chore: update versions (6-next) (#3249)

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

.changeset/brown-cycles-laugh.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/cli': patch
+---
+
+chore: improve error logger message

.changeset/chilled-ways-fetch.md

@@ -0,0 +1,5 @@
+---
+'verdaccio-memory': patch
+---
+
+Fix storing tarballs with identical names from different packages in memory plugin

.changeset/healthy-pants-smash.md

@@ -0,0 +1,7 @@
+---
+'@verdaccio/ui-theme': patch
+'@verdaccio/test-helper': patch
+'@verdaccio/web': patch
+---
+
+fix: #3174 set correctly ui values to html render

.changeset/orange-flowers-cover.md

@@ -0,0 +1,43 @@
+---
+'@verdaccio/config': minor
+'@verdaccio/types': minor
+'@verdaccio/ui-theme': minor
+---
+
+feat: rework web header for mobile, add new settings and raw manifest button
+
+### New set of variables to hide features
+
+Add set of new variables that allow hide different parts of the UI, buttons, footer or download tarballs. _All are
+enabled by default_.
+
+```yaml
+# login: true <-- already exist but worth the reminder
+# showInfo: true
+# showSettings: true
+# In combination with darkMode you can force specific theme
+# showThemeSwitch: true
+# showFooter: true
+# showSearch: true
+# showDownloadTarball: true
+```
+
+> If you disable `showThemeSwitch` and force `darkMode: true` the local storage settings would be
+> ignored and force all themes to the one in the configuration file.
+
+Future could be extended to
+
+### Raw button to display manifest package
+
+A new experimental feature (enabled by default), button named RAW to be able navigate on the package manifest directly on the ui, kudos to [react-json-view](https://www.npmjs.com/package/react-json-view) that allows an easy integration, not configurable yet until get more feedback.
+
+```yaml
+showRaw: true
+```
+
+#### Rework header buttons
+
+- The header has been rework, the mobile was not looking broken.
+- Removed info button in the header and moved to a dialog
+- Info dialog now contains more information about the project, license and the aid content for Ukrania now is inside of the info modal.
+- Separate settings and info to avoid collapse too much info (for mobile still need some work)

.changeset/pre.json

@@ -50,8 +50,10 @@
     "afraid-mice-obey",
     "big-lobsters-sin",
     "bright-poems-obey",
+    "brown-cycles-laugh",
     "brown-pandas-wink",
     "calm-pants-impress",
+    "chilled-ways-fetch",
     "dry-planes-tap",
     "dull-monkeys-search",
     "eleven-brooms-hunt",
@@ -66,6 +68,7 @@
     "gentle-trains-switch",
     "gold-vans-tease",
     "healthy-bikes-behave",
+    "healthy-pants-smash",
     "healthy-poets-compare",
     "heavy-ravens-lay",
     "hip-hounds-destroy",
@@ -81,6 +84,7 @@
     "neat-toes-report",
     "neat-toys-float",
     "olive-candles-speak",
+    "orange-flowers-cover",
     "perfect-candles-clap",
     "perfect-emus-clean",
     "perfect-kangaroos-agree",
@@ -96,6 +100,7 @@
     "shaggy-carrots-unite",
     "shaggy-parrots-smash",
     "shiny-chefs-heal",
+    "slow-carrots-relate",
     "smart-apricots-kneel",
     "smart-beds-cross",
     "sour-buses-shout",

.changeset/slow-carrots-relate.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/config': minor
+'@verdaccio/web': minor
+---
+
+feat(web): add a config item to web，let the developer can select whet……her enable the html cache

.eslintignore

@@ -11,3 +11,4 @@ wiki/
 dist/
 docs/
 test/functional/store/*
+docker-examples/**/lib/**/*.js

.github/workflows/benchmark.yml

@@ -4,12 +4,15 @@ name: ci - benchmark
 on:
   workflow_dispatch:
   schedule:
-    # 3 times day
+    # 1 time peer week
     # collecting enough data to draw some graphics
-    - cron: '0 1 * * *'
+    - cron: '0 1 * * 1'
   # push:
   #   branches:
   #     - master
+permissions:
+  contents: read
+
 jobs:
   prepare: 
     name: Prepare build
@@ -18,9 +21,9 @@ jobs:
       - uses: actions/checkout@v3
       - uses: actions/setup-node@v3
         with:
-          node-version: 14.x
+          node-version: 16.x
       - name: install pnpm
-        run: sudo npm i pnpm@6.24.1 -g
+        run: sudo npm i pnpm@latest-6 -g
       - name: set store
         run: | 
           mkdir ~/.pnpm-store
@@ -41,7 +44,7 @@ jobs:
       - name: tar packages
         run: |      
           tar -czvf ${{ github.workspace }}/pkg.tar.gz -C ${{ github.workspace }}/packages .
-      - uses: actions/upload-artifact@v2
+      - uses: actions/upload-artifact@v3
         with:
           name: verdaccio-artifact
           path: pkg.tar.gz
@@ -57,23 +60,23 @@ jobs:
           # - local
           - 3.13.1
           - 4.12.2
-          - 5.7.0
-          - 6.0.0-6-next.35
+          - 5.10.2
+          - 6.0.0-6-next.40
     name: Benchmark autocannon
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
       - uses: actions/setup-node@v3
         with:
-          node-version: 14.x
-      - uses: actions/download-artifact@v2
+          node-version: 16.x
+      - uses: actions/download-artifact@v3
         with:
           name: verdaccio-artifact
       - name: untar packages
         run: tar -xzvf pkg.tar.gz -C ${{ github.workspace }}/packages          
       - name: install pnpm
         # require fixed version
-        run: sudo npm i pnpm@6.24.1 -g
+        run: sudo npm i pnpm@latest-6 -g
       - uses: actions/cache@v3
         with:
           path: ~/.pnpm-store
@@ -87,7 +90,7 @@ jobs:
         shell: bash
         env:
           DEBUG: metrics*
-      - uses: actions/upload-artifact@v2
+      - uses: actions/upload-artifact@v3
         with:
           name: verdaccio-metrics-api
           path: ./api-results-${{matrix.verdaccioVersion}}-${{matrix.benchmark}}.json  
@@ -118,23 +121,23 @@ jobs:
           # old versions to compare same test along previous releases
           - 3.13.1
           - 4.12.2
-          - 5.7.0
-          - 6.0.0-6-next.35
+          - 5.10.2
+          - 6.0.0-6-next.40
     name: Benchmark hyperfine
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
       - uses: actions/setup-node@v3
         with:
-          node-version: 14.x
-      - uses: actions/download-artifact@v2
+          node-version: 16.x
+      - uses: actions/download-artifact@v3
         with:
           name: verdaccio-artifact
       - name: untar packages
         run: tar -xzvf pkg.tar.gz -C ${{ github.workspace }}/packages          
       - name: install pnpm
         # require fixed version
-        run: sudo npm i pnpm@6.24.1 -g
+        run: sudo npm i pnpm@latest-6 -g
       - uses: actions/cache@v3
         with:
           path: ~/.pnpm-store
@@ -153,7 +156,7 @@ jobs:
         shell: bash
       - name: rename
         run: mv ./hyper-results.json ./hyper-results-${{matrix.verdaccioVersion}}-${{matrix.benchmark}}.json
-      - uses: actions/upload-artifact@v2
+      - uses: actions/upload-artifact@v3
         with:
           name: verdaccio-metrics
           path: ./hyper-results-${{matrix.verdaccioVersion}}-${{matrix.benchmark}}.json  

.github/workflows/changesets.yml

@@ -33,7 +33,7 @@ jobs:
           NODE_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
 
       - name: install pnpm
-        run: npm i pnpm@6.10.3 -g
+        run: npm i pnpm@6.32.15 -g
         env:
           NODE_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
 

.github/workflows/ci.yml

@@ -14,6 +14,9 @@ on:
       - 'jest/**'
       - 'package.json'
       - 'pnpm-workspace.yaml'
+permissions:
+  contents: read
+
 jobs:
   prepare:
     runs-on: ubuntu-latest
@@ -30,7 +33,7 @@ jobs:
       with:
         node-version: 16
     - name: Install pnpm
-      run: npm i pnpm@6.32.3 -g
+      run: npm i pnpm@6.32.15 -g
     - name: set store
       run: |
         mkdir ~/.pnpm-store
@@ -55,7 +58,7 @@ jobs:
         with:
           node-version: 16
       - name: Install pnpm
-        run: npm i pnpm@6.32.3 -g
+        run: npm i pnpm@6.32.15 -g
       - uses: actions/cache@v3
         with:
           path: ~/.pnpm-store
@@ -75,7 +78,7 @@ jobs:
         with:
           node-version: 16
       - name: Install pnpm
-        run: npm i pnpm@6.32.3 -g
+        run: npm i pnpm@6.32.15 -g
       - uses: actions/cache@v3
         with:
           path: ~/.pnpm-store
@@ -101,7 +104,7 @@ jobs:
         with:
           node-version: ${{ matrix.node_version }}
       - name: Install pnpm
-        run: npm i pnpm@6.32.3 -g
+        run: npm i pnpm@6.32.15 -g
       - uses: actions/cache@v3
         with:
           path: ~/.pnpm-store
@@ -122,7 +125,7 @@ jobs:
         with:
           node-version: 16
       - name: Install pnpm
-        run: npm i pnpm@latest -g
+        run: npm i pnpm@6.32.15 -g
       - uses: actions/cache@v3
         with:
           path: ~/.pnpm-store
@@ -174,7 +177,7 @@ jobs:
         with:
           node-version: 16
       - name: Install pnpm
-        run: npm i pnpm@6.32.3 -g
+        run: npm i pnpm@6.32.15 -g
       - uses: actions/cache@v3
         with:
           path: ~/.pnpm-store

.github/workflows/codeql-analysis.yml

@@ -8,8 +8,15 @@ on:
   schedule:
     - cron: '0 2 * * 4'
 
+permissions:
+  contents: read
+
 jobs:
   CodeQL-Build:
+    permissions:
+      actions: read  # for github/codeql-action/init to get workflow details
+      contents: read  # for actions/checkout to fetch code
+      security-events: write  # for github/codeql-action/autobuild to send a status report
     runs-on: ubuntu-latest
 
     steps:
@@ -27,7 +34,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v1
+        uses: github/codeql-action/init@v2
 
       # Override language selection by uncommenting this and choosing your languages
       # with:
@@ -35,7 +42,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v1
+        uses: github/codeql-action/autobuild@v2
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -49,4 +56,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v1
+        uses: github/codeql-action/analyze@v2

.github/workflows/contributors.yml

@@ -23,7 +23,7 @@ jobs:
         with:
           node-version: 17.x
       - name: install pnpm
-        run: sudo npm i pnpm@6.24.1 -g
+        run: sudo npm i pnpm@latest-6 -g
       - name: set store
         run: | 
           mkdir ~/.pnpm-store

.github/workflows/website.yml

@@ -3,13 +3,6 @@ name: Verdaccio Website CI
 on:
   workflow_dispatch:
   pull_request:
-    types:
-      - opened
-      - synchronize
-    paths:
-      - 'website/**'
-      - 'package.json'
-      - './.github/workflows/website.yml'
   push:
     branches:
       - 'master'
@@ -26,10 +19,10 @@ jobs:
     steps:
       - uses: actions/checkout@v3
 
-      - name: Use Node 14
+      - name: Use Node 16
         uses: actions/setup-node@v3
         with:
-          node-version: 14
+          node-version: 16
 
       - name: Cache pnpm modules
         uses: actions/cache@v3
@@ -41,9 +34,9 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-build-${{ env.cache-name }}-${{ matrix.node-version }}-
 
-      - uses: pnpm/action-setup@v2.2.1
+      - uses: pnpm/action-setup@v2.2.2
         with:
-          version: 6.10.2
+          version: 6.32.15
           run_install: |
             - recursive: true
               args: [--frozen-lockfile]
@@ -83,6 +76,7 @@ jobs:
         run: pnpm netlify:build:deployPreview --filter ...@verdaccio/website
 
       - name: 🤖 Deploy Preview Netlify
+        if: github.repository == 'verdaccio/verdaccio'
         uses: semoal/action-netlify-deploy@master
         id: netlify_preview
         with:
@@ -96,6 +90,7 @@ jobs:
           build-dir: './website/build'
 
       - name: Audit preview URL with Lighthouse
+        if: github.repository == 'verdaccio/verdaccio'
         id: lighthouse_audit
         uses: treosh/lighthouse-ci-action@9.3.0
         with:
@@ -129,11 +124,13 @@ jobs:
              core.setOutput("comment", comment);
 
       - name: Add comment to PR
+        if: github.repository == 'verdaccio/verdaccio'
         id: comment_to_pr
-        uses: marocchino/sticky-pull-request-comment@v1
+        uses: marocchino/sticky-pull-request-comment@v2
         with:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           number: ${{ github.event.issue.number }}
+          delete: true
           header: lighthouse
           message: |
             ${{ steps.format_lighthouse_score.outputs.comment }}

CONTRIBUTING.md

@@ -70,7 +70,7 @@ This setting would cause the `pnpm install` command to install incorrect version
 To begin your development setup, please install the latest version of pnpm globally:
 
 ```
-npm i -g pnpm
+npm i -g pnpm@latest-6
 ```
 
 With pnpm installed, the first step is installing all dependencies:

Dockerfile

@@ -1,4 +1,4 @@
-FROM --platform=${BUILDPLATFORM:-linux/amd64} node:16.14.2-alpine as builder
+FROM --platform=${BUILDPLATFORM:-linux/amd64} node:16.15.0-alpine as builder
 
 ENV NODE_ENV=development \
     VERDACCIO_BUILD_REGISTRY=https://registry.verdaccio.org
@@ -11,7 +11,7 @@ RUN apk --no-cache add openssl ca-certificates wget && \
 
 WORKDIR /opt/verdaccio-build
 COPY . .
-RUN npm -g i pnpm@6.24.1 && \
+RUN npm -g i pnpm@6.32.15 && \
     pnpm config set registry $VERDACCIO_BUILD_REGISTRY && \
     pnpm recursive install --frozen-lockfile --ignore-scripts && \
     rm -Rf test && \
@@ -20,7 +20,7 @@ RUN npm -g i pnpm@6.24.1 && \
 # FIXME: need to remove devDependencies from the build
 # RUN pnpm install --prod --ignore-scripts
 
-FROM node:16.14.2-alpine
+FROM node:16.15.0-alpine
 LABEL maintainer="https://github.com/verdaccio/verdaccio"
 
 ENV VERDACCIO_APPDIR=/opt/verdaccio \

README.md

@@ -8,7 +8,12 @@
 
 # Version 6 (Development branch)
 
-> Looking for Verdaccio 5? Check branch `5.x`
+> Looking for Verdaccio 5 version? Check the branch `5.x`
+> The plugins for the `v5.x` that are hosted within this organization are located
+> at the [`verdaccio/monorepo`](https://github.com/verdaccio/monorepo) repository, while for the v6.x
+> are hosted on this project `./packages/plugins`, keep on mind `v6.x` plugins will eventually would be
+> incompatible with `v5.x` versions.
+> Note that contributing guidelines might be different based on the branch.
 
