chore: update versions (6-next) (#3825)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

.changeset/angry-nails-appear.md

@@ -0,0 +1,52 @@
+---
+'@verdaccio/api': major
+'@verdaccio/auth': major
+'@verdaccio/cli': major
+'@verdaccio/config': major
+'@verdaccio/core': major
+'@verdaccio/file-locking': major
+'@verdaccio/readme': major
+'@verdaccio/tarball': major
+'@verdaccio/types': major
+'@verdaccio/url': major
+'@verdaccio/hooks': major
+'@verdaccio/loaders': major
+'@verdaccio/logger': major
+'@verdaccio/logger-prettify': major
+'@verdaccio/middleware': major
+'@verdaccio/node-api': major
+'verdaccio-audit': major
+'verdaccio-auth-memory': major
+'verdaccio-htpasswd': major
+'@verdaccio/local-storage': major
+'verdaccio-memory': major
+'@verdaccio/ui-theme': major
+'@verdaccio/proxy': major
+'@verdaccio/server': major
+'@verdaccio/store': major
+'@verdaccio/utils': major
+'verdaccio': major
+'@verdaccio/web': major
+---
+
+feat!: replace deprecated request dependency by got
+
+This is a big refactoring of the core, fetching dependencies, improve code, more tests and better stability. This is essential for the next release, will take some time but would allow modularize more the core.
+
+## Notes
+
+- Remove deprecated `request` by other `got`, retry improved, custom Agent ( got does not include it built-in)
+- Remove `async` dependency from storage (used by core) it was linked with proxy somehow safe to remove now
+- Refactor with promises instead callback wherever is possible
+- ~Document the API~
+- Improve testing, integration tests
+- Bugfix
+- Clean up old validations
+- Improve performance
+
+## 💥 Breaking changes
+
+- Plugin API methods were callbacks based are returning promises, this will break current storage plugins, check documentation for upgrade.
+- Write Tarball, Read Tarball methods parameters change, a new set of options like `AbortController` signals are being provided to the `addAbortSignal` can be internally used with Streams when a request is aborted. eg: `addAbortSignal(signal, fs.createReadStream(pathName));`
+- `@verdaccio/streams` stream abort support is legacy is being deprecated removed
+- Remove AWS and Google Cloud packages for future refactoring [#2574](https://github.com/verdaccio/verdaccio/pull/2574).

.changeset/big-years-repair.md

@@ -0,0 +1,8 @@
+---
+'@verdaccio/api': minor
+'@verdaccio/middleware': minor
+'@verdaccio/utils': minor
+'@verdaccio/web': minor
+---
+
+feat: expose middleware utils

.changeset/blue-cobras-study.md

@@ -0,0 +1,8 @@
+---
+'@verdaccio/cli': minor
+'@verdaccio/ui-components': minor
+'@verdaccio/core': minor
+'@verdaccio/types': minor
+---
+
+fix: startup messages improved and logs support on types

.changeset/brave-seahorses-press.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-theme': patch
+---
+
+fix: markdown ul and img styles

.changeset/bright-poems-obey.md

@@ -1,6 +1,6 @@
 ---
 '@verdaccio/api': major
-'@verdaccio/fastify-migration': major
+'@verdaccio/server-fastify': major
 '@verdaccio/tarball': major
 '@verdaccio/local-storage': major
 'verdaccio-memory': major

.changeset/brown-cycles-laugh.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/cli': patch
+---
+
+chore: improve error logger message

.changeset/brown-pandas-wink.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-theme': patch
+---
+
+add banner support ukraine

.changeset/chatty-pillows-perform.md

@@ -0,0 +1,18 @@
+---
+'@verdaccio/api': minor
+'@verdaccio/config': minor
+'@verdaccio/core': minor
+'@verdaccio/file-locking': minor
+'@verdaccio/tarball': minor
+'@verdaccio/types': minor
+'@verdaccio/url': minor
+'@verdaccio/hooks': minor
+'@verdaccio/loaders': minor
+'@verdaccio/logger': minor
+'@verdaccio/logger-prettify': minor
+'@verdaccio/local-storage': minor
+'@verdaccio/utils': minor
+'verdaccio': minor
+---
+
+feat: improve support for fs promises older nodejs

.changeset/chilled-ways-fetch.md

@@ -0,0 +1,5 @@
+---
+'verdaccio-memory': patch
+---
+
+Fix storing tarballs with identical names from different packages in memory plugin

.changeset/chilly-glasses-occur.md

@@ -0,0 +1,8 @@
+---
+'@verdaccio/api': patch
+'@verdaccio/core': patch
+'@verdaccio/server-fastify': patch
+'@verdaccio/store': patch
+---
+
+fix: abbreviated headers handle quality values

.changeset/chilly-trains-juggle.md

@@ -0,0 +1,8 @@
+---
+'@verdaccio/config': patch
+---
+
+Respect the `changePassword` configuration flag to enable changing the password through the web API.
+
+> **Note**
+> This feature is still experimental and not fully supported in the default web application.

.changeset/clever-pugs-warn.md

@@ -0,0 +1,11 @@
+---
+'@verdaccio/cli': major
+'@verdaccio/core': major
+'@verdaccio/types': major
+'@verdaccio/logger': major
+'@verdaccio/logger-prettify': major
+'verdaccio-audit': major
+'@verdaccio/eslint-config': major
+---
+
+feat: migrate to pino.js 8

.changeset/config.json

@@ -2,9 +2,17 @@
   "$schema": "https://unpkg.com/@changesets/config@1.3.0/schema.json",
   "changelog": "@changesets/cli/changelog",
   "commit": false,
-  "linked": [],
+  "fixed": [
+    [
+      "verdaccio",
+      "@verdaccio/cli",
+      "@verdaccio/core",
+      "@verdaccio/config",
+      "@verdaccio/node-api",
+      "@verdaccio/ui-theme"
+    ]
+  ],
   "access": "public",
   "baseBranch": "master",
-  "updateInternalDependencies": "patch",
-  "ignore": []
+  "updateInternalDependencies": "patch"
 }

.changeset/dry-planes-tap.md

@@ -3,10 +3,9 @@
 '@verdaccio/auth': major
 '@verdaccio/cli': major
 '@verdaccio/config': major
-'@verdaccio/commons-api': major
 '@verdaccio/core': major
 '@verdaccio/local-storage': major
-'@verdaccio/fastify-migration': major
+'@verdaccio/server-fastify': major
 '@verdaccio/streams': major
 '@verdaccio/types': major
 '@verdaccio/hooks': major
@@ -19,7 +18,6 @@
 '@verdaccio/server': major
 '@verdaccio/store': major
 '@verdaccio/eslint-config': major
-'@verdaccio/dev-types': major
 '@verdaccio/utils': major
 'verdaccio': major
 '@verdaccio/web': major

.changeset/dull-monkeys-search.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-theme': patch
+---
+
+show verdaccio logo in the footer even when custom brand is set

.changeset/early-jokes-nail.md

@@ -0,0 +1,76 @@
+---
+'@verdaccio/api': major
+'@verdaccio/auth': major
+'@verdaccio/config': major
+'@verdaccio/types': major
+'@verdaccio/loaders': major
+'@verdaccio/node-api': major
+'verdaccio-audit': major
+'verdaccio-auth-memory': major
+'verdaccio-htpasswd': major
+'@verdaccio/local-storage': major
+'verdaccio-memory': major
+'@verdaccio/server': major
+'@verdaccio/server-fastify': major
+'@verdaccio/store': major
+'@verdaccio/test-helper': major
+'customprefix-auth': major
+'verdaccio': major
+'@verdaccio/web': major
+---
+
+feat(plugins): improve plugin loader
+
+### Changes
+
+- Add scope plugin support to 6.x https://github.com/verdaccio/verdaccio/pull/3227
+- Avoid config collisions https://github.com/verdaccio/verdaccio/issues/928
+- https://github.com/verdaccio/verdaccio/issues/1394
+- `config.plugins` plugin path validations
+- Updated algorithm for plugin loader.
+- improved documentation (included dev)
+
+## Features
+
+- Add scope plugin support to 6.x https://github.com/verdaccio/verdaccio/pull/3227
+- Custom prefix:
+
+```
+// config.yaml
+server:
+  pluginPrefix: mycompany
+middleware:
+  audit:
+      foo: 1
+```
+
+This configuration will look up for `mycompany-audit` instead `Verdaccio-audit`.
+
+## Breaking Changes
+
+### sinopia plugins
+
+- `sinopia` fallback support is removed, but can be restored using `pluginPrefix`
+
+### plugin filter
+
+- method rename `filter_metadata`->`filterMetadata`
+
+### Plugin constructor does not merge configs anymore https://github.com/verdaccio/verdaccio/issues/928
+
+The plugin receives as first argument `config`, which represents the config of the plugin. Example:
+
+```
+// config.yaml
+auth:
+  plugin:
+     foo: 1
+     bar: 2
+
+export class Plugin<T> {
+  public constructor(config: T, options: PluginOptions) {
+    console.log(config);
+    // {foo:1, bar: 2}
+ }
+}
+```

.changeset/eight-bottles-own.md

@@ -0,0 +1,8 @@
+---
+'@verdaccio/middleware': patch
+'@verdaccio/server': patch
+'@verdaccio/test-helper': patch
+'@verdaccio/local-publish': patch
+---
+
+fix: extract logger from middleware

.changeset/eleven-spoons-matter.md

@@ -7,7 +7,7 @@
 '@verdaccio/file-locking': major
 'verdaccio-htpasswd': major
 '@verdaccio/readme': major
-'@verdaccio/fastify-migration': major
+'@verdaccio/server-fastify': major
 '@verdaccio/streams': major
 '@verdaccio/tarball': major
 '@verdaccio/types': major
@@ -16,7 +16,6 @@
 '@verdaccio/loaders': major
 '@verdaccio/logger': major
 '@verdaccio/middleware': major
-'@verdaccio/mock': major
 '@verdaccio/node-api': major
 '@verdaccio/active-directory': major
 'verdaccio-audit': major
@@ -28,7 +27,6 @@
 '@verdaccio/server': major
 '@verdaccio/cli-standalone': major
 '@verdaccio/store': major
-'@verdaccio/dev-types': major
 '@verdaccio/utils': major
 'verdaccio': major
 '@verdaccio/web': major

.changeset/famous-bikes-kneel.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-theme': patch
+---
+
+chore: improve info regarding using private registries

