chore: update versions (6-next) (#3511)

moved to another repository

.changeset/brave-seahorses-press.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-theme': patch
+---
+
+fix: markdown ul and img styles

.changeset/famous-bikes-kneel.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-theme': patch
+---
+
+chore: improve info regarding using private registries

.changeset/four-ways-try.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-theme': minor
+---
+
+feat: upgrade to react 18

.changeset/light-pumas-brake.md

@@ -0,0 +1,7 @@
+---
+'@verdaccio/ui-theme': minor
+'@verdaccio/server-fastify': minor
+'@verdaccio/web': minor
+---
+
+feat: parse and sanitize on ui

.changeset/pre.json

@@ -9,7 +9,6 @@
     "@verdaccio/file-locking": "11.0.0-alpha.0",
     "verdaccio-htpasswd": "11.0.0-alpha.0",
     "@verdaccio/local-storage": "11.0.0-alpha.0",
-    "@verdaccio/readme": "11.0.0-alpha.0",
     "@verdaccio/types": "11.0.0-alpha.0",
     "@verdaccio/hooks": "6.0.0-alpha.0",
     "@verdaccio/loaders": "6.0.0-alpha.0",
@@ -36,7 +35,6 @@
     "@verdaccio/url": "11.0.0-alpha.3",
     "@verdaccio/server-fastify": "6.0.0-6-next.9",
     "@verdaccio/eslint-config": "1.0.0",
-    "@verdaccio/benchmark": "1.0.0",
     "@verdaccio/core": "6.0.0-next.0",
     "@verdaccio/test-helper": "1.0.0",
     "docusaurus-plugin-contributors": "1.0.0",
@@ -61,6 +59,7 @@
     "afraid-mice-obey",
     "angry-nails-appear",
     "big-lobsters-sin",
+    "brave-seahorses-press",
     "bright-poems-obey",
     "brown-cycles-laugh",
     "brown-pandas-wink",
@@ -74,10 +73,12 @@
     "eleven-brooms-hunt",
     "eleven-spoons-matter",
     "fair-lemons-beam",
+    "famous-bikes-kneel",
     "famous-tigers-doubt",
     "few-cooks-destroy",
     "few-mangos-grow",
     "fifty-jars-rest",
+    "four-ways-try",
     "fuzzy-drinks-taste",
     "fuzzy-onions-draw",
     "gentle-parrots-lay",
@@ -92,6 +93,7 @@
     "kind-bears-nail",
     "late-adults-love",
     "late-parents-act",
+    "light-pumas-brake",
     "light-walls-begin",
     "little-stingrays-rule",
     "loud-shoes-jog",
@@ -122,6 +124,7 @@
     "shiny-chefs-heal",
     "shy-ducks-cover",
     "slow-carrots-relate",
+    "slow-snails-sniff",
     "smart-apricots-kneel",
     "smart-beds-cross",
     "smooth-owls-pump",
@@ -134,6 +137,7 @@
     "ten-parents-breathe",
     "tender-bags-call",
     "thick-countries-move",
+    "thick-geese-wash",
     "thick-readers-hang",
     "three-moles-drop",
     "three-pots-sit",

.changeset/slow-snails-sniff.md

@@ -0,0 +1,7 @@
+---
+'@verdaccio/api': patch
+'@verdaccio/ui-theme': patch
+'@verdaccio/web': patch
+---
+
+fix: improve abort request search

.changeset/thick-geese-wash.md

@@ -0,0 +1,21 @@
+---
+'@verdaccio/api': minor
+'@verdaccio/auth': minor
+'@verdaccio/config': minor
+'@verdaccio/core': minor
+'@verdaccio/url': minor
+'@verdaccio/middleware': minor
+'@verdaccio/local-storage': minor
+'@verdaccio/web': minor
+---
+
+chore: move improvements from v5 to v6
+
+Migrate improvements form v5 to v6:
+
+- https://github.com/verdaccio/verdaccio/pull/3158
+- https://github.com/verdaccio/verdaccio/pull/3151
+- https://github.com/verdaccio/verdaccio/pull/2271
+- https://github.com/verdaccio/verdaccio/pull/2787
+- https://github.com/verdaccio/verdaccio/pull/2791
+- https://github.com/verdaccio/verdaccio/pull/2205

