
-'@verdaccio/auth': patch
-'@verdaccio/cli': patch
-'@verdaccio/config': patch
-'@verdaccio/commons-api': patch
-'@verdaccio/file-locking': patch
-'verdaccio-htpasswd': patch
-'@verdaccio/local-storage': patch
-'@verdaccio/readme': patch
-'@verdaccio/types': patch
-'@verdaccio/hooks': patch
-'@verdaccio/loaders': patch
-'@verdaccio/logger': patch
-'@verdaccio/logger-prettify': patch
-'@verdaccio/middleware': patch
-'@verdaccio/mock': patch
-'@verdaccio/node-api': patch
-'@verdaccio/proxy': patch
-'@verdaccio/server': patch
-'@verdaccio/store': patch
-'@verdaccio/dev-types': patch
-'@verdaccio/utils': patch
-'verdaccio': patch
---
-
-ESLint Warnings Fixed
-
-Related to issue #1461
-
- max-len: most of the sensible max-len errors are fixed
- no-unused-vars: most of these types of errors are fixed by deleting not needed declarations
- @typescript-eslint/no-unused-vars: same as above
--- a/.changeset/tiny-seals-join.md
+++ b/.changeset/tiny-seals-join.md
@@ -1,5 +0,0 @@
---
-'@verdaccio/ui-theme': minor
---
-
-feat: improve registry info dialog and language switch
--- a/.changeset/two-dolls-check.md
+++ b/.changeset/two-dolls-check.md
@@ -1,28 +0,0 @@
---
-'@verdaccio/cli': major
-'@verdaccio/config': major
-'@verdaccio/types': major
-'@verdaccio/logger': major
-'@verdaccio/node-api': major
-'verdaccio-google-cloud': major
-'verdaccio': major
---
-
-feat: node api new structure based on promise
-
-```js
-import { runServer } from '@verdaccio/node-api';
-// or
-import { runServer } from 'verdaccio';
-
-const app = await runServer(); // default configuration
-const app = await runServer('./config/config.yaml');
-const app = await runServer({ configuration });
-app.listen(4000, (event) => {
-  // do something
-});
-```
-
-### Breaking Change
-
-If you are using the node-api, the new structure is Promise based and less arguments.
--- a/.changeset/wild-jokes-beam.md
+++ b/.changeset/wild-jokes-beam.md
@@ -1,32 +0,0 @@
---
-'@verdaccio/types': minor
-'@verdaccio/ui-theme': minor
-'@verdaccio/web': minor
---
-
-web: allow ui hide package managers on sidebar
-
-If there is a package manager of preference over others, you can define the package managers to be displayed on the detail page and sidebar, just define in the `config.yaml` and web section the list of package managers to be displayed.
-
-```
-web:
-  title: Verdaccio
-  sort_packages: asc
-  primary_color: #cccccc
-  pkgManagers:
-    - pnpm
-    - yarn
-    # - npm
-```
-
-To disable all package managers, just define empty:
-
-```
-web:
-  title: Verdaccio
-  sort_packages: asc
-  primary_color: #cccccc
-  pkgManagers:
-```
-
-and the section would be hidden.
--- a/.eslintignore
+++ b/.eslintignore
@@ -11,3 +11,10 @@ wiki/
 dist/
 docs/
 test/functional/store/*
+docker-examples/**/lib/**/*.js
+test/cli/e2e-yarn4/bin/yarn-4.0.0-rc.14.cjs
+yarn.js
+# storybook
+packages/ui-components/storybook-static
+dist.js
+bundle.js
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -8,7 +8,4 @@ contact_links:
    about: I want to report a security vulnerability
  - name: Chat 🏘
    url: https://discord.gg/7qWJxBf
-    about: For a quick question you should do it through our community chat
-  - name: User Interface Report 👩🏼‍🎨👨🏼‍🎨
-    url: https://github.com/verdaccio/ui/issues/new/choose
-    about: Any report related with the User Interface should be posted in another repository
+    about: Quick question? Try out Discord chat, you can get faster feedback
--- a/.github/disabled/docker-plugins-e2e.yml
+++ b/.github/disabled/docker-plugins-e2e.yml
@@ -0,0 +1,39 @@
+name: E2E Docker Proxy Plugins Test
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - 'master'
+  schedule:
+    # run every sunday
+    - cron: '0 0 * * 0'
+jobs:
+  docker:
+    timeout-minutes: 10
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3
+      
+    - name: Start containers
+      run: docker-compose -f "./e2e/docker/docker-build-install-plugin/docker-compose.yaml" up -d --build
+
+    - name: Install node
+      uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3
+      with:
+        node-version: 18
+
+    - name: verdaccio cli
+      run: npm install -g verdaccio --registry=http://localhost:4873
+    - name: gastby cli 
+      run:  npm install -g gatsby-cli --registry http://localhost:4873
+    - name: netlify cli 
+      run:  npm install -g netlify-cli --registry http://localhost:4873
+    - name: angular cli 
+      run:  npm install -g @angular/cli --registry http://localhost:4873
+
+    - name: Stop containers
+      if: always()
+      run: docker-compose -f "./e2e/docker/docker-build-install-plugin/docker-compose.yaml" down
--- a/.github/workflows/benchmark.yml
+++ b/.github/workflows/benchmark.yml
@@ -1,171 +0,0 @@
---
-name: ci - benchmark
-
-on:
-  workflow_dispatch:
-  schedule:
-    # 3 times day
-    # collecting enough data to draw some graphics
-    - cron: '0 1 * * *'
-  # push:
-  #   branches:
-  #     - master
-jobs:
-  prepare: 
-    name: Prepare build
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 14.x
-      - name: install pnpm
-        run: sudo npm i pnpm@6.24.1 -g
-      - name: set store
-        run: | 
-          mkdir ~/.pnpm-store
-          pnpm config set store-dir ~/.pnpm-store     
-      - name: setup pnpm config registry
-        run: pnpm config set registry https://registry.verdaccio.org
-      - name: install dependencies
-        run: pnpm install
-      - name: Cache .pnpm-store
-        uses: actions/cache@v2
-        with:
-          path: ~/.pnpm-store
-          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
-          restore-keys: |
-            pnpm-              
-      - name: build
-        run: pnpm build
-      - name: tar packages
-        run: |      
-          tar -czvf ${{ github.workspace }}/pkg.tar.gz -C ${{ github.workspace }}/packages .
-      - uses: actions/upload-artifact@v2
-        with:
-          name: verdaccio-artifact
-          path: pkg.tar.gz
-  benchmark-autocannon:
-    needs: prepare
-    strategy:
-      fail-fast: false
-      matrix:
-        benchmark:
-          - info
-          - tarball
-        verdaccioVersion:
-          # - local
-          - 3.13.1
-          - 4.12.2
-          - 5.5.2
-          - 6.0.0-6-next.31
-    name: Benchmark autocannon
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 14.x
-      - uses: actions/download-artifact@v2
-        with:
-          name: verdaccio-artifact
-      - name: untar packages
-        run: tar -xzvf pkg.tar.gz -C ${{ github.workspace }}/packages          
-      - name: install pnpm
-        # require fixed version
-        run: sudo npm i pnpm@6.24.1 -g
-      - uses: actions/cache@v2
-        with:
-          path: ~/.pnpm-store
-          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}   
-      - name: install dependencies
-        run: pnpm install    
-      - name: start registry
-        run: ./scripts/benchmark-prepare.sh ${{matrix.verdaccioVersion}}        
-      - name: benchmark        
-        run: pnpm benchmark:api -- -v ${{matrix.verdaccioVersion}} -f ${{matrix.benchmark}}       
-        shell: bash
-        env:
-          DEBUG: metrics*
-      - uses: actions/upload-artifact@v2
-        with:
-          name: verdaccio-metrics-api
-          path: ./api-results-${{matrix.verdaccioVersion}}-${{matrix.benchmark}}.json  
-          if-no-files-found: error
-          retention-days: 10 
-      - name: submit metrics
-        run: pnpm benchmark:submit
-        env:
-          DEBUG: metrics
-          METRICS_SOURCE: autocannon
-          METRICS_URL: ${{ secrets.METRICS_URL }}
-          METRICS_TOKEN: ${{ secrets.METRICS_TOKEN }}
-          METRICS_BENCHMARK: ${{matrix.benchmark}}
-          METRICS_VERSION: ${{matrix.verdaccioVersion}}
-          METRICS_COMMIT_HASH: ${{ github.sha }}
-          METRICS_FILE_NAME: 'api-results'   
-  benchmark:
-    needs: prepare
-    strategy:
-      fail-fast: false
-      matrix:
-        benchmark:
-          - info
-          - tarball
-        verdaccioVersion:
-          # future 6.x (wip)
-          # - local (master branch)
-          # old versions to compare same test along previous releases
-          - 3.13.1
-          - 4.12.2
-          - 5.5.2
-          - 6.0.0-6-next.31
-    name: Benchmark hyperfine
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 14.x
-      - uses: actions/download-artifact@v2
-        with:
-          name: verdaccio-artifact
-      - name: untar packages
-        run: tar -xzvf pkg.tar.gz -C ${{ github.workspace }}/packages          
-      - name: install pnpm
-        # require fixed version
-        run: sudo npm i pnpm@6.24.1 -g
-      - uses: actions/cache@v2
-        with:
-          path: ~/.pnpm-store
-          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}   
-      - name: install dependencies
-        run: pnpm install
-      - name: install hyperfine
-        run: |
-          wget https://github.com/sharkdp/hyperfine/releases/download/v1.11.0/hyperfine_1.11.0_amd64.deb
-          sudo dpkg -i hyperfine_1.11.0_amd64.deb
-      - name: start registry
-        run: ./scripts/benchmark-prepare.sh ${{matrix.verdaccioVersion}}
-      - name: benchmark        
-        run: ./scripts/benchmark-run.sh ${{matrix.benchmark}}
-        # https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#using-a-specific-shell
-        shell: bash
-      - name: rename
-        run: mv ./hyper-results.json ./hyper-results-${{matrix.verdaccioVersion}}-${{matrix.benchmark}}.json
-      - uses: actions/upload-artifact@v2
-        with:
-          name: verdaccio-metrics
-          path: ./hyper-results-${{matrix.verdaccioVersion}}-${{matrix.benchmark}}.json  
-          if-no-files-found: error
-          retention-days: 10 
-      - name: submit metrics
-        run: pnpm benchmark:submit
-        env:
-          DEBUG: metrics
-          METRICS_SOURCE: hyperfine
-          METRICS_URL: ${{ secrets.METRICS_URL }}
-          METRICS_TOKEN: ${{ secrets.METRICS_TOKEN }}
-          METRICS_BENCHMARK: ${{matrix.benchmark}}
-          METRICS_VERSION: ${{matrix.verdaccioVersion}}
-          METRICS_COMMIT_HASH: ${{ github.sha }}
--- a/.github/workflows/changesets.yml
+++ b/.github/workflows/changesets.yml
@@ -20,20 +20,19 @@ jobs:
    if: github.ref == 'refs/heads/master' && github.repository == 'verdaccio/verdaccio'
    steps:
      - name: checkout code repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
        with:
          fetch-depth: 0

      - name: setup node.js
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # tag=v3
        with:
-          node-version: 14
-          registry-url: 'https://registry.npmjs.org'
+          node-version-file: '.nvmrc'
        env:
          NODE_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}

      - name: install pnpm
-        run: npm i pnpm@6.10.3 -g
+        run: npm i pnpm@latest-8 -g
        env:
          NODE_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}

@@ -47,8 +46,7 @@ jobs:
        env:
          NODE_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
      - name: crowdin download
-        env:
-          CROWDIN_VERDACCIO_PROJECT_ID: ${{ secrets.CROWDIN_VERDACCIO_PROJECT_ID }}
+        env:          
          CROWDIN_VERDACCIO_API_KEY: ${{ secrets.CROWDIN_VERDACCIO_API_KEY }}
          CONTEXT: production
        run: pnpm crowdin:download       
@@ -56,14 +54,16 @@ jobs:
        run: pnpm build

