chore: update versions (6-next) (#3249)

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

.changeset/chilled-ways-fetch.md

@@ -0,0 +1,5 @@
+---
+'verdaccio-memory': patch
+---
+
+Fix storing tarballs with identical names from different packages in memory plugin

.changeset/healthy-pants-smash.md

@@ -0,0 +1,7 @@
+---
+'@verdaccio/ui-theme': patch
+'@verdaccio/test-helper': patch
+'@verdaccio/web': patch
+---
+
+fix: #3174 set correctly ui values to html render

.changeset/pre.json

@@ -53,6 +53,7 @@
     "brown-cycles-laugh",
     "brown-pandas-wink",
     "calm-pants-impress",
+    "chilled-ways-fetch",
     "dry-planes-tap",
     "dull-monkeys-search",
     "eleven-brooms-hunt",
@@ -67,6 +68,7 @@
     "gentle-trains-switch",
     "gold-vans-tease",
     "healthy-bikes-behave",
+    "healthy-pants-smash",
     "healthy-poets-compare",
     "heavy-ravens-lay",
     "hip-hounds-destroy",

.eslintignore

@@ -11,3 +11,4 @@ wiki/
 dist/
 docs/
 test/functional/store/*
+docker-examples/**/lib/**/*.js

.github/workflows/benchmark.yml

@@ -10,6 +10,9 @@ on:
   # push:
   #   branches:
   #     - master
+permissions:
+  contents: read
+
 jobs:
   prepare: 
     name: Prepare build
@@ -20,7 +23,7 @@ jobs:
         with:
           node-version: 16.x
       - name: install pnpm
-        run: sudo npm i pnpm@6.24.1 -g
+        run: sudo npm i pnpm@latest-6 -g
       - name: set store
         run: | 
           mkdir ~/.pnpm-store
@@ -57,8 +60,8 @@ jobs:
           # - local
           - 3.13.1
           - 4.12.2
-          - 5.7.0
-          - 6.0.0-6-next.35
+          - 5.10.2
+          - 6.0.0-6-next.40
     name: Benchmark autocannon
     runs-on: ubuntu-latest
     steps:
@@ -73,7 +76,7 @@ jobs:
         run: tar -xzvf pkg.tar.gz -C ${{ github.workspace }}/packages          
       - name: install pnpm
         # require fixed version
-        run: sudo npm i pnpm@6.24.1 -g
+        run: sudo npm i pnpm@latest-6 -g
       - uses: actions/cache@v3
         with:
           path: ~/.pnpm-store
@@ -118,8 +121,8 @@ jobs:
           # old versions to compare same test along previous releases
           - 3.13.1
           - 4.12.2
-          - 5.7.0
-          - 6.0.0-6-next.35
+          - 5.10.2
+          - 6.0.0-6-next.40
     name: Benchmark hyperfine
     runs-on: ubuntu-latest
     steps:
@@ -134,7 +137,7 @@ jobs:
         run: tar -xzvf pkg.tar.gz -C ${{ github.workspace }}/packages          
       - name: install pnpm
         # require fixed version
-        run: sudo npm i pnpm@6.24.1 -g
+        run: sudo npm i pnpm@latest-6 -g
       - uses: actions/cache@v3
         with:
           path: ~/.pnpm-store

.github/workflows/changesets.yml

@@ -33,7 +33,7 @@ jobs:
           NODE_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
 
       - name: install pnpm
-        run: npm i pnpm@6.10.3 -g
+        run: npm i pnpm@6.32.15 -g
         env:
           NODE_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
 

.github/workflows/ci.yml

@@ -14,6 +14,9 @@ on:
       - 'jest/**'
       - 'package.json'
       - 'pnpm-workspace.yaml'
+permissions:
+  contents: read
+
 jobs:
   prepare:
     runs-on: ubuntu-latest
@@ -30,7 +33,7 @@ jobs:
       with:
         node-version: 16
     - name: Install pnpm
-      run: npm i pnpm@6.32.3 -g
+      run: npm i pnpm@6.32.15 -g
     - name: set store
       run: |
         mkdir ~/.pnpm-store
@@ -55,7 +58,7 @@ jobs:
         with:
           node-version: 16
       - name: Install pnpm
-        run: npm i pnpm@6.32.3 -g
+        run: npm i pnpm@6.32.15 -g
       - uses: actions/cache@v3
         with:
           path: ~/.pnpm-store
@@ -75,7 +78,7 @@ jobs:
         with:
           node-version: 16
       - name: Install pnpm
-        run: npm i pnpm@6.32.3 -g
+        run: npm i pnpm@6.32.15 -g
       - uses: actions/cache@v3
         with:
           path: ~/.pnpm-store
@@ -101,7 +104,7 @@ jobs:
         with:
           node-version: ${{ matrix.node_version }}
       - name: Install pnpm
-        run: npm i pnpm@6.32.3 -g
+        run: npm i pnpm@6.32.15 -g
       - uses: actions/cache@v3
         with:
           path: ~/.pnpm-store
@@ -122,7 +125,7 @@ jobs:
         with:
           node-version: 16
       - name: Install pnpm
-        run: npm i pnpm@latest -g
+        run: npm i pnpm@6.32.15 -g
       - uses: actions/cache@v3
         with:
           path: ~/.pnpm-store
@@ -174,7 +177,7 @@ jobs:
         with:
           node-version: 16
       - name: Install pnpm
-        run: npm i pnpm@6.32.3 -g
+        run: npm i pnpm@6.32.15 -g
       - uses: actions/cache@v3
         with:
           path: ~/.pnpm-store

.github/workflows/codeql-analysis.yml

@@ -8,8 +8,15 @@ on:
   schedule:
     - cron: '0 2 * * 4'
 
+permissions:
+  contents: read
+
 jobs:
   CodeQL-Build:
+    permissions:
+      actions: read  # for github/codeql-action/init to get workflow details
+      contents: read  # for actions/checkout to fetch code
+      security-events: write  # for github/codeql-action/autobuild to send a status report
     runs-on: ubuntu-latest
 
     steps:
@@ -27,7 +34,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v1
+        uses: github/codeql-action/init@v2
 
       # Override language selection by uncommenting this and choosing your languages
       # with:
@@ -35,7 +42,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v1
+        uses: github/codeql-action/autobuild@v2
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -49,4 +56,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v1
+        uses: github/codeql-action/analyze@v2

.github/workflows/contributors.yml

@@ -23,7 +23,7 @@ jobs:
         with:
           node-version: 17.x
       - name: install pnpm
-        run: sudo npm i pnpm@6.24.1 -g
+        run: sudo npm i pnpm@latest-6 -g
       - name: set store
         run: | 
           mkdir ~/.pnpm-store

.github/workflows/website.yml

@@ -3,13 +3,6 @@ name: Verdaccio Website CI
 on:
   workflow_dispatch:
   pull_request:
-    types:
-      - opened
-      - synchronize
-    paths:
-      - 'website/**'
-      - 'package.json'
-      - './.github/workflows/website.yml'
   push:
     branches:
       - 'master'
@@ -26,10 +19,10 @@ jobs:
     steps:
       - uses: actions/checkout@v3
 
-      - name: Use Node 14
+      - name: Use Node 16
         uses: actions/setup-node@v3
         with:
-          node-version: 14
+          node-version: 16
 
       - name: Cache pnpm modules
         uses: actions/cache@v3
@@ -41,9 +34,9 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-build-${{ env.cache-name }}-${{ matrix.node-version }}-
 
-      - uses: pnpm/action-setup@v2.2.1
+      - uses: pnpm/action-setup@v2.2.2
         with:
-          version: 6.10.2
+          version: 6.32.15
           run_install: |
             - recursive: true
               args: [--frozen-lockfile]
@@ -83,6 +76,7 @@ jobs:
         run: pnpm netlify:build:deployPreview --filter ...@verdaccio/website
 
       - name: 🤖 Deploy Preview Netlify
+        if: github.repository == 'verdaccio/verdaccio'
         uses: semoal/action-netlify-deploy@master
         id: netlify_preview
         with:
@@ -96,6 +90,7 @@ jobs:
           build-dir: './website/build'
 
       - name: Audit preview URL with Lighthouse
+        if: github.repository == 'verdaccio/verdaccio'
         id: lighthouse_audit
         uses: treosh/lighthouse-ci-action@9.3.0
         with:
@@ -129,6 +124,7 @@ jobs:
              core.setOutput("comment", comment);
 
       - name: Add comment to PR
+        if: github.repository == 'verdaccio/verdaccio'
         id: comment_to_pr
         uses: marocchino/sticky-pull-request-comment@v2
         with:

CONTRIBUTING.md

@@ -70,7 +70,7 @@ This setting would cause the `pnpm install` command to install incorrect version
 To begin your development setup, please install the latest version of pnpm globally:
 
 ```
-npm i -g pnpm
+npm i -g pnpm@latest-6
 ```
 
 With pnpm installed, the first step is installing all dependencies:

Dockerfile

@@ -1,4 +1,4 @@
-FROM --platform=${BUILDPLATFORM:-linux/amd64} node:16.14.2-alpine as builder
+FROM --platform=${BUILDPLATFORM:-linux/amd64} node:16.15.0-alpine as builder
 
 ENV NODE_ENV=development \
     VERDACCIO_BUILD_REGISTRY=https://registry.verdaccio.org
@@ -11,7 +11,7 @@ RUN apk --no-cache add openssl ca-certificates wget && \
 
 WORKDIR /opt/verdaccio-build
 COPY . .
-RUN npm -g i pnpm@6.24.1 && \
+RUN npm -g i pnpm@6.32.15 && \
     pnpm config set registry $VERDACCIO_BUILD_REGISTRY && \
     pnpm recursive install --frozen-lockfile --ignore-scripts && \
     rm -Rf test && \
@@ -20,7 +20,7 @@ RUN npm -g i pnpm@6.24.1 && \
 # FIXME: need to remove devDependencies from the build
 # RUN pnpm install --prod --ignore-scripts
 
-FROM node:16.14.2-alpine
+FROM node:16.15.0-alpine
 LABEL maintainer="https://github.com/verdaccio/verdaccio"
 
 ENV VERDACCIO_APPDIR=/opt/verdaccio \

README.md

@@ -8,7 +8,12 @@
 
 # Version 6 (Development branch)
 
-> Looking for Verdaccio 5? Check branch `5.x`
+> Looking for Verdaccio 5 version? Check the branch `5.x`
+> The plugins for the `v5.x` that are hosted within this organization are located
+> at the [`verdaccio/monorepo`](https://github.com/verdaccio/monorepo) repository, while for the v6.x
+> are hosted on this project `./packages/plugins`, keep on mind `v6.x` plugins will eventually would be
+> incompatible with `v5.x` versions.
+> Note that contributing guidelines might be different based on the branch.
 
 [Verdaccio](https://verdaccio.org/) is a simple, **zero-config-required local private npm registry**.
 No need for an entire database just to get started! Verdaccio comes out of the box with
@@ -48,6 +53,27 @@ or
 docker pull verdaccio/verdaccio:nightly-master
 ```
 
+or with _helm_ [official chart](https://github.com/verdaccio/charts).
+
+```bash
+helm repo add verdaccio https://charts.verdaccio.org
+helm repo update
+helm install verdaccio/verdaccio
+```
+
+Furthermore, you can read the [**Debugging Guidelines**](https://github.com/verdaccio/verdaccio/wiki/Debugging-Verdaccio) and the [**Docker Examples**](https://github.com/verdaccio/verdaccio/tree/master/docker-examples) for more advanced development.
+
+## Plugins
+
+You can develop your own [plugins](https://verdaccio.org/docs/plugins) with the [verdaccio generator](https://github.com/verdaccio/generator-verdaccio-plugin). Installing [Yeoman](https://yeoman.io/) is required.
+
+```
+npm install -g yo
+npm install -g generator-verdaccio-plugin
+```
+
+Learn more [here](https://verdaccio.org/docs/dev-plugins) how to develop plugins. Share your plugins with the community.
+
 ## Donations
 
 Verdaccio is run by **volunteers**; nobody is working full-time on it. If you find this project to be useful and would like to support its development, consider do a long support donation - **and your logo will be on this section of the readme.**
@@ -76,7 +102,13 @@ If you want to use a modified version of some 3rd-party package (for example, yo
 ### E2E Testing
 
 Verdaccio has proved to be a lightweight registry that can be
-booted in a couple of seconds, fast enough for any CI. Many open source projects use verdaccio for end to end testing, to mention some examples, **create-react-app**, **mozilla neutrino**, **pnpm**, **storybook**, **alfresco** or **eclipse theia**. You can read more in dedicated article to E2E in our blog.
+booted in a couple of seconds, fast enough for any CI. Many open source projects use verdaccio for end to end testing, to mention some examples, **create-react-app**, **mozilla neutrino**, **pnpm**, **storybook**, **babel.js**, **angular-cli** or **docusaurus**. You can read more in [here](https://verdaccio.org/docs/e2e).
+
+Furthermore, here few examples how to start:
+
+- [e2e-ci-example-gh-actions](https://github.com/juanpicado/e2e-ci-example-gh-actions)
+- [verdaccio-end-to-end-tests](https://github.com/juanpicado/verdaccio-end-to-end-tests)
+- [verdaccio-fork](https://github.com/juanpicado/verdaccio-fork)
 
 ## Watch our Videos
 
@@ -84,16 +116,13 @@ booted in a couple of seconds, fast enough for any CI. Many open source projects
 
 <div>
    <a href="https://portal.gitnation.org/contents/five-ways-of-taking-advantage-of-verdaccio-your-private-and-proxy-nodejs-registry">
-     <img src="https://cdn.verdaccio.dev/readme/nodejscongress2022.jpg" alt="nodejs" width="300"/>
+     <img src="https://cdn.verdaccio.dev/readme/nodejscongress2022.jpg" alt="nodejs" width="200"/>
   </a>
 </div>
 
-### **Using Docker and Verdaccio to make Integration Testing Easy - Docker All Hands #4 December - 2021**.
-
-[![docker](https://cdn.verdaccio.dev/readme/docker-all-hands-jpicado-talk.jpg)](https://www.youtube.com/watch?v=zRI0skF1f8I)
-
 You might want to check out as well our previous talks:
 
+- [Using Docker and Verdaccio to make Integration Testing Easy - **Docker All Hands #4 December - 2021**](https://www.youtube.com/watch?v=zRI0skF1f8I)
 - [**Juan Picado** – Testing the integrity of React components by publishing in a private registry - React Finland - 2021](https://www.youtube.com/watch?v=bRKZbrlQqLY&t=16s&ab_channel=ReactFinland)
 - [BeerJS Cba Meetup No. 53 May 2021 - **Juan Picado**](https://www.youtube.com/watch?v=6SyjqBmS49Y&ab_channel=BeerJSCba)
 - [Node.js Dependency Confusion Attacks - April 2021 - **Juan Picado**](https://www.youtube.com/watch?v=qTRADSp3Hpo)
@@ -168,7 +197,7 @@ To run the docker container:
 docker run -it --rm --name verdaccio -p 4873:4873 verdaccio/verdaccio
 ```
 
-Docker examples are available [in this repository](https://github.com/verdaccio/docker-examples).
+Docker examples are available [in this repository](https://github.com/verdaccio/verdaccio/tree/master/docker-examples).
 
 ## Compatibility
 
@@ -236,6 +265,7 @@ You can find and chat with then over Discord, click [here](http://chat.verdaccio
 - [create-react-app](https://github.com/facebook/create-react-app/blob/master/CONTRIBUTING.md#customizing-e2e-registry-configuration) _(+86.2k ⭐️)_
 - [Gatsby](https://github.com/gatsbyjs/gatsby) _(+49.2k ⭐️)_
 - [Babel.js](https://github.com/babel/babel) _(+38.5k ⭐️)_
+- [Docusaurus](https://github.com/facebook/docusaurus) _(+34k ⭐️)_
 - [Vue CLI](https://github.com/vuejs/vue-cli) _(+27.4k ⭐️)_
 - [Angular CLI](https://github.com/angular/angular-cli) _(+24.3k ⭐️)_
 - [Uppy](https://github.com/transloadit/uppy) _(+23.8k ⭐️)_
@@ -250,7 +280,7 @@ You can find and chat with then over Discord, click [here](http://chat.verdaccio
 - [Amazon SDK v3](https://github.com/aws/aws-sdk-js-v3)
 - [Amazon Encryption SDK for Javascript](https://github.com/aws/aws-encryption-sdk-javascript)
 
-🤓 Don't be shy, you also can be in [the list](https://github.com/verdaccio/website/blob/master/docs/who-is-using.md).
+🤓 Don't be shy, add yourself to this readme.
 
 ## Open Collective Sponsors
 

docker-examples/v5/README.md

@@ -3,3 +3,12 @@
 > Before run examples, build the local image by running `pnpm docker`.
 