.changeset/famous-tigers-doubt.md

@@ -0,0 +1,42 @@
+---
+'@verdaccio/api': patch
+'@verdaccio/auth': patch
+'@verdaccio/cli': patch
+'@verdaccio/core': patch
+'@verdaccio/file-locking': patch
+'@verdaccio/readme': patch
+'@verdaccio/tarball': patch
+'@verdaccio/types': patch
+'@verdaccio/url': patch
+'@verdaccio/hooks': patch
+'@verdaccio/loaders': patch
+'@verdaccio/logger': patch
+'@verdaccio/node-api': patch
+'verdaccio-audit': patch
+'verdaccio-auth-memory': patch
+'verdaccio-htpasswd': patch
+'@verdaccio/local-storage': patch
+'verdaccio-memory': patch
+'@verdaccio/ui-theme': patch
+'@verdaccio/proxy': patch
+'@verdaccio/server': patch
+'@verdaccio/server-fastify': patch
+'@verdaccio/cli-standalone': patch
+'@verdaccio/store': patch
+'docusaurus-plugin-contributors': patch
+'@verdaccio/test-helper': patch
+'verdaccio': patch
+'@verdaccio/web': patch
+'@verdaccio/test-cli-commons': patch
+'@verdaccio/e2e-cli-npm6': patch
+'@verdaccio/e2e-cli-npm7': patch
+'@verdaccio/e2e-cli-npm8': patch
+'@verdaccio/e2e-cli-pnpm6': patch
+'@verdaccio/e2e-cli-pnpm7': patch
+'@verdaccio/e2e-cli-yarn1': patch
+'@verdaccio/e2e-cli-yarn2': patch
+'@verdaccio/e2e-cli-yarn3': patch
+'@verdaccio/e2e-cli-yarn4': patch
+---
+
+fix(deps): @verdaccio/utils should be a prod dep of local-storage

.changeset/few-cooks-destroy.md

@@ -3,7 +3,6 @@
 '@verdaccio/auth': major
 '@verdaccio/cli': major
 '@verdaccio/config': major
-'@verdaccio/commons-api': major
 '@verdaccio/file-locking': major
 'verdaccio-htpasswd': major
 '@verdaccio/local-storage': major
@@ -15,7 +14,6 @@
 '@verdaccio/logger': major
 '@verdaccio/logger-prettify': major
 '@verdaccio/middleware': major
-'@verdaccio/mock': major
 '@verdaccio/node-api': major
 '@verdaccio/active-directory': major
 'verdaccio-audit': major
@@ -26,11 +24,9 @@
 '@verdaccio/proxy': major
 '@verdaccio/server': major
 '@verdaccio/store': major
-'@verdaccio/dev-types': major
 '@verdaccio/utils': major
 'verdaccio': major
 '@verdaccio/web': major
-'@verdaccio/website': major
 ---
 
 feat!: experiments config renamed to flags

.changeset/fifty-stingrays-fold.md

@@ -0,0 +1,25 @@
+---
+'@verdaccio/api': minor
+'@verdaccio/auth': minor
+'@verdaccio/cli': minor
+'@verdaccio/types': minor
+'@verdaccio/hooks': minor
+'@verdaccio/loaders': minor
+'@verdaccio/middleware': minor
+'@verdaccio/node-api': minor
+'verdaccio-audit': minor
+'verdaccio-auth-memory': minor
+'verdaccio-htpasswd': minor
+'@verdaccio/local-storage': minor
+'@verdaccio/proxy': minor
+'@verdaccio/server': minor
+'@verdaccio/server-fastify': minor
+'@verdaccio/store': minor
+'verdaccio': minor
+'@verdaccio/web': minor
+'@verdaccio/logger': minor
+'@verdaccio/logger-7': minor
+'@verdaccio/logger-commons': minor
+---
+
+feat: refactor logger

.changeset/fluffy-papayas-lay.md

@@ -0,0 +1,10 @@
+---
+'@verdaccio/config': patch
+'@verdaccio/core': patch
+'@verdaccio/tarball': patch
+'@verdaccio/url': patch
+'@verdaccio/store': patch
+'@verdaccio/utils': patch
+---
+
+fix: build targets for 5x modules

.changeset/forty-students-refuse.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/logger-7': patch
+---
+
+bump up @verdaccio/logger-7

.changeset/four-ways-try.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-theme': minor
+---
+
+feat: upgrade to react 18

.changeset/fresh-chicken-rush.md

@@ -0,0 +1,8 @@
+---
+'@verdaccio/types': patch
+'@verdaccio/middleware': patch
+'@verdaccio/server': patch
+'@verdaccio/ui-components': patch
+---
+
+fix: missing version on footer

.changeset/fuzzy-onions-draw.md

@@ -1,6 +1,6 @@
 ---
 '@verdaccio/api': minor
-'@verdaccio/fastify-migration': minor
+'@verdaccio/server-fastify': minor
 '@verdaccio/hooks': minor
 '@verdaccio/logger-prettify': minor
 '@verdaccio/proxy': minor

.changeset/gentle-trains-switch.md

@@ -3,7 +3,6 @@
 '@verdaccio/auth': major
 '@verdaccio/cli': major
 '@verdaccio/config': major
-'@verdaccio/commons-api': major
 '@verdaccio/file-locking': major
 'verdaccio-htpasswd': major
 '@verdaccio/local-storage': major
@@ -15,12 +14,10 @@
 '@verdaccio/logger': major
 '@verdaccio/logger-prettify': major
 '@verdaccio/middleware': major
-'@verdaccio/mock': major
 '@verdaccio/node-api': major
 '@verdaccio/proxy': major
 '@verdaccio/server': major
 '@verdaccio/store': major
-'@verdaccio/dev-types': major
 '@verdaccio/utils': major
 'verdaccio': major
 '@verdaccio/web': major

.changeset/giant-apples-laugh.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/core': patch
+---
+
+fix: minor typo on warning message

.changeset/giant-years-trade.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/test-cli-commons': minor
+'@verdaccio/config': minor
+---
+
+chore: rollback yaml dep support old nodejs versions

.changeset/green-yaks-divide.md

@@ -0,0 +1,29 @@
+---
+'@verdaccio/api': minor
+'@verdaccio/cli': minor
+'@verdaccio/core': minor
+'@verdaccio/node-api': minor
+'@verdaccio/server': minor
+'@verdaccio/server-fastify': minor
+'verdaccio': minor
+---
+
+chore: env variable for launch fastify
+
+- Update fastify to major release `v4.3.0`
+- Update CLI launcher
+
+via CLI
+
+```
+VERDACCIO_SERVER=fastify verdaccio
+```
+
+with docker
+
+```
+docker run -it --rm --name verdaccio \
+  -e "VERDACCIO_SERVER=8080" -p 8080:8080 \
+  -e "VERDACCIO_SERVER=fastify" \
+  verdaccio/verdaccio
+```

.changeset/healthy-pants-smash.md

@@ -0,0 +1,7 @@
+---
+'@verdaccio/ui-theme': patch
+'@verdaccio/test-helper': patch
+'@verdaccio/web': patch
+---
+
+fix: #3174 set correctly ui values to html render

.changeset/heavy-ravens-lay.md

@@ -1,6 +1,6 @@
 ---
 '@verdaccio/cli': minor
-'@verdaccio/fastify-migration': minor
+'@verdaccio/server-fastify': minor
 ---
 
 [Fastify] Add ping endpoint

.changeset/hip-hounds-destroy.md

@@ -6,7 +6,6 @@
 '@verdaccio/auth': patch
 '@verdaccio/cli': patch
 '@verdaccio/config': patch
-'@verdaccio/commons-api': patch
 '@verdaccio/file-locking': patch
 'verdaccio-htpasswd': patch
 '@verdaccio/readme': patch
@@ -17,7 +16,6 @@
 '@verdaccio/logger': patch
 '@verdaccio/logger-prettify': patch
 '@verdaccio/middleware': patch
-'@verdaccio/mock': patch
 '@verdaccio/node-api': patch
 '@verdaccio/active-directory': patch
 'verdaccio-audit': patch
@@ -27,13 +25,9 @@
 'verdaccio-memory': patch
 '@verdaccio/proxy': patch
 '@verdaccio/store': patch
-'@verdaccio/dev-types': patch
 '@verdaccio/utils': patch
 'verdaccio': patch
 '@verdaccio/web': patch
-'@verdaccio/e2e-cli': patch
-'@verdaccio/e2e-ui': patch
-'@verdaccio/website': patch
 ---
 
 chore: add release step to private regisry on merge changeset pr

.changeset/honest-maps-hear.md

@@ -0,0 +1,7 @@
+---
+'@verdaccio/test-cli-commons': patch
+'@verdaccio/e2e-ui': patch
+'verdaccio': patch
+---
+
+fix: get-port missing dep

.changeset/khaki-carrots-crash.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/ui-theme': minor
+'@verdaccio/ui-components': minor
+---
+
+feat: ui bugfixes and improvements

.changeset/kind-ladybugs-admire.md

@@ -0,0 +1,8 @@
+---
+'@verdaccio/auth': minor
+'@verdaccio/config': minor
+'@verdaccio/signature': minor
+'@verdaccio/ui-components': minor
+---
+
+feat: signature package

.changeset/light-pumas-brake.md

@@ -0,0 +1,7 @@
+---
+'@verdaccio/ui-theme': minor
+'@verdaccio/server-fastify': minor
+'@verdaccio/web': minor
+---
+
+feat: parse and sanitize on ui

.changeset/lovely-drinks-argue.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/loaders': patch
+---
+
+always create plugin instance with new

.changeset/many-vans-care.md

@@ -1,6 +1,5 @@
 ---
 '@verdaccio/tarball': patch
-'@verdaccio/mock': patch
 '@verdaccio/ui-theme': patch
 '@verdaccio/server': patch
 '@verdaccio/utils': patch

.changeset/modern-maps-lie.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-theme': patch
+---
+
+Hide search icon on medium or larger devices

.changeset/moody-clocks-roll.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/cli': patch
+---
+
+fix: version with breakline

.changeset/neat-toes-report.md

@@ -3,7 +3,6 @@
 '@verdaccio/auth': minor
 '@verdaccio/cli': minor
 '@verdaccio/config': minor
-'@verdaccio/commons-api': minor
 '@verdaccio/file-locking': minor
 'verdaccio-htpasswd': minor
 '@verdaccio/local-storage': minor
@@ -15,7 +14,6 @@
 '@verdaccio/logger': minor
 '@verdaccio/logger-prettify': minor
 '@verdaccio/middleware': minor
-'@verdaccio/mock': minor
 '@verdaccio/node-api': minor
 '@verdaccio/active-directory': minor
 'verdaccio-audit': minor
@@ -27,7 +25,6 @@
 '@verdaccio/proxy': minor
 '@verdaccio/server': minor
 '@verdaccio/store': minor
-'@verdaccio/dev-types': minor
 '@verdaccio/utils': minor
 'verdaccio': minor
 '@verdaccio/web': minor

.changeset/old-apples-fail.md

@@ -0,0 +1,8 @@
+---
+'@verdaccio/types': patch
+'@verdaccio/middleware': patch
+'@verdaccio/ui-theme': patch
+'@verdaccio/web': patch
+---
+
+fix: missing logo on header

.changeset/orange-cows-pull.md

@@ -0,0 +1,27 @@
+---
+'@verdaccio/types': major
+'@verdaccio/ui-theme': major
+'@verdaccio/ui-components': major
+---
+
+feat(web): components for custom user interfaces
+
+Provides a package that includes all components from the user interface, instead being embedded at the `@verdaccio/ui-theme` package.
+
+```
+npm i -D @verdaccio/ui-components
+```
+
+The package contains
+
+- Components
+- Providers
+- Redux Storage
+- Layouts (precomposed layouts ready to use)
+- Custom Material Theme
+
+The `@verdaccio/ui-theme` will consume this package and will use only those are need it.
+
+> Prerequisites are using Redux, Material-UI and Translations with `i18next`.
+
+Users could have their own Material UI theme and build custom layouts, adding new features without the need to modify the default project.