      - name: create versions
-        uses: verdaccio/changeset-action@master
+        uses: changesets/action@master
        with:
          version: pnpm ci:version
          commit: 'chore: update versions'
          title: 'chore: update versions'
          publish: pnpm ci:publish
+          createGithubReleases: false
+          setupGitUser: false
        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.CHANGESET_RELEASE_TOKEN }}
          NPM_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
          NODE_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
          NPM_CONFIG_REGISTRY: https://registry.npmjs.org
--- a/.github/workflows/ci-windows.yml
+++ b/.github/workflows/ci-windows.yml
@@ -0,0 +1,150 @@
+name: CI windows
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '5 0 * * SUN' 
+permissions:
+  contents: read
+jobs:
+  prepare:
+    runs-on: ubuntu-latest
+    name: setup verdaccio
+    services:
+      verdaccio:
+        image: verdaccio/verdaccio:nightly-master
+        ports:
+          - 4873:4873
+        env:
+          NODE_ENV: production          
+    steps:
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
+    - name: Node
+      uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # tag=v3
+      with:
+        node-version-file: '.nvmrc'
+    - name: Install pnpm
+      run: npm i pnpm@latest-8 -g
+    - name: set store
+      run: |
+        mkdir ~/.pnpm-store
+        pnpm config set store-dir ~/.pnpm-store
+    - name: set store
+      run: |
+        mkdir ~/.pnpm-store
+        pnpm config set store-dir ~/.pnpm-store            
+    - name: Install
+      run: pnpm install --registry http://localhost:4873
+    - name: Cache .pnpm-store
+      uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+      with:
+        path: ~/.pnpm-store
+        key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+        restore-keys: |
+          pnpm-
+  lint:
+    runs-on: windows-latest
+    name: Lint
+    needs: prepare
+    steps:
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
+      - name: Node
+        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # tag=v3
+        with:
+          node-version-file: '.nvmrc'
+      - name: Install pnpm
+        run: npm i pnpm@latest-8 -g
+      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          mkdir ~/.pnpm-store
+          pnpm config set store-dir ~/.pnpm-store              
+      - name: Install
+        run: pnpm install --offline --reporter=silence --ignore-scripts
+      - name: Lint
+        run: pnpm lint
+  format:
+    runs-on: windows-latest
+    name: Format
+    needs: prepare
+    steps:
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
+      - name: Use Node
+        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # tag=v3
+        with:
+          node-version-file: '.nvmrc'
+      - name: Install pnpm
+        run: npm i pnpm@latest-8 -g
+      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          mkdir ~/.pnpm-store
+          pnpm config set store-dir ~/.pnpm-store          
+      - name: Install
+        run: pnpm install --offline --reporter=silence --ignore-scripts
+      - name: Lint
+        run: pnpm format:check
+  build:
+    needs: [format, lint]
+    strategy:
+      fail-fast: true
+      matrix:
+        os: [windows-latest]
+        node_version: [18]
+    name: ${{ matrix.os }} / Node ${{ matrix.node_version }}
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
+      - name: Use Node ${{ matrix.node_version }}
+        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # tag=v3
+        with:
+          node-version: ${{ matrix.node_version }}
+      - name: Install pnpm
+        run: npm i pnpm@latest-8 -g
+      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          mkdir ~/.pnpm-store
+          pnpm config set store-dir ~/.pnpm-store          
+      - name: Install
+        run: pnpm install --offline --reporter=silence --ignore-scripts --registry http://localhost:4873
+      - name: build
+        run: pnpm build
+      - name: Test
+        run: pnpm test
+  ci-e2e-ui:
+    needs: [format, lint]
+    runs-on: windows-latest
+    name: UI Test E2E
+    steps:
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
+      - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # tag=v3
+        with:
+          node-version-file: '.nvmrc'
+      - name: Install pnpm
+        run: npm i pnpm@latest-8 -g
+      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          mkdir ~/.pnpm-store
+          pnpm config set store-dir ~/.pnpm-store              
+      - name: Install
+        run: pnpm install --offline --reporter=silence --registry http://localhost:4873
+      - name: build
+        run: pnpm build
+      - name: Test UI
+        run: pnpm test:e2e:ui
+        # env:
+        #  DEBUG: verdaccio:e2e*
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -2,43 +2,48 @@ name: CI

 on:
  push:
-    branches:
-      - master
-      - 'changeset-release/master'
  pull_request:
    paths:
      - .changeset/**
      - .github/workflows/ci.yml
      - 'packages/**'
+      - 'test/**'
      - 'docker-examples/**'
      - 'jest/**'
      - 'package.json'
      - 'pnpm-workspace.yaml'
+permissions:
+  contents: read
+
 jobs:
  prepare:
    runs-on: ubuntu-latest
    name: setup verdaccio
    services:
      verdaccio:
-        image: verdaccio/verdaccio:nightly-master
+        image: verdaccio/verdaccio:5
        ports:
          - 4873:4873
+        env:
+          NODE_ENV: production          
    steps:
-    - uses: actions/checkout@v2.4.0
-    - name: Use Node 16
-      uses: actions/setup-node@v3
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
+    - name: Node
+      uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # tag=v3
      with:
-        node-version: 16
+        node-version-file: '.nvmrc'
    - name: Install pnpm
-      run: npm i pnpm@6.24.1 -g
+      run: |
+        corepack enable
+        corepack prepare --activate pnpm@latest-8
    - name: set store
      run: |
        mkdir ~/.pnpm-store
        pnpm config set store-dir ~/.pnpm-store
    - name: Install
-      run: pnpm recursive install --frozen-lockfile --registry http://localhost:4873
+      run: pnpm install  --registry http://localhost:4873
    - name: Cache .pnpm-store
-      uses: actions/cache@v2
+      uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
      with:
        path: ~/.pnpm-store
        key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -49,19 +54,24 @@ jobs:
    name: Lint
    needs: prepare
    steps:
-      - uses: actions/checkout@v2.4.0
-      - name: Use Node 16
-        uses: actions/setup-node@v3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
+      - name: Node
+        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # tag=v3
        with:
-          node-version: 16
+          node-version-file: '.nvmrc'
      - name: Install pnpm
-        run: npm i pnpm@6.24.1 -g
-      - uses: actions/cache@v2
+        run: |
+          corepack enable
+          corepack prepare --activate pnpm@latest-8
+      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
        with:
          path: ~/.pnpm-store
          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          pnpm config set store-dir ~/.pnpm-store              
      - name: Install
-        run: pnpm recursive install --frozen-lockfile --ignore-scripts
+        run: pnpm install --offline   --ignore-scripts
      - name: Lint
        run: pnpm lint
  format:
@@ -69,124 +79,88 @@ jobs:
    name: Format
    needs: prepare
    steps:
-      - uses: actions/checkout@v2.4.0
-      - name: Use Node 16
-        uses: actions/setup-node@v3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
+      - name: Use Node
+        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # tag=v3
        with:
-          node-version: 16
+          node-version-file: '.nvmrc'
      - name: Install pnpm
-        run: npm i pnpm@6.24.1 -g
-      - uses: actions/cache@v2
+        run: |
+          corepack enable
+          corepack prepare --activate pnpm@latest-8
+      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
        with:
          path: ~/.pnpm-store
          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          pnpm config set store-dir ~/.pnpm-store              
      - name: Install
-        run: pnpm recursive install --frozen-lockfile --ignore-scripts
+        run: pnpm install --offline   --ignore-scripts
      - name: Lint
        run: pnpm format:check
-  build:
+  test:
    needs: [format, lint]
    strategy:
      fail-fast: true
      matrix:
-        os: [ubuntu-latest, windows-latest]
-        ## Node 16 breaks UI test, jest issue
-        node_version: [16, 17]
+        os: [ubuntu-latest]
+        node_version: [16, 18]
    name: ${{ matrix.os }} / Node ${{ matrix.node_version }}
    runs-on: ${{ matrix.os }}
    steps:
-      - uses: actions/checkout@v2.4.0
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
      - name: Use Node ${{ matrix.node_version }}
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # tag=v3
        with:
          node-version: ${{ matrix.node_version }}
      - name: Install pnpm
-        run: npm i pnpm@6.24.1 -g
-      - uses: actions/cache@v2
+        run: |
+          corepack enable
+          corepack prepare --activate pnpm@latest-8
+      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
        with:
          path: ~/.pnpm-store
          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          pnpm config set store-dir ~/.pnpm-store              
      - name: Install
-        run: pnpm recursive install --frozen-lockfile --ignore-scripts
+        run: pnpm install --offline   --ignore-scripts --registry http://localhost:4873
      - name: build
        run: pnpm build
      - name: Test
        run: pnpm test
-  ci-e2e-ui:
-    needs: [format, lint]
-    runs-on: ubuntu-latest
-    name: UI Test E2E Node 16
-    steps:
-      - uses: actions/checkout@v2.4.0
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 16
-      - name: Install pnpm
-        run: npm i pnpm@6.24.1 -g
-      - uses: actions/cache@v2
-        with:
-          path: ~/.pnpm-store
-          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
-      - name: Install
-        ## we need scripts, pupetter downloads aditional content
-        run: pnpm recursive install --frozen-lockfile
-      - name: build
-        run: pnpm build
-      - name: Test UI
-        run: pnpm test:e2e:ui
-        # env:
-        #  DEBUG: verdaccio:e2e*
-  ci-e2e-cli:
-    needs: [format, lint]
-    runs-on: ubuntu-latest
-    # TODO: fails on migrate to node 16, we need to check why
-    name: CLI Test E2E Node 14
-    steps:
-      - uses: actions/checkout@v2.4.0
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 14
-      - name: Install pnpm
-        run: npm i pnpm@6.24.1 -g
-      - uses: actions/cache@v2
-        with:
-          path: ~/.pnpm-store
-          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
-      - name: Install
-        ## we need scripts, pupetter downloads aditional content
-        run: pnpm recursive install --frozen-lockfile
-      - name: build
-        run: pnpm build
-      - name: Test CLI
-        run: pnpm test:e2e:cli
-        env:
-          DEBUG: verdaccio*
  sync-translations:
-    needs: [ci-e2e-cli, ci-e2e-ui]
+    needs: [test]
    runs-on: ubuntu-latest
    name: synchronize translations
-    if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
+    if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
    steps:
-      - uses: actions/checkout@v2.4.0
-      - uses: actions/setup-node@v3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
+      - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # tag=v3
        with:
-          node-version: 16
+          node-version-file: '.nvmrc'
      - name: Install pnpm
-        run: npm i pnpm@6.24.1 -g
-      - uses: actions/cache@v2
+        run: |
+          corepack enable
+          corepack prepare --activate pnpm@latest-8
+      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
        with:
          path: ~/.pnpm-store
          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          pnpm config set store-dir ~/.pnpm-store              
      - name: Install
        ## we need scripts, pupetter downloads aditional content
-        run: pnpm recursive install --frozen-lockfile
+        run: pnpm install  --registry http://localhost:4873
      - name: build
        run: pnpm build
      - name: generate website translations
-        run: pnpm write-translations --filter ...@verdaccio/website
+        run: pnpm --filter ...@verdaccio/website write-translations
      - name: sync
        env:
-          CROWDIN_VERDACCIO_PROJECT_ID: ${{ secrets.CROWDIN_VERDACCIO_PROJECT_ID }}
          CROWDIN_VERDACCIO_API_KEY: ${{ secrets.CROWDIN_VERDACCIO_API_KEY }}
          CONTEXT: production
        run: pnpm crowdin:sync
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -8,13 +8,20 @@ on:
  schedule:
    - cron: '0 2 * * 4'

+permissions:
+  contents: read
+
 jobs:
  CodeQL-Build:
+    permissions:
+      actions: read  # for github/codeql-action/init to get workflow details
+      contents: read  # for actions/checkout to fetch code
+      security-events: write  # for github/codeql-action/autobuild to send a status report
    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository
-        uses: actions/checkout@v2.4.0
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
        with:
          # We must fetch at least the immediate parents so that if this is
          # a pull request then we can checkout the head.
@@ -27,7 +34,7 @@ jobs:

      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v1
+        uses: github/codeql-action/init@a09933a12a80f87b87005513f0abb1494c27a716 # v2

      # Override language selection by uncommenting this and choosing your languages
      # with:
@@ -35,7 +42,7 @@ jobs:
      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
      # If this step fails, then you should remove it and run the build manually (see below)
      - name: Autobuild
-        uses: github/codeql-action/autobuild@v1
+        uses: github/codeql-action/autobuild@a09933a12a80f87b87005513f0abb1494c27a716 # v2

      # ℹ️ Command-line programs to run using the OS shell.
      # 📚 https://git.io/JvXDl
@@ -49,4 +56,4 @@ jobs:
      #   make release