 - [Docker + Nginx + Verdaccio](reverse_proxy/nginx/README.md)
+
+## Using Plugins with Docker
+
+List of different approaches
+
+> Note these options could be improved, feel free to submit upgrades
+
+- [Docker + Install plugins from a registry](plugins/docker-build-install-plugin/README.md)
+- [Docker + Install local plugin](plugins/docker-local-plugin/README.md)

docker-examples/v5/plugins/docker-build-install-plugin/Dockerfile

@@ -0,0 +1,25 @@
+# Docs based on https://github.com/xlts-dev/verdaccio-prometheus-middleware#installation
+
+# Docker multi-stage build - https://docs.docker.com/develop/develop-images/multistage-build/
+# Use an alpine node image to install the plugin
+FROM node:lts-alpine as builder
+
+# Install the metrics middleware plugin
+# npm docs
+# --global-style https://docs.npmjs.com/cli/v7/commands/npm-install#global-style
+# --no-bin-links https://docs.npmjs.com/cli/v7/commands/npm-install#bin-links
+# --omit=optional 
+RUN mkdir -p /verdaccio/plugins \
+  && cd /verdaccio/plugins \
+  && npm install --global-style --no-bin-links --omit=optional verdaccio-auth-memory@latest
+
+# The final built image will be based on the standard Verdaccio docker image.
+FROM verdaccio/verdaccio:5
+
+# Copy the plugin files over from the 'builder' node image.
+# The `$VERDACCIO_USER_UID` env variable is defined in the base `verdaccio/verdaccio` image.
+# Refer to: https://github.com/verdaccio/verdaccio/blob/v5.2.0/Dockerfile#L32
+ADD docker.yaml /verdaccio/conf/config.yaml  
+COPY --chown=$VERDACCIO_USER_UID:root --from=builder \
+  /verdaccio/plugins/node_modules/verdaccio-auth-memory \
+  /verdaccio/plugins/verdaccio-auth-memory

docker-examples/v5/plugins/docker-build-install-plugin/README.md

@@ -0,0 +1,46 @@
+# Installing a plugin with Docker build
+
+On this small tutorial (based on [`verdaccio-prometheus-middleware`](https://github.com/xlts-dev/verdaccio-prometheus-middleware) example) you will be able to use a published package in any random registry (npmjs by default) and use it withing a docker image without mapping need it.
+
+> Since verdaccio:5 uses `yarn@2` to run the application, this tutorial is a workaround but future prove since verdaccio 6 uses `pnpm` to build the docker image.
+
+There are two main steps to highlight:
+
+- `docker.yaml`: This is a copy of the original configuration file for docker and with small modifications to use the plugin [`verdaccio-auth-memory`](https://www.npmjs.com/package/verdaccio-auth-memory) and custom web title for demonstration.
+- The `Dockerfile` take advance of the docker multi-stage build to install the plugin into the `verdaccio/plugins` folder withing the image, then we apply the right permissions `--chown=$VERDACCIO_USER_UID:root` so the plugin is recognized.
+
+## Run it
+
+Build this image.
+
+```bash
+docker build -t verdaccio/verdaccio:local .
+```
+
+and to run it
+
+```bash
+docker run -it --rm --name verdaccio -p 4873:4873 verdaccio/verdaccio:local
+```
+
+## Usage
+
+```dockerfile
+# Docker multi-stage build - https://docs.docker.com/develop/develop-images/multistage-build/
+# Use an alpine node image to install the plugin
+FROM node:lts-alpine as builder
+
+RUN mkdir -p /verdaccio/plugins \
+  && cd /verdaccio/plugins \
+  && npm install --global-style --no-bin-links --omit=optional verdaccio-auth-memory@latest
+
+FROM verdaccio/verdaccio:5
+
+# copy your modified config.yaml into the image
+ADD docker.yaml /verdaccio/conf/config.yaml
+
+COPY --chown=$VERDACCIO_USER_UID:root --from=builder \
+  /verdaccio/plugins/node_modules/verdaccio-auth-memory \
+  /verdaccio/plugins/verdaccio-auth-memory
+
+```

docker-examples/v5/plugins/docker-build-install-plugin/docker.yaml

@@ -0,0 +1,197 @@
+#
+# This is the default configuration file. It allows all users to do anything,
+# please read carefully the documentation and best practices to
+# improve security.
+#
+# Do not configure host and port under `listen` in this file
+# as it will be ignored when using docker.
+# see https://verdaccio.org/docs/en/docker#docker-and-custom-port-configuration
+#
+# Look here for more config file examples:
+# https://github.com/verdaccio/verdaccio/tree/5.x/conf
+#
+# Read about the best practices
+# https://verdaccio.org/docs/best
+
+# path to a directory with all packages
+storage: /verdaccio/storage/data
+# path to a directory with plugins to include
+plugins: /verdaccio/plugins
+
+# https://verdaccio.org/docs/webui
+web:
+  title: Verdaccio Publish Config Test
+  # comment out to disable gravatar support
+  # gravatar: false
+  # by default packages are ordercer ascendant (asc|desc)
+  # sort_packages: asc
+  # convert your UI to the dark side
+  # darkMode: true
+  # html_cache: true
+  # by default all features are displayed
+  # login: true
+  # showInfo: true
+  # showSettings: true
+  # In combination with darkMode you can force specific theme
+  # showThemeSwitch: true
+  # showFooter: true
+  # showSearch: true
+  # showRaw: true
+  # showDownloadTarball: true
+  #  HTML tags injected after manifest <scripts/>
+  # scriptsBodyAfter:
+  #    - '<script type="text/javascript" src="https://my.company.com/customJS.min.js"></script>'
+  #  HTML tags injected before ends </head>
+  #  metaScripts:
+  #    - '<script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>'
+  #    - '<script type="text/javascript" src="https://browser.sentry-cdn.com/5.15.5/bundle.min.js"></script>'
+  #    - '<meta name="robots" content="noindex" />'
+  #  HTML tags injected first child at <body/>
+  #  bodyBefore:
+  #    - '<div id="myId">html before webpack scripts</div>'
+  #  Public path for template manifest scripts (only manifest)
+  #  publicPath: http://somedomain.org/
+
+# https://verdaccio.org/docs/configuration#authentication
+auth:
+  auth-memory:
+    users:
+      foo:
+        name: foo
+        password: s3cret
+      bar:
+        name: bar
+        password: s3cret
+
+# https://verdaccio.org/docs/configuration#uplinks
+# a list of other known repositories we can talk to
+uplinks:
+  npmjs:
+    url: https://registry.npmjs.org/
+
+# Learn how to protect your packages
+# https://verdaccio.org/docs/protect-your-dependencies/
+# https://verdaccio.org/docs/configuration#packages
+packages:
+  '@*/*':
+    # scoped packages
+    access: $all
+    publish: $authenticated
+    unpublish: $authenticated
+    proxy: npmjs
+
+  '**':
+    # allow all users (including non-authenticated users) to read and
+    # publish all packages
+    #
+    # you can specify usernames/groupnames (depending on your auth plugin)
+    # and three keywords: "$all", "$anonymous", "$authenticated"
+    access: $all
+
+    # allow all known users to publish/publish packages
+    # (anyone can register by default, remember?)
+    publish: $authenticated
+    unpublish: $authenticated
+
+    # if package is not available locally, proxy requests to 'npmjs' registry
+    proxy: npmjs
+
+# To improve your security configuration and  avoid dependency confusion
+# consider removing the proxy property for private packages
+# https://verdaccio.org/docs/best#remove-proxy-to-increase-security-at-private-packages
+
+# https://verdaccio.org/docs/configuration#server
+# You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections.
+# A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout.
+# WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.
+server:
+  keepAliveTimeout: 60
+
+# https://verdaccio.org/docs/configuration#offline-publish
+# publish:
+#   allow_offline: false
+
+# https://verdaccio.org/docs/configuration#url-prefix
+# url_prefix: /verdaccio/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/my_prefix'
+# // url -> https://somedomain.org/my_prefix/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/'
+# // url -> https://somedomain.org/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org/first_prefix';
+# url_prefix: '/second_prefix'
+# // url -> https://somedomain.org/second_prefix/'
+
+# https://verdaccio.org/docs/configuration#security
+# security:
+#   api:
+#     legacy: true
+#     jwt:
+#       sign:
+#         expiresIn: 29d
+#       verify:
+#         someProp: [value]
+#    web:
+#      sign:
+#        expiresIn: 1h # 1 hour by default
+#      verify:
+#         someProp: [value]
+
+# https://verdaccio.org/docs/configuration#user-rate-limit
+# userRateLimit:
+#   windowMs: 50000
+#   max: 1000
+
+# https://verdaccio.org/docs/configuration#max-body-size
+# max_body_size: 10mb
+
+# https://verdaccio.org/docs/configuration#listen-port
+# listen:
+# - localhost:4873            # default value
+# - http://localhost:4873     # same thing
+# - 0.0.0.0:4873              # listen on all addresses (INADDR_ANY)
+# - https://example.org:4873  # if you want to use https
+# - "[::1]:4873"                # ipv6
+# - unix:/tmp/verdaccio.sock    # unix socket
+
+# The HTTPS configuration is useful if you do not consider use a HTTP Proxy
+# https://verdaccio.org/docs/configuration#https
+# https:
+#   key: ./path/verdaccio-key.pem
+#   cert: ./path/verdaccio-cert.pem
+#   ca: ./path/verdaccio-csr.pem
+
+# https://verdaccio.org/docs/configuration#proxy
+# http_proxy: http://something.local/
+# https_proxy: https://something.local/
+
+# https://verdaccio.org/docs/configuration#notifications
+# notify:
+#   method: POST
+#   headers: [{ "Content-Type": "application/json" }]
+#   endpoint: https://usagge.hipchat.com/v2/room/3729485/notification?auth_token=mySecretToken
+#   content: '{"color":"green","message":"New package published: * {{ name }}*","notify":true,"message_format":"text"}'
+
+middlewares:
+  audit:
+    enabled: true
+
+# https://verdaccio.org/docs/logger
+# log settings
+logs: { type: stdout, format: pretty, level: http }
+#experiments:
+#  # support for npm token command
+#  token: false
+#  # enable tarball URL redirect for hosting tarball with a different server, the tarball_url_redirect can be a template string
+#  tarball_url_redirect: 'https://mycdn.com/verdaccio/${packageName}/${filename}'
+#  # the tarball_url_redirect can be a function, takes packageName and filename and returns the url, when working with a js configuration file
+#  tarball_url_redirect(packageName, filename) {
+#    const signedUrl = // generate a signed url
+#    return signedUrl;
+#  }
+
+# translate your registry, api i18n not available yet
+# i18n:
+# list of the available translations https://github.com/verdaccio/verdaccio/blob/master/packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md
+#   web: en-US

docker-examples/v5/plugins/docker-local-plugin/Dockerfile

@@ -0,0 +1,26 @@
+# Docs based on https://github.com/xlts-dev/verdaccio-prometheus-middleware#installation
+# Docker multi-stage build - https://docs.docker.com/develop/develop-images/multistage-build/
+# Use an alpine node image to install the plugin
+FROM node:lts-alpine as builder
+
+RUN mkdir -p /verdaccio/plugins
+
+# Copy the local plugin into the docker image
+ADD plugins/verdaccio-docker-memory /verdaccio/plugins/verdaccio-docker-memory
+# Install the production dependencies (be careful install devDependencies here)
+RUN cd /verdaccio/plugins/verdaccio-docker-memory \
+  && npm install --production
+
+# The final built image will be based on the standard Verdaccio docker image.
+FROM verdaccio/verdaccio:5
+
+# Copy the plugin files over from the 'builder' node image.
+# The `$VERDACCIO_USER_UID` env variable is defined in the base `verdaccio/verdaccio` image.
+# Refer to: https://github.com/verdaccio/verdaccio/blob/v5.2.0/Dockerfile#L32
+# The local verdaccio-docker-memory is setup as storage
+ADD docker.yaml /verdaccio/conf/config.yaml  
+
+# Copy the plugin into the /verdaccio/plugins 
+COPY --chown=$VERDACCIO_USER_UID:root --from=builder \
+  /verdaccio/plugins/verdaccio-docker-memory \
+  /verdaccio/plugins/verdaccio-docker-memory

docker-examples/v5/plugins/docker-local-plugin/README.md

@@ -0,0 +1,42 @@
+# Installing a local plugin with Docker build
+
+On this small tutorial (based on [`verdaccio-prometheus-middleware`](https://github.com/xlts-dev/verdaccio-prometheus-middleware) example) you will be able to use a published package in any random registry (npmjs by default) and use it withing a docker image without mapping need it.
+
+> Since verdaccio:5 uses `yarn@2` to run the application, this tutorial is a workaround but future prove since verdaccio 6 uses `pnpm` to build the docker image.
+
+There are three main steps to highlight:
+
+- Note the custom plugin at `plugins/verdaccio-docker-memory` under the name `verdaccio-docker-memory`.
+- Install the _production_ dependencies for the plugin `verdaccio-docker-memory`
+- `docker.yaml`: This is a copy of the original configuration file for docker and with small modifications to use the local plugin `verdaccio-docker-memory`.
+- The `Dockerfile` take advance of the docker multi-stage build to copy the local plugin into the `verdaccio/plugins` folder withing the image, then we apply the right permissions `--chown=$VERDACCIO_USER_UID:root` so the plugin is recognized.
+
+## Run it
+
+Build this image.
+
+```bash
+docker build -t verdaccio/verdaccio:local .
+```
+
+and to run it
+
+```bash
+docker run -it --rm --name verdaccio -p 4873:4873 verdaccio/verdaccio:local
+```
+
+## Usage
+
+```dockerfile
+FROM node:lts-alpine as builder
+RUN mkdir -p /verdaccio/plugins
+ADD plugins/verdaccio-docker-memory /verdaccio/plugins/verdaccio-docker-memory
+RUN cd /verdaccio/plugins/verdaccio-docker-memory \
+  && ls -ls \
+  && npm install --production
+FROM verdaccio/verdaccio:5
+ADD docker.yaml /verdaccio/conf/config.yaml
+COPY --chown=$VERDACCIO_USER_UID:root --from=builder \
+  /verdaccio/plugins/verdaccio-docker-memory \
+  /verdaccio/plugins/verdaccio-docker-memory
+```

docker-examples/v5/plugins/docker-local-plugin/docker.yaml

@@ -0,0 +1,199 @@
+#
+# This is the default configuration file. It allows all users to do anything,
+# please read carefully the documentation and best practices to
+# improve security.
+#
+# Do not configure host and port under `listen` in this file
+# as it will be ignored when using docker.
+# see https://verdaccio.org/docs/en/docker#docker-and-custom-port-configuration
+#
+# Look here for more config file examples:
+# https://github.com/verdaccio/verdaccio/tree/5.x/conf
+#
+# Read about the best practices
+# https://verdaccio.org/docs/best
+
+# path to a directory with all packages
+storage: /verdaccio/storage/data
+
+store:
+  # dummy copy of https://www.npmjs.com/package/verdaccio-memory
+  docker-memory:
+    limit: 1000
+
+# path to a directory with plugins to include
+plugins: /verdaccio/plugins
+
+# https://verdaccio.org/docs/webui
+web:
+  title: Verdaccio This is a Test
+  # comment out to disable gravatar support
+  # gravatar: false
+  # by default packages are ordercer ascendant (asc|desc)
+  # sort_packages: asc
+  # convert your UI to the dark side
+  # darkMode: true
+  # html_cache: true
+  # by default all features are displayed
+  # login: true
+  # showInfo: true
+  # showSettings: true
+  # In combination with darkMode you can force specific theme
+  # showThemeSwitch: true
+  # showFooter: true
+  # showSearch: true
+  # showRaw: true
+  # showDownloadTarball: true
+  #  HTML tags injected after manifest <scripts/>
+  # scriptsBodyAfter:
+  #    - '<script type="text/javascript" src="https://my.company.com/customJS.min.js"></script>'
+  #  HTML tags injected before ends </head>
+  #  metaScripts:
+  #    - '<script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>'
+  #    - '<script type="text/javascript" src="https://browser.sentry-cdn.com/5.15.5/bundle.min.js"></script>'
+  #    - '<meta name="robots" content="noindex" />'
+  #  HTML tags injected first child at <body/>
+  #  bodyBefore:
+  #    - '<div id="myId">html before webpack scripts</div>'
+  #  Public path for template manifest scripts (only manifest)
+  #  publicPath: http://somedomain.org/
+
+auth:
+  htpasswd:
+    file: ./htpasswd
+    # Maximum amount of users allowed to register, defaults to "+inf".
+    # You can set this to -1 to disable registration.
+    # max_users: 1000
+
+# https://verdaccio.org/docs/configuration#uplinks
+# a list of other known repositories we can talk to
+uplinks:
+  npmjs:
+    url: https://registry.npmjs.org/
+
+# Learn how to protect your packages
+# https://verdaccio.org/docs/protect-your-dependencies/
+# https://verdaccio.org/docs/configuration#packages
+packages:
+  '@*/*':
+    # scoped packages
+    access: $all
+    publish: $authenticated
+    unpublish: $authenticated
+    proxy: npmjs
+
+  '**':
+    # allow all users (including non-authenticated users) to read and
+    # publish all packages
+    #
+    # you can specify usernames/groupnames (depending on your auth plugin)
+    # and three keywords: "$all", "$anonymous", "$authenticated"
+    access: $all
+
+    # allow all known users to publish/publish packages
+    # (anyone can register by default, remember?)
+    publish: $authenticated
+    unpublish: $authenticated
+
+    # if package is not available locally, proxy requests to 'npmjs' registry
+    proxy: npmjs
+
+# To improve your security configuration and  avoid dependency confusion
+# consider removing the proxy property for private packages
+# https://verdaccio.org/docs/best#remove-proxy-to-increase-security-at-private-packages
+
+# https://verdaccio.org/docs/configuration#server
+# You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections.
+# A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout.
+# WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.
+server:
+  keepAliveTimeout: 60
+
+# https://verdaccio.org/docs/configuration#offline-publish
+# publish:
+#   allow_offline: false
+
+# https://verdaccio.org/docs/configuration#url-prefix
+# url_prefix: /verdaccio/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/my_prefix'
+# // url -> https://somedomain.org/my_prefix/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/'
+# // url -> https://somedomain.org/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org/first_prefix';
+# url_prefix: '/second_prefix'
+# // url -> https://somedomain.org/second_prefix/'
+
+# https://verdaccio.org/docs/configuration#security
+# security:
+#   api:
+#     legacy: true
+#     jwt:
+#       sign:
+#         expiresIn: 29d
+#       verify:
+#         someProp: [value]
+#    web:
+#      sign:
+#        expiresIn: 1h # 1 hour by default
+#      verify:
+#         someProp: [value]
+
+# https://verdaccio.org/docs/configuration#user-rate-limit
+# userRateLimit:
+#   windowMs: 50000
+#   max: 1000
+
+# https://verdaccio.org/docs/configuration#max-body-size
+# max_body_size: 10mb
+
+# https://verdaccio.org/docs/configuration#listen-port
+# listen:
+# - localhost:4873            # default value
+# - http://localhost:4873     # same thing
+# - 0.0.0.0:4873              # listen on all addresses (INADDR_ANY)
+# - https://example.org:4873  # if you want to use https
+# - "[::1]:4873"                # ipv6
+# - unix:/tmp/verdaccio.sock    # unix socket
+
+# The HTTPS configuration is useful if you do not consider use a HTTP Proxy
+# https://verdaccio.org/docs/configuration#https
+# https:
+#   key: ./path/verdaccio-key.pem
+#   cert: ./path/verdaccio-cert.pem
+#   ca: ./path/verdaccio-csr.pem
+
+# https://verdaccio.org/docs/configuration#proxy
+# http_proxy: http://something.local/
+# https_proxy: https://something.local/
+
+# https://verdaccio.org/docs/configuration#notifications
+# notify:
+#   method: POST
+#   headers: [{ "Content-Type": "application/json" }]
+#   endpoint: https://usagge.hipchat.com/v2/room/3729485/notification?auth_token=mySecretToken
+#   content: '{"color":"green","message":"New package published: * {{ name }}*","notify":true,"message_format":"text"}'
+
+middlewares:
+  audit:
+    enabled: true
+
+# https://verdaccio.org/docs/logger
+# log settings
+logs: { type: stdout, format: pretty, level: http }
+#experiments:
+#  # support for npm token command
+#  token: false
+#  # enable tarball URL redirect for hosting tarball with a different server, the tarball_url_redirect can be a template string
+#  tarball_url_redirect: 'https://mycdn.com/verdaccio/${packageName}/${filename}'
+#  # the tarball_url_redirect can be a function, takes packageName and filename and returns the url, when working with a js configuration file
+#  tarball_url_redirect(packageName, filename) {
+#    const signedUrl = // generate a signed url
+#    return signedUrl;
+#  }
+
+# translate your registry, api i18n not available yet
+# i18n:
+# list of the available translations https://github.com/verdaccio/verdaccio/blob/master/packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md
+#   web: en-US

docker-examples/v5/plugins/docker-local-plugin/plugins/.eslintrc

@@ -0,0 +1,8 @@
+{
+  "rules": {
+    "max-len": 0,
+    "@typescript-eslint/prefer-optional-chain": 0,
+    "@typescript-eslint/no-unused-vars": 0,
+    "@typescript-eslint/explicit-member-accessibility": 0
+  }
+}

docker-examples/v5/plugins/docker-local-plugin/plugins/verdaccio-docker-memory/lib/index.js