.changeset/orange-flowers-cover.md

@@ -0,0 +1,43 @@
+---
+'@verdaccio/config': minor
+'@verdaccio/types': minor
+'@verdaccio/ui-theme': minor
+---
+
+feat: rework web header for mobile, add new settings and raw manifest button
+
+### New set of variables to hide features
+
+Add set of new variables that allow hide different parts of the UI, buttons, footer or download tarballs. _All are
+enabled by default_.
+
+```yaml
+# login: true <-- already exist but worth the reminder
+# showInfo: true
+# showSettings: true
+# In combination with darkMode you can force specific theme
+# showThemeSwitch: true
+# showFooter: true
+# showSearch: true
+# showDownloadTarball: true
+```
+
+> If you disable `showThemeSwitch` and force `darkMode: true` the local storage settings would be
+> ignored and force all themes to the one in the configuration file.
+
+Future could be extended to
+
+### Raw button to display manifest package
+
+A new experimental feature (enabled by default), button named RAW to be able navigate on the package manifest directly on the ui, kudos to [react-json-view](https://www.npmjs.com/package/react-json-view) that allows an easy integration, not configurable yet until get more feedback.
+
+```yaml
+showRaw: true
+```
+
+#### Rework header buttons
+
+- The header has been rework, the mobile was not looking broken.
+- Removed info button in the header and moved to a dialog
+- Info dialog now contains more information about the project, license and the aid content for Ukrania now is inside of the info modal.
+- Separate settings and info to avoid collapse too much info (for mobile still need some work)

.changeset/perfect-candles-clap.md

@@ -6,7 +6,7 @@
 '@verdaccio/core': minor
 'verdaccio-htpasswd': minor
 '@verdaccio/local-storage': minor
-'@verdaccio/fastify-migration': minor
+'@verdaccio/server-fastify': minor
 '@verdaccio/tarball': minor
 '@verdaccio/types': minor
 '@verdaccio/url': minor
@@ -14,7 +14,6 @@
 '@verdaccio/loaders': minor
 '@verdaccio/logger': minor
 '@verdaccio/middleware': minor
-'@verdaccio/mock': minor
 '@verdaccio/node-api': minor
 '@verdaccio/active-directory': minor
 'verdaccio-auth-memory': minor

.changeset/plenty-spiders-melt.md

@@ -3,7 +3,6 @@
 '@verdaccio/auth': minor
 '@verdaccio/cli': minor
 '@verdaccio/config': minor
-'@verdaccio/commons-api': minor
 '@verdaccio/file-locking': minor
 'verdaccio-htpasswd': minor
 '@verdaccio/local-storage': minor
@@ -15,16 +14,13 @@
 '@verdaccio/logger': minor
 '@verdaccio/logger-prettify': minor
 '@verdaccio/middleware': minor
-'@verdaccio/mock': minor
 '@verdaccio/node-api': minor
 '@verdaccio/proxy': minor
 '@verdaccio/server': minor
 '@verdaccio/store': minor
-'@verdaccio/dev-types': minor
 '@verdaccio/utils': minor
 'verdaccio': minor
 '@verdaccio/web': minor
-'@verdaccio/website': minor
 ---
 
 feat: add typescript project references settings

.changeset/poor-suns-film.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/core': patch
+---
+
+fix(core): fix `isObject` function.`isObject(true)` should return false.

.changeset/pre.json

@@ -9,15 +9,12 @@
     "@verdaccio/file-locking": "11.0.0-alpha.0",
     "verdaccio-htpasswd": "11.0.0-alpha.0",
     "@verdaccio/local-storage": "11.0.0-alpha.0",
-    "@verdaccio/readme": "11.0.0-alpha.0",
-    "@verdaccio/streams": "11.0.0-alpha.0",
     "@verdaccio/types": "11.0.0-alpha.0",
     "@verdaccio/hooks": "6.0.0-alpha.0",
     "@verdaccio/loaders": "6.0.0-alpha.0",
     "@verdaccio/logger": "6.0.0-alpha.0",
     "@verdaccio/logger-prettify": "6.0.0-alpha.0",
     "@verdaccio/middleware": "6.0.0-alpha.0",
-    "@verdaccio/mock": "6.0.0-alpha.0",
     "@verdaccio/node-api": "6.0.0-alpha.0",
     "@verdaccio/proxy": "6.0.0-alpha.0",
     "@verdaccio/server": "6.0.0-alpha.0",
@@ -33,77 +30,158 @@
     "verdaccio-google-cloud": "11.0.0-alpha.0",
     "verdaccio-memory": "11.0.0-alpha.0",
     "@verdaccio/ui-theme": "6.0.0-alpha.1",
-    "@verdaccio/e2e-cli": "1.0.0",
-    "@verdaccio/e2e-ui": "1.0.0",
     "@verdaccio/cli-standalone": "6.0.0-alpha.3",
     "@verdaccio/tarball": "11.0.0-alpha.3",
     "@verdaccio/url": "11.0.0-alpha.3",
-    "@verdaccio/fastify-migration": "6.0.0-6-next.9",
-    "@verdaccio/eslint-config": "1.0.0",
-    "@verdaccio/benchmark": "1.0.0",
+    "@verdaccio/ui-components": "2.0.0-alpha.0",
+    "@verdaccio/server-fastify": "6.0.0-6-next.9",
+    "@verdaccio/eslint-config": "2.0.0-alpha.0",
     "@verdaccio/core": "6.0.0-next.0",
-    "@verdaccio/helper": "1.0.0",
+    "@verdaccio/test-helper": "1.0.0",
     "docusaurus-plugin-contributors": "1.0.0",
-    "@verdaccio/website": "5.4.0"
+    "@verdaccio/website": "5.4.0",
+    "@verdaccio/test-cli-commons": "1.0.1-6-next.1",
+    "@verdaccio/e2e-cli-npm6": "1.0.1-6-next.1",
+    "@verdaccio/e2e-cli-npm7": "1.0.1-6-next.1",
+    "@verdaccio/e2e-cli-npm8": "1.0.1-6-next.1",
+    "@verdaccio/e2e-cli-pnpm6": "1.0.1-6-next.1",
+    "@verdaccio/e2e-cli-pnpm7": "1.0.1-6-next.1",
+    "@verdaccio/e2e-cli-yarn1": "1.0.1-6-next.1",
+    "@verdaccio/e2e-cli-yarn2": "1.0.1-6-next.1",
+    "@verdaccio/e2e-cli-yarn3": "1.0.1-6-next.1",
+    "@verdaccio/e2e-cli-yarn4": "1.0.1-6-next.1",
+    "@verdaccio/local-publish": "0.0.1",
+    "@verdaccio/e2e-cli-npm9": "1.0.1-6-next.5",
+    "@verdaccio/e2e-ui": "2.0.0-6-next.3",
+    "customprefix-auth": "0.0.1",
+    "@verdaccio/crowdin-translations": "1.0.0",
+    "@verdaccio/logger-7": "6.0.0-6-next.1",
+    "@verdaccio/logger-commons": "6.0.0-6-next.25",
+    "@verdaccio/e2e-cli-pnpm8": "1.0.1-6-next.6",
+    "@verdaccio/signature": "6.0.0-6-next.1",
+    "@verdaccio/search": "6.0.0-6-next.1"
   },
   "changesets": [
     "afraid-mice-obey",
+    "angry-nails-appear",
     "big-lobsters-sin",
+    "big-years-repair",
+    "blue-cobras-study",
+    "brave-seahorses-press",
     "bright-poems-obey",
+    "brown-cycles-laugh",
+    "brown-pandas-wink",
     "calm-pants-impress",
+    "chatty-pillows-perform",
+    "chilled-ways-fetch",
+    "chilly-glasses-occur",
+    "chilly-trains-juggle",
+    "clever-pugs-warn",
     "dry-planes-tap",
+    "dull-monkeys-search",
+    "early-jokes-nail",
+    "eight-bottles-own",
     "eleven-brooms-hunt",
     "eleven-spoons-matter",
     "fair-lemons-beam",
+    "famous-bikes-kneel",
+    "famous-tigers-doubt",
     "few-cooks-destroy",
     "few-mangos-grow",
     "fifty-jars-rest",
+    "fifty-stingrays-fold",
+    "fluffy-papayas-lay",
+    "forty-students-refuse",
+    "four-ways-try",
+    "fresh-chicken-rush",
     "fuzzy-drinks-taste",
     "fuzzy-onions-draw",
     "gentle-parrots-lay",
     "gentle-trains-switch",
+    "giant-apples-laugh",
+    "giant-years-trade",
     "gold-vans-tease",
+    "green-yaks-divide",
     "healthy-bikes-behave",
+    "healthy-pants-smash",
     "healthy-poets-compare",
     "heavy-ravens-lay",
     "hip-hounds-destroy",
+    "honest-maps-hear",
+    "khaki-carrots-crash",
     "kind-bears-nail",
+    "kind-ladybugs-admire",
     "late-adults-love",
     "late-parents-act",
+    "light-pumas-brake",
     "light-walls-begin",
     "little-stingrays-rule",
     "loud-shoes-jog",
+    "lovely-drinks-argue",
     "many-vans-care",
+    "modern-maps-lie",
     "modern-spies-tell",
+    "moody-clocks-roll",
     "neat-toes-report",
     "neat-toys-float",
+    "old-apples-fail",
     "olive-candles-speak",
+    "orange-cows-pull",
+    "orange-flowers-cover",
     "perfect-candles-clap",
     "perfect-emus-clean",
     "perfect-kangaroos-agree",
     "plenty-news-remember",
     "plenty-spiders-melt",
     "plenty-tables-refuse",
+    "poor-suns-film",
+    "pretty-clouds-help",
     "pretty-hounds-tap",
     "proud-jeans-walk",
+    "proud-jobs-hope",
+    "rare-planets-travel",
     "red-chefs-float",
     "red-yaks-sell",
+    "rich-badgers-begin",
     "rich-ghosts-rule",
     "shaggy-carrots-unite",
     "shaggy-parrots-smash",
     "shiny-chefs-heal",
+    "shy-ducks-cover",
+    "silly-moose-watch",
+    "six-boats-sparkle",
+    "slimy-eggs-explain",
+    "slow-carrots-relate",
+    "slow-snails-sniff",
     "smart-apricots-kneel",
+    "smart-beds-cross",
+    "smooth-owls-pump",
     "sour-buses-shout",
+    "sour-maps-live",
     "spicy-frogs-press",
+    "spicy-radios-remain",
     "spicy-snakes-sip",
+    "strange-ladybugs-nail",
+    "strong-socks-type",
+    "stupid-sloths-leave",
     "swift-pumpkins-knock",
     "ten-parents-breathe",
     "tender-bags-call",
+    "tender-pots-yawn",
+    "tender-tigers-hammer",
     "thick-countries-move",
+    "thick-geese-wash",
+    "thick-readers-hang",
     "three-moles-drop",
     "three-pots-sit",
     "tiny-seals-join",
+    "tough-days-search",
+    "tricky-taxis-watch",
+    "twelve-crabs-guess",
     "two-dolls-check",
-    "wild-jokes-beam"
+    "unlucky-hairs-wonder",
+    "weak-mangos-taste",
+    "wild-jokes-beam",
+    "witty-ties-speak"
   ]
 }