      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v1
+        uses: github/codeql-action/analyze@a09933a12a80f87b87005513f0abb1494c27a716 # v2
--- a/.github/workflows/docker-proxy-apache-e2e.yml
+++ b/.github/workflows/docker-proxy-apache-e2e.yml
@@ -0,0 +1,38 @@
+name: E2E Docker Proxy Apache Test
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - 'master'
+  schedule:
+    # run every sunday
+    - cron: '0 0 * * 0'
+jobs:
+  docker:
+    timeout-minutes: 10
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
+      
+    - name: Start containers
+      run: docker-compose -f "./e2e/docker/apache-verdaccio/docker-compose.yaml" up -d --build
+
+    - name: Install node
+      uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3
+      with:
+        node-version: 18
+    - name: verdaccio cli
+      run: npm install -g verdaccio --registry http://localhost
+    - name: gastby cli 
+      run:  npm install -g gatsby-cli --registry http://localhost
+    - name: netlify cli 
+      run:  npm install -g netlify-cli --registry http://localhost
+    - name: angular cli 
+      run:  npm install -g @angular/cli --registry http://localhost
+
+    - name: Stop containers
+      if: always()
+      run: docker-compose -f "./e2e/docker/apache-verdaccio/docker-compose.yaml" down
--- a/.github/workflows/docker-proxy-nginx-e2e.yml
+++ b/.github/workflows/docker-proxy-nginx-e2e.yml
@@ -0,0 +1,41 @@
+name: E2E Docker Proxy Nginx Test
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - 'master'
+jobs:
+  docker:
+    timeout-minutes: 10
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
+      
+    - name: Start containers
+      run: docker-compose -f "./e2e/docker/proxy-nginx/docker-compose.yaml" up -d --build
+
+    - name: Install node
+      uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3
+      with:
+        node-version: 18
+    - name: npm setup
+      run: |
+        npm config set fetch-retries="5"
+        npm config set fetch-retry-factor="50"
+        npm config set fetch-retry-mintimeout="20000"
+        npm config set fetch-retry-maxtimeout="80000"      
+    - name: verdaccio cli
+      run: npm install -g verdaccio --registry http://localhost
+    - name: gastby cli 
+      run:  npm install -g gatsby-cli --registry http://localhost
+    - name: netlify cli 
+      run:  npm install -g netlify-cli --registry http://localhost
+    - name: angular cli 
+      run:  npm install -g @angular/cli --registry http://localhost
+
+    - name: Stop containers
+      if: always()
+      run: docker-compose -f "./e2e/docker/proxy-nginx/docker-compose.yaml" down
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -15,12 +15,16 @@ on:
      - 'master'
    tags:
      - 'v*'
+
+permissions:
+  contents: read  #  to fetch code (actions/checkout)
+
 jobs:
  docker:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v2
-      - uses: docker/setup-qemu-action@v1
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
+      - uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # tag=v1
      - uses: docker/setup-buildx-action@v1
        with:
          driver-opts: network=host
@@ -41,11 +45,11 @@ jobs:
            {{major}}
            {{major}}.{{minor}}
      - name: Build & Push
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v4
        with:
          context: .
          file: ./Dockerfile
-          platforms: linux/amd64
+          platforms: linux/amd64,linux/arm64
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.docker_meta.outputs.tags }}
          labels: ${{ steps.docker_meta.outputs.labels }}
--- a/.github/workflows/e2e-ci.yml
+++ b/.github/workflows/e2e-ci.yml
@@ -0,0 +1,112 @@
+name: E2E CLI
+
+on: [pull_request]
+permissions:
+  contents: read
+jobs:
+  prepare:
+    runs-on: ubuntu-latest
+    name: setup e2e verdaccio
+    services:
+      verdaccio:
+        image: verdaccio/verdaccio:nightly-master
+        ports:
+          - 4873:4873
+        env:
+          NODE_ENV: production
+    steps:
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
+    - name: Use Node
+      uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # tag=v3
+      with:
+        node-version-file: '.nvmrc'
+    - name: Install pnpm
+      run: npm i pnpm@latest-8 -g
+    - name: set store
+      run: |
+        mkdir ~/.pnpm-store
+        pnpm config set store-dir ~/.pnpm-store
+    - name: Install
+      run: pnpm install --reporter=silence --ignore-scripts --registry http://localhost:4873
+    - name: Cache .pnpm-store
+      uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+      with:
+        path: ~/.pnpm-store
+        key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+        restore-keys: |
+          pnpm-
+  build:
+    needs: [prepare]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
+      - name: Use Node 16
+        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # tag=v3
+        with:
+          node-version-file: '.nvmrc'
+      - name: Install pnpm
+        run: npm i pnpm@latest-8 -g
+      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+      - name: set store
+        run: |
+          pnpm config set store-dir ~/.pnpm-store              
+      - name: Install
+        run: pnpm recursive install --reporter=silence --registry http://localhost:4873
+      - name: build
+        run: pnpm build
+      - name: Cache packages
+        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+        id: cache-packages
+        with:
+          path: ./packages/
+          key: pkg-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+          restore-keys: |
+            packages-
+      # - name: Cache test
+      #   uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
+      #   id: cache-test
+      #   with:
+      #     path: ./e2e/
+      #     key: test-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+      #     restore-keys: |
+      #       test-
+  e2e-cli:
+    needs: [prepare, build]
+    strategy:
+      fail-fast: false
+      matrix:
+        pkg: [npm6, npm7, npm8, npm9, pnpm6, pnpm7, pnpm8, yarn1, yarn2, yarn3, yarn4]
+        node: [16, 18, 19]
+    name: ${{ matrix.pkg }}/ ubuntu-latest / ${{ matrix.node }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
+      - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # tag=v3
+        with:
+          node-version: ${{ matrix.node }}
+      - name: Install pnpm
+        run: npm i pnpm@latest-8 -g
+      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+      - name: set store
+        run: |
+          pnpm config set store-dir ~/.pnpm-store              
+      - name: Install
+        run: pnpm install --offline --reporter=silence --ignore-scripts --registry http://localhost:4873
+      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+        with:
+          path: ./packages/
+          key: pkg-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+      # - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
+      #   with:
+      #     path: ./e2e/
+      #     key: test-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+      - name: build e2e
+        run:  pnpm --filter @verdaccio/test-cli-commons build
+      - name: Test CLI
+        run: NODE_ENV=production pnpm test --filter ...@verdaccio/e2e-cli-${{matrix.pkg}}
--- a/.github/workflows/e2e-ui.yml
+++ b/.github/workflows/e2e-ui.yml
@@ -0,0 +1,36 @@
+name: E2E UI
+
+on: [pull_request]
+permissions:
+  contents: read
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    name: UI Test E2E
+    services:
+      verdaccio:
+        image: verdaccio/verdaccio:5
+        ports:
+          - 4873:4873
+        env:
+          NODE_ENV: production
+    steps:
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
+      - name: Use Node
+        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # tag=v3
+        with:
+          node-version-file: '.nvmrc'
+      - name: Install pnpm
+        run: |
+         corepack enable
+         corepack prepare --activate pnpm@latest-8
+      - name: Install
+        run: pnpm install --reporter=silence --registry http://localhost:4873
+      - name: build
+        run: pnpm build
+      - name: Test UI
+        run: pnpm test:e2e:ui
+      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3
+        with:
+          name: videos
+          path: /home/runner/work/verdaccio/verdaccio/e2e/ui/cypress/videos
--- a/.github/workflows/contributors.yml
+++ b/.github/workflows/contributors.yml
@@ -1,5 +1,5 @@
 ---
-name: contributors
+name: static data

 on:
  workflow_dispatch:
@@ -10,39 +10,45 @@ on:
  # push:
  #   branches:
  #     - master
+
+permissions:
+  contents: read  #  to fetch code (actions/checkout)
+
 jobs:
  prepare:
    name: Run script
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
        with:
          persist-credentials: false
          fetch-depth: 0
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # tag=v3
        with:
-          node-version: 17.x
+          node-version: 18.x
      - name: install pnpm
-        run: sudo npm i pnpm@6.24.1 -g
-      - name: set store
-        run: | 
-          mkdir ~/.pnpm-store
-          pnpm config set store-dir ~/.pnpm-store
-      - name: setup pnpm config registry
-        run: pnpm config set registry https://registry.verdaccio.org
+        run: sudo npm i pnpm@latest-8 -g
      - name: install dependencies
        run: pnpm install
+      - name: Build Translations percentage
+        run: pnpm --filter @verdaccio/crowdin-translations build
      - name: update contributors
        run: pnpm run contributors
        env:
          TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: update addson data
+        run: pnpm script:addson
+      - name: update translations
+        run: pnpm run translations
+        env:
+          TOKEN: ${{ secrets.CROWDIN_VERDACCIO_API_KEY }}          
      - name: format
        run: pnpm format
      - name: Commit & Push changes
-        uses: actions-js/push@v1.3
+        uses: actions-js/push@156f2b10c3aa000c44dbe75ea7018f32ae999772 # tag=v1.4
        with:
          github_token: ${{ secrets.TOKEN_VERDACCIOBOT_GITHUB }}
-          message: "chore: updated contributors list"
+          message: "chore: updated static data"
          branch: master
          author_email: verdaccio.npm@gmail.com
          author_name: verdacciobot
--- a/.github/workflows/ui-components.yml
+++ b/.github/workflows/ui-components.yml
@@ -0,0 +1,78 @@
+name: UI Components
+
+on: 
+  workflow_dispatch:
+  pull_request:
+    paths:
+    - .github/workflows/ui-components.yml
+    - 'packages/ui-components/**'
+    - 'package.json'
+    - 'pnpm-workspace.yaml'
+    - 'pnpm-lock.yaml'
+
+permissions:
+  contents: read  #  to fetch code (actions/checkout)
+
+env:
+  DEBUG: verdaccio*
+
+jobs:
+  deploy:
+    permissions:
+      contents: read  #  to fetch code (actions/checkout)
+      deployments: write
+      pull-requests: write  #  to comment on pull-requests
+
+    runs-on: ubuntu-latest
+    env:
+      NODE_OPTIONS: --max_old_space_size=4096
+    steps:
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
+
+      - name: Use Node
+        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # tag=v3
+        with:
+          node-version-file: '.nvmrc'
+
+      - name: Cache pnpm modules
+        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+        env:
+          cache-name: cache-pnpm-modules
+        with:
+          path: ~/.pnpm-store
+          key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ matrix.node-version }}-${{ hashFiles('**/pnpm-lock.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-build-${{ env.cache-name }}-${{ matrix.node-version }}-
+
+      - name: Install pnpm
+        run: |
+          corepack enable
+            corepack prepare --activate pnpm@latest-8
+      - name: Install
+        run: pnpm install  
+      - name: Build storybook
+        run: pnpm ui:storybook:build
+      - name: Copy public content
+        # the msw.js worker is need it at the storybook-static folder in production
+        run: cp -R packages/ui-components/public/* packages/ui-components/storybook-static
+      - name: 🔥 Deploy Production UI Netlify
+        if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
+        uses: verdaccio/action-netlify-deploy@1c086d59169edeec9254672c7de17d2ceac3928f # v2.0.0
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          netlify-auth-token: ${{ secrets.NETLIFY_AUTH_TOKEN }}
+          netlify-site-id: ${{ secrets.NETLIFY_UI_SITE_ID }}
+          build-dir: './packages/ui-components/storybook-static'          
+      - name: 🤖 Deploy Preview UI Components Netlify
+        if: github.repository == 'verdaccio/verdaccio'
+        uses: semoal/action-netlify-deploy@1a53f098745bf78555d11b436f5ee3af87e6b566
+        id: netlify_preview_ui
+        with:
+          draft: true
+          comment-on-pull-request: true
+          github-deployment-is-production: false
+          github-deployment-is-transient: true
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          netlify-auth-token: ${{ secrets.NETLIFY_AUTH_TOKEN }}
+          netlify-site-id: ${{ secrets.NETLIFY_UI_SITE_ID }}
+          build-dir: './packages/ui-components/storybook-static'
--- a/.github/workflows/website.yml
+++ b/.github/workflows/website.yml
@@ -3,36 +3,35 @@ name: Verdaccio Website CI
 on:
  workflow_dispatch:
  pull_request:
-    types:
-      - opened
-      - synchronize
    paths:
-      - 'website/**'
-      - 'package.json'
-      - './.github/workflows/website.yml'
-  push:
-    branches:
-      - 'master'
-    paths:
-      - 'website/**'
-      - 'package.json'
-      - './.github/workflows/website.yml'
+        - 'website/**'
+        - './.github/workflows/website.yml'
+  schedule:
+    - cron: '0 0 * * *' 
+
+permissions:
+  contents: read  #  to fetch code (actions/checkout)

 jobs:
  build:
+    permissions:
+      contents: read  #  to fetch code (actions/checkout)
+      deployments: write
+      pull-requests: write  #  to comment on pull-requests
+
    runs-on: ubuntu-latest
    env:
      NODE_OPTIONS: --max_old_space_size=4096
    steps:
-      - uses: actions/checkout@v2.4.0
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3

-      - name: Use Node 14
-        uses: actions/setup-node@v3
+      - name: Use Node 16
+        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # tag=v3
        with:
-          node-version: 14
+          node-version: 16

      - name: Cache pnpm modules
-        uses: actions/cache@v2
+        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
        env:
          cache-name: cache-pnpm-modules
        with:
@@ -41,16 +40,18 @@ jobs:
          restore-keys: |
            ${{ runner.os }}-build-${{ env.cache-name }}-${{ matrix.node-version }}-

-      - uses: pnpm/action-setup@v2.1.0
+      - uses: pnpm/action-setup@d882d12c64e032187b2edb46d3a0d003b7a43598 # tag=v2.4.0
        with:
-          version: 6.10.2
+          version: latest-8
          run_install: |
            - recursive: true
              args: [--frozen-lockfile]
-      - name: Build Plugins
-        run: pnpm build --filter "docusaurus-plugin-contributors"
+      - name: Build 
+        run: pnpm build
+      - name: Build Translations percentage
+        run: pnpm --filter @verdaccio/crowdin-translations build
      - name: Cache Docusaurus Build
-        uses: actions/cache@v2
+        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
        with:
          path: website/node_modules/.cache/webpack
          key: cache/webpack-${{github.ref}}-${{ hashFiles('**/pnpm-lock.yaml') }}
@@ -62,14 +63,14 @@ jobs:
      - name: Build Production
        if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
        env:
-          CROWDIN_VERDACCIO_PROJECT_ID: ${{ secrets.CROWDIN_VERDACCIO_PROJECT_ID }}
          CROWDIN_VERDACCIO_API_KEY: ${{ secrets.CROWDIN_VERDACCIO_API_KEY }}
+          SENTRY_KEY: ${{ secrets.SENTRY_KEY }}
          CONTEXT: production
-        run: pnpm netlify:build:production --filter ...@verdaccio/website
+        run: pnpm --filter @verdaccio/website netlify:build:production

      - name: 🔥 Deploy Production Netlify
        if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
-        uses: semoal/action-netlify-deploy@master
+        uses: semoal/action-netlify-deploy@1a53f098745bf78555d11b436f5ee3af87e6b566
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          netlify-auth-token: ${{ secrets.NETLIFY_AUTH_TOKEN }}
@@ -80,10 +81,11 @@ jobs:
      - name: Build Deployment Preview
        env:
          CONTEXT: deploy-preview
-        run: pnpm netlify:build:deployPreview --filter ...@verdaccio/website
+        run: pnpm --filter ...@verdaccio/website netlify:build:deployPreview