@@ -0,0 +1,17 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', {
+  value: true,
+});
+exports.LocalMemory = undefined;
+
+let _localMemory = require('./local-memory');
+
+let _localMemory2 = _interopRequireDefault(_localMemory);
+
+function _interopRequireDefault(obj) {
+  return obj && obj.__esModule ? obj : { default: obj };
+}
+
+exports.LocalMemory = _localMemory2.default;
+exports.default = _localMemory2.default;

docker-examples/v5/plugins/docker-local-plugin/plugins/verdaccio-docker-memory/lib/local-memory.js

@@ -0,0 +1,96 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', {
+  value: true,
+});
+
+let _memoryHandler = require('./memory-handler');
+
+let _memoryHandler2 = _interopRequireDefault(_memoryHandler);
+
+function _interopRequireDefault(obj) {
+  return obj && obj.__esModule ? obj : { default: obj };
+}
+
+const DEFAULT_LIMIT = 1000;
+
+class LocalMemory {
+  constructor(config, options) {
+    this.config = config;
+    this.limit = config.limit || DEFAULT_LIMIT;
+    this.logger = options.logger;
+    this.data = this._createEmtpyDatabase();
+  }
+
+  getSecret() {
+    return Promise.resolve(this.data.secret);
+  }
+
+  setSecret(secret) {
+    return new Promise((resolve, reject) => {
+      this.data.secret = secret;
+      resolve(null);
+    });
+  }
+
+  add(name, cb) {
+    const list = this.data.list;
+
+    if (list.length < this.limit) {
+      if (list.indexOf(name) === -1) {
+        list.push(name);
+      }
+      cb(null);
+    } else {
+      this.logger.info(
+        { limit: this.limit },
+        'Storage memory has reached limit of @{limit} packages'
+      );
+      cb(new Error('Storage memory has reached limit of limit packages'));
+    }
+  }
+
+  search(onPackage, onEnd, validateName) {
+    // TODO: pending to implement
+    onEnd();
+  }
+
+  remove(name, cb) {
+    const list = this.data.list;
+
+    const item = list.indexOf(name);
+
+    if (item !== -1) {
+      list.splice(item, 1);
+    }
+
+    cb(null);
+  }
+
+  get(cb) {
+    cb(null, this.data.list);
+  }
+
+  sync() {
+    // nothing to do
+  }
+
+  getPackageStorage(packageInfo) {
+    // eslint-disable-next-line new-cap
+    return new _memoryHandler2.default(packageInfo, this.data.files, this.logger);
+  }
+
+  _createEmtpyDatabase() {
+    const list = [];
+    const files = {};
+    const emptyDatabase = {
+      list,
+      files,
+      secret: '',
+    };
+
+    return emptyDatabase;
+  }
+}
+
+exports.default = LocalMemory;

docker-examples/v5/plugins/docker-local-plugin/plugins/verdaccio-docker-memory/lib/memory-handler.js

@@ -0,0 +1,182 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', {
+  value: true,
+});
+exports.fileExist = exports.noSuchFile = undefined;
+
+let _httpErrors = require('http-errors');
+
+let _httpErrors2 = _interopRequireDefault(_httpErrors);
+
+let _memoryFs = require('memory-fs');
+
+let _memoryFs2 = _interopRequireDefault(_memoryFs);
+
+let _streams = require('@verdaccio/streams');
+
+function _interopRequireDefault(obj) {
+  return obj && obj.__esModule ? obj : { default: obj };
+}
+
+// $FlowFixMe
+const noSuchFile = (exports.noSuchFile = 'ENOENT');
+
+const fileExist = (exports.fileExist = 'EEXISTS');
+
+const fSError = function fSError(message, code = 404) {
+  const err = (0, _httpErrors2.default)(code, message);
+  // $FlowFixMe
+  err.code = message;
+
+  return err;
+};
+
+const noPackageFoundError = function noPackageFoundError(message = 'no such package') {
+  const err = (0, _httpErrors2.default)(404, message);
+  // $FlowFixMe
+  err.code = noSuchFile;
+  return err;
+};
+
+// eslint-disable-next-line new-cap
+const fs = new _memoryFs2.default();
+
+class MemoryHandler {
+  constructor(packageName, data, logger) {
+    // this is not need it
+    this.data = data;
+    this.name = packageName;
+    this.logger = logger;
+  }
+
+  updatePackage(pkgFileName, updateHandler, onWrite, transformPackage, onEnd) {
+    let json = this._getStorage(pkgFileName);
+
+    try {
+      json = JSON.parse(json);
+    } catch (err) {
+      return onEnd(err);
+    }
+
+    updateHandler(json, (err) => {
+      if (err) {
+        return onEnd(err);
+      }
+      try {
+        onWrite(pkgFileName, transformPackage(json), onEnd);
+      } catch (err) {
+        return onEnd(fSError('error on parse', 500));
+      }
+    });
+  }
+
+  deletePackage(pkgName, callback) {
+    delete this.data[pkgName];
+    callback(null);
+  }
+
+  removePackage(callback) {
+    callback(null);
+  }
+
+  createPackage(name, value, cb) {
+    this.savePackage(name, value, cb);
+  }
+
+  savePackage(name, value, cb) {
+    try {
+      const json = JSON.stringify(value, null, '\t');
+
+      this.data[name] = json;
+    } catch (err) {
+      cb(fSError(err.message, 500));
+    }
+
+    cb(null);
+  }
+
+  readPackage(name, cb) {
+    const json = this._getStorage(name);
+    const isJson = typeof json === 'undefined';
+
+    try {
+      cb(isJson ? noPackageFoundError() : null, JSON.parse(json));
+    } catch (err) {
+      cb(noPackageFoundError());
+    }
+  }
+
+  writeTarball(name) {
+    const uploadStream = new _streams.UploadTarball();
+    const temporalName = `/${name}`;
+
+    process.nextTick(function () {
+      fs.exists(temporalName, function (exists) {
+        if (exists) {
+          return uploadStream.emit('error', fSError(fileExist));
+        }
+
+        try {
+          const file = fs.createWriteStream(temporalName);
+
+          uploadStream.pipe(file);
+
+          uploadStream.done = function () {
+            const onEnd = function onEnd() {
+              uploadStream.emit('success');
+            };
+
+            uploadStream.on('end', onEnd);
+          };
+
+          uploadStream.abort = function () {
+            uploadStream.emit('error', fSError('transmision aborted', 400));
+            file.end();
+          };
+
+          uploadStream.emit('open');
+        } catch (err) {
+          uploadStream.emit('error', err);
+        }
+      });
+    });
+
+    return uploadStream;
+  }
+
+  readTarball(name) {
+    const pathName = `/${name}`;
+
+    const readTarballStream = new _streams.ReadTarball();
+
+    process.nextTick(function () {
+      fs.exists(pathName, function (exists) {
+        if (!exists) {
+          readTarballStream.emit('error', noPackageFoundError());
+        } else {
+          const readStream = fs.createReadStream(pathName);
+
+          readTarballStream.emit('content-length', fs.data[name].length);
+          readTarballStream.emit('open');
+          readStream.pipe(readTarballStream);
+          readStream.on('error', (error) => {
+            readTarballStream.emit('error', error);
+          });
+
+          readTarballStream.abort = function () {
+            readStream.destroy(fSError('read has been aborted', 400));
+          };
+        }
+      });
+    });
+
+    return readTarballStream;
+  }
+
+  _getStorage(name = '') {
+    return this.data[name];
+  }
+}
+
+exports.default = MemoryHandler;

docker-examples/v5/plugins/docker-local-plugin/plugins/verdaccio-docker-memory/package.json

@@ -0,0 +1,19 @@
+{
+  "name": "verdaccio-docker-memory",
+  "version": "1.0.3",
+  "description": "storage implementation in memory",
+  "main": "lib/index.js",
+  "dependencies": {
+    "@verdaccio/streams": "1.0.0",
+    "http-errors": "1.6.3",
+    "memory-fs": "0.4.1"
+  },
+  "keywords": [
+    "verdaccio",
+    "plugin",
+    "storage"
+  ],
+  "author": "Juan Picado <juanpicado19@gmail.com>",
+  "private": true,
+  "license": "MIT"
+}

docker-examples/v6/README.md

@@ -1,8 +1,22 @@
-# Verdaccio 6
+# Verdaccio 6 Examples
 
 > We recommend to have installed [docker-compose >= 1.29.0](https://github.com/docker/compose/releases/tag/1.29.2)
 
-- [Docker + Nginx + Verdaccio](reverse_proxy/nginx/README.md)
-- [Docker + Apache + Verdaccio](apache-verdaccio/README.md)
+## Mapping Volumes
+
 - [Docker + Local Storage Volume + Verdaccio](docker-local-storage-volume/README.md)
-- [Docker + HTTPS Portal + Verdaccio](https-portal-example/README.md)
+
+## Proxy
+
+- [Docker + Nginx + Verdaccio](proxy/reverse_proxy/nginx/README.md)
+- [Docker + Apache + Verdaccio](proxy/apache-verdaccio/README.md)
+- [Docker + HTTPS Portal + Verdaccio](proxy/https-portal-example/README.md)
+
+> Looking forward more examples with proxies.
+
+## Plugins
+
+Using plugins without `docker-compose` mapping volumes, all withing the `Dockerfile`.
+
+- [Docker + Local Build Auth Plugin (local development)](plugins/docker-build-install-plugin/README.md)
+- [Docker + Auth Plugin (from a registry)](plugins/docker-local-plugin/README.md)

docker-examples/v6/plugins/docker-build-install-plugin/Dockerfile

@@ -0,0 +1,25 @@
+# Docs based on https://github.com/xlts-dev/verdaccio-prometheus-middleware#installation
+
+# Docker multi-stage build - https://docs.docker.com/develop/develop-images/multistage-build/
+# Use an alpine node image to install the plugin
+FROM node:lts-alpine as builder
+
+# Install the metrics middleware plugin
+# npm docs
+# --global-style https://docs.npmjs.com/cli/v7/commands/npm-install#global-style
+# --no-bin-links https://docs.npmjs.com/cli/v7/commands/npm-install#bin-links
+# --omit=optional 
+RUN mkdir -p /verdaccio/plugins \
+  && cd /verdaccio/plugins \
+  && npm install --global-style --no-bin-links --omit=optional verdaccio-auth-memory@latest
+
+# The final built image will be based on the standard Verdaccio docker image.
+FROM verdaccio/verdaccio:nightly-master
+
+# Copy the plugin files over from the 'builder' node image.
+# The `$VERDACCIO_USER_UID` env variable is defined in the base `verdaccio/verdaccio` image.
+# Refer to: https://github.com/verdaccio/verdaccio/blob/v5.2.0/Dockerfile#L32
+ADD docker.yaml /verdaccio/conf/config.yaml  
+COPY --chown=$VERDACCIO_USER_UID:root --from=builder \
+  /verdaccio/plugins/node_modules/verdaccio-auth-memory \
+  /verdaccio/plugins/verdaccio-auth-memory

docker-examples/v6/plugins/docker-build-install-plugin/README.md

@@ -0,0 +1,46 @@
+# Installing a plugin with Docker build
+
+On this small tutorial (based on [`verdaccio-prometheus-middleware`](https://github.com/xlts-dev/verdaccio-prometheus-middleware) example) you will be able to use a published package in any random registry (npmjs by default) and use it withing a docker image without mapping need it.
+
+> Since verdaccio:5 uses `yarn@2` to run the application, this tutorial is a workaround but future prove since verdaccio 6 uses `pnpm` to build the docker image.
+
+There are two main steps to highlight:
+
+- `docker.yaml`: This is a copy of the original configuration file for docker and with small modifications to use the plugin [`verdaccio-auth-memory`](https://www.npmjs.com/package/verdaccio-auth-memory) and custom web title for demonstration.
+- The `Dockerfile` take advance of the docker multi-stage build to install the plugin into the `verdaccio/plugins` folder withing the image, then we apply the right permissions `--chown=$VERDACCIO_USER_UID:root` so the plugin is recognized.
+
+## Run it
+
+Build this image.
+
+```bash
+docker build -t verdaccio/verdaccio:local .
+```
+
+and to run it
+
+```bash
+docker run -it --rm --name verdaccio -p 4873:4873 verdaccio/verdaccio:local
+```
+
+## Usage
+
+```dockerfile
+# Docker multi-stage build - https://docs.docker.com/develop/develop-images/multistage-build/
+# Use an alpine node image to install the plugin
+FROM node:lts-alpine as builder
+
+RUN mkdir -p /verdaccio/plugins \
+  && cd /verdaccio/plugins \
+  && npm install --global-style --no-bin-links --omit=optional verdaccio-auth-memory@latest
+
+FROM verdaccio/verdaccio:5
+
+# copy your modified config.yaml into the image
+ADD docker.yaml /verdaccio/conf/config.yaml
+
+COPY --chown=$VERDACCIO_USER_UID:root --from=builder \
+  /verdaccio/plugins/node_modules/verdaccio-auth-memory \
+  /verdaccio/plugins/verdaccio-auth-memory
+
+```

docker-examples/v6/plugins/docker-build-install-plugin/docker.yaml

@@ -0,0 +1,197 @@
+#
+# This is the default configuration file. It allows all users to do anything,
+# please read carefully the documentation and best practices to
+# improve security.
+#
+# Do not configure host and port under `listen` in this file
+# as it will be ignored when using docker.
+# see https://verdaccio.org/docs/en/docker#docker-and-custom-port-configuration
+#
+# Look here for more config file examples:
+# https://github.com/verdaccio/verdaccio/tree/5.x/conf
+#
+# Read about the best practices
+# https://verdaccio.org/docs/best
+
+# path to a directory with all packages
+storage: /verdaccio/storage/data
+# path to a directory with plugins to include
+plugins: /verdaccio/plugins
+
+# https://verdaccio.org/docs/webui
+web:
+  title: Verdaccio Publish Config Test
+  # comment out to disable gravatar support
+  # gravatar: false
+  # by default packages are ordercer ascendant (asc|desc)
+  # sort_packages: asc
+  # convert your UI to the dark side
+  # darkMode: true
+  # html_cache: true
+  # by default all features are displayed
+  # login: true
+  # showInfo: true
+  # showSettings: true
+  # In combination with darkMode you can force specific theme
+  # showThemeSwitch: true
+  # showFooter: true
+  # showSearch: true
+  # showRaw: true
+  # showDownloadTarball: true
+  #  HTML tags injected after manifest <scripts/>
+  # scriptsBodyAfter:
+  #    - '<script type="text/javascript" src="https://my.company.com/customJS.min.js"></script>'
+  #  HTML tags injected before ends </head>
+  #  metaScripts:
+  #    - '<script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>'
+  #    - '<script type="text/javascript" src="https://browser.sentry-cdn.com/5.15.5/bundle.min.js"></script>'
+  #    - '<meta name="robots" content="noindex" />'
+  #  HTML tags injected first child at <body/>
+  #  bodyBefore:
+  #    - '<div id="myId">html before webpack scripts</div>'
+  #  Public path for template manifest scripts (only manifest)
+  #  publicPath: http://somedomain.org/
+
+# https://verdaccio.org/docs/configuration#authentication
+auth:
+  auth-memory:
+    users:
+      foo:
+        name: foo
+        password: s3cret
+      bar:
+        name: bar
+        password: s3cret
+
+# https://verdaccio.org/docs/configuration#uplinks
+# a list of other known repositories we can talk to
+uplinks:
+  npmjs:
+    url: https://registry.npmjs.org/
+
+# Learn how to protect your packages
+# https://verdaccio.org/docs/protect-your-dependencies/
+# https://verdaccio.org/docs/configuration#packages
+packages:
+  '@*/*':
+    # scoped packages
+    access: $all
+    publish: $authenticated
+    unpublish: $authenticated
+    proxy: npmjs
+
+  '**':
+    # allow all users (including non-authenticated users) to read and
+    # publish all packages
+    #
+    # you can specify usernames/groupnames (depending on your auth plugin)
+    # and three keywords: "$all", "$anonymous", "$authenticated"
+    access: $all
+
+    # allow all known users to publish/publish packages
+    # (anyone can register by default, remember?)
+    publish: $authenticated
+    unpublish: $authenticated
+
+    # if package is not available locally, proxy requests to 'npmjs' registry
+    proxy: npmjs
+
+# To improve your security configuration and  avoid dependency confusion
+# consider removing the proxy property for private packages
+# https://verdaccio.org/docs/best#remove-proxy-to-increase-security-at-private-packages
+
+# https://verdaccio.org/docs/configuration#server
+# You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections.
+# A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout.
+# WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.
+server:
+  keepAliveTimeout: 60
+
+# https://verdaccio.org/docs/configuration#offline-publish
+# publish:
+#   allow_offline: false
+
+# https://verdaccio.org/docs/configuration#url-prefix
+# url_prefix: /verdaccio/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/my_prefix'
+# // url -> https://somedomain.org/my_prefix/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/'
+# // url -> https://somedomain.org/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org/first_prefix';
+# url_prefix: '/second_prefix'
+# // url -> https://somedomain.org/second_prefix/'
+
+# https://verdaccio.org/docs/configuration#security
+# security:
+#   api:
+#     legacy: true
+#     jwt:
+#       sign:
+#         expiresIn: 29d
+#       verify:
+#         someProp: [value]
+#    web:
+#      sign:
+#        expiresIn: 1h # 1 hour by default
+#      verify:
+#         someProp: [value]
+
+# https://verdaccio.org/docs/configuration#user-rate-limit
+# userRateLimit:
+#   windowMs: 50000
+#   max: 1000
+
+# https://verdaccio.org/docs/configuration#max-body-size
+# max_body_size: 10mb
+
+# https://verdaccio.org/docs/configuration#listen-port
+# listen:
+# - localhost:4873            # default value
+# - http://localhost:4873     # same thing
+# - 0.0.0.0:4873              # listen on all addresses (INADDR_ANY)
+# - https://example.org:4873  # if you want to use https
+# - "[::1]:4873"                # ipv6
+# - unix:/tmp/verdaccio.sock    # unix socket
+
+# The HTTPS configuration is useful if you do not consider use a HTTP Proxy
+# https://verdaccio.org/docs/configuration#https
+# https:
+#   key: ./path/verdaccio-key.pem
+#   cert: ./path/verdaccio-cert.pem
+#   ca: ./path/verdaccio-csr.pem
+
+# https://verdaccio.org/docs/configuration#proxy
+# http_proxy: http://something.local/
+# https_proxy: https://something.local/
+
+# https://verdaccio.org/docs/configuration#notifications
+# notify:
+#   method: POST
+#   headers: [{ "Content-Type": "application/json" }]
+#   endpoint: https://usagge.hipchat.com/v2/room/3729485/notification?auth_token=mySecretToken
+#   content: '{"color":"green","message":"New package published: * {{ name }}*","notify":true,"message_format":"text"}'
+
+middlewares:
+  audit:
+    enabled: true
+
+# https://verdaccio.org/docs/logger
+# log settings
+logs: { type: stdout, format: pretty, level: http }
+#experiments:
+#  # support for npm token command
+#  token: false
+#  # enable tarball URL redirect for hosting tarball with a different server, the tarball_url_redirect can be a template string
+#  tarball_url_redirect: 'https://mycdn.com/verdaccio/${packageName}/${filename}'
+#  # the tarball_url_redirect can be a function, takes packageName and filename and returns the url, when working with a js configuration file
+#  tarball_url_redirect(packageName, filename) {
+#    const signedUrl = // generate a signed url
+#    return signedUrl;
+#  }
+
+# translate your registry, api i18n not available yet
+# i18n:
+# list of the available translations https://github.com/verdaccio/verdaccio/blob/master/packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md
+#   web: en-US