.changeset/pretty-clouds-help.md

@@ -0,0 +1,9 @@
+---
+'@verdaccio/config': minor
+'@verdaccio/core': minor
+'@verdaccio/types': minor
+'@verdaccio/server': minor
+'@verdaccio/store': minor
+---
+
+feat: trustProxy property

.changeset/pretty-hounds-tap.md

@@ -3,7 +3,6 @@
 '@verdaccio/auth': patch
 '@verdaccio/cli': patch
 '@verdaccio/config': patch
-'@verdaccio/commons-api': patch
 '@verdaccio/file-locking': patch
 'verdaccio-htpasswd': patch
 '@verdaccio/local-storage': patch
@@ -19,7 +18,6 @@
 '@verdaccio/proxy': patch
 '@verdaccio/server': patch
 '@verdaccio/store': patch
-'@verdaccio/dev-types': patch
 '@verdaccio/utils': patch
 'verdaccio': patch
 '@verdaccio/web': patch

.changeset/proud-jeans-walk.md

@@ -1,9 +1,8 @@
 ---
 'verdaccio-htpasswd': patch
 '@verdaccio/local-storage': patch
-'@verdaccio/fastify-migration': patch
+'@verdaccio/server-fastify': patch
 '@verdaccio/hooks': patch
-'@verdaccio/mock': patch
 '@verdaccio/node-api': patch
 ---
 

.changeset/proud-jobs-hope.md

@@ -0,0 +1,42 @@
+---
+'@verdaccio/api': major
+'@verdaccio/cli': major
+'@verdaccio/config': major
+'@verdaccio/core': major
+'@verdaccio/types': major
+'@verdaccio/logger': major
+'@verdaccio/node-api': major
+'verdaccio-aws-s3-storage': major
+'verdaccio-google-cloud': major
+'verdaccio-htpasswd': major
+'@verdaccio/local-storage': major
+'verdaccio-memory': major
+'@verdaccio/ui-theme': major
+'@verdaccio/proxy': major
+'@verdaccio/server': major
+'verdaccio': major
+'@verdaccio/web': major
+---
+
+feat!: config.logs throw an error, logging config not longer accept array or logs property
+
+### 💥 Breaking change
+
+This is valid
+
+```yaml
+log: { type: stdout, format: pretty, level: http }
+```
+
+This is invalid
+
+```yaml
+logs: { type: stdout, format: pretty, level: http }
+```
+
+or
+
+```yaml
+logs:
+  - [{ type: stdout, format: pretty, level: http }]
+```

.changeset/rare-planets-travel.md

@@ -0,0 +1,9 @@
+---
+'@verdaccio/config': minor
+'@verdaccio/core': minor
+'@verdaccio/types': minor
+'@verdaccio/signature': minor
+'@verdaccio/test-helper': minor
+---
+
+feat: add forceEnhancedLegacySignature

.changeset/rich-badgers-begin.md

@@ -0,0 +1,9 @@
+---
+'@verdaccio/api': minor
+'@verdaccio/url': minor
+'@verdaccio/store': minor
+'@verdaccio/test-helper': minor
+'verdaccio': minor
+---
+
+refactor: npm star command support reimplemented

.changeset/rich-ghosts-rule.md

@@ -1,10 +1,8 @@
 ---
 '@verdaccio/types': major
 '@verdaccio/ui-theme': major
-'@verdaccio/dev-types': major
 '@verdaccio/web': major
 '@verdaccio/e2e-ui': major
-'@verdaccio/website': major
 ---
 
 feat: upgrade to material ui 5

.changeset/shy-ducks-cover.md

@@ -0,0 +1,13 @@
+---
+'@verdaccio/api': minor
+'@verdaccio/auth': minor
+'@verdaccio/config': minor
+'@verdaccio/core': minor
+'@verdaccio/types': minor
+'@verdaccio/server-fastify': minor
+'@verdaccio/store': minor
+'@verdaccio/utils': minor
+'@verdaccio/web': minor
+---
+
+feat: add passwordValidationRegex property

.changeset/silly-moose-watch.md

@@ -0,0 +1,5 @@
+---
+'verdaccio-htpasswd': patch
+---
+
+fix wrong htpasswd file location

.changeset/six-boats-sparkle.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/search': minor
+---
+
+feat: add search package utilities

.changeset/slimy-eggs-explain.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/logger-commons': patch
+---
+
+fix: restore wrong dependency version

.changeset/slow-carrots-relate.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/config': minor
+'@verdaccio/web': minor
+---
+
+feat(web): add a config item to web，let the developer can select whet……her enable the html cache

.changeset/slow-snails-sniff.md

@@ -0,0 +1,7 @@
+---
+'@verdaccio/api': patch
+'@verdaccio/ui-theme': patch
+'@verdaccio/web': patch
+---
+
+fix: improve abort request search

.changeset/smart-beds-cross.md

@@ -0,0 +1,20 @@
+---
+'@verdaccio/api': minor
+'@verdaccio/config': minor
+'@verdaccio/core': minor
+'@verdaccio/types': minor
+'@verdaccio/local-storage': minor
+'@verdaccio/ui-theme': minor
+'@verdaccio/proxy': minor
+'@verdaccio/server': minor
+'@verdaccio/store': minor
+'@verdaccio/test-helper': minor
+'@verdaccio/web': minor
+---
+
+feat: ui search support for remote, local and private packages
+
+The command `npm search` search globally and return all matches, with this improvement the user interface
+is powered with the same capabilities.
+
+The UI also tag where is the origin the package with a tag, also provide the latest version and description of the package.

.changeset/smooth-owls-pump.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-theme': patch
+---
+
+ui: basic grammatical fixes in the Ukraine Message

.changeset/sour-buses-shout.md

@@ -1,9 +1,8 @@
 ---
-'@verdaccio/fastify-migration': minor
+'@verdaccio/server-fastify': minor
 '@verdaccio/store': minor
 '@verdaccio/utils': minor
 '@verdaccio/web': minor
-'@verdaccio/website': minor
 ---
 
 feat: migrate web sidebar endpoint to fastify

.changeset/sour-maps-live.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-theme': patch
+---
+
+Add links to "Current Tags" and sort them in descending order

.changeset/spicy-radios-remain.md

@@ -0,0 +1,9 @@
+---
+'@verdaccio/logger': patch
+'@verdaccio/logger-7': patch
+'@verdaccio/logger-commons': patch
+'@verdaccio/logger-prettify': patch
+'@verdaccio/middleware': patch
+---
+
+bump logger packages

.changeset/strange-ladybugs-nail.md

@@ -0,0 +1,9 @@
+---
+'@verdaccio/types': minor
+---
+
+feat: add dist.signatures to core/types
+
+According to [`npm`](https://docs.npmjs.com/about-registry-signatures): _"Signatures are provided in the package's `packument` in each published version within the `dist` object"_
+
+Here's an [example of a package version from the public npm registry with `dist.signatures`](https://registry.npmjs.org/light-cycle/1.4.3).