      - name: 🤖 Deploy Preview Netlify
-        uses: semoal/action-netlify-deploy@master
+        if: github.repository == 'verdaccio/verdaccio'
+        uses: semoal/action-netlify-deploy@1a53f098745bf78555d11b436f5ee3af87e6b566
        id: netlify_preview
        with:
          draft: true
@@ -96,8 +98,9 @@ jobs:
          build-dir: './website/build'

      - name: Audit preview URL with Lighthouse
+        if: github.repository == 'verdaccio/verdaccio'
        id: lighthouse_audit
-        uses: treosh/lighthouse-ci-action@v9.3.0
+        uses: treosh/lighthouse-ci-action@03becbfc543944dd6e7534f7ff768abb8a296826 # tag=10.1.0
        with:
          urls: |
            ${{ steps.netlify_preview.outputs.preview-url }}
@@ -106,7 +109,7 @@ jobs:

      - name: Format lighthouse score
        id: format_lighthouse_score
-        uses: actions/github-script@v3
+        uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # tag=v6
        with:
          github-token: ${{secrets.GITHUB_TOKEN}}
          script: |
@@ -129,11 +132,13 @@ jobs:
             core.setOutput("comment", comment);

      - name: Add comment to PR
+        if: github.repository == 'verdaccio/verdaccio'
        id: comment_to_pr
-        uses: marocchino/sticky-pull-request-comment@v1
+        uses: marocchino/sticky-pull-request-comment@f6a2580ed520ae15da6076e7410b088d1c5dddd9 # v2
        with:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          number: ${{ github.event.issue.number }}
+          delete: true
          header: lighthouse
          message: |
            ${{ steps.format_lighthouse_score.outputs.comment }}
--- a/.gitignore
+++ b/.gitignore
@@ -41,12 +41,15 @@ packages/plugins/ui-theme/static
 # CI Pnpm cache
 .pnpm-store/

-# benchmark
-api-results.json
-hyper-results.json
-hyper-results*.json
-api-results*.json
-
 #docs 
-./api
-packages/core/core/docs
+website/docs/api/**/*.md
+website/docs/api/**/*.yml
+!website/docs/api/index.md
+packages/**/docs
+
+# cypress
+e2e/ui/cypress/videos/**/*
+e2e/ui/cypress/screenshots/**/*
+
+# storybook
+packages/ui-components/storybook-static
--- a/.npmrc
+++ b/.npmrc
@@ -1,5 +1,3 @@
 always-auth = true
-recursive-install = true
-registry = https://registry.verdaccio.org
 loglevel=info
 fetch-retries="10"
--- a/.prettierignore
+++ b/.prettierignore
@@ -8,13 +8,15 @@
 **/wrong.package.json
 crowdin.yaml
 /docs/website
-/website/*
 /website/translated_docs/
 CHANGELOG.md
 CONTRIBUTORS.md
 node_modules/
 **/coverage/**
 **/static/*.js
+**/dist/*.js
+website/.docusaurus/**/*
+website/i18n/**/*
 **/build/*.js
 packages/core/local-storage/_storage/**
 packages/partials/storage_default_storage/
@@ -31,3 +33,7 @@ api/**
 packages/core/local-storage/tests/__fixtures__/test-storage/
 packages/plugins/ui-theme/static/
 .verdaccio-db.json
+test/cli/e2e-yarn4/bin/yarn-4.0.0-rc.14.cjs
+yarn.js
+website/docs/api/*
+packages/ui-components/storybook-static/*
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -4,88 +4,12 @@
  // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
  "version": "0.2.0",
  "configurations": [
-
-  {
-    "name": "Attach",
-    "port": 9229,
-    "request": "attach",
-    "skipFiles": [
-      "<node_internals>/**"
-    ],
-    "type": "pwa-node"
-  },
    {
-      "name": "Verdaccio Debug",
+      "name": "Attach",
      "port": 9229,
      "request": "attach",
      "skipFiles": ["<node_internals>/**"],
      "type": "pwa-node"
-    },
-    {
-      "type": "node",
-      "request": "launch",
-      "name": "CLI Babel Registry",
-      "stopOnEntry": false,
-      "program": "${workspaceFolder}/debug/bootstrap.js",
-      "args": ["-l", "0.0.0.0:4873"],
-      "env": {
-        "BABEL_ENV": "registry"
-      },
-      "preLaunchTask": "npm: build:webui",
-      "console": "integratedTerminal"
-    },
-    {
-      "name": "Unit Tests",
-      "type": "node",
-      "request": "launch",
-      "program": "${workspaceRoot}/node_modules/bin/jest",
-      "stopOnEntry": false,
-      "args": ["--debug=true"],
-      "cwd": "${workspaceRoot}",
-      "runtimeExecutable": null,
-      "runtimeArgs": ["--nolazy"],
-      "env": {
-        "NODE_ENV": "test",
-        "TZ": "UTC"
-      },
-      "console": "integratedTerminal"
-    },
-    {
-      "name": "Functional Tests",
-      "type": "node",
-      "request": "launch",
-      "program": "${workspaceRoot}/node_modules/.bin/jest",
-      "stopOnEntry": false,
-      "args": [
-        "--config",
-        "./test/jest.config.functional.js",
-        "--testPathPattern",
-        "./test/functional/index*",
-        "--debug=false",
-        "--verbose",
-        "--useStderr",
-        "--detectOpenHandles"
-      ],
-      "cwd": "${workspaceRoot}",
-      "env": {
-        "BABEL_ENV": "testOldEnv",
-        "VERDACCIO_DEBUG": "true",
-        "VERDACCIO_DEBUG_INJECT": "true",
-        "NODE_DEBUG": "TO_DEBUG_REQUEST_REMOVE_THIS_request"
-      },
-      "preLaunchTask": "pre-test",
-      "console": "integratedTerminal",
-      "runtimeExecutable": null,
-      "runtimeArgs": ["--nolazy"]
-    },
-    {
-      "type": "node",
-      "request": "launch",
-      "name": "Verdaccio Compiled",
-      "preLaunchTask": "npm: code:build",
-      "program": "${workspaceRoot}/bin/verdaccio",
-      "args": ["-l", "0.0.0.0:4873"],
-      "console": "integratedTerminal"
    }
  ]
 }
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -8,5 +8,6 @@
    "storage_default_storage": true,
    ".yarn": true
  },
+  "editor.formatOnSave": true,
  "typescript.tsdk": "node_modules/typescript/lib"
 }
--- a/.vscode/tasks.json
+++ b/.vscode/tasks.json
@@ -1,21 +0,0 @@
-{
-  // See https://go.microsoft.com/fwlink/?LinkId=733558
-  // for the documentation about the tasks.json format
-  "version": "2.0.0",
-  "tasks": [
-    {
-      "type": "npm",
-      "script": "build:webui",
-      "problemMatcher": []
-    },
-    {
-      "type": "npm",
-      "script": "code:build",
-      "problemMatcher": []
-    },
-    {
-      "label": "pre-test",
-      "dependsOn": ["npm: code:build", "npm: test:clean"]
-    }
-  ]
-}
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,59 +1,33 @@
 # Contributing

-> Any change matters, whatever the size, just do it.
+> This guidelines refers to the main (`master`) that host the v6.x, if you want to contribute to `5.x` please read the following [link](https://github.com/verdaccio/verdaccio/blob/5.x/CONTRIBUTING.md).

-We're happy that you're considering contributing! To help, we've prepared these
-guidelines for you:
+We're happy that you're considering contributing!

-**Table of Contents**
-
- [Contributing](#contributing)
-  - [How Do I Contribute?](#how-do-i-contribute)
-  - [Development Setup](#development-setup)
-    - [Building the project](#building-the-project)
-    - [Running test](#running-test)
-    - [Running and debugging](#running-and-debugging)
-    - [Debugging compiled code](#debugging-compiled-code)
-  - [Reporting Bugs](#reporting-bugs)
-    - [Read the documentation](#read-the-documentation)
-    - [What's is not considered a bug?](#whats-is-not-considered-a-bug)
-    - [Issue Search](#issue-search)
-    - [Chat](#chat)
-  - [Translations](#translations)
-  - [Request Features](#request-features)
-  - [Contributing Guidelines](#contributing-guidelines)
-    - [Submitting a Pull Request](#submitting-a-pull-request)
-    - [Make Changes and Commit](#make-changes-and-commit)
-      - [Caveats](#caveats)
-      - [Before Commit](#before-commit)
-      - [Commit Guidelines](#commit-guidelines)
-    - [Adding a changeset](#adding-a-changeset)
-    - [Update Tests](#update-tests)
-  - [Develop Plugins](#develop-plugins)
+To help you getting started we've prepared these guidelines for you, any change matter, just do it:

 ## How Do I Contribute?

 There are many ways to contribute:

- Report a bug
- Request a feature you think would be great for Verdaccio
- Fix bugs
- Test and triage bugs reported by others
- Work on requested/approved features
- Improve the codebase (linting, naming, comments, test descriptions, etc...)
+- [Report a bug](#reporting-bugs)
+- [Request a feature you think would be great for Verdaccio](#feature-request)
+- [Fixing bugs](https://github.com/verdaccio/verdaccio/issues?q=is%3Aopen+is%3Aissue+label%3A%22issue%3A+bug%22)
+- [Test and triage bugs reported by others](https://github.com/verdaccio/verdaccio/issues?q=is%3Aopen+is%3Aissue+label%3Aissue_needs_triage)
+- [Working on requested/approved features](https://github.com/verdaccio/verdaccio/issues?q=is%3Aopen+is%3Aissue+label%3A%22topic%3A+feature+request%22+)
+- [Improve the codebase (linting, naming, comments, test descriptions, etc...)](https://github.com/verdaccio/verdaccio/discussions/1461)
+- Improve code coverage for unit testing for every module, [end to end](https://github.com/verdaccio/verdaccio/tree/master/e2e/cli) or [UI test](https://github.com/verdaccio/verdaccio/tree/master/e2e/ui) (with cypress).

-The Verdaccio project is split into several areas:
+The Verdaccio project is split into several areas, the first three hosted in the main repository:

 - **Core**: The [core](https://github.com/verdaccio/verdaccio) is the main repository, built with **Node.js**.
 - **Website**: we use [**Docusaurus**](https://docusaurus.io/) for the **website** and if you are familiar with this technology, you might become the official webmaster.
 - **User Interface**: The [user Interface](https://github.com/verdaccio/ui) is based in **react** and **material-ui** and looking for front-end contributors.
 - **Kubernetes and Helm**: Ts the official repository for the [**Helm chart**](https://github.com/verdaccio/charts).

-> There are other areas to contribute, like documentation, translation which are
-> not hosted on this repo but check the last section of this notes for further
-> information.
+> There are other areas to contribute, like [documentation](https://github.com/verdaccio/verdaccio/tree/master/website/docs) or [translations](#translations}).

-## Development Setup
+## Prepare local setup {#local-setup}

 Verdaccio uses [pnpm](https://pnpm.io) as the package manager for development in this repository.

@@ -70,7 +44,7 @@ This setting would cause the `pnpm install` command to install incorrect version
 To begin your development setup, please install the latest version of pnpm globally:

 ```
-npm i -g pnpm
+npm i -g pnpm@latest-8
 ```

 With pnpm installed, the first step is installing all dependencies:
@@ -138,15 +112,13 @@ output to the code. Each package has it owns namespace.

 To run the application from the source code, ensure the project has been built with `pnpm build`, once this is done, there are few commands that helps to run server:

- `pnpm start`: Run the server and the UI with `concurrently`, the
-  server runs in the port `8000` and the UI on the port `4873`. This command
-  is useful if you want to contribute mostly on the UI.
- `pnpm debug`: Run the server in debug mode `--inspect`, the UI is included but does not have hot reload. For automatic break use `pnpm debug:break`.
+- `pnpm start`: Runs server on port `8000` and UI on port `4873`. This is particularly useful if you want to contribute to the UI, since it runs with hot reload.
+- `pnpm debug`: Run the server in debug mode `--inspect`. UI runs too but without hot reload. For automatic break use `pnpm debug:break`.
 - `pnpm debug:fastify`: To contribute on the [fastify migration](https://github.com/verdaccio/verdaccio/discussions/2155) this is a temporary command for such purpose.
 - `pnpm website`: Build the website, for more commands to run the _website_, run `cd website` and then `pnpm serve`, website will run on port `3000`.
 - `pnpm docker`: Build the docker image. Requires `docker` command available in your system.

-#### Debugging compiled code
+#### Debugging compiled code {#debugging-compiled-code}

 Currently you can only run pre-compiled packages in debug mode. To enable debug
 while running add the `verdaccio` namespace using the `DEBUG` environment
@@ -166,13 +138,50 @@ DEBUG=verdaccio:plugin:* node packages/verdaccio/debug/bootstrap.js
 The debug code is intended to analyze what is happening under the hood and none
 of the output is sent to the logger module.