 [Verdaccio](https://verdaccio.org/) is a simple, **zero-config-required local private npm registry**.
 No need for an entire database just to get started! Verdaccio comes out of the box with
@@ -48,6 +53,27 @@ or
 docker pull verdaccio/verdaccio:nightly-master
 ```
 
+or with _helm_ [official chart](https://github.com/verdaccio/charts).
+
+```bash
+helm repo add verdaccio https://charts.verdaccio.org
+helm repo update
+helm install verdaccio/verdaccio
+```
+
+Furthermore, you can read the [**Debugging Guidelines**](https://github.com/verdaccio/verdaccio/wiki/Debugging-Verdaccio) and the [**Docker Examples**](https://github.com/verdaccio/verdaccio/tree/master/docker-examples) for more advanced development.
+
+## Plugins
+
+You can develop your own [plugins](https://verdaccio.org/docs/plugins) with the [verdaccio generator](https://github.com/verdaccio/generator-verdaccio-plugin). Installing [Yeoman](https://yeoman.io/) is required.
+
+```
+npm install -g yo
+npm install -g generator-verdaccio-plugin
+```
+
+Learn more [here](https://verdaccio.org/docs/dev-plugins) how to develop plugins. Share your plugins with the community.
+
 ## Donations
 
 Verdaccio is run by **volunteers**; nobody is working full-time on it. If you find this project to be useful and would like to support its development, consider do a long support donation - **and your logo will be on this section of the readme.**
@@ -76,7 +102,13 @@ If you want to use a modified version of some 3rd-party package (for example, yo
 ### E2E Testing
 
 Verdaccio has proved to be a lightweight registry that can be
-booted in a couple of seconds, fast enough for any CI. Many open source projects use verdaccio for end to end testing, to mention some examples, **create-react-app**, **mozilla neutrino**, **pnpm**, **storybook**, **alfresco** or **eclipse theia**. You can read more in dedicated article to E2E in our blog.
+booted in a couple of seconds, fast enough for any CI. Many open source projects use verdaccio for end to end testing, to mention some examples, **create-react-app**, **mozilla neutrino**, **pnpm**, **storybook**, **babel.js**, **angular-cli** or **docusaurus**. You can read more in [here](https://verdaccio.org/docs/e2e).
+
+Furthermore, here few examples how to start:
+
+- [e2e-ci-example-gh-actions](https://github.com/juanpicado/e2e-ci-example-gh-actions)
+- [verdaccio-end-to-end-tests](https://github.com/juanpicado/verdaccio-end-to-end-tests)
+- [verdaccio-fork](https://github.com/juanpicado/verdaccio-fork)
 
 ## Watch our Videos
 
@@ -84,16 +116,13 @@ booted in a couple of seconds, fast enough for any CI. Many open source projects
 
 <div>
    <a href="https://portal.gitnation.org/contents/five-ways-of-taking-advantage-of-verdaccio-your-private-and-proxy-nodejs-registry">
-     <img src="https://cdn.verdaccio.dev/readme/nodejscongress2022.jpg" alt="nodejs" width="300"/>
+     <img src="https://cdn.verdaccio.dev/readme/nodejscongress2022.jpg" alt="nodejs" width="200"/>
   </a>
 </div>
 
-### **Using Docker and Verdaccio to make Integration Testing Easy - Docker All Hands #4 December - 2021**.
-
-[![docker](https://cdn.verdaccio.dev/readme/docker-all-hands-jpicado-talk.jpg)](https://www.youtube.com/watch?v=zRI0skF1f8I)
-
 You might want to check out as well our previous talks:
 
+- [Using Docker and Verdaccio to make Integration Testing Easy - **Docker All Hands #4 December - 2021**](https://www.youtube.com/watch?v=zRI0skF1f8I)
 - [**Juan Picado** – Testing the integrity of React components by publishing in a private registry - React Finland - 2021](https://www.youtube.com/watch?v=bRKZbrlQqLY&t=16s&ab_channel=ReactFinland)
 - [BeerJS Cba Meetup No. 53 May 2021 - **Juan Picado**](https://www.youtube.com/watch?v=6SyjqBmS49Y&ab_channel=BeerJSCba)
 - [Node.js Dependency Confusion Attacks - April 2021 - **Juan Picado**](https://www.youtube.com/watch?v=qTRADSp3Hpo)
@@ -168,7 +197,7 @@ To run the docker container:
 docker run -it --rm --name verdaccio -p 4873:4873 verdaccio/verdaccio
 ```
 
-Docker examples are available [in this repository](https://github.com/verdaccio/docker-examples).
+Docker examples are available [in this repository](https://github.com/verdaccio/verdaccio/tree/master/docker-examples).
 
 ## Compatibility
 
@@ -236,6 +265,7 @@ You can find and chat with then over Discord, click [here](http://chat.verdaccio
 - [create-react-app](https://github.com/facebook/create-react-app/blob/master/CONTRIBUTING.md#customizing-e2e-registry-configuration) _(+86.2k ⭐️)_
 - [Gatsby](https://github.com/gatsbyjs/gatsby) _(+49.2k ⭐️)_
 - [Babel.js](https://github.com/babel/babel) _(+38.5k ⭐️)_
+- [Docusaurus](https://github.com/facebook/docusaurus) _(+34k ⭐️)_
 - [Vue CLI](https://github.com/vuejs/vue-cli) _(+27.4k ⭐️)_
 - [Angular CLI](https://github.com/angular/angular-cli) _(+24.3k ⭐️)_
 - [Uppy](https://github.com/transloadit/uppy) _(+23.8k ⭐️)_
@@ -250,7 +280,7 @@ You can find and chat with then over Discord, click [here](http://chat.verdaccio
 - [Amazon SDK v3](https://github.com/aws/aws-sdk-js-v3)
 - [Amazon Encryption SDK for Javascript](https://github.com/aws/aws-encryption-sdk-javascript)
 
-🤓 Don't be shy, you also can be in [the list](https://github.com/verdaccio/website/blob/master/docs/who-is-using.md).
+🤓 Don't be shy, add yourself to this readme.
 
 ## Open Collective Sponsors
 

docker-examples/v5/README.md

@@ -3,3 +3,12 @@
 > Before run examples, build the local image by running `pnpm docker`.
 
 - [Docker + Nginx + Verdaccio](reverse_proxy/nginx/README.md)
+
+## Using Plugins with Docker
+
+List of different approaches
+
+> Note these options could be improved, feel free to submit upgrades
+
+- [Docker + Install plugins from a registry](plugins/docker-build-install-plugin/README.md)
+- [Docker + Install local plugin](plugins/docker-local-plugin/README.md)

docker-examples/v5/plugins/docker-build-install-plugin/Dockerfile

@@ -0,0 +1,25 @@
+# Docs based on https://github.com/xlts-dev/verdaccio-prometheus-middleware#installation
+
+# Docker multi-stage build - https://docs.docker.com/develop/develop-images/multistage-build/
+# Use an alpine node image to install the plugin
+FROM node:lts-alpine as builder
+
+# Install the metrics middleware plugin
+# npm docs
+# --global-style https://docs.npmjs.com/cli/v7/commands/npm-install#global-style
+# --no-bin-links https://docs.npmjs.com/cli/v7/commands/npm-install#bin-links
+# --omit=optional 
+RUN mkdir -p /verdaccio/plugins \
+  && cd /verdaccio/plugins \
+  && npm install --global-style --no-bin-links --omit=optional verdaccio-auth-memory@latest
+
+# The final built image will be based on the standard Verdaccio docker image.
+FROM verdaccio/verdaccio:5
+
+# Copy the plugin files over from the 'builder' node image.
+# The `$VERDACCIO_USER_UID` env variable is defined in the base `verdaccio/verdaccio` image.
+# Refer to: https://github.com/verdaccio/verdaccio/blob/v5.2.0/Dockerfile#L32
+ADD docker.yaml /verdaccio/conf/config.yaml  
+COPY --chown=$VERDACCIO_USER_UID:root --from=builder \
+  /verdaccio/plugins/node_modules/verdaccio-auth-memory \
+  /verdaccio/plugins/verdaccio-auth-memory

docker-examples/v5/plugins/docker-build-install-plugin/README.md

@@ -0,0 +1,46 @@
+# Installing a plugin with Docker build
+
+On this small tutorial (based on [`verdaccio-prometheus-middleware`](https://github.com/xlts-dev/verdaccio-prometheus-middleware) example) you will be able to use a published package in any random registry (npmjs by default) and use it withing a docker image without mapping need it.
+
+> Since verdaccio:5 uses `yarn@2` to run the application, this tutorial is a workaround but future prove since verdaccio 6 uses `pnpm` to build the docker image.
+
+There are two main steps to highlight:
+
+- `docker.yaml`: This is a copy of the original configuration file for docker and with small modifications to use the plugin [`verdaccio-auth-memory`](https://www.npmjs.com/package/verdaccio-auth-memory) and custom web title for demonstration.
+- The `Dockerfile` take advance of the docker multi-stage build to install the plugin into the `verdaccio/plugins` folder withing the image, then we apply the right permissions `--chown=$VERDACCIO_USER_UID:root` so the plugin is recognized.
+
+## Run it
+
+Build this image.
+
+```bash
+docker build -t verdaccio/verdaccio:local .
+```
+
+and to run it
+
+```bash
+docker run -it --rm --name verdaccio -p 4873:4873 verdaccio/verdaccio:local
+```
+
+## Usage
+
+```dockerfile
+# Docker multi-stage build - https://docs.docker.com/develop/develop-images/multistage-build/
+# Use an alpine node image to install the plugin
+FROM node:lts-alpine as builder
+
+RUN mkdir -p /verdaccio/plugins \
+  && cd /verdaccio/plugins \
+  && npm install --global-style --no-bin-links --omit=optional verdaccio-auth-memory@latest
+
+FROM verdaccio/verdaccio:5
+
+# copy your modified config.yaml into the image
+ADD docker.yaml /verdaccio/conf/config.yaml
+
+COPY --chown=$VERDACCIO_USER_UID:root --from=builder \
+  /verdaccio/plugins/node_modules/verdaccio-auth-memory \
+  /verdaccio/plugins/verdaccio-auth-memory
+
+```

docker-examples/v5/plugins/docker-build-install-plugin/docker.yaml

@@ -0,0 +1,197 @@
+#
+# This is the default configuration file. It allows all users to do anything,
+# please read carefully the documentation and best practices to
+# improve security.
+#
+# Do not configure host and port under `listen` in this file
+# as it will be ignored when using docker.
+# see https://verdaccio.org/docs/en/docker#docker-and-custom-port-configuration
+#
+# Look here for more config file examples:
+# https://github.com/verdaccio/verdaccio/tree/5.x/conf
+#
+# Read about the best practices
+# https://verdaccio.org/docs/best
+
+# path to a directory with all packages
+storage: /verdaccio/storage/data
+# path to a directory with plugins to include
+plugins: /verdaccio/plugins
+
+# https://verdaccio.org/docs/webui
+web:
+  title: Verdaccio Publish Config Test
+  # comment out to disable gravatar support
+  # gravatar: false
+  # by default packages are ordercer ascendant (asc|desc)
+  # sort_packages: asc
+  # convert your UI to the dark side
+  # darkMode: true
+  # html_cache: true
+  # by default all features are displayed
+  # login: true
+  # showInfo: true
+  # showSettings: true
+  # In combination with darkMode you can force specific theme
+  # showThemeSwitch: true
+  # showFooter: true
+  # showSearch: true
+  # showRaw: true
+  # showDownloadTarball: true
+  #  HTML tags injected after manifest <scripts/>
+  # scriptsBodyAfter:
+  #    - '<script type="text/javascript" src="https://my.company.com/customJS.min.js"></script>'
+  #  HTML tags injected before ends </head>
+  #  metaScripts:
+  #    - '<script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>'
+  #    - '<script type="text/javascript" src="https://browser.sentry-cdn.com/5.15.5/bundle.min.js"></script>'
+  #    - '<meta name="robots" content="noindex" />'
+  #  HTML tags injected first child at <body/>
+  #  bodyBefore:
+  #    - '<div id="myId">html before webpack scripts</div>'
+  #  Public path for template manifest scripts (only manifest)
+  #  publicPath: http://somedomain.org/
+
+# https://verdaccio.org/docs/configuration#authentication
+auth:
+  auth-memory:
+    users:
+      foo:
+        name: foo
+        password: s3cret
+      bar:
+        name: bar
+        password: s3cret
+
+# https://verdaccio.org/docs/configuration#uplinks
+# a list of other known repositories we can talk to
+uplinks:
+  npmjs:
+    url: https://registry.npmjs.org/
+
+# Learn how to protect your packages
+# https://verdaccio.org/docs/protect-your-dependencies/
+# https://verdaccio.org/docs/configuration#packages
+packages:
+  '@*/*':
+    # scoped packages
+    access: $all
+    publish: $authenticated
+    unpublish: $authenticated
+    proxy: npmjs
+
+  '**':
+    # allow all users (including non-authenticated users) to read and
+    # publish all packages
+    #
+    # you can specify usernames/groupnames (depending on your auth plugin)
+    # and three keywords: "$all", "$anonymous", "$authenticated"
+    access: $all
+
+    # allow all known users to publish/publish packages
+    # (anyone can register by default, remember?)
+    publish: $authenticated
+    unpublish: $authenticated
+
+    # if package is not available locally, proxy requests to 'npmjs' registry
+    proxy: npmjs
+
+# To improve your security configuration and  avoid dependency confusion
+# consider removing the proxy property for private packages
+# https://verdaccio.org/docs/best#remove-proxy-to-increase-security-at-private-packages
+
+# https://verdaccio.org/docs/configuration#server
+# You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections.
+# A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout.
+# WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.
+server:
+  keepAliveTimeout: 60
+
+# https://verdaccio.org/docs/configuration#offline-publish
+# publish:
+#   allow_offline: false
+
+# https://verdaccio.org/docs/configuration#url-prefix
+# url_prefix: /verdaccio/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/my_prefix'
+# // url -> https://somedomain.org/my_prefix/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/'
+# // url -> https://somedomain.org/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org/first_prefix';
+# url_prefix: '/second_prefix'
+# // url -> https://somedomain.org/second_prefix/'
+
+# https://verdaccio.org/docs/configuration#security
+# security:
+#   api:
+#     legacy: true
+#     jwt:
+#       sign:
+#         expiresIn: 29d
+#       verify:
+#         someProp: [value]
+#    web:
+#      sign:
+#        expiresIn: 1h # 1 hour by default
+#      verify:
+#         someProp: [value]
+
+# https://verdaccio.org/docs/configuration#user-rate-limit
+# userRateLimit:
+#   windowMs: 50000
+#   max: 1000
+
+# https://verdaccio.org/docs/configuration#max-body-size
+# max_body_size: 10mb
+
+# https://verdaccio.org/docs/configuration#listen-port
+# listen:
+# - localhost:4873            # default value
+# - http://localhost:4873     # same thing
+# - 0.0.0.0:4873              # listen on all addresses (INADDR_ANY)
+# - https://example.org:4873  # if you want to use https
+# - "[::1]:4873"                # ipv6
+# - unix:/tmp/verdaccio.sock    # unix socket
+
+# The HTTPS configuration is useful if you do not consider use a HTTP Proxy
+# https://verdaccio.org/docs/configuration#https
+# https:
+#   key: ./path/verdaccio-key.pem
+#   cert: ./path/verdaccio-cert.pem
+#   ca: ./path/verdaccio-csr.pem
+
+# https://verdaccio.org/docs/configuration#proxy
+# http_proxy: http://something.local/
+# https_proxy: https://something.local/
+
+# https://verdaccio.org/docs/configuration#notifications
+# notify:
+#   method: POST
+#   headers: [{ "Content-Type": "application/json" }]
+#   endpoint: https://usagge.hipchat.com/v2/room/3729485/notification?auth_token=mySecretToken
+#   content: '{"color":"green","message":"New package published: * {{ name }}*","notify":true,"message_format":"text"}'
+
+middlewares:
+  audit:
+    enabled: true
+
+# https://verdaccio.org/docs/logger
+# log settings
+logs: { type: stdout, format: pretty, level: http }
+#experiments:
+#  # support for npm token command
+#  token: false
+#  # enable tarball URL redirect for hosting tarball with a different server, the tarball_url_redirect can be a template string
+#  tarball_url_redirect: 'https://mycdn.com/verdaccio/${packageName}/${filename}'
+#  # the tarball_url_redirect can be a function, takes packageName and filename and returns the url, when working with a js configuration file
+#  tarball_url_redirect(packageName, filename) {
+#    const signedUrl = // generate a signed url
+#    return signedUrl;
+#  }
+
+# translate your registry, api i18n not available yet
+# i18n:
+# list of the available translations https://github.com/verdaccio/verdaccio/blob/master/packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md
+#   web: en-US

docker-examples/v5/plugins/docker-local-plugin/Dockerfile

@@ -0,0 +1,26 @@
+# Docs based on https://github.com/xlts-dev/verdaccio-prometheus-middleware#installation
+# Docker multi-stage build - https://docs.docker.com/develop/develop-images/multistage-build/
+# Use an alpine node image to install the plugin
+FROM node:lts-alpine as builder
+
+RUN mkdir -p /verdaccio/plugins
+
+# Copy the local plugin into the docker image
+ADD plugins/verdaccio-docker-memory /verdaccio/plugins/verdaccio-docker-memory
+# Install the production dependencies (be careful install devDependencies here)
+RUN cd /verdaccio/plugins/verdaccio-docker-memory \
+  && npm install --production
+
+# The final built image will be based on the standard Verdaccio docker image.
+FROM verdaccio/verdaccio:5
+
+# Copy the plugin files over from the 'builder' node image.
+# The `$VERDACCIO_USER_UID` env variable is defined in the base `verdaccio/verdaccio` image.
+# Refer to: https://github.com/verdaccio/verdaccio/blob/v5.2.0/Dockerfile#L32
+# The local verdaccio-docker-memory is setup as storage
+ADD docker.yaml /verdaccio/conf/config.yaml  
+
+# Copy the plugin into the /verdaccio/plugins 
+COPY --chown=$VERDACCIO_USER_UID:root --from=builder \
+  /verdaccio/plugins/verdaccio-docker-memory \
+  /verdaccio/plugins/verdaccio-docker-memory