docker-examples/v6/plugins/docker-local-plugin/Dockerfile

@@ -0,0 +1,26 @@
+# Docs based on https://github.com/xlts-dev/verdaccio-prometheus-middleware#installation
+# Docker multi-stage build - https://docs.docker.com/develop/develop-images/multistage-build/
+# Use an alpine node image to install the plugin
+FROM node:lts-alpine as builder
+
+RUN mkdir -p /verdaccio/plugins
+
+# Copy the local plugin into the docker image
+ADD plugins/verdaccio-docker-memory /verdaccio/plugins/verdaccio-docker-memory
+# Install the production dependencies (be careful install devDependencies here)
+RUN cd /verdaccio/plugins/verdaccio-docker-memory \
+  && npm install --production
+
+# The final built image will be based on the standard Verdaccio docker image.
+FROM verdaccio/verdaccio:nightly-master
+
+# Copy the plugin files over from the 'builder' node image.
+# The `$VERDACCIO_USER_UID` env variable is defined in the base `verdaccio/verdaccio` image.
+# Refer to: https://github.com/verdaccio/verdaccio/blob/v5.2.0/Dockerfile#L32
+# The local verdaccio-docker-memory is setup as storage
+ADD docker.yaml /verdaccio/conf/config.yaml  
+
+# Copy the plugin into the /verdaccio/plugins 
+COPY --chown=$VERDACCIO_USER_UID:root --from=builder \
+  /verdaccio/plugins/verdaccio-docker-memory \
+  /verdaccio/plugins/verdaccio-docker-memory

docker-examples/v6/plugins/docker-local-plugin/README.md

@@ -0,0 +1,42 @@
+# Installing a local plugin with Docker build
+
+On this small tutorial (based on [`verdaccio-prometheus-middleware`](https://github.com/xlts-dev/verdaccio-prometheus-middleware) example) you will be able to use a published package in any random registry (npmjs by default) and use it withing a docker image without mapping need it.
+
+> Since verdaccio:5 uses `yarn@2` to run the application, this tutorial is a workaround but future prove since verdaccio 6 uses `pnpm` to build the docker image.
+
+There are three main steps to highlight:
+
+- Note the custom plugin at `plugins/verdaccio-docker-memory` under the name `verdaccio-docker-memory`.
+- Install the _production_ dependencies for the plugin `verdaccio-docker-memory`
+- `docker.yaml`: This is a copy of the original configuration file for docker and with small modifications to use the local plugin `verdaccio-docker-memory`.
+- The `Dockerfile` take advance of the docker multi-stage build to copy the local plugin into the `verdaccio/plugins` folder withing the image, then we apply the right permissions `--chown=$VERDACCIO_USER_UID:root` so the plugin is recognized.
+
+## Run it
+
+Build this image.
+
+```bash
+docker build -t verdaccio/verdaccio:local .
+```
+
+and to run it
+
+```bash
+docker run -it --rm --name verdaccio -p 4873:4873 verdaccio/verdaccio:local
+```
+
+## Usage
+
+```dockerfile
+FROM node:lts-alpine as builder
+RUN mkdir -p /verdaccio/plugins
+ADD plugins/verdaccio-docker-memory /verdaccio/plugins/verdaccio-docker-memory
+RUN cd /verdaccio/plugins/verdaccio-docker-memory \
+  && ls -ls \
+  && npm install --production
+FROM verdaccio/verdaccio:5
+ADD docker.yaml /verdaccio/conf/config.yaml
+COPY --chown=$VERDACCIO_USER_UID:root --from=builder \
+  /verdaccio/plugins/verdaccio-docker-memory \
+  /verdaccio/plugins/verdaccio-docker-memory
+```

docker-examples/v6/plugins/docker-local-plugin/docker.yaml

@@ -0,0 +1,199 @@
+#
+# This is the default configuration file. It allows all users to do anything,
+# please read carefully the documentation and best practices to
+# improve security.
+#
+# Do not configure host and port under `listen` in this file
+# as it will be ignored when using docker.
+# see https://verdaccio.org/docs/en/docker#docker-and-custom-port-configuration
+#
+# Look here for more config file examples:
+# https://github.com/verdaccio/verdaccio/tree/5.x/conf
+#
+# Read about the best practices
+# https://verdaccio.org/docs/best
+
+# path to a directory with all packages
+storage: /verdaccio/storage/data
+
+store:
+  # dummy copy of https://www.npmjs.com/package/verdaccio-memory
+  docker-memory:
+    limit: 1000
+
+# path to a directory with plugins to include
+plugins: /verdaccio/plugins
+
+# https://verdaccio.org/docs/webui
+web:
+  title: Verdaccio This is a Test
+  # comment out to disable gravatar support
+  # gravatar: false
+  # by default packages are ordercer ascendant (asc|desc)
+  # sort_packages: asc
+  # convert your UI to the dark side
+  # darkMode: true
+  # html_cache: true
+  # by default all features are displayed
+  # login: true
+  # showInfo: true
+  # showSettings: true
+  # In combination with darkMode you can force specific theme
+  # showThemeSwitch: true
+  # showFooter: true
+  # showSearch: true
+  # showRaw: true
+  # showDownloadTarball: true
+  #  HTML tags injected after manifest <scripts/>
+  # scriptsBodyAfter:
+  #    - '<script type="text/javascript" src="https://my.company.com/customJS.min.js"></script>'
+  #  HTML tags injected before ends </head>
+  #  metaScripts:
+  #    - '<script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>'
+  #    - '<script type="text/javascript" src="https://browser.sentry-cdn.com/5.15.5/bundle.min.js"></script>'
+  #    - '<meta name="robots" content="noindex" />'
+  #  HTML tags injected first child at <body/>
+  #  bodyBefore:
+  #    - '<div id="myId">html before webpack scripts</div>'
+  #  Public path for template manifest scripts (only manifest)
+  #  publicPath: http://somedomain.org/
+
+auth:
+  htpasswd:
+    file: ./htpasswd
+    # Maximum amount of users allowed to register, defaults to "+inf".
+    # You can set this to -1 to disable registration.
+    # max_users: 1000
+
+# https://verdaccio.org/docs/configuration#uplinks
+# a list of other known repositories we can talk to
+uplinks:
+  npmjs:
+    url: https://registry.npmjs.org/
+
+# Learn how to protect your packages
+# https://verdaccio.org/docs/protect-your-dependencies/
+# https://verdaccio.org/docs/configuration#packages
+packages:
+  '@*/*':
+    # scoped packages
+    access: $all
+    publish: $authenticated
+    unpublish: $authenticated
+    proxy: npmjs
+
+  '**':
+    # allow all users (including non-authenticated users) to read and
+    # publish all packages
+    #
+    # you can specify usernames/groupnames (depending on your auth plugin)
+    # and three keywords: "$all", "$anonymous", "$authenticated"
+    access: $all
+
+    # allow all known users to publish/publish packages
+    # (anyone can register by default, remember?)
+    publish: $authenticated
+    unpublish: $authenticated
+
+    # if package is not available locally, proxy requests to 'npmjs' registry
+    proxy: npmjs
+
+# To improve your security configuration and  avoid dependency confusion
+# consider removing the proxy property for private packages
+# https://verdaccio.org/docs/best#remove-proxy-to-increase-security-at-private-packages
+
+# https://verdaccio.org/docs/configuration#server
+# You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections.
+# A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout.
+# WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.
+server:
+  keepAliveTimeout: 60
+
+# https://verdaccio.org/docs/configuration#offline-publish
+# publish:
+#   allow_offline: false
+
+# https://verdaccio.org/docs/configuration#url-prefix
+# url_prefix: /verdaccio/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/my_prefix'
+# // url -> https://somedomain.org/my_prefix/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/'
+# // url -> https://somedomain.org/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org/first_prefix';
+# url_prefix: '/second_prefix'
+# // url -> https://somedomain.org/second_prefix/'
+
+# https://verdaccio.org/docs/configuration#security
+# security:
+#   api:
+#     legacy: true
+#     jwt:
+#       sign:
+#         expiresIn: 29d
+#       verify:
+#         someProp: [value]
+#    web:
+#      sign:
+#        expiresIn: 1h # 1 hour by default
+#      verify:
+#         someProp: [value]
+
+# https://verdaccio.org/docs/configuration#user-rate-limit
+# userRateLimit:
+#   windowMs: 50000
+#   max: 1000
+
+# https://verdaccio.org/docs/configuration#max-body-size
+# max_body_size: 10mb
+
+# https://verdaccio.org/docs/configuration#listen-port
+# listen:
+# - localhost:4873            # default value
+# - http://localhost:4873     # same thing
+# - 0.0.0.0:4873              # listen on all addresses (INADDR_ANY)
+# - https://example.org:4873  # if you want to use https
+# - "[::1]:4873"                # ipv6
+# - unix:/tmp/verdaccio.sock    # unix socket
+
+# The HTTPS configuration is useful if you do not consider use a HTTP Proxy
+# https://verdaccio.org/docs/configuration#https
+# https:
+#   key: ./path/verdaccio-key.pem
+#   cert: ./path/verdaccio-cert.pem
+#   ca: ./path/verdaccio-csr.pem
+
+# https://verdaccio.org/docs/configuration#proxy
+# http_proxy: http://something.local/
+# https_proxy: https://something.local/
+
+# https://verdaccio.org/docs/configuration#notifications
+# notify:
+#   method: POST
+#   headers: [{ "Content-Type": "application/json" }]
+#   endpoint: https://usagge.hipchat.com/v2/room/3729485/notification?auth_token=mySecretToken
+#   content: '{"color":"green","message":"New package published: * {{ name }}*","notify":true,"message_format":"text"}'
+
+middlewares:
+  audit:
+    enabled: true
+
+# https://verdaccio.org/docs/logger
+# log settings
+log: { type: stdout, format: pretty, level: http }
+#experiments:
+#  # support for npm token command
+#  token: false
+#  # enable tarball URL redirect for hosting tarball with a different server, the tarball_url_redirect can be a template string
+#  tarball_url_redirect: 'https://mycdn.com/verdaccio/${packageName}/${filename}'
+#  # the tarball_url_redirect can be a function, takes packageName and filename and returns the url, when working with a js configuration file
+#  tarball_url_redirect(packageName, filename) {
+#    const signedUrl = // generate a signed url
+#    return signedUrl;
+#  }
+
+# translate your registry, api i18n not available yet
+# i18n:
+# list of the available translations https://github.com/verdaccio/verdaccio/blob/master/packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md
+#   web: en-US

docker-examples/v6/plugins/docker-local-plugin/plugins/.eslintrc

@@ -0,0 +1,8 @@
+{
+  "rules": {
+    "max-len": 0,
+    "@typescript-eslint/prefer-optional-chain": 0,
+    "@typescript-eslint/no-unused-vars": 0,
+    "@typescript-eslint/explicit-member-accessibility": 0
+  }
+}

docker-examples/v6/plugins/docker-local-plugin/plugins/verdaccio-docker-memory/lib/index.js

@@ -0,0 +1,22 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', {
+  value: true,
+});
+Object.defineProperty(exports, 'LocalMemory', {
+  enumerable: true,
+  get: function () {
+    return _localMemory.default;
+  },
+});
+exports.default = void 0;
+
+var _localMemory = _interopRequireDefault(require('./local-memory'));
+
+function _interopRequireDefault(obj) {
+  return obj && obj.__esModule ? obj : { default: obj };
+}
+
+var _default = _localMemory.default;
+exports.default = _default;
+//# sourceMappingURL=index.js.map

docker-examples/v6/plugins/docker-local-plugin/plugins/verdaccio-docker-memory/lib/local-memory.js

@@ -0,0 +1,141 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', {
+  value: true,
+});
+exports.default = void 0;
+
+var _debug = _interopRequireDefault(require('debug'));
+
+var _core = require('@verdaccio/core');
+
+var _memoryHandler = _interopRequireDefault(require('./memory-handler'));
+
+function _interopRequireDefault(obj) {
+  return obj && obj.__esModule ? obj : { default: obj };
+}
+
+const debug = (0, _debug.default)('verdaccio:plugin:storage:local-memory');
+const DEFAULT_LIMIT = 1000;
+
+class LocalMemory {
+  constructor(config, options) {
+    this.config = config;
+    this.limit = config.limit || DEFAULT_LIMIT;
+    this.logger = options.logger;
+    this.data = this._createEmtpyDatabase();
+    this.path = '/';
+    debug('start plugin');
+  }
+
+  init() {
+    return Promise.resolve();
+  }
+
+  getSecret() {
+    return Promise.resolve(this.data.secret);
+  }
+
+  setSecret(secret) {
+    return new Promise((resolve) => {
+      this.data.secret = secret;
+      resolve(null);
+    });
+  }
+
+  async add(name) {
+    return new Promise((resolve, reject) => {
+      const { list } = this.data;
+
+      if (list.length < this.limit) {
+        if (list.indexOf(name) === -1) {
+          list.push(name);
+        }
+
+        resolve();
+      } else {
+        this.logger.info(
+          {
+            limit: this.limit,
+          },
+          'Storage memory has reached limit of @{limit} packages'
+        );
+        reject(new Error('Storage memory has reached limit of limit packages'));
+      }
+    });
+  } // eslint-disable-next-line @typescript-eslint/no-unused-vars
+
+  search(onPackage, onEnd) {
+    this.logger.warn('[verdaccio/memory]: search method not implemented, PR is welcome');
+    onEnd();
+  }
+
+  async remove(name) {
+    return new Promise((resolve) => {
+      const { list } = this.data;
+      const item = list.indexOf(name);
+
+      if (item !== -1) {
+        list.splice(item, 1);
+      }
+
+      return resolve();
+    });
+  }
+
+  async get() {
+    var _this$data, _this$data$list, _this$data2;
+
+    debug(
+      'data list length %o',
+      (_this$data = this.data) === null || _this$data === void 0
+        ? void 0
+        : (_this$data$list = _this$data.list) === null || _this$data$list === void 0
+        ? void 0
+        : _this$data$list.length
+    );
+    return Promise.resolve(
+      (_this$data2 = this.data) === null || _this$data2 === void 0 ? void 0 : _this$data2.list
+    );
+  }
+
+  getPackageStorage(packageInfo) {
+    return new _memoryHandler.default(packageInfo, this.data.files, this.logger);
+  }
+
+  _createEmtpyDatabase() {
+    const list = [];
+    const files = {};
+    const emptyDatabase = {
+      list,
+      files,
+      secret: '',
+    };
+    return emptyDatabase;
+  }
+
+  saveToken() {
+    this.logger.warn('[verdaccio/memory][saveToken] save token has not been implemented yet');
+    return Promise.reject(_core.errorUtils.getServiceUnavailable('method not implemented'));
+  }
+
+  deleteToken(user, tokenKey) {
+    this.logger.warn(
+      {
+        tokenKey,
+        user,
+      },
+      '[verdaccio/memory][deleteToken] delete token has not been implemented yet @{user}'
+    );
+    return Promise.reject(_core.errorUtils.getServiceUnavailable('method not implemented'));
+  }
+
+  readTokens() {
+    this.logger.warn('[verdaccio/memory][readTokens] read tokens has not been implemented yet ');
+    return Promise.reject(_core.errorUtils.getServiceUnavailable('method not implemented'));
+  }
+}
+
+var _default = LocalMemory;
+exports.default = _default;
+//# sourceMappingURL=local-memory.js.map

docker-examples/v6/plugins/docker-local-plugin/plugins/verdaccio-docker-memory/lib/memory-handler.js