-## Reporting Bugs
+> [See the full guide how to debug with Verdaccio](https://github.com/verdaccio/verdaccio/wiki/Debugging-Verdaccio)
+
+#### Testing your changes in a local registry {#testing-local-registry}
+
+Once you have perform your changes in the code base, the build and tests passes you can publish a local version:
+
+- Ensure you have build all modules (or the one you have modified)
+- Run `pnpm local:publish:release` to launch a local registry and publish all packages into it. This command will be alive until server is killed (Control Key + C)
+
+```
+pnpm build
+pnpm local:publish:release
+```
+
+The last step consist on install globally the package from the local registry which runs on the default port (4873).
+
+```
+npm i -g verdaccio --registry=http://localhost:4873
+verdaccio
+```
+
+If you perform more changes in the source code, repeat this process, there is not _hot reloading_ support.
+
+## Feature Request {#feature-request}
+
+New feature requests are welcome. Analyse whether the idea fits within scope of the project. Adding in context and the use-case will really help!
+
+**Please provide:**
+
+- Create a [discussion](https://github.com/verdaccio/verdaccio/discussions/new).
+- A detailed description the advantages of your request.
+- Whether or not it's compatible with `npm`, `pnpm` and [_yarn classic_
+  ](https://github.com/yarnpkg/yarn) or [_yarn modern_
+  ](https://github.com/yarnpkg/berry).
+- A potential implementation or design
+- Whatever else is on your mind! 🤓
+
+## Reporting Bugs {#reporting-bugs}

 **Bugs are considered features that are not working as described in
 documentation.**

 If you've found a bug in Verdaccio **that isn't a security risk**, please file
-a report in our [issue tracker](https://github.com/verdaccio/verdaccio/issues).
+a report in our [issue tracker](https://github.com/verdaccio/verdaccio/issues), if you think a potential vulnerability please read the [security policy](https://verdaccio.org/community/security) .

 > **NOTE: Verdaccio still does not support all npm commands. Some were not
 > considered important and others have not been requested yet.**
@@ -185,13 +194,13 @@ a report in our [issue tracker](https://github.com/verdaccio/verdaccio/issues).
 - _Features clearly flagged as not supported_
 - _Node.js issues installation in any platform_: If you cannot install the
  global package (this is considered external issue)
- Any ticket which has beed flagged as an [external issue
+- Any ticket which has been flagged as an [external issue
  ](https://github.com/verdaccio/verdaccio/labels/external-issue)

 If you intend to report a **security** issue, please follow our [Security policy
 guidelines](https://github.com/verdaccio/verdaccio/security/policy).

-### Issue Search
+### Issues {#issues}

 Before reporting a bug please:

@@ -203,53 +212,21 @@ In case any of those match with your search, up-vote it (using GitHub reactions)
 or add additional helpful details to the existing issue to show that it's
 affecting multiple people.

-### Chat
+### Contributing support

 Questions can be asked via [Discord](https://discord.gg/7qWJxBf)

-**Please use the `#help` channel.**
+**Please use the `#contribute` channel.**

-## Translations
+## Development Guidelines {#development-guidelines}

-All translations are provided by the `crowdin` platform:
-[https://translate.verdaccio.org/](https://translate.verdaccio.org/)
+It's recommended use a UNIX system for local development, Windows should works fine for development, but is not daily tested could not be perfect. To ensure a fast code review and merge, please follow the next guidelines:

-If you want to contribute by adding translations, create an account (GitHub could be used as fast alternative), in the platform you can contribute to two areas, the website or improve User Interface translations.
+Any contribution gives you the right to be part of this organization as _collaborator_ and your avatar will be automatically added to the [contributors page](https://verdaccio.org/contributors).

-If a language is not listed, ask for it in the [Discord](https://discord.gg/7qWJxBf) channel #contribute channel.
+## Pull Request {#pull-request}

-For adding a new **language** on the UI follow these steps:
-
-1. Ensure the **language** has been enabled, must be visible in the `crowdin` platform.
-2. Find in the explorer the file `en.US.json` in the path `packages/plugins/ui-theme/src/i18n/crowdin/ui.json` and complete the translations, **not need to find approval on this**.
-3. Into the project, add a new field into `packages/plugins/ui-theme/src/i18n/crowdin/ui.json` file, in the section `lng`, the new language, eg: `{ lng: {korean:"Korean"}}`. (This file is English based, once the PR has been merged, this string will be available in crowdin for translate to the targeted language).
-4. Add the language, [flag icon](https://www.npmjs.com/package/country-flag-icons), and the menu key fort he new language eg: `menuKey: 'lng.korean'` to the file `packages/plugins/ui-theme/src/i18n/enabledLanguages.ts`.
-5. For local testing, read `packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md`.
-6. Add a `changeset` file, see more info below.
-
-## Request Features
-
-New feature requests are welcome. Analyse whether the idea fits within scope of
-the project. Adding in context and the use-case will really help!
-
-**Please provide:**
-
- A detailed description the advantages of your request
- Whether or not it's compatible with `npm`, `pnpm` and [_yarn classic_
-  ](https://github.com/yarnpkg/yarn) or [_yarn berry_
-  ](https://github.com/yarnpkg/berry).
- A potential implementation or design
- Whatever else is on your mind! 🤓
-
-## Contributing Guidelines
-
-It's very exciting to become a Verdaccio contributor 🙌🏼. To ensure a fast code
-review and merge, please follow the next guidelines:
-
-> Any contribution gives you the right to be part of this organization as
-> _collaborator_.
-
-### Submitting a Pull Request
+### Submitting a Pull Request {#submit-pull-request}

 The following are the steps you should follow when creating a pull request.
 Subsequent pull requests only need to follow step 3 and beyond.
@@ -277,10 +254,10 @@ Feel free to commit as much times you want in your branch, but keep on mind on
 this repository we `git squash` on merge by default, as we like to maintain a
 clean git history.

-#### Before Commit
+#### Before Push {#before-push}

-Before committing, **you must ensure there are no linting errors and
-all tests pass.** To do this, run these commands before create the PR:
+Before committing or push, **you must ensure there are no linting errors and
+all tests passes**. To do verify, run these commands before creating the PR:

 ```bash
 pnpm lint
@@ -294,47 +271,18 @@ pnpm test

 All good? Perfect! You should create the pull request.

-#### Commit Guidelines
+#### Commit Guidelines {#commits}

-For example:
+On a pull request, commit messages are not important, please focus on document properly the pull request content. The commit message will be taken from the pull request title, it is recommended to use lowercase format.

- `feat: A new feature`
- `fix: A bug fix`
-
-A commit of the type feat introduces a new feature to the codebase (this
-correlates with MINOR in semantic versioning).
-
-e.g.:
-
-```
-feat: xxxxxxxxxx
-```
-
-A commit of the type fix patches a bug in your codebase (this correlates with
-PATCH in semantic versioning).
-
-e.g.:
-
-```
-fix: xxxxxxxxxxx
-```
-
-Commits types such as as `docs:`,`style:`,`refactor:`,`perf:`,`test:` and
-`chore:` are valid but have no effect on versioning: **please use them!**
-
-All commits message are going to be validated when they are created using
-_husky_ hooks.
-
-> Please try to provide one single commit to help a clean and easy merge process
-
-### Adding a changeset
+### Adding a changeset {#changeset}

 We use [changesets](https://github.com/atlassian/changesets) in order to
 generate a detailed Changelog as possible.

 Adding a changeset with your Pull Request is essential if you want your
-contribution to get merged (unless is a change that does not affect library
-functionality, eg: typo, docs, readme, add additional test or linting code). To
+contribution to get merged (unless it does not affect functionality or
+user-facing content, eg: docs, readme, adding test or typo/lint fixes). To
 create a changeset please run:

 ```
@@ -409,7 +357,25 @@ If you need help with how testing works, please [refer to the following guide
 **If you are introducing new features, you MUST include new tests. PRs for
 features without tests will not be merged.**

-## Develop Plugins
+## Translations {#translations}
+
+All translations are provided by the **[crowdin](http://crowdin.com)** platform,
+[https://translate.verdaccio.org/](https://translate.verdaccio.org/)
+
+If you want to contribute by adding translations, create an account (GitHub could be used as fast alternative), in the platform you can contribute to two areas, the website or improve User Interface translations.
+
+If a language is not listed, ask for it in the [Discord](https://discord.gg/7qWJxBf) channel #contribute channel.
+
+For adding a new **language** on the UI follow these steps:
+
+1. Ensure the **language** has been enabled, must be visible in the `crowdin` platform.
+2. Find in the explorer the file `en.US.json` in the path `packages/plugins/ui-theme/src/i18n/crowdin/ui.json` and complete the translations, **not need to find approval on this**.
+3. Into the project, add a new field into `packages/plugins/ui-theme/src/i18n/crowdin/ui.json` file, in the section `lng`, the new language, eg: `{ lng: {korean:"Korean"}}`. (This file is English based, once the PR has been merged, this string will be available in crowdin for translate to the targeted language).
+4. Add the language, [flag icon](https://www.npmjs.com/package/country-flag-icons), and the menu key fort he new language eg: `menuKey: 'lng.korean'` to the file `packages/plugins/ui-theme/src/i18n/enabledLanguages.ts`.
+5. For local testing, read `packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md`.
+6. Add a `changeset` file, see more info below.
+
+## Develop Plugins {#develop-plugins}

 Plugins are add-ons that extend the functionality of the application.