docker-examples/v5/plugins/docker-local-plugin/README.md

@@ -0,0 +1,42 @@
+# Installing a local plugin with Docker build
+
+On this small tutorial (based on [`verdaccio-prometheus-middleware`](https://github.com/xlts-dev/verdaccio-prometheus-middleware) example) you will be able to use a published package in any random registry (npmjs by default) and use it withing a docker image without mapping need it.
+
+> Since verdaccio:5 uses `yarn@2` to run the application, this tutorial is a workaround but future prove since verdaccio 6 uses `pnpm` to build the docker image.
+
+There are three main steps to highlight:
+
+- Note the custom plugin at `plugins/verdaccio-docker-memory` under the name `verdaccio-docker-memory`.
+- Install the _production_ dependencies for the plugin `verdaccio-docker-memory`
+- `docker.yaml`: This is a copy of the original configuration file for docker and with small modifications to use the local plugin `verdaccio-docker-memory`.
+- The `Dockerfile` take advance of the docker multi-stage build to copy the local plugin into the `verdaccio/plugins` folder withing the image, then we apply the right permissions `--chown=$VERDACCIO_USER_UID:root` so the plugin is recognized.
+
+## Run it
+
+Build this image.
+
+```bash
+docker build -t verdaccio/verdaccio:local .
+```
+
+and to run it
+
+```bash
+docker run -it --rm --name verdaccio -p 4873:4873 verdaccio/verdaccio:local
+```
+
+## Usage
+
+```dockerfile
+FROM node:lts-alpine as builder
+RUN mkdir -p /verdaccio/plugins
+ADD plugins/verdaccio-docker-memory /verdaccio/plugins/verdaccio-docker-memory
+RUN cd /verdaccio/plugins/verdaccio-docker-memory \
+  && ls -ls \
+  && npm install --production
+FROM verdaccio/verdaccio:5
+ADD docker.yaml /verdaccio/conf/config.yaml
+COPY --chown=$VERDACCIO_USER_UID:root --from=builder \
+  /verdaccio/plugins/verdaccio-docker-memory \
+  /verdaccio/plugins/verdaccio-docker-memory
+```

docker-examples/v5/plugins/docker-local-plugin/docker.yaml

@@ -0,0 +1,199 @@
+#
+# This is the default configuration file. It allows all users to do anything,
+# please read carefully the documentation and best practices to
+# improve security.
+#
+# Do not configure host and port under `listen` in this file
+# as it will be ignored when using docker.
+# see https://verdaccio.org/docs/en/docker#docker-and-custom-port-configuration
+#
+# Look here for more config file examples:
+# https://github.com/verdaccio/verdaccio/tree/5.x/conf
+#
+# Read about the best practices
+# https://verdaccio.org/docs/best
+
+# path to a directory with all packages
+storage: /verdaccio/storage/data
+
+store:
+  # dummy copy of https://www.npmjs.com/package/verdaccio-memory
+  docker-memory:
+    limit: 1000
+
+# path to a directory with plugins to include
+plugins: /verdaccio/plugins
+
+# https://verdaccio.org/docs/webui
+web:
+  title: Verdaccio This is a Test
+  # comment out to disable gravatar support
+  # gravatar: false
+  # by default packages are ordercer ascendant (asc|desc)
+  # sort_packages: asc
+  # convert your UI to the dark side
+  # darkMode: true
+  # html_cache: true
+  # by default all features are displayed
+  # login: true
+  # showInfo: true
+  # showSettings: true
+  # In combination with darkMode you can force specific theme
+  # showThemeSwitch: true
+  # showFooter: true
+  # showSearch: true
+  # showRaw: true
+  # showDownloadTarball: true
+  #  HTML tags injected after manifest <scripts/>
+  # scriptsBodyAfter:
+  #    - '<script type="text/javascript" src="https://my.company.com/customJS.min.js"></script>'
+  #  HTML tags injected before ends </head>
+  #  metaScripts:
+  #    - '<script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>'
+  #    - '<script type="text/javascript" src="https://browser.sentry-cdn.com/5.15.5/bundle.min.js"></script>'
+  #    - '<meta name="robots" content="noindex" />'
+  #  HTML tags injected first child at <body/>
+  #  bodyBefore:
+  #    - '<div id="myId">html before webpack scripts</div>'
+  #  Public path for template manifest scripts (only manifest)
+  #  publicPath: http://somedomain.org/
+
+auth:
+  htpasswd:
+    file: ./htpasswd
+    # Maximum amount of users allowed to register, defaults to "+inf".
+    # You can set this to -1 to disable registration.
+    # max_users: 1000
+
+# https://verdaccio.org/docs/configuration#uplinks
+# a list of other known repositories we can talk to
+uplinks:
+  npmjs:
+    url: https://registry.npmjs.org/
+
+# Learn how to protect your packages
+# https://verdaccio.org/docs/protect-your-dependencies/
+# https://verdaccio.org/docs/configuration#packages
+packages:
+  '@*/*':
+    # scoped packages
+    access: $all
+    publish: $authenticated
+    unpublish: $authenticated
+    proxy: npmjs
+
+  '**':
+    # allow all users (including non-authenticated users) to read and
+    # publish all packages
+    #
+    # you can specify usernames/groupnames (depending on your auth plugin)
+    # and three keywords: "$all", "$anonymous", "$authenticated"
+    access: $all
+
+    # allow all known users to publish/publish packages
+    # (anyone can register by default, remember?)
+    publish: $authenticated
+    unpublish: $authenticated
+
+    # if package is not available locally, proxy requests to 'npmjs' registry
+    proxy: npmjs
+
+# To improve your security configuration and  avoid dependency confusion
+# consider removing the proxy property for private packages
+# https://verdaccio.org/docs/best#remove-proxy-to-increase-security-at-private-packages
+
+# https://verdaccio.org/docs/configuration#server
+# You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections.
+# A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout.
+# WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.
+server:
+  keepAliveTimeout: 60
+
+# https://verdaccio.org/docs/configuration#offline-publish
+# publish:
+#   allow_offline: false
+
+# https://verdaccio.org/docs/configuration#url-prefix
+# url_prefix: /verdaccio/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/my_prefix'
+# // url -> https://somedomain.org/my_prefix/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/'
+# // url -> https://somedomain.org/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org/first_prefix';
+# url_prefix: '/second_prefix'
+# // url -> https://somedomain.org/second_prefix/'
+
+# https://verdaccio.org/docs/configuration#security
+# security:
+#   api:
+#     legacy: true
+#     jwt:
+#       sign:
+#         expiresIn: 29d
+#       verify:
+#         someProp: [value]
+#    web:
+#      sign:
+#        expiresIn: 1h # 1 hour by default
+#      verify:
+#         someProp: [value]
+
+# https://verdaccio.org/docs/configuration#user-rate-limit
+# userRateLimit:
+#   windowMs: 50000
+#   max: 1000
+
+# https://verdaccio.org/docs/configuration#max-body-size
+# max_body_size: 10mb
+
+# https://verdaccio.org/docs/configuration#listen-port
+# listen:
+# - localhost:4873            # default value
+# - http://localhost:4873     # same thing
+# - 0.0.0.0:4873              # listen on all addresses (INADDR_ANY)
+# - https://example.org:4873  # if you want to use https
+# - "[::1]:4873"                # ipv6
+# - unix:/tmp/verdaccio.sock    # unix socket
+
+# The HTTPS configuration is useful if you do not consider use a HTTP Proxy
+# https://verdaccio.org/docs/configuration#https
+# https:
+#   key: ./path/verdaccio-key.pem
+#   cert: ./path/verdaccio-cert.pem
+#   ca: ./path/verdaccio-csr.pem
+
+# https://verdaccio.org/docs/configuration#proxy
+# http_proxy: http://something.local/
+# https_proxy: https://something.local/
+
+# https://verdaccio.org/docs/configuration#notifications
+# notify:
+#   method: POST
+#   headers: [{ "Content-Type": "application/json" }]
+#   endpoint: https://usagge.hipchat.com/v2/room/3729485/notification?auth_token=mySecretToken
+#   content: '{"color":"green","message":"New package published: * {{ name }}*","notify":true,"message_format":"text"}'
+
+middlewares:
+  audit:
+    enabled: true
+
+# https://verdaccio.org/docs/logger
+# log settings
+logs: { type: stdout, format: pretty, level: http }
+#experiments:
+#  # support for npm token command
+#  token: false
+#  # enable tarball URL redirect for hosting tarball with a different server, the tarball_url_redirect can be a template string
+#  tarball_url_redirect: 'https://mycdn.com/verdaccio/${packageName}/${filename}'
+#  # the tarball_url_redirect can be a function, takes packageName and filename and returns the url, when working with a js configuration file
+#  tarball_url_redirect(packageName, filename) {
+#    const signedUrl = // generate a signed url
+#    return signedUrl;
+#  }
+
+# translate your registry, api i18n not available yet
+# i18n:
+# list of the available translations https://github.com/verdaccio/verdaccio/blob/master/packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md
+#   web: en-US

docker-examples/v5/plugins/docker-local-plugin/plugins/.eslintrc

@@ -0,0 +1,8 @@
+{
+  "rules": {
+    "max-len": 0,
+    "@typescript-eslint/prefer-optional-chain": 0,
+    "@typescript-eslint/no-unused-vars": 0,
+    "@typescript-eslint/explicit-member-accessibility": 0
+  }
+}

docker-examples/v5/plugins/docker-local-plugin/plugins/verdaccio-docker-memory/lib/index.js

@@ -0,0 +1,17 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', {
+  value: true,
+});
+exports.LocalMemory = undefined;
+
+let _localMemory = require('./local-memory');
+
+let _localMemory2 = _interopRequireDefault(_localMemory);
+
+function _interopRequireDefault(obj) {
+  return obj && obj.__esModule ? obj : { default: obj };
+}
+
+exports.LocalMemory = _localMemory2.default;
+exports.default = _localMemory2.default;

docker-examples/v5/plugins/docker-local-plugin/plugins/verdaccio-docker-memory/lib/local-memory.js

@@ -0,0 +1,96 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', {
+  value: true,
+});
+
+let _memoryHandler = require('./memory-handler');
+
+let _memoryHandler2 = _interopRequireDefault(_memoryHandler);
+
+function _interopRequireDefault(obj) {
+  return obj && obj.__esModule ? obj : { default: obj };
+}
+
+const DEFAULT_LIMIT = 1000;
+
+class LocalMemory {
+  constructor(config, options) {
+    this.config = config;
+    this.limit = config.limit || DEFAULT_LIMIT;
+    this.logger = options.logger;
+    this.data = this._createEmtpyDatabase();
+  }
+
+  getSecret() {
+    return Promise.resolve(this.data.secret);
+  }
+
+  setSecret(secret) {
+    return new Promise((resolve, reject) => {
+      this.data.secret = secret;
+      resolve(null);
+    });
+  }
+
+  add(name, cb) {
+    const list = this.data.list;
+
+    if (list.length < this.limit) {
+      if (list.indexOf(name) === -1) {
+        list.push(name);
+      }
+      cb(null);
+    } else {
+      this.logger.info(
+        { limit: this.limit },
+        'Storage memory has reached limit of @{limit} packages'
+      );
+      cb(new Error('Storage memory has reached limit of limit packages'));
+    }
+  }
+
+  search(onPackage, onEnd, validateName) {
+    // TODO: pending to implement
+    onEnd();
+  }
+
+  remove(name, cb) {
+    const list = this.data.list;
+
+    const item = list.indexOf(name);
+
+    if (item !== -1) {
+      list.splice(item, 1);
+    }
+
+    cb(null);
+  }
+
+  get(cb) {
+    cb(null, this.data.list);
+  }
+
+  sync() {
+    // nothing to do
+  }
+
+  getPackageStorage(packageInfo) {
+    // eslint-disable-next-line new-cap
+    return new _memoryHandler2.default(packageInfo, this.data.files, this.logger);
+  }
+
+  _createEmtpyDatabase() {
+    const list = [];
+    const files = {};
+    const emptyDatabase = {
+      list,
+      files,
+      secret: '',
+    };
+
+    return emptyDatabase;
+  }
+}
+
+exports.default = LocalMemory;

docker-examples/v5/plugins/docker-local-plugin/plugins/verdaccio-docker-memory/lib/memory-handler.js

@@ -0,0 +1,182 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', {
+  value: true,
+});
+exports.fileExist = exports.noSuchFile = undefined;
+
+let _httpErrors = require('http-errors');
+
+let _httpErrors2 = _interopRequireDefault(_httpErrors);
+
+let _memoryFs = require('memory-fs');
+
+let _memoryFs2 = _interopRequireDefault(_memoryFs);
+
+let _streams = require('@verdaccio/streams');
+
+function _interopRequireDefault(obj) {
+  return obj && obj.__esModule ? obj : { default: obj };
+}
+
+// $FlowFixMe
+const noSuchFile = (exports.noSuchFile = 'ENOENT');
+
+const fileExist = (exports.fileExist = 'EEXISTS');
+
+const fSError = function fSError(message, code = 404) {
+  const err = (0, _httpErrors2.default)(code, message);
+  // $FlowFixMe
+  err.code = message;
+
+  return err;
+};
+
+const noPackageFoundError = function noPackageFoundError(message = 'no such package') {
+  const err = (0, _httpErrors2.default)(404, message);
+  // $FlowFixMe
+  err.code = noSuchFile;
+  return err;
+};
+
+// eslint-disable-next-line new-cap
+const fs = new _memoryFs2.default();
+
+class MemoryHandler {
+  constructor(packageName, data, logger) {
+    // this is not need it
+    this.data = data;
+    this.name = packageName;
+    this.logger = logger;
+  }
+
+  updatePackage(pkgFileName, updateHandler, onWrite, transformPackage, onEnd) {
+    let json = this._getStorage(pkgFileName);
+
+    try {
+      json = JSON.parse(json);
+    } catch (err) {
+      return onEnd(err);
+    }
+
+    updateHandler(json, (err) => {
+      if (err) {
+        return onEnd(err);
+      }
+      try {
+        onWrite(pkgFileName, transformPackage(json), onEnd);
+      } catch (err) {
+        return onEnd(fSError('error on parse', 500));
+      }
+    });
+  }
+
+  deletePackage(pkgName, callback) {
+    delete this.data[pkgName];
+    callback(null);
+  }
+
+  removePackage(callback) {
+    callback(null);
+  }
+
+  createPackage(name, value, cb) {
+    this.savePackage(name, value, cb);
+  }
+
+  savePackage(name, value, cb) {
+    try {
+      const json = JSON.stringify(value, null, '\t');
+
+      this.data[name] = json;
+    } catch (err) {
+      cb(fSError(err.message, 500));
+    }
+
+    cb(null);
+  }
+
+  readPackage(name, cb) {
+    const json = this._getStorage(name);
+    const isJson = typeof json === 'undefined';
+
+    try {
+      cb(isJson ? noPackageFoundError() : null, JSON.parse(json));
+    } catch (err) {
+      cb(noPackageFoundError());
+    }
+  }
+
+  writeTarball(name) {
+    const uploadStream = new _streams.UploadTarball();
+    const temporalName = `/${name}`;
+
+    process.nextTick(function () {
+      fs.exists(temporalName, function (exists) {
+        if (exists) {
+          return uploadStream.emit('error', fSError(fileExist));
+        }
+
+        try {
+          const file = fs.createWriteStream(temporalName);
+
+          uploadStream.pipe(file);
+
+          uploadStream.done = function () {
+            const onEnd = function onEnd() {
+              uploadStream.emit('success');
+            };
+
+            uploadStream.on('end', onEnd);
+          };
+
+          uploadStream.abort = function () {
+            uploadStream.emit('error', fSError('transmision aborted', 400));
+            file.end();
+          };
+
+          uploadStream.emit('open');
+        } catch (err) {
+          uploadStream.emit('error', err);
+        }
+      });
+    });
+
+    return uploadStream;
+  }
+
+  readTarball(name) {
+    const pathName = `/${name}`;
+
+    const readTarballStream = new _streams.ReadTarball();
+
+    process.nextTick(function () {
+      fs.exists(pathName, function (exists) {
+        if (!exists) {
+          readTarballStream.emit('error', noPackageFoundError());
+        } else {
+          const readStream = fs.createReadStream(pathName);
+
+          readTarballStream.emit('content-length', fs.data[name].length);
+          readTarballStream.emit('open');
+          readStream.pipe(readTarballStream);
+          readStream.on('error', (error) => {
+            readTarballStream.emit('error', error);
+          });
+
+          readTarballStream.abort = function () {
+            readStream.destroy(fSError('read has been aborted', 400));
+          };
+        }
+      });
+    });
+
+    return readTarballStream;
+  }
+
+  _getStorage(name = '') {
+    return this.data[name];
+  }
+}
+
+exports.default = MemoryHandler;

docker-examples/v5/plugins/docker-local-plugin/plugins/verdaccio-docker-memory/package.json

@@ -0,0 +1,19 @@
+{
+  "name": "verdaccio-docker-memory",
+  "version": "1.0.3",
+  "description": "storage implementation in memory",
+  "main": "lib/index.js",
+  "dependencies": {
+    "@verdaccio/streams": "1.0.0",
+    "http-errors": "1.6.3",
+    "memory-fs": "0.4.1"
+  },
+  "keywords": [
+    "verdaccio",
+    "plugin",
+    "storage"
+  ],
+  "author": "Juan Picado <juanpicado19@gmail.com>",
+  "private": true,
+  "license": "MIT"
+}

docker-examples/v6/README.md

@@ -1,8 +1,22 @@
-# Verdaccio 6
+# Verdaccio 6 Examples
 
 > We recommend to have installed [docker-compose >= 1.29.0](https://github.com/docker/compose/releases/tag/1.29.2)
 