@@ -0,0 +1,214 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', {
+  value: true,
+});
+exports.default = void 0;
+
+var _debug = _interopRequireDefault(require('debug'));
+
+var _memfs = require('memfs');
+
+var _path = _interopRequireDefault(require('path'));
+
+var _core = require('@verdaccio/core');
+
+var _streams = require('@verdaccio/streams');
+
+var _utils = require('./utils');
+
+function _interopRequireDefault(obj) {
+  return obj && obj.__esModule ? obj : { default: obj };
+}
+
+const debug = (0, _debug.default)('verdaccio:plugin:storage:memory-storage');
+
+class MemoryHandler {
+  constructor(packageName, data, logger) {
+    // this is not need it
+    this.data = data;
+    this.name = packageName;
+    this.logger = logger;
+    this.path = `/${packageName}`;
+    debug('initialized');
+  }
+
+  updatePackage(pkgFileName, updateHandler, onWrite, transformPackage, onEnd) {
+    const json = this._getStorage(pkgFileName);
+
+    let pkg;
+
+    try {
+      pkg = (0, _utils.parsePackage)(json);
+    } catch (err) {
+      return onEnd(err);
+    }
+
+    updateHandler(pkg, (err) => {
+      if (err) {
+        return onEnd(err);
+      }
+
+      try {
+        onWrite(pkgFileName, transformPackage(pkg), onEnd);
+      } catch (err) {
+        return onEnd(_core.errorUtils.getInternalError('error on parse the metadata'));
+      }
+    });
+  }
+
+  deletePackage(pkgName) {
+    delete this.data[pkgName];
+    return Promise.resolve();
+  }
+
+  removePackage() {
+    return Promise.resolve();
+  }
+
+  createPackage(name, value, cb) {
+    debug('create package %o', name);
+    this.savePackage(name, value, cb);
+  }
+
+  savePackage(name, value, cb) {
+    try {
+      debug('save package %o', name);
+      this.data[name] = (0, _utils.stringifyPackage)(value);
+      return cb(null);
+    } catch (err) {
+      return cb(_core.errorUtils.getInternalError(err.message));
+    }
+  }
+
+  async readPackageNext(name) {
+    const json = this._getStorage(name);
+
+    try {
+      return (
+        typeof json === 'undefined' ? _core.errorUtils.getNotFound() : null,
+        (0, _utils.parsePackage)(json)
+      );
+    } catch (err) {
+      throw _core.errorUtils.getNotFound();
+    }
+  }
+
+  readPackage(name, cb) {
+    debug('read package %o', name);
+
+    const json = this._getStorage(name);
+
+    const isJson = typeof json === 'undefined';
+
+    try {
+      return cb(isJson ? _core.errorUtils.getNotFound() : null, (0, _utils.parsePackage)(json));
+    } catch (err) {
+      return cb(_core.errorUtils.getNotFound());
+    }
+  }
+
+  writeTarball(name) {
+    const uploadStream = new _streams.UploadTarball({});
+    const temporalName = `${this.path}/${name}`;
+    debug('write tarball %o', temporalName);
+    process.nextTick(function () {
+      _memfs.fs.mkdirp(_path.default.dirname(temporalName), (mkdirpError) => {
+        if (mkdirpError) {
+          return uploadStream.emit('error', mkdirpError);
+        }
+
+        _memfs.fs.stat(temporalName, function (fileError, stats) {
+          if (!fileError && stats) {
+            return uploadStream.emit('error', _core.errorUtils.getConflict());
+          }
+
+          try {
+            const file = _memfs.fs.createWriteStream(temporalName);
+
+            uploadStream.pipe(file);
+
+            uploadStream.done = function () {
+              const onEnd = function () {
+                uploadStream.emit('success');
+              };
+
+              uploadStream.on('end', onEnd);
+            };
+
+            uploadStream.abort = function () {
+              uploadStream.emit('error', _core.errorUtils.getBadRequest('transmision aborted'));
+              file.end();
+            };
+
+            uploadStream.emit('open');
+            return;
+          } catch (err) {
+            uploadStream.emit('error', err);
+            return;
+          }
+        });
+      });
+    });
+    return uploadStream;
+  }
+
+  readTarball(name) {
+    const pathName = `${this.path}/${name}`;
+    debug('read tarball %o', pathName);
+    const readTarballStream = new _streams.ReadTarball({});
+    process.nextTick(function () {
+      _memfs.fs.stat(pathName, function (error, stats) {
+        if (error && !stats) {
+          return readTarballStream.emit('error', _core.errorUtils.getNotFound());
+        }
+
+        try {
+          const readStream = _memfs.fs.createReadStream(pathName);
+
+          readTarballStream.emit(
+            'content-length',
+            stats === null || stats === void 0 ? void 0 : stats.size
+          );
+          readTarballStream.emit('open');
+          readStream.pipe(readTarballStream);
+          readStream.on('error', (error) => {
+            readTarballStream.emit('error', error);
+          });
+
+          readTarballStream.abort = function () {
+            readStream.destroy(_core.errorUtils.getBadRequest('read has been aborted'));
+          };
+
+          return;
+        } catch (err) {
+          readTarballStream.emit('error', err);
+          return;
+        }
+      });
+    });
+    return readTarballStream;
+  }
+
+  _getStorage(name = '') {
+    debug('get storage %o', name);
+    return this.data[name];
+  } // migration pending
+
+  async updatePackageNext(packageName, handleUpdate) {
+    debug(packageName); // @ts-expect-error
+
+    await handleUpdate({}); // @ts-expect-error
+
+    return Promise.resolve({});
+  }
+
+  async savePackageNext(name, value) {
+    debug(name);
+    debug(value);
+  }
+}
+
+var _default = MemoryHandler;
+exports.default = _default;
+//# sourceMappingURL=memory-handler.js.map

docker-examples/v6/plugins/docker-local-plugin/plugins/verdaccio-docker-memory/lib/utils.js

@@ -0,0 +1,16 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', {
+  value: true,
+});
+exports.parsePackage = parsePackage;
+exports.stringifyPackage = stringifyPackage;
+
+function stringifyPackage(pkg) {
+  return JSON.stringify(pkg, null, '\t');
+}
+
+function parsePackage(pkg) {
+  return JSON.parse(pkg);
+}
+//# sourceMappingURL=utils.js.map

docker-examples/v6/plugins/docker-local-plugin/plugins/verdaccio-docker-memory/package.json

@@ -0,0 +1,56 @@
+{
+  "name": "verdaccio-docker-memory",
+  "version": "11.0.0-6-next.10",
+  "description": "Storage implementation in memory",
+  "keywords": [
+    "private",
+    "package",
+    "repository",
+    "registry",
+    "enterprise",
+    "modules",
+    "proxy",
+    "server",
+    "verdaccio"
+  ],
+  "author": "Juan Picado <juanpicado19@gmail.com>",
+  "license": "MIT",
+  "homepage": "https://verdaccio.org",
+  "repository": {
+    "type": "https",
+    "url": "https://github.com/verdaccio/verdaccio",
+    "directory": "packages/plugins/memory"
+  },
+  "bugs": {
+    "url": "https://github.com/verdaccio/verdaccio/issues"
+  },
+  "main": "lib/index.js",
+  "types": "lib/index.d.ts",
+  "engines": {
+    "node": ">=14",
+    "npm": ">=6"
+  },
+  "dependencies": {
+    "@verdaccio/core": "6.0.0-6-next.5",
+    "@verdaccio/streams": "11.0.0-6-next.5",
+    "memory-fs": "0.5.0",
+    "debug": "4.3.3",
+    "memfs": "3.4.1"
+  },
+  "devDependencies": {
+    "@verdaccio/types": "11.0.0-6-next.12"
+  },
+  "scripts": {
+    "clean": "rimraf ./build",
+    "type-check": "tsc --noEmit -p tsconfig.build.json",
+    "build:types": "tsc --emitDeclarationOnly -p tsconfig.build.json",
+    "build:js": "babel src/ --out-dir build/ --copy-files --extensions \".ts,.tsx\" --source-maps",
+    "build": "pnpm run build:js && pnpm run build:types",
+    "watch": "pnpm build:js -- --watch",
+    "test": "cross-env NODE_ENV=test BABEL_ENV=test jest"
+  },
+  "funding": {
+    "type": "opencollective",
+    "url": "https://opencollective.com/verdaccio"
+  }
+}

docs/development.md

@@ -12,7 +12,7 @@ nvm install
 Verdaccio uses **pnpm** as monorepo management. To install
 
 ```bash
-npm i -g pnpm@latest
+npm i -g pnpm@latest-6
 ```
 
 Install all needed packages

package.json

@@ -61,8 +61,8 @@
     "@types/validator": "13.7.1",
     "@types/webpack": "5.28.0",
     "@types/webpack-env": "1.16.3",
-    "@typescript-eslint/eslint-plugin": "5.16.0",
-    "@typescript-eslint/parser": "5.16.0",
+    "@typescript-eslint/eslint-plugin": "5.25.0",
+    "@typescript-eslint/parser": "5.25.0",
     "@verdaccio/benchmark": "workspace:*",
     "@verdaccio/eslint-config": "workspace:*",
     "@verdaccio/types": "workspace:*",
@@ -77,11 +77,11 @@
     "concurrently": "6.5.1",
     "core-js": "3.20.3",
     "cross-env": "7.0.3",
-    "debug": "4.3.3",
+    "debug": "4.3.4",
     "detect-secrets": "1.0.6",
     "pretty-format": "27.5.1",
     "jest-diff": "27.5.1",
-    "eslint": "8.11.0",
+    "eslint": "8.15.0",
     "fs-extra": "10.0.0",
     "husky": "7.0.4",
     "in-publish": "2.0.1",
@@ -96,7 +96,7 @@
     "node-fetch": "cjs",
     "nodemon": "2.0.15",
     "npm-run-all": "4.1.5",
-    "prettier": "2.6.0",
+    "prettier": "2.6.2",
     "rimraf": "3.0.2",
     "selfsigned": "1.10.14",
     "supertest": "6.2.2",
@@ -147,6 +147,10 @@
     "crowdin:sync": "pnpm crowdin:upload && pnpm crowdin:download --verbose",
     "postinstall": "husky install"
   },
+  "engines": {
+    "node": ">=16.5",
+    "pnpm": ">=6.32.3 <7.0.0"
+  },
   "license": "MIT",
   "lint-staged": {
     "*.{js,jsx,ts,tsx,json,yml,yaml,md}": "prettier --write",

packages/api/package.json

@@ -58,9 +58,9 @@
   },
   "devDependencies": {
     "@types/node": "16.11.21",
-    "@verdaccio/server": "workspace:6.0.0-6-next.30",
+    "@verdaccio/server": "workspace:6.0.0-6-next.31",
     "@verdaccio/types": "workspace:11.0.0-6-next.12",
-    "@verdaccio/test-helper": "workspace:1.1.0-6-next.0",
+    "@verdaccio/test-helper": "workspace:1.1.0-6-next.1",
     "supertest": "6.2.2"
   },
   "funding": {

packages/auth/src/utils.ts

@@ -188,17 +188,17 @@ export function allow_action(action: ActionsAllowed, logger): AllowAction {
     pkg: AuthPackageAllow,
     callback: AllowActionCallback
   ): void {
-    logger.trace({ remote: user.name }, `[auth/allow_action]: user: @{user.name}`);
+    logger.trace({ remote: user.name }, `[auth/allow_action]: user: @{remote}`);
     const { name, groups } = user;
     const groupAccess = pkg[action] as string[];
     const hasPermission = groupAccess.some((group) => name === group || groups.includes(group));
     logger.trace(
       { pkgName: pkg.name, hasPermission, remote: user.name, groupAccess },
-      `[auth/allow_action]: hasPermission? @{hasPermission} for user: @{user}`
+      `[auth/allow_action]: hasPermission? @{hasPermission} for user: @{remote}, package: @{pkgName}`
     );
 
     if (hasPermission) {
-      logger.trace({ remote: user.name }, `auth/allow_action: access granted to: @{user}`);
+      logger.trace({ remote: user.name }, `auth/allow_action: access granted to: @{remote}`);
       return callback(null, true);
     }
 

packages/cli/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @verdaccio/cli
 
+## 6.0.0-6-next.34
+
+### Patch Changes
+
+- @verdaccio/node-api@6.0.0-6-next.32
+
 ## 6.0.0-6-next.33
 
 ### Patch Changes

packages/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/cli",
-  "version": "6.0.0-6-next.33",
+  "version": "6.0.0-6-next.34",
   "author": {
     "name": "Juan Picado",
     "email": "juanpicado19@gmail.com"
@@ -47,7 +47,7 @@
     "@verdaccio/core": "workspace:6.0.0-6-next.5",
     "@verdaccio/config": "workspace:6.0.0-6-next.14",
     "@verdaccio/logger": "workspace:6.0.0-6-next.11",
-    "@verdaccio/node-api": "workspace:6.0.0-6-next.31",
+    "@verdaccio/node-api": "workspace:6.0.0-6-next.32",
     "@verdaccio/fastify-migration": "workspace:6.0.0-6-next.23",
     "clipanion": "3.1.0",
     "envinfo": "7.8.1",

packages/config/src/conf/default.yaml

@@ -1,16 +1,20 @@
 #
-# This is the default config file. It allows all users to do anything,
-# so don't use it on production systems.
+# This is the default configuration file. It allows all users to do anything,
+# please read carefully the documentation and best practices to
+# improve security.
 #
 # Look here for more config file examples:
-# https://github.com/verdaccio/verdaccio/tree/master/packages/config/src/conf
+# https://github.com/verdaccio/verdaccio/tree/5.x/packages/config/src/conf/default.yaml
 #
+# Read about the best practices
+# https://verdaccio.org/docs/best
 
 # path to a directory with all packages
 storage: ./storage
 # path to a directory with plugins to include
 plugins: ./plugins
 
+# https://verdaccio.org/docs/webui
 web:
   title: Verdaccio
   # comment out to disable gravatar support
@@ -43,11 +47,8 @@ web:
   #    - '<div id="myId">html before webpack scripts</div>'
   #  Public path for template manifest scripts (only manifest)
   #  publicPath: http://somedomain.org/
-# translate your registry, api i18n not available yet
-# i18n:
-# list of the available translations https://github.com/verdaccio/ui/tree/master/i18n/translations
-#   web: en-US
 
+# https://verdaccio.org/docs/configuration#authentication
 auth:
   htpasswd:
     file: ./htpasswd
@@ -55,11 +56,15 @@ auth:
     # You can set this to -1 to disable registration.
     # max_users: 1000
 
+# https://verdaccio.org/docs/configuration#uplinks
 # a list of other known repositories we can talk to
 uplinks:
   npmjs:
     url: https://registry.npmjs.org/
 
+# Learn how to protect your packages
+# https://verdaccio.org/docs/protect-your-dependencies/
+# https://verdaccio.org/docs/configuration#packages
 packages:
   '@*/*':
     # scoped packages
@@ -76,7 +81,7 @@ packages:
     # and three keywords: "$all", "$anonymous", "$authenticated"
     access: $all
 
-    # allow all known users to publish/unpublish packages
+    # allow all known users to publish/publish packages
     # (anyone can register by default, remember?)
     publish: $authenticated
     unpublish: $authenticated
@@ -84,32 +89,104 @@ packages:
     # if package is not available locally, proxy requests to 'npmjs' registry
     proxy: npmjs
 
+# To improve your security configuration and  avoid dependency confusion
+# consider removing the proxy property for private packages
+# https://verdaccio.org/docs/best#remove-proxy-to-increase-security-at-private-packages
+
+# https://verdaccio.org/docs/configuration#server
+# You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections.
+# A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout.
+# WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.
 server:
-  # deprecated
   keepAliveTimeout: 60
-#  rateLimit:
-#    windowMs: 1000
-#    max: 10000
+
+# https://verdaccio.org/docs/configuration#offline-publish
+# publish:
+#   allow_offline: false
+
+# https://verdaccio.org/docs/configuration#url-prefix
+# url_prefix: /verdaccio/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/my_prefix'
+# // url -> https://somedomain.org/my_prefix/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/'
+# // url -> https://somedomain.org/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org/first_prefix';
+# url_prefix: '/second_prefix'
+# // url -> https://somedomain.org/second_prefix/'
+
+# https://verdaccio.org/docs/configuration#security
+# security:
+#   api:
+#     legacy: true
+#     jwt:
+#       sign:
+#         expiresIn: 29d
+#       verify:
+#         someProp: [value]
+#    web:
+#      sign:
+#        expiresIn: 1h # 1 hour by default
+#      verify:
+#         someProp: [value]
+
+# https://verdaccio.org/docs/configuration#user-rate-limit
+# userRateLimit:
+#   windowMs: 50000
+#   max: 1000
+
+# https://verdaccio.org/docs/configuration#max-body-size
+# max_body_size: 10mb
+
+# https://verdaccio.org/docs/configuration#listen-port
+# listen:
+# - localhost:4873            # default value
+# - http://localhost:4873     # same thing
+# - 0.0.0.0:4873              # listen on all addresses (INADDR_ANY)
+# - https://example.org:4873  # if you want to use https
+# - "[::1]:4873"                # ipv6
+# - unix:/tmp/verdaccio.sock    # unix socket
+
+# The HTTPS configuration is useful if you do not consider use a HTTP Proxy
+# https://verdaccio.org/docs/configuration#https
+# https:
+#   key: ./path/verdaccio-key.pem
+#   cert: ./path/verdaccio-cert.pem
+#   ca: ./path/verdaccio-csr.pem
+
+# https://verdaccio.org/docs/configuration#proxy
+# http_proxy: http://something.local/
+# https_proxy: https://something.local/
+
+# https://verdaccio.org/docs/configuration#notifications
+# notify:
+#   method: POST
+#   headers: [{ "Content-Type": "application/json" }]
+#   endpoint: https://usagge.hipchat.com/v2/room/3729485/notification?auth_token=mySecretToken
+#   content: '{"color":"green","message":"New package published: * {{ name }}*","notify":true,"message_format":"text"}'
 
 middlewares:
   audit:
     enabled: true
 
+# https://verdaccio.org/docs/logger
 # log settings
-log:
-  # Logger as STDOUT
-  { type: stdout, format: pretty, level: http }
-  # Logger as STDOUT as JSON
-  # { type: stdout, format: json, level: http }
-  # Logger as STDOUT as JSON
-  # { type: stdout, format: pretty-timestamped, level: http }
-  # Logger as STDOUT as custom prettifier
-  # { type: stdout, plugin: { dest: '@verdaccio/logger-prettify' : options: { foo: 1, bar: 2}}, level: http }
-  # Logger as file
-  # { type: file, path: verdaccio.log, level: http}
-  # FIXME: this should be documented
-  # More info about log rotation https://github.com/pinojs/pino/blob/master/docs/help.md#log-rotation
+log: { type: stdout, format: pretty, level: http }
+#experiments:
+#  # support for npm token command
+#  token: false
+#  # disable writing body size to logs, read more on ticket 1912
+#  bytesin_off: false
+#  # enable tarball URL redirect for hosting tarball with a different server, the tarball_url_redirect can be a template string
+#  tarball_url_redirect: 'https://mycdn.com/verdaccio/${packageName}/${filename}'
+#  # the tarball_url_redirect can be a function, takes packageName and filename and returns the url, when working with a js configuration file
+#  tarball_url_redirect(packageName, filename) {
+#    const signedUrl = // generate a signed url
+#    return signedUrl;
+#  }
 
-# This affect the web and api (not developed yet)
+# translate your registry, api i18n not available yet
 i18n:
+  # list of the available translations https://github.com/verdaccio/verdaccio/blob/master/packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md
   web: en-US

packages/config/src/conf/docker.yaml

@@ -1,36 +1,37 @@
 #
-# This is the config file used for the docker images.
-# It allows all users to do anything, so don't use it on production systems.
+# This is the default configuration file. As it allows all users to do anything,
+# please read carefully the documentation and best practices to improve security.
 #
 # Do not configure host and port under `listen` in this file
 # as it will be ignored when using docker.
 # see https://verdaccio.org/docs/en/docker#docker-and-custom-port-configuration
 #
 # Look here for more config file examples:
-# https://github.com/verdaccio/verdaccio/tree/master/packages/config/src/conf
+# https://github.com/verdaccio/verdaccio/tree/5.x/packages/config/src/conf/docker.yaml
 #
+# Read about the best practices
+# https://verdaccio.org/docs/best
 
 # path to a directory with all packages
 storage: /verdaccio/storage/data
 # path to a directory with plugins to include
 plugins: /verdaccio/plugins
 
+# https://verdaccio.org/docs/webui
 web:
-  # WebUI is enabled as default, if you want disable it, just uncomment this line
-  #enable: false
   title: Verdaccio
-  # comment out to disable gravatar support
+  # Comment out to disable gravatar support
   # gravatar: false
-  # by default packages are ordercer ascendant (asc|desc)
+  # By default packages are ordered ascendant (asc|desc)
   # sort_packages: asc
-  # convert your UI to the dark side
+  # Convert your UI to the dark side
   # darkMode: true
   # html_cache: true
-  # by default all features are displayed
+  # By default all features are displayed
   # login: true
   # showInfo: true
   # showSettings: true
-  # In combination with darkMode you can force specific theme
+  # In combination with darkMode you can force a specific theme
   # showThemeSwitch: true
   # showFooter: true
   # showSearch: true
@@ -39,22 +40,18 @@ web:
   #  HTML tags injected after manifest <scripts/>
   # scriptsBodyAfter:
   #    - '<script type="text/javascript" src="https://my.company.com/customJS.min.js"></script>'
-  #  HTML tags injected before ends </head>
+  #  HTML tags injected before end </head>
   #  metaScripts:
   #    - '<script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>'
   #    - '<script type="text/javascript" src="https://browser.sentry-cdn.com/5.15.5/bundle.min.js"></script>'
   #    - '<meta name="robots" content="noindex" />'
-  #  HTML tags injected first child at <body/>
+  #  HTML tags injected as first child at <body/>
   #  bodyBefore:
   #    - '<div id="myId">html before webpack scripts</div>'
   #  Public path for template manifest scripts (only manifest)
   #  publicPath: http://somedomain.org/
 
