chore: update versions (6-next) (#3249)

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

.changeset/brown-cycles-laugh.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/cli': patch
+---
+
+chore: improve error logger message

.changeset/brown-pandas-wink.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-theme': patch
+---
+
+add banner support ukraine

.changeset/chilled-ways-fetch.md

@@ -0,0 +1,5 @@
+---
+'verdaccio-memory': patch
+---
+
+Fix storing tarballs with identical names from different packages in memory plugin

.changeset/dull-monkeys-search.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-theme': patch
+---
+
+show verdaccio logo in the footer even when custom brand is set

.changeset/healthy-pants-smash.md

@@ -0,0 +1,7 @@
+---
+'@verdaccio/ui-theme': patch
+'@verdaccio/test-helper': patch
+'@verdaccio/web': patch
+---
+
+fix: #3174 set correctly ui values to html render

.changeset/lovely-drinks-argue.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/loaders': patch
+---
+
+always create plugin instance with new

.changeset/orange-flowers-cover.md

@@ -0,0 +1,43 @@
+---
+'@verdaccio/config': minor
+'@verdaccio/types': minor
+'@verdaccio/ui-theme': minor
+---
+
+feat: rework web header for mobile, add new settings and raw manifest button
+
+### New set of variables to hide features
+
+Add set of new variables that allow hide different parts of the UI, buttons, footer or download tarballs. _All are
+enabled by default_.
+
+```yaml
+# login: true <-- already exist but worth the reminder
+# showInfo: true
+# showSettings: true
+# In combination with darkMode you can force specific theme
+# showThemeSwitch: true
+# showFooter: true
+# showSearch: true
+# showDownloadTarball: true
+```
+
+> If you disable `showThemeSwitch` and force `darkMode: true` the local storage settings would be
+> ignored and force all themes to the one in the configuration file.
+
+Future could be extended to
+
+### Raw button to display manifest package
+
+A new experimental feature (enabled by default), button named RAW to be able navigate on the package manifest directly on the ui, kudos to [react-json-view](https://www.npmjs.com/package/react-json-view) that allows an easy integration, not configurable yet until get more feedback.
+
+```yaml
+showRaw: true
+```
+
+#### Rework header buttons
+
+- The header has been rework, the mobile was not looking broken.
+- Removed info button in the header and moved to a dialog
+- Info dialog now contains more information about the project, license and the aid content for Ukrania now is inside of the info modal.
+- Separate settings and info to avoid collapse too much info (for mobile still need some work)

.changeset/pre.json

@@ -42,7 +42,7 @@
     "@verdaccio/eslint-config": "1.0.0",
     "@verdaccio/benchmark": "1.0.0",
     "@verdaccio/core": "6.0.0-next.0",
-    "@verdaccio/helper": "1.0.0",
+    "@verdaccio/test-helper": "1.0.0",
     "docusaurus-plugin-contributors": "1.0.0",
     "@verdaccio/website": "5.4.0"
   },
@@ -50,8 +50,12 @@
     "afraid-mice-obey",
     "big-lobsters-sin",
     "bright-poems-obey",
+    "brown-cycles-laugh",
+    "brown-pandas-wink",
     "calm-pants-impress",
+    "chilled-ways-fetch",
     "dry-planes-tap",
+    "dull-monkeys-search",
     "eleven-brooms-hunt",
     "eleven-spoons-matter",
     "fair-lemons-beam",
@@ -64,6 +68,7 @@
     "gentle-trains-switch",
     "gold-vans-tease",
     "healthy-bikes-behave",
+    "healthy-pants-smash",
     "healthy-poets-compare",
     "heavy-ravens-lay",
     "hip-hounds-destroy",
@@ -73,11 +78,13 @@
     "light-walls-begin",
     "little-stingrays-rule",
     "loud-shoes-jog",
+    "lovely-drinks-argue",
     "many-vans-care",
     "modern-spies-tell",
     "neat-toes-report",
     "neat-toys-float",
     "olive-candles-speak",
+    "orange-flowers-cover",
     "perfect-candles-clap",
     "perfect-emus-clean",
     "perfect-kangaroos-agree",
@@ -86,13 +93,16 @@
     "plenty-tables-refuse",
     "pretty-hounds-tap",
     "proud-jeans-walk",
+    "proud-jobs-hope",
     "red-chefs-float",
     "red-yaks-sell",
     "rich-ghosts-rule",
     "shaggy-carrots-unite",
     "shaggy-parrots-smash",
     "shiny-chefs-heal",
+    "slow-carrots-relate",
     "smart-apricots-kneel",
+    "smart-beds-cross",
     "sour-buses-shout",
     "spicy-frogs-press",
     "spicy-snakes-sip",
@@ -100,6 +110,7 @@
     "ten-parents-breathe",
     "tender-bags-call",
     "thick-countries-move",
+    "thick-readers-hang",
     "three-moles-drop",
     "three-pots-sit",
     "tiny-seals-join",

.changeset/proud-jobs-hope.md

@@ -0,0 +1,45 @@
+---
+'@verdaccio/api': major
+'@verdaccio/cli': major
+'@verdaccio/config': major
+'@verdaccio/core': major
+'@verdaccio/types': major
+'@verdaccio/logger': major
+'@verdaccio/node-api': major
+'verdaccio-aws-s3-storage': major
+'verdaccio-google-cloud': major
+'verdaccio-htpasswd': major
+'@verdaccio/local-storage': major
+'verdaccio-memory': major
+'@verdaccio/ui-theme': major
+'@verdaccio/proxy': major
+'@verdaccio/server': major
+'@verdaccio/mock': major
+'verdaccio': major
+'@verdaccio/web': major
+'@verdaccio/e2e-cli': major
+'@verdaccio/website': major
+---
+
+feat!: config.logs throw an error, logging config not longer accept array or logs property
+
+### 💥 Breaking change
+
+This is valid
+
+```yaml
+log: { type: stdout, format: pretty, level: http }
+```
+
+This is invalid
+
+```yaml
+logs: { type: stdout, format: pretty, level: http }
+```
+
+or
+
+```yaml
+logs:
+  - [{ type: stdout, format: pretty, level: http }]
+```

.changeset/slow-carrots-relate.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/config': minor
+'@verdaccio/web': minor
+---
+
+feat(web): add a config item to web，let the developer can select whet……her enable the html cache

.changeset/smart-beds-cross.md

@@ -0,0 +1,20 @@
+---
+'@verdaccio/api': minor
+'@verdaccio/config': minor
+'@verdaccio/core': minor
+'@verdaccio/types': minor
+'@verdaccio/local-storage': minor
+'@verdaccio/ui-theme': minor
+'@verdaccio/proxy': minor
+'@verdaccio/server': minor
+'@verdaccio/store': minor
+'@verdaccio/test-helper': minor
+'@verdaccio/web': minor
+---
+
+feat: ui search support for remote, local and private packages
+
+The command `npm search` search globally and return all matches, with this improvement the user interface
+is powered with the same capabilities.
+
+The UI also tag where is the origin the package with a tag, also provide the latest version and description of the package.

.changeset/thick-readers-hang.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-theme': patch
+---
+
+fix: fixes some style issues on mobile, particularly related to the Ukraine support message - [@s-h-a-d-o-w](https://github.com/s-h-a-d-o-w)

.eslintignore

@@ -11,3 +11,4 @@ wiki/
 dist/
 docs/
 test/functional/store/*
+docker-examples/**/lib/**/*.js

.github/workflows/benchmark.yml

@@ -4,23 +4,26 @@ name: ci - benchmark
 on:
   workflow_dispatch:
   schedule:
-    # 3 times day
+    # 1 time peer week
     # collecting enough data to draw some graphics
-    - cron: '0 1 * * *'
+    - cron: '0 1 * * 1'
   # push:
   #   branches:
   #     - master
+permissions:
+  contents: read
+
 jobs:
   prepare: 
     name: Prepare build
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - uses: actions/setup-node@v3
         with:
-          node-version: 14.x
+          node-version: 16.x
       - name: install pnpm
-        run: sudo npm i pnpm@6.24.1 -g
+        run: sudo npm i pnpm@latest-6 -g
       - name: set store
         run: | 
           mkdir ~/.pnpm-store
@@ -30,7 +33,7 @@ jobs:
       - name: install dependencies
         run: pnpm install
       - name: Cache .pnpm-store
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -41,7 +44,7 @@ jobs:
       - name: tar packages
         run: |      
           tar -czvf ${{ github.workspace }}/pkg.tar.gz -C ${{ github.workspace }}/packages .
-      - uses: actions/upload-artifact@v2
+      - uses: actions/upload-artifact@v3
         with:
           name: verdaccio-artifact
           path: pkg.tar.gz
@@ -57,24 +60,24 @@ jobs:
           # - local
           - 3.13.1
           - 4.12.2
-          - 5.5.2
-          - 6.0.0-6-next.31
+          - 5.10.2
+          - 6.0.0-6-next.40
     name: Benchmark autocannon
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - uses: actions/setup-node@v3
         with:
-          node-version: 14.x
-      - uses: actions/download-artifact@v2
+          node-version: 16.x
+      - uses: actions/download-artifact@v3
         with:
           name: verdaccio-artifact
       - name: untar packages
         run: tar -xzvf pkg.tar.gz -C ${{ github.workspace }}/packages          
       - name: install pnpm
         # require fixed version
-        run: sudo npm i pnpm@6.24.1 -g
-      - uses: actions/cache@v2
+        run: sudo npm i pnpm@latest-6 -g
+      - uses: actions/cache@v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}   
@@ -87,7 +90,7 @@ jobs:
         shell: bash
         env:
           DEBUG: metrics*
-      - uses: actions/upload-artifact@v2
+      - uses: actions/upload-artifact@v3
         with:
           name: verdaccio-metrics-api
           path: ./api-results-${{matrix.verdaccioVersion}}-${{matrix.benchmark}}.json  
@@ -118,24 +121,24 @@ jobs:
           # old versions to compare same test along previous releases
           - 3.13.1
           - 4.12.2
-          - 5.5.2
-          - 6.0.0-6-next.31
+          - 5.10.2
+          - 6.0.0-6-next.40
     name: Benchmark hyperfine
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - uses: actions/setup-node@v3
         with:
-          node-version: 14.x
-      - uses: actions/download-artifact@v2
+          node-version: 16.x
+      - uses: actions/download-artifact@v3
         with:
           name: verdaccio-artifact
       - name: untar packages
         run: tar -xzvf pkg.tar.gz -C ${{ github.workspace }}/packages          
       - name: install pnpm
         # require fixed version
-        run: sudo npm i pnpm@6.24.1 -g
-      - uses: actions/cache@v2
+        run: sudo npm i pnpm@latest-6 -g
+      - uses: actions/cache@v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}   
@@ -153,7 +156,7 @@ jobs:
         shell: bash
       - name: rename
         run: mv ./hyper-results.json ./hyper-results-${{matrix.verdaccioVersion}}-${{matrix.benchmark}}.json
-      - uses: actions/upload-artifact@v2
+      - uses: actions/upload-artifact@v3
         with:
           name: verdaccio-metrics
           path: ./hyper-results-${{matrix.verdaccioVersion}}-${{matrix.benchmark}}.json  

.github/workflows/changesets.yml

@@ -20,7 +20,7 @@ jobs:
     if: github.ref == 'refs/heads/master' && github.repository == 'verdaccio/verdaccio'
     steps:
       - name: checkout code repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
 
@@ -33,7 +33,7 @@ jobs:
           NODE_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
 
       - name: install pnpm
-        run: npm i pnpm@6.10.3 -g
+        run: npm i pnpm@6.32.15 -g
         env:
           NODE_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
 

.github/workflows/ci.yml

@@ -14,6 +14,9 @@ on:
       - 'jest/**'
       - 'package.json'
       - 'pnpm-workspace.yaml'
+permissions:
+  contents: read
+
 jobs:
   prepare:
     runs-on: ubuntu-latest
@@ -24,13 +27,13 @@ jobs:
         ports:
           - 4873:4873
     steps:
-    - uses: actions/checkout@v2.4.0
+    - uses: actions/checkout@v3
     - name: Use Node 16
       uses: actions/setup-node@v3
       with:
         node-version: 16
     - name: Install pnpm
-      run: npm i pnpm@6.24.1 -g
+      run: npm i pnpm@6.32.15 -g
     - name: set store
       run: |
         mkdir ~/.pnpm-store
@@ -38,7 +41,7 @@ jobs:
     - name: Install
       run: pnpm recursive install --frozen-lockfile --registry http://localhost:4873
     - name: Cache .pnpm-store
-      uses: actions/cache@v2
+      uses: actions/cache@v3
       with:
         path: ~/.pnpm-store
         key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -49,14 +52,14 @@ jobs:
     name: Lint
     needs: prepare
     steps:
-      - uses: actions/checkout@v2.4.0
+      - uses: actions/checkout@v3
       - name: Use Node 16
         uses: actions/setup-node@v3
         with:
           node-version: 16
       - name: Install pnpm
-        run: npm i pnpm@6.24.1 -g
-      - uses: actions/cache@v2
+        run: npm i pnpm@6.32.15 -g
+      - uses: actions/cache@v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -69,14 +72,14 @@ jobs:
     name: Format
     needs: prepare
     steps:
-      - uses: actions/checkout@v2.4.0
+      - uses: actions/checkout@v3
       - name: Use Node 16
         uses: actions/setup-node@v3
         with:
           node-version: 16
       - name: Install pnpm
-        run: npm i pnpm@6.24.1 -g
-      - uses: actions/cache@v2
+        run: npm i pnpm@6.32.15 -g
+      - uses: actions/cache@v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -95,14 +98,14 @@ jobs:
     name: ${{ matrix.os }} / Node ${{ matrix.node_version }}
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@v2.4.0
+      - uses: actions/checkout@v3
       - name: Use Node ${{ matrix.node_version }}
         uses: actions/setup-node@v3
         with:
           node-version: ${{ matrix.node_version }}
       - name: Install pnpm
-        run: npm i pnpm@6.24.1 -g
-      - uses: actions/cache@v2
+        run: npm i pnpm@6.32.15 -g
+      - uses: actions/cache@v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -117,13 +120,13 @@ jobs:
     runs-on: ubuntu-latest
     name: UI Test E2E Node 16
     steps:
-      - uses: actions/checkout@v2.4.0
+      - uses: actions/checkout@v3
       - uses: actions/setup-node@v3
         with:
           node-version: 16
       - name: Install pnpm
-        run: npm i pnpm@6.24.1 -g
-      - uses: actions/cache@v2
+        run: npm i pnpm@6.32.15 -g
+      - uses: actions/cache@v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -136,44 +139,46 @@ jobs:
         run: pnpm test:e2e:ui
         # env:
         #  DEBUG: verdaccio:e2e*
-  ci-e2e-cli:
-    needs: [format, lint]
-    runs-on: ubuntu-latest
-    # TODO: fails on migrate to node 16, we need to check why
-    name: CLI Test E2E Node 14
-    steps:
-      - uses: actions/checkout@v2.4.0
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 14
-      - name: Install pnpm
-        run: npm i pnpm@6.24.1 -g
-      - uses: actions/cache@v2
-        with:
-          path: ~/.pnpm-store
-          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
-      - name: Install
-        ## we need scripts, pupetter downloads aditional content
-        run: pnpm recursive install --frozen-lockfile
-      - name: build
-        run: pnpm build
-      - name: Test CLI
-        run: pnpm test:e2e:cli
-        env:
-          DEBUG: verdaccio*
+  # FIXME verify why fails on Node 16 (locally works fine) 
+  # ci-e2e-cli:
+  #   needs: [format, lint]
+  #   runs-on: ubuntu-latest
+  #   # TODO: fails on migrate to node 16, we need to check why
+  #   name: CLI Test E2E Node 16
+  #   steps:
+  #     - uses: actions/checkout@v3
+  #     - uses: actions/setup-node@v3
+  #       with:
+  #         node-version: 16
+  #     - name: Install pnpm
+  #       run: npm i pnpm@latest -g
+  #     - uses: actions/cache@v3
+  #       with:
+  #         path: ~/.pnpm-store
+  #         key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+  #     - name: Install
+  #       ## we need scripts, pupetter downloads aditional content
+  #       run: pnpm recursive install --frozen-lockfile
+  #     - name: build
+  #       run: pnpm build
+  #     - name: Test CLI
+  #       run: pnpm test:e2e:cli
+  #       env:
+  #         DEBUG: verdaccio*
   sync-translations:
-    needs: [ci-e2e-cli, ci-e2e-ui]
+    # needs: [ci-e2e-cli, ci-e2e-ui]
+    needs: [ci-e2e-ui]
     runs-on: ubuntu-latest
     name: synchronize translations
     if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
     steps:
-      - uses: actions/checkout@v2.4.0
+      - uses: actions/checkout@v3
       - uses: actions/setup-node@v3
         with:
           node-version: 16
       - name: Install pnpm
-        run: npm i pnpm@6.24.1 -g
-      - uses: actions/cache@v2
+        run: npm i pnpm@6.32.15 -g
+      - uses: actions/cache@v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}

.github/workflows/codeql-analysis.yml

@@ -8,13 +8,20 @@ on:
   schedule:
     - cron: '0 2 * * 4'
 
+permissions:
+  contents: read
+
 jobs:
   CodeQL-Build:
+    permissions:
+      actions: read  # for github/codeql-action/init to get workflow details
+      contents: read  # for actions/checkout to fetch code
+      security-events: write  # for github/codeql-action/autobuild to send a status report
     runs-on: ubuntu-latest
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2.4.0
+        uses: actions/checkout@v3
         with:
           # We must fetch at least the immediate parents so that if this is
           # a pull request then we can checkout the head.
@@ -27,7 +34,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v1
+        uses: github/codeql-action/init@v2
 
       # Override language selection by uncommenting this and choosing your languages
       # with:
@@ -35,7 +42,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v1
+        uses: github/codeql-action/autobuild@v2
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -49,4 +56,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v1
+        uses: github/codeql-action/analyze@v2

.github/workflows/contributors.yml

@@ -15,7 +15,7 @@ jobs:
     name: Run script
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
         with:
           persist-credentials: false
           fetch-depth: 0
@@ -23,7 +23,7 @@ jobs:
         with:
           node-version: 17.x
       - name: install pnpm
-        run: sudo npm i pnpm@6.24.1 -g
+        run: sudo npm i pnpm@latest-6 -g
       - name: set store
         run: | 
           mkdir ~/.pnpm-store