-- [Docker + Nginx + Verdaccio](reverse_proxy/nginx/README.md)
-- [Docker + Apache + Verdaccio](apache-verdaccio/README.md)
+## Mapping Volumes
+
 - [Docker + Local Storage Volume + Verdaccio](docker-local-storage-volume/README.md)
-- [Docker + HTTPS Portal + Verdaccio](https-portal-example/README.md)
+
+## Proxy
+
+- [Docker + Nginx + Verdaccio](proxy/reverse_proxy/nginx/README.md)
+- [Docker + Apache + Verdaccio](proxy/apache-verdaccio/README.md)
+- [Docker + HTTPS Portal + Verdaccio](proxy/https-portal-example/README.md)
+
+> Looking forward more examples with proxies.
+
+## Plugins
+
+Using plugins without `docker-compose` mapping volumes, all withing the `Dockerfile`.
+
+- [Docker + Local Build Auth Plugin (local development)](plugins/docker-build-install-plugin/README.md)
+- [Docker + Auth Plugin (from a registry)](plugins/docker-local-plugin/README.md)

docker-examples/v6/plugins/docker-build-install-plugin/Dockerfile

@@ -0,0 +1,25 @@
+# Docs based on https://github.com/xlts-dev/verdaccio-prometheus-middleware#installation
+
+# Docker multi-stage build - https://docs.docker.com/develop/develop-images/multistage-build/
+# Use an alpine node image to install the plugin
+FROM node:lts-alpine as builder
+
+# Install the metrics middleware plugin
+# npm docs
+# --global-style https://docs.npmjs.com/cli/v7/commands/npm-install#global-style
+# --no-bin-links https://docs.npmjs.com/cli/v7/commands/npm-install#bin-links
+# --omit=optional 
+RUN mkdir -p /verdaccio/plugins \
+  && cd /verdaccio/plugins \
+  && npm install --global-style --no-bin-links --omit=optional verdaccio-auth-memory@latest
+
+# The final built image will be based on the standard Verdaccio docker image.
+FROM verdaccio/verdaccio:nightly-master
+
+# Copy the plugin files over from the 'builder' node image.
+# The `$VERDACCIO_USER_UID` env variable is defined in the base `verdaccio/verdaccio` image.
+# Refer to: https://github.com/verdaccio/verdaccio/blob/v5.2.0/Dockerfile#L32
+ADD docker.yaml /verdaccio/conf/config.yaml  
+COPY --chown=$VERDACCIO_USER_UID:root --from=builder \
+  /verdaccio/plugins/node_modules/verdaccio-auth-memory \
+  /verdaccio/plugins/verdaccio-auth-memory

docker-examples/v6/plugins/docker-build-install-plugin/README.md

@@ -0,0 +1,46 @@
+# Installing a plugin with Docker build
+
+On this small tutorial (based on [`verdaccio-prometheus-middleware`](https://github.com/xlts-dev/verdaccio-prometheus-middleware) example) you will be able to use a published package in any random registry (npmjs by default) and use it withing a docker image without mapping need it.
+
+> Since verdaccio:5 uses `yarn@2` to run the application, this tutorial is a workaround but future prove since verdaccio 6 uses `pnpm` to build the docker image.
+
+There are two main steps to highlight:
+
+- `docker.yaml`: This is a copy of the original configuration file for docker and with small modifications to use the plugin [`verdaccio-auth-memory`](https://www.npmjs.com/package/verdaccio-auth-memory) and custom web title for demonstration.
+- The `Dockerfile` take advance of the docker multi-stage build to install the plugin into the `verdaccio/plugins` folder withing the image, then we apply the right permissions `--chown=$VERDACCIO_USER_UID:root` so the plugin is recognized.
+
+## Run it
+
+Build this image.
+
+```bash
+docker build -t verdaccio/verdaccio:local .
+```
+
+and to run it
+
+```bash
+docker run -it --rm --name verdaccio -p 4873:4873 verdaccio/verdaccio:local
+```
+
+## Usage
+
+```dockerfile
+# Docker multi-stage build - https://docs.docker.com/develop/develop-images/multistage-build/
+# Use an alpine node image to install the plugin
+FROM node:lts-alpine as builder
+
+RUN mkdir -p /verdaccio/plugins \
+  && cd /verdaccio/plugins \
+  && npm install --global-style --no-bin-links --omit=optional verdaccio-auth-memory@latest
+
+FROM verdaccio/verdaccio:5
+
+# copy your modified config.yaml into the image
+ADD docker.yaml /verdaccio/conf/config.yaml
+
+COPY --chown=$VERDACCIO_USER_UID:root --from=builder \
+  /verdaccio/plugins/node_modules/verdaccio-auth-memory \
+  /verdaccio/plugins/verdaccio-auth-memory
+
+```

docker-examples/v6/plugins/docker-build-install-plugin/docker.yaml

@@ -0,0 +1,197 @@
+#
+# This is the default configuration file. It allows all users to do anything,
+# please read carefully the documentation and best practices to
+# improve security.
+#
+# Do not configure host and port under `listen` in this file
+# as it will be ignored when using docker.
+# see https://verdaccio.org/docs/en/docker#docker-and-custom-port-configuration
+#
+# Look here for more config file examples:
+# https://github.com/verdaccio/verdaccio/tree/5.x/conf
+#
+# Read about the best practices
+# https://verdaccio.org/docs/best
+
+# path to a directory with all packages
+storage: /verdaccio/storage/data
+# path to a directory with plugins to include
+plugins: /verdaccio/plugins
+
+# https://verdaccio.org/docs/webui
+web:
+  title: Verdaccio Publish Config Test
+  # comment out to disable gravatar support
+  # gravatar: false
+  # by default packages are ordercer ascendant (asc|desc)
+  # sort_packages: asc
+  # convert your UI to the dark side
+  # darkMode: true
+  # html_cache: true
+  # by default all features are displayed
+  # login: true
+  # showInfo: true
+  # showSettings: true
+  # In combination with darkMode you can force specific theme
+  # showThemeSwitch: true
+  # showFooter: true
+  # showSearch: true
+  # showRaw: true
+  # showDownloadTarball: true
+  #  HTML tags injected after manifest <scripts/>
+  # scriptsBodyAfter:
+  #    - '<script type="text/javascript" src="https://my.company.com/customJS.min.js"></script>'
+  #  HTML tags injected before ends </head>
+  #  metaScripts:
+  #    - '<script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>'
+  #    - '<script type="text/javascript" src="https://browser.sentry-cdn.com/5.15.5/bundle.min.js"></script>'
+  #    - '<meta name="robots" content="noindex" />'
+  #  HTML tags injected first child at <body/>
+  #  bodyBefore:
+  #    - '<div id="myId">html before webpack scripts</div>'
+  #  Public path for template manifest scripts (only manifest)
+  #  publicPath: http://somedomain.org/
+
+# https://verdaccio.org/docs/configuration#authentication
+auth:
+  auth-memory:
+    users:
+      foo:
+        name: foo
+        password: s3cret
+      bar:
+        name: bar
+        password: s3cret
+
+# https://verdaccio.org/docs/configuration#uplinks
+# a list of other known repositories we can talk to
+uplinks:
+  npmjs:
+    url: https://registry.npmjs.org/
+
+# Learn how to protect your packages
+# https://verdaccio.org/docs/protect-your-dependencies/
+# https://verdaccio.org/docs/configuration#packages
+packages:
+  '@*/*':
+    # scoped packages
+    access: $all
+    publish: $authenticated
+    unpublish: $authenticated
+    proxy: npmjs
+
+  '**':
+    # allow all users (including non-authenticated users) to read and
+    # publish all packages
+    #
+    # you can specify usernames/groupnames (depending on your auth plugin)
+    # and three keywords: "$all", "$anonymous", "$authenticated"
+    access: $all
+
+    # allow all known users to publish/publish packages
+    # (anyone can register by default, remember?)
+    publish: $authenticated
+    unpublish: $authenticated
+
+    # if package is not available locally, proxy requests to 'npmjs' registry
+    proxy: npmjs
+
+# To improve your security configuration and  avoid dependency confusion
+# consider removing the proxy property for private packages
+# https://verdaccio.org/docs/best#remove-proxy-to-increase-security-at-private-packages
+
+# https://verdaccio.org/docs/configuration#server
+# You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections.
+# A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout.
+# WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.
+server:
+  keepAliveTimeout: 60
+
+# https://verdaccio.org/docs/configuration#offline-publish
+# publish:
+#   allow_offline: false
+
+# https://verdaccio.org/docs/configuration#url-prefix
+# url_prefix: /verdaccio/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/my_prefix'
+# // url -> https://somedomain.org/my_prefix/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/'
+# // url -> https://somedomain.org/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org/first_prefix';
+# url_prefix: '/second_prefix'
+# // url -> https://somedomain.org/second_prefix/'
+
+# https://verdaccio.org/docs/configuration#security
+# security:
+#   api:
+#     legacy: true
+#     jwt:
+#       sign:
+#         expiresIn: 29d
+#       verify:
+#         someProp: [value]
+#    web:
+#      sign:
+#        expiresIn: 1h # 1 hour by default
+#      verify:
+#         someProp: [value]
+
+# https://verdaccio.org/docs/configuration#user-rate-limit
+# userRateLimit:
+#   windowMs: 50000
+#   max: 1000
+
+# https://verdaccio.org/docs/configuration#max-body-size
+# max_body_size: 10mb
+
+# https://verdaccio.org/docs/configuration#listen-port
+# listen:
+# - localhost:4873            # default value
+# - http://localhost:4873     # same thing
+# - 0.0.0.0:4873              # listen on all addresses (INADDR_ANY)
+# - https://example.org:4873  # if you want to use https
+# - "[::1]:4873"                # ipv6
+# - unix:/tmp/verdaccio.sock    # unix socket
+
+# The HTTPS configuration is useful if you do not consider use a HTTP Proxy
+# https://verdaccio.org/docs/configuration#https
+# https:
+#   key: ./path/verdaccio-key.pem
+#   cert: ./path/verdaccio-cert.pem
+#   ca: ./path/verdaccio-csr.pem
+
+# https://verdaccio.org/docs/configuration#proxy
+# http_proxy: http://something.local/
+# https_proxy: https://something.local/
+
+# https://verdaccio.org/docs/configuration#notifications
+# notify:
+#   method: POST
+#   headers: [{ "Content-Type": "application/json" }]
+#   endpoint: https://usagge.hipchat.com/v2/room/3729485/notification?auth_token=mySecretToken
+#   content: '{"color":"green","message":"New package published: * {{ name }}*","notify":true,"message_format":"text"}'
+
+middlewares:
+  audit:
+    enabled: true
+
+# https://verdaccio.org/docs/logger
+# log settings
+logs: { type: stdout, format: pretty, level: http }
+#experiments:
+#  # support for npm token command
+#  token: false
+#  # enable tarball URL redirect for hosting tarball with a different server, the tarball_url_redirect can be a template string
+#  tarball_url_redirect: 'https://mycdn.com/verdaccio/${packageName}/${filename}'
+#  # the tarball_url_redirect can be a function, takes packageName and filename and returns the url, when working with a js configuration file
+#  tarball_url_redirect(packageName, filename) {
+#    const signedUrl = // generate a signed url
+#    return signedUrl;
+#  }
+
+# translate your registry, api i18n not available yet
+# i18n:
+# list of the available translations https://github.com/verdaccio/verdaccio/blob/master/packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md
+#   web: en-US

docker-examples/v6/plugins/docker-local-plugin/Dockerfile

@@ -0,0 +1,26 @@
+# Docs based on https://github.com/xlts-dev/verdaccio-prometheus-middleware#installation
+# Docker multi-stage build - https://docs.docker.com/develop/develop-images/multistage-build/
+# Use an alpine node image to install the plugin
+FROM node:lts-alpine as builder
+
+RUN mkdir -p /verdaccio/plugins
+
+# Copy the local plugin into the docker image
+ADD plugins/verdaccio-docker-memory /verdaccio/plugins/verdaccio-docker-memory
+# Install the production dependencies (be careful install devDependencies here)
+RUN cd /verdaccio/plugins/verdaccio-docker-memory \
+  && npm install --production
+
+# The final built image will be based on the standard Verdaccio docker image.
+FROM verdaccio/verdaccio:nightly-master
+
+# Copy the plugin files over from the 'builder' node image.
+# The `$VERDACCIO_USER_UID` env variable is defined in the base `verdaccio/verdaccio` image.
+# Refer to: https://github.com/verdaccio/verdaccio/blob/v5.2.0/Dockerfile#L32
+# The local verdaccio-docker-memory is setup as storage
+ADD docker.yaml /verdaccio/conf/config.yaml  
+
+# Copy the plugin into the /verdaccio/plugins 
+COPY --chown=$VERDACCIO_USER_UID:root --from=builder \
+  /verdaccio/plugins/verdaccio-docker-memory \
+  /verdaccio/plugins/verdaccio-docker-memory

docker-examples/v6/plugins/docker-local-plugin/README.md

@@ -0,0 +1,42 @@
+# Installing a local plugin with Docker build
+
+On this small tutorial (based on [`verdaccio-prometheus-middleware`](https://github.com/xlts-dev/verdaccio-prometheus-middleware) example) you will be able to use a published package in any random registry (npmjs by default) and use it withing a docker image without mapping need it.
+
+> Since verdaccio:5 uses `yarn@2` to run the application, this tutorial is a workaround but future prove since verdaccio 6 uses `pnpm` to build the docker image.
+
+There are three main steps to highlight:
+
+- Note the custom plugin at `plugins/verdaccio-docker-memory` under the name `verdaccio-docker-memory`.
+- Install the _production_ dependencies for the plugin `verdaccio-docker-memory`
+- `docker.yaml`: This is a copy of the original configuration file for docker and with small modifications to use the local plugin `verdaccio-docker-memory`.
+- The `Dockerfile` take advance of the docker multi-stage build to copy the local plugin into the `verdaccio/plugins` folder withing the image, then we apply the right permissions `--chown=$VERDACCIO_USER_UID:root` so the plugin is recognized.
+
+## Run it
+
+Build this image.
+
+```bash
+docker build -t verdaccio/verdaccio:local .
+```
+
+and to run it
+
+```bash
+docker run -it --rm --name verdaccio -p 4873:4873 verdaccio/verdaccio:local
+```
+
+## Usage
+
+```dockerfile
+FROM node:lts-alpine as builder
+RUN mkdir -p /verdaccio/plugins
+ADD plugins/verdaccio-docker-memory /verdaccio/plugins/verdaccio-docker-memory
+RUN cd /verdaccio/plugins/verdaccio-docker-memory \
+  && ls -ls \
+  && npm install --production
+FROM verdaccio/verdaccio:5
+ADD docker.yaml /verdaccio/conf/config.yaml
+COPY --chown=$VERDACCIO_USER_UID:root --from=builder \
+  /verdaccio/plugins/verdaccio-docker-memory \
+  /verdaccio/plugins/verdaccio-docker-memory
+```