.changeset/strong-socks-type.md

@@ -0,0 +1,7 @@
+---
+'@verdaccio/ui-theme': major
+'@verdaccio/ui-components': major
+'@verdaccio/web': major
+---
+
+fix package configuration issues

.changeset/stupid-sloths-leave.md

@@ -0,0 +1,7 @@
+---
+'@verdaccio/logger-7': patch
+'@verdaccio/logger-commons': patch
+'@verdaccio/logger-prettify': patch
+---
+
+fix: restore pino legacy version

.changeset/ten-parents-breathe.md

@@ -1,6 +1,6 @@
 ---
 '@verdaccio/auth': minor
-'@verdaccio/fastify-migration': minor
+'@verdaccio/server-fastify': minor
 '@verdaccio/web': minor
 ---
 

.changeset/tender-pots-yawn.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-theme': patch
+---
+
+fix menuKey for Khmer language

.changeset/tender-tigers-hammer.md

@@ -0,0 +1,7 @@
+---
+'@verdaccio/auth': minor
+'@verdaccio/core': minor
+'verdaccio-htpasswd': minor
+---
+
+feat: async bcrypt hash

.changeset/thick-geese-wash.md

@@ -0,0 +1,21 @@
+---
+'@verdaccio/api': minor
+'@verdaccio/auth': minor
+'@verdaccio/config': minor
+'@verdaccio/core': minor
+'@verdaccio/url': minor
+'@verdaccio/middleware': minor
+'@verdaccio/local-storage': minor
+'@verdaccio/web': minor
+---
+
+chore: move improvements from v5 to v6
+
+Migrate improvements form v5 to v6:
+
+- https://github.com/verdaccio/verdaccio/pull/3158
+- https://github.com/verdaccio/verdaccio/pull/3151
+- https://github.com/verdaccio/verdaccio/pull/2271
+- https://github.com/verdaccio/verdaccio/pull/2787
+- https://github.com/verdaccio/verdaccio/pull/2791
+- https://github.com/verdaccio/verdaccio/pull/2205

.changeset/thick-readers-hang.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-theme': patch
+---
+
+fix: fixes some style issues on mobile, particularly related to the Ukraine support message - [@s-h-a-d-o-w](https://github.com/s-h-a-d-o-w)

.changeset/three-pots-sit.md

@@ -3,7 +3,6 @@
 '@verdaccio/auth': patch
 '@verdaccio/cli': patch
 '@verdaccio/config': patch
-'@verdaccio/commons-api': patch
 '@verdaccio/file-locking': patch
 'verdaccio-htpasswd': patch
 '@verdaccio/local-storage': patch
@@ -14,12 +13,10 @@
 '@verdaccio/logger': patch
 '@verdaccio/logger-prettify': patch
 '@verdaccio/middleware': patch
-'@verdaccio/mock': patch
 '@verdaccio/node-api': patch
 '@verdaccio/proxy': patch
 '@verdaccio/server': patch
 '@verdaccio/store': patch
-'@verdaccio/dev-types': patch
 '@verdaccio/utils': patch
 'verdaccio': patch
 ---

.changeset/tough-days-search.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/ui-theme': patch
+'@verdaccio/ui-components': patch
+---
+
+fix: undefined field on missing count

.changeset/tricky-taxis-watch.md

@@ -0,0 +1,28 @@
+---
+'@verdaccio/api': minor
+'@verdaccio/types': minor
+'@verdaccio/local-storage': minor
+'@verdaccio/server-fastify': minor
+'@verdaccio/store': minor
+'@verdaccio/test-helper': minor
+'@verdaccio/web': minor
+---
+
+feat: implement abbreviated manifest
+
+Enable abbreviated manifest data by adding the header:
+
+```
+curl -H "Accept: application/vnd.npm.install-v1+json" https://registry.npmjs.org/verdaccio
+```
+
+It returns a filtered manifest, additionally includes the [time](https://github.com/pnpm/rfcs/pull/2) field by request.
+
+Current support for packages managers:
+
+- npm: yes
+- pnpm: yes
+- yarn classic: yes
+- yarn modern (+2.x): [no](https://github.com/yarnpkg/berry/pull/3981#issuecomment-1076566096)
+
+https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md#abbreviated-metadata-format

.changeset/twelve-crabs-guess.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/middleware': patch
+---
+
+chore: bumb up package

.changeset/unlucky-hairs-wonder.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-theme': patch
+---
+
+feat: Display publication time on sidebar

.changeset/weak-mangos-taste.md

@@ -0,0 +1,15 @@
+---
+'@verdaccio/api': minor
+'@verdaccio/config': minor
+'@verdaccio/types': minor
+'@verdaccio/hooks': minor
+'@verdaccio/middleware': minor
+'verdaccio-audit': minor
+'@verdaccio/proxy': minor
+'@verdaccio/server': minor
+'@verdaccio/store': minor
+'@verdaccio/web': minor
+'@verdaccio/ui-theme': minor
+---
+
+refactor: render html middleware

.changeset/witty-ties-speak.md

@@ -0,0 +1,11 @@
+---
+'@verdaccio/api': patch
+'@verdaccio/cli': patch
+'@verdaccio/core': patch
+'@verdaccio/types': patch
+'@verdaccio/store': patch
+'@verdaccio/test-helper': patch
+'@verdaccio/local-publish': patch
+---
+
+fix: handle upload scoped tarball

.eslintignore

@@ -11,3 +11,10 @@ wiki/
 dist/
 docs/
 test/functional/store/*
+docker-examples/**/lib/**/*.js
+test/cli/e2e-yarn4/bin/yarn-4.0.0-rc.14.cjs
+yarn.js
+# storybook
+packages/ui-components/storybook-static
+dist.js
+bundle.js

.github/ISSUE_TEMPLATE/config.yml

@@ -8,7 +8,4 @@ contact_links:
     about: I want to report a security vulnerability
   - name: Chat 🏘
     url: https://discord.gg/7qWJxBf
-    about: For a quick question you should do it through our community chat
-  - name: User Interface Report 👩🏼‍🎨👨🏼‍🎨
-    url: https://github.com/verdaccio/ui/issues/new/choose
-    about: Any report related with the User Interface should be posted in another repository
+    about: Quick question? Try out Discord chat, you can get faster feedback

.github/disabled/docker-plugins-e2e.yml

@@ -0,0 +1,39 @@
+name: E2E Docker Proxy Plugins Test
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - 'master'
+  schedule:
+    # run every sunday
+    - cron: '0 0 * * 0'
+jobs:
+  docker:
+    timeout-minutes: 10
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3
+      
+    - name: Start containers
+      run: docker-compose -f "./e2e/docker/docker-build-install-plugin/docker-compose.yaml" up -d --build
+
+    - name: Install node
+      uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3
+      with:
+        node-version: 18
+
+    - name: verdaccio cli
+      run: npm install -g verdaccio --registry=http://localhost:4873
+    - name: gastby cli 
+      run:  npm install -g gatsby-cli --registry http://localhost:4873
+    - name: netlify cli 
+      run:  npm install -g netlify-cli --registry http://localhost:4873
+    - name: angular cli 
+      run:  npm install -g @angular/cli --registry http://localhost:4873
+
+    - name: Stop containers
+      if: always()
+      run: docker-compose -f "./e2e/docker/docker-build-install-plugin/docker-compose.yaml" down

.github/workflows/benchmark.yml

@@ -1,171 +0,0 @@
----
-name: ci - benchmark
-
-on:
-  workflow_dispatch:
-  schedule:
-    # 3 times day
-    # collecting enough data to draw some graphics
-    - cron: '0 1 * * *'
-  # push:
-  #   branches:
-  #     - master
-jobs:
-  prepare: 
-    name: Prepare build
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 14.x
-      - name: install pnpm
-        run: sudo npm i pnpm@6.24.1 -g
-      - name: set store
-        run: | 
-          mkdir ~/.pnpm-store
-          pnpm config set store-dir ~/.pnpm-store     
-      - name: setup pnpm config registry
-        run: pnpm config set registry https://registry.verdaccio.org
-      - name: install dependencies
-        run: pnpm install
-      - name: Cache .pnpm-store
-        uses: actions/cache@v2
-        with:
-          path: ~/.pnpm-store
-          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
-          restore-keys: |
-            pnpm-              
-      - name: build
-        run: pnpm build
-      - name: tar packages
-        run: |      
-          tar -czvf ${{ github.workspace }}/pkg.tar.gz -C ${{ github.workspace }}/packages .
-      - uses: actions/upload-artifact@v2
-        with:
-          name: verdaccio-artifact
-          path: pkg.tar.gz
-  benchmark-autocannon:
-    needs: prepare
-    strategy:
-      fail-fast: false
-      matrix:
-        benchmark:
-          - info
-          - tarball
-        verdaccioVersion:
-          # - local
-          - 3.13.1
-          - 4.12.2
-          - 5.5.2
-          - 6.0.0-6-next.31
-    name: Benchmark autocannon
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 14.x
-      - uses: actions/download-artifact@v2
-        with:
-          name: verdaccio-artifact
-      - name: untar packages
-        run: tar -xzvf pkg.tar.gz -C ${{ github.workspace }}/packages          
-      - name: install pnpm
-        # require fixed version
-        run: sudo npm i pnpm@6.24.1 -g
-      - uses: actions/cache@v2
-        with:
-          path: ~/.pnpm-store
-          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}   
-      - name: install dependencies
-        run: pnpm install    
-      - name: start registry
-        run: ./scripts/benchmark-prepare.sh ${{matrix.verdaccioVersion}}        
-      - name: benchmark        
-        run: pnpm benchmark:api -- -v ${{matrix.verdaccioVersion}} -f ${{matrix.benchmark}}       
-        shell: bash
-        env:
-          DEBUG: metrics*
-      - uses: actions/upload-artifact@v2
-        with:
-          name: verdaccio-metrics-api
-          path: ./api-results-${{matrix.verdaccioVersion}}-${{matrix.benchmark}}.json  
-          if-no-files-found: error
-          retention-days: 10 
-      - name: submit metrics
-        run: pnpm benchmark:submit
-        env:
-          DEBUG: metrics
-          METRICS_SOURCE: autocannon
-          METRICS_URL: ${{ secrets.METRICS_URL }}
-          METRICS_TOKEN: ${{ secrets.METRICS_TOKEN }}
-          METRICS_BENCHMARK: ${{matrix.benchmark}}
-          METRICS_VERSION: ${{matrix.verdaccioVersion}}
-          METRICS_COMMIT_HASH: ${{ github.sha }}
-          METRICS_FILE_NAME: 'api-results'   
-  benchmark:
-    needs: prepare
-    strategy:
-      fail-fast: false
-      matrix:
-        benchmark:
-          - info
-          - tarball
-        verdaccioVersion:
-          # future 6.x (wip)
-          # - local (master branch)
-          # old versions to compare same test along previous releases
-          - 3.13.1
-          - 4.12.2
-          - 5.5.2
-          - 6.0.0-6-next.31
-    name: Benchmark hyperfine
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 14.x
-      - uses: actions/download-artifact@v2
-        with:
-          name: verdaccio-artifact
-      - name: untar packages
-        run: tar -xzvf pkg.tar.gz -C ${{ github.workspace }}/packages          
-      - name: install pnpm
-        # require fixed version
-        run: sudo npm i pnpm@6.24.1 -g
-      - uses: actions/cache@v2
-        with:
-          path: ~/.pnpm-store
-          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}   
-      - name: install dependencies
-        run: pnpm install
-      - name: install hyperfine
-        run: |
-          wget https://github.com/sharkdp/hyperfine/releases/download/v1.11.0/hyperfine_1.11.0_amd64.deb
-          sudo dpkg -i hyperfine_1.11.0_amd64.deb
-      - name: start registry
-        run: ./scripts/benchmark-prepare.sh ${{matrix.verdaccioVersion}}
-      - name: benchmark        
-        run: ./scripts/benchmark-run.sh ${{matrix.benchmark}}
-        # https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#using-a-specific-shell
-        shell: bash
-      - name: rename
-        run: mv ./hyper-results.json ./hyper-results-${{matrix.verdaccioVersion}}-${{matrix.benchmark}}.json
-      - uses: actions/upload-artifact@v2
-        with:
-          name: verdaccio-metrics
-          path: ./hyper-results-${{matrix.verdaccioVersion}}-${{matrix.benchmark}}.json  
-          if-no-files-found: error
-          retention-days: 10 
-      - name: submit metrics
-        run: pnpm benchmark:submit
-        env:
-          DEBUG: metrics
-          METRICS_SOURCE: hyperfine
-          METRICS_URL: ${{ secrets.METRICS_URL }}
-          METRICS_TOKEN: ${{ secrets.METRICS_TOKEN }}
-          METRICS_BENCHMARK: ${{matrix.benchmark}}
-          METRICS_VERSION: ${{matrix.verdaccioVersion}}
-          METRICS_COMMIT_HASH: ${{ github.sha }}