.github/workflows/docker-publish.yml

@@ -19,7 +19,7 @@ jobs:
   docker:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - uses: docker/setup-qemu-action@v1
       - uses: docker/setup-buildx-action@v1
         with:

.github/workflows/website.yml

@@ -3,13 +3,6 @@ name: Verdaccio Website CI
 on:
   workflow_dispatch:
   pull_request:
-    types:
-      - opened
-      - synchronize
-    paths:
-      - 'website/**'
-      - 'package.json'
-      - './.github/workflows/website.yml'
   push:
     branches:
       - 'master'
@@ -24,15 +17,15 @@ jobs:
     env:
       NODE_OPTIONS: --max_old_space_size=4096
     steps:
-      - uses: actions/checkout@v2.4.0
+      - uses: actions/checkout@v3
 
-      - name: Use Node 14
+      - name: Use Node 16
         uses: actions/setup-node@v3
         with:
-          node-version: 14
+          node-version: 16
 
       - name: Cache pnpm modules
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         env:
           cache-name: cache-pnpm-modules
         with:
@@ -41,16 +34,16 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-build-${{ env.cache-name }}-${{ matrix.node-version }}-
 
-      - uses: pnpm/action-setup@v2.1.0
+      - uses: pnpm/action-setup@v2.2.2
         with:
-          version: 6.10.2
+          version: 6.32.15
           run_install: |
             - recursive: true
               args: [--frozen-lockfile]
       - name: Build Plugins
         run: pnpm build --filter "docusaurus-plugin-contributors"
       - name: Cache Docusaurus Build
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           path: website/node_modules/.cache/webpack
           key: cache/webpack-${{github.ref}}-${{ hashFiles('**/pnpm-lock.yaml') }}
@@ -83,6 +76,7 @@ jobs:
         run: pnpm netlify:build:deployPreview --filter ...@verdaccio/website
 
       - name: 🤖 Deploy Preview Netlify
+        if: github.repository == 'verdaccio/verdaccio'
         uses: semoal/action-netlify-deploy@master
         id: netlify_preview
         with:
@@ -96,8 +90,9 @@ jobs:
           build-dir: './website/build'
 
       - name: Audit preview URL with Lighthouse
+        if: github.repository == 'verdaccio/verdaccio'
         id: lighthouse_audit
-        uses: treosh/lighthouse-ci-action@v9.3.0
+        uses: treosh/lighthouse-ci-action@9.3.0
         with:
           urls: |
             ${{ steps.netlify_preview.outputs.preview-url }}
@@ -106,7 +101,7 @@ jobs:
 
       - name: Format lighthouse score
         id: format_lighthouse_score
-        uses: actions/github-script@v3
+        uses: actions/github-script@v6
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           script: |
@@ -129,11 +124,13 @@ jobs:
              core.setOutput("comment", comment);
 
       - name: Add comment to PR
+        if: github.repository == 'verdaccio/verdaccio'
         id: comment_to_pr
-        uses: marocchino/sticky-pull-request-comment@v1
+        uses: marocchino/sticky-pull-request-comment@v2
         with:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           number: ${{ github.event.issue.number }}
+          delete: true
           header: lighthouse
           message: |
             ${{ steps.format_lighthouse_score.outputs.comment }}

CONTRIBUTING.md

@@ -70,7 +70,7 @@ This setting would cause the `pnpm install` command to install incorrect version
 To begin your development setup, please install the latest version of pnpm globally:
 
 ```
-npm i -g pnpm
+npm i -g pnpm@latest-6
 ```
 
 With pnpm installed, the first step is installing all dependencies:
@@ -138,10 +138,8 @@ output to the code. Each package has it owns namespace.
 
 To run the application from the source code, ensure the project has been built with `pnpm build`, once this is done, there are few commands that helps to run server:
 
-- `pnpm start`: Run the server and the UI with `concurrently`, the
-  server runs in the port `8000` and the UI on the port `4873`. This command
-  is useful if you want to contribute mostly on the UI.
-- `pnpm debug`: Run the server in debug mode `--inspect`, the UI is included but does not have hot reload. For automatic break use `pnpm debug:break`.
+- `pnpm start`: Runs server on port `8000` and UI on port `4873`. This is particularly useful if you want to contribute to the UI, since it runs with hot reload.
+- `pnpm debug`: Run the server in debug mode `--inspect`. UI runs too but without hot reload. For automatic break use `pnpm debug:break`.
 - `pnpm debug:fastify`: To contribute on the [fastify migration](https://github.com/verdaccio/verdaccio/discussions/2155) this is a temporary command for such purpose.
 - `pnpm website`: Build the website, for more commands to run the _website_, run `cd website` and then `pnpm serve`, website will run on port `3000`.
 - `pnpm docker`: Build the docker image. Requires `docker` command available in your system.
@@ -333,8 +331,8 @@ We use [changesets](https://github.com/atlassian/changesets) in order to
 generate a detailed Changelog as possible.
 
 Adding a changeset with your Pull Request is essential if you want your
-contribution to get merged (unless is a change that does not affect library
-functionality, eg: typo, docs, readme, add additional test or linting code). To
+contribution to get merged (unless it does not affect functionality or
+user-facing content, eg: docs, readme, adding test or typo/lint fixes). To
 create a changeset please run:
 
 ```

Dockerfile

@@ -1,4 +1,4 @@
-FROM --platform=${BUILDPLATFORM:-linux/amd64} node:16.13.2-alpine as builder
+FROM --platform=${BUILDPLATFORM:-linux/amd64} node:16.15.0-alpine as builder
 
 ENV NODE_ENV=development \
     VERDACCIO_BUILD_REGISTRY=https://registry.verdaccio.org
@@ -11,7 +11,7 @@ RUN apk --no-cache add openssl ca-certificates wget && \
 
 WORKDIR /opt/verdaccio-build
 COPY . .
-RUN npm -g i pnpm@6.24.1 && \
+RUN npm -g i pnpm@6.32.15 && \
     pnpm config set registry $VERDACCIO_BUILD_REGISTRY && \
     pnpm recursive install --frozen-lockfile --ignore-scripts && \
     rm -Rf test && \
@@ -20,7 +20,7 @@ RUN npm -g i pnpm@6.24.1 && \
 # FIXME: need to remove devDependencies from the build
 # RUN pnpm install --prod --ignore-scripts
 
-FROM node:16.13.2-alpine
+FROM node:16.15.0-alpine
 LABEL maintainer="https://github.com/verdaccio/verdaccio"
 
 ENV VERDACCIO_APPDIR=/opt/verdaccio \

README.md

@@ -1,10 +1,19 @@
+[![BannerUK](https://cdn.verdaccio.dev/readme/banner-uk.svg)](https://donate.redcrossredcrescent.org/ua/donate/~my-donation?_cv=1)
+
+> Verdaccio stands for **peace**, stop the war, we will be yellow / blue 🇺🇦 until that happens.
+
 ![verdaccio logo](https://cdn.verdaccio.dev/readme/verdaccio@2x.png)
 
 ![verdaccio gif](https://cdn.verdaccio.dev/readme/readme-website.png)
 
 # Version 6 (Development branch)
 
-> Looking for Verdaccio 5? Check branch `5.x`.
+> Looking for Verdaccio 5 version? Check the branch `5.x`
+> The plugins for the `v5.x` that are hosted within this organization are located
+> at the [`verdaccio/monorepo`](https://github.com/verdaccio/monorepo) repository, while for the v6.x
+> are hosted on this project `./packages/plugins`, keep on mind `v6.x` plugins will eventually would be
+> incompatible with `v5.x` versions.
+> Note that contributing guidelines might be different based on the branch.
 
 [Verdaccio](https://verdaccio.org/) is a simple, **zero-config-required local private npm registry**.
 No need for an entire database just to get started! Verdaccio comes out of the box with
@@ -26,6 +35,7 @@ Google Cloud Storage** or create your own plugin.
 
 [![Twitter followers](https://img.shields.io/twitter/follow/verdaccio_npm.svg?style=social&label=Follow)](https://twitter.com/verdaccio_npm)
 [![Github](https://img.shields.io/github/stars/verdaccio/verdaccio.svg?style=social&label=Stars)](https://github.com/verdaccio/verdaccio/stargazers)
+[![StandWithUkraine](https://raw.githubusercontent.com/vshymanskyy/StandWithUkraine/main/badges/StandWithUkraine.svg)](https://github.com/vshymanskyy/StandWithUkraine/blob/main/docs/README.md)
 
 ## Install
 
@@ -43,6 +53,27 @@ or
 docker pull verdaccio/verdaccio:nightly-master
 ```
 
+or with _helm_ [official chart](https://github.com/verdaccio/charts).
+
+```bash
+helm repo add verdaccio https://charts.verdaccio.org
+helm repo update
+helm install verdaccio/verdaccio
+```
+
+Furthermore, you can read the [**Debugging Guidelines**](https://github.com/verdaccio/verdaccio/wiki/Debugging-Verdaccio) and the [**Docker Examples**](https://github.com/verdaccio/verdaccio/tree/master/docker-examples) for more advanced development.
+
+## Plugins
+
+You can develop your own [plugins](https://verdaccio.org/docs/plugins) with the [verdaccio generator](https://github.com/verdaccio/generator-verdaccio-plugin). Installing [Yeoman](https://yeoman.io/) is required.
+
+```
+npm install -g yo
+npm install -g generator-verdaccio-plugin
+```
+
+Learn more [here](https://verdaccio.org/docs/dev-plugins) how to develop plugins. Share your plugins with the community.
+
 ## Donations
 
 Verdaccio is run by **volunteers**; nobody is working full-time on it. If you find this project to be useful and would like to support its development, consider do a long support donation - **and your logo will be on this section of the readme.**
@@ -71,24 +102,27 @@ If you want to use a modified version of some 3rd-party package (for example, yo
 ### E2E Testing
 
 Verdaccio has proved to be a lightweight registry that can be
-booted in a couple of seconds, fast enough for any CI. Many open source projects use verdaccio for end to end testing, to mention some examples, **create-react-app**, **mozilla neutrino**, **pnpm**, **storybook**, **alfresco** or **eclipse theia**. You can read more in dedicated article to E2E in our blog.
+booted in a couple of seconds, fast enough for any CI. Many open source projects use verdaccio for end to end testing, to mention some examples, **create-react-app**, **mozilla neutrino**, **pnpm**, **storybook**, **babel.js**, **angular-cli** or **docusaurus**. You can read more in [here](https://verdaccio.org/docs/e2e).
+
+Furthermore, here few examples how to start:
+
+- [e2e-ci-example-gh-actions](https://github.com/juanpicado/e2e-ci-example-gh-actions)
+- [verdaccio-end-to-end-tests](https://github.com/juanpicado/verdaccio-end-to-end-tests)
+- [verdaccio-fork](https://github.com/juanpicado/verdaccio-fork)
 
 ## Watch our Videos
 
 **Node Congress 2022, February 2022, Online Free**
 
 <div>
-   <a href="https://nodecongress.com/">
-     <img src="https://cdn.verdaccio.dev/readme/nodejscongress2022.jpg" alt="nodejs" width="300"/>
+   <a href="https://portal.gitnation.org/contents/five-ways-of-taking-advantage-of-verdaccio-your-private-and-proxy-nodejs-registry">
+     <img src="https://cdn.verdaccio.dev/readme/nodejscongress2022.jpg" alt="nodejs" width="200"/>
   </a>
 </div>
 
-### **Using Docker and Verdaccio to make Integration Testing Easy - Docker All Hands #4 December - 2021**.
-
-[![docker](https://cdn.verdaccio.dev/readme/docker-all-hands-jpicado-talk.jpg)](https://www.youtube.com/watch?v=zRI0skF1f8I)
-
 You might want to check out as well our previous talks:
 