docker-examples/v6/plugins/docker-local-plugin/docker.yaml

@@ -0,0 +1,199 @@
+#
+# This is the default configuration file. It allows all users to do anything,
+# please read carefully the documentation and best practices to
+# improve security.
+#
+# Do not configure host and port under `listen` in this file
+# as it will be ignored when using docker.
+# see https://verdaccio.org/docs/en/docker#docker-and-custom-port-configuration
+#
+# Look here for more config file examples:
+# https://github.com/verdaccio/verdaccio/tree/5.x/conf
+#
+# Read about the best practices
+# https://verdaccio.org/docs/best
+
+# path to a directory with all packages
+storage: /verdaccio/storage/data
+
+store:
+  # dummy copy of https://www.npmjs.com/package/verdaccio-memory
+  docker-memory:
+    limit: 1000
+
+# path to a directory with plugins to include
+plugins: /verdaccio/plugins
+
+# https://verdaccio.org/docs/webui
+web:
+  title: Verdaccio This is a Test
+  # comment out to disable gravatar support
+  # gravatar: false
+  # by default packages are ordercer ascendant (asc|desc)
+  # sort_packages: asc
+  # convert your UI to the dark side
+  # darkMode: true
+  # html_cache: true
+  # by default all features are displayed
+  # login: true
+  # showInfo: true
+  # showSettings: true
+  # In combination with darkMode you can force specific theme
+  # showThemeSwitch: true
+  # showFooter: true
+  # showSearch: true
+  # showRaw: true
+  # showDownloadTarball: true
+  #  HTML tags injected after manifest <scripts/>
+  # scriptsBodyAfter:
+  #    - '<script type="text/javascript" src="https://my.company.com/customJS.min.js"></script>'
+  #  HTML tags injected before ends </head>
+  #  metaScripts:
+  #    - '<script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>'
+  #    - '<script type="text/javascript" src="https://browser.sentry-cdn.com/5.15.5/bundle.min.js"></script>'
+  #    - '<meta name="robots" content="noindex" />'
+  #  HTML tags injected first child at <body/>
+  #  bodyBefore:
+  #    - '<div id="myId">html before webpack scripts</div>'
+  #  Public path for template manifest scripts (only manifest)
+  #  publicPath: http://somedomain.org/
+
+auth:
+  htpasswd:
+    file: ./htpasswd
+    # Maximum amount of users allowed to register, defaults to "+inf".
+    # You can set this to -1 to disable registration.
+    # max_users: 1000
+
+# https://verdaccio.org/docs/configuration#uplinks
+# a list of other known repositories we can talk to
+uplinks:
+  npmjs:
+    url: https://registry.npmjs.org/
+
+# Learn how to protect your packages
+# https://verdaccio.org/docs/protect-your-dependencies/
+# https://verdaccio.org/docs/configuration#packages
+packages:
+  '@*/*':
+    # scoped packages
+    access: $all
+    publish: $authenticated
+    unpublish: $authenticated
+    proxy: npmjs
+
+  '**':
+    # allow all users (including non-authenticated users) to read and
+    # publish all packages
+    #
+    # you can specify usernames/groupnames (depending on your auth plugin)
+    # and three keywords: "$all", "$anonymous", "$authenticated"
+    access: $all
+
+    # allow all known users to publish/publish packages
+    # (anyone can register by default, remember?)
+    publish: $authenticated
+    unpublish: $authenticated
+
+    # if package is not available locally, proxy requests to 'npmjs' registry
+    proxy: npmjs
+
+# To improve your security configuration and  avoid dependency confusion
+# consider removing the proxy property for private packages
+# https://verdaccio.org/docs/best#remove-proxy-to-increase-security-at-private-packages
+
+# https://verdaccio.org/docs/configuration#server
+# You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections.
+# A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout.
+# WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.
+server:
+  keepAliveTimeout: 60
+
+# https://verdaccio.org/docs/configuration#offline-publish
+# publish:
+#   allow_offline: false
+
+# https://verdaccio.org/docs/configuration#url-prefix
+# url_prefix: /verdaccio/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/my_prefix'
+# // url -> https://somedomain.org/my_prefix/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/'
+# // url -> https://somedomain.org/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org/first_prefix';
+# url_prefix: '/second_prefix'
+# // url -> https://somedomain.org/second_prefix/'
+
+# https://verdaccio.org/docs/configuration#security
+# security:
+#   api:
+#     legacy: true
+#     jwt:
+#       sign:
+#         expiresIn: 29d
+#       verify:
+#         someProp: [value]
+#    web:
+#      sign:
+#        expiresIn: 1h # 1 hour by default
+#      verify:
+#         someProp: [value]
+
+# https://verdaccio.org/docs/configuration#user-rate-limit
+# userRateLimit:
+#   windowMs: 50000
+#   max: 1000
+
+# https://verdaccio.org/docs/configuration#max-body-size
+# max_body_size: 10mb
+
+# https://verdaccio.org/docs/configuration#listen-port
+# listen:
+# - localhost:4873            # default value
+# - http://localhost:4873     # same thing
+# - 0.0.0.0:4873              # listen on all addresses (INADDR_ANY)
+# - https://example.org:4873  # if you want to use https
+# - "[::1]:4873"                # ipv6
+# - unix:/tmp/verdaccio.sock    # unix socket
+
+# The HTTPS configuration is useful if you do not consider use a HTTP Proxy
+# https://verdaccio.org/docs/configuration#https
+# https:
+#   key: ./path/verdaccio-key.pem
+#   cert: ./path/verdaccio-cert.pem
+#   ca: ./path/verdaccio-csr.pem
+
+# https://verdaccio.org/docs/configuration#proxy
+# http_proxy: http://something.local/
+# https_proxy: https://something.local/
+
+# https://verdaccio.org/docs/configuration#notifications
+# notify:
+#   method: POST
+#   headers: [{ "Content-Type": "application/json" }]
+#   endpoint: https://usagge.hipchat.com/v2/room/3729485/notification?auth_token=mySecretToken
+#   content: '{"color":"green","message":"New package published: * {{ name }}*","notify":true,"message_format":"text"}'
+
+middlewares:
+  audit:
+    enabled: true
+
+# https://verdaccio.org/docs/logger
+# log settings
+log: { type: stdout, format: pretty, level: http }
+#experiments:
+#  # support for npm token command
+#  token: false
+#  # enable tarball URL redirect for hosting tarball with a different server, the tarball_url_redirect can be a template string
+#  tarball_url_redirect: 'https://mycdn.com/verdaccio/${packageName}/${filename}'
+#  # the tarball_url_redirect can be a function, takes packageName and filename and returns the url, when working with a js configuration file
+#  tarball_url_redirect(packageName, filename) {
+#    const signedUrl = // generate a signed url
+#    return signedUrl;
+#  }
+
+# translate your registry, api i18n not available yet
+# i18n:
+# list of the available translations https://github.com/verdaccio/verdaccio/blob/master/packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md
+#   web: en-US

docker-examples/v6/plugins/docker-local-plugin/plugins/.eslintrc

@@ -0,0 +1,8 @@
+{
+  "rules": {
+    "max-len": 0,
+    "@typescript-eslint/prefer-optional-chain": 0,
+    "@typescript-eslint/no-unused-vars": 0,
+    "@typescript-eslint/explicit-member-accessibility": 0
+  }
+}

docker-examples/v6/plugins/docker-local-plugin/plugins/verdaccio-docker-memory/lib/index.js

@@ -0,0 +1,22 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', {
+  value: true,
+});
+Object.defineProperty(exports, 'LocalMemory', {
+  enumerable: true,
+  get: function () {
+    return _localMemory.default;
+  },
+});
+exports.default = void 0;
+
+var _localMemory = _interopRequireDefault(require('./local-memory'));
+
+function _interopRequireDefault(obj) {
+  return obj && obj.__esModule ? obj : { default: obj };
+}
+
+var _default = _localMemory.default;
+exports.default = _default;
+//# sourceMappingURL=index.js.map

docker-examples/v6/plugins/docker-local-plugin/plugins/verdaccio-docker-memory/lib/local-memory.js

@@ -0,0 +1,141 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', {
+  value: true,
+});
+exports.default = void 0;
+
+var _debug = _interopRequireDefault(require('debug'));
+
+var _core = require('@verdaccio/core');
+
+var _memoryHandler = _interopRequireDefault(require('./memory-handler'));
+
+function _interopRequireDefault(obj) {
+  return obj && obj.__esModule ? obj : { default: obj };
+}
+
+const debug = (0, _debug.default)('verdaccio:plugin:storage:local-memory');
+const DEFAULT_LIMIT = 1000;
+
+class LocalMemory {
+  constructor(config, options) {
+    this.config = config;
+    this.limit = config.limit || DEFAULT_LIMIT;
+    this.logger = options.logger;
+    this.data = this._createEmtpyDatabase();
+    this.path = '/';
+    debug('start plugin');
+  }
+
+  init() {
+    return Promise.resolve();
+  }
+
+  getSecret() {
+    return Promise.resolve(this.data.secret);
+  }
+
+  setSecret(secret) {
+    return new Promise((resolve) => {
+      this.data.secret = secret;
+      resolve(null);
+    });
+  }
+
+  async add(name) {
+    return new Promise((resolve, reject) => {
+      const { list } = this.data;
+
+      if (list.length < this.limit) {
+        if (list.indexOf(name) === -1) {
+          list.push(name);
+        }
+
+        resolve();
+      } else {
+        this.logger.info(
+          {
+            limit: this.limit,
+          },
+          'Storage memory has reached limit of @{limit} packages'
+        );
+        reject(new Error('Storage memory has reached limit of limit packages'));
+      }
+    });
+  } // eslint-disable-next-line @typescript-eslint/no-unused-vars
+
+  search(onPackage, onEnd) {
+    this.logger.warn('[verdaccio/memory]: search method not implemented, PR is welcome');
+    onEnd();
+  }
+
+  async remove(name) {
+    return new Promise((resolve) => {
+      const { list } = this.data;
+      const item = list.indexOf(name);
+
+      if (item !== -1) {
+        list.splice(item, 1);
+      }
+
+      return resolve();
+    });
+  }
+
+  async get() {
+    var _this$data, _this$data$list, _this$data2;
+
+    debug(
+      'data list length %o',
+      (_this$data = this.data) === null || _this$data === void 0
+        ? void 0
+        : (_this$data$list = _this$data.list) === null || _this$data$list === void 0
+        ? void 0
+        : _this$data$list.length
+    );
+    return Promise.resolve(
+      (_this$data2 = this.data) === null || _this$data2 === void 0 ? void 0 : _this$data2.list
+    );
+  }
+
+  getPackageStorage(packageInfo) {
+    return new _memoryHandler.default(packageInfo, this.data.files, this.logger);
+  }
+
+  _createEmtpyDatabase() {
+    const list = [];
+    const files = {};
+    const emptyDatabase = {
+      list,
+      files,
+      secret: '',
+    };
+    return emptyDatabase;
+  }
+
+  saveToken() {
+    this.logger.warn('[verdaccio/memory][saveToken] save token has not been implemented yet');
+    return Promise.reject(_core.errorUtils.getServiceUnavailable('method not implemented'));
+  }
+
+  deleteToken(user, tokenKey) {
+    this.logger.warn(
+      {
+        tokenKey,
+        user,
+      },
+      '[verdaccio/memory][deleteToken] delete token has not been implemented yet @{user}'
+    );
+    return Promise.reject(_core.errorUtils.getServiceUnavailable('method not implemented'));
+  }
+
+  readTokens() {
+    this.logger.warn('[verdaccio/memory][readTokens] read tokens has not been implemented yet ');
+    return Promise.reject(_core.errorUtils.getServiceUnavailable('method not implemented'));
+  }
+}
+
+var _default = LocalMemory;
+exports.default = _default;
+//# sourceMappingURL=local-memory.js.map

docker-examples/v6/plugins/docker-local-plugin/plugins/verdaccio-docker-memory/lib/memory-handler.js

@@ -0,0 +1,214 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', {
+  value: true,
+});
+exports.default = void 0;
+
+var _debug = _interopRequireDefault(require('debug'));
+
+var _memfs = require('memfs');
+
+var _path = _interopRequireDefault(require('path'));
+
+var _core = require('@verdaccio/core');
+
+var _streams = require('@verdaccio/streams');
+
+var _utils = require('./utils');
+
+function _interopRequireDefault(obj) {
+  return obj && obj.__esModule ? obj : { default: obj };
+}
+
+const debug = (0, _debug.default)('verdaccio:plugin:storage:memory-storage');
+
+class MemoryHandler {
+  constructor(packageName, data, logger) {
+    // this is not need it
+    this.data = data;
+    this.name = packageName;
+    this.logger = logger;
+    this.path = `/${packageName}`;
+    debug('initialized');
+  }
+
+  updatePackage(pkgFileName, updateHandler, onWrite, transformPackage, onEnd) {
+    const json = this._getStorage(pkgFileName);
+
+    let pkg;
+
+    try {
+      pkg = (0, _utils.parsePackage)(json);
+    } catch (err) {
+      return onEnd(err);
+    }
+
+    updateHandler(pkg, (err) => {
+      if (err) {
+        return onEnd(err);
+      }
+
+      try {
+        onWrite(pkgFileName, transformPackage(pkg), onEnd);
+      } catch (err) {
+        return onEnd(_core.errorUtils.getInternalError('error on parse the metadata'));
+      }
+    });
+  }
+
+  deletePackage(pkgName) {
+    delete this.data[pkgName];
+    return Promise.resolve();
+  }
+
+  removePackage() {
+    return Promise.resolve();
+  }
+
+  createPackage(name, value, cb) {
+    debug('create package %o', name);
+    this.savePackage(name, value, cb);
+  }
+
+  savePackage(name, value, cb) {
+    try {
+      debug('save package %o', name);
+      this.data[name] = (0, _utils.stringifyPackage)(value);
+      return cb(null);
+    } catch (err) {
+      return cb(_core.errorUtils.getInternalError(err.message));
+    }
+  }
+
+  async readPackageNext(name) {
+    const json = this._getStorage(name);
+
+    try {
+      return (
+        typeof json === 'undefined' ? _core.errorUtils.getNotFound() : null,
+        (0, _utils.parsePackage)(json)
+      );
+    } catch (err) {
+      throw _core.errorUtils.getNotFound();
+    }
+  }
+
+  readPackage(name, cb) {
+    debug('read package %o', name);
+
+    const json = this._getStorage(name);
+
+    const isJson = typeof json === 'undefined';
+
+    try {
+      return cb(isJson ? _core.errorUtils.getNotFound() : null, (0, _utils.parsePackage)(json));
+    } catch (err) {
+      return cb(_core.errorUtils.getNotFound());
+    }
+  }
+
+  writeTarball(name) {
+    const uploadStream = new _streams.UploadTarball({});
+    const temporalName = `${this.path}/${name}`;
+    debug('write tarball %o', temporalName);
+    process.nextTick(function () {
+      _memfs.fs.mkdirp(_path.default.dirname(temporalName), (mkdirpError) => {
+        if (mkdirpError) {
+          return uploadStream.emit('error', mkdirpError);
+        }
+
+        _memfs.fs.stat(temporalName, function (fileError, stats) {
+          if (!fileError && stats) {
+            return uploadStream.emit('error', _core.errorUtils.getConflict());
+          }
+
+          try {
+            const file = _memfs.fs.createWriteStream(temporalName);
+
+            uploadStream.pipe(file);
+
+            uploadStream.done = function () {
+              const onEnd = function () {
+                uploadStream.emit('success');
+              };
+
+              uploadStream.on('end', onEnd);
+            };
+
+            uploadStream.abort = function () {
+              uploadStream.emit('error', _core.errorUtils.getBadRequest('transmision aborted'));
+              file.end();
+            };
+
+            uploadStream.emit('open');
+            return;
+          } catch (err) {
+            uploadStream.emit('error', err);
+            return;
+          }
+        });
+      });
+    });
+    return uploadStream;
+  }
+
+  readTarball(name) {
+    const pathName = `${this.path}/${name}`;
+    debug('read tarball %o', pathName);
+    const readTarballStream = new _streams.ReadTarball({});
+    process.nextTick(function () {
+      _memfs.fs.stat(pathName, function (error, stats) {
+        if (error && !stats) {
+          return readTarballStream.emit('error', _core.errorUtils.getNotFound());
+        }
+
+        try {
+          const readStream = _memfs.fs.createReadStream(pathName);
+
+          readTarballStream.emit(
+            'content-length',
+            stats === null || stats === void 0 ? void 0 : stats.size
+          );
+          readTarballStream.emit('open');
+          readStream.pipe(readTarballStream);
+          readStream.on('error', (error) => {
+            readTarballStream.emit('error', error);
+          });
+
+          readTarballStream.abort = function () {
+            readStream.destroy(_core.errorUtils.getBadRequest('read has been aborted'));
+          };
+
+          return;
+        } catch (err) {
+          readTarballStream.emit('error', err);
+          return;
+        }
+      });
+    });
+    return readTarballStream;
+  }
+
+  _getStorage(name = '') {
+    debug('get storage %o', name);
+    return this.data[name];
+  } // migration pending
+
+  async updatePackageNext(packageName, handleUpdate) {
+    debug(packageName); // @ts-expect-error
+
+    await handleUpdate({}); // @ts-expect-error
+
+    return Promise.resolve({});
+  }
+
+  async savePackageNext(name, value) {
+    debug(name);
+    debug(value);
+  }
+}
+
+var _default = MemoryHandler;
+exports.default = _default;
+//# sourceMappingURL=memory-handler.js.map

docker-examples/v6/plugins/docker-local-plugin/plugins/verdaccio-docker-memory/lib/utils.js

@@ -0,0 +1,16 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', {
+  value: true,
+});
+exports.parsePackage = parsePackage;
+exports.stringifyPackage = stringifyPackage;
+
+function stringifyPackage(pkg) {
+  return JSON.stringify(pkg, null, '\t');
+}
+
+function parsePackage(pkg) {
+  return JSON.parse(pkg);
+}
+//# sourceMappingURL=utils.js.map

docker-examples/v6/plugins/docker-local-plugin/plugins/verdaccio-docker-memory/package.json