.github/workflows/changesets.yml

@@ -20,20 +20,19 @@ jobs:
     if: github.ref == 'refs/heads/master' && github.repository == 'verdaccio/verdaccio'
     steps:
       - name: checkout code repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
         with:
           fetch-depth: 0
 
       - name: setup node.js
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
-          node-version: 14
-          registry-url: 'https://registry.npmjs.org'
+          node-version-file: '.nvmrc'
         env:
           NODE_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
 
       - name: install pnpm
-        run: npm i pnpm@6.10.3 -g
+        run: npm i pnpm@latest-8 -g
         env:
           NODE_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
 
@@ -47,8 +46,7 @@ jobs:
         env:
           NODE_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
       - name: crowdin download
-        env:
-          CROWDIN_VERDACCIO_PROJECT_ID: ${{ secrets.CROWDIN_VERDACCIO_PROJECT_ID }}
+        env:          
           CROWDIN_VERDACCIO_API_KEY: ${{ secrets.CROWDIN_VERDACCIO_API_KEY }}
           CONTEXT: production
         run: pnpm crowdin:download       
@@ -56,14 +54,16 @@ jobs:
         run: pnpm build
 
       - name: create versions
-        uses: verdaccio/changeset-action@master
+        uses: changesets/action@master
         with:
           version: pnpm ci:version
           commit: 'chore: update versions'
           title: 'chore: update versions'
           publish: pnpm ci:publish
+          createGithubReleases: false
+          setupGitUser: false
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.CHANGESET_RELEASE_TOKEN }}
           NPM_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
           NODE_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
           NPM_CONFIG_REGISTRY: https://registry.npmjs.org

.github/workflows/ci-windows.yml

@@ -0,0 +1,150 @@
+name: CI windows
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '5 0 * * SUN' 
+permissions:
+  contents: read
+jobs:
+  prepare:
+    runs-on: ubuntu-latest
+    name: setup verdaccio
+    services:
+      verdaccio:
+        image: verdaccio/verdaccio:nightly-master
+        ports:
+          - 4873:4873
+        env:
+          NODE_ENV: production          
+    steps:
+    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
+    - name: Node
+      uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
+      with:
+        node-version-file: '.nvmrc'
+    - name: Install pnpm
+      run: npm i pnpm@latest-8 -g
+    - name: set store
+      run: |
+        mkdir ~/.pnpm-store
+        pnpm config set store-dir ~/.pnpm-store
+    - name: set store
+      run: |
+        mkdir ~/.pnpm-store
+        pnpm config set store-dir ~/.pnpm-store            
+    - name: Install
+      run: pnpm install --registry http://localhost:4873
+    - name: Cache .pnpm-store
+      uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+      with:
+        path: ~/.pnpm-store
+        key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+        restore-keys: |
+          pnpm-
+  lint:
+    runs-on: windows-latest
+    name: Lint
+    needs: prepare
+    steps:
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
+      - name: Node
+        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
+        with:
+          node-version-file: '.nvmrc'
+      - name: Install pnpm
+        run: npm i pnpm@latest-8 -g
+      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          mkdir ~/.pnpm-store
+          pnpm config set store-dir ~/.pnpm-store              
+      - name: Install
+        run: pnpm install --offline --reporter=silence --ignore-scripts
+      - name: Lint
+        run: pnpm lint
+  format:
+    runs-on: windows-latest
+    name: Format
+    needs: prepare
+    steps:
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
+      - name: Use Node
+        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
+        with:
+          node-version-file: '.nvmrc'
+      - name: Install pnpm
+        run: npm i pnpm@latest-8 -g
+      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          mkdir ~/.pnpm-store
+          pnpm config set store-dir ~/.pnpm-store          
+      - name: Install
+        run: pnpm install --offline --reporter=silence --ignore-scripts
+      - name: Lint
+        run: pnpm format:check
+  build:
+    needs: [format, lint]
+    strategy:
+      fail-fast: true
+      matrix:
+        os: [windows-latest]
+        node_version: [18]
+    name: ${{ matrix.os }} / Node ${{ matrix.node_version }}
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
+      - name: Use Node ${{ matrix.node_version }}
+        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
+        with:
+          node-version: ${{ matrix.node_version }}
+      - name: Install pnpm
+        run: npm i pnpm@latest-8 -g
+      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          mkdir ~/.pnpm-store
+          pnpm config set store-dir ~/.pnpm-store          
+      - name: Install
+        run: pnpm install --offline --reporter=silence --ignore-scripts --registry http://localhost:4873
+      - name: build
+        run: pnpm build
+      - name: Test
+        run: pnpm test
+  ci-e2e-ui:
+    needs: [format, lint]
+    runs-on: windows-latest
+    name: UI Test E2E
+    steps:
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
+        with:
+          node-version-file: '.nvmrc'
+      - name: Install pnpm
+        run: npm i pnpm@latest-8 -g
+      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          mkdir ~/.pnpm-store
+          pnpm config set store-dir ~/.pnpm-store              
+      - name: Install
+        run: pnpm install --offline --reporter=silence --registry http://localhost:4873
+      - name: build
+        run: pnpm build
+      - name: Test UI
+        run: pnpm test:e2e:ui
+        # env:
+        #  DEBUG: verdaccio:e2e*

.github/workflows/ci.yml

@@ -2,43 +2,48 @@ name: CI
 
 on:
   push:
-    branches:
-      - master
-      - 'changeset-release/master'
   pull_request:
     paths:
       - .changeset/**
       - .github/workflows/ci.yml
       - 'packages/**'
+      - 'test/**'
       - 'docker-examples/**'
       - 'jest/**'
       - 'package.json'
       - 'pnpm-workspace.yaml'
+permissions:
+  contents: read
+
 jobs:
   prepare:
     runs-on: ubuntu-latest
     name: setup verdaccio
     services:
       verdaccio:
-        image: verdaccio/verdaccio:nightly-master
+        image: verdaccio/verdaccio:5
         ports:
           - 4873:4873
+        env:
+          NODE_ENV: production          
     steps:
-    - uses: actions/checkout@v2.4.0
-    - name: Use Node 16
-      uses: actions/setup-node@v3
+    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
+    - name: Node
+      uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
       with:
-        node-version: 16
+        node-version-file: '.nvmrc'
     - name: Install pnpm
-      run: npm i pnpm@6.24.1 -g
+      run: |
+        corepack enable
+        corepack prepare --activate pnpm@latest-8
     - name: set store
       run: |
         mkdir ~/.pnpm-store
         pnpm config set store-dir ~/.pnpm-store
     - name: Install
-      run: pnpm recursive install --frozen-lockfile --registry http://localhost:4873
+      run: pnpm install  --registry http://localhost:4873
     - name: Cache .pnpm-store
-      uses: actions/cache@v2
+      uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
       with:
         path: ~/.pnpm-store
         key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -49,19 +54,24 @@ jobs:
     name: Lint
     needs: prepare
     steps:
-      - uses: actions/checkout@v2.4.0
-      - name: Use Node 16
-        uses: actions/setup-node@v3
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
+      - name: Node
+        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
-          node-version: 16
+          node-version-file: '.nvmrc'
       - name: Install pnpm
-        run: npm i pnpm@6.24.1 -g
-      - uses: actions/cache@v2
+        run: |
+          corepack enable
+          corepack prepare --activate pnpm@latest-8
+      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          pnpm config set store-dir ~/.pnpm-store              
       - name: Install
-        run: pnpm recursive install --frozen-lockfile --ignore-scripts
+        run: pnpm install --offline   --ignore-scripts
       - name: Lint
         run: pnpm lint
   format:
@@ -69,124 +79,88 @@ jobs:
     name: Format
     needs: prepare
     steps:
-      - uses: actions/checkout@v2.4.0
-      - name: Use Node 16
-        uses: actions/setup-node@v3
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
+      - name: Use Node
+        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
-          node-version: 16
+          node-version-file: '.nvmrc'
       - name: Install pnpm
-        run: npm i pnpm@6.24.1 -g
-      - uses: actions/cache@v2
+        run: |
+          corepack enable
+          corepack prepare --activate pnpm@latest-8
+      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          pnpm config set store-dir ~/.pnpm-store              
       - name: Install
-        run: pnpm recursive install --frozen-lockfile --ignore-scripts
+        run: pnpm install --offline   --ignore-scripts
       - name: Lint
         run: pnpm format:check
-  build:
+  test:
     needs: [format, lint]
     strategy:
       fail-fast: true
       matrix:
-        os: [ubuntu-latest, windows-latest]
-        ## Node 16 breaks UI test, jest issue
-        node_version: [16, 17]
+        os: [ubuntu-latest]
+        node_version: [16, 18]
     name: ${{ matrix.os }} / Node ${{ matrix.node_version }}
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@v2.4.0
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
       - name: Use Node ${{ matrix.node_version }}
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
           node-version: ${{ matrix.node_version }}
       - name: Install pnpm
-        run: npm i pnpm@6.24.1 -g
-      - uses: actions/cache@v2
+        run: |
+          corepack enable
+          corepack prepare --activate pnpm@latest-8
+      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          pnpm config set store-dir ~/.pnpm-store              
       - name: Install
-        run: pnpm recursive install --frozen-lockfile --ignore-scripts
+        run: pnpm install --offline   --ignore-scripts --registry http://localhost:4873
       - name: build
         run: pnpm build
       - name: Test
         run: pnpm test
-  ci-e2e-ui:
-    needs: [format, lint]
-    runs-on: ubuntu-latest
-    name: UI Test E2E Node 16
-    steps:
-      - uses: actions/checkout@v2.4.0
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 16
-      - name: Install pnpm
-        run: npm i pnpm@6.24.1 -g
-      - uses: actions/cache@v2
-        with:
-          path: ~/.pnpm-store
-          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
-      - name: Install
-        ## we need scripts, pupetter downloads aditional content
-        run: pnpm recursive install --frozen-lockfile
-      - name: build
-        run: pnpm build
-      - name: Test UI
-        run: pnpm test:e2e:ui
-        # env:
-        #  DEBUG: verdaccio:e2e*
-  ci-e2e-cli:
-    needs: [format, lint]
-    runs-on: ubuntu-latest
-    # TODO: fails on migrate to node 16, we need to check why
-    name: CLI Test E2E Node 14
-    steps:
-      - uses: actions/checkout@v2.4.0
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 14
-      - name: Install pnpm
-        run: npm i pnpm@6.24.1 -g
-      - uses: actions/cache@v2
-        with:
-          path: ~/.pnpm-store
-          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
-      - name: Install
-        ## we need scripts, pupetter downloads aditional content
-        run: pnpm recursive install --frozen-lockfile
-      - name: build
-        run: pnpm build
-      - name: Test CLI
-        run: pnpm test:e2e:cli
-        env:
-          DEBUG: verdaccio*
   sync-translations:
-    needs: [ci-e2e-cli, ci-e2e-ui]
+    needs: [test]
     runs-on: ubuntu-latest
     name: synchronize translations
-    if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
+    if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
     steps:
-      - uses: actions/checkout@v2.4.0
-      - uses: actions/setup-node@v3
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
-          node-version: 16
+          node-version-file: '.nvmrc'
       - name: Install pnpm
-        run: npm i pnpm@6.24.1 -g
-      - uses: actions/cache@v2
+        run: |
+          corepack enable
+          corepack prepare --activate pnpm@latest-8
+      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          pnpm config set store-dir ~/.pnpm-store              
       - name: Install
         ## we need scripts, pupetter downloads aditional content
-        run: pnpm recursive install --frozen-lockfile
+        run: pnpm install  --registry http://localhost:4873
       - name: build
         run: pnpm build
       - name: generate website translations
-        run: pnpm write-translations --filter ...@verdaccio/website
+        run: pnpm --filter ...@verdaccio/website write-translations
       - name: sync
         env:
-          CROWDIN_VERDACCIO_PROJECT_ID: ${{ secrets.CROWDIN_VERDACCIO_PROJECT_ID }}
           CROWDIN_VERDACCIO_API_KEY: ${{ secrets.CROWDIN_VERDACCIO_API_KEY }}
           CONTEXT: production
         run: pnpm crowdin:sync