+- [Using Docker and Verdaccio to make Integration Testing Easy - **Docker All Hands #4 December - 2021**](https://www.youtube.com/watch?v=zRI0skF1f8I)
 - [**Juan Picado** – Testing the integrity of React components by publishing in a private registry - React Finland - 2021](https://www.youtube.com/watch?v=bRKZbrlQqLY&t=16s&ab_channel=ReactFinland)
 - [BeerJS Cba Meetup No. 53 May 2021 - **Juan Picado**](https://www.youtube.com/watch?v=6SyjqBmS49Y&ab_channel=BeerJSCba)
 - [Node.js Dependency Confusion Attacks - April 2021 - **Juan Picado**](https://www.youtube.com/watch?v=qTRADSp3Hpo)
@@ -163,7 +197,7 @@ To run the docker container:
 docker run -it --rm --name verdaccio -p 4873:4873 verdaccio/verdaccio
 ```
 
-Docker examples are available [in this repository](https://github.com/verdaccio/docker-examples).
+Docker examples are available [in this repository](https://github.com/verdaccio/verdaccio/tree/master/docker-examples).
 
 ## Compatibility
 
@@ -231,6 +265,7 @@ You can find and chat with then over Discord, click [here](http://chat.verdaccio
 - [create-react-app](https://github.com/facebook/create-react-app/blob/master/CONTRIBUTING.md#customizing-e2e-registry-configuration) _(+86.2k ⭐️)_
 - [Gatsby](https://github.com/gatsbyjs/gatsby) _(+49.2k ⭐️)_
 - [Babel.js](https://github.com/babel/babel) _(+38.5k ⭐️)_
+- [Docusaurus](https://github.com/facebook/docusaurus) _(+34k ⭐️)_
 - [Vue CLI](https://github.com/vuejs/vue-cli) _(+27.4k ⭐️)_
 - [Angular CLI](https://github.com/angular/angular-cli) _(+24.3k ⭐️)_
 - [Uppy](https://github.com/transloadit/uppy) _(+23.8k ⭐️)_
@@ -245,7 +280,7 @@ You can find and chat with then over Discord, click [here](http://chat.verdaccio
 - [Amazon SDK v3](https://github.com/aws/aws-sdk-js-v3)
 - [Amazon Encryption SDK for Javascript](https://github.com/aws/aws-encryption-sdk-javascript)
 
-🤓 Don't be shy, you also can be in [the list](https://github.com/verdaccio/website/blob/master/docs/who-is-using.md).
+🤓 Don't be shy, add yourself to this readme.
 
 ## Open Collective Sponsors
 

docker-examples/v5/README.md

@@ -3,3 +3,12 @@
 > Before run examples, build the local image by running `pnpm docker`.
 
 - [Docker + Nginx + Verdaccio](reverse_proxy/nginx/README.md)
+
+## Using Plugins with Docker
+
+List of different approaches
+
+> Note these options could be improved, feel free to submit upgrades
+
+- [Docker + Install plugins from a registry](plugins/docker-build-install-plugin/README.md)
+- [Docker + Install local plugin](plugins/docker-local-plugin/README.md)

docker-examples/v5/plugins/docker-build-install-plugin/Dockerfile

@@ -0,0 +1,25 @@
+# Docs based on https://github.com/xlts-dev/verdaccio-prometheus-middleware#installation
+
+# Docker multi-stage build - https://docs.docker.com/develop/develop-images/multistage-build/
+# Use an alpine node image to install the plugin
+FROM node:lts-alpine as builder
+
+# Install the metrics middleware plugin
+# npm docs
+# --global-style https://docs.npmjs.com/cli/v7/commands/npm-install#global-style
+# --no-bin-links https://docs.npmjs.com/cli/v7/commands/npm-install#bin-links
+# --omit=optional 
+RUN mkdir -p /verdaccio/plugins \
+  && cd /verdaccio/plugins \
+  && npm install --global-style --no-bin-links --omit=optional verdaccio-auth-memory@latest
+
+# The final built image will be based on the standard Verdaccio docker image.
+FROM verdaccio/verdaccio:5
+
+# Copy the plugin files over from the 'builder' node image.
+# The `$VERDACCIO_USER_UID` env variable is defined in the base `verdaccio/verdaccio` image.
+# Refer to: https://github.com/verdaccio/verdaccio/blob/v5.2.0/Dockerfile#L32
+ADD docker.yaml /verdaccio/conf/config.yaml  
+COPY --chown=$VERDACCIO_USER_UID:root --from=builder \
+  /verdaccio/plugins/node_modules/verdaccio-auth-memory \
+  /verdaccio/plugins/verdaccio-auth-memory

docker-examples/v5/plugins/docker-build-install-plugin/README.md

@@ -0,0 +1,46 @@
+# Installing a plugin with Docker build
+
+On this small tutorial (based on [`verdaccio-prometheus-middleware`](https://github.com/xlts-dev/verdaccio-prometheus-middleware) example) you will be able to use a published package in any random registry (npmjs by default) and use it withing a docker image without mapping need it.
+
+> Since verdaccio:5 uses `yarn@2` to run the application, this tutorial is a workaround but future prove since verdaccio 6 uses `pnpm` to build the docker image.
+
+There are two main steps to highlight:
+
+- `docker.yaml`: This is a copy of the original configuration file for docker and with small modifications to use the plugin [`verdaccio-auth-memory`](https://www.npmjs.com/package/verdaccio-auth-memory) and custom web title for demonstration.
+- The `Dockerfile` take advance of the docker multi-stage build to install the plugin into the `verdaccio/plugins` folder withing the image, then we apply the right permissions `--chown=$VERDACCIO_USER_UID:root` so the plugin is recognized.
+
+## Run it
+
+Build this image.
+
+```bash
+docker build -t verdaccio/verdaccio:local .
+```
+
+and to run it
+
+```bash
+docker run -it --rm --name verdaccio -p 4873:4873 verdaccio/verdaccio:local
+```
+
+## Usage
+
+```dockerfile
+# Docker multi-stage build - https://docs.docker.com/develop/develop-images/multistage-build/
+# Use an alpine node image to install the plugin
+FROM node:lts-alpine as builder
+
+RUN mkdir -p /verdaccio/plugins \
+  && cd /verdaccio/plugins \
+  && npm install --global-style --no-bin-links --omit=optional verdaccio-auth-memory@latest
+
+FROM verdaccio/verdaccio:5
+
+# copy your modified config.yaml into the image
+ADD docker.yaml /verdaccio/conf/config.yaml
+
+COPY --chown=$VERDACCIO_USER_UID:root --from=builder \
+  /verdaccio/plugins/node_modules/verdaccio-auth-memory \
+  /verdaccio/plugins/verdaccio-auth-memory
+
+```

docker-examples/v5/plugins/docker-build-install-plugin/docker.yaml

@@ -0,0 +1,197 @@
+#
+# This is the default configuration file. It allows all users to do anything,
+# please read carefully the documentation and best practices to
+# improve security.
+#
+# Do not configure host and port under `listen` in this file
+# as it will be ignored when using docker.
+# see https://verdaccio.org/docs/en/docker#docker-and-custom-port-configuration
+#
+# Look here for more config file examples:
+# https://github.com/verdaccio/verdaccio/tree/5.x/conf
+#
+# Read about the best practices
+# https://verdaccio.org/docs/best
+
+# path to a directory with all packages
+storage: /verdaccio/storage/data
+# path to a directory with plugins to include
+plugins: /verdaccio/plugins
+
+# https://verdaccio.org/docs/webui
+web:
+  title: Verdaccio Publish Config Test
+  # comment out to disable gravatar support
+  # gravatar: false
+  # by default packages are ordercer ascendant (asc|desc)
+  # sort_packages: asc
+  # convert your UI to the dark side
+  # darkMode: true
+  # html_cache: true
+  # by default all features are displayed
+  # login: true
+  # showInfo: true
+  # showSettings: true
+  # In combination with darkMode you can force specific theme
+  # showThemeSwitch: true
+  # showFooter: true
+  # showSearch: true
+  # showRaw: true
+  # showDownloadTarball: true
+  #  HTML tags injected after manifest <scripts/>
+  # scriptsBodyAfter:
+  #    - '<script type="text/javascript" src="https://my.company.com/customJS.min.js"></script>'
+  #  HTML tags injected before ends </head>
+  #  metaScripts:
+  #    - '<script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>'
+  #    - '<script type="text/javascript" src="https://browser.sentry-cdn.com/5.15.5/bundle.min.js"></script>'
+  #    - '<meta name="robots" content="noindex" />'
+  #  HTML tags injected first child at <body/>
+  #  bodyBefore:
+  #    - '<div id="myId">html before webpack scripts</div>'
+  #  Public path for template manifest scripts (only manifest)
+  #  publicPath: http://somedomain.org/
+
+# https://verdaccio.org/docs/configuration#authentication
+auth:
+  auth-memory:
+    users:
+      foo:
+        name: foo
+        password: s3cret
+      bar:
+        name: bar
+        password: s3cret
+
+# https://verdaccio.org/docs/configuration#uplinks
+# a list of other known repositories we can talk to
+uplinks:
+  npmjs:
+    url: https://registry.npmjs.org/
+
+# Learn how to protect your packages
+# https://verdaccio.org/docs/protect-your-dependencies/
+# https://verdaccio.org/docs/configuration#packages
+packages:
+  '@*/*':
+    # scoped packages
+    access: $all
+    publish: $authenticated
+    unpublish: $authenticated
+    proxy: npmjs
+
+  '**':
+    # allow all users (including non-authenticated users) to read and
+    # publish all packages
+    #
+    # you can specify usernames/groupnames (depending on your auth plugin)
+    # and three keywords: "$all", "$anonymous", "$authenticated"
+    access: $all
+
+    # allow all known users to publish/publish packages
+    # (anyone can register by default, remember?)
+    publish: $authenticated
+    unpublish: $authenticated
+
+    # if package is not available locally, proxy requests to 'npmjs' registry
+    proxy: npmjs
+
+# To improve your security configuration and  avoid dependency confusion
+# consider removing the proxy property for private packages
+# https://verdaccio.org/docs/best#remove-proxy-to-increase-security-at-private-packages
+
+# https://verdaccio.org/docs/configuration#server
+# You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections.
+# A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout.
+# WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.
+server:
+  keepAliveTimeout: 60
+
+# https://verdaccio.org/docs/configuration#offline-publish
+# publish:
+#   allow_offline: false
+
+# https://verdaccio.org/docs/configuration#url-prefix
+# url_prefix: /verdaccio/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/my_prefix'
+# // url -> https://somedomain.org/my_prefix/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/'
+# // url -> https://somedomain.org/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org/first_prefix';
+# url_prefix: '/second_prefix'
+# // url -> https://somedomain.org/second_prefix/'
+
+# https://verdaccio.org/docs/configuration#security
+# security:
+#   api:
+#     legacy: true
+#     jwt:
+#       sign:
+#         expiresIn: 29d
+#       verify:
+#         someProp: [value]
+#    web:
+#      sign:
+#        expiresIn: 1h # 1 hour by default
+#      verify:
+#         someProp: [value]
+
+# https://verdaccio.org/docs/configuration#user-rate-limit
+# userRateLimit:
+#   windowMs: 50000
+#   max: 1000
+
+# https://verdaccio.org/docs/configuration#max-body-size
+# max_body_size: 10mb
+
+# https://verdaccio.org/docs/configuration#listen-port
+# listen:
+# - localhost:4873            # default value
+# - http://localhost:4873     # same thing
+# - 0.0.0.0:4873              # listen on all addresses (INADDR_ANY)
+# - https://example.org:4873  # if you want to use https
+# - "[::1]:4873"                # ipv6
+# - unix:/tmp/verdaccio.sock    # unix socket
+
+# The HTTPS configuration is useful if you do not consider use a HTTP Proxy
+# https://verdaccio.org/docs/configuration#https
+# https:
+#   key: ./path/verdaccio-key.pem
+#   cert: ./path/verdaccio-cert.pem
+#   ca: ./path/verdaccio-csr.pem
+
+# https://verdaccio.org/docs/configuration#proxy
+# http_proxy: http://something.local/
+# https_proxy: https://something.local/
+
+# https://verdaccio.org/docs/configuration#notifications
+# notify:
+#   method: POST
+#   headers: [{ "Content-Type": "application/json" }]
+#   endpoint: https://usagge.hipchat.com/v2/room/3729485/notification?auth_token=mySecretToken
+#   content: '{"color":"green","message":"New package published: * {{ name }}*","notify":true,"message_format":"text"}'
+
+middlewares:
+  audit:
+    enabled: true
+
+# https://verdaccio.org/docs/logger
+# log settings
+logs: { type: stdout, format: pretty, level: http }
+#experiments:
+#  # support for npm token command
+#  token: false
+#  # enable tarball URL redirect for hosting tarball with a different server, the tarball_url_redirect can be a template string
+#  tarball_url_redirect: 'https://mycdn.com/verdaccio/${packageName}/${filename}'
+#  # the tarball_url_redirect can be a function, takes packageName and filename and returns the url, when working with a js configuration file
+#  tarball_url_redirect(packageName, filename) {
+#    const signedUrl = // generate a signed url
+#    return signedUrl;
+#  }
+
+# translate your registry, api i18n not available yet
+# i18n:
+# list of the available translations https://github.com/verdaccio/verdaccio/blob/master/packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md
+#   web: en-US

docker-examples/v5/plugins/docker-local-plugin/Dockerfile

@@ -0,0 +1,26 @@
+# Docs based on https://github.com/xlts-dev/verdaccio-prometheus-middleware#installation
+# Docker multi-stage build - https://docs.docker.com/develop/develop-images/multistage-build/
+# Use an alpine node image to install the plugin
+FROM node:lts-alpine as builder
+
+RUN mkdir -p /verdaccio/plugins
+
+# Copy the local plugin into the docker image
+ADD plugins/verdaccio-docker-memory /verdaccio/plugins/verdaccio-docker-memory
+# Install the production dependencies (be careful install devDependencies here)
+RUN cd /verdaccio/plugins/verdaccio-docker-memory \
+  && npm install --production
+
+# The final built image will be based on the standard Verdaccio docker image.
+FROM verdaccio/verdaccio:5
+
+# Copy the plugin files over from the 'builder' node image.
+# The `$VERDACCIO_USER_UID` env variable is defined in the base `verdaccio/verdaccio` image.
+# Refer to: https://github.com/verdaccio/verdaccio/blob/v5.2.0/Dockerfile#L32
+# The local verdaccio-docker-memory is setup as storage
+ADD docker.yaml /verdaccio/conf/config.yaml  
+
+# Copy the plugin into the /verdaccio/plugins 
+COPY --chown=$VERDACCIO_USER_UID:root --from=builder \
+  /verdaccio/plugins/verdaccio-docker-memory \
+  /verdaccio/plugins/verdaccio-docker-memory

docker-examples/v5/plugins/docker-local-plugin/README.md

@@ -0,0 +1,42 @@
+# Installing a local plugin with Docker build
+
+On this small tutorial (based on [`verdaccio-prometheus-middleware`](https://github.com/xlts-dev/verdaccio-prometheus-middleware) example) you will be able to use a published package in any random registry (npmjs by default) and use it withing a docker image without mapping need it.
+
+> Since verdaccio:5 uses `yarn@2` to run the application, this tutorial is a workaround but future prove since verdaccio 6 uses `pnpm` to build the docker image.
+
+There are three main steps to highlight:
+
+- Note the custom plugin at `plugins/verdaccio-docker-memory` under the name `verdaccio-docker-memory`.
+- Install the _production_ dependencies for the plugin `verdaccio-docker-memory`
+- `docker.yaml`: This is a copy of the original configuration file for docker and with small modifications to use the local plugin `verdaccio-docker-memory`.
+- The `Dockerfile` take advance of the docker multi-stage build to copy the local plugin into the `verdaccio/plugins` folder withing the image, then we apply the right permissions `--chown=$VERDACCIO_USER_UID:root` so the plugin is recognized.
+
+## Run it
+
+Build this image.
+
+```bash
+docker build -t verdaccio/verdaccio:local .
+```
+
+and to run it
+
+```bash
+docker run -it --rm --name verdaccio -p 4873:4873 verdaccio/verdaccio:local
+```
+
+## Usage
+
+```dockerfile
+FROM node:lts-alpine as builder
+RUN mkdir -p /verdaccio/plugins
+ADD plugins/verdaccio-docker-memory /verdaccio/plugins/verdaccio-docker-memory
+RUN cd /verdaccio/plugins/verdaccio-docker-memory \
+  && ls -ls \
+  && npm install --production
+FROM verdaccio/verdaccio:5
+ADD docker.yaml /verdaccio/conf/config.yaml
+COPY --chown=$VERDACCIO_USER_UID:root --from=builder \
+  /verdaccio/plugins/verdaccio-docker-memory \
+  /verdaccio/plugins/verdaccio-docker-memory
+```

docker-examples/v5/plugins/docker-local-plugin/docker.yaml

@@ -0,0 +1,199 @@
+#
+# This is the default configuration file. It allows all users to do anything,
+# please read carefully the documentation and best practices to
+# improve security.
+#
+# Do not configure host and port under `listen` in this file
+# as it will be ignored when using docker.
+# see https://verdaccio.org/docs/en/docker#docker-and-custom-port-configuration
+#