@@ -0,0 +1,56 @@
+{
+  "name": "verdaccio-docker-memory",
+  "version": "11.0.0-6-next.10",
+  "description": "Storage implementation in memory",
+  "keywords": [
+    "private",
+    "package",
+    "repository",
+    "registry",
+    "enterprise",
+    "modules",
+    "proxy",
+    "server",
+    "verdaccio"
+  ],
+  "author": "Juan Picado <juanpicado19@gmail.com>",
+  "license": "MIT",
+  "homepage": "https://verdaccio.org",
+  "repository": {
+    "type": "https",
+    "url": "https://github.com/verdaccio/verdaccio",
+    "directory": "packages/plugins/memory"
+  },
+  "bugs": {
+    "url": "https://github.com/verdaccio/verdaccio/issues"
+  },
+  "main": "lib/index.js",
+  "types": "lib/index.d.ts",
+  "engines": {
+    "node": ">=14",
+    "npm": ">=6"
+  },
+  "dependencies": {
+    "@verdaccio/core": "6.0.0-6-next.5",
+    "@verdaccio/streams": "11.0.0-6-next.5",
+    "memory-fs": "0.5.0",
+    "debug": "4.3.3",
+    "memfs": "3.4.1"
+  },
+  "devDependencies": {
+    "@verdaccio/types": "11.0.0-6-next.12"
+  },
+  "scripts": {
+    "clean": "rimraf ./build",
+    "type-check": "tsc --noEmit -p tsconfig.build.json",
+    "build:types": "tsc --emitDeclarationOnly -p tsconfig.build.json",
+    "build:js": "babel src/ --out-dir build/ --copy-files --extensions \".ts,.tsx\" --source-maps",
+    "build": "pnpm run build:js && pnpm run build:types",
+    "watch": "pnpm build:js -- --watch",
+    "test": "cross-env NODE_ENV=test BABEL_ENV=test jest"
+  },
+  "funding": {
+    "type": "opencollective",
+    "url": "https://opencollective.com/verdaccio"
+  }
+}

docs/development.md

@@ -12,7 +12,7 @@ nvm install
 Verdaccio uses **pnpm** as monorepo management. To install
 
 ```bash
-npm i -g pnpm@latest
+npm i -g pnpm@latest-6
 ```
 
 Install all needed packages

package.json

@@ -61,8 +61,8 @@
     "@types/validator": "13.7.1",
     "@types/webpack": "5.28.0",
     "@types/webpack-env": "1.16.3",
-    "@typescript-eslint/eslint-plugin": "5.16.0",
-    "@typescript-eslint/parser": "5.16.0",
+    "@typescript-eslint/eslint-plugin": "5.25.0",
+    "@typescript-eslint/parser": "5.25.0",
     "@verdaccio/benchmark": "workspace:*",
     "@verdaccio/eslint-config": "workspace:*",
     "@verdaccio/types": "workspace:*",
@@ -77,11 +77,11 @@
     "concurrently": "6.5.1",
     "core-js": "3.20.3",
     "cross-env": "7.0.3",
-    "debug": "4.3.3",
+    "debug": "4.3.4",
     "detect-secrets": "1.0.6",
     "pretty-format": "27.5.1",
     "jest-diff": "27.5.1",
-    "eslint": "8.11.0",
+    "eslint": "8.15.0",
     "fs-extra": "10.0.0",
     "husky": "7.0.4",
     "in-publish": "2.0.1",
@@ -96,7 +96,7 @@
     "node-fetch": "cjs",
     "nodemon": "2.0.15",
     "npm-run-all": "4.1.5",
-    "prettier": "2.6.0",
+    "prettier": "2.6.2",
     "rimraf": "3.0.2",
     "selfsigned": "1.10.14",
     "supertest": "6.2.2",
@@ -147,6 +147,10 @@
     "crowdin:sync": "pnpm crowdin:upload && pnpm crowdin:download --verbose",
     "postinstall": "husky install"
   },
+  "engines": {
+    "node": ">=16.5",
+    "pnpm": ">=6.32.3 <7.0.0"
+  },
   "license": "MIT",
   "lint-staged": {
     "*.{js,jsx,ts,tsx,json,yml,yaml,md}": "prettier --write",

packages/api/CHANGELOG.md

@@ -1,5 +1,19 @@
 # @verdaccio/api
 
+## 6.0.0-6-next.25
+
+### Patch Changes
+
+- Updated dependencies [d43894e8]
+- Updated dependencies [d08fe29d]
+  - @verdaccio/config@6.0.0-6-next.14
+  - @verdaccio/auth@6.0.0-6-next.22
+  - @verdaccio/hooks@6.0.0-6-next.13
+  - @verdaccio/store@6.0.0-6-next.22
+  - @verdaccio/core@6.0.0-6-next.5
+  - @verdaccio/logger@6.0.0-6-next.11
+  - @verdaccio/middleware@6.0.0-6-next.22
+
 ## 6.0.0-6-next.24
 
 ### Major Changes

packages/api/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/api",
-  "version": "6.0.0-6-next.24",
+  "version": "6.0.0-6-next.25",
   "description": "loaders logic",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -39,13 +39,13 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@verdaccio/auth": "workspace:6.0.0-6-next.21",
-    "@verdaccio/config": "workspace:6.0.0-6-next.13",
+    "@verdaccio/auth": "workspace:6.0.0-6-next.22",
+    "@verdaccio/config": "workspace:6.0.0-6-next.14",
     "@verdaccio/core": "workspace:6.0.0-6-next.5",
     "@verdaccio/hooks": "workspace:6.0.0-6-next.13",
     "@verdaccio/logger": "workspace:6.0.0-6-next.11",
-    "@verdaccio/middleware": "workspace:6.0.0-6-next.21",
-    "@verdaccio/store": "workspace:6.0.0-6-next.21",
+    "@verdaccio/middleware": "workspace:6.0.0-6-next.22",
+    "@verdaccio/store": "workspace:6.0.0-6-next.22",
     "@verdaccio/utils": "workspace:6.0.0-6-next.11",
     "abortcontroller-polyfill": "1.7.3",
     "cookies": "0.8.0",
@@ -58,9 +58,9 @@
   },
   "devDependencies": {
     "@types/node": "16.11.21",
-    "@verdaccio/server": "workspace:6.0.0-6-next.29",
-    "@verdaccio/types": "workspace:11.0.0-6-next.11",
-    "@verdaccio/test-helper": "workspace:1.1.0-6-next.0",
+    "@verdaccio/server": "workspace:6.0.0-6-next.31",
+    "@verdaccio/types": "workspace:11.0.0-6-next.12",
+    "@verdaccio/test-helper": "workspace:1.1.0-6-next.1",
     "supertest": "6.2.2"
   },
   "funding": {

packages/auth/CHANGELOG.md

@@ -1,5 +1,17 @@
 # @verdaccio/auth
 
+## 6.0.0-6-next.22
+
+### Patch Changes
+
+- Updated dependencies [d43894e8]
+- Updated dependencies [d08fe29d]
+  - @verdaccio/config@6.0.0-6-next.14
+  - @verdaccio/loaders@6.0.0-6-next.12
+  - @verdaccio/core@6.0.0-6-next.5
+  - @verdaccio/logger@6.0.0-6-next.11
+  - verdaccio-htpasswd@11.0.0-6-next.13
+
 ## 6.0.0-6-next.21
 
 ### Patch Changes

packages/auth/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/auth",
-  "version": "6.0.0-6-next.21",
+  "version": "6.0.0-6-next.22",
   "description": "logger",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -40,7 +40,7 @@
   "license": "MIT",
   "dependencies": {
     "@verdaccio/core": "workspace:6.0.0-6-next.5",
-    "@verdaccio/config": "workspace:6.0.0-6-next.13",
+    "@verdaccio/config": "workspace:6.0.0-6-next.14",
     "@verdaccio/loaders": "workspace:6.0.0-6-next.12",
     "@verdaccio/logger": "workspace:6.0.0-6-next.11",
     "@verdaccio/utils": "workspace:6.0.0-6-next.11",
@@ -51,8 +51,8 @@
     "verdaccio-htpasswd": "workspace:11.0.0-6-next.13"
   },
   "devDependencies": {
-    "@verdaccio/mock": "workspace:6.0.0-6-next.14",
-    "@verdaccio/types": "workspace:11.0.0-6-next.11"
+    "@verdaccio/mock": "workspace:6.0.0-6-next.15",
+    "@verdaccio/types": "workspace:11.0.0-6-next.12"
   },
   "funding": {
     "type": "opencollective",

packages/auth/src/utils.ts

@@ -188,17 +188,17 @@ export function allow_action(action: ActionsAllowed, logger): AllowAction {
     pkg: AuthPackageAllow,
     callback: AllowActionCallback
   ): void {
-    logger.trace({ remote: user.name }, `[auth/allow_action]: user: @{user.name}`);
+    logger.trace({ remote: user.name }, `[auth/allow_action]: user: @{remote}`);
     const { name, groups } = user;
     const groupAccess = pkg[action] as string[];
     const hasPermission = groupAccess.some((group) => name === group || groups.includes(group));
     logger.trace(
       { pkgName: pkg.name, hasPermission, remote: user.name, groupAccess },
-      `[auth/allow_action]: hasPermission? @{hasPermission} for user: @{user}`
+      `[auth/allow_action]: hasPermission? @{hasPermission} for user: @{remote}, package: @{pkgName}`
     );
 
     if (hasPermission) {
-      logger.trace({ remote: user.name }, `auth/allow_action: access granted to: @{user}`);
+      logger.trace({ remote: user.name }, `auth/allow_action: access granted to: @{remote}`);
       return callback(null, true);
     }
 

packages/cli/CHANGELOG.md

@@ -1,5 +1,29 @@
 # @verdaccio/cli
 
+## 6.0.0-6-next.34
+
+### Patch Changes
+
+- @verdaccio/node-api@6.0.0-6-next.32
+
+## 6.0.0-6-next.33
+
+### Patch Changes
+
+- Updated dependencies [d43894e8]
+- Updated dependencies [d08fe29d]
+  - @verdaccio/config@6.0.0-6-next.14
+  - @verdaccio/fastify-migration@6.0.0-6-next.23
+  - @verdaccio/node-api@6.0.0-6-next.31
+  - @verdaccio/core@6.0.0-6-next.5
+  - @verdaccio/logger@6.0.0-6-next.11
+
+## 6.0.0-6-next.32
+
+### Patch Changes
+
+- d78c8b51: chore: improve error logger message
+
 ## 6.0.0-6-next.31
 
 ### Major Changes

packages/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/cli",
-  "version": "6.0.0-6-next.31",
+  "version": "6.0.0-6-next.34",
   "author": {
     "name": "Juan Picado",
     "email": "juanpicado19@gmail.com"
@@ -45,10 +45,10 @@
   },
   "dependencies": {
     "@verdaccio/core": "workspace:6.0.0-6-next.5",
-    "@verdaccio/config": "workspace:6.0.0-6-next.13",
+    "@verdaccio/config": "workspace:6.0.0-6-next.14",
     "@verdaccio/logger": "workspace:6.0.0-6-next.11",
-    "@verdaccio/node-api": "workspace:6.0.0-6-next.30",
-    "@verdaccio/fastify-migration": "workspace:6.0.0-6-next.22",
+    "@verdaccio/node-api": "workspace:6.0.0-6-next.32",
+    "@verdaccio/fastify-migration": "workspace:6.0.0-6-next.23",
     "clipanion": "3.1.0",
     "envinfo": "7.8.1",
     "kleur": "3.0.3",

packages/cli/src/commands/init.ts

@@ -49,7 +49,9 @@ export class InitCommand extends Command {
     try {
       // @ts-expect-error
       if (logConfig.logs) {
-        throw Error('logger as array not longer supported');
+        throw Error(
+          'the property config "logs" property is longer supported, rename to "log" and use object instead'
+        );
       }
       setup(logConfig.log as LoggerConfigItem);
     } catch (err: any) {

packages/config/CHANGELOG.md

@@ -1,5 +1,53 @@
 # @verdaccio/config
 
+## 6.0.0-6-next.14
+
+### Minor Changes
+
+- d43894e8: feat: rework web header for mobile, add new settings and raw manifest button
+
+  ### New set of variables to hide features
+
+  Add set of new variables that allow hide different parts of the UI, buttons, footer or download tarballs. _All are
+  enabled by default_.
+
+  ```yaml
+  # login: true <-- already exist but worth the reminder
+  # showInfo: true
+  # showSettings: true
+  # In combination with darkMode you can force specific theme
+  # showThemeSwitch: true
+  # showFooter: true
+  # showSearch: true
+  # showDownloadTarball: true
+  ```
+
+  > If you disable `showThemeSwitch` and force `darkMode: true` the local storage settings would be
+  > ignored and force all themes to the one in the configuration file.
+
+  Future could be extended to
+
+  ### Raw button to display manifest package
+
+  A new experimental feature (enabled by default), button named RAW to be able navigate on the package manifest directly on the ui, kudos to [react-json-view](https://www.npmjs.com/package/react-json-view) that allows an easy integration, not configurable yet until get more feedback.
+
+  ```yaml
+  showRaw: true
+  ```
+
+  #### Rework header buttons
+
+  - The header has been rework, the mobile was not looking broken.
+  - Removed info button in the header and moved to a dialog
+  - Info dialog now contains more information about the project, license and the aid content for Ukrania now is inside of the info modal.
+  - Separate settings and info to avoid collapse too much info (for mobile still need some work)
+
+- d08fe29d: feat(web): add a config item to web，let the developer can select whet……her enable the html cache
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.5
+
 ## 6.0.0-6-next.13
 
 ### Major Changes

packages/config/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/config",
-  "version": "6.0.0-6-next.13",
+  "version": "6.0.0-6-next.14",
   "description": "logger",
   "main": "./build/index.js",
   "types": "build/index.d.ts",

packages/config/src/conf/default.yaml

@@ -1,16 +1,20 @@
 #
-# This is the default config file. It allows all users to do anything,
-# so don't use it on production systems.
+# This is the default configuration file. It allows all users to do anything,
+# please read carefully the documentation and best practices to
+# improve security.
 #
 # Look here for more config file examples:
-# https://github.com/verdaccio/verdaccio/tree/master/packages/config/src/conf
+# https://github.com/verdaccio/verdaccio/tree/5.x/packages/config/src/conf/default.yaml
 #
+# Read about the best practices
+# https://verdaccio.org/docs/best
 
 # path to a directory with all packages
 storage: ./storage
 # path to a directory with plugins to include
 plugins: ./plugins
 
+# https://verdaccio.org/docs/webui
 web:
   title: Verdaccio
   # comment out to disable gravatar support
@@ -19,6 +23,17 @@ web:
   # sort_packages: asc
   # convert your UI to the dark side
   # darkMode: true
+  # html_cache: true
+  # by default all features are displayed
+  # login: true
+  # showInfo: true
+  # showSettings: true
+  # In combination with darkMode you can force specific theme
+  # showThemeSwitch: true
+  # showFooter: true
+  # showSearch: true
+  # showRaw: true
+  # showDownloadTarball: true
   #  HTML tags injected after manifest <scripts/>
   # scriptsBodyAfter:
   #    - '<script type="text/javascript" src="https://my.company.com/customJS.min.js"></script>'
@@ -32,11 +47,8 @@ web:
   #    - '<div id="myId">html before webpack scripts</div>'
   #  Public path for template manifest scripts (only manifest)
   #  publicPath: http://somedomain.org/
-# translate your registry, api i18n not available yet
-# i18n:
-# list of the available translations https://github.com/verdaccio/ui/tree/master/i18n/translations
-#   web: en-US
 
+# https://verdaccio.org/docs/configuration#authentication
 auth:
   htpasswd:
     file: ./htpasswd
@@ -44,11 +56,15 @@ auth:
     # You can set this to -1 to disable registration.
     # max_users: 1000
 
+# https://verdaccio.org/docs/configuration#uplinks
 # a list of other known repositories we can talk to
 uplinks:
   npmjs:
     url: https://registry.npmjs.org/
 
+# Learn how to protect your packages
+# https://verdaccio.org/docs/protect-your-dependencies/
+# https://verdaccio.org/docs/configuration#packages
 packages:
   '@*/*':
     # scoped packages
@@ -65,7 +81,7 @@ packages:
     # and three keywords: "$all", "$anonymous", "$authenticated"
     access: $all
 
-    # allow all known users to publish/unpublish packages
+    # allow all known users to publish/publish packages
     # (anyone can register by default, remember?)
     publish: $authenticated
     unpublish: $authenticated
@@ -73,32 +89,104 @@ packages:
     # if package is not available locally, proxy requests to 'npmjs' registry
     proxy: npmjs
 