.github/workflows/codeql-analysis.yml

@@ -8,13 +8,20 @@ on:
   schedule:
     - cron: '0 2 * * 4'
 
+permissions:
+  contents: read
+
 jobs:
   CodeQL-Build:
+    permissions:
+      actions: read  # for github/codeql-action/init to get workflow details
+      contents: read  # for actions/checkout to fetch code
+      security-events: write  # for github/codeql-action/autobuild to send a status report
     runs-on: ubuntu-latest
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2.4.0
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
         with:
           # We must fetch at least the immediate parents so that if this is
           # a pull request then we can checkout the head.
@@ -27,7 +34,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v1
+        uses: github/codeql-action/init@0225834cc549ee0ca93cb085b92954821a145866 # v2
 
       # Override language selection by uncommenting this and choosing your languages
       # with:
@@ -35,7 +42,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v1
+        uses: github/codeql-action/autobuild@0225834cc549ee0ca93cb085b92954821a145866 # v2
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -49,4 +56,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v1
+        uses: github/codeql-action/analyze@0225834cc549ee0ca93cb085b92954821a145866 # v2

.github/workflows/docker-proxy-apache-e2e.yml

@@ -0,0 +1,38 @@
+name: E2E Docker Proxy Apache Test
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - 'master'
+  schedule:
+    # run every sunday
+    - cron: '0 0 * * 0'
+jobs:
+  docker:
+    timeout-minutes: 10
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
+      
+    - name: Start containers
+      run: docker-compose -f "./e2e/docker/apache-verdaccio/docker-compose.yaml" up -d --build
+
+    - name: Install node
+      uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3
+      with:
+        node-version: 18
+    - name: verdaccio cli
+      run: npm install -g verdaccio --registry http://localhost
+    - name: gastby cli 
+      run:  npm install -g gatsby-cli --registry http://localhost
+    - name: netlify cli 
+      run:  npm install -g netlify-cli --registry http://localhost
+    - name: angular cli 
+      run:  npm install -g @angular/cli --registry http://localhost
+
+    - name: Stop containers
+      if: always()
+      run: docker-compose -f "./e2e/docker/apache-verdaccio/docker-compose.yaml" down

.github/workflows/docker-proxy-nginx-e2e.yml

@@ -0,0 +1,41 @@
+name: E2E Docker Proxy Nginx Test
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - 'master'
+jobs:
+  docker:
+    timeout-minutes: 10
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
+      
+    - name: Start containers
+      run: docker-compose -f "./e2e/docker/proxy-nginx/docker-compose.yaml" up -d --build
+
+    - name: Install node
+      uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3
+      with:
+        node-version: 18
+    - name: npm setup
+      run: |
+        npm config set fetch-retries="5"
+        npm config set fetch-retry-factor="50"
+        npm config set fetch-retry-mintimeout="20000"
+        npm config set fetch-retry-maxtimeout="80000"      
+    - name: verdaccio cli
+      run: npm install -g verdaccio --registry http://localhost
+    - name: gastby cli 
+      run:  npm install -g gatsby-cli --registry http://localhost
+    - name: netlify cli 
+      run:  npm install -g netlify-cli --registry http://localhost
+    - name: angular cli 
+      run:  npm install -g @angular/cli --registry http://localhost
+
+    - name: Stop containers
+      if: always()
+      run: docker-compose -f "./e2e/docker/proxy-nginx/docker-compose.yaml" down

.github/workflows/docker-publish.yml

@@ -15,12 +15,16 @@ on:
       - 'master'
     tags:
       - 'v*'
+
+permissions:
+  contents: read  #  to fetch code (actions/checkout)
+
 jobs:
   docker:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: docker/setup-qemu-action@v1
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
+      - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # tag=v1
       - uses: docker/setup-buildx-action@v1
         with:
           driver-opts: network=host
@@ -41,11 +45,11 @@ jobs:
             {{major}}
             {{major}}.{{minor}}
       - name: Build & Push
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v4
         with:
           context: .
           file: ./Dockerfile
-          platforms: linux/amd64
+          platforms: linux/amd64,linux/arm64
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.docker_meta.outputs.tags }}
           labels: ${{ steps.docker_meta.outputs.labels }}

.github/workflows/e2e-ci.yml

@@ -0,0 +1,112 @@
+name: E2E CLI
+
+on: [pull_request]
+permissions:
+  contents: read
+jobs:
+  prepare:
+    runs-on: ubuntu-latest
+    name: setup e2e verdaccio
+    services:
+      verdaccio:
+        image: verdaccio/verdaccio:nightly-master
+        ports:
+          - 4873:4873
+        env:
+          NODE_ENV: production
+    steps:
+    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
+    - name: Use Node
+      uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
+      with:
+        node-version-file: '.nvmrc'
+    - name: Install pnpm
+      run: npm i pnpm@latest-8 -g
+    - name: set store
+      run: |
+        mkdir ~/.pnpm-store
+        pnpm config set store-dir ~/.pnpm-store
+    - name: Install
+      run: pnpm install --reporter=silence --ignore-scripts --registry http://localhost:4873
+    - name: Cache .pnpm-store
+      uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+      with:
+        path: ~/.pnpm-store
+        key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+        restore-keys: |
+          pnpm-
+  build:
+    needs: [prepare]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
+      - name: Use Node 16
+        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
+        with:
+          node-version-file: '.nvmrc'
+      - name: Install pnpm
+        run: npm i pnpm@latest-8 -g
+      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+      - name: set store
+        run: |
+          pnpm config set store-dir ~/.pnpm-store              
+      - name: Install
+        run: pnpm recursive install --reporter=silence --registry http://localhost:4873
+      - name: build
+        run: pnpm build
+      - name: Cache packages
+        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+        id: cache-packages
+        with:
+          path: ./packages/
+          key: pkg-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+          restore-keys: |
+            packages-
+      # - name: Cache test
+      #   uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
+      #   id: cache-test
+      #   with:
+      #     path: ./e2e/
+      #     key: test-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+      #     restore-keys: |
+      #       test-
+  e2e-cli:
+    needs: [prepare, build]
+    strategy:
+      fail-fast: false
+      matrix:
+        pkg: [npm6, npm7, npm8, npm9, pnpm6, pnpm7, pnpm8, yarn1, yarn2, yarn3, yarn4]
+        node: [16, 18, 19]
+    name: ${{ matrix.pkg }}/ ubuntu-latest / ${{ matrix.node }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
+        with:
+          node-version: ${{ matrix.node }}
+      - name: Install pnpm
+        run: npm i pnpm@latest-8 -g
+      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+      - name: set store
+        run: |
+          pnpm config set store-dir ~/.pnpm-store              
+      - name: Install
+        run: pnpm install --offline --reporter=silence --ignore-scripts --registry http://localhost:4873
+      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+        with:
+          path: ./packages/
+          key: pkg-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+      # - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
+      #   with:
+      #     path: ./e2e/
+      #     key: test-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+      - name: build e2e
+        run:  pnpm --filter @verdaccio/test-cli-commons build
+      - name: Test CLI
+        run: NODE_ENV=production pnpm test --filter ...@verdaccio/e2e-cli-${{matrix.pkg}}

.github/workflows/e2e-ui.yml

@@ -0,0 +1,36 @@
+name: E2E UI
+
+on: [pull_request]
+permissions:
+  contents: read
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    name: UI Test E2E
+    services:
+      verdaccio:
+        image: verdaccio/verdaccio:5
+        ports:
+          - 4873:4873
+        env:
+          NODE_ENV: production
+    steps:
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
+      - name: Use Node
+        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
+        with:
+          node-version-file: '.nvmrc'
+      - name: Install pnpm
+        run: |
+         corepack enable
+         corepack prepare --activate pnpm@latest-8
+      - name: Install
+        run: pnpm install --reporter=silence --registry http://localhost:4873
+      - name: build
+        run: pnpm build
+      - name: Test UI
+        run: pnpm test:e2e:ui
+      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3
+        with:
+          name: videos
+          path: /home/runner/work/verdaccio/verdaccio/e2e/ui/cypress/videos