+# Look here for more config file examples:
+# https://github.com/verdaccio/verdaccio/tree/5.x/conf
+#
+# Read about the best practices
+# https://verdaccio.org/docs/best
+
+# path to a directory with all packages
+storage: /verdaccio/storage/data
+
+store:
+  # dummy copy of https://www.npmjs.com/package/verdaccio-memory
+  docker-memory:
+    limit: 1000
+
+# path to a directory with plugins to include
+plugins: /verdaccio/plugins
+
+# https://verdaccio.org/docs/webui
+web:
+  title: Verdaccio This is a Test
+  # comment out to disable gravatar support
+  # gravatar: false
+  # by default packages are ordercer ascendant (asc|desc)
+  # sort_packages: asc
+  # convert your UI to the dark side
+  # darkMode: true
+  # html_cache: true
+  # by default all features are displayed
+  # login: true
+  # showInfo: true
+  # showSettings: true
+  # In combination with darkMode you can force specific theme
+  # showThemeSwitch: true
+  # showFooter: true
+  # showSearch: true
+  # showRaw: true
+  # showDownloadTarball: true
+  #  HTML tags injected after manifest <scripts/>
+  # scriptsBodyAfter:
+  #    - '<script type="text/javascript" src="https://my.company.com/customJS.min.js"></script>'
+  #  HTML tags injected before ends </head>
+  #  metaScripts:
+  #    - '<script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>'
+  #    - '<script type="text/javascript" src="https://browser.sentry-cdn.com/5.15.5/bundle.min.js"></script>'
+  #    - '<meta name="robots" content="noindex" />'
+  #  HTML tags injected first child at <body/>
+  #  bodyBefore:
+  #    - '<div id="myId">html before webpack scripts</div>'
+  #  Public path for template manifest scripts (only manifest)
+  #  publicPath: http://somedomain.org/
+
+auth:
+  htpasswd:
+    file: ./htpasswd
+    # Maximum amount of users allowed to register, defaults to "+inf".
+    # You can set this to -1 to disable registration.
+    # max_users: 1000
+
+# https://verdaccio.org/docs/configuration#uplinks
+# a list of other known repositories we can talk to
+uplinks:
+  npmjs:
+    url: https://registry.npmjs.org/
+
+# Learn how to protect your packages
+# https://verdaccio.org/docs/protect-your-dependencies/
+# https://verdaccio.org/docs/configuration#packages
+packages:
+  '@*/*':
+    # scoped packages
+    access: $all
+    publish: $authenticated
+    unpublish: $authenticated
+    proxy: npmjs
+
+  '**':
+    # allow all users (including non-authenticated users) to read and
+    # publish all packages
+    #
+    # you can specify usernames/groupnames (depending on your auth plugin)
+    # and three keywords: "$all", "$anonymous", "$authenticated"
+    access: $all
+
+    # allow all known users to publish/publish packages
+    # (anyone can register by default, remember?)
+    publish: $authenticated
+    unpublish: $authenticated
+
+    # if package is not available locally, proxy requests to 'npmjs' registry
+    proxy: npmjs
+
+# To improve your security configuration and  avoid dependency confusion
+# consider removing the proxy property for private packages
+# https://verdaccio.org/docs/best#remove-proxy-to-increase-security-at-private-packages
+
+# https://verdaccio.org/docs/configuration#server
+# You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections.
+# A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout.
+# WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.
+server:
+  keepAliveTimeout: 60
+
+# https://verdaccio.org/docs/configuration#offline-publish
+# publish:
+#   allow_offline: false
+
+# https://verdaccio.org/docs/configuration#url-prefix
+# url_prefix: /verdaccio/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/my_prefix'
+# // url -> https://somedomain.org/my_prefix/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/'
+# // url -> https://somedomain.org/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org/first_prefix';
+# url_prefix: '/second_prefix'
+# // url -> https://somedomain.org/second_prefix/'
+
+# https://verdaccio.org/docs/configuration#security
+# security:
+#   api:
+#     legacy: true
+#     jwt:
+#       sign:
+#         expiresIn: 29d
+#       verify:
+#         someProp: [value]
+#    web:
+#      sign:
+#        expiresIn: 1h # 1 hour by default
+#      verify:
+#         someProp: [value]
+
+# https://verdaccio.org/docs/configuration#user-rate-limit
+# userRateLimit:
+#   windowMs: 50000
+#   max: 1000
+
+# https://verdaccio.org/docs/configuration#max-body-size
+# max_body_size: 10mb
+
+# https://verdaccio.org/docs/configuration#listen-port
+# listen:
+# - localhost:4873            # default value
+# - http://localhost:4873     # same thing
+# - 0.0.0.0:4873              # listen on all addresses (INADDR_ANY)
+# - https://example.org:4873  # if you want to use https
+# - "[::1]:4873"                # ipv6
+# - unix:/tmp/verdaccio.sock    # unix socket
+
+# The HTTPS configuration is useful if you do not consider use a HTTP Proxy
+# https://verdaccio.org/docs/configuration#https
+# https:
+#   key: ./path/verdaccio-key.pem
+#   cert: ./path/verdaccio-cert.pem
+#   ca: ./path/verdaccio-csr.pem
+
+# https://verdaccio.org/docs/configuration#proxy
+# http_proxy: http://something.local/
+# https_proxy: https://something.local/
+
+# https://verdaccio.org/docs/configuration#notifications
+# notify:
+#   method: POST
+#   headers: [{ "Content-Type": "application/json" }]
+#   endpoint: https://usagge.hipchat.com/v2/room/3729485/notification?auth_token=mySecretToken
+#   content: '{"color":"green","message":"New package published: * {{ name }}*","notify":true,"message_format":"text"}'
+
+middlewares:
+  audit:
+    enabled: true
+
+# https://verdaccio.org/docs/logger
+# log settings
+logs: { type: stdout, format: pretty, level: http }
+#experiments:
+#  # support for npm token command
+#  token: false
+#  # enable tarball URL redirect for hosting tarball with a different server, the tarball_url_redirect can be a template string
+#  tarball_url_redirect: 'https://mycdn.com/verdaccio/${packageName}/${filename}'
+#  # the tarball_url_redirect can be a function, takes packageName and filename and returns the url, when working with a js configuration file
+#  tarball_url_redirect(packageName, filename) {
+#    const signedUrl = // generate a signed url
+#    return signedUrl;
+#  }
+
+# translate your registry, api i18n not available yet
+# i18n:
+# list of the available translations https://github.com/verdaccio/verdaccio/blob/master/packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md
+#   web: en-US

docker-examples/v5/plugins/docker-local-plugin/plugins/.eslintrc

@@ -0,0 +1,8 @@
+{
+  "rules": {
+    "max-len": 0,
+    "@typescript-eslint/prefer-optional-chain": 0,
+    "@typescript-eslint/no-unused-vars": 0,
+    "@typescript-eslint/explicit-member-accessibility": 0
+  }
+}

docker-examples/v5/plugins/docker-local-plugin/plugins/verdaccio-docker-memory/lib/index.js

@@ -0,0 +1,17 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', {
+  value: true,
+});
+exports.LocalMemory = undefined;
+
+let _localMemory = require('./local-memory');
+
+let _localMemory2 = _interopRequireDefault(_localMemory);
+
+function _interopRequireDefault(obj) {
+  return obj && obj.__esModule ? obj : { default: obj };
+}
+
+exports.LocalMemory = _localMemory2.default;
+exports.default = _localMemory2.default;

docker-examples/v5/plugins/docker-local-plugin/plugins/verdaccio-docker-memory/lib/local-memory.js

@@ -0,0 +1,96 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', {
+  value: true,
+});
+
+let _memoryHandler = require('./memory-handler');
+
+let _memoryHandler2 = _interopRequireDefault(_memoryHandler);
+
+function _interopRequireDefault(obj) {
+  return obj && obj.__esModule ? obj : { default: obj };
+}
+
+const DEFAULT_LIMIT = 1000;
+
+class LocalMemory {
+  constructor(config, options) {
+    this.config = config;
+    this.limit = config.limit || DEFAULT_LIMIT;
+    this.logger = options.logger;
+    this.data = this._createEmtpyDatabase();
+  }
+
+  getSecret() {
+    return Promise.resolve(this.data.secret);
+  }
+
+  setSecret(secret) {
+    return new Promise((resolve, reject) => {
+      this.data.secret = secret;
+      resolve(null);
+    });
+  }
+
+  add(name, cb) {
+    const list = this.data.list;
+
+    if (list.length < this.limit) {
+      if (list.indexOf(name) === -1) {
+        list.push(name);
+      }
+      cb(null);
+    } else {
+      this.logger.info(
+        { limit: this.limit },
+        'Storage memory has reached limit of @{limit} packages'
+      );
+      cb(new Error('Storage memory has reached limit of limit packages'));
+    }
+  }
+
+  search(onPackage, onEnd, validateName) {
+    // TODO: pending to implement
+    onEnd();
+  }
+
+  remove(name, cb) {
+    const list = this.data.list;
+
+    const item = list.indexOf(name);
+
+    if (item !== -1) {
+      list.splice(item, 1);
+    }
+
+    cb(null);
+  }
+
+  get(cb) {
+    cb(null, this.data.list);
+  }
+
+  sync() {
+    // nothing to do
+  }
+
+  getPackageStorage(packageInfo) {
+    // eslint-disable-next-line new-cap
+    return new _memoryHandler2.default(packageInfo, this.data.files, this.logger);
+  }
+
+  _createEmtpyDatabase() {
+    const list = [];
+    const files = {};
+    const emptyDatabase = {
+      list,
+      files,
+      secret: '',
+    };
+
+    return emptyDatabase;
+  }
+}
+
+exports.default = LocalMemory;

docker-examples/v5/plugins/docker-local-plugin/plugins/verdaccio-docker-memory/lib/memory-handler.js

@@ -0,0 +1,182 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', {
+  value: true,
+});
+exports.fileExist = exports.noSuchFile = undefined;
+
+let _httpErrors = require('http-errors');
+
+let _httpErrors2 = _interopRequireDefault(_httpErrors);
+
+let _memoryFs = require('memory-fs');
+
+let _memoryFs2 = _interopRequireDefault(_memoryFs);
+
+let _streams = require('@verdaccio/streams');
+
+function _interopRequireDefault(obj) {
+  return obj && obj.__esModule ? obj : { default: obj };
+}
+
+// $FlowFixMe
+const noSuchFile = (exports.noSuchFile = 'ENOENT');
+
+const fileExist = (exports.fileExist = 'EEXISTS');
+
+const fSError = function fSError(message, code = 404) {
+  const err = (0, _httpErrors2.default)(code, message);
+  // $FlowFixMe
+  err.code = message;
+
+  return err;
+};
+
+const noPackageFoundError = function noPackageFoundError(message = 'no such package') {
+  const err = (0, _httpErrors2.default)(404, message);
+  // $FlowFixMe
+  err.code = noSuchFile;
+  return err;
+};
+
+// eslint-disable-next-line new-cap
+const fs = new _memoryFs2.default();
+
+class MemoryHandler {
+  constructor(packageName, data, logger) {
+    // this is not need it
+    this.data = data;
+    this.name = packageName;
+    this.logger = logger;
+  }
+
+  updatePackage(pkgFileName, updateHandler, onWrite, transformPackage, onEnd) {
+    let json = this._getStorage(pkgFileName);
+
+    try {
+      json = JSON.parse(json);
+    } catch (err) {
+      return onEnd(err);
+    }
+
+    updateHandler(json, (err) => {
+      if (err) {
+        return onEnd(err);
+      }
+      try {
+        onWrite(pkgFileName, transformPackage(json), onEnd);
+      } catch (err) {
+        return onEnd(fSError('error on parse', 500));
+      }
+    });
+  }
+
+  deletePackage(pkgName, callback) {
+    delete this.data[pkgName];
+    callback(null);
+  }
+
+  removePackage(callback) {
+    callback(null);
+  }
+
+  createPackage(name, value, cb) {
+    this.savePackage(name, value, cb);
+  }
+
+  savePackage(name, value, cb) {
+    try {
+      const json = JSON.stringify(value, null, '\t');
+
+      this.data[name] = json;
+    } catch (err) {
+      cb(fSError(err.message, 500));
+    }
+
+    cb(null);
+  }
+
+  readPackage(name, cb) {
+    const json = this._getStorage(name);
+    const isJson = typeof json === 'undefined';
+
+    try {
+      cb(isJson ? noPackageFoundError() : null, JSON.parse(json));
+    } catch (err) {
+      cb(noPackageFoundError());
+    }
+  }
+
+  writeTarball(name) {
+    const uploadStream = new _streams.UploadTarball();
+    const temporalName = `/${name}`;
+
+    process.nextTick(function () {
+      fs.exists(temporalName, function (exists) {
+        if (exists) {
+          return uploadStream.emit('error', fSError(fileExist));
+        }
+
+        try {
+          const file = fs.createWriteStream(temporalName);
+
+          uploadStream.pipe(file);
+
+          uploadStream.done = function () {
+            const onEnd = function onEnd() {
+              uploadStream.emit('success');
+            };
+
+            uploadStream.on('end', onEnd);
+          };
+
+          uploadStream.abort = function () {
+            uploadStream.emit('error', fSError('transmision aborted', 400));
+            file.end();
+          };
+
+          uploadStream.emit('open');
+        } catch (err) {
+          uploadStream.emit('error', err);
+        }
+      });
+    });
+
+    return uploadStream;
+  }
+
+  readTarball(name) {
+    const pathName = `/${name}`;
+
+    const readTarballStream = new _streams.ReadTarball();
+
+    process.nextTick(function () {
+      fs.exists(pathName, function (exists) {
+        if (!exists) {
+          readTarballStream.emit('error', noPackageFoundError());
+        } else {
+          const readStream = fs.createReadStream(pathName);
+
+          readTarballStream.emit('content-length', fs.data[name].length);
+          readTarballStream.emit('open');
+          readStream.pipe(readTarballStream);
+          readStream.on('error', (error) => {
+            readTarballStream.emit('error', error);
+          });
+
+          readTarballStream.abort = function () {
+            readStream.destroy(fSError('read has been aborted', 400));
+          };
+        }
+      });
+    });
+
+    return readTarballStream;
+  }
+
+  _getStorage(name = '') {
+    return this.data[name];
+  }
+}
+
+exports.default = MemoryHandler;

docker-examples/v5/plugins/docker-local-plugin/plugins/verdaccio-docker-memory/package.json

@@ -0,0 +1,19 @@
+{
+  "name": "verdaccio-docker-memory",
+  "version": "1.0.3",
+  "description": "storage implementation in memory",
+  "main": "lib/index.js",
+  "dependencies": {
+    "@verdaccio/streams": "1.0.0",
+    "http-errors": "1.6.3",
+    "memory-fs": "0.4.1"
+  },
+  "keywords": [
+    "verdaccio",
+    "plugin",
+    "storage"
+  ],
+  "author": "Juan Picado <juanpicado19@gmail.com>",
+  "private": true,
+  "license": "MIT"
+}

docker-examples/v6/README.md

@@ -1,8 +1,22 @@
-# Verdaccio 6
+# Verdaccio 6 Examples
 
 > We recommend to have installed [docker-compose >= 1.29.0](https://github.com/docker/compose/releases/tag/1.29.2)
 
-- [Docker + Nginx + Verdaccio](reverse_proxy/nginx/README.md)
-- [Docker + Apache + Verdaccio](apache-verdaccio/README.md)
+## Mapping Volumes
+
 - [Docker + Local Storage Volume + Verdaccio](docker-local-storage-volume/README.md)
-- [Docker + HTTPS Portal + Verdaccio](https-portal-example/README.md)
+
+## Proxy
+
+- [Docker + Nginx + Verdaccio](proxy/reverse_proxy/nginx/README.md)
+- [Docker + Apache + Verdaccio](proxy/apache-verdaccio/README.md)
+- [Docker + HTTPS Portal + Verdaccio](proxy/https-portal-example/README.md)
+
+> Looking forward more examples with proxies.
+
+## Plugins
+
+Using plugins without `docker-compose` mapping volumes, all withing the `Dockerfile`.
+
+- [Docker + Local Build Auth Plugin (local development)](plugins/docker-build-install-plugin/README.md)
+- [Docker + Auth Plugin (from a registry)](plugins/docker-local-plugin/README.md)

docker-examples/v6/plugins/docker-build-install-plugin/Dockerfile

@@ -0,0 +1,25 @@
+# Docs based on https://github.com/xlts-dev/verdaccio-prometheus-middleware#installation
+
+# Docker multi-stage build - https://docs.docker.com/develop/develop-images/multistage-build/
+# Use an alpine node image to install the plugin
+FROM node:lts-alpine as builder
+
+# Install the metrics middleware plugin
+# npm docs
+# --global-style https://docs.npmjs.com/cli/v7/commands/npm-install#global-style
+# --no-bin-links https://docs.npmjs.com/cli/v7/commands/npm-install#bin-links
+# --omit=optional 
+RUN mkdir -p /verdaccio/plugins \
+  && cd /verdaccio/plugins \
+  && npm install --global-style --no-bin-links --omit=optional verdaccio-auth-memory@latest
+
+# The final built image will be based on the standard Verdaccio docker image.