-# translate your registry, api i18n not available yet
-# i18n:
-# list of the available translations https://github.com/verdaccio/ui/tree/master/i18n/translations
-#   web: en-US
-
+# https://verdaccio.org/docs/configuration#authentication
 auth:
   htpasswd:
     file: /verdaccio/storage/htpasswd
@@ -62,11 +59,15 @@ auth:
     # You can set this to -1 to disable registration.
     # max_users: 1000
 
-# a list of other known repositories we can talk to
+# https://verdaccio.org/docs/configuration#uplinks
+# A list of other known repositories we can talk to
 uplinks:
   npmjs:
     url: https://registry.npmjs.org/
 
+# Learn how to protect your packages
+# https://verdaccio.org/docs/protect-your-dependencies/
+# https://verdaccio.org/docs/configuration#packages
 packages:
   '@*/*':
     # scoped packages
@@ -76,14 +77,14 @@ packages:
     proxy: npmjs
 
   '**':
-    # allow all users (including non-authenticated users) to read and
+    # Allow all users (including non-authenticated users) to read and
     # publish all packages
     #
-    # you can specify usernames/groupnames (depending on your auth plugin)
+    # You can specify usernames/groupnames (depending on your auth plugin)
     # and three keywords: "$all", "$anonymous", "$authenticated"
     access: $all
 
-    # allow all known users to publish/unpublish packages
+    # Allow all known users to publish/publish packages
     # (anyone can register by default, remember?)
     publish: $authenticated
     unpublish: $authenticated
@@ -91,31 +92,106 @@ packages:
     # if package is not available locally, proxy requests to 'npmjs' registry
     proxy: npmjs
 
+# To improve your security configuration and avoid dependency confusion
+# consider removing the proxy property for private packages
+# https://verdaccio.org/docs/best#remove-proxy-to-increase-security-at-private-packages
+
+# https://verdaccio.org/docs/configuration#server
+# You can specify the HTTP/1.1 server keep alive timeout in seconds for incoming connections.
+# A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a
+# keep-alive timeout.
+# WORKAROUND: Through given configuration you can work around the following issue:
+# https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.
+server:
+  keepAliveTimeout: 60
+
+# https://verdaccio.org/docs/configuration#offline-publish
+# publish:
+#   allow_offline: false
+
+# https://verdaccio.org/docs/configuration#url-prefix
+# url_prefix: /verdaccio/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/my_prefix'
+# // url -> https://somedomain.org/my_prefix/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+# url_prefix: '/'
+# // url -> https://somedomain.org/
+# VERDACCIO_PUBLIC_URL='https://somedomain.org/first_prefix';
+# url_prefix: '/second_prefix'
+# // url -> https://somedomain.org/second_prefix/'
+
+# https://verdaccio.org/docs/configuration#security
+# security:
+#   api:
+#     legacy: true
+#     jwt:
+#       sign:
+#         expiresIn: 29d
+#       verify:
+#         someProp: [value]
+#    web:
+#      sign:
+#        expiresIn: 1h # 1 hour by default
+#      verify:
+#         someProp: [value]
+
+# https://verdaccio.org/docs/configuration#user-rate-limit
+# userRateLimit:
+#   windowMs: 50000
+#   max: 1000
+
+# https://verdaccio.org/docs/configuration#max-body-size
+# max_body_size: 10mb
+
+# https://verdaccio.org/docs/configuration#listen-port
+# listen:
+# - localhost:4873            # default value
+# - http://localhost:4873     # same thing
+# - 0.0.0.0:4873              # listen on all addresses (INADDR_ANY)
+# - https://example.org:4873  # if you want to use https
+# - "[::1]:4873"                # ipv6
+# - unix:/tmp/verdaccio.sock    # unix socket
+
+# The HTTPS configuration is useful if you do not consider using an HTTP Proxy
+# https://verdaccio.org/docs/configuration#https
+# https:
+#   key: ./path/verdaccio-key.pem
+#   cert: ./path/verdaccio-cert.pem
+#   ca: ./path/verdaccio-csr.pem
+
+# https://verdaccio.org/docs/configuration#proxy
+# http_proxy: http://something.local/
+# https_proxy: https://something.local/
+
+# https://verdaccio.org/docs/configuration#notifications
+# notify:
+#   method: POST
+#   headers: [{ "Content-Type": "application/json" }]
+#   endpoint: https://usagge.hipchat.com/v2/room/3729485/notification?auth_token=mySecretToken
+#   content: '{"color":"green","message":"New package published: * {{ name }}*","notify":true,"message_format":"text"}'
+
 middlewares:
   audit:
     enabled: true
 
+# https://verdaccio.org/docs/logger
 # log settings
-# log settings
-log:
-  # Logger as STDOUT
-  { type: stdout, format: pretty, level: http }
-  # Logger as STDOUT as JSON
-  # { type: stdout, format: json, level: http }
-  # Logger as STDOUT as JSON
-  # { type: stdout, format: pretty-timestamped, level: http }
-  # Logger as STDOUT as custom prettifier
-  # { type: stdout, plugin: { dest: '@verdaccio/logger-prettify' : options: { foo: 1, bar: 2}}, level: http }
-  # Logger as file
-  # { type: file, path: verdaccio.log, level: http}
-  # FIXME: this should be documented
-# More info about log rotation https://github.com/pinojs/pino/blob/master/docs/help.md#log-rotation
+log: { type: stdout, format: pretty, level: http }
+#experiments:
+#  # Support for npm token command
+#  token: false
+#  # Enable tarball URL redirect for hosting tarball with a different server.
+#  # The tarball_url_redirect can be a template string
+#  tarball_url_redirect: 'https://mycdn.com/verdaccio/${packageName}/${filename}'
+#  # The tarball_url_redirect can be a function, takes packageName and filename and returns the url,
+#  # when working with a js configuration file
+#  tarball_url_redirect(packageName, filename) {
+#    const signedUrl = // generate a signed url
+#    return signedUrl;
+#  }
 
-flags:
-  # support for npm token command
-  token: false
-  # support for the new v1 search endpoint, functional by incomplete read more on ticket 1732
-  search: false
-# This affect the web and api (not developed yet)
-#i18n:
-#web: en-US
+# Translate your registry, api i18n not available yet
+# i18n:
+# list of the available translations https://github.com/verdaccio/verdaccio/blob/master/packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md
+#   web: en-US

packages/node-api/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @verdaccio/node-api
 
+## 6.0.0-6-next.32
+
+### Patch Changes
+
+- @verdaccio/server@6.0.0-6-next.31
+
 ## 6.0.0-6-next.31
 
 ### Patch Changes

packages/node-api/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/node-api",
-  "version": "6.0.0-6-next.31",
+  "version": "6.0.0-6-next.32",
   "description": "node API",
   "main": "build/index.js",
   "types": "build/index.d.ts",
@@ -42,7 +42,7 @@
     "@verdaccio/core": "workspace:6.0.0-6-next.5",
     "@verdaccio/config": "workspace:6.0.0-6-next.14",
     "@verdaccio/logger": "workspace:6.0.0-6-next.11",
-    "@verdaccio/server": "workspace:6.0.0-6-next.30",
+    "@verdaccio/server": "workspace:6.0.0-6-next.31",
     "core-js": "3.20.3",
     "debug": "4.3.3",
     "lodash": "4.17.21"

packages/plugins/memory/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Change Log
 
+## 11.0.0-6-next.10
+
+### Patch Changes
+
+- b8981136: Fix storing tarballs with identical names from different packages in memory plugin
+
 ## 11.0.0-6-next.9
 
 ### Major Changes

packages/plugins/memory/package.json

@@ -1,6 +1,6 @@
 {
   "name": "verdaccio-memory",
-  "version": "11.0.0-6-next.9",
+  "version": "11.0.0-6-next.10",
   "description": "Storage implementation in memory",
   "keywords": [
     "private",

packages/plugins/memory/src/memory-handler.ts

@@ -1,5 +1,6 @@
 import buildDebug from 'debug';
 import { fs } from 'memfs';
+import path from 'path';
 
 import { VerdaccioError, errorUtils } from '@verdaccio/core';
 import { ReadTarball, UploadTarball } from '@verdaccio/streams';
@@ -35,7 +36,7 @@ class MemoryHandler implements IPackageStorageManager {
     this.data = data;
     this.name = packageName;
     this.logger = logger;
-    this.path = '/';
+    this.path = `/${packageName}`;
     debug('initialized');
   }
 
@@ -113,40 +114,45 @@ class MemoryHandler implements IPackageStorageManager {
   }
 
   public writeTarball(name: string): IUploadTarball {
-    debug('write tarball %o', name);
     const uploadStream: IUploadTarball = new UploadTarball({});
-    const temporalName = `/${name}`;
+    const temporalName = `${this.path}/${name}`;
+    debug('write tarball %o', temporalName);
 
     process.nextTick(function () {
-      fs.stat(temporalName, function (fileError, stats) {
-        if (!fileError && stats) {
-          return uploadStream.emit('error', errorUtils.getConflict());
+      fs.mkdirp(path.dirname(temporalName), (mkdirpError) => {
+        if (mkdirpError) {
+          return uploadStream.emit('error', mkdirpError);
         }
+        fs.stat(temporalName, function (fileError, stats) {
+          if (!fileError && stats) {
+            return uploadStream.emit('error', errorUtils.getConflict());
+          }
 
-        try {
-          const file = fs.createWriteStream(temporalName);
+          try {
+            const file = fs.createWriteStream(temporalName);
 
-          uploadStream.pipe(file);
+            uploadStream.pipe(file);
 
-          uploadStream.done = function (): void {
-            const onEnd = function (): void {
-              uploadStream.emit('success');
+            uploadStream.done = function (): void {
+              const onEnd = function (): void {
+                uploadStream.emit('success');
+              };
+
+              uploadStream.on('end', onEnd);
             };
 
-            uploadStream.on('end', onEnd);
-          };
+            uploadStream.abort = function (): void {
+              uploadStream.emit('error', errorUtils.getBadRequest('transmision aborted'));
+              file.end();
+            };
 
-          uploadStream.abort = function (): void {
-            uploadStream.emit('error', errorUtils.getBadRequest('transmision aborted'));
-            file.end();
-          };
-
-          uploadStream.emit('open');
-          return;
-        } catch (err: any) {
-          uploadStream.emit('error', err);
-          return;
-        }
+            uploadStream.emit('open');
+            return;
+          } catch (err: any) {
+            uploadStream.emit('error', err);
+            return;
+          }
+        });
       });
     });
 
@@ -154,8 +160,8 @@ class MemoryHandler implements IPackageStorageManager {
   }
 
   public readTarball(name: string): IReadTarball {
-    const pathName = `/${name}`;
-    debug('read tarball %o', name);
+    const pathName = `${this.path}/${name}`;
+    debug('read tarball %o', pathName);
 
     const readTarballStream: IReadTarball = new ReadTarball({});
 

packages/plugins/memory/test/memory.spec.ts

@@ -299,6 +299,46 @@ describe('writing files', () => {
       });
     }
   });
+
+  test('should support writting identical tarball filenames from different packages', (done) => {
+    const localMemory: IPluginStorage<ConfigMemory> = new LocalMemory(config, defaultConfig);
+    const pkgName1 = 'package1';
+    const pkgName2 = 'package2';
+    const filename = 'tarball-3.0.0.tgz';
+    const dataTarball1 = '12345';
+    const dataTarball2 = '12345678';
+    const handler = localMemory.getPackageStorage(pkgName1);
+    if (handler) {
+      const stream = handler.writeTarball(filename);
+      stream.on('data', (data) => {
+        expect(data.toString()).toBe(dataTarball1);
+      });
+      stream.on('open', () => {
+        stream.done();
+        stream.end();
+      });
+      stream.on('success', () => {
+        const handler = localMemory.getPackageStorage(pkgName2);
+        if (handler) {
+          const stream = handler.writeTarball(filename);
+          stream.on('data', (data) => {
+            expect(data.toString()).toBe(dataTarball2);
+          });
+          stream.on('open', () => {
+            stream.done();
+            stream.end();
+          });
+          stream.on('success', () => {
+            done();
+          });
+
+          stream.write(dataTarball2);
+        }
+      });
+
+      stream.write(dataTarball1);
+    }
+  });
 });
 
 describe('reading files', () => {

packages/plugins/ui-theme/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @verdaccio/ui-theme
 
+## 6.0.0-6-next.25
+
+### Patch Changes
+
+- a828a5f6: fix: #3174 set correctly ui values to html render
+
 ## 6.0.0-6-next.24
 
 ### Minor Changes

packages/plugins/ui-theme/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/ui-theme",
-  "version": "6.0.0-6-next.24",
+  "version": "6.0.0-6-next.25",
   "description": "Verdaccio User Interface",
   "author": {
     "name": "Verdaccio Contributors",
@@ -33,7 +33,7 @@
     "@testing-library/dom": "8.11.2",
     "@testing-library/jest-dom": "5.16.1",
     "@testing-library/react": "12.1.2",
-    "@verdaccio/node-api": "workspace:6.0.0-6-next.31",
+    "@verdaccio/node-api": "workspace:6.0.0-6-next.32",
     "@verdaccio/types": "workspace:*",
     "babel-loader": "8.2.3",
     "babel-plugin-dynamic-import-node": "2.3.3",
@@ -75,7 +75,7 @@
     "raw-loader": "4.0.2",
     "msw": "0.36.5",
     "style-loader": "3.3.1",
-    "stylelint": "14.6.0",
+    "stylelint": "14.8.2",
     "stylelint-config-recommended": "7.0.0",
     "stylelint-config-styled-components": "0.1.1",
     "stylelint-processor-styled-components": "1.10.0",

packages/plugins/ui-theme/src/App/Header/generated_contributors_list.json

@@ -91,6 +91,10 @@
     "username": "mlucool",
     "id": 1813603
   },
+  {
+    "username": "rblaine95",
+    "id": 4052340
+  },
   {
     "username": "UnitedMarsupials-zz",
     "id": 1486340
@@ -119,6 +123,10 @@
     "username": "lirantal",
     "id": 316371
   },
+  {
+    "username": "n4bb12",
+    "id": 6810177
+  },
   {
     "username": "honzahommer",
     "id": 2045468
@@ -151,10 +159,6 @@
     "username": "vip30",
     "id": 4260833
   },
-  {
-    "username": "n4bb12",
-    "id": 6810177
-  },
   {
     "username": "leometzger",
     "id": 15220162
@@ -163,10 +167,6 @@
     "username": "KukuruzaAndrey",
     "id": 16447219
   },
-  {
-    "username": "rblaine95",
-    "id": 4052340
-  },
   {
     "username": "BartDubois",
     "id": 1180931
@@ -199,6 +199,10 @@
     "username": "semoal",
     "id": 22656541
   },
+  {
+    "username": "greshilov",
+    "id": 814614
+  },
   {
     "username": "Jason-Cooke",
     "id": 5185660
@@ -279,10 +283,6 @@
     "username": "ddhp",
     "id": 1715380
   },
-  {
-    "username": "greshilov",
-    "id": 814614
-  },
   {
     "username": "zkochan",
     "id": 1927579
@@ -323,6 +323,10 @@
     "username": "jhonmike",
     "id": 2499937
   },
+  {
+    "username": "s-h-a-d-o-w",
+    "id": 16936908
+  },
   {
     "username": "awshanks",
     "id": 18176417
@@ -379,6 +383,10 @@
     "username": "plitex",
     "id": 2946823
   },
+  {
+    "username": "naveensrinivasan",
+    "id": 172697
+  },
   {
     "username": "nphyatt",
     "id": 6487450
@@ -431,6 +439,10 @@
     "username": "SheetJSDev",
     "id": 6070939
   },
+  {
+    "username": "danez",
+    "id": 231804
+  },
   {
     "username": "MichielDeMey",
     "id": 793406
@@ -551,6 +563,10 @@
     "username": "aszmyd",
     "id": 3050805
   },
+  {
+    "username": "dxwebster",
+    "id": 61834475
+  },
   {
     "username": "alex-dixon",
     "id": 9045165
@@ -567,13 +583,17 @@
     "username": "Alexandre-io",
     "id": 8135542
   },
+  {
+    "username": "AlphaDio",
+    "id": 1067597
+  },
   {
     "username": "amirmohsen",
     "id": 7075106
   },
   {
-    "username": "s-h-a-d-o-w",
-    "id": 16936908
+    "username": "andrewmjordan",
+    "id": 48300131
   },
   {
     "username": "tiandrey",
@@ -615,10 +635,18 @@
     "username": "crohrer",
     "id": 1255222
   },
+  {
+    "username": "christopherklint97",
+    "id": 53100317
+  },
   {
     "username": "cdtinney",
     "id": 3266047
   },
+  {
+    "username": "CommanderRoot",
+    "id": 4395417
+  },
   {
     "username": "conorhastings",
     "id": 8263298
@@ -643,10 +671,18 @@
     "username": "deg",
     "id": 90383
   },
+  {
+    "username": "dafanasiev",
+    "id": 5094703
+  },
   {
     "username": "einfallstoll",
     "id": 619048
   },
+  {
+    "username": "falegh",
+    "id": 49175237
+  },
   {
     "username": "Grabauskas",
     "id": 43740166
@@ -807,10 +843,6 @@
     "username": "paulorenanmelo",
     "id": 5646288
   },
-  {
-    "username": "pjlsergeant",
-    "id": 24754
-  },
   {
     "username": "rafacesar",
     "id": 71136
@@ -879,6 +911,10 @@
     "username": "tcort",
     "id": 216720
   },
+  {
+    "username": "Tiny-Fendy",
+    "id": 8954107
+  },
   {
     "username": "grrowl",
     "id": 907140
@@ -887,6 +923,14 @@
     "username": "tlvince",
     "id": 323761
   },
+  {
+    "username": "patrinos",
+    "id": 2036180
+  },
+  {
+    "username": "TJBlackman",
+    "id": 18412429
+  },
   {
     "username": "varungandhi-src",
     "id": 93103176
@@ -995,6 +1039,10 @@
     "username": "tzachshabtay",
     "id": 1819001
   },
+  {
+    "username": "undefined-moe",
+    "id": 29992205
+  },
   {
     "username": "vegawong",
     "id": 17271745
@@ -1327,6 +1375,10 @@
     "username": "gzuzmark",
     "id": 5327036
   },
+  {
+    "username": "zhuqingguang",
+    "id": 24694223
+  },
   {
     "username": "liamjack",
     "id": 821228
@@ -1387,6 +1439,10 @@
     "username": "machadovilaca",
     "id": 21959383
   },
+  {
+    "username": "LoicGombeaud",
+    "id": 1173317
+  },
   {
     "username": "marekaf",
     "id": 16442967
@@ -1395,6 +1451,10 @@
     "username": "duboisph",
     "id": 33081
   },
+  {
+    "username": "Linuem",
+    "id": 5750970
+  },
   {
     "username": "ArcticSnowman",
     "id": 13837922

packages/plugins/ui-theme/src/i18n/crowdin/ui.json

@@ -183,7 +183,7 @@
     "title": "Package Managers",
     "description": "This is the configuration details for the registry. Each package manager could have different configuration, expand each section for more details. If the section is disable review your configuration.",
     "yarnclassicDetails": "Yarn classic configuration differs from Yarn 2+ configuration. For more details, please visit [Yarn Classic](https://verdaccio.org/docs/cli-registry#yarn-1x).",
-    "yarnBerryDetails": "Yarn Berry does not support the `--registry` flag, instead all configurarion should be defined on the `yarnrc.yalm` file in the root of your project. For more details, please visit [Yarn Berry](https://verdaccio.org/docs/cli-registry#yarn-berry-2x)."
+    "yarnBerryDetails": "Yarn Berry does not support the `--registry` flag, instead all configurarion should be defined on the `yarnrc.yaml` file in the root of your project. For more details, please visit [Yarn Berry](https://verdaccio.org/docs/cli-registry#yarn-berry-2x)."
   },
   "language": {
     "title": "Translations",

packages/plugins/ui-theme/tools/verdaccio.js

@@ -1,14 +1,14 @@
 const fs = require('fs');
 const path = require('path');
 