.github/workflows/benchmark.yml

@@ -1,174 +0,0 @@
----
-name: ci - benchmark
-
-on:
-  workflow_dispatch:
-  schedule:
-    # 1 time peer week
-    # collecting enough data to draw some graphics
-    - cron: '0 1 * * 1'
-  # push:
-  #   branches:
-  #     - master
-permissions:
-  contents: read
-
-jobs:
-  prepare: 
-    name: Prepare build
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3
-      - uses: actions/setup-node@969bd2663942d722d85b6a8626225850c2f7be4b # tag=v3
-        with:
-          node-version: 16.x
-      - name: install pnpm
-        run: sudo npm i pnpm@latest-6 -g
-      - name: set store
-        run: | 
-          mkdir ~/.pnpm-store
-          pnpm config set store-dir ~/.pnpm-store     
-      - name: setup pnpm config registry
-        run: pnpm config set registry https://registry.verdaccio.org
-      - name: install dependencies
-        run: pnpm install
-      - name: Cache .pnpm-store
-        uses: actions/cache@56461b9eb0f8438fd15c7a9968e3c9ebb18ceff1 # tag=v3
-        with:
-          path: ~/.pnpm-store
-          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
-          restore-keys: |
-            pnpm-              
-      - name: build
-        run: pnpm build
-      - name: tar packages
-        run: |      
-          tar -czvf ${{ github.workspace }}/pkg.tar.gz -C ${{ github.workspace }}/packages .
-      - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3
-        with:
-          name: verdaccio-artifact
-          path: pkg.tar.gz
-  benchmark-autocannon:
-    needs: prepare
-    strategy:
-      fail-fast: false
-      matrix:
-        benchmark:
-          - info
-          - tarball
-        verdaccioVersion:
-          # - local
-          - 3.13.1
-          - 4.12.2
-          - 5.10.2
-          - 6.0.0-6-next.40
-    name: Benchmark autocannon
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3
-      - uses: actions/setup-node@969bd2663942d722d85b6a8626225850c2f7be4b # tag=v3
-        with:
-          node-version: 16.x
-      - uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # tag=v3
-        with:
-          name: verdaccio-artifact
-      - name: untar packages
-        run: tar -xzvf pkg.tar.gz -C ${{ github.workspace }}/packages          
-      - name: install pnpm
-        # require fixed version
-        run: sudo npm i pnpm@latest-6 -g
-      - uses: actions/cache@56461b9eb0f8438fd15c7a9968e3c9ebb18ceff1 # tag=v3
-        with:
-          path: ~/.pnpm-store
-          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}   
-      - name: install dependencies
-        run: pnpm install    
-      - name: start registry
-        run: ./scripts/benchmark-prepare.sh ${{matrix.verdaccioVersion}}        
-      - name: benchmark        
-        run: pnpm benchmark:api -- -v ${{matrix.verdaccioVersion}} -f ${{matrix.benchmark}}       
-        shell: bash
-        env:
-          DEBUG: metrics*
-      - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3
-        with:
-          name: verdaccio-metrics-api
-          path: ./api-results-${{matrix.verdaccioVersion}}-${{matrix.benchmark}}.json  