+FROM verdaccio/verdaccio:nightly-master
+
+# Copy the plugin files over from the 'builder' node image.
+# The `$VERDACCIO_USER_UID` env variable is defined in the base `verdaccio/verdaccio` image.
+# Refer to: https://github.com/verdaccio/verdaccio/blob/v5.2.0/Dockerfile#L32
+ADD docker.yaml /verdaccio/conf/config.yaml  
+COPY --chown=$VERDACCIO_USER_UID:root --from=builder \
+  /verdaccio/plugins/node_modules/verdaccio-auth-memory \
+  /verdaccio/plugins/verdaccio-auth-memory

docker-examples/v6/plugins/docker-build-install-plugin/README.md

@@ -0,0 +1,46 @@
+# Installing a plugin with Docker build
+
+On this small tutorial (based on [`verdaccio-prometheus-middleware`](https://github.com/xlts-dev/verdaccio-prometheus-middleware) example) you will be able to use a published package in any random registry (npmjs by default) and use it withing a docker image without mapping need it.
+
+> Since verdaccio:5 uses `yarn@2` to run the application, this tutorial is a workaround but future prove since verdaccio 6 uses `pnpm` to build the docker image.
+
+There are two main steps to highlight:
+
+- `docker.yaml`: This is a copy of the original configuration file for docker and with small modifications to use the plugin [`verdaccio-auth-memory`](https://www.npmjs.com/package/verdaccio-auth-memory) and custom web title for demonstration.
+- The `Dockerfile` take advance of the docker multi-stage build to install the plugin into the `verdaccio/plugins` folder withing the image, then we apply the right permissions `--chown=$VERDACCIO_USER_UID:root` so the plugin is recognized.
+
+## Run it
+
+Build this image.
+
+```bash
+docker build -t verdaccio/verdaccio:local .
+```
+
+and to run it
+
+```bash
+docker run -it --rm --name verdaccio -p 4873:4873 verdaccio/verdaccio:local
+```
+
+## Usage
+
+```dockerfile
+# Docker multi-stage build - https://docs.docker.com/develop/develop-images/multistage-build/
+# Use an alpine node image to install the plugin
+FROM node:lts-alpine as builder
+
+RUN mkdir -p /verdaccio/plugins \
+  && cd /verdaccio/plugins \
+  && npm install --global-style --no-bin-links --omit=optional verdaccio-auth-memory@latest
+
+FROM verdaccio/verdaccio:5
+
+# copy your modified config.yaml into the image
+ADD docker.yaml /verdaccio/conf/config.yaml
+
+COPY --chown=$VERDACCIO_USER_UID:root --from=builder \
+  /verdaccio/plugins/node_modules/verdaccio-auth-memory \
+  /verdaccio/plugins/verdaccio-auth-memory
+
+```

docker-examples/v6/plugins/docker-build-install-plugin/docker.yaml

@@ -0,0 +1,197 @@
+#
+# This is the default configuration file. It allows all users to do anything,
+# please read carefully the documentation and best practices to
+# improve security.
+#
+# Do not configure host and port under `listen` in this file
+# as it will be ignored when using docker.
+# see https://verdaccio.org/docs/en/docker#docker-and-custom-port-configuration
+#
+# Look here for more config file examples:
+# https://github.com/verdaccio/verdaccio/tree/5.x/conf
+#
+# Read about the best practices
+# https://verdaccio.org/docs/best
+
+# path to a directory with all packages
+storage: /verdaccio/storage/data
+# path to a directory with plugins to include
+plugins: /verdaccio/plugins
+
+# https://verdaccio.org/docs/webui
+web:
+  title: Verdaccio Publish Config Test
+  # comment out to disable gravatar support
+  # gravatar: false
+  # by default packages are ordercer ascendant (asc|desc)
+  # sort_packages: asc
+  # convert your UI to the dark side
+  # darkMode: true
+  # html_cache: true
+  # by default all features are displayed
+  # login: true
+  # showInfo: true
+  # showSettings: true
+  # In combination with darkMode you can force specific theme
+  # showThemeSwitch: true
+  # showFooter: true
+  # showSearch: true
+  # showRaw: true
+  # showDownloadTarball: true
+  #  HTML tags injected after manifest <scripts/>
+  # scriptsBodyAfter:
+  #    - '<script type="text/javascript" src="https://my.company.com/customJS.min.js"></script>'
+  #  HTML tags injected before ends </head>
+  #  metaScripts:
+  #    - '<script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>'
+  #    - '<script type="text/javascript" src="https://browser.sentry-cdn.com/5.15.5/bundle.min.js"></script>'
+  #    - '<meta name="robots" content="noindex" />'
+  #  HTML tags injected first child at <body/>
+  #  bodyBefore:
+  #    - '<div id="myId">html before webpack scripts</div>'
+  #  Public path for template manifest scripts (only manifest)
+  #  publicPath: http://somedomain.org/
+
+# https://verdaccio.org/docs/configuration#authentication
+auth:
+  auth-memory:
+    users:
+      foo:
+        name: foo
+        password: s3cret
+      bar:
+        name: bar
+        password: s3cret
+
+# https://verdaccio.org/docs/configuration#uplinks
+# a list of other known repositories we can talk to
+uplinks:
+  npmjs:
+    url: https://registry.npmjs.org/
+
+# Learn how to protect your packages
+# https://verdaccio.org/docs/protect-your-dependencies/
+# https://verdaccio.org/docs/configuration#packages
+packages:
+  '@*/*':
+    # scoped packages
+    access: $all
+    publish: $authenticated
+    unpublish: $authenticated
+    proxy: npmjs
+
+  '**':
+    # allow all users (including non-authenticated users) to read and
+    # publish all packages
+    #
+    # you can specify usernames/groupnames (depending on your auth plugin)
+    # and three keywords: "$all", "$anonymous", "$authenticated"
+    access: $all
+
+    # allow all known users to publish/publish packages
+    # (anyone can register by default, remember?)
+    publish: $authenticated
+    unpublish: $authenticated
+
+    # if package is not available locally, proxy requests to 'npmjs' registry
+    proxy: npmjs
+
+# To improve your security configuration and  avoid dependency confusion
+# consider removing the proxy property for private packages
+# https://verdaccio.org/docs/best#remove-proxy-to-increase-security-at-private-packages
+
+# https://verdaccio.org/docs/configuration#server
+# You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections.
+# A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout.
+# WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.
+server:
+  keepAliveTimeout: 60
+
+# https://verdaccio.org/docs/configuration#offline-publish
+# publish:
+#   allow_offline: false
+
+# https://verdaccio.org/docs/configuration#url-prefix
+# url_prefix: /verdaccio/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/my_prefix'
+# // url -> https://somedomain.org/my_prefix/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/'
+# // url -> https://somedomain.org/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org/first_prefix';
+# url_prefix: '/second_prefix'
+# // url -> https://somedomain.org/second_prefix/'
+
+# https://verdaccio.org/docs/configuration#security
+# security:
+#   api:
+#     legacy: true
+#     jwt:
+#       sign:
+#         expiresIn: 29d
+#       verify:
+#         someProp: [value]
+#    web:
+#      sign:
+#        expiresIn: 1h # 1 hour by default
+#      verify:
+#         someProp: [value]
+
+# https://verdaccio.org/docs/configuration#user-rate-limit
+# userRateLimit:
+#   windowMs: 50000
+#   max: 1000
+
+# https://verdaccio.org/docs/configuration#max-body-size
+# max_body_size: 10mb
+
+# https://verdaccio.org/docs/configuration#listen-port
+# listen:
+# - localhost:4873            # default value
+# - http://localhost:4873     # same thing
+# - 0.0.0.0:4873              # listen on all addresses (INADDR_ANY)
+# - https://example.org:4873  # if you want to use https
+# - "[::1]:4873"                # ipv6
+# - unix:/tmp/verdaccio.sock    # unix socket
+
+# The HTTPS configuration is useful if you do not consider use a HTTP Proxy
+# https://verdaccio.org/docs/configuration#https
+# https:
+#   key: ./path/verdaccio-key.pem
+#   cert: ./path/verdaccio-cert.pem
+#   ca: ./path/verdaccio-csr.pem
+
+# https://verdaccio.org/docs/configuration#proxy
+# http_proxy: http://something.local/
+# https_proxy: https://something.local/
+
+# https://verdaccio.org/docs/configuration#notifications
+# notify:
+#   method: POST
+#   headers: [{ "Content-Type": "application/json" }]
+#   endpoint: https://usagge.hipchat.com/v2/room/3729485/notification?auth_token=mySecretToken
+#   content: '{"color":"green","message":"New package published: * {{ name }}*","notify":true,"message_format":"text"}'
+
+middlewares:
+  audit:
+    enabled: true
+
+# https://verdaccio.org/docs/logger
+# log settings
+logs: { type: stdout, format: pretty, level: http }
+#experiments:
+#  # support for npm token command
+#  token: false
+#  # enable tarball URL redirect for hosting tarball with a different server, the tarball_url_redirect can be a template string
+#  tarball_url_redirect: 'https://mycdn.com/verdaccio/${packageName}/${filename}'
+#  # the tarball_url_redirect can be a function, takes packageName and filename and returns the url, when working with a js configuration file
+#  tarball_url_redirect(packageName, filename) {
+#    const signedUrl = // generate a signed url
+#    return signedUrl;
+#  }
+
+# translate your registry, api i18n not available yet
+# i18n:
+# list of the available translations https://github.com/verdaccio/verdaccio/blob/master/packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md
+#   web: en-US

docker-examples/v6/plugins/docker-local-plugin/Dockerfile

@@ -0,0 +1,26 @@
+# Docs based on https://github.com/xlts-dev/verdaccio-prometheus-middleware#installation
+# Docker multi-stage build - https://docs.docker.com/develop/develop-images/multistage-build/
+# Use an alpine node image to install the plugin
+FROM node:lts-alpine as builder
+
+RUN mkdir -p /verdaccio/plugins
+
+# Copy the local plugin into the docker image
+ADD plugins/verdaccio-docker-memory /verdaccio/plugins/verdaccio-docker-memory
+# Install the production dependencies (be careful install devDependencies here)
+RUN cd /verdaccio/plugins/verdaccio-docker-memory \
+  && npm install --production
+
+# The final built image will be based on the standard Verdaccio docker image.
+FROM verdaccio/verdaccio:nightly-master
+
+# Copy the plugin files over from the 'builder' node image.
+# The `$VERDACCIO_USER_UID` env variable is defined in the base `verdaccio/verdaccio` image.
+# Refer to: https://github.com/verdaccio/verdaccio/blob/v5.2.0/Dockerfile#L32
+# The local verdaccio-docker-memory is setup as storage
+ADD docker.yaml /verdaccio/conf/config.yaml  
+
+# Copy the plugin into the /verdaccio/plugins 
+COPY --chown=$VERDACCIO_USER_UID:root --from=builder \
+  /verdaccio/plugins/verdaccio-docker-memory \
+  /verdaccio/plugins/verdaccio-docker-memory

docker-examples/v6/plugins/docker-local-plugin/README.md

@@ -0,0 +1,42 @@
+# Installing a local plugin with Docker build
+
+On this small tutorial (based on [`verdaccio-prometheus-middleware`](https://github.com/xlts-dev/verdaccio-prometheus-middleware) example) you will be able to use a published package in any random registry (npmjs by default) and use it withing a docker image without mapping need it.
+
+> Since verdaccio:5 uses `yarn@2` to run the application, this tutorial is a workaround but future prove since verdaccio 6 uses `pnpm` to build the docker image.
+
+There are three main steps to highlight:
+
+- Note the custom plugin at `plugins/verdaccio-docker-memory` under the name `verdaccio-docker-memory`.
+- Install the _production_ dependencies for the plugin `verdaccio-docker-memory`
+- `docker.yaml`: This is a copy of the original configuration file for docker and with small modifications to use the local plugin `verdaccio-docker-memory`.
+- The `Dockerfile` take advance of the docker multi-stage build to copy the local plugin into the `verdaccio/plugins` folder withing the image, then we apply the right permissions `--chown=$VERDACCIO_USER_UID:root` so the plugin is recognized.
+
+## Run it
+
+Build this image.
+
+```bash
+docker build -t verdaccio/verdaccio:local .
+```
+
+and to run it
+
+```bash
+docker run -it --rm --name verdaccio -p 4873:4873 verdaccio/verdaccio:local
+```
+
+## Usage
+
+```dockerfile
+FROM node:lts-alpine as builder
+RUN mkdir -p /verdaccio/plugins
+ADD plugins/verdaccio-docker-memory /verdaccio/plugins/verdaccio-docker-memory
+RUN cd /verdaccio/plugins/verdaccio-docker-memory \
+  && ls -ls \
+  && npm install --production
+FROM verdaccio/verdaccio:5
+ADD docker.yaml /verdaccio/conf/config.yaml
+COPY --chown=$VERDACCIO_USER_UID:root --from=builder \
+  /verdaccio/plugins/verdaccio-docker-memory \
+  /verdaccio/plugins/verdaccio-docker-memory
+```

docker-examples/v6/plugins/docker-local-plugin/docker.yaml

@@ -0,0 +1,199 @@
+#
+# This is the default configuration file. It allows all users to do anything,
+# please read carefully the documentation and best practices to
+# improve security.
+#
+# Do not configure host and port under `listen` in this file
+# as it will be ignored when using docker.
+# see https://verdaccio.org/docs/en/docker#docker-and-custom-port-configuration
+#
+# Look here for more config file examples:
+# https://github.com/verdaccio/verdaccio/tree/5.x/conf
+#
+# Read about the best practices
+# https://verdaccio.org/docs/best
+
+# path to a directory with all packages
+storage: /verdaccio/storage/data
+
+store:
+  # dummy copy of https://www.npmjs.com/package/verdaccio-memory
+  docker-memory:
+    limit: 1000
+
+# path to a directory with plugins to include
+plugins: /verdaccio/plugins
+
+# https://verdaccio.org/docs/webui
+web:
+  title: Verdaccio This is a Test
+  # comment out to disable gravatar support
+  # gravatar: false
+  # by default packages are ordercer ascendant (asc|desc)
+  # sort_packages: asc
+  # convert your UI to the dark side
+  # darkMode: true
+  # html_cache: true
+  # by default all features are displayed
+  # login: true
+  # showInfo: true
+  # showSettings: true
+  # In combination with darkMode you can force specific theme
+  # showThemeSwitch: true
+  # showFooter: true
+  # showSearch: true
+  # showRaw: true
+  # showDownloadTarball: true
+  #  HTML tags injected after manifest <scripts/>
+  # scriptsBodyAfter:
+  #    - '<script type="text/javascript" src="https://my.company.com/customJS.min.js"></script>'
+  #  HTML tags injected before ends </head>
+  #  metaScripts:
+  #    - '<script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>'
+  #    - '<script type="text/javascript" src="https://browser.sentry-cdn.com/5.15.5/bundle.min.js"></script>'
+  #    - '<meta name="robots" content="noindex" />'
+  #  HTML tags injected first child at <body/>
+  #  bodyBefore:
+  #    - '<div id="myId">html before webpack scripts</div>'
+  #  Public path for template manifest scripts (only manifest)
+  #  publicPath: http://somedomain.org/
+
+auth:
+  htpasswd:
+    file: ./htpasswd
+    # Maximum amount of users allowed to register, defaults to "+inf".
+    # You can set this to -1 to disable registration.
+    # max_users: 1000
+
+# https://verdaccio.org/docs/configuration#uplinks
+# a list of other known repositories we can talk to
+uplinks:
+  npmjs:
+    url: https://registry.npmjs.org/
+
+# Learn how to protect your packages
+# https://verdaccio.org/docs/protect-your-dependencies/
+# https://verdaccio.org/docs/configuration#packages
+packages:
+  '@*/*':
+    # scoped packages
+    access: $all
+    publish: $authenticated
+    unpublish: $authenticated
+    proxy: npmjs
+
+  '**':
+    # allow all users (including non-authenticated users) to read and
+    # publish all packages
+    #
+    # you can specify usernames/groupnames (depending on your auth plugin)
+    # and three keywords: "$all", "$anonymous", "$authenticated"
+    access: $all
+
+    # allow all known users to publish/publish packages
+    # (anyone can register by default, remember?)
+    publish: $authenticated
+    unpublish: $authenticated
+
+    # if package is not available locally, proxy requests to 'npmjs' registry
+    proxy: npmjs
+
+# To improve your security configuration and  avoid dependency confusion
+# consider removing the proxy property for private packages
+# https://verdaccio.org/docs/best#remove-proxy-to-increase-security-at-private-packages
+
+# https://verdaccio.org/docs/configuration#server
+# You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections.
+# A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout.
+# WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.
+server:
+  keepAliveTimeout: 60
+
+# https://verdaccio.org/docs/configuration#offline-publish
+# publish:
+#   allow_offline: false
+
+# https://verdaccio.org/docs/configuration#url-prefix
+# url_prefix: /verdaccio/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/my_prefix'
+# // url -> https://somedomain.org/my_prefix/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/'
+# // url -> https://somedomain.org/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org/first_prefix';
+# url_prefix: '/second_prefix'
+# // url -> https://somedomain.org/second_prefix/'
+
+# https://verdaccio.org/docs/configuration#security
+# security:
+#   api:
+#     legacy: true
+#     jwt:
+#       sign:
+#         expiresIn: 29d
+#       verify:
+#         someProp: [value]
+#    web:
+#      sign:
+#        expiresIn: 1h # 1 hour by default
+#      verify:
+#         someProp: [value]
+
+# https://verdaccio.org/docs/configuration#user-rate-limit
+# userRateLimit:
+#   windowMs: 50000
+#   max: 1000
+
+# https://verdaccio.org/docs/configuration#max-body-size
+# max_body_size: 10mb
+
+# https://verdaccio.org/docs/configuration#listen-port
+# listen:
+# - localhost:4873            # default value
+# - http://localhost:4873     # same thing
+# - 0.0.0.0:4873              # listen on all addresses (INADDR_ANY)
+# - https://example.org:4873  # if you want to use https
+# - "[::1]:4873"                # ipv6
+# - unix:/tmp/verdaccio.sock    # unix socket
+
+# The HTTPS configuration is useful if you do not consider use a HTTP Proxy
+# https://verdaccio.org/docs/configuration#https
+# https:
+#   key: ./path/verdaccio-key.pem
+#   cert: ./path/verdaccio-cert.pem
+#   ca: ./path/verdaccio-csr.pem
+
+# https://verdaccio.org/docs/configuration#proxy
+# http_proxy: http://something.local/
+# https_proxy: https://something.local/
+
+# https://verdaccio.org/docs/configuration#notifications
+# notify:
+#   method: POST
+#   headers: [{ "Content-Type": "application/json" }]
+#   endpoint: https://usagge.hipchat.com/v2/room/3729485/notification?auth_token=mySecretToken
+#   content: '{"color":"green","message":"New package published: * {{ name }}*","notify":true,"message_format":"text"}'
+
+middlewares:
+  audit:
+    enabled: true
+
+# https://verdaccio.org/docs/logger
+# log settings
+log: { type: stdout, format: pretty, level: http }
+#experiments:
+#  # support for npm token command
+#  token: false
+#  # enable tarball URL redirect for hosting tarball with a different server, the tarball_url_redirect can be a template string
+#  tarball_url_redirect: 'https://mycdn.com/verdaccio/${packageName}/${filename}'
+#  # the tarball_url_redirect can be a function, takes packageName and filename and returns the url, when working with a js configuration file
+#  tarball_url_redirect(packageName, filename) {
+#    const signedUrl = // generate a signed url
+#    return signedUrl;
+#  }
+
+# translate your registry, api i18n not available yet
+# i18n:
+# list of the available translations https://github.com/verdaccio/verdaccio/blob/master/packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md
+#   web: en-US

docker-examples/v6/plugins/docker-local-plugin/plugins/.eslintrc

@@ -0,0 +1,8 @@
+{
+  "rules": {
+    "max-len": 0,
+    "@typescript-eslint/prefer-optional-chain": 0,
+    "@typescript-eslint/no-unused-vars": 0,
+    "@typescript-eslint/explicit-member-accessibility": 0
+  }
+}

docker-examples/v6/plugins/docker-local-plugin/plugins/verdaccio-docker-memory/lib/index.js

@@ -0,0 +1,22 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', {
+  value: true,
+});
+Object.defineProperty(exports, 'LocalMemory', {
+  enumerable: true,
+  get: function () {
+    return _localMemory.default;
+  },
+});
+exports.default = void 0;
+
+var _localMemory = _interopRequireDefault(require('./local-memory'));
+
+function _interopRequireDefault(obj) {
+  return obj && obj.__esModule ? obj : { default: obj };
+}
+
+var _default = _localMemory.default;
+exports.default = _default;
+//# sourceMappingURL=index.js.map

docker-examples/v6/plugins/docker-local-plugin/plugins/verdaccio-docker-memory/lib/local-memory.js

@@ -0,0 +1,141 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', {
+  value: true,
+});
+exports.default = void 0;
+
+var _debug = _interopRequireDefault(require('debug'));
+
+var _core = require('@verdaccio/core');
+
+var _memoryHandler = _interopRequireDefault(require('./memory-handler'));
+
+function _interopRequireDefault(obj) {
+  return obj && obj.__esModule ? obj : { default: obj };
+}
+
+const debug = (0, _debug.default)('verdaccio:plugin:storage:local-memory');
+const DEFAULT_LIMIT = 1000;
+
+class LocalMemory {
+  constructor(config, options) {
+    this.config = config;
+    this.limit = config.limit || DEFAULT_LIMIT;
+    this.logger = options.logger;
+    this.data = this._createEmtpyDatabase();
+    this.path = '/';
+    debug('start plugin');
+  }
+
+  init() {
+    return Promise.resolve();
+  }
+
+  getSecret() {
+    return Promise.resolve(this.data.secret);
+  }
+
+  setSecret(secret) {
+    return new Promise((resolve) => {
+      this.data.secret = secret;
+      resolve(null);
+    });
+  }
+
+  async add(name) {
+    return new Promise((resolve, reject) => {
+      const { list } = this.data;
+
+      if (list.length < this.limit) {
+        if (list.indexOf(name) === -1) {
+          list.push(name);
+        }
+
+        resolve();
+      } else {
+        this.logger.info(
+          {
+            limit: this.limit,
+          },
+          'Storage memory has reached limit of @{limit} packages'
+        );
+        reject(new Error('Storage memory has reached limit of limit packages'));
+      }
+    });
+  } // eslint-disable-next-line @typescript-eslint/no-unused-vars
+
+  search(onPackage, onEnd) {
+    this.logger.warn('[verdaccio/memory]: search method not implemented, PR is welcome');
+    onEnd();
+  }
+
+  async remove(name) {
+    return new Promise((resolve) => {
+      const { list } = this.data;
+      const item = list.indexOf(name);
+
+      if (item !== -1) {
+        list.splice(item, 1);
+      }
+
+      return resolve();
+    });
+  }
+
+  async get() {
+    var _this$data, _this$data$list, _this$data2;
+
+    debug(
+      'data list length %o',
+      (_this$data = this.data) === null || _this$data === void 0
+        ? void 0
+        : (_this$data$list = _this$data.list) === null || _this$data$list === void 0
+        ? void 0
+        : _this$data$list.length
+    );
+    return Promise.resolve(
+      (_this$data2 = this.data) === null || _this$data2 === void 0 ? void 0 : _this$data2.list
+    );
+  }
+
+  getPackageStorage(packageInfo) {
+    return new _memoryHandler.default(packageInfo, this.data.files, this.logger);
+  }
+
+  _createEmtpyDatabase() {
+    const list = [];
+    const files = {};
+    const emptyDatabase = {
+      list,
+      files,
+      secret: '',
+    };
+    return emptyDatabase;
+  }
+
+  saveToken() {
+    this.logger.warn('[verdaccio/memory][saveToken] save token has not been implemented yet');
+    return Promise.reject(_core.errorUtils.getServiceUnavailable('method not implemented'));
+  }
+
+  deleteToken(user, tokenKey) {
+    this.logger.warn(
+      {
+        tokenKey,
+        user,
+      },
+      '[verdaccio/memory][deleteToken] delete token has not been implemented yet @{user}'
+    );
+    return Promise.reject(_core.errorUtils.getServiceUnavailable('method not implemented'));
+  }
+
+  readTokens() {
+    this.logger.warn('[verdaccio/memory][readTokens] read tokens has not been implemented yet ');
+    return Promise.reject(_core.errorUtils.getServiceUnavailable('method not implemented'));
+  }
+}
+
+var _default = LocalMemory;
+exports.default = _default;
+//# sourceMappingURL=local-memory.js.map

docker-examples/v6/plugins/docker-local-plugin/plugins/verdaccio-docker-memory/lib/memory-handler.js

@@ -0,0 +1,214 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', {
+  value: true,
+});
+exports.default = void 0;
+
+var _debug = _interopRequireDefault(require('debug'));
+
+var _memfs = require('memfs');
+
+var _path = _interopRequireDefault(require('path'));
+
+var _core = require('@verdaccio/core');
+
+var _streams = require('@verdaccio/streams');
+
+var _utils = require('./utils');
+
+function _interopRequireDefault(obj) {
+  return obj && obj.__esModule ? obj : { default: obj };
+}
+
+const debug = (0, _debug.default)('verdaccio:plugin:storage:memory-storage');
+
+class MemoryHandler {
+  constructor(packageName, data, logger) {
+    // this is not need it
+    this.data = data;
+    this.name = packageName;
+    this.logger = logger;
+    this.path = `/${packageName}`;
+    debug('initialized');
+  }
+
+  updatePackage(pkgFileName, updateHandler, onWrite, transformPackage, onEnd) {
+    const json = this._getStorage(pkgFileName);
+
+    let pkg;
+
+    try {
+      pkg = (0, _utils.parsePackage)(json);
+    } catch (err) {
+      return onEnd(err);
+    }
+
+    updateHandler(pkg, (err) => {
+      if (err) {
+        return onEnd(err);
+      }
+
+      try {
+        onWrite(pkgFileName, transformPackage(pkg), onEnd);
+      } catch (err) {
+        return onEnd(_core.errorUtils.getInternalError('error on parse the metadata'));
+      }
+    });
+  }
+
+  deletePackage(pkgName) {
+    delete this.data[pkgName];
+    return Promise.resolve();
+  }
+
+  removePackage() {
+    return Promise.resolve();
+  }
+
+  createPackage(name, value, cb) {
+    debug('create package %o', name);
+    this.savePackage(name, value, cb);
+  }
+
+  savePackage(name, value, cb) {
+    try {
+      debug('save package %o', name);
+      this.data[name] = (0, _utils.stringifyPackage)(value);
+      return cb(null);
+    } catch (err) {
+      return cb(_core.errorUtils.getInternalError(err.message));
+    }
+  }
+
+  async readPackageNext(name) {
+    const json = this._getStorage(name);
+
+    try {
+      return (
+        typeof json === 'undefined' ? _core.errorUtils.getNotFound() : null,
+        (0, _utils.parsePackage)(json)
+      );
+    } catch (err) {
+      throw _core.errorUtils.getNotFound();
+    }
+  }
+
+  readPackage(name, cb) {
+    debug('read package %o', name);
+
+    const json = this._getStorage(name);
+
+    const isJson = typeof json === 'undefined';
+
+    try {
+      return cb(isJson ? _core.errorUtils.getNotFound() : null, (0, _utils.parsePackage)(json));
+    } catch (err) {
+      return cb(_core.errorUtils.getNotFound());
+    }
+  }
+
+  writeTarball(name) {
+    const uploadStream = new _streams.UploadTarball({});
+    const temporalName = `${this.path}/${name}`;
+    debug('write tarball %o', temporalName);
+    process.nextTick(function () {
+      _memfs.fs.mkdirp(_path.default.dirname(temporalName), (mkdirpError) => {
+        if (mkdirpError) {
+          return uploadStream.emit('error', mkdirpError);
+        }
+
+        _memfs.fs.stat(temporalName, function (fileError, stats) {
+          if (!fileError && stats) {
+            return uploadStream.emit('error', _core.errorUtils.getConflict());
+          }
+
+          try {
+            const file = _memfs.fs.createWriteStream(temporalName);
+
+            uploadStream.pipe(file);
+
+            uploadStream.done = function () {
+              const onEnd = function () {
+                uploadStream.emit('success');
+              };
+
+              uploadStream.on('end', onEnd);
+            };
+
+            uploadStream.abort = function () {
+              uploadStream.emit('error', _core.errorUtils.getBadRequest('transmision aborted'));
+              file.end();
+            };
+
+            uploadStream.emit('open');
+            return;
+          } catch (err) {
+            uploadStream.emit('error', err);
+            return;
+          }
+        });
+      });
+    });
+    return uploadStream;
+  }
+
+  readTarball(name) {
+    const pathName = `${this.path}/${name}`;
+    debug('read tarball %o', pathName);
+    const readTarballStream = new _streams.ReadTarball({});
+    process.nextTick(function () {
+      _memfs.fs.stat(pathName, function (error, stats) {
+        if (error && !stats) {
+          return readTarballStream.emit('error', _core.errorUtils.getNotFound());
+        }
+
+        try {
+          const readStream = _memfs.fs.createReadStream(pathName);
+
+          readTarballStream.emit(
+            'content-length',
+            stats === null || stats === void 0 ? void 0 : stats.size
+          );
+          readTarballStream.emit('open');
+          readStream.pipe(readTarballStream);
+          readStream.on('error', (error) => {
+            readTarballStream.emit('error', error);
+          });
+
+          readTarballStream.abort = function () {
+            readStream.destroy(_core.errorUtils.getBadRequest('read has been aborted'));
+          };
+
+          return;
+        } catch (err) {
+          readTarballStream.emit('error', err);
+          return;
+        }
+      });
+    });
+    return readTarballStream;
+  }
+
+  _getStorage(name = '') {
+    debug('get storage %o', name);
+    return this.data[name];
+  } // migration pending
+
+  async updatePackageNext(packageName, handleUpdate) {
+    debug(packageName); // @ts-expect-error
+
+    await handleUpdate({}); // @ts-expect-error
+
+    return Promise.resolve({});
+  }
+
+  async savePackageNext(name, value) {
+    debug(name);
+    debug(value);
+  }
+}
+
+var _default = MemoryHandler;
+exports.default = _default;
+//# sourceMappingURL=memory-handler.js.map

docker-examples/v6/plugins/docker-local-plugin/plugins/verdaccio-docker-memory/lib/utils.js

@@ -0,0 +1,16 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', {
+  value: true,
+});
+exports.parsePackage = parsePackage;
+exports.stringifyPackage = stringifyPackage;
+
+function stringifyPackage(pkg) {
+  return JSON.stringify(pkg, null, '\t');
+}
+
+function parsePackage(pkg) {
+  return JSON.parse(pkg);
+}
+//# sourceMappingURL=utils.js.map

docker-examples/v6/plugins/docker-local-plugin/plugins/verdaccio-docker-memory/package.json

@@ -0,0 +1,56 @@
+{
+  "name": "verdaccio-docker-memory",
+  "version": "11.0.0-6-next.10",
+  "description": "Storage implementation in memory",
+  "keywords": [
+    "private",
+    "package",
+    "repository",
+    "registry",
+    "enterprise",
+    "modules",
+    "proxy",
+    "server",
+    "verdaccio"
+  ],
+  "author": "Juan Picado <juanpicado19@gmail.com>",
+  "license": "MIT",
+  "homepage": "https://verdaccio.org",
+  "repository": {
+    "type": "https",
+    "url": "https://github.com/verdaccio/verdaccio",
+    "directory": "packages/plugins/memory"
+  },
+  "bugs": {
+    "url": "https://github.com/verdaccio/verdaccio/issues"
+  },
+  "main": "lib/index.js",
+  "types": "lib/index.d.ts",
+  "engines": {
+    "node": ">=14",
+    "npm": ">=6"
+  },
+  "dependencies": {
+    "@verdaccio/core": "6.0.0-6-next.5",
+    "@verdaccio/streams": "11.0.0-6-next.5",
+    "memory-fs": "0.5.0",
+    "debug": "4.3.3",
+    "memfs": "3.4.1"
+  },
+  "devDependencies": {
+    "@verdaccio/types": "11.0.0-6-next.12"
+  },
+  "scripts": {
+    "clean": "rimraf ./build",
+    "type-check": "tsc --noEmit -p tsconfig.build.json",
+    "build:types": "tsc --emitDeclarationOnly -p tsconfig.build.json",
+    "build:js": "babel src/ --out-dir build/ --copy-files --extensions \".ts,.tsx\" --source-maps",
+    "build": "pnpm run build:js && pnpm run build:types",
+    "watch": "pnpm build:js -- --watch",
+    "test": "cross-env NODE_ENV=test BABEL_ENV=test jest"
+  },
+  "funding": {
+    "type": "opencollective",
+    "url": "https://opencollective.com/verdaccio"
+  }
+}

docker-examples/v6/reverse_proxy/nginx/relative_path/conf/v6/config.yaml

@@ -46,4 +46,4 @@ middlewares:
   audit:
     enabled: true
 
-logs: { type: stdout, format: pretty, level: trace }
+log: { type: stdout, format: pretty, level: trace }

docker-examples/v6/reverse_proxy/nginx/relative_path/conf/v6_root/config.yaml

@@ -42,4 +42,4 @@ middlewares:
   audit:
     enabled: true
 
-logs: { type: stdout, format: json, level: trace }
+log: { type: stdout, format: json, level: trace }

docs/development.md

@@ -12,7 +12,7 @@ nvm install
 Verdaccio uses **pnpm** as monorepo management. To install
 