--- a/CONTRIBUTORS.md
+++ b/CONTRIBUTORS.md
@@ -1,39 +0,0 @@
-<!-- ALL-CONTRIBUTORS-LIST:START - Do not remove or modify this section -->
-<!-- markdownlint-disable -->
-<table>
-  <tr>
-    <td align="center"><a href="https://www.linkedin.com/in/jotadeveloper/"><img src="https://avatars0.githubusercontent.com/u/558752?v=4" width="100px;" alt=""/><br /><sub><b>Juan Picado</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=juanpicado" title="Documentation">📖</a> <a href="https://github.com/verdaccio/verdaccio/commits?author=juanpicado" title="Code">💻</a> <a href="#infra-juanpicado" title="Infrastructure (Hosting, Build-Tools, etc)">🚇</a> <a href="#eventOrganizing-juanpicado" title="Event Organizing">📋</a> <a href="#blog-juanpicado" title="Blogposts">📝</a> <a href="#maintenance-juanpicado" title="Maintenance">🚧</a></td>
-    <td align="center"><a href="https://github.com/sergiohgz"><img src="https://avatars3.githubusercontent.com/u/14012309?v=4" width="100px;" alt=""/><br /><sub><b>Sergio Herrera</b></sub></a><br /><a href="#infra-sergiohgz" title="Infrastructure (Hosting, Build-Tools, etc)">🚇</a> <a href="#maintenance-sergiohgz" title="Maintenance">🚧</a></td>
-    <td align="center"><a href="https://daniel-ruf.de/"><img src="https://avatars1.githubusercontent.com/u/827205?v=4" width="100px;" alt=""/><br /><sub><b>Daniel Ruf</b></sub></a><br /><a href="#security-DanielRuf" title="Security">🛡️</a> <a href="#infra-DanielRuf" title="Infrastructure (Hosting, Build-Tools, etc)">🚇</a> <a href="#maintenance-DanielRuf" title="Maintenance">🚧</a></td>
-    <td align="center"><a href="https://priscilawebdev.github.io/priscilaoliveira/"><img src="https://avatars1.githubusercontent.com/u/29228205?v=4" width="100px;" alt=""/><br /><sub><b>Priscila Oliveira</b></sub></a><br /><a href="#design-priscilawebdev" title="Design">🎨</a> <a href="https://github.com/verdaccio/verdaccio/commits?author=priscilawebdev" title="Code">💻</a> <a href="#maintenance-priscilawebdev" title="Maintenance">🚧</a></td>
-    <td align="center"><a href="http://ayusharma.github.io/"><img src="https://avatars0.githubusercontent.com/u/6918450?v=4" width="100px;" alt=""/><br /><sub><b>Ayush Sharma</b></sub></a><br /><a href="#infra-ayusharma" title="Infrastructure (Hosting, Build-Tools, etc)">🚇</a> <a href="https://github.com/verdaccio/verdaccio/commits?author=ayusharma" title="Code">💻</a> <a href="#design-ayusharma" title="Design">🎨</a></td>
-    <td align="center"><a href="https://github.com/trentearl"><img src="https://avatars2.githubusercontent.com/u/802857?v=4" width="100px;" alt=""/><br /><sub><b>Trent Earl</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=trentearl" title="Code">💻</a></td>
-    <td align="center"><a href="https://github.com/jmwilkinson"><img src="https://avatars0.githubusercontent.com/u/17836030?v=4" width="100px;" alt=""/><br /><sub><b>jmwilkinson</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=jmwilkinson" title="Code">💻</a></td>
-  </tr>
-  <tr>
-    <td align="center"><a href="https://github.com/bufferoverflow"><img src="https://avatars2.githubusercontent.com/u/378909?v=4" width="100px;" alt=""/><br /><sub><b>Roger Meier</b></sub></a><br /><a href="#plugin-bufferoverflow" title="Plugin/utility libraries">🔌</a></td>
-    <td align="center"><a href="https://ghuser.io/jamesgeorge007"><img src="https://avatars2.githubusercontent.com/u/25279263?v=4" width="100px;" alt=""/><br /><sub><b>James George</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=jamesgeorge007" title="Code">💻</a></td>
-    <td align="center"><a href="https://github.com/AvailCat"><img src="https://avatars3.githubusercontent.com/u/19658647?v=4" width="100px;" alt=""/><br /><sub><b>AvailCat</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=AvailCat" title="Code">💻</a> <a href="#infra-AvailCat" title="Infrastructure (Hosting, Build-Tools, etc)">🚇</a> <a href="#maintenance-AvailCat" title="Maintenance">🚧</a></td>
-    <td align="center"><a href="https://www.luciusgaitan.com/"><img src="https://avatars0.githubusercontent.com/u/5970350?v=4" width="100px;" alt=""/><br /><sub><b>Lucius Gaitán</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=lgaitan" title="Code">💻</a></td>
-    <td align="center"><a href="https://github.com/ramonornela"><img src="https://avatars1.githubusercontent.com/u/187946?v=4" width="100px;" alt=""/><br /><sub><b>Ramon Henrique Ornelas</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=ramonornela" title="Code">💻</a></td>
-    <td align="center"><a href="https://people.freebsd.org/~mi/resume/"><img src="https://avatars1.githubusercontent.com/u/1486340?v=4" width="100px;" alt=""/><br /><sub><b>UnitedMarsupials-zz</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=UnitedMarsupials-zz" title="Code">💻</a></td>
-    <td align="center"><a href="http://www.codingintrigue.co.uk/"><img src="https://avatars0.githubusercontent.com/u/9048902?v=4" width="100px;" alt=""/><br /><sub><b>Ryan Graham</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=ryan-codingintrigue" title="Code">💻</a></td>
-  </tr>
-  <tr>
-    <td align="center"><a href="https://github.com/coolsp"><img src="https://avatars1.githubusercontent.com/u/1246647?v=4" width="100px;" alt=""/><br /><sub><b>coolsp</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=coolsp" title="Code">💻</a></td>
-    <td align="center"><a href="http://ashishsurana.in/"><img src="https://avatars0.githubusercontent.com/u/5610944?v=4" width="100px;" alt=""/><br /><sub><b>Ashish Surana</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=ashishsurana" title="Code">💻</a></td>
-    <td align="center"><a href="https://github.com/buffaybu"><img src="https://avatars3.githubusercontent.com/u/2025661?v=4" width="100px;" alt=""/><br /><sub><b>Wang Yifei</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=buffaybu" title="Code">💻</a></td>
-    <td align="center"><a href="https://twitter.com/liran_tal"><img src="https://avatars1.githubusercontent.com/u/316371?v=4" width="100px;" alt=""/><br /><sub><b>Liran Tal</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=lirantal" title="Code">💻</a></td>
-    <td align="center"><a href="https://github.com/brenordr"><img src="https://avatars2.githubusercontent.com/u/19731692?v=4" width="100px;" alt=""/><br /><sub><b>Breno Rodrigues</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=brenordr" title="Code">💻</a></td>
-    <td align="center"><a href="https://github.com/jachstet-sea"><img src="https://avatars0.githubusercontent.com/u/7993508?v=4" width="100px;" alt=""/><br /><sub><b>jachstet-sea</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=jachstet-sea" title="Code">💻</a></td>
-    <td align="center"><a href="https://patrik.votocek.cz/"><img src="https://avatars1.githubusercontent.com/u/112567?v=4" width="100px;" alt=""/><br /><sub><b>Patrik Votoček</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=Vrtak-CZ" title="Code">💻</a></td>
-  </tr>
-  <tr>
-    <td align="center"><a href="https://github.com/monkeywithacupcake"><img src="https://avatars3.githubusercontent.com/u/7316730?v=4" width="100px;" alt=""/><br /><sub><b>jess</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=monkeywithacupcake" title="Code">💻</a></td>
-    <td align="center"><a href="https://github.com/toolsofraj"><img src="https://avatars0.githubusercontent.com/u/2507152?v=4" width="100px;" alt=""/><br /><sub><b>toolsofraj</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=toolsofraj" title="Code">💻</a></td>
-    <td align="center"><a href="https://github.com/ddhp"><img src="https://avatars1.githubusercontent.com/u/1715380?v=4" width="100px;" alt=""/><br /><sub><b>Jian-Chen Chen (jesse)</b></sub></a><br /><a href="#translation-ddhp" title="Translation">🌍</a> <a href="https://github.com/verdaccio/verdaccio/commits?author=ddhp" title="Code">💻</a></td>
-  </tr>
-</table>
-
-<!-- markdownlint-enable -->
-<!-- ALL-CONTRIBUTORS-LIST:END -->
--- a/22
+++ b/22
@@ -1,26 +1,26 @@
-FROM --platform=${BUILDPLATFORM:-linux/amd64} node:16.13.2-alpine as builder
+FROM --platform=${BUILDPLATFORM:-linux/amd64} node:18-alpine as builder

 ENV NODE_ENV=development \
-    VERDACCIO_BUILD_REGISTRY=https://registry.verdaccio.org
+    VERDACCIO_BUILD_REGISTRY=https://registry.npmjs.org

 RUN apk --no-cache add openssl ca-certificates wget && \
-    apk --no-cache add g++ gcc libgcc libstdc++ linux-headers make python2 && \
+    apk --no-cache add g++ gcc libgcc libstdc++ linux-headers make python3 && \
    wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub && \
-    wget -q https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.25-r0/glibc-2.25-r0.apk && \
-    apk add glibc-2.25-r0.apk
+    wget -q https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.35-r0/glibc-2.35-r0.apk && \
+    apk add --force-overwrite glibc-2.35-r0.apk

 WORKDIR /opt/verdaccio-build
 COPY . .
-RUN npm -g i pnpm@6.24.1 && \
+RUN npm -g i pnpm@latest-8 && \
    pnpm config set registry $VERDACCIO_BUILD_REGISTRY && \
-    pnpm recursive install --frozen-lockfile --ignore-scripts && \
+    pnpm install --frozen-lockfile --ignore-scripts && \
    rm -Rf test && \
-    pnpm run build && \
-    pnpm install -P
-# FIXME: need to remove devDependencies from the build
+    pnpm run build
+# FIXME: need to remove devDependencies from the build    
+# NODE_ENV=production pnpm install --frozen-lockfile --ignore-scripts
 # RUN pnpm install --prod --ignore-scripts

-FROM node:16.13.2-alpine
+FROM node:18-alpine
 LABEL maintainer="https://github.com/verdaccio/verdaccio"

 ENV VERDACCIO_APPDIR=/opt/verdaccio \
--- a/README.md
+++ b/README.md
@@ -1,10 +1,19 @@
+[![BannerUK](https://cdn.verdaccio.dev/readme/banner-uk.svg)](https://donate.redcrossredcrescent.org/ua/donate/~my-donation?_cv=1)
+
+> Verdaccio stands for **peace**, stop the war, we will be yellow / blue 🇺🇦 until that happens.
+
 ![verdaccio logo](https://cdn.verdaccio.dev/readme/verdaccio@2x.png)

 ![verdaccio gif](https://cdn.verdaccio.dev/readme/readme-website.png)

-# Version 6 (Development branch)
+# Version Next (Development branch)

-> Looking for Verdaccio 5? Check branch `5.x`.
+> Looking for Verdaccio 5 version? Check the branch `5.x`
+> The plugins for the `v5.x` that are hosted within this organization are located
+> at the [`verdaccio/monorepo`](https://github.com/verdaccio/monorepo) repository, while for the `next` version
+> are hosted on this project `./packages/plugins`, keep on mind `next` plugins will eventually would be
+> incompatible with `v5.x` versions.
+> Note that contributing guidelines might be different based on the branch.

 [Verdaccio](https://verdaccio.org/) is a simple, **zero-config-required local private npm registry**.
 No need for an entire database just to get started! Verdaccio comes out of the box with
@@ -26,6 +35,7 @@ Google Cloud Storage** or create your own plugin.

 [![Twitter followers](https://img.shields.io/twitter/follow/verdaccio_npm.svg?style=social&label=Follow)](https://twitter.com/verdaccio_npm)
 [![Github](https://img.shields.io/github/stars/verdaccio/verdaccio.svg?style=social&label=Stars)](https://github.com/verdaccio/verdaccio/stargazers)
+[![StandWithUkraine](https://raw.githubusercontent.com/vshymanskyy/StandWithUkraine/main/badges/StandWithUkraine.svg)](https://github.com/vshymanskyy/StandWithUkraine/blob/main/docs/README.md)

 ## Install

@@ -34,7 +44,19 @@ Google Cloud Storage** or create your own plugin.
 Install with npm:

 ```bash
-npm install --global verdaccio@6-next
+npm install --location=global verdaccio@6-next
+```
+
+With `yarn`
+
+```bash
+yarn global add verdaccio@6-next
+```
+
+With `pnpm`
+
+```bash
+pnpm i -g verdaccio@6-next
 ```

 or
@@ -43,6 +65,27 @@ or
 docker pull verdaccio/verdaccio:nightly-master
 ```

+or with _helm_ [official chart](https://github.com/verdaccio/charts).
+
+```bash
+helm repo add verdaccio https://charts.verdaccio.org
+helm repo update
+helm install verdaccio/verdaccio
+```
+
+Furthermore, you can read the [**Debugging Guidelines**](https://github.com/verdaccio/verdaccio/wiki/Debugging-Verdaccio) and the [**Docker Examples**](https://github.com/verdaccio/verdaccio/tree/master/docker-examples) for more advanced development.
+
+## Plugins
+
+You can develop your own [plugins](https://verdaccio.org/docs/plugins) with the [verdaccio generator](https://github.com/verdaccio/generator-verdaccio-plugin). Installing [Yeoman](https://yeoman.io/) is required.
+
+```
+npm install --location=global yo
+npm install --location=global generator-verdaccio-plugin
+```
+
+Learn more [here](https://verdaccio.org/docs/dev-plugins) how to develop plugins. Share your plugins with the community.
+
 ## Donations

 Verdaccio is run by **volunteers**; nobody is working full-time on it. If you find this project to be useful and would like to support its development, consider do a long support donation - **and your logo will be on this section of the readme.**
@@ -71,24 +114,27 @@ If you want to use a modified version of some 3rd-party package (for example, yo
 ### E2E Testing

 Verdaccio has proved to be a lightweight registry that can be
-booted in a couple of seconds, fast enough for any CI. Many open source projects use verdaccio for end to end testing, to mention some examples, **create-react-app**, **mozilla neutrino**, **pnpm**, **storybook**, **alfresco** or **eclipse theia**. You can read more in dedicated article to E2E in our blog.
+booted in a couple of seconds, fast enough for any CI. Many open source projects use verdaccio for end to end testing, to mention some examples, **create-react-app**, **mozilla neutrino**, **pnpm**, **storybook**, **babel.js**, **angular-cli** or **docusaurus**. You can read more in [here](https://verdaccio.org/docs/e2e).
+
+Furthermore, here few examples how to start:
+
+- [e2e-ci-example-gh-actions](https://github.com/juanpicado/e2e-ci-example-gh-actions)
+- [verdaccio-end-to-end-tests](https://github.com/juanpicado/verdaccio-end-to-end-tests)
+- [verdaccio-fork](https://github.com/juanpicado/verdaccio-fork)

 ## Watch our Videos

 **Node Congress 2022, February 2022, Online Free**

 <div>
-   <a href="https://nodecongress.com/">
-     <img src="https://cdn.verdaccio.dev/readme/nodejscongress2022.jpg" alt="nodejs" width="300"/>
+   <a href="https://portal.gitnation.org/contents/five-ways-of-taking-advantage-of-verdaccio-your-private-and-proxy-nodejs-registry">
+     <img src="https://cdn.verdaccio.dev/readme/nodejscongress2022.jpg" alt="nodejs" width="200"/>
  </a>
 </div>

-### **Using Docker and Verdaccio to make Integration Testing Easy - Docker All Hands #4 December - 2021**.
-
-[![docker](https://cdn.verdaccio.dev/readme/docker-all-hands-jpicado-talk.jpg)](https://www.youtube.com/watch?v=zRI0skF1f8I)
-
 You might want to check out as well our previous talks:

+- [Using Docker and Verdaccio to make Integration Testing Easy - **Docker All Hands #4 December - 2021**](https://www.youtube.com/watch?v=zRI0skF1f8I)
 - [**Juan Picado** – Testing the integrity of React components by publishing in a private registry - React Finland - 2021](https://www.youtube.com/watch?v=bRKZbrlQqLY&t=16s&ab_channel=ReactFinland)
 - [BeerJS Cba Meetup No. 53 May 2021 - **Juan Picado**](https://www.youtube.com/watch?v=6SyjqBmS49Y&ab_channel=BeerJSCba)
 - [Node.js Dependency Confusion Attacks - April 2021 - **Juan Picado**](https://www.youtube.com/watch?v=qTRADSp3Hpo)
@@ -163,7 +209,7 @@ To run the docker container:
 docker run -it --rm --name verdaccio -p 4873:4873 verdaccio/verdaccio
 ```

-Docker examples are available [in this repository](https://github.com/verdaccio/docker-examples).
+Docker examples are available [in this repository](https://github.com/verdaccio/verdaccio/tree/master/docker-examples).

 ## Compatibility

@@ -229,8 +275,10 @@ You can find and chat with then over Discord, click [here](http://chat.verdaccio
 ## Who is using Verdaccio?