-const yalm = require('js-yaml');
+const yaml = require('js-yaml');
 const startServer = require('verdaccio').default;
 
 const storageLocation = path.join(__dirname, '../partials/storage');
 const pluginsLocation = path.join(__dirname, '../partials/plugins');
 const configJsonFormat = Object.assign(
   {},
-  yalm.safeLoad(fs.readFileSync('./tools/_verdaccio.config.yaml', 'utf8')),
+  yaml.safeLoad(fs.readFileSync('./tools/_verdaccio.config.yaml', 'utf8')),
   {
     storage: storageLocation,
     plugins: pluginsLocation,

packages/plugins/ui-theme/tools/webpack.dev.config.babel.js

@@ -1,7 +1,7 @@
 import FriendlyErrorsPlugin from 'friendly-errors-webpack-plugin';
 import fs from 'fs';
 import HTMLWebpackPlugin from 'html-webpack-plugin';
-import yalm from 'js-yaml';
+import yaml from 'js-yaml';
 import StyleLintPlugin from 'stylelint-webpack-plugin';
 import webpack from 'webpack';
 
@@ -9,7 +9,7 @@ import env from '../config/env';
 import getPackageJson from './getPackageJson';
 import baseConfig from './webpack.config';
 
-const configJsonFormat = yalm.safeLoad(fs.readFileSync('./tools/_verdaccio.config.yaml', 'utf8'));
+const configJsonFormat = yaml.safeLoad(fs.readFileSync('./tools/_verdaccio.config.yaml', 'utf8'));
 export default {
   ...baseConfig,
   mode: 'development',

packages/server/CHANGELOG.md

@@ -1,5 +1,14 @@
 # @verdaccio/server
 
+## 6.0.0-6-next.31
+
+### Patch Changes
+
+- Updated dependencies [a828a5f6]
+  - @verdaccio/web@6.0.0-6-next.29
+  - @verdaccio/api@6.0.0-6-next.25
+  - @verdaccio/store@6.0.0-6-next.22
+
 ## 6.0.0-6-next.30
 
 ### Patch Changes

packages/server/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/server",
-  "version": "6.0.0-6-next.30",
+  "version": "6.0.0-6-next.31",
   "description": "server logic",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -39,7 +39,7 @@
     "@verdaccio/middleware": "workspace:6.0.0-6-next.22",
     "@verdaccio/store": "workspace:6.0.0-6-next.22",
     "@verdaccio/utils": "workspace:6.0.0-6-next.11",
-    "@verdaccio/web": "workspace:6.0.0-6-next.28",
+    "@verdaccio/web": "workspace:6.0.0-6-next.29",
     "verdaccio-audit": "workspace:11.0.0-6-next.8",
     "compression": "1.7.4",
     "cors": "2.8.5",
@@ -52,7 +52,7 @@
     "@types/node": "16.11.21",
     "@verdaccio/mock": "workspace:6.0.0-6-next.15",
     "@verdaccio/proxy": "workspace:6.0.0-6-next.20",
-    "@verdaccio/test-helper": "workspace:1.1.0-6-next.0",
+    "@verdaccio/test-helper": "workspace:1.1.0-6-next.1",
     "http-errors": "1.8.1",
     "request": "2.88.0"
   },

packages/standalone/package.json

@@ -32,8 +32,8 @@
   "homepage": "https://verdaccio.org",
   "license": "MIT",
   "devDependencies": {
-    "@verdaccio/cli": "workspace:6.0.0-6-next.33",
-    "@verdaccio/ui-theme": "workspace:6.0.0-6-next.24",
+    "@verdaccio/cli": "workspace:6.0.0-6-next.34",
+    "@verdaccio/ui-theme": "workspace:6.0.0-6-next.25",
     "fs-extra": "10.0.0",
     "webpack": "5.67.0",
     "webpack-bundle-analyzer": "4.5.0",

packages/store/package.json

@@ -59,7 +59,7 @@
     "@types/node": "16.11.21",
     "@verdaccio/mock": "workspace:6.0.0-6-next.15",
     "@verdaccio/types": "workspace:11.0.0-6-next.12",
-    "@verdaccio/test-helper": "workspace:1.1.0-6-next.0",
+    "@verdaccio/test-helper": "workspace:1.1.0-6-next.1",
     "undici": "4.15.0",
     "nock": "13.2.2",
     "tmp-promise": "3.0.3",

packages/tools/eslint/package.json

@@ -15,12 +15,12 @@
     "eslint-config-google": "0.14.0",
     "eslint-config-prettier": "8.5.0",
     "eslint-plugin-babel": "5.3.1",
-    "eslint-plugin-import": "2.25.4",
-    "eslint-plugin-jest": "26.1.2",
+    "eslint-plugin-import": "2.26.0",
+    "eslint-plugin-jest": "26.2.2",
     "eslint-plugin-jsx-a11y": "6.5.1",
     "eslint-plugin-prettier": "4.0.0",
-    "eslint-plugin-react": "7.29.4",
-    "eslint-plugin-react-hooks": "4.3.0",
+    "eslint-plugin-react": "7.30.0",
+    "eslint-plugin-react-hooks": "4.5.0",
     "eslint-plugin-simple-import-sort": "7.0.0",
     "eslint-plugin-verdaccio": "10.0.0"
   },

packages/tools/helpers/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Change Log
 
+## 1.1.0-6-next.1
+
+### Patch Changes
+
+- a828a5f6: fix: #3174 set correctly ui values to html render
+
 ## 1.1.0-6-next.0
 
 ### Minor Changes

packages/tools/helpers/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/test-helper",
-  "version": "1.1.0-6-next.0",
+  "version": "1.1.0-6-next.1",
   "private": true,
   "description": "test helpers",
   "author": "Juan Picado <juanpicado19@gmail.com>",

packages/tools/helpers/src/server.ts

@@ -5,6 +5,7 @@ import path from 'path';
 
 import { Auth, IAuth } from '@verdaccio/auth';
 import { Config } from '@verdaccio/config';
+import { API_ERROR, errorUtils } from '@verdaccio/core';
 import { errorReportingMiddleware, final, handleError } from '@verdaccio/middleware';
 import { generateRandomHexString } from '@verdaccio/utils';
 
@@ -27,6 +28,12 @@ export async function initializeServer(
   routesMiddleware.map((route: any) => {
     app.use(route(config, auth, storage));
   });
+
+  // catch 404
+  app.get('/*', function (req, res, next) {
+    next(errorUtils.getNotFound(API_ERROR.FILE_NOT_FOUND));
+  });
+
   // @ts-ignore
   app.use(handleError);
   // @ts-ignore

packages/verdaccio/CHANGELOG.md

@@ -1,5 +1,14 @@
 # verdaccio
 
+## 6.0.0-6-next.41
+
+### Patch Changes
+
+- Updated dependencies [a828a5f6]
+  - @verdaccio/ui-theme@6.0.0-6-next.25
+  - @verdaccio/node-api@6.0.0-6-next.32
+  - @verdaccio/cli@6.0.0-6-next.34
+
 ## 6.0.0-6-next.40
 
 ### Patch Changes

packages/verdaccio/package.json

@@ -1,6 +1,6 @@
 {
   "name": "verdaccio",
-  "version": "6.0.0-6-next.40",
+  "version": "6.0.0-6-next.41",
   "description": "A lightweight private npm proxy registry",
   "main": "build/index.js",
   "types": "build/index.d.ts",
@@ -37,11 +37,11 @@
   },
   "homepage": "https://verdaccio.org",
   "dependencies": {
-    "@verdaccio/cli": "workspace:6.0.0-6-next.33",
+    "@verdaccio/cli": "workspace:6.0.0-6-next.34",
     "@verdaccio/hooks": "workspace:6.0.0-6-next.13",
     "@verdaccio/logger": "workspace:6.0.0-6-next.11",
-    "@verdaccio/node-api": "workspace:6.0.0-6-next.31",
-    "@verdaccio/ui-theme": "workspace:6.0.0-6-next.24",
+    "@verdaccio/node-api": "workspace:6.0.0-6-next.32",
+    "@verdaccio/ui-theme": "workspace:6.0.0-6-next.25",
     "@verdaccio/utils": "workspace:6.0.0-6-next.11",
     "verdaccio-audit": "workspace:11.0.0-6-next.8",
     "verdaccio-htpasswd": "workspace:11.0.0-6-next.13"

packages/web/CHANGELOG.md

@@ -1,5 +1,12 @@
 # @verdaccio/web
 
+## 6.0.0-6-next.29
+
+### Patch Changes
+
+- a828a5f6: fix: #3174 set correctly ui values to html render
+  - @verdaccio/store@6.0.0-6-next.22
+
 ## 6.0.0-6-next.28
 
 ### Minor Changes

packages/web/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/web",
-  "version": "6.0.0-6-next.28",
+  "version": "6.0.0-6-next.29",
   "description": "web ui middleware",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -45,18 +45,19 @@
   "devDependencies": {
     "@types/node": "16.11.21",
     "@verdaccio/types": "workspace:11.0.0-6-next.12",
-    "@verdaccio/test-helper": "workspace:1.1.0-6-next.0",
+    "@verdaccio/test-helper": "workspace:1.1.0-6-next.1",
     "@verdaccio/api": "workspace:6.0.0-6-next.25",
     "node-html-parser": "4.1.5",
     "supertest": "6.2.2",
     "nock": "13.2.2",
+    "jsdom": "20.0.0",
     "undici": "4.15.0",
     "verdaccio-auth-memory": "workspace:11.0.0-6-next.8",
-    "verdaccio-memory": "workspace:11.0.0-6-next.9"
+    "verdaccio-memory": "workspace:11.0.0-6-next.10"
   },
   "scripts": {
     "clean": "rimraf ./build",
-    "test": "cross-env NODE_ENV=test DEBUG=verdaccido* jest -u",
+    "test": "jest",
     "type-check": "tsc --noEmit -p tsconfig.build.json",
     "build:types": "tsc --emitDeclarationOnly -p tsconfig.build.json",
     "build:js": "babel src/ --out-dir build/ --copy-files --extensions \".ts,.tsx\" --source-maps",

packages/web/src/renderHTML.ts

@@ -40,7 +40,17 @@ export default function renderHTML(config, manifest, manifestFiles, req, res) {
     ...config.flags,
   };
   const primaryColor = validatePrimaryColor(config?.web?.primary_color) ?? '#4b5e40';
-  const { scriptsBodyAfter, metaScripts, scriptsbodyBefore } = Object.assign(
+  const {
+    scriptsBodyAfter,
+    metaScripts,
+    scriptsbodyBefore,
+    showInfo,
+    showSettings,
+    showThemeSwitch,
+    showFooter,
+    showSearch,
+    showDownloadTarball,
+  } = Object.assign(
     {},
     {
       scriptsBodyAfter: [],
@@ -50,6 +60,12 @@ export default function renderHTML(config, manifest, manifestFiles, req, res) {
     config?.web
   );
   const options: TemplateUIOptions = {
+    showInfo,
+    showSettings,
+    showThemeSwitch,
+    showFooter,
+    showSearch,
+    showDownloadTarball,
     darkMode,
     url_prefix,
     basename,
@@ -69,10 +85,7 @@ export default function renderHTML(config, manifest, manifestFiles, req, res) {
 
   try {
     webPage = cache.get('template');
-
     if (!webPage) {
-      debug('web options %o', options);
-      debug('web manifestFiles %o', manifestFiles);
       webPage = renderTemplate(
         {
           manifest: manifestFiles ?? defaultManifestFiles,
@@ -83,7 +96,6 @@ export default function renderHTML(config, manifest, manifestFiles, req, res) {
         },
         manifest
       );
-      debug('template :: %o', webPage);
       if (needHtmlCache) {
         cache.set('template', webPage);
         debug('set template cache');
@@ -96,5 +108,5 @@ export default function renderHTML(config, manifest, manifestFiles, req, res) {
   }
   res.setHeader('Content-Type', HEADERS.TEXT_HTML);
   res.send(webPage);
-  debug('render web');
+  debug('web rendered');
 }

packages/web/src/utils/web-utils.ts

@@ -10,7 +10,7 @@ export type AuthorAvatar = Author & { avatar?: string };
 const debug = buildDebug('verdaccio:web:utils');
 
 export function validatePrimaryColor(primaryColor) {
-  const isHex = /^#+([a-fA-F0-9]{6}|[a-fA-F0-9]{3})$/i.test(primaryColor);
+  const isHex = /^#([0-9A-F]{3}){1,2}$/i.test(primaryColor);
   if (!isHex) {
     debug('invalid primary color %o', primaryColor);
     return;

packages/web/test/config/web.yaml

@@ -0,0 +1,46 @@
+auth:
+  auth-memory:
+    users:
+      test:
+        name: test
+        password: test
+
+web:
+  title: verdaccio web
+  login: true
+  scope: '@scope'
+  pkgManagers:
+    - pnpm
+    - yarn
+  showInfo: true
+  showSettings: true
+  showSearch: true
+  showFooter: true
+  showThemeSwitch: true
+  showDownloadTarball: true
+  showRaw: true
+  primary_color: '#ffffff'
+  logoURI: 'http://logo.org/logo.png'
+  flags:
+    - something: false
+
+url_prefix: /prefix
+
+publish:
+  allow_offline: false
+
+uplinks:
+
+log: { type: stdout, format: pretty, level: trace }
+
+packages:
+  '@*/*':
+    access: $anonymous
+    publish: $anonymous
+  '**':
+    access: $anonymous
+    publish: $anonymous
+_debug: true
+
+flags:
+  changePassword: true

packages/web/test/render.test.ts

@@ -1,3 +1,4 @@
+import { JSDOM } from 'jsdom';
 import path from 'path';
 import supertest from 'supertest';
 
@@ -28,34 +29,80 @@ describe('test web server', () => {
   });
 
   describe('render', () => {
-    test('should return the root', async () => {
-      return supertest(await initializeServer('default-test.yaml'))
-        .get('/')
-        .set('Accept', HEADERS.TEXT_HTML)
-        .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.TEXT_HTML_UTF8)
-        .expect(HTTP_STATUS.OK);
+    describe('output', () => {
+      const render = async (config = 'default-test.yaml') => {
+        const response = await supertest(await initializeServer(config))
+          .get('/')
+          .set('Accept', HEADERS.TEXT_HTML)
+          .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.TEXT_HTML_UTF8)
+          .expect(HTTP_STATUS.OK);
+        return new JSDOM(response.text, { runScripts: 'dangerously' });
+      };
+
+      test('should match render set ui properties', async () => {
+        const {
+          window: { __VERDACCIO_BASENAME_UI_OPTIONS },
+        } = await render('web.yaml');
+        expect(__VERDACCIO_BASENAME_UI_OPTIONS).toEqual(
+          expect.objectContaining({
+            showInfo: true,
+            showSettings: true,
+            showThemeSwitch: true,
+            showFooter: true,
+            showSearch: true,
+            showDownloadTarball: true,
+            darkMode: false,
+            url_prefix: '/prefix',
+            basename: '/prefix/',
+            primaryColor: '#ffffff',
+            // FIXME: mock these values, avoid random
+            // base: 'http://127.0.0.1:60864/prefix/',
+            // version: '6.0.0-6-next.28',
+            logoURI: '',
+            flags: { searchRemote: true },
+            login: true,
+            pkgManagers: ['pnpm', 'yarn'],
+            title: 'verdaccio web',
+            scope: '@scope',
+            language: 'es-US',
+          })
+        );
+      });
+
+      test.todo('test default title');
+      test.todo('test need html cache');
     });
 
-    test('should return the body for a package detail page', async () => {
-      return supertest(await initializeServer('default-test.yaml'))
-        .get('/-/web/section/some-package')
-        .set('Accept', HEADERS.TEXT_HTML)
-        .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.TEXT_HTML_UTF8)
-        .expect(HTTP_STATUS.OK);
-    });
+    describe('status', () => {
+      test('should return the http status 200 for root', async () => {
+        return supertest(await initializeServer('default-test.yaml'))
+          .get('/')
+          .set('Accept', HEADERS.TEXT_HTML)
+          .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.TEXT_HTML_UTF8)
+          .expect(HTTP_STATUS.OK);
+      });
 
-    test.skip('should static file not found', async () => {
-      return supertest(await initializeServer('default-test.yaml'))
-        .get('/-/static/not-found.js')
-        .set('Accept', HEADERS.TEXT_HTML)
-        .expect(HTTP_STATUS.NOT_FOUND);
-    });
+      test('should return the body for a package detail page', async () => {
+        return supertest(await initializeServer('default-test.yaml'))
+          .get('/-/web/section/some-package')
+          .set('Accept', HEADERS.TEXT_HTML)
+          .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.TEXT_HTML_UTF8)
+          .expect(HTTP_STATUS.OK);
+      });
 
-    test('should static file found', async () => {
-      return supertest(await initializeServer('default-test.yaml'))
-        .get('/-/static/main.js')
-        .set('Accept', HEADERS.TEXT_HTML)
-        .expect(HTTP_STATUS.OK);
+      test('should static file not found', async () => {
+        return supertest(await initializeServer('default-test.yaml'))
+          .get('/-/static/not-found.js')
+          .set('Accept', HEADERS.TEXT_HTML)
+          .expect(HTTP_STATUS.NOT_FOUND);
+      });
+
+      test('should static file found', async () => {
+        return supertest(await initializeServer('default-test.yaml'))
+          .get('/-/static/main.js')
+          .set('Accept', HEADERS.TEXT_HTML)
+          .expect(HTTP_STATUS.OK);
+      });
     });
   });
 });

packages/web/test/utils.spec.ts

@@ -1,13 +1,22 @@
 import fs from 'fs';
 import path from 'path';
 