-          if-no-files-found: error
-          retention-days: 10 
-      - name: submit metrics
-        run: pnpm benchmark:submit
-        env:
-          DEBUG: metrics
-          METRICS_SOURCE: autocannon
-          METRICS_URL: ${{ secrets.METRICS_URL }}
-          METRICS_TOKEN: ${{ secrets.METRICS_TOKEN }}
-          METRICS_BENCHMARK: ${{matrix.benchmark}}
-          METRICS_VERSION: ${{matrix.verdaccioVersion}}
-          METRICS_COMMIT_HASH: ${{ github.sha }}
-          METRICS_FILE_NAME: 'api-results'   
-  benchmark:
-    needs: prepare
-    strategy:
-      fail-fast: false
-      matrix:
-        benchmark:
-          - info
-          - tarball
-        verdaccioVersion:
-          # future 6.x (wip)
-          # - local (master branch)
-          # old versions to compare same test along previous releases
-          - 3.13.1
-          - 4.12.2
-          - 5.10.2
-          - 6.0.0-6-next.40
-    name: Benchmark hyperfine
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3
-      - uses: actions/setup-node@969bd2663942d722d85b6a8626225850c2f7be4b # tag=v3
-        with:
-          node-version: 16.x
-      - uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # tag=v3
-        with:
-          name: verdaccio-artifact
-      - name: untar packages
-        run: tar -xzvf pkg.tar.gz -C ${{ github.workspace }}/packages          
-      - name: install pnpm
-        # require fixed version
-        run: sudo npm i pnpm@latest-6 -g
-      - uses: actions/cache@56461b9eb0f8438fd15c7a9968e3c9ebb18ceff1 # tag=v3
-        with:
-          path: ~/.pnpm-store
-          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}   
-      - name: install dependencies
-        run: pnpm install
-      - name: install hyperfine
-        run: |
-          wget https://github.com/sharkdp/hyperfine/releases/download/v1.11.0/hyperfine_1.11.0_amd64.deb
-          sudo dpkg -i hyperfine_1.11.0_amd64.deb
-      - name: start registry
-        run: ./scripts/benchmark-prepare.sh ${{matrix.verdaccioVersion}}
-      - name: benchmark        
-        run: ./scripts/benchmark-run.sh ${{matrix.benchmark}}
-        # https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#using-a-specific-shell
-        shell: bash
-      - name: rename
-        run: mv ./hyper-results.json ./hyper-results-${{matrix.verdaccioVersion}}-${{matrix.benchmark}}.json
-      - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3
-        with:
-          name: verdaccio-metrics
-          path: ./hyper-results-${{matrix.verdaccioVersion}}-${{matrix.benchmark}}.json  
-          if-no-files-found: error
-          retention-days: 10 
-      - name: submit metrics
-        run: pnpm benchmark:submit
-        env:
-          DEBUG: metrics
-          METRICS_SOURCE: hyperfine
-          METRICS_URL: ${{ secrets.METRICS_URL }}
-          METRICS_TOKEN: ${{ secrets.METRICS_TOKEN }}
-          METRICS_BENCHMARK: ${{matrix.benchmark}}
-          METRICS_VERSION: ${{matrix.verdaccioVersion}}
-          METRICS_COMMIT_HASH: ${{ github.sha }}