+# To improve your security configuration and  avoid dependency confusion
+# consider removing the proxy property for private packages
+# https://verdaccio.org/docs/best#remove-proxy-to-increase-security-at-private-packages
+
+# https://verdaccio.org/docs/configuration#server
+# You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections.
+# A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout.
+# WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.
 server:
-  # deprecated
   keepAliveTimeout: 60
-#  rateLimit:
-#    windowMs: 1000
-#    max: 10000
+
+# https://verdaccio.org/docs/configuration#offline-publish
+# publish:
+#   allow_offline: false
+
+# https://verdaccio.org/docs/configuration#url-prefix
+# url_prefix: /verdaccio/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/my_prefix'
+# // url -> https://somedomain.org/my_prefix/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/'
+# // url -> https://somedomain.org/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org/first_prefix';
+# url_prefix: '/second_prefix'
+# // url -> https://somedomain.org/second_prefix/'
+
+# https://verdaccio.org/docs/configuration#security
+# security:
+#   api:
+#     legacy: true
+#     jwt:
+#       sign:
+#         expiresIn: 29d
+#       verify:
+#         someProp: [value]
+#    web:
+#      sign:
+#        expiresIn: 1h # 1 hour by default
+#      verify:
+#         someProp: [value]
+
+# https://verdaccio.org/docs/configuration#user-rate-limit
+# userRateLimit:
+#   windowMs: 50000
+#   max: 1000
+
+# https://verdaccio.org/docs/configuration#max-body-size
+# max_body_size: 10mb
+
+# https://verdaccio.org/docs/configuration#listen-port
+# listen:
+# - localhost:4873            # default value
+# - http://localhost:4873     # same thing
+# - 0.0.0.0:4873              # listen on all addresses (INADDR_ANY)
+# - https://example.org:4873  # if you want to use https
+# - "[::1]:4873"                # ipv6
+# - unix:/tmp/verdaccio.sock    # unix socket
+
+# The HTTPS configuration is useful if you do not consider use a HTTP Proxy
+# https://verdaccio.org/docs/configuration#https
+# https:
+#   key: ./path/verdaccio-key.pem
+#   cert: ./path/verdaccio-cert.pem
+#   ca: ./path/verdaccio-csr.pem
+
+# https://verdaccio.org/docs/configuration#proxy
+# http_proxy: http://something.local/
+# https_proxy: https://something.local/
+
+# https://verdaccio.org/docs/configuration#notifications
+# notify:
+#   method: POST
+#   headers: [{ "Content-Type": "application/json" }]
+#   endpoint: https://usagge.hipchat.com/v2/room/3729485/notification?auth_token=mySecretToken
+#   content: '{"color":"green","message":"New package published: * {{ name }}*","notify":true,"message_format":"text"}'
 
 middlewares:
   audit:
     enabled: true
 
+# https://verdaccio.org/docs/logger
 # log settings
-log:
-  # Logger as STDOUT
-  { type: stdout, format: pretty, level: http }
-  # Logger as STDOUT as JSON
-  # { type: stdout, format: json, level: http }
-  # Logger as STDOUT as JSON
-  # { type: stdout, format: pretty-timestamped, level: http }
-  # Logger as STDOUT as custom prettifier
-  # { type: stdout, plugin: { dest: '@verdaccio/logger-prettify' : options: { foo: 1, bar: 2}}, level: http }
-  # Logger as file
-  # { type: file, path: verdaccio.log, level: http}
-  # FIXME: this should be documented
-  # More info about log rotation https://github.com/pinojs/pino/blob/master/docs/help.md#log-rotation
+log: { type: stdout, format: pretty, level: http }
+#experiments:
+#  # support for npm token command
+#  token: false
+#  # disable writing body size to logs, read more on ticket 1912
+#  bytesin_off: false
+#  # enable tarball URL redirect for hosting tarball with a different server, the tarball_url_redirect can be a template string
+#  tarball_url_redirect: 'https://mycdn.com/verdaccio/${packageName}/${filename}'
+#  # the tarball_url_redirect can be a function, takes packageName and filename and returns the url, when working with a js configuration file
+#  tarball_url_redirect(packageName, filename) {
+#    const signedUrl = // generate a signed url
+#    return signedUrl;
+#  }
 
-# This affect the web and api (not developed yet)
+# translate your registry, api i18n not available yet
 i18n:
+  # list of the available translations https://github.com/verdaccio/verdaccio/blob/master/packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md
   web: en-US

packages/config/src/conf/docker.yaml

@@ -1,35 +1,57 @@
 #
-# This is the config file used for the docker images.
-# It allows all users to do anything, so don't use it on production systems.
+# This is the default configuration file. As it allows all users to do anything,
+# please read carefully the documentation and best practices to improve security.
 #
 # Do not configure host and port under `listen` in this file
 # as it will be ignored when using docker.
 # see https://verdaccio.org/docs/en/docker#docker-and-custom-port-configuration
 #
 # Look here for more config file examples:
-# https://github.com/verdaccio/verdaccio/tree/master/packages/config/src/conf
+# https://github.com/verdaccio/verdaccio/tree/5.x/packages/config/src/conf/docker.yaml
 #
+# Read about the best practices
+# https://verdaccio.org/docs/best
 
 # path to a directory with all packages
 storage: /verdaccio/storage/data
 # path to a directory with plugins to include
 plugins: /verdaccio/plugins
 
+# https://verdaccio.org/docs/webui
 web:
-  # WebUI is enabled as default, if you want disable it, just uncomment this line
-  #enable: false
   title: Verdaccio
-  # comment out to disable gravatar support
+  # Comment out to disable gravatar support
   # gravatar: false
-  # by default packages are ordercer ascendant (asc|desc)
+  # By default packages are ordered ascendant (asc|desc)
   # sort_packages: asc
+  # Convert your UI to the dark side
   # darkMode: true
+  # html_cache: true
+  # By default all features are displayed
+  # login: true
+  # showInfo: true
+  # showSettings: true
+  # In combination with darkMode you can force a specific theme
+  # showThemeSwitch: true
+  # showFooter: true
+  # showSearch: true
+  # showRaw: true
+  # showDownloadTarball: true
+  #  HTML tags injected after manifest <scripts/>
+  # scriptsBodyAfter:
+  #    - '<script type="text/javascript" src="https://my.company.com/customJS.min.js"></script>'
+  #  HTML tags injected before end </head>
+  #  metaScripts:
+  #    - '<script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>'
+  #    - '<script type="text/javascript" src="https://browser.sentry-cdn.com/5.15.5/bundle.min.js"></script>'
+  #    - '<meta name="robots" content="noindex" />'
+  #  HTML tags injected as first child at <body/>
+  #  bodyBefore:
+  #    - '<div id="myId">html before webpack scripts</div>'
+  #  Public path for template manifest scripts (only manifest)
+  #  publicPath: http://somedomain.org/
 
-# translate your registry, api i18n not available yet
-# i18n:
-# list of the available translations https://github.com/verdaccio/ui/tree/master/i18n/translations
-#   web: en-US
-
+# https://verdaccio.org/docs/configuration#authentication
 auth:
   htpasswd:
     file: /verdaccio/storage/htpasswd
@@ -37,11 +59,15 @@ auth:
     # You can set this to -1 to disable registration.
     # max_users: 1000
 
-# a list of other known repositories we can talk to
+# https://verdaccio.org/docs/configuration#uplinks
+# A list of other known repositories we can talk to
 uplinks:
   npmjs:
     url: https://registry.npmjs.org/
 
+# Learn how to protect your packages
+# https://verdaccio.org/docs/protect-your-dependencies/
+# https://verdaccio.org/docs/configuration#packages
 packages:
   '@*/*':
     # scoped packages
@@ -51,14 +77,14 @@ packages:
     proxy: npmjs
 
   '**':
-    # allow all users (including non-authenticated users) to read and
+    # Allow all users (including non-authenticated users) to read and
     # publish all packages
     #
-    # you can specify usernames/groupnames (depending on your auth plugin)
+    # You can specify usernames/groupnames (depending on your auth plugin)
     # and three keywords: "$all", "$anonymous", "$authenticated"
     access: $all
 
-    # allow all known users to publish/unpublish packages
+    # Allow all known users to publish/publish packages
     # (anyone can register by default, remember?)
     publish: $authenticated
     unpublish: $authenticated
@@ -66,31 +92,106 @@ packages:
     # if package is not available locally, proxy requests to 'npmjs' registry
     proxy: npmjs
 
+# To improve your security configuration and avoid dependency confusion
+# consider removing the proxy property for private packages
+# https://verdaccio.org/docs/best#remove-proxy-to-increase-security-at-private-packages
+
+# https://verdaccio.org/docs/configuration#server
+# You can specify the HTTP/1.1 server keep alive timeout in seconds for incoming connections.
+# A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a
+# keep-alive timeout.
+# WORKAROUND: Through given configuration you can work around the following issue:
+# https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.
+server:
+  keepAliveTimeout: 60
+
+# https://verdaccio.org/docs/configuration#offline-publish
+# publish:
+#   allow_offline: false
+
+# https://verdaccio.org/docs/configuration#url-prefix
+# url_prefix: /verdaccio/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/my_prefix'
+# // url -> https://somedomain.org/my_prefix/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/'
+# // url -> https://somedomain.org/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org/first_prefix';
+# url_prefix: '/second_prefix'
+# // url -> https://somedomain.org/second_prefix/'
+
+# https://verdaccio.org/docs/configuration#security
+# security:
+#   api:
+#     legacy: true
+#     jwt:
+#       sign:
+#         expiresIn: 29d
+#       verify:
+#         someProp: [value]
+#    web:
+#      sign:
+#        expiresIn: 1h # 1 hour by default
+#      verify:
+#         someProp: [value]
+
+# https://verdaccio.org/docs/configuration#user-rate-limit
+# userRateLimit:
+#   windowMs: 50000
+#   max: 1000
+
+# https://verdaccio.org/docs/configuration#max-body-size
+# max_body_size: 10mb
+
+# https://verdaccio.org/docs/configuration#listen-port
+# listen:
+# - localhost:4873            # default value
+# - http://localhost:4873     # same thing
+# - 0.0.0.0:4873              # listen on all addresses (INADDR_ANY)
+# - https://example.org:4873  # if you want to use https
+# - "[::1]:4873"                # ipv6
+# - unix:/tmp/verdaccio.sock    # unix socket
+
+# The HTTPS configuration is useful if you do not consider using an HTTP Proxy
+# https://verdaccio.org/docs/configuration#https
+# https:
+#   key: ./path/verdaccio-key.pem
+#   cert: ./path/verdaccio-cert.pem
+#   ca: ./path/verdaccio-csr.pem
+
+# https://verdaccio.org/docs/configuration#proxy
+# http_proxy: http://something.local/
+# https_proxy: https://something.local/
+
+# https://verdaccio.org/docs/configuration#notifications
+# notify:
+#   method: POST
+#   headers: [{ "Content-Type": "application/json" }]
+#   endpoint: https://usagge.hipchat.com/v2/room/3729485/notification?auth_token=mySecretToken
+#   content: '{"color":"green","message":"New package published: * {{ name }}*","notify":true,"message_format":"text"}'
+
 middlewares:
   audit:
     enabled: true
 
+# https://verdaccio.org/docs/logger
 # log settings
-# log settings
-log:
-  # Logger as STDOUT
-  { type: stdout, format: pretty, level: http }
-  # Logger as STDOUT as JSON
-  # { type: stdout, format: json, level: http }
-  # Logger as STDOUT as JSON
-  # { type: stdout, format: pretty-timestamped, level: http }
-  # Logger as STDOUT as custom prettifier
-  # { type: stdout, plugin: { dest: '@verdaccio/logger-prettify' : options: { foo: 1, bar: 2}}, level: http }
-  # Logger as file
-  # { type: file, path: verdaccio.log, level: http}
-  # FIXME: this should be documented
-# More info about log rotation https://github.com/pinojs/pino/blob/master/docs/help.md#log-rotation
+log: { type: stdout, format: pretty, level: http }
+#experiments:
+#  # Support for npm token command
+#  token: false
+#  # Enable tarball URL redirect for hosting tarball with a different server.
+#  # The tarball_url_redirect can be a template string
+#  tarball_url_redirect: 'https://mycdn.com/verdaccio/${packageName}/${filename}'
+#  # The tarball_url_redirect can be a function, takes packageName and filename and returns the url,
+#  # when working with a js configuration file
+#  tarball_url_redirect(packageName, filename) {
+#    const signedUrl = // generate a signed url
+#    return signedUrl;
+#  }
 
-flags:
-  # support for npm token command
-  token: false
-  # support for the new v1 search endpoint, functional by incomplete read more on ticket 1732
-  search: false
-# This affect the web and api (not developed yet)
-#i18n:
-#web: en-US
+# Translate your registry, api i18n not available yet
+# i18n:
+# list of the available translations https://github.com/verdaccio/verdaccio/blob/master/packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md
+#   web: en-US

packages/core/core/package.json

@@ -41,7 +41,7 @@
     "core-js": "3.20.3"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:11.0.0-6-next.11"
+    "@verdaccio/types": "workspace:11.0.0-6-next.12"
   },
   "scripts": {
     "clean": "rimraf ./build",

packages/core/file-locking/package.json

@@ -40,7 +40,7 @@
     "lockfile": "1.0.4"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:11.0.0-6-next.11"
+    "@verdaccio/types": "workspace:11.0.0-6-next.12"
   },
   "scripts": {
     "clean": "rimraf ./build",

packages/core/readme/package.json

@@ -45,7 +45,7 @@
     "marked": "3.0.8"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:11.0.0-6-next.11"
+    "@verdaccio/types": "workspace:11.0.0-6-next.12"
   },
   "scripts": {
     "clean": "rimraf ./build",

packages/core/streams/package.json

@@ -34,7 +34,7 @@
     "access": "public"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:11.0.0-6-next.11"
+    "@verdaccio/types": "workspace:11.0.0-6-next.12"
   },
   "scripts": {
     "clean": "rimraf ./build",

packages/core/tarball/package.json

@@ -41,7 +41,7 @@
     "lodash": "4.17.21"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:11.0.0-6-next.11",
+    "@verdaccio/types": "workspace:11.0.0-6-next.12",
     "node-mocks-http": "1.11.0"
   },
   "scripts": {

packages/core/types/CHANGELOG.md

@@ -1,5 +1,47 @@
 # Change Log
 
+## 11.0.0-6-next.12
+
+### Minor Changes
+
+- d43894e8: feat: rework web header for mobile, add new settings and raw manifest button
+
+  ### New set of variables to hide features
+
+  Add set of new variables that allow hide different parts of the UI, buttons, footer or download tarballs. _All are
+  enabled by default_.
+
+  ```yaml
+  # login: true <-- already exist but worth the reminder
+  # showInfo: true
+  # showSettings: true
+  # In combination with darkMode you can force specific theme
+  # showThemeSwitch: true
+  # showFooter: true
+  # showSearch: true
+  # showDownloadTarball: true
+  ```
+
+  > If you disable `showThemeSwitch` and force `darkMode: true` the local storage settings would be
+  > ignored and force all themes to the one in the configuration file.
+
+  Future could be extended to
+
+  ### Raw button to display manifest package
+
+  A new experimental feature (enabled by default), button named RAW to be able navigate on the package manifest directly on the ui, kudos to [react-json-view](https://www.npmjs.com/package/react-json-view) that allows an easy integration, not configurable yet until get more feedback.
+
+  ```yaml
+  showRaw: true
+  ```
+
+  #### Rework header buttons
+
+  - The header has been rework, the mobile was not looking broken.
+  - Removed info button in the header and moved to a dialog
+  - Info dialog now contains more information about the project, license and the aid content for Ukrania now is inside of the info modal.
+  - Separate settings and info to avoid collapse too much info (for mobile still need some work)
+
 ## 11.0.0-6-next.11
 
 ### Major Changes

packages/core/types/index.d.ts

@@ -43,6 +43,13 @@ declare module '@verdaccio/types' {
     // deprecated
     basename?: string;
     scope?: string;
+    showInfo?: boolean;
+    showSettings?: boolean;
+    showSearch?: boolean;
+    showFooter?: boolean;
+    showThemeSwitch?: boolean;
+    showDownloadTarball?: boolean;
+    showRaw?: boolean;
     base: string;
     primaryColor?: string;
     version?: string;

packages/core/types/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/types",
-  "version": "11.0.0-6-next.11",
+  "version": "11.0.0-6-next.12",
   "description": "verdaccio types definitions",
   "keywords": [
     "private",

packages/core/url/package.json

@@ -40,7 +40,7 @@
     "validator": "13.7.0"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:11.0.0-6-next.11",
+    "@verdaccio/types": "workspace:11.0.0-6-next.12",
     "node-mocks-http": "1.11.0"
   },
   "scripts": {

packages/experimental/fastify-server/CHANGELOG.md

@@ -1,5 +1,19 @@
 # @verdaccio/fastify-migration
 
+## 6.0.0-6-next.23
+
+### Patch Changes
+
+- Updated dependencies [d43894e8]
+- Updated dependencies [d08fe29d]
+  - @verdaccio/config@6.0.0-6-next.14
+  - @verdaccio/auth@6.0.0-6-next.22
+  - @verdaccio/store@6.0.0-6-next.22
+  - @verdaccio/core@6.0.0-6-next.5
+  - @verdaccio/readme@11.0.0-6-next.4
+  - @verdaccio/tarball@11.0.0-6-next.12
+  - @verdaccio/logger@6.0.0-6-next.11
+
 ## 6.0.0-6-next.22
 