-import { parseReadme } from '../src/utils/web-utils';
+import { parseReadme, validatePrimaryColor } from '../src/utils/web-utils';
 
 const readmeFile = (fileName = 'markdown.md') => {
   return fs.readFileSync(path.join(__dirname, `./partials/readme/${fileName}`));
 };
 
 describe('Utilities', () => {
+  describe('validatePrimaryColor', () => {
+    test('is valid', () => {
+      expect(validatePrimaryColor('#222222')).toEqual('#222222');
+      expect(validatePrimaryColor('#222fff')).toEqual('#222fff');
+    });
+    test('is invalid', () => {
+      expect(validatePrimaryColor('fff')).toBeUndefined();
+    });
+  });
   describe('parseReadme', () => {
     test('should parse makrdown text to html template', () => {
       const markdown = '# markdown';

renovate.json

@@ -1,5 +1,5 @@
 {
-  "extends": ["config:base", "schedule:earlyMondays"],
+  "extends": ["config:base", "schedule:earlyMondays", "helpers:pinGitHubActionDigests"],
   "prConcurrentLimit": 1,
   "ignorePaths": ["docker-examples/**"],
   "ignoreDeps": ["eslint-plugin-verdaccio", "@verdaccio/test-helper"],

test/e2e-ui/package.json

@@ -4,7 +4,7 @@
   "version": "2.0.0-6-next.3",
   "devDependencies": {
     "@verdaccio/core": "workspace:6.0.0-6-next.5",
-    "@verdaccio/ui-theme": "workspace:6.0.0-6-next.24",
+    "@verdaccio/ui-theme": "workspace:6.0.0-6-next.25",
     "debug": "4.3.3",
     "kleur": "3.0.3",
     "lodash": "4.17.21",

website/docs/articles.md

@@ -81,6 +81,11 @@ Below is a list of articles about Verdaccio. If you have written a blog post or
 * [NPM privado: 5 razones y 7 recomendaciones para utilizarlo](https://www.todojs.com/npm-privado-5-razones-y-7-recomendaciones/)
 
 
+### Portuguese-BR {#portuguese-BR}
+
+* [Problemas com pacotes do npm? Verdaccio pode ser a solução](https://dev.to/dxwebster/pt-br-problemas-com-pacotes-do-npm-verdaccio-pode-ser-a-solucao-2966)
+
+
 ### German {#german}
 
 * [Struktur für große Angular-Anwendungen: Microservices, Module, MonoRepo?](https://jaxenter.de/struktur-angular-anwendungen-67467)

website/docs/auth.md

@@ -66,12 +66,21 @@ auth:
     file: ./htpasswd
     # Maximum amount of users allowed to register, defaults to "+inf".
     # You can set this to -1 to disable registration.
-    #max_users: 1000
+    # max_users: 1000
+    # Hash algorithm, possible options are: "bcrypt", "md5", "sha1", "crypt".
+    algorithm: bcrypt # by default is crypt, but is recommended use bcrypt for new installations
+    # Rounds number for "bcrypt", will be ignored for other algorithms.
+    rounds: 10    
 ```
 
+> The default algorithm is `crypt`, considered not secure for production environments, it's recommended for new installations use `bcrypt` instead. Note after verdaccio 6.x
+the default will be `bcrypt`.
+
 Property | Type | Required | Example | Support | Description
 --- | --- | --- | --- | --- | ---
 file | string | Yes | ./htpasswd | all | file that host the encrypted credentials
 max_users | number | No | 1000 | all | set limit of users
+algorithm | string | No | bcrypt/md5/sha1/crypt | >=5.13.0 | set hasing password algorithm
+rounds | number | No | 10 | >=5.13.0 | Rounds number for "bcrypt", will be ignored for other algorithms
 
-In case you decide to prevent users from signing up themselves, you can set `max_users: -1`.
+> In case you decide to prevent users from signing up themselves, you can set `max_users: -1`.

website/docs/cli-registry.md

@@ -3,155 +3,8 @@ id: cli-registry
 title: "Using a private registry"
 ---
 
-Setting up a private registry can be achieved in a few ways, let's review all of them. The following commands might be different based on the package manager you are using.
+Setting up a private registry is quite easy on all major Package managers and can be achieved in a few different ways depenging on your goals. The following links details how you can achieve this goal for each major package manager.
 
-### npm (5.x, 6.x) {#npm-5x-6x}
-
-To set the registry in the `.npmrc` file use the following:
-
-```bash
-npm set registry http://localhost:4873/
-```
-
-If you want one single use `--registry` after the required command.
-
-```bash
-npm install --registry http://localhost:4873
-```
-
-Write it yourself by defining in your `.npmrc` a `registry` field.
-
-```bash title=".npmrc"
-registry=http://localhost:4873
-```
-
-> Since `npm@5.x` [ignores the `resolve` field in defined in the lock files](https://medium.com/verdaccio/verdaccio-and-deterministic-lock-files-5339d82d611e), while `pnpm@4.x` and `yarn@1.x` does the opposite.
-
-Or a `publishConfig` in your `package.json`
-
-```json
-{
-  "publishConfig": {
-    "registry": "http://localhost:4873"
-  }
-}
-```
-
-> By using the `publishConfig` the previous two options would be ignored, only use this option if you want to ensure the package is not being published anywhere else.
-
-If you are using either `npm@5.4.x` or `npm@5.5.x`, there are [known issues with tokens](https://github.com/verdaccio/verdaccio/issues/509#issuecomment-359193762), please upgrade to either `6.x` or downgrade to `npm@5.3.0`.
-
-#### SSL and certificates {#ssl-and-certificates}
-
-When using Verdaccio under SSL without a valid certificate, defining `strict-ssl` in your config file is required otherwise you will get `SSL Error: SELF_SIGNED_CERT_IN_CHAIN` errors.
-
-`npm` does not support [invalid certificates anymore](https://blog.npmjs.org/post/78085451721/npms-self-signed-certificate-is-no-more) since 2014.
-
-```bash
-npm config set ca ""
-npm config set strict-ssl false
-```
-
-### npm (7.x) {#npm-7x}
-
-npm `v7.0.0` is more strict with the new `v2` lockfile. If you have mixed `resolved` fields in your lockfile, for instance, having this in your lockfile:
-
-```json
-{
-  "name": "npm7",
-  "version": "1.0.0",
-  "lockfileVersion": 2,
-  "requires": true,
-  "packages": {
-    "": {
-      "version": "1.0.0",
-      "license": "ISC",
-      "dependencies": {
-        "lodash": "4.17.20",
-        "underscore": "^1.11.0"
-      }
-    },
-    ..... // removed for simplicity
-  },
-  "dependencies": {
-    "lodash": {
-      "version": "4.17.20",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz",
-      "integrity": "sha512-PlhdFcillOINfeV7Ni6oF1TAEayyZBoZ8bcshTHqOYJYlrqzRK5hagpagky5o4HfCzzd1TRkXPMFq6cKk9rGmA=="
-    },
-    "underscore": {
-      "version": "1.11.0",
-      "resolved": "http://localhost:4873/underscore/-/underscore-1.11.0.tgz",
-      "integrity": "sha512-xY96SsN3NA461qIRKZ/+qox37YXPtSBswMGfiNptr+wrt6ds4HaMw23TP612fEyGekRE6LNRiLYr/aqbHXNedw=="
-    }
-  }
-}
-```
-
-Either running `npm i --registry https://registry.npmjs.org` or using `.npmrc` will fail your installation.
-
-### yarn {#yarn}
-
-#### Yarn (1.x) {#yarn-1x}
-
-> Be aware npm configurations are valid on the classic version
-
-The classic version is able to regonize the `.npmrc` file, but also provides their own configuration file named `.yarnrc`.
-
-To set up a registry, create a file and define a registry.
-
-```
-// .yarnrc
-registry "http://localhost:4873"
-```
-
-By using this version you should enable `always-auth` in your configuration running:
-
-```
-npm config set always-auth true
-```
-
-`yarn@1.x` does not send the authorization header on `yarn install` if your packages requires authentication, by enabling `always-auth` will force yarn do it on each request.
-
-#### Yarn Berry (>=2.x) {#yarn-berry-2x}
-
-> Yarn berry does not recognize `--registry` or `.npmrc` file anymore.
-
-For defining a registry you must use the `.yarnrc.yml` located in the root of your project or global configuration.
-
-When you publish a package the `npmRegistryServer` must be used. Keep in mind the `publishConfig.registry` in the `package.json` will override this configuration.
-
-```yaml
-// .yarnrc.yml
-npmRegistryServer: "http://localhost:4873"
-
-unsafeHttpWhitelist:
-  - localhost
-```
-
-> `unsafeHttpWhitelist` is only need it if you don't use `https` with a valid certificate.
-
-Using scopes is also possible and more segmented, you can define a token peer scope if is required.
-
-```
-npmRegistries:
-  "https://registry.myverdaccio.org":
-    npmAlwaysAuth: true
-    npmAuthToken: <TOKEN>
-npmScopes:
-  my-company:
-    npmRegistryServer: https://registry.myverdaccio.org
-    npmPublishRegistry: https://registry.myverdaccio.org
-```
-
-for logging via CLi use:
-
-```
-yarn npm login --scope my-company
-```
-
-### pnpm {#pnpm}
-
-> This includes 4.x and 5.x series.
-
-`pnpm` recognize by default the configuration at `.npmrc` and also the `--registry` value, there is no difference in the implementation.
+* [npm](setup-npm.md)
+* [yarn](setup-yarn.md)
+* [pnpm](setup-pnpm.md)

website/docs/docker.md

@@ -234,3 +234,4 @@ There is a separate repository that hosts multiple configurations to compose Doc
 * [verdaccio-docker](https://github.com/idahobean/verdaccio-docker)
 * [verdaccio-server](https://github.com/andru255/verdaccio-server)
 * [coldrye-debian-verdaccio](https://github.com/coldrye-docker/coldrye-debian-verdaccio) docker image providing verdaccio from coldrye-debian-nodejs.
+* [verdaccio-github-oauth-ui](https://github.com/n4bb12/verdaccio-github-oauth-ui/blob/master/Dockerfile)

website/docs/e2e.md

@@ -92,8 +92,11 @@ Via CLI:
 * [aws-sdk cli v3](https://github.com/aws/aws-sdk-js-v3) *(+1k ⭐️)*
 * [angular-eslint](https://github.com/angular-eslint/angular-eslint) *(+1k ⭐️)*
 
-
-
+## Example repositories 
+
+- [e2e-ci-example-gh-actions](https://github.com/juanpicado/e2e-ci-example-gh-actions)
+- [verdaccio-end-to-end-tests](https://github.com/juanpicado/verdaccio-end-to-end-tests)
+- [verdaccio-fork](https://github.com/juanpicado/verdaccio-fork)
 
 
 

website/docs/install.md

@@ -3,7 +3,7 @@ id: installation
 title: "Installation"
 ---
 
-Verdaccio is a multiplatform web application. To install it, you need a few basic prerequisites.
+Verdaccio is a Node.js private and proxy registry. To install it, you need a few basic prerequisites.
 
 ## Prerequisites {#prerequisites}
 
@@ -23,9 +23,7 @@ Are you still using **Verdaccio 4**?. Check the [migration guide](https://verdac
 
 Learn the basics before getting started, how to install, where is the location of the configuration file and more.
 
-[![logo](https://cdn.verdaccio.dev/website/watch-us.png)](https://www.youtube.com/channel/UC5i20v6o7lSjXzAHOvatt0w)
-
-<iframe width="560" height="315" src="https://www.youtube.com/embed/P_hxy7W-IL4?enablejsapi=1" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
+<iframe width="560" height="415" src="https://www.youtube.com/embed/P_hxy7W-IL4?enablejsapi=1" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
 
 ## Installing the CLI {#installing-the-cli}
 
@@ -93,6 +91,8 @@ Or a `publishConfig` in your `package.json`
 }
 ```
 
+For alternative configurations, please read the [Using a private registry](cli-registry.md) section.
+
 ## Create Your Own Private NPM Package Tutorial {#create-your-own-private-npm-package-tutorial}
 
 If you'd like a broader explanation, don't miss the tutorial created by [thedevlife](https://mybiolink.co/thedevlife) on how to Create Your Own Private NPM Package using Verdaccio.
@@ -105,7 +105,15 @@ If you'd like a broader explanation, don't miss the tutorial created by [thedevl
 docker run -it --rm --name verdaccio -p 4873:4873 verdaccio/verdaccio
 ```
 
-`Verdaccio` has an official docker image you can use, and in most cases, the default configuration is good enough. For more information about how to install the official image, [read the docker section](docker.md).
+`Verdaccio` has an official docker image you can use, and in most cases, the default configuration is good enough. For more information about how to install the official image, [read the docker section](docker.md), furthermore you can learn more about combining Docker images in our [docker-examples](https://github.com/verdaccio/verdaccio/tree/master/docker-examples) repository.
+
+## Helm Chart {#helm-chart}
+
+```bash
+$ helm repo add verdaccio https://charts.verdaccio.org
+$ helm repo update
+$ helm install verdaccio/verdaccio
+```
 
 ## Cloudron {#cloudron}
 
@@ -115,6 +123,6 @@ docker run -it --rm --name verdaccio -p 4873:4873 verdaccio/verdaccio
 
 ## Heroku with Docker
 
-For easy deployment you could use [Heroku](https://www.heroku.com/home), the _free_ dino tier allows you to test their platform using a Docker container, check this example.
+For easy deployment you could use [Heroku](https://www.heroku.com/home), the _free_ dyno tier allows you to test their platform using a Docker container, check this example.
 
 [https://github.com/juanpicado/verdaccio-heroku-example](https://github.com/juanpicado/verdaccio-heroku-example)

website/docs/kubernetes.md

@@ -102,6 +102,19 @@ use:
 helm install npm --set existingConfigMap=verdaccio-config verdaccio/verdaccio
 ```
 
+### Authenticate with private upstreams using Helm
+
+As of version `4.8.0` of the helm chart, a new `secretEnvVars` field has been added.  
+This allows you to inject sensitive values to the container via a [Kubernetes Secret](https://kubernetes.io/docs/concepts/configuration/secret/).
+
+1. Update your Verdaccio config according to the [Uplinks](./uplinks.md#auth-property) documentation
+2. Pass the secret environment variable to your values file or via `--set secretEnvVars.FOO_TOKEN=superSecretBarToken`
+```yaml
+# values.yaml
+secretEnvVars:
+  FOO_TOKEN: superSecretBarToken
+```
+
 #### NGINX proxy body-size limit {#nginx-proxy-body-size-limit}
 
 The standard k8s NGINX ingress proxy allows for 1MB for body-size which can be increased

website/docs/plugins.md

@@ -34,10 +34,33 @@ Open the `config.yaml` file and update the `auth` section as follows:
 
 The default configuration looks like this, due we use a build-in `htpasswd` plugin by default that you can disable just commenting out the following lines.
 
+### Naming convention  {#naming-convention}
 
+Since version `2.0.0` until version plugins must start with the following convention:
+
+- `sinopia-xxx` (deprecated and will be removed on 6.x.x)
+- `verdaccio-xxx`
+
+After version `5.12.0` scoped plugins are supported, for example:
+
+```yaml
+auth:
+  '@my-org/auth-awesome-plugin':
+    foo: some value
+    bar: another value
+store:
+  '@my-org/store-awesome-plugin':
+    foo: some value
+    bar: another value    
+middleware:
+  '@my-org/middleware-awesome-plugin':
+    foo: some value
+    bar: another value        
+```
 ### Authentication Configuration {#authentication-configuration}
 
 ```yaml
+auth:
   htpasswd:
     file: ./htpasswd
     # max_users: 1000

website/docs/programmatically.md

@@ -0,0 +1,100 @@
+---
+id: verdaccio-programmatically
+title: "Node.js API"
+---
+
+Verdaccio is a binary command which is available in your enviroment when you install globally the package eg `npm i -g verdaccio`, but also can be dependency in your project and use it programmatically.
+
+### Using `fork` from `child_process` module
+
+Using the binary is the faster way to use verdaccio programatically, you need to add to the config file the `_debug: true` to enable the messaging system, when verdaccio is ready will send `verdaccio_started` string as message as the following example.
+
+> If you are using ESM modules the `require` won't be available.
+
+```typescript
+export function runRegistry(
+  args: string[] = [],
+  childOptions: {}
+): Promise<ChildProcess> {
+  return new Promise((resolve, reject) => {
+        const childFork = fork(require.resolve('verdaccio/bin/verdaccio'), args, childOptions);
+    childFork.on('message', (msg: {verdaccio_started: boolean}) => {
+      if(msg.verdaccio_started){
+        resolve(childFork);
+      }
+    });
+    childFork.on('error', (err: any) => reject([err]));
+    childFork.on('disconnect', (err: any) => reject([err]));  
+  });
+}
+```
+
+You can see the full example on this repository.
+
+[https://github.com/juanpicado/verdaccio-fork](https://github.com/juanpicado/verdaccio-fork
+)
+
+### Using the module API
+
+Feature available in `v5.11.0` and higher.
+
+> Using const verdaccio = require('verdaccio'); as the default module is not encoraged, it's deprecated and recommend use `runServer` for future compability.
+
+There are three ways to use it:
+
+- No input, it will find the `config.yaml` as is you would run `verdaccio` in the console.
+- With a absolute path.
+- With an object (there is a catch here, see below).
+
+```js
+    const {runServer} = require('verdaccio');
+    const app = await runServer(); // default configuration
+    const app = await runServer('./config/config.yaml');
+    const app = await runServer({ configuration });
+    app.listen(4000, (event) => {
+      // do something
+    });
+```
+
+With an object you need to add `self_path`, manually (it's not nice but would be a breaking change changing it now) on v6 this is not longer need it.
+
+```js
+      const {runServer, parseConfigFile} = require('verdaccio');
+      const configPath = join(__dirname, './config.yaml');
+      const c = parseConfigFile(configPath);
+      // workaround
+      // on v5 the `self_path` still exists and will be removed in v6
+      c.self_path = 'foo';
+      runServer(c).then(() => {});
+```
+
+Feature available minor than `v5.11.0`.
+
+> This is a valid way but is discoragued for future releases.
+
+```js
+const fs = require('fs');
+const path = require('path');
+const verdaccio = require('verdaccio').default;
+const YAML = require('js-yaml');
+
+const getConfig = () => {
+ return YAML.safeLoad(fs.readFileSync(path.join(__dirname, 'config.yaml'), 'utf8'));
+}
+
+const cache = path.join(__dirname, 'cache');
+const config = Object.assign({}, getConfig(), {
+  self_path: cache
+});
+
+verdaccio(config, 6000, cache, '1.0.0', 'verdaccio', (webServer, addrs, pkgName, pkgVersion) => {
+  try {
+      webServer.unref();
+      webServer.listen(addrs.port || addrs.path, addrs.host, () => {
+          console.log('verdaccio running');
+      });
+  } catch (error) {
+    console.error(error);
+  }
+});
+```