.github/workflows/static-data.yml

@@ -1,5 +1,5 @@
 ---
-name: contributors
+name: static data
 
 on:
   workflow_dispatch:
@@ -10,39 +10,45 @@ on:
   # push:
   #   branches:
   #     - master
+
+permissions:
+  contents: read  #  to fetch code (actions/checkout)
+
 jobs:
   prepare:
     name: Run script
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
         with:
           persist-credentials: false
           fetch-depth: 0
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
-          node-version: 17.x
+          node-version: 18.x
       - name: install pnpm
-        run: sudo npm i pnpm@6.24.1 -g
-      - name: set store
-        run: | 
-          mkdir ~/.pnpm-store
-          pnpm config set store-dir ~/.pnpm-store
-      - name: setup pnpm config registry
-        run: pnpm config set registry https://registry.verdaccio.org
+        run: sudo npm i pnpm@latest-8 -g
       - name: install dependencies
         run: pnpm install
+      - name: Build Translations percentage
+        run: pnpm --filter @verdaccio/crowdin-translations build
       - name: update contributors
         run: pnpm run contributors
         env:
           TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: update addson data
+        run: pnpm script:addson
+      - name: update translations
+        run: pnpm run translations
+        env:
+          TOKEN: ${{ secrets.CROWDIN_VERDACCIO_API_KEY }}          
       - name: format
         run: pnpm format
       - name: Commit & Push changes
-        uses: actions-js/push@v1.3
+        uses: actions-js/push@156f2b10c3aa000c44dbe75ea7018f32ae999772 # tag=v1.4
         with:
           github_token: ${{ secrets.TOKEN_VERDACCIOBOT_GITHUB }}
-          message: "chore: updated contributors list"
+          message: "chore: updated static data"
           branch: master
           author_email: verdaccio.npm@gmail.com
           author_name: verdacciobot

.github/workflows/ui-components.yml

@@ -0,0 +1,78 @@
+name: UI Components
+
+on: 
+  workflow_dispatch:
+  pull_request:
+    paths:
+    - .github/workflows/ui-components.yml
+    - 'packages/ui-components/**'
+    - 'package.json'
+    - 'pnpm-workspace.yaml'
+    - 'pnpm-lock.yaml'
+
+permissions:
+  contents: read  #  to fetch code (actions/checkout)
+
+env:
+  DEBUG: verdaccio*
+
+jobs:
+  deploy:
+    permissions:
+      contents: read  #  to fetch code (actions/checkout)
+      deployments: write
+      pull-requests: write  #  to comment on pull-requests
+
+    runs-on: ubuntu-latest
+    env:
+      NODE_OPTIONS: --max_old_space_size=4096
+    steps:
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
+
+      - name: Use Node
+        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
+        with:
+          node-version-file: '.nvmrc'
+
+      - name: Cache pnpm modules
+        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+        env:
+          cache-name: cache-pnpm-modules
+        with:
+          path: ~/.pnpm-store
+          key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ matrix.node-version }}-${{ hashFiles('**/pnpm-lock.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-build-${{ env.cache-name }}-${{ matrix.node-version }}-
+
+      - name: Install pnpm
+        run: |
+          corepack enable
+            corepack prepare --activate pnpm@latest-8
+      - name: Install
+        run: pnpm install  
+      - name: Build storybook
+        run: pnpm ui:storybook:build
+      - name: Copy public content
+        # the msw.js worker is need it at the storybook-static folder in production
+        run: cp -R packages/ui-components/public/* packages/ui-components/storybook-static
+      - name: 🔥 Deploy Production UI Netlify
+        if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
+        uses: verdaccio/action-netlify-deploy@1c086d59169edeec9254672c7de17d2ceac3928f # v2.0.0
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          netlify-auth-token: ${{ secrets.NETLIFY_AUTH_TOKEN }}
+          netlify-site-id: ${{ secrets.NETLIFY_UI_SITE_ID }}
+          build-dir: './packages/ui-components/storybook-static'          
+      - name: 🤖 Deploy Preview UI Components Netlify
+        if: github.repository == 'verdaccio/verdaccio'
+        uses: verdaccio/action-netlify-deploy@1c086d59169edeec9254672c7de17d2ceac3928f # v2.0.0
+        id: netlify_preview_ui
+        with:
+          draft: true
+          comment-on-pull-request: true
+          github-deployment-is-production: false
+          github-deployment-is-transient: true
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          netlify-auth-token: ${{ secrets.NETLIFY_AUTH_TOKEN }}
+          netlify-site-id: ${{ secrets.NETLIFY_UI_SITE_ID }}
+          build-dir: './packages/ui-components/storybook-static'

.github/workflows/website.yml

@@ -3,36 +3,35 @@ name: Verdaccio Website CI
 on:
   workflow_dispatch:
   pull_request:
-    types:
-      - opened
-      - synchronize
     paths:
-      - 'website/**'
-      - 'package.json'
-      - './.github/workflows/website.yml'
-  push:
-    branches:
-      - 'master'
-    paths:
-      - 'website/**'
-      - 'package.json'
-      - './.github/workflows/website.yml'
+        - 'website/**'
+        - './.github/workflows/website.yml'
+  schedule:
+    - cron: '0 0 * * *' 
+
+permissions:
+  contents: read  #  to fetch code (actions/checkout)
 
 jobs:
   build:
+    permissions:
+      contents: read  #  to fetch code (actions/checkout)
+      deployments: write
+      pull-requests: write  #  to comment on pull-requests
+
     runs-on: ubuntu-latest
     env:
       NODE_OPTIONS: --max_old_space_size=4096
     steps:
-      - uses: actions/checkout@v2.4.0
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
 
-      - name: Use Node 14
-        uses: actions/setup-node@v3
+      - name: Use Node 16
+        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
-          node-version: 14
+          node-version: 16
 
       - name: Cache pnpm modules
-        uses: actions/cache@v2
+        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
         env:
           cache-name: cache-pnpm-modules
         with:
@@ -41,16 +40,18 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-build-${{ env.cache-name }}-${{ matrix.node-version }}-
 
-      - uses: pnpm/action-setup@v2.1.0
+      - uses: pnpm/action-setup@c3b53f6a16e57305370b4ae5a540c2077a1d50dd # tag=v2.2.4
         with:
-          version: 6.10.2
+          version: latest-8
           run_install: |
             - recursive: true
               args: [--frozen-lockfile]
-      - name: Build Plugins
-        run: pnpm build --filter "docusaurus-plugin-contributors"
+      - name: Build 
+        run: pnpm build
+      - name: Build Translations percentage
+        run: pnpm --filter @verdaccio/crowdin-translations build
       - name: Cache Docusaurus Build
-        uses: actions/cache@v2
+        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
         with:
           path: website/node_modules/.cache/webpack
           key: cache/webpack-${{github.ref}}-${{ hashFiles('**/pnpm-lock.yaml') }}
@@ -62,14 +63,14 @@ jobs:
       - name: Build Production
         if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
         env:
-          CROWDIN_VERDACCIO_PROJECT_ID: ${{ secrets.CROWDIN_VERDACCIO_PROJECT_ID }}
           CROWDIN_VERDACCIO_API_KEY: ${{ secrets.CROWDIN_VERDACCIO_API_KEY }}
+          SENTRY_KEY: ${{ secrets.SENTRY_KEY }}
           CONTEXT: production
-        run: pnpm netlify:build:production --filter ...@verdaccio/website
+        run: pnpm --filter @verdaccio/website netlify:build:production
 
       - name: 🔥 Deploy Production Netlify
         if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
-        uses: semoal/action-netlify-deploy@master
+        uses: semoal/action-netlify-deploy@1a53f098745bf78555d11b436f5ee3af87e6b566
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           netlify-auth-token: ${{ secrets.NETLIFY_AUTH_TOKEN }}
@@ -80,10 +81,11 @@ jobs:
       - name: Build Deployment Preview
         env:
           CONTEXT: deploy-preview
-        run: pnpm netlify:build:deployPreview --filter ...@verdaccio/website
+        run: pnpm --filter ...@verdaccio/website netlify:build:deployPreview
 
       - name: 🤖 Deploy Preview Netlify
-        uses: semoal/action-netlify-deploy@master
+        if: github.repository == 'verdaccio/verdaccio'
+        uses: semoal/action-netlify-deploy@1a53f098745bf78555d11b436f5ee3af87e6b566
         id: netlify_preview
         with:
           draft: true
@@ -96,8 +98,9 @@ jobs:
           build-dir: './website/build'
 
       - name: Audit preview URL with Lighthouse
+        if: github.repository == 'verdaccio/verdaccio'
         id: lighthouse_audit
-        uses: treosh/lighthouse-ci-action@v9.3.0
+        uses: treosh/lighthouse-ci-action@03becbfc543944dd6e7534f7ff768abb8a296826 # tag=10.1.0
         with:
           urls: |
             ${{ steps.netlify_preview.outputs.preview-url }}
@@ -106,7 +109,7 @@ jobs:
 
       - name: Format lighthouse score
         id: format_lighthouse_score
-        uses: actions/github-script@v3
+        uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # tag=v6
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           script: |
@@ -129,11 +132,13 @@ jobs:
              core.setOutput("comment", comment);
 
       - name: Add comment to PR
+        if: github.repository == 'verdaccio/verdaccio'
         id: comment_to_pr
-        uses: marocchino/sticky-pull-request-comment@v1
+        uses: marocchino/sticky-pull-request-comment@f61b6cf21ef2fcc468f4345cdfcc9bda741d2343 # v2
         with:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           number: ${{ github.event.issue.number }}
+          delete: true
           header: lighthouse
           message: |
             ${{ steps.format_lighthouse_score.outputs.comment }}

.gitignore

@@ -41,12 +41,15 @@ packages/plugins/ui-theme/static
 # CI Pnpm cache
 .pnpm-store/
 
-# benchmark
-api-results.json
-hyper-results.json
-hyper-results*.json
-api-results*.json
-
 #docs 
-./api
-packages/core/core/docs
+website/docs/api/**/*.md
+website/docs/api/**/*.yml
+!website/docs/api/index.md
+packages/**/docs
+
+# cypress
+e2e/ui/cypress/videos/**/*
+e2e/ui/cypress/screenshots/**/*
+
+# storybook
+packages/ui-components/storybook-static