 ```bash
-npm i -g pnpm@latest
+npm i -g pnpm@latest-6
 ```
 
 Install all needed packages

docs/warnings.md

@@ -22,7 +22,8 @@ invalid address - xxxxxx, we expect a port (e.g. "4873"),
 
 ## VERDEP002
 
-'deprecate: multiple logger configuration is deprecated, please check the migration guide.'
+> After version `verdaccio@6.0.0-6-next.38` this is not longer a warning and
+> will crash your application
 
 ## VERDEP003
 

package.json

@@ -56,13 +56,13 @@
     "@types/jsonwebtoken": "8.5.1",
     "@types/request": "2.48.8",
     "@types/semver": "7.3.9",
-    "@types/supertest": "2.0.11",
+    "@types/supertest": "2.0.12",
     "@types/testing-library__jest-dom": "5.14.2",
     "@types/validator": "13.7.1",
     "@types/webpack": "5.28.0",
     "@types/webpack-env": "1.16.3",
-    "@typescript-eslint/eslint-plugin": "5.10.2",
-    "@typescript-eslint/parser": "5.10.2",
+    "@typescript-eslint/eslint-plugin": "5.25.0",
+    "@typescript-eslint/parser": "5.25.0",
     "@verdaccio/benchmark": "workspace:*",
     "@verdaccio/eslint-config": "workspace:*",
     "@verdaccio/types": "workspace:*",
@@ -77,9 +77,11 @@
     "concurrently": "6.5.1",
     "core-js": "3.20.3",
     "cross-env": "7.0.3",
-    "debug": "4.3.3",
+    "debug": "4.3.4",
     "detect-secrets": "1.0.6",
-    "eslint": "8.8.0",
+    "pretty-format": "27.5.1",
+    "jest-diff": "27.5.1",
+    "eslint": "8.15.0",
     "fs-extra": "10.0.0",
     "husky": "7.0.4",
     "in-publish": "2.0.1",
@@ -94,7 +96,7 @@
     "node-fetch": "cjs",
     "nodemon": "2.0.15",
     "npm-run-all": "4.1.5",
-    "prettier": "2.5.1",
+    "prettier": "2.6.2",
     "rimraf": "3.0.2",
     "selfsigned": "1.10.14",
     "supertest": "6.2.2",
@@ -114,7 +116,7 @@
     "docker": "docker build -t verdaccio/verdaccio:local . --no-cache",
     "format": "prettier --write \"**/*.{js,jsx,ts,tsx,json,yml,yaml,md}\"",
     "format:check": "prettier --check \"**/*.{js,jsx,ts,tsx,json,yml,yaml,md}\"",
-    "lint": "eslint  --max-warnings 44 \"**/*.{js,jsx,ts,tsx}\"",
+    "lint": "eslint  --max-warnings 46 \"**/*.{js,jsx,ts,tsx}\"",
     "test": "pnpm recursive test --filter ./packages",
     "test:e2e:cli": "pnpm test --filter ...@verdaccio/e2e-cli",
     "test:e2e:ui": "pnpm test --filter ...@verdaccio/e2e-ui",
@@ -145,6 +147,10 @@
     "crowdin:sync": "pnpm crowdin:upload && pnpm crowdin:download --verbose",
     "postinstall": "husky install"
   },
+  "engines": {
+    "node": ">=16.5",
+    "pnpm": ">=6.32.3 <7.0.0"
+  },
   "license": "MIT",
   "lint-staged": {
     "*.{js,jsx,ts,tsx,json,yml,yaml,md}": "prettier --write",

packages/api/CHANGELOG.md

@@ -1,5 +1,77 @@
 # @verdaccio/api
 
+## 6.0.0-6-next.25
+
+### Patch Changes
+
+- Updated dependencies [d43894e8]
+- Updated dependencies [d08fe29d]
+  - @verdaccio/config@6.0.0-6-next.14
+  - @verdaccio/auth@6.0.0-6-next.22
+  - @verdaccio/hooks@6.0.0-6-next.13
+  - @verdaccio/store@6.0.0-6-next.22
+  - @verdaccio/core@6.0.0-6-next.5
+  - @verdaccio/logger@6.0.0-6-next.11
+  - @verdaccio/middleware@6.0.0-6-next.22
+
+## 6.0.0-6-next.24
+
+### Major Changes
+
+- 82cb0f2b: feat!: config.logs throw an error, logging config not longer accept array or logs property
+
+  ### 💥 Breaking change
+
+  This is valid
+
+  ```yaml
+  log: { type: stdout, format: pretty, level: http }
+  ```
+
+  This is invalid
+
+  ```yaml
+  logs: { type: stdout, format: pretty, level: http }
+  ```
+
+  or
+
+  ```yaml
+  logs:
+    - [{ type: stdout, format: pretty, level: http }]
+  ```
+
+### Minor Changes
+
+- 5167bb52: feat: ui search support for remote, local and private packages
+
+  The command `npm search` search globally and return all matches, with this improvement the user interface
+  is powered with the same capabilities.
+
+  The UI also tag where is the origin the package with a tag, also provide the latest version and description of the package.
+
+### Patch Changes
+
+- Updated dependencies [82cb0f2b]
+- Updated dependencies [5167bb52]
+  - @verdaccio/config@6.0.0-6-next.13
+  - @verdaccio/core@6.0.0-6-next.5
+  - @verdaccio/logger@6.0.0-6-next.11
+  - @verdaccio/store@6.0.0-6-next.21
+  - @verdaccio/auth@6.0.0-6-next.21
+  - @verdaccio/hooks@6.0.0-6-next.13
+  - @verdaccio/middleware@6.0.0-6-next.21
+  - @verdaccio/utils@6.0.0-6-next.11
+
+## 6.0.0-6-next.23
+
+### Patch Changes
+
+- @verdaccio/auth@6.0.0-6-next.20
+- @verdaccio/store@6.0.0-6-next.20
+- @verdaccio/hooks@6.0.0-6-next.12
+- @verdaccio/middleware@6.0.0-6-next.20
+
 ## 6.0.0-6-next.22
 
 ### Patch Changes

packages/api/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/api",
-  "version": "6.0.0-6-next.22",
+  "version": "6.0.0-6-next.25",
   "description": "loaders logic",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -39,14 +39,14 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@verdaccio/auth": "workspace:6.0.0-6-next.19",
-    "@verdaccio/config": "workspace:6.0.0-6-next.12",
-    "@verdaccio/core": "workspace:6.0.0-6-next.4",
-    "@verdaccio/hooks": "workspace:6.0.0-6-next.12",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.10",
-    "@verdaccio/middleware": "workspace:6.0.0-6-next.19",
-    "@verdaccio/store": "workspace:6.0.0-6-next.19",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.10",
+    "@verdaccio/auth": "workspace:6.0.0-6-next.22",
+    "@verdaccio/config": "workspace:6.0.0-6-next.14",
+    "@verdaccio/core": "workspace:6.0.0-6-next.5",
+    "@verdaccio/hooks": "workspace:6.0.0-6-next.13",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.11",
+    "@verdaccio/middleware": "workspace:6.0.0-6-next.22",
+    "@verdaccio/store": "workspace:6.0.0-6-next.22",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.11",
     "abortcontroller-polyfill": "1.7.3",
     "cookies": "0.8.0",
     "debug": "4.3.3",
@@ -58,9 +58,9 @@
   },
   "devDependencies": {
     "@types/node": "16.11.21",
-    "@verdaccio/server": "workspace:6.0.0-6-next.27",
-    "@verdaccio/types": "workspace:11.0.0-6-next.10",
-    "@verdaccio/helper": "1.0.0",
+    "@verdaccio/server": "workspace:6.0.0-6-next.31",
+    "@verdaccio/types": "workspace:11.0.0-6-next.12",
+    "@verdaccio/test-helper": "workspace:1.1.0-6-next.1",
     "supertest": "6.2.2"
   },
   "funding": {

packages/api/test/integration/_helper.ts

@@ -6,9 +6,9 @@ import supertest from 'supertest';
 import { Auth, IAuth } from '@verdaccio/auth';
 import { Config, parseConfigFile } from '@verdaccio/config';
 import { HEADERS, HEADER_TYPE, HTTP_STATUS } from '@verdaccio/core';
-import { generatePackageMetadata } from '@verdaccio/helper';
 import { errorReportingMiddleware, final, handleError } from '@verdaccio/middleware';
 import { Storage } from '@verdaccio/store';
+import { generatePackageMetadata } from '@verdaccio/test-helper';
 
 import apiEndpoints from '../../src';
 
@@ -18,6 +18,7 @@ const getConf = (conf) => {
   return parseConfigFile(configPath);
 };
 
+// TODO: replace by @verdaccio/test-helper
 export async function initializeServer(configName): Promise<Application> {
   const app = express();
   const config = new Config(getConf(configName));

packages/api/test/integration/config/package.yaml

@@ -18,7 +18,7 @@ publish:
 
 uplinks:
 
-logs: { type: stdout, format: pretty, level: trace }
+log: { type: stdout, format: pretty, level: trace }
 
 packages:
   '@*/*':

packages/api/test/integration/config/ping.yaml

@@ -11,7 +11,7 @@ web:
 
 uplinks:
 
-logs: { type: stdout, format: pretty, level: trace }
+log: { type: stdout, format: pretty, level: trace }
 
 packages:
   '@*/*':

packages/api/test/integration/config/publish.yaml

@@ -18,7 +18,7 @@ publish:
 
 uplinks:
 
-logs: { type: stdout, format: pretty, level: trace }
+log: { type: stdout, format: pretty, level: trace }
 
 packages:
   '@*/*':

packages/api/test/integration/config/user.yaml

@@ -17,7 +17,7 @@ uplinks:
   npmjs:
     url: https://registry.npmjs.org/
 
-logs: { type: stdout, format: pretty, level: trace }
+log: { type: stdout, format: pretty, level: trace }
 
 packages:
   '@*/*':

packages/api/test/integration/config/whoami.yaml

@@ -17,7 +17,7 @@ uplinks:
   npmjs:
     url: https://registry.npmjs.org/
 
-logs: { type: stdout, format: pretty, level: trace }
+log: { type: stdout, format: pretty, level: trace }
 
 packages:
   '@*/*':

packages/api/test/integration/publish.spec.ts

@@ -2,7 +2,7 @@ import supertest from 'supertest';
 
 import { HTTP_STATUS } from '@verdaccio/core';
 import { API_ERROR, API_MESSAGE, HEADERS, HEADER_TYPE } from '@verdaccio/core';
-import { generatePackageMetadata } from '@verdaccio/helper';
+import { generatePackageMetadata } from '@verdaccio/test-helper';
 
 import { $RequestExtend, $ResponseExtend } from '../../types/custom';
 import { initializeServer, publishVersion } from './_helper';

packages/auth/CHANGELOG.md

@@ -1,5 +1,37 @@
 # @verdaccio/auth
 
+## 6.0.0-6-next.22
+
+### Patch Changes
+
+- Updated dependencies [d43894e8]
+- Updated dependencies [d08fe29d]
+  - @verdaccio/config@6.0.0-6-next.14
+  - @verdaccio/loaders@6.0.0-6-next.12
+  - @verdaccio/core@6.0.0-6-next.5
+  - @verdaccio/logger@6.0.0-6-next.11
+  - verdaccio-htpasswd@11.0.0-6-next.13
+
+## 6.0.0-6-next.21
+
+### Patch Changes
+
+- Updated dependencies [82cb0f2b]
+- Updated dependencies [5167bb52]
+  - @verdaccio/config@6.0.0-6-next.13
+  - @verdaccio/core@6.0.0-6-next.5
+  - @verdaccio/logger@6.0.0-6-next.11
+  - verdaccio-htpasswd@11.0.0-6-next.13
+  - @verdaccio/loaders@6.0.0-6-next.12
+  - @verdaccio/utils@6.0.0-6-next.11
+
+## 6.0.0-6-next.20
+
+### Patch Changes
+
+- Updated dependencies [31d661c7]
+  - @verdaccio/loaders@6.0.0-6-next.11
+
 ## 6.0.0-6-next.19
 
 ### Patch Changes

packages/auth/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/auth",
-  "version": "6.0.0-6-next.19",
+  "version": "6.0.0-6-next.22",
   "description": "logger",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -39,20 +39,20 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.4",
-    "@verdaccio/config": "workspace:6.0.0-6-next.12",
-    "@verdaccio/loaders": "workspace:6.0.0-6-next.10",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.10",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.10",
+    "@verdaccio/core": "workspace:6.0.0-6-next.5",
+    "@verdaccio/config": "workspace:6.0.0-6-next.14",
+    "@verdaccio/loaders": "workspace:6.0.0-6-next.12",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.11",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.11",
     "debug": "4.3.3",
     "express": "4.17.2",
     "jsonwebtoken": "8.5.1",
     "lodash": "4.17.21",
-    "verdaccio-htpasswd": "workspace:11.0.0-6-next.12"
+    "verdaccio-htpasswd": "workspace:11.0.0-6-next.13"
   },
   "devDependencies": {
-    "@verdaccio/mock": "workspace:6.0.0-6-next.13",
-    "@verdaccio/types": "workspace:11.0.0-6-next.10"
+    "@verdaccio/mock": "workspace:6.0.0-6-next.15",
+    "@verdaccio/types": "workspace:11.0.0-6-next.12"
   },
   "funding": {
     "type": "opencollective",

packages/auth/src/utils.ts

@@ -188,17 +188,17 @@ export function allow_action(action: ActionsAllowed, logger): AllowAction {
     pkg: AuthPackageAllow,
     callback: AllowActionCallback
   ): void {
-    logger.trace({ remote: user.name }, `[auth/allow_action]: user: @{user.name}`);
+    logger.trace({ remote: user.name }, `[auth/allow_action]: user: @{remote}`);
     const { name, groups } = user;
     const groupAccess = pkg[action] as string[];
     const hasPermission = groupAccess.some((group) => name === group || groups.includes(group));
     logger.trace(
       { pkgName: pkg.name, hasPermission, remote: user.name, groupAccess },
-      `[auth/allow_action]: hasPermission? @{hasPermission} for user: @{user}`
+      `[auth/allow_action]: hasPermission? @{hasPermission} for user: @{remote}, package: @{pkgName}`
     );
 
     if (hasPermission) {
-      logger.trace({ remote: user.name }, `auth/allow_action: access granted to: @{user}`);
+      logger.trace({ remote: user.name }, `auth/allow_action: access granted to: @{remote}`);
       return callback(null, true);
     }
 

packages/cli/CHANGELOG.md

@@ -1,5 +1,73 @@
 # @verdaccio/cli
 
+## 6.0.0-6-next.34
+
+### Patch Changes
+
+- @verdaccio/node-api@6.0.0-6-next.32
+
+## 6.0.0-6-next.33
+
+### Patch Changes
+
+- Updated dependencies [d43894e8]
+- Updated dependencies [d08fe29d]
+  - @verdaccio/config@6.0.0-6-next.14
+  - @verdaccio/fastify-migration@6.0.0-6-next.23
+  - @verdaccio/node-api@6.0.0-6-next.31
+  - @verdaccio/core@6.0.0-6-next.5
+  - @verdaccio/logger@6.0.0-6-next.11
+
+## 6.0.0-6-next.32
+
+### Patch Changes
+
+- d78c8b51: chore: improve error logger message
+
+## 6.0.0-6-next.31
+
+### Major Changes
+
+- 82cb0f2b: feat!: config.logs throw an error, logging config not longer accept array or logs property
+
+  ### 💥 Breaking change
+
+  This is valid
+
+  ```yaml
+  log: { type: stdout, format: pretty, level: http }
+  ```
+
+  This is invalid
+
+  ```yaml
+  logs: { type: stdout, format: pretty, level: http }
+  ```
+
+  or
+
+  ```yaml
+  logs:
+    - [{ type: stdout, format: pretty, level: http }]
+  ```
+
+### Patch Changes
+
+- Updated dependencies [82cb0f2b]
+- Updated dependencies [5167bb52]
+  - @verdaccio/config@6.0.0-6-next.13
+  - @verdaccio/core@6.0.0-6-next.5
+  - @verdaccio/logger@6.0.0-6-next.11
+  - @verdaccio/node-api@6.0.0-6-next.30
+  - @verdaccio/fastify-migration@6.0.0-6-next.22
+
+## 6.0.0-6-next.30
+
+### Patch Changes
+
+- @verdaccio/fastify-migration@6.0.0-6-next.21
+- @verdaccio/node-api@6.0.0-6-next.29
+
 ## 6.0.0-6-next.29
 
 ### Patch Changes

packages/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/cli",
-  "version": "6.0.0-6-next.29",
+  "version": "6.0.0-6-next.34",
   "author": {
     "name": "Juan Picado",
     "email": "juanpicado19@gmail.com"
@@ -44,11 +44,11 @@
     "start": "ts-node src/index.ts"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.4",
-    "@verdaccio/config": "workspace:6.0.0-6-next.12",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.10",
-    "@verdaccio/node-api": "workspace:6.0.0-6-next.28",
-    "@verdaccio/fastify-migration": "workspace:6.0.0-6-next.20",
+    "@verdaccio/core": "workspace:6.0.0-6-next.5",
+    "@verdaccio/config": "workspace:6.0.0-6-next.14",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.11",
+    "@verdaccio/node-api": "workspace:6.0.0-6-next.32",
+    "@verdaccio/fastify-migration": "workspace:6.0.0-6-next.23",
     "clipanion": "3.1.0",
     "envinfo": "7.8.1",
     "kleur": "3.0.3",

packages/cli/src/commands/FastifyServer.ts

@@ -1,7 +1,6 @@
 import { Command, Option } from 'clipanion';
 
 import { findConfigFile, parseConfigFile } from '@verdaccio/config';
-import { warningUtils } from '@verdaccio/core';
 import server from '@verdaccio/fastify-migration';
 import { logger, setup } from '@verdaccio/logger';
 import { ConfigRuntime } from '@verdaccio/types';
@@ -28,13 +27,13 @@ export class FastifyServer extends Command {
 
   private initLogger(logConfig: ConfigRuntime) {
     try {
-      if (logConfig.logs) {
-        warningUtils.emit(warningUtils.Codes.VERDEP001);
+      if (logConfig.log) {
+        throw Error('logger as array not longer supported');
       }
       // FUTURE: remove fallback when is ready
-      setup(logConfig.log || logConfig.logs);
-    } catch {
-      throw new Error('error on init logger');
+      setup(logConfig.log);
+    } catch (err: any) {
+      throw new Error(err);
     }
   }
 

packages/cli/src/commands/init.ts

@@ -1,8 +1,8 @@
 import { Command, Option } from 'clipanion';
 
 import { findConfigFile, parseConfigFile } from '@verdaccio/config';
-import { warningUtils } from '@verdaccio/core';
 import { logger, setup } from '@verdaccio/logger';
+import { LoggerConfigItem } from '@verdaccio/logger/src/logger';
 import { initServer } from '@verdaccio/node-api';
 import { ConfigRuntime } from '@verdaccio/types';
 
@@ -47,13 +47,15 @@ export class InitCommand extends Command {
 
   private initLogger(logConfig: ConfigRuntime) {
     try {
+      // @ts-expect-error
       if (logConfig.logs) {
-        warningUtils.emit(warningUtils.Codes.VERDEP001);
+        throw Error(
+          'the property config "logs" property is longer supported, rename to "log" and use object instead'
+        );
       }
-      // FUTURE: remove fallback when is ready
-      setup(logConfig.log || logConfig.logs);
-    } catch {
-      throw new Error('error on init logger');
+      setup(logConfig.log as LoggerConfigItem);
+    } catch (err: any) {
+      throw new Error(err);
     }
   }
 

packages/cli/src/utils.ts

@@ -3,6 +3,6 @@ import semver from 'semver';
 export const MIN_NODE_VERSION = '14.0.0';
 
 export function isVersionValid(processVersion) {
-  const version = processVersion.substr(1);
+  const version = processVersion.slice(1);
   return semver.satisfies(version, `>=${MIN_NODE_VERSION}`);
 }

packages/config/CHANGELOG.md

@@ -1,5 +1,96 @@
 # @verdaccio/config
 
+## 6.0.0-6-next.14
+
+### Minor Changes
+
+- d43894e8: feat: rework web header for mobile, add new settings and raw manifest button
+
+  ### New set of variables to hide features
+
+  Add set of new variables that allow hide different parts of the UI, buttons, footer or download tarballs. _All are
+  enabled by default_.
+
+  ```yaml
+  # login: true <-- already exist but worth the reminder
+  # showInfo: true
+  # showSettings: true
+  # In combination with darkMode you can force specific theme
+  # showThemeSwitch: true
+  # showFooter: true
+  # showSearch: true
+  # showDownloadTarball: true
+  ```
+
+  > If you disable `showThemeSwitch` and force `darkMode: true` the local storage settings would be
+  > ignored and force all themes to the one in the configuration file.
+
+  Future could be extended to
+
+  ### Raw button to display manifest package
+
+  A new experimental feature (enabled by default), button named RAW to be able navigate on the package manifest directly on the ui, kudos to [react-json-view](https://www.npmjs.com/package/react-json-view) that allows an easy integration, not configurable yet until get more feedback.
+
+  ```yaml
+  showRaw: true
+  ```
+
+  #### Rework header buttons
+
+  - The header has been rework, the mobile was not looking broken.
+  - Removed info button in the header and moved to a dialog
+  - Info dialog now contains more information about the project, license and the aid content for Ukrania now is inside of the info modal.
+  - Separate settings and info to avoid collapse too much info (for mobile still need some work)
+
+- d08fe29d: feat(web): add a config item to web，let the developer can select whet……her enable the html cache
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.5
+
+## 6.0.0-6-next.13
+
+### Major Changes
+
+- 82cb0f2b: feat!: config.logs throw an error, logging config not longer accept array or logs property
+
+  ### 💥 Breaking change
+
+  This is valid
+
+  ```yaml
+  log: { type: stdout, format: pretty, level: http }
+  ```
+
+  This is invalid
+
+  ```yaml
+  logs: { type: stdout, format: pretty, level: http }
+  ```
+
+  or
+
+  ```yaml
+  logs:
+    - [{ type: stdout, format: pretty, level: http }]
+  ```
+
+### Minor Changes
+
+- 5167bb52: feat: ui search support for remote, local and private packages
+
+  The command `npm search` search globally and return all matches, with this improvement the user interface
+  is powered with the same capabilities.
+
+  The UI also tag where is the origin the package with a tag, also provide the latest version and description of the package.
+
+### Patch Changes
+
+- Updated dependencies [82cb0f2b]
+- Updated dependencies [5167bb52]
+  - @verdaccio/core@6.0.0-6-next.5
+  - @verdaccio/utils@6.0.0-6-next.11
+
 ## 6.0.0-6-next.12
 
 ### Patch Changes

packages/config/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/config",
-  "version": "6.0.0-6-next.12",
+  "version": "6.0.0-6-next.14",
   "description": "logger",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -39,8 +39,8 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.4",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.10",
+    "@verdaccio/core": "workspace:6.0.0-6-next.5",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.11",
     "debug": "4.3.3",
     "js-yaml": "3.14.1",
     "lodash": "4.17.21",

packages/config/src/conf/default.yaml

@@ -1,18 +1,20 @@
 #
-# This is the default config file. It allows all users to do anything,
-# so don't use it on production systems.
+# This is the default configuration file. It allows all users to do anything,
+# please read carefully the documentation and best practices to
+# improve security.
 #
 # Look here for more config file examples:
-# https://github.com/verdaccio/verdaccio/tree/master/packages/config/src/conf
+# https://github.com/verdaccio/verdaccio/tree/5.x/packages/config/src/conf/default.yaml
 #
+# Read about the best practices
+# https://verdaccio.org/docs/best
 
 # path to a directory with all packages
 storage: ./storage
 # path to a directory with plugins to include
 plugins: ./plugins
-# print logs
-# logs: ./logs
 
+# https://verdaccio.org/docs/webui
 web:
   title: Verdaccio
   # comment out to disable gravatar support
@@ -21,6 +23,17 @@ web:
   # sort_packages: asc
   # convert your UI to the dark side
   # darkMode: true
+  # html_cache: true
+  # by default all features are displayed
+  # login: true
+  # showInfo: true
+  # showSettings: true
+  # In combination with darkMode you can force specific theme
+  # showThemeSwitch: true
+  # showFooter: true
+  # showSearch: true
+  # showRaw: true
+  # showDownloadTarball: true
   #  HTML tags injected after manifest <scripts/>
   # scriptsBodyAfter:
   #    - '<script type="text/javascript" src="https://my.company.com/customJS.min.js"></script>'
@@ -34,11 +47,8 @@ web:
   #    - '<div id="myId">html before webpack scripts</div>'
   #  Public path for template manifest scripts (only manifest)
   #  publicPath: http://somedomain.org/
-# translate your registry, api i18n not available yet
-# i18n:
-# list of the available translations https://github.com/verdaccio/ui/tree/master/i18n/translations