 - [create-react-app](https://github.com/facebook/create-react-app/blob/master/CONTRIBUTING.md#customizing-e2e-registry-configuration) _(+86.2k ⭐️)_
+- [Grafana](https://github.com/grafana/grafana/search?q=verdaccio) _(+54.9k ⭐️)_
 - [Gatsby](https://github.com/gatsbyjs/gatsby) _(+49.2k ⭐️)_
 - [Babel.js](https://github.com/babel/babel) _(+38.5k ⭐️)_
+- [Docusaurus](https://github.com/facebook/docusaurus) _(+34k ⭐️)_
 - [Vue CLI](https://github.com/vuejs/vue-cli) _(+27.4k ⭐️)_
 - [Angular CLI](https://github.com/angular/angular-cli) _(+24.3k ⭐️)_
 - [Uppy](https://github.com/transloadit/uppy) _(+23.8k ⭐️)_
@@ -238,14 +286,14 @@ You can find and chat with then over Discord, click [here](http://chat.verdaccio
 - [Aurelia Framework](https://github.com/aurelia/framework) _(+11.6k ⭐️)_
 - [pnpm](https://github.com/pnpm/pnpm) _(+10.1k ⭐️)_
 - [ethereum/web3.js](https://github.com/ethereum/web3.js) _(+9.8k ⭐️)_
+- [Webiny CMS](https://github.com/webiny/webiny-js) _(+6.6k ⭐️)_
 - [NX](https://github.com/nrwl/nx) _(+6.1k ⭐️)_
- [webiny-js](https://github.com/webiny/webiny-js) _(+4.3k ⭐️)_
 - [Mozilla Neutrino](https://github.com/neutrinojs/neutrino) _(+3.7k ⭐️)_
 - [workshopper how to npm](https://github.com/workshopper/how-to-npm) _(+1k ⭐️)_
 - [Amazon SDK v3](https://github.com/aws/aws-sdk-js-v3)
 - [Amazon Encryption SDK for Javascript](https://github.com/aws/aws-encryption-sdk-javascript)

-🤓 Don't be shy, you also can be in [the list](https://github.com/verdaccio/website/blob/master/docs/who-is-using.md).
+🤓 Don't be shy, add yourself to this readme.

 ## Open Collective Sponsors

--- a/SECURITY.md
+++ b/SECURITY.md
@@ -28,7 +28,7 @@ At Verdaccio, we consider the security of our systems a top priority. But no mat

 If you discover a security vulnerability, please use one of the following means of communications to report it to us:

- Report the security issue to the Node.js Security WG through the [HackerOne program](https://hackerone.com/nodejs-ecosystem) for ecosystem modules on npm, or to [Snyk Security Team](https://snyk.io/vulnerability-disclosure). They will help triage the security issue and work with all involved parties to remediate and release a fix.
+- Report the security issue to [Snyk Security Team](https://snyk.io/vulnerability-disclosure). They will help triage the security issue and work with all involved parties to remediate and release a fix.

 Note that time-frame and processes are subject to each program’s own policy.

--- a/assets/thanks/crowdin/logo.png
+++ b/assets/thanks/crowdin/logo.png
--- a/crowdin.yaml
+++ b/crowdin.yaml
@@ -1,20 +1,19 @@
-project_id_env: CROWDIN_VERDACCIO_PROJECT_ID
+project_id: 295539
 api_token_env: CROWDIN_VERDACCIO_API_KEY
+# token local testing
+# api_token: token_secret

 preserve_hierarchy: true

 files:
-  [
-    {
-      source: 'packages/plugins/ui-theme/src/i18n/crowdin/**/*',
-      translation: '/packages/plugins/ui-theme/src/i18n/download_translations/%locale%/**/%original_file_name%',
-    },
-    {
-      source: '/website/i18n/en/**/*',
-      translation: '/website/i18n/%locale%/**/%original_file_name%',
-    },
-    {
-      source: '/website/docs/**/*',
-      translation: '/website/i18n/%locale%/docusaurus-plugin-content-docs/current/**/%original_file_name%',
-    }
-  ]
+  - source: /packages/plugins/ui-theme/src/i18n/crowdin/*.json
+    translation: '/packages/plugins/ui-theme/src/i18n/download_translations/%locale%/%original_file_name%'
+  - source: /website/i18n/en/**/*
+    translation: '/website/i18n/%locale%/**/%original_file_name%'
+  - source: /website/docs/**/*
+    translation: '/website/i18n/%locale%/docusaurus-plugin-content-docs/current/**/%original_file_name%'
+    ignore: [/website/docs/api/**/*]
+  - source: /website/versioned_docs/**/*
+    translation: /website/i18n/%locale%/docusaurus-plugin-content-docs/**/%original_file_name%
+    ignore: [/website/versioned_docs/version-5.x/api/**/*]
+   
--- a/docker-examples/README.md
+++ b/docker-examples/README.md
@@ -10,7 +10,7 @@ The following examples aim to be demonstrative and can be either improved or upd
 - [v5 examples](v5/README.md)
 - [v6 examples](v6/README.md)

-## Aditional data
+## Additional data

 This folder aims to create a collection of Docker and Kubernetes examples.

--- a/docker-examples/v4/plugins/docker-extend/Dockerfile
+++ b/docker-examples/v4/plugins/docker-extend/Dockerfile
@@ -4,7 +4,7 @@ USER root

 ENV NODE_ENV=production

-RUN npm i && npm install verdaccio-aws-s3-storage
+RUN npm i && npm -g install verdaccio-aws-s3-storage

 USER verdaccio

--- a/docker-examples/v5/README.md
+++ b/docker-examples/v5/README.md
@@ -3,3 +3,12 @@
 > Before run examples, build the local image by running `pnpm docker`.