 ### Patch Changes

packages/experimental/fastify-server/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/fastify-migration",
-  "version": "6.0.0-6-next.22",
+  "version": "6.0.0-6-next.23",
   "description": "Fastify server migration package",
   "keywords": [
     "private",
@@ -35,10 +35,10 @@
   },
   "dependencies": {
     "@verdaccio/core": "workspace:6.0.0-6-next.5",
-    "@verdaccio/config": "workspace:6.0.0-6-next.13",
-    "@verdaccio/auth": "workspace:6.0.0-6-next.21",
+    "@verdaccio/config": "workspace:6.0.0-6-next.14",
+    "@verdaccio/auth": "workspace:6.0.0-6-next.22",
     "@verdaccio/logger": "workspace:6.0.0-6-next.11",
-    "@verdaccio/store": "workspace:6.0.0-6-next.21",
+    "@verdaccio/store": "workspace:6.0.0-6-next.22",
     "@verdaccio/tarball": "workspace:11.0.0-6-next.12",
     "@verdaccio/utils": "workspace:6.0.0-6-next.11",
     "@verdaccio/readme": "workspace:11.0.0-6-next.4",
@@ -50,7 +50,7 @@
   },
   "devDependencies": {
     "@types/node": "16.11.21",
-    "@verdaccio/types": "workspace:11.0.0-6-next.11",
+    "@verdaccio/types": "workspace:11.0.0-6-next.12",
     "ts-node": "10.4.0"
   },
   "scripts": {

packages/hooks/package.json

@@ -39,9 +39,9 @@
   },
   "devDependencies": {
     "@types/node": "16.11.21",
-    "@verdaccio/auth": "workspace:6.0.0-6-next.21",
-    "@verdaccio/config": "workspace:6.0.0-6-next.13",
-    "@verdaccio/types": "workspace:11.0.0-6-next.11"
+    "@verdaccio/auth": "workspace:6.0.0-6-next.22",
+    "@verdaccio/config": "workspace:6.0.0-6-next.14",
+    "@verdaccio/types": "workspace:11.0.0-6-next.12"
   },
   "scripts": {
     "clean": "rimraf ./build",

packages/loaders/package.json

@@ -19,9 +19,9 @@
   },
   "devDependencies": {
     "@verdaccio/core": "workspace:6.0.0-6-next.5",
-    "@verdaccio/config": "workspace:6.0.0-6-next.13",
-    "@verdaccio/mock": "workspace:6.0.0-6-next.14",
-    "@verdaccio/types": "workspace:11.0.0-6-next.11"
+    "@verdaccio/config": "workspace:6.0.0-6-next.14",
+    "@verdaccio/mock": "workspace:6.0.0-6-next.15",
+    "@verdaccio/types": "workspace:11.0.0-6-next.12"
   },
   "homepage": "https://verdaccio.org",
   "keywords": [

packages/logger/package.json

@@ -47,7 +47,7 @@
     "pino": "7.6.4"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:11.0.0-6-next.11"
+    "@verdaccio/types": "workspace:11.0.0-6-next.12"
   },
   "funding": {
     "type": "opencollective",

packages/middleware/CHANGELOG.md

@@ -1,5 +1,13 @@
 # @verdaccio/middleware
 
+## 6.0.0-6-next.22
+
+### Patch Changes
+
+- @verdaccio/auth@6.0.0-6-next.22
+- @verdaccio/core@6.0.0-6-next.5
+- @verdaccio/logger@6.0.0-6-next.11
+
 ## 6.0.0-6-next.21
 
 ### Patch Changes

packages/middleware/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/middleware",
-  "version": "6.0.0-6-next.21",
+  "version": "6.0.0-6-next.22",
   "description": "loaders logic",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -40,7 +40,7 @@
   "dependencies": {
     "debug": "4.3.3",
     "body-parser": "1.19.1",
-    "@verdaccio/auth": "workspace:6.0.0-6-next.21",
+    "@verdaccio/auth": "workspace:6.0.0-6-next.22",
     "@verdaccio/core": "workspace:6.0.0-6-next.5",
     "@verdaccio/logger": "workspace:6.0.0-6-next.11",
     "@verdaccio/utils": "workspace:6.0.0-6-next.11",

packages/node-api/CHANGELOG.md

@@ -1,5 +1,22 @@
 # @verdaccio/node-api
 
+## 6.0.0-6-next.32
+
+### Patch Changes
+
+- @verdaccio/server@6.0.0-6-next.31
+
+## 6.0.0-6-next.31
+
+### Patch Changes
+
+- Updated dependencies [d43894e8]
+- Updated dependencies [d08fe29d]
+  - @verdaccio/config@6.0.0-6-next.14
+  - @verdaccio/server@6.0.0-6-next.30
+  - @verdaccio/core@6.0.0-6-next.5
+  - @verdaccio/logger@6.0.0-6-next.11
+
 ## 6.0.0-6-next.30
 
 ### Major Changes

packages/node-api/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/node-api",
-  "version": "6.0.0-6-next.30",
+  "version": "6.0.0-6-next.32",
   "description": "node API",
   "main": "build/index.js",
   "types": "build/index.d.ts",
@@ -40,17 +40,17 @@
   "license": "MIT",
   "dependencies": {
     "@verdaccio/core": "workspace:6.0.0-6-next.5",
-    "@verdaccio/config": "workspace:6.0.0-6-next.13",
+    "@verdaccio/config": "workspace:6.0.0-6-next.14",
     "@verdaccio/logger": "workspace:6.0.0-6-next.11",
-    "@verdaccio/server": "workspace:6.0.0-6-next.29",
+    "@verdaccio/server": "workspace:6.0.0-6-next.31",
     "core-js": "3.20.3",
     "debug": "4.3.3",
     "lodash": "4.17.21"
   },
   "devDependencies": {
     "@types/node": "16.11.21",
-    "@verdaccio/mock": "workspace:6.0.0-6-next.14",
-    "@verdaccio/types": "workspace:11.0.0-6-next.11",
+    "@verdaccio/mock": "workspace:6.0.0-6-next.15",
+    "@verdaccio/types": "workspace:11.0.0-6-next.12",
     "jest-mock-process": "1.4.1",
     "selfsigned": "1.10.14",
     "supertest": "6.2.2"

packages/plugins/active-directory/package.json

@@ -39,7 +39,7 @@
   },
   "devDependencies": {
     "@types/activedirectory2": "1.2.3",
-    "@verdaccio/types": "workspace:11.0.0-6-next.11"
+    "@verdaccio/types": "workspace:11.0.0-6-next.12"
   },
   "scripts": {
     "clean": "rimraf ./build",

packages/plugins/audit/package.json

@@ -37,7 +37,7 @@
     "node-fetch": "cjs"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:11.0.0-6-next.11",
+    "@verdaccio/types": "workspace:11.0.0-6-next.12",
     "nock": "12.0.3",
     "supertest": "6.2.2"
   },

packages/plugins/auth-memory/package.json

@@ -35,7 +35,7 @@
     "@verdaccio/core": "workspace:6.0.0-6-next.5"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:11.0.0-6-next.11"
+    "@verdaccio/types": "workspace:11.0.0-6-next.12"
   },
   "scripts": {
     "clean": "rimraf ./build",

packages/plugins/aws-storage/package.json

@@ -36,7 +36,7 @@
     "aws-sdk": "2.981.0"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:11.0.0-6-next.11",
+    "@verdaccio/types": "workspace:11.0.0-6-next.12",
     "recursive-readdir": "2.2.2"
   },
   "scripts": {

packages/plugins/google-cloud-storage/package.json

@@ -37,7 +37,7 @@
     "@verdaccio/streams": "workspace:11.0.0-6-next.5"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:11.0.0-6-next.11",
+    "@verdaccio/types": "workspace:11.0.0-6-next.12",
     "memory-fs": "0.5.0"
   },
   "optionalDependencies": {

packages/plugins/htpasswd/package.json

@@ -44,7 +44,7 @@
   },
   "devDependencies": {
     "@types/bcryptjs": "2.4.2",
-    "@verdaccio/types": "workspace:11.0.0-6-next.11",
+    "@verdaccio/types": "workspace:11.0.0-6-next.12",
     "mockdate": "3.0.5"
   },
   "scripts": {

packages/plugins/local-storage/package.json

@@ -52,8 +52,8 @@
   },
   "devDependencies": {
     "@types/minimatch": "3.0.5",
-    "@verdaccio/types": "workspace:11.0.0-6-next.11",
-    "@verdaccio/config": "workspace:6.0.0-6-next.13",
+    "@verdaccio/types": "workspace:11.0.0-6-next.12",
+    "@verdaccio/config": "workspace:6.0.0-6-next.14",
     "@verdaccio/utils": "workspace:6.0.0-6-next.11",
     "minimatch": "3.0.4",
     "tmp-promise": "3.0.3"

packages/plugins/memory/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Change Log
 
+## 11.0.0-6-next.10
+
+### Patch Changes
+
+- b8981136: Fix storing tarballs with identical names from different packages in memory plugin
+
 ## 11.0.0-6-next.9
 
 ### Major Changes

packages/plugins/memory/package.json

@@ -1,6 +1,6 @@
 {
   "name": "verdaccio-memory",
-  "version": "11.0.0-6-next.9",
+  "version": "11.0.0-6-next.10",
   "description": "Storage implementation in memory",
   "keywords": [
     "private",
@@ -38,7 +38,7 @@
     "memfs": "3.4.1"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:11.0.0-6-next.11"
+    "@verdaccio/types": "workspace:11.0.0-6-next.12"
   },
   "scripts": {
     "clean": "rimraf ./build",

packages/plugins/memory/src/memory-handler.ts

@@ -1,5 +1,6 @@
 import buildDebug from 'debug';
 import { fs } from 'memfs';
+import path from 'path';
 
 import { VerdaccioError, errorUtils } from '@verdaccio/core';
 import { ReadTarball, UploadTarball } from '@verdaccio/streams';
@@ -35,7 +36,7 @@ class MemoryHandler implements IPackageStorageManager {
     this.data = data;
     this.name = packageName;
     this.logger = logger;
-    this.path = '/';
+    this.path = `/${packageName}`;
     debug('initialized');
   }
 
@@ -113,40 +114,45 @@ class MemoryHandler implements IPackageStorageManager {
   }
 
   public writeTarball(name: string): IUploadTarball {
-    debug('write tarball %o', name);
     const uploadStream: IUploadTarball = new UploadTarball({});
-    const temporalName = `/${name}`;
+    const temporalName = `${this.path}/${name}`;
+    debug('write tarball %o', temporalName);
 
     process.nextTick(function () {
-      fs.stat(temporalName, function (fileError, stats) {
-        if (!fileError && stats) {
-          return uploadStream.emit('error', errorUtils.getConflict());
+      fs.mkdirp(path.dirname(temporalName), (mkdirpError) => {
+        if (mkdirpError) {
+          return uploadStream.emit('error', mkdirpError);
         }
+        fs.stat(temporalName, function (fileError, stats) {
+          if (!fileError && stats) {
+            return uploadStream.emit('error', errorUtils.getConflict());
+          }
 
-        try {
-          const file = fs.createWriteStream(temporalName);
+          try {
+            const file = fs.createWriteStream(temporalName);
 
-          uploadStream.pipe(file);
+            uploadStream.pipe(file);
 
-          uploadStream.done = function (): void {
-            const onEnd = function (): void {
-              uploadStream.emit('success');
+            uploadStream.done = function (): void {
+              const onEnd = function (): void {
+                uploadStream.emit('success');
+              };
+
+              uploadStream.on('end', onEnd);
             };
 
-            uploadStream.on('end', onEnd);
-          };
+            uploadStream.abort = function (): void {
+              uploadStream.emit('error', errorUtils.getBadRequest('transmision aborted'));
+              file.end();
+            };
 
-          uploadStream.abort = function (): void {
-            uploadStream.emit('error', errorUtils.getBadRequest('transmision aborted'));
-            file.end();
-          };
-
-          uploadStream.emit('open');
-          return;
-        } catch (err: any) {
-          uploadStream.emit('error', err);
-          return;
-        }
+            uploadStream.emit('open');
+            return;
+          } catch (err: any) {
+            uploadStream.emit('error', err);
+            return;
+          }
+        });
       });
     });
 
@@ -154,8 +160,8 @@ class MemoryHandler implements IPackageStorageManager {
   }
 
   public readTarball(name: string): IReadTarball {
-    const pathName = `/${name}`;
-    debug('read tarball %o', name);
+    const pathName = `${this.path}/${name}`;
+    debug('read tarball %o', pathName);
 
     const readTarballStream: IReadTarball = new ReadTarball({});
 

packages/plugins/memory/test/memory.spec.ts

@@ -299,6 +299,46 @@ describe('writing files', () => {
       });
     }
   });
+
+  test('should support writting identical tarball filenames from different packages', (done) => {
+    const localMemory: IPluginStorage<ConfigMemory> = new LocalMemory(config, defaultConfig);
+    const pkgName1 = 'package1';
+    const pkgName2 = 'package2';
+    const filename = 'tarball-3.0.0.tgz';
+    const dataTarball1 = '12345';
+    const dataTarball2 = '12345678';
+    const handler = localMemory.getPackageStorage(pkgName1);
+    if (handler) {
+      const stream = handler.writeTarball(filename);
+      stream.on('data', (data) => {
+        expect(data.toString()).toBe(dataTarball1);
+      });
+      stream.on('open', () => {
+        stream.done();
+        stream.end();
+      });
+      stream.on('success', () => {
+        const handler = localMemory.getPackageStorage(pkgName2);
+        if (handler) {
+          const stream = handler.writeTarball(filename);
+          stream.on('data', (data) => {
+            expect(data.toString()).toBe(dataTarball2);
+          });
+          stream.on('open', () => {
+            stream.done();
+            stream.end();
+          });
+          stream.on('success', () => {
+            done();
+          });
+
+          stream.write(dataTarball2);
+        }
+      });
+
+      stream.write(dataTarball1);
+    }
+  });
 });
 
 describe('reading files', () => {

packages/plugins/ui-theme/CHANGELOG.md

@@ -1,5 +1,53 @@
 # @verdaccio/ui-theme
 
+## 6.0.0-6-next.25
+
+### Patch Changes
+
+- a828a5f6: fix: #3174 set correctly ui values to html render
+
+## 6.0.0-6-next.24
+
+### Minor Changes
+
+- d43894e8: feat: rework web header for mobile, add new settings and raw manifest button
+
+  ### New set of variables to hide features
+
+  Add set of new variables that allow hide different parts of the UI, buttons, footer or download tarballs. _All are
+  enabled by default_.
+
+  ```yaml
+  # login: true <-- already exist but worth the reminder
+  # showInfo: true
+  # showSettings: true
+  # In combination with darkMode you can force specific theme
+  # showThemeSwitch: true
+  # showFooter: true
+  # showSearch: true
+  # showDownloadTarball: true
+  ```
+
+  > If you disable `showThemeSwitch` and force `darkMode: true` the local storage settings would be
+  > ignored and force all themes to the one in the configuration file.
+
+  Future could be extended to
+
+  ### Raw button to display manifest package
+
+  A new experimental feature (enabled by default), button named RAW to be able navigate on the package manifest directly on the ui, kudos to [react-json-view](https://www.npmjs.com/package/react-json-view) that allows an easy integration, not configurable yet until get more feedback.
+
+  ```yaml
+  showRaw: true
+  ```
+
+  #### Rework header buttons
+
+  - The header has been rework, the mobile was not looking broken.
+  - Removed info button in the header and moved to a dialog
+  - Info dialog now contains more information about the project, license and the aid content for Ukrania now is inside of the info modal.
+  - Separate settings and info to avoid collapse too much info (for mobile still need some work)
+
 ## 6.0.0-6-next.23
 
 ### Major Changes

packages/plugins/ui-theme/jest/jest.config.js

@@ -30,6 +30,7 @@ module.exports = Object.assign({}, config, {
     '\\.(png)$': '<rootDir>/jest/identity.js',
     '\\.(svg)$': '<rootDir>/jest/unit/empty.ts',
     '\\.(jpg)$': '<rootDir>/jest/unit/empty.ts',
+    '\\.(md)$': '<rootDir>/jest/unit/empty-string.ts',
     'github-markdown-css': '<rootDir>/jest/identity.js',
     // note: this section has to be on sync with webpack configuration
     'verdaccio-ui/components/(.*)': '<rootDir>/src/components/$1',

packages/plugins/ui-theme/jest/unit/empty-string.ts

@@ -0,0 +1 @@
+export default 'empty string module';

packages/plugins/ui-theme/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/ui-theme",
-  "version": "6.0.0-6-next.23",
+  "version": "6.0.0-6-next.25",
   "description": "Verdaccio User Interface",
   "author": {
     "name": "Verdaccio Contributors",
@@ -33,7 +33,7 @@
     "@testing-library/dom": "8.11.2",
     "@testing-library/jest-dom": "5.16.1",
     "@testing-library/react": "12.1.2",
-    "@verdaccio/node-api": "workspace:6.0.0-6-next.30",
+    "@verdaccio/node-api": "workspace:6.0.0-6-next.32",
     "@verdaccio/types": "workspace:*",
     "babel-loader": "8.2.3",
     "babel-plugin-dynamic-import-node": "2.3.3",
@@ -57,6 +57,7 @@
     "node-mocks-http": "1.11.0",
     "normalize.css": "8.0.1",
     "react-markdown": "8.0.0",
+    "react-json-view": "1.21.3",
     "remark-gfm": "3.0.1",
     "optimize-css-assets-webpack-plugin": "6.0.1",
     "ora": "5.4.1",
@@ -71,9 +72,10 @@
     "react-redux": "7.2.6",
     "redux": "4.1.2",
     "rimraf": "3.0.2",
+    "raw-loader": "4.0.2",
     "msw": "0.36.5",
     "style-loader": "3.3.1",
-    "stylelint": "14.6.0",
+    "stylelint": "14.8.2",
     "stylelint-config-recommended": "7.0.0",
     "stylelint-config-styled-components": "0.1.1",
     "stylelint-processor-styled-components": "1.10.0",