-#   web: en-US
 
+# https://verdaccio.org/docs/configuration#authentication
 auth:
   htpasswd:
     file: ./htpasswd
@@ -46,11 +56,15 @@ auth:
     # You can set this to -1 to disable registration.
     # max_users: 1000
 
+# https://verdaccio.org/docs/configuration#uplinks
 # a list of other known repositories we can talk to
 uplinks:
   npmjs:
     url: https://registry.npmjs.org/
 
+# Learn how to protect your packages
+# https://verdaccio.org/docs/protect-your-dependencies/
+# https://verdaccio.org/docs/configuration#packages
 packages:
   '@*/*':
     # scoped packages
@@ -67,7 +81,7 @@ packages:
     # and three keywords: "$all", "$anonymous", "$authenticated"
     access: $all
 
-    # allow all known users to publish/unpublish packages
+    # allow all known users to publish/publish packages
     # (anyone can register by default, remember?)
     publish: $authenticated
     unpublish: $authenticated
@@ -75,32 +89,104 @@ packages:
     # if package is not available locally, proxy requests to 'npmjs' registry
     proxy: npmjs
 
+# To improve your security configuration and  avoid dependency confusion
+# consider removing the proxy property for private packages
+# https://verdaccio.org/docs/best#remove-proxy-to-increase-security-at-private-packages
+
+# https://verdaccio.org/docs/configuration#server
+# You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections.
+# A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout.
+# WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.
 server:
-  # deprecated
   keepAliveTimeout: 60
-#  rateLimit:
-#    windowMs: 1000
-#    max: 10000
+
+# https://verdaccio.org/docs/configuration#offline-publish
+# publish:
+#   allow_offline: false
+
+# https://verdaccio.org/docs/configuration#url-prefix
+# url_prefix: /verdaccio/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/my_prefix'
+# // url -> https://somedomain.org/my_prefix/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/'
+# // url -> https://somedomain.org/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org/first_prefix';
+# url_prefix: '/second_prefix'
+# // url -> https://somedomain.org/second_prefix/'
+
+# https://verdaccio.org/docs/configuration#security
+# security:
+#   api:
+#     legacy: true
+#     jwt:
+#       sign:
+#         expiresIn: 29d
+#       verify:
+#         someProp: [value]
+#    web:
+#      sign:
+#        expiresIn: 1h # 1 hour by default
+#      verify:
+#         someProp: [value]
+
+# https://verdaccio.org/docs/configuration#user-rate-limit
+# userRateLimit:
+#   windowMs: 50000
+#   max: 1000
+
+# https://verdaccio.org/docs/configuration#max-body-size
+# max_body_size: 10mb
+
+# https://verdaccio.org/docs/configuration#listen-port
+# listen:
+# - localhost:4873            # default value
+# - http://localhost:4873     # same thing
+# - 0.0.0.0:4873              # listen on all addresses (INADDR_ANY)
+# - https://example.org:4873  # if you want to use https
+# - "[::1]:4873"                # ipv6
+# - unix:/tmp/verdaccio.sock    # unix socket
+
+# The HTTPS configuration is useful if you do not consider use a HTTP Proxy
+# https://verdaccio.org/docs/configuration#https
+# https:
+#   key: ./path/verdaccio-key.pem
+#   cert: ./path/verdaccio-cert.pem
+#   ca: ./path/verdaccio-csr.pem
+
+# https://verdaccio.org/docs/configuration#proxy
+# http_proxy: http://something.local/
+# https_proxy: https://something.local/
+
+# https://verdaccio.org/docs/configuration#notifications
+# notify:
+#   method: POST
+#   headers: [{ "Content-Type": "application/json" }]
+#   endpoint: https://usagge.hipchat.com/v2/room/3729485/notification?auth_token=mySecretToken
+#   content: '{"color":"green","message":"New package published: * {{ name }}*","notify":true,"message_format":"text"}'
 
 middlewares:
   audit:
     enabled: true
 
+# https://verdaccio.org/docs/logger
 # log settings
-logs:
-  # Logger as STDOUT
-  { type: stdout, format: pretty, level: http }
-  # Logger as STDOUT as JSON
-  # { type: stdout, format: json, level: http }
-  # Logger as STDOUT as JSON
-  # { type: stdout, format: pretty-timestamped, level: http }
-  # Logger as STDOUT as custom prettifier
-  # { type: stdout, plugin: { dest: '@verdaccio/logger-prettify' : options: { foo: 1, bar: 2}}, level: http }
-  # Logger as file
-  # { type: file, path: verdaccio.log, level: http}
-  # FIXME: this should be documented
-  # More info about log rotation https://github.com/pinojs/pino/blob/master/docs/help.md#log-rotation
+log: { type: stdout, format: pretty, level: http }
+#experiments:
+#  # support for npm token command
+#  token: false
+#  # disable writing body size to logs, read more on ticket 1912
+#  bytesin_off: false
+#  # enable tarball URL redirect for hosting tarball with a different server, the tarball_url_redirect can be a template string
+#  tarball_url_redirect: 'https://mycdn.com/verdaccio/${packageName}/${filename}'
+#  # the tarball_url_redirect can be a function, takes packageName and filename and returns the url, when working with a js configuration file
+#  tarball_url_redirect(packageName, filename) {
+#    const signedUrl = // generate a signed url
+#    return signedUrl;
+#  }
 
-# This affect the web and api (not developed yet)
+# translate your registry, api i18n not available yet
 i18n:
+  # list of the available translations https://github.com/verdaccio/verdaccio/blob/master/packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md
   web: en-US

packages/config/src/conf/docker.yaml

@@ -1,35 +1,57 @@
 #
-# This is the config file used for the docker images.
-# It allows all users to do anything, so don't use it on production systems.
+# This is the default configuration file. As it allows all users to do anything,
+# please read carefully the documentation and best practices to improve security.
 #
 # Do not configure host and port under `listen` in this file
 # as it will be ignored when using docker.
 # see https://verdaccio.org/docs/en/docker#docker-and-custom-port-configuration
 #
 # Look here for more config file examples:
-# https://github.com/verdaccio/verdaccio/tree/master/packages/config/src/conf
+# https://github.com/verdaccio/verdaccio/tree/5.x/packages/config/src/conf/docker.yaml
 #
+# Read about the best practices
+# https://verdaccio.org/docs/best
 
 # path to a directory with all packages
 storage: /verdaccio/storage/data
 # path to a directory with plugins to include
 plugins: /verdaccio/plugins
 
+# https://verdaccio.org/docs/webui
 web:
-  # WebUI is enabled as default, if you want disable it, just uncomment this line
-  #enable: false
   title: Verdaccio
-  # comment out to disable gravatar support
+  # Comment out to disable gravatar support
   # gravatar: false
-  # by default packages are ordercer ascendant (asc|desc)
+  # By default packages are ordered ascendant (asc|desc)
   # sort_packages: asc
+  # Convert your UI to the dark side
   # darkMode: true
+  # html_cache: true
+  # By default all features are displayed
+  # login: true
+  # showInfo: true
+  # showSettings: true
+  # In combination with darkMode you can force a specific theme
+  # showThemeSwitch: true
+  # showFooter: true
+  # showSearch: true
+  # showRaw: true
+  # showDownloadTarball: true
+  #  HTML tags injected after manifest <scripts/>
+  # scriptsBodyAfter:
+  #    - '<script type="text/javascript" src="https://my.company.com/customJS.min.js"></script>'
+  #  HTML tags injected before end </head>
+  #  metaScripts:
+  #    - '<script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>'
+  #    - '<script type="text/javascript" src="https://browser.sentry-cdn.com/5.15.5/bundle.min.js"></script>'
+  #    - '<meta name="robots" content="noindex" />'
+  #  HTML tags injected as first child at <body/>
+  #  bodyBefore:
+  #    - '<div id="myId">html before webpack scripts</div>'
+  #  Public path for template manifest scripts (only manifest)
+  #  publicPath: http://somedomain.org/
 
-# translate your registry, api i18n not available yet
-# i18n:
-# list of the available translations https://github.com/verdaccio/ui/tree/master/i18n/translations
-#   web: en-US
-
+# https://verdaccio.org/docs/configuration#authentication
 auth:
   htpasswd:
     file: /verdaccio/storage/htpasswd
@@ -37,11 +59,15 @@ auth:
     # You can set this to -1 to disable registration.
     # max_users: 1000
 
-# a list of other known repositories we can talk to
+# https://verdaccio.org/docs/configuration#uplinks
+# A list of other known repositories we can talk to
 uplinks:
   npmjs:
     url: https://registry.npmjs.org/
 
+# Learn how to protect your packages
+# https://verdaccio.org/docs/protect-your-dependencies/
+# https://verdaccio.org/docs/configuration#packages
 packages:
   '@*/*':
     # scoped packages
@@ -51,14 +77,14 @@ packages:
     proxy: npmjs
 
   '**':
-    # allow all users (including non-authenticated users) to read and
+    # Allow all users (including non-authenticated users) to read and
     # publish all packages
     #
-    # you can specify usernames/groupnames (depending on your auth plugin)
+    # You can specify usernames/groupnames (depending on your auth plugin)
     # and three keywords: "$all", "$anonymous", "$authenticated"
     access: $all
 
-    # allow all known users to publish/unpublish packages
+    # Allow all known users to publish/publish packages
     # (anyone can register by default, remember?)
     publish: $authenticated
     unpublish: $authenticated
@@ -66,31 +92,106 @@ packages:
     # if package is not available locally, proxy requests to 'npmjs' registry
     proxy: npmjs
 
+# To improve your security configuration and avoid dependency confusion
+# consider removing the proxy property for private packages
+# https://verdaccio.org/docs/best#remove-proxy-to-increase-security-at-private-packages
+
+# https://verdaccio.org/docs/configuration#server
+# You can specify the HTTP/1.1 server keep alive timeout in seconds for incoming connections.
+# A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a
+# keep-alive timeout.
+# WORKAROUND: Through given configuration you can work around the following issue:
+# https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.
+server:
+  keepAliveTimeout: 60
+
+# https://verdaccio.org/docs/configuration#offline-publish
+# publish:
+#   allow_offline: false
+
+# https://verdaccio.org/docs/configuration#url-prefix
+# url_prefix: /verdaccio/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/my_prefix'
+# // url -> https://somedomain.org/my_prefix/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/'
+# // url -> https://somedomain.org/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org/first_prefix';
+# url_prefix: '/second_prefix'
+# // url -> https://somedomain.org/second_prefix/'
+
+# https://verdaccio.org/docs/configuration#security
+# security:
+#   api:
+#     legacy: true
+#     jwt:
+#       sign:
+#         expiresIn: 29d
+#       verify:
+#         someProp: [value]
+#    web:
+#      sign:
+#        expiresIn: 1h # 1 hour by default
+#      verify:
+#         someProp: [value]
+
+# https://verdaccio.org/docs/configuration#user-rate-limit
+# userRateLimit:
+#   windowMs: 50000
+#   max: 1000
+
+# https://verdaccio.org/docs/configuration#max-body-size
+# max_body_size: 10mb
+
+# https://verdaccio.org/docs/configuration#listen-port
+# listen:
+# - localhost:4873            # default value
+# - http://localhost:4873     # same thing
+# - 0.0.0.0:4873              # listen on all addresses (INADDR_ANY)
+# - https://example.org:4873  # if you want to use https
+# - "[::1]:4873"                # ipv6
+# - unix:/tmp/verdaccio.sock    # unix socket
+
+# The HTTPS configuration is useful if you do not consider using an HTTP Proxy
+# https://verdaccio.org/docs/configuration#https
+# https:
+#   key: ./path/verdaccio-key.pem
+#   cert: ./path/verdaccio-cert.pem
+#   ca: ./path/verdaccio-csr.pem
+
+# https://verdaccio.org/docs/configuration#proxy
+# http_proxy: http://something.local/
+# https_proxy: https://something.local/
+
+# https://verdaccio.org/docs/configuration#notifications
+# notify:
+#   method: POST
+#   headers: [{ "Content-Type": "application/json" }]
+#   endpoint: https://usagge.hipchat.com/v2/room/3729485/notification?auth_token=mySecretToken
+#   content: '{"color":"green","message":"New package published: * {{ name }}*","notify":true,"message_format":"text"}'
+
 middlewares:
   audit:
     enabled: true
 
+# https://verdaccio.org/docs/logger
 # log settings
-# log settings
-logs:
-  # Logger as STDOUT
-  { type: stdout, format: pretty, level: http }
-  # Logger as STDOUT as JSON
-  # { type: stdout, format: json, level: http }
-  # Logger as STDOUT as JSON
-  # { type: stdout, format: pretty-timestamped, level: http }
-  # Logger as STDOUT as custom prettifier
-  # { type: stdout, plugin: { dest: '@verdaccio/logger-prettify' : options: { foo: 1, bar: 2}}, level: http }
-  # Logger as file
-  # { type: file, path: verdaccio.log, level: http}
-  # FIXME: this should be documented
-# More info about log rotation https://github.com/pinojs/pino/blob/master/docs/help.md#log-rotation
+log: { type: stdout, format: pretty, level: http }
+#experiments:
+#  # Support for npm token command
+#  token: false
+#  # Enable tarball URL redirect for hosting tarball with a different server.
+#  # The tarball_url_redirect can be a template string
+#  tarball_url_redirect: 'https://mycdn.com/verdaccio/${packageName}/${filename}'
+#  # The tarball_url_redirect can be a function, takes packageName and filename and returns the url,
+#  # when working with a js configuration file
+#  tarball_url_redirect(packageName, filename) {
+#    const signedUrl = // generate a signed url
+#    return signedUrl;
+#  }
 
-flags:
-  # support for npm token command
-  token: false
-  # support for the new v1 search endpoint, functional by incomplete read more on ticket 1732
-  search: false
-# This affect the web and api (not developed yet)
-#i18n:
-#web: en-US
+# Translate your registry, api i18n not available yet
+# i18n:
+# list of the available translations https://github.com/verdaccio/verdaccio/blob/master/packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md
+#   web: en-US

packages/config/src/config.ts

@@ -7,6 +7,7 @@ import {
   Config as AppConfig,
   AuthConf,
   ConfigRuntime,
+  FlagsConfig,
   PackageAccess,
   PackageList,
   Security,
@@ -44,6 +45,7 @@ class Config implements AppConfig {
   public serverSettings: ServerSettingsConf;
   // @ts-ignore
   public secret: string;
+  public flags: FlagsConfig;
 
   public constructor(config: ConfigRuntime) {
     const self = this;
@@ -52,6 +54,9 @@ class Config implements AppConfig {
     this.plugins = config.plugins;
     this.security = _.merge(defaultSecurity, config.security);
     this.serverSettings = serverSettings;
+    this.flags = {
+      searchRemote: config.flags?.searchRemote ?? true,
+    };
 
     for (const configProp in config) {
       if (self[configProp] == null) {

packages/config/test/config.spec.ts

@@ -57,11 +57,11 @@ describe('check basic content parsed file', () => {
     expect(config.middlewares).toBeDefined();
     expect(config.middlewares.audit).toBeDefined();
     expect(config.middlewares.audit.enabled).toBeTruthy();
-    // logs
-    expect(config.logs).toBeDefined();
-    expect(config.logs.type).toEqual('stdout');
-    expect(config.logs.format).toEqual('pretty');
-    expect(config.logs.level).toEqual('http');
+    // log
+    expect(config.log).toBeDefined();
+    expect(config.log.type).toEqual('stdout');
+    expect(config.log.format).toEqual('pretty');
+    expect(config.log.level).toEqual('http');
     // must not be enabled by default
     expect(config.notify).toBeUndefined();
     expect(config.store).toBeUndefined();

packages/config/test/partials/config/js/default.js

@@ -11,5 +11,5 @@ module.exports = {
     vue: { access: '$authenticated', publish: '$authenticated', proxy: 'npmjs' },
     '*': { access: '$all', publish: '$all', proxy: 'npmjs' },
   },
-  logs: [{ type: 'stdout', format: 'pretty', level: 'warn' }],
+  log: { type: 'stdout', format: 'pretty', level: 'warn' },
 };

packages/config/test/partials/config/yaml/storage.yaml

@@ -1,7 +1,4 @@
 ---
 storage: './storage_default_storage'
 
-logs:
-  - type: stdout
-    format: pretty
-    level: warn
+log: { type: stdout, format: pretty, level: warn }

packages/core/core/CHANGELOG.md

@@ -1,5 +1,41 @@
 # @verdaccio/core
 
+## 6.0.0-6-next.5
+
+### Major Changes
+
+- 82cb0f2b: feat!: config.logs throw an error, logging config not longer accept array or logs property
+
+  ### 💥 Breaking change
+
+  This is valid
+
+  ```yaml
+  log: { type: stdout, format: pretty, level: http }
+  ```
+
+  This is invalid
+
+  ```yaml
+  logs: { type: stdout, format: pretty, level: http }
+  ```
+
+  or
+
+  ```yaml
+  logs:
+    - [{ type: stdout, format: pretty, level: http }]
+  ```
+
+### Minor Changes
+
+- 5167bb52: feat: ui search support for remote, local and private packages
+
+  The command `npm search` search globally and return all matches, with this improvement the user interface
+  is powered with the same capabilities.
+
+  The UI also tag where is the origin the package with a tag, also provide the latest version and description of the package.
+
 ## 6.0.0-6-next.4
 
 ### Minor Changes

packages/core/core/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/core",
-  "version": "6.0.0-6-next.4",
+  "version": "6.0.0-6-next.5",
   "description": "core utilities",
   "keywords": [
     "private",
@@ -41,7 +41,7 @@
     "core-js": "3.20.3"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:11.0.0-6-next.10"
+    "@verdaccio/types": "workspace:11.0.0-6-next.12"
   },
   "scripts": {
     "clean": "rimraf ./build",

packages/core/core/src/search-utils.ts

@@ -16,10 +16,19 @@ export type SearchItemPkg = {
   time?: number | Date;
 };
 
-export type SearchItem = {
+type PrivatePackage = {
+  // note: prefixed to avoid external conflicts
+
+  // the package is published as private
+  verdaccioPrivate?: boolean;
+  // if the package is not private but is cached
+  verdaccioPkgCached?: boolean;
+};
+
+export interface SearchItem extends UnStable, PrivatePackage {
   package: SearchItemPkg;
   score: Score;
-} & UnStable;
+}
 
 export type Score = {
   final: number;
@@ -32,11 +41,13 @@ export type SearchResults = {
   time: string;
 };
 
+// @deprecated use @verdaccio/types
 type PublisherMaintainer = {
   username: string;
   email: string;
 };
 
+// @deprecated use @verdaccio/types
 export type SearchPackageBody = {
   name: string;
   scope: string;
@@ -55,11 +66,11 @@ export type SearchPackageBody = {
   maintainers?: PublisherMaintainer[];
 };
 
-export type SearchPackageItem = {
+export interface SearchPackageItem extends UnStable, PrivatePackage {
   package: SearchPackageBody;
   score: Score;
   searchScore?: number;
-} & UnStable;
+}
 
 export const UNSCOPED = 'unscoped';
 

packages/core/core/src/warning-utils.ts

@@ -9,8 +9,7 @@ export enum Codes {
   VERWAR002 = 'VERWAR002',
   VERWAR003 = 'VERWAR003',
   VERWAR004 = 'VERWAR004',
-  VERDEP001 = 'VERDEP001',
-  VERDEP002 = 'VERDEP002',
+  // deprecation warnings
   VERDEP003 = 'VERDEP003',
 }
 
@@ -36,18 +35,6 @@ host:port (e.g. "localhost:4873") or full url '(e.g. "http://localhost:4873/")
 https://verdaccio.org/docs/en/configuration#listen-port`
 );
 
-warningInstance.create(
-  verdaccioDeprecation,
-  Codes.VERDEP001,
-  'config.logs is deprecated, rename configuration to "config.log" in singular'
-);
-
-warningInstance.create(
-  verdaccioDeprecation,
-  Codes.VERDEP002,
-  'deprecate: multiple logger configuration is deprecated, please check the migration guide.'
-);
-
 warningInstance.create(
   verdaccioDeprecation,
   Codes.VERDEP003,

packages/core/file-locking/package.json

@@ -40,7 +40,7 @@
     "lockfile": "1.0.4"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:11.0.0-6-next.10"
+    "@verdaccio/types": "workspace:11.0.0-6-next.12"
   },
   "scripts": {
     "clean": "rimraf ./build",

packages/core/readme/package.json

@@ -45,7 +45,7 @@
     "marked": "3.0.8"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:11.0.0-6-next.10"
+    "@verdaccio/types": "workspace:11.0.0-6-next.12"
   },
   "scripts": {
     "clean": "rimraf ./build",

packages/core/server/src/index.ts

@@ -1,8 +0,0 @@
-import semver from 'semver';
-
-// FUTURE: remove when v15 is the minimum requirement
-if (semver.lte(process.version, 'v15.0.0')) {
-  global.AbortController = require('abortcontroller-polyfill/dist/cjs-ponyfill').AbortController;
-}
-
-export { default } from './server';

packages/core/streams/package.json

@@ -34,7 +34,7 @@
     "access": "public"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:11.0.0-6-next.10"
+    "@verdaccio/types": "workspace:11.0.0-6-next.12"
   },
   "scripts": {
     "clean": "rimraf ./build",

packages/core/tarball/CHANGELOG.md

@@ -1,5 +1,15 @@
 # Change Log
 
+## 11.0.0-6-next.12
+
+### Patch Changes
+
+- Updated dependencies [82cb0f2b]
+- Updated dependencies [5167bb52]
+  - @verdaccio/core@6.0.0-6-next.5
+  - @verdaccio/url@11.0.0-6-next.9
+  - @verdaccio/utils@6.0.0-6-next.11
+
 ## 11.0.0-6-next.11
 
 ### Major Changes

packages/core/tarball/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/tarball",
-  "version": "11.0.0-6-next.11",
+  "version": "11.0.0-6-next.12",
   "description": "tarball utilities resolver",
   "keywords": [
     "private",
@@ -35,13 +35,13 @@
   },
   "dependencies": {
     "debug": "4.3.3",
-    "@verdaccio/core": "workspace:6.0.0-6-next.4",
-    "@verdaccio/url": "workspace:11.0.0-6-next.8",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.10",
+    "@verdaccio/core": "workspace:6.0.0-6-next.5",
+    "@verdaccio/url": "workspace:11.0.0-6-next.9",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.11",
     "lodash": "4.17.21"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:11.0.0-6-next.10",
+    "@verdaccio/types": "workspace:11.0.0-6-next.12",
     "node-mocks-http": "1.11.0"
   },
   "scripts": {