 - [Docker + Nginx + Verdaccio](reverse_proxy/nginx/README.md)
+
+## Using Plugins with Docker
+
+List of different approaches
+
+> Note these options could be improved, feel free to submit upgrades
+
+- [Docker + Install plugins from a registry](plugins/docker-build-install-plugin/README.md)
+- [Docker + Install local plugin](plugins/docker-local-plugin/README.md)
--- a/docker-examples/v5/plugins/docker-build-install-plugin/Dockerfile
+++ b/docker-examples/v5/plugins/docker-build-install-plugin/Dockerfile
@@ -0,0 +1,7 @@
+# The final built image will be based on the standard Verdaccio docker image.
+FROM verdaccio/verdaccio:5
+ADD docker.yaml /verdaccio/conf/config.yaml  
+USER root
+RUN npm install --global verdaccio-static-token \
+  && npm install --global verdaccio-auth-memory
+USER $VERDACCIO_USER_UID
--- a/docker-examples/v5/plugins/docker-build-install-plugin/README.md
+++ b/docker-examples/v5/plugins/docker-build-install-plugin/README.md
@@ -0,0 +1,48 @@
+# Installing a plugin with Docker build
+
+On this small tutorial (based on [`verdaccio-prometheus-middleware`](https://github.com/xlts-dev/verdaccio-prometheus-middleware) example) you will be able to use a published package in any random registry (npmjs by default) and use it withing a docker image without mapping need it.
+
+> Since verdaccio:5 uses `yarn@2` to run the application, this tutorial is a workaround but future prove since verdaccio 6 uses `pnpm` to build the docker image.
+
+There are two main steps to highlight:
+
+- `docker.yaml`: This is a copy of the original configuration file for docker and with small modifications to use the plugin [`verdaccio-auth-memory`](https://www.npmjs.com/package/verdaccio-auth-memory) and custom web title for demonstration.
+- The `Dockerfile` take advance of the docker multi-stage build to install the plugin into the `verdaccio/plugins` folder withing the image, then we apply the right permissions `--chown=$VERDACCIO_USER_UID:root` so the plugin is recognized.
+
+## Run it
+
+Build this image.
+
+```bash
+docker build -t verdaccio/verdaccio:local .
+```
+
+and to run it
+
+```bash
+docker run -it --rm --name verdaccio -p 4873:4873 verdaccio/verdaccio:local
+```
+
+## Usage
+
+```dockerfile
+# Docker multi-stage build - https://docs.docker.com/develop/develop-images/multistage-build/
+# Use an alpine node image to install the plugin
+FROM node:lts-alpine as builder
+
+RUN mkdir -p /verdaccio/plugins \
+  && cd /verdaccio/plugins \
+  && npm install --global-style --no-bin-links --omit=optional verdaccio-auth-memory@latest
+
+FROM verdaccio/verdaccio:5
+
+# copy your modified config.yaml into the image
+ADD docker.yaml /verdaccio/conf/config.yaml
+# need it for install global plugins
+USER root
+# install plugins with npm global
+RUN npm install --global verdaccio-static-token \
+  && npm install --global verdaccio-auth-memory
+# back to original user
+USER $VERDACCIO_USER_UID
+```
--- a/docker-examples/v5/plugins/docker-build-install-plugin/docker.yaml
+++ b/docker-examples/v5/plugins/docker-build-install-plugin/docker.yaml
@@ -0,0 +1,204 @@
+#
+# This is the default configuration file. It allows all users to do anything,
+# please read carefully the documentation and best practices to
+# improve security.
+#
+# Do not configure host and port under `listen` in this file
+# as it will be ignored when using docker.
+# see https://verdaccio.org/docs/en/docker#docker-and-custom-port-configuration
+#
+# Look here for more config file examples:
+# https://github.com/verdaccio/verdaccio/tree/5.x/conf
+#
+# Read about the best practices
+# https://verdaccio.org/docs/best
+
+# path to a directory with all packages
+storage: /verdaccio/storage/data
+# path to a directory with plugins to include
+plugins: /verdaccio/plugins
+
+# https://verdaccio.org/docs/webui
+web:
+  title: Verdaccio Publish Config Test
+  # comment out to disable gravatar support
+  # gravatar: false
+  # by default packages are ordercer ascendant (asc|desc)
+  # sort_packages: asc
+  # convert your UI to the dark side
+  # darkMode: true
+  # html_cache: true
+  # by default all features are displayed
+  # login: true
+  # showInfo: true
+  # showSettings: true
+  # In combination with darkMode you can force specific theme
+  # showThemeSwitch: true
+  # showFooter: true
+  # showSearch: true
+  # showRaw: true
+  # showDownloadTarball: true
+  #  HTML tags injected after manifest <scripts/>
+  # scriptsBodyAfter:
+  #    - '<script type="text/javascript" src="https://my.company.com/customJS.min.js"></script>'
+  #  HTML tags injected before ends </head>
+  #  metaScripts:
+  #    - '<script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>'
+  #    - '<script type="text/javascript" src="https://browser.sentry-cdn.com/5.15.5/bundle.min.js"></script>'
+  #    - '<meta name="robots" content="noindex" />'
+  #  HTML tags injected first child at <body/>
+  #  bodyBefore:
+  #    - '<div id="myId">html before webpack scripts</div>'
+  #  Public path for template manifest scripts (only manifest)
+  #  publicPath: http://somedomain.org/
+
+# https://verdaccio.org/docs/configuration#authentication
+auth:
+  auth-memory:
+    users:
+      foo:
+        name: foo
+        password: s3cret
+      bar:
+        name: bar
+        password: s3cret
+
+# https://verdaccio.org/docs/configuration#uplinks
+# a list of other known repositories we can talk to
+uplinks:
+  npmjs:
+    url: https://registry.npmjs.org/
+
+# Learn how to protect your packages
+# https://verdaccio.org/docs/protect-your-dependencies/
+# https://verdaccio.org/docs/configuration#packages
+packages:
+  '@*/*':
+    # scoped packages
+    access: $all
+    publish: $authenticated
+    unpublish: $authenticated
+    proxy: npmjs
+
+  '**':
+    # allow all users (including non-authenticated users) to read and
+    # publish all packages
+    #
+    # you can specify usernames/groupnames (depending on your auth plugin)
+    # and three keywords: "$all", "$anonymous", "$authenticated"
+    access: $all
+
+    # allow all known users to publish/publish packages
+    # (anyone can register by default, remember?)
+    publish: $authenticated
+    unpublish: $authenticated
+
+    # if package is not available locally, proxy requests to 'npmjs' registry
+    proxy: npmjs
+
+# To improve your security configuration and  avoid dependency confusion
+# consider removing the proxy property for private packages
+# https://verdaccio.org/docs/best#remove-proxy-to-increase-security-at-private-packages
+
+# https://verdaccio.org/docs/configuration#server
+# You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections.
+# A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout.
+# WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.
+server:
+  keepAliveTimeout: 60
+
+# https://verdaccio.org/docs/configuration#offline-publish
+# publish:
+#   allow_offline: false
+
+# https://verdaccio.org/docs/configuration#url-prefix
+# url_prefix: /verdaccio/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/my_prefix'
+# // url -> https://somedomain.org/my_prefix/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/'
+# // url -> https://somedomain.org/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org/first_prefix';
+# url_prefix: '/second_prefix'
+# // url -> https://somedomain.org/second_prefix/'
+
+# https://verdaccio.org/docs/configuration#security
+# security:
+#   api:
+#     legacy: true
+#     jwt:
+#       sign:
+#         expiresIn: 29d
+#       verify:
+#         someProp: [value]
+#    web:
+#      sign:
+#        expiresIn: 1h # 1 hour by default
+#      verify:
+#         someProp: [value]
+
+# https://verdaccio.org/docs/configuration#user-rate-limit
+# userRateLimit:
+#   windowMs: 50000
+#   max: 1000
+
+# https://verdaccio.org/docs/configuration#max-body-size
+# max_body_size: 10mb
+
+# https://verdaccio.org/docs/configuration#listen-port
+# listen:
+# - localhost:4873            # default value
+# - http://localhost:4873     # same thing
+# - 0.0.0.0:4873              # listen on all addresses (INADDR_ANY)
+# - https://example.org:4873  # if you want to use https
+# - "[::1]:4873"                # ipv6
+# - unix:/tmp/verdaccio.sock    # unix socket
+
+# The HTTPS configuration is useful if you do not consider use a HTTP Proxy
+# https://verdaccio.org/docs/configuration#https
+# https:
+#   key: ./path/verdaccio-key.pem
+#   cert: ./path/verdaccio-cert.pem
+#   ca: ./path/verdaccio-csr.pem
+
+# https://verdaccio.org/docs/configuration#proxy
+# http_proxy: http://something.local/
+# https_proxy: https://something.local/
+
+# https://verdaccio.org/docs/configuration#notifications
+# notify:
+#   method: POST
+#   headers: [{ "Content-Type": "application/json" }]
+#   endpoint: https://usagge.hipchat.com/v2/room/3729485/notification?auth_token=mySecretToken
+#   content: '{"color":"green","message":"New package published: * {{ name }}*","notify":true,"message_format":"text"}'
+
+middlewares:
+  audit:
+    enabled: true
+  static-token:
+    - token: mySecureToken
+      user: systemUser
+      password: systemPassword
+    - token: ABCD1234
+      user: uncle
+      password: tom
+
+# https://verdaccio.org/docs/logger
+# log settings
+logs: { type: stdout, format: pretty, level: http }
+#experiments:
+#  # support for npm token command
+#  token: false
+#  # enable tarball URL redirect for hosting tarball with a different server, the tarball_url_redirect can be a template string
+#  tarball_url_redirect: 'https://mycdn.com/verdaccio/${packageName}/${filename}'
+#  # the tarball_url_redirect can be a function, takes packageName and filename and returns the url, when working with a js configuration file
+#  tarball_url_redirect(packageName, filename) {
+#    const signedUrl = // generate a signed url
+#    return signedUrl;
+#  }
+
+# translate your registry, api i18n not available yet
+# i18n:
+# list of the available translations https://github.com/verdaccio/verdaccio/blob/master/packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md
+#   web: en-US
--- a/docker-examples/v5/plugins/docker-local-plugin/Dockerfile
+++ b/docker-examples/v5/plugins/docker-local-plugin/Dockerfile
@@ -0,0 +1,26 @@
+# Docs based on https://github.com/xlts-dev/verdaccio-prometheus-middleware#installation
+# Docker multi-stage build - https://docs.docker.com/develop/develop-images/multistage-build/
+# Use an alpine node image to install the plugin
+FROM node:lts-alpine as builder
+
+RUN mkdir -p /verdaccio/plugins
+
+# Copy the local plugin into the docker image
+ADD plugins/verdaccio-docker-memory /verdaccio/plugins/verdaccio-docker-memory
+# Install the production dependencies (be careful install devDependencies here)
+RUN cd /verdaccio/plugins/verdaccio-docker-memory \
+  && npm install --production
+
+# The final built image will be based on the standard Verdaccio docker image.
+FROM verdaccio/verdaccio:5
+
+# Copy the plugin files over from the 'builder' node image.
+# The `$VERDACCIO_USER_UID` env variable is defined in the base `verdaccio/verdaccio` image.
+# Refer to: https://github.com/verdaccio/verdaccio/blob/v5.2.0/Dockerfile#L32
+# The local verdaccio-docker-memory is setup as storage
+ADD docker.yaml /verdaccio/conf/config.yaml  
+
+# Copy the plugin into the /verdaccio/plugins 
+COPY --chown=$VERDACCIO_USER_UID:root --from=builder \
+  /verdaccio/plugins/verdaccio-docker-memory \
+  /verdaccio/plugins/verdaccio-docker-memory
--- a/docker-examples/v5/plugins/docker-local-plugin/README.md
+++ b/docker-examples/v5/plugins/docker-local-plugin/README.md
@@ -0,0 +1,42 @@
+# Installing a local plugin with Docker build
+
+On this small tutorial (based on [`verdaccio-prometheus-middleware`](https://github.com/xlts-dev/verdaccio-prometheus-middleware) example) you will be able to use a published package in any random registry (npmjs by default) and use it withing a docker image without mapping need it.
+
+> Since verdaccio:5 uses `yarn@2` to run the application, this tutorial is a workaround but future prove since verdaccio 6 uses `pnpm` to build the docker image.
+
+There are three main steps to highlight:
+
+- Note the custom plugin at `plugins/verdaccio-docker-memory` under the name `verdaccio-docker-memory`.
+- Install the _production_ dependencies for the plugin `verdaccio-docker-memory`
+- `docker.yaml`: This is a copy of the original configuration file for docker and with small modifications to use the local plugin `verdaccio-docker-memory`.
+- The `Dockerfile` take advance of the docker multi-stage build to copy the local plugin into the `verdaccio/plugins` folder withing the image, then we apply the right permissions `--chown=$VERDACCIO_USER_UID:root` so the plugin is recognized.
+
+## Run it
+
+Build this image.
+
+```bash
+docker build -t verdaccio/verdaccio:local .
+```
+
+and to run it
+
+```bash
+docker run -it --rm --name verdaccio -p 4873:4873 verdaccio/verdaccio:local
+```
+
+## Usage
+
+```dockerfile
+FROM node:lts-alpine as builder
+RUN mkdir -p /verdaccio/plugins
+ADD plugins/verdaccio-docker-memory /verdaccio/plugins/verdaccio-docker-memory
+RUN cd /verdaccio/plugins/verdaccio-docker-memory \
+  && ls -ls \
+  && npm install --production
+FROM verdaccio/verdaccio:5
+ADD docker.yaml /verdaccio/conf/config.yaml
+COPY --chown=$VERDACCIO_USER_UID:root --from=builder \
+  /verdaccio/plugins/verdaccio-docker-memory \
+  /verdaccio/plugins/verdaccio-docker-memory
+```
--- a/docker-examples/v5/plugins/docker-local-plugin/docker.yaml
+++ b/docker-examples/v5/plugins/docker-local-plugin/docker.yaml
@@ -0,0 +1,199 @@
+#
+# This is the default configuration file. It allows all users to do anything,
+# please read carefully the documentation and best practices to
+# improve security.
+#
+# Do not configure host and port under `listen` in this file
+# as it will be ignored when using docker.
+# see https://verdaccio.org/docs/en/docker#docker-and-custom-port-configuration
+#
+# Look here for more config file examples:
+# https://github.com/verdaccio/verdaccio/tree/5.x/conf
+#
+# Read about the best practices
+# https://verdaccio.org/docs/best
+
+# path to a directory with all packages
+storage: /verdaccio/storage/data
+
+store:
+  # dummy copy of https://www.npmjs.com/package/verdaccio-memory
+  docker-memory:
+    limit: 1000
+
+# path to a directory with plugins to include
+plugins: /verdaccio/plugins
+
+# https://verdaccio.org/docs/webui
+web:
+  title: Verdaccio This is a Test
+  # comment out to disable gravatar support
+  # gravatar: false
+  # by default packages are ordercer ascendant (asc|desc)
+  # sort_packages: asc
+  # convert your UI to the dark side
+  # darkMode: true
+  # html_cache: true
+  # by default all features are displayed
+  # login: true
+  # showInfo: true
+  # showSettings: true
+  # In combination with darkMode you can force specific theme
+  # showThemeSwitch: true
+  # showFooter: true
+  # showSearch: true
+  # showRaw: true
+  # showDownloadTarball: true
+  #  HTML tags injected after manifest <scripts/>
+  # scriptsBodyAfter:
+  #    - '<script type="text/javascript" src="https://my.company.com/customJS.min.js"></script>'
+  #  HTML tags injected before ends </head>
+  #  metaScripts:
+  #    - '<script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>'
+  #    - '<script type="text/javascript" src="https://browser.sentry-cdn.com/5.15.5/bundle.min.js"></script>'
+  #    - '<meta name="robots" content="noindex" />'
+  #  HTML tags injected first child at <body/>
+  #  bodyBefore:
+  #    - '<div id="myId">html before webpack scripts</div>'
+  #  Public path for template manifest scripts (only manifest)
+  #  publicPath: http://somedomain.org/
+
+auth:
+  htpasswd:
+    file: ./htpasswd
+    # Maximum amount of users allowed to register, defaults to "+inf".
+    # You can set this to -1 to disable registration.
+    # max_users: 1000
+
+# https://verdaccio.org/docs/configuration#uplinks
+# a list of other known repositories we can talk to
+uplinks:
+  npmjs:
+    url: https://registry.npmjs.org/
+
+# Learn how to protect your packages
+# https://verdaccio.org/docs/protect-your-dependencies/
+# https://verdaccio.org/docs/configuration#packages
+packages:
+  '@*/*':
+    # scoped packages
+    access: $all
+    publish: $authenticated
+    unpublish: $authenticated
+    proxy: npmjs
+
+  '**':
+    # allow all users (including non-authenticated users) to read and
+    # publish all packages
+    #
+    # you can specify usernames/groupnames (depending on your auth plugin)
+    # and three keywords: "$all", "$anonymous", "$authenticated"
+    access: $all
+
+    # allow all known users to publish/publish packages
+    # (anyone can register by default, remember?)
+    publish: $authenticated
+    unpublish: $authenticated
+
+    # if package is not available locally, proxy requests to 'npmjs' registry
+    proxy: npmjs
+
+# To improve your security configuration and  avoid dependency confusion
+# consider removing the proxy property for private packages
+# https://verdaccio.org/docs/best#remove-proxy-to-increase-security-at-private-packages
+
+# https://verdaccio.org/docs/configuration#server
+# You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections.
+# A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout.
+# WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.
+server:
+  keepAliveTimeout: 60
+
+# https://verdaccio.org/docs/configuration#offline-publish
+# publish:
+#   allow_offline: false
+
+# https://verdaccio.org/docs/configuration#url-prefix
+# url_prefix: /verdaccio/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/my_prefix'
+# // url -> https://somedomain.org/my_prefix/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/'
+# // url -> https://somedomain.org/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org/first_prefix';
+# url_prefix: '/second_prefix'
+# // url -> https://somedomain.org/second_prefix/'
+
+# https://verdaccio.org/docs/configuration#security
+# security:
+#   api:
+#     legacy: true
+#     jwt:
+#       sign:
+#         expiresIn: 29d
+#       verify:
+#         someProp: [value]
+#    web:
+#      sign:
+#        expiresIn: 1h # 1 hour by default
+#      verify:
+#         someProp: [value]
+
+# https://verdaccio.org/docs/configuration#user-rate-limit
+# userRateLimit:
+#   windowMs: 50000
+#   max: 1000
+
+# https://verdaccio.org/docs/configuration#max-body-size
+# max_body_size: 10mb
+
+# https://verdaccio.org/docs/configuration#listen-port
+# listen:
+# - localhost:4873            # default value
+# - http://localhost:4873     # same thing
+# - 0.0.0.0:4873              # listen on all addresses (INADDR_ANY)
+# - https://example.org:4873  # if you want to use https
+# - "[::1]:4873"                # ipv6
+# - unix:/tmp/verdaccio.sock    # unix socket
+
+# The HTTPS configuration is useful if you do not consider use a HTTP Proxy
+# https://verdaccio.org/docs/configuration#https
+# https:
+#   key: ./path/verdaccio-key.pem
+#   cert: ./path/verdaccio-cert.pem
+#   ca: ./path/verdaccio-csr.pem
+
+# https://verdaccio.org/docs/configuration#proxy
+# http_proxy: http://something.local/
+# https_proxy: https://something.local/
+
+# https://verdaccio.org/docs/configuration#notifications
+# notify:
+#   method: POST
+#   headers: [{ "Content-Type": "application/json" }]
+#   endpoint: https://usagge.hipchat.com/v2/room/3729485/notification?auth_token=mySecretToken
+#   content: '{"color":"green","message":"New package published: * {{ name }}*","notify":true,"message_format":"text"}'
+
+middlewares:
+  audit:
+    enabled: true
+
+# https://verdaccio.org/docs/logger
+# log settings
+logs: { type: stdout, format: pretty, level: http }
+#experiments:
+#  # support for npm token command
+#  token: false
+#  # enable tarball URL redirect for hosting tarball with a different server, the tarball_url_redirect can be a template string
+#  tarball_url_redirect: 'https://mycdn.com/verdaccio/${packageName}/${filename}'
+#  # the tarball_url_redirect can be a function, takes packageName and filename and returns the url, when working with a js configuration file
+#  tarball_url_redirect(packageName, filename) {
+#    const signedUrl = // generate a signed url
+#    return signedUrl;
+#  }
+
+# translate your registry, api i18n not available yet
+# i18n:
+# list of the available translations https://github.com/verdaccio/verdaccio/blob/master/packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md
+#   web: en-US
--- a/docker-examples/v5/plugins/docker-local-plugin/plugins/.eslintrc
+++ b/docker-examples/v5/plugins/docker-local-plugin/plugins/.eslintrc
@@ -0,0 +1,8 @@
+{
+  "rules": {
+    "max-len": 0,
+    "@typescript-eslint/prefer-optional-chain": 0,
+    "@typescript-eslint/no-unused-vars": 0,
+    "@typescript-eslint/explicit-member-accessibility": 0
+  }
+}
--- a/Show More
+++ b/Show More