.github/workflows/changesets.yml

@@ -25,7 +25,7 @@ jobs:
           fetch-depth: 0
 
       - name: setup node.js
-        uses: actions/setup-node@969bd2663942d722d85b6a8626225850c2f7be4b # tag=v3
+        uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3
         with:
           node-version: 14
           registry-url: 'https://registry.npmjs.org'

.github/workflows/ci-windows.yml

@@ -0,0 +1,130 @@
+name: CI windows
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '5 0 * * SUN' 
+permissions:
+  contents: read
+jobs:
+  prepare:
+    runs-on: ubuntu-latest
+    name: setup verdaccio
+    services:
+      verdaccio:
+        image: verdaccio/verdaccio:nightly-master
+        ports:
+          - 4873:4873
+        env:
+          NODE_ENV: production          
+    steps:
+    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3
+    - name: Node
+      uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3
+      with:
+        node-version-file: '.nvmrc'
+    - name: Install pnpm
+      run: npm i pnpm@6.32.15 -g
+    - name: set store
+      run: |
+        mkdir ~/.pnpm-store
+        pnpm config set store-dir ~/.pnpm-store
+    - name: Install
+      run: pnpm recursive install --frozen-lockfile --registry http://localhost:4873
+    - name: Cache .pnpm-store
+      uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
+      with:
+        path: ~/.pnpm-store
+        key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+        restore-keys: |
+          pnpm-
+  lint:
+    runs-on: windows-latest
+    name: Lint
+    needs: prepare
+    steps:
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3
+      - name: Node
+        uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3
+        with:
+          node-version-file: '.nvmrc'
+      - name: Install pnpm
+        run: npm i pnpm@6.32.15 -g
+      - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: Install
+        run: pnpm recursive install --offline --frozen-lockfile --reporter=silence --ignore-scripts
+      - name: Lint
+        run: pnpm lint
+  format:
+    runs-on: windows-latest
+    name: Format
+    needs: prepare
+    steps:
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3
+      - name: Use Node
+        uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3
+        with:
+          node-version-file: '.nvmrc'
+      - name: Install pnpm
+        run: npm i pnpm@6.32.15 -g
+      - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: Install
+        run: pnpm recursive install --offline --frozen-lockfile --reporter=silence --ignore-scripts
+      - name: Lint
+        run: pnpm format:check
+  build:
+    needs: [format, lint]
+    strategy:
+      fail-fast: true
+      matrix:
+        os: [windows-latest]
+        node_version: [18]
+    name: ${{ matrix.os }} / Node ${{ matrix.node_version }}
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3
+      - name: Use Node ${{ matrix.node_version }}
+        uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3
+        with:
+          node-version: ${{ matrix.node_version }}
+      - name: Install pnpm
+        run: npm i pnpm@6.32.15 -g
+      - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: Install
+        run: pnpm recursive install --offline --frozen-lockfile --reporter=silence --ignore-scripts --registry http://localhost:4873
+      - name: build
+        run: pnpm build
+      - name: Test
+        run: pnpm test
+  ci-e2e-ui:
+    needs: [format, lint]
+    runs-on: windows-latest
+    name: UI Test E2E
+    steps:
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3
+      - uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3
+        with:
+          node-version-file: '.nvmrc'
+      - name: Install pnpm
+        run: npm i pnpm@6.32.15 -g
+      - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: Install
+        run: pnpm recursive install --offline --frozen-lockfile --reporter=silence --registry http://localhost:4873
+      - name: build
+        run: pnpm build
+      - name: Test UI
+        run: pnpm test:e2e:ui
+        # env:
+        #  DEBUG: verdaccio:e2e*

.github/workflows/ci.yml

@@ -29,11 +29,13 @@ jobs:
     steps:
     - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3
     - name: Node
-      uses: actions/setup-node@969bd2663942d722d85b6a8626225850c2f7be4b # tag=v3
+      uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3
       with:
         node-version-file: '.nvmrc'
     - name: Install pnpm
-      run: npm i pnpm@6.32.15 -g
+      run: |
+        corepack enable
+        corepack prepare --activate pnpm@6.32.15
     - name: set store
       run: |
         mkdir ~/.pnpm-store
@@ -41,7 +43,7 @@ jobs:
     - name: Install
       run: pnpm recursive install --frozen-lockfile --registry http://localhost:4873
     - name: Cache .pnpm-store
-      uses: actions/cache@56461b9eb0f8438fd15c7a9968e3c9ebb18ceff1 # tag=v3
+      uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
       with:
         path: ~/.pnpm-store
         key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -54,12 +56,14 @@ jobs:
     steps:
       - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3
       - name: Node
-        uses: actions/setup-node@969bd2663942d722d85b6a8626225850c2f7be4b # tag=v3
+        uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
-        run: npm i pnpm@6.32.15 -g
-      - uses: actions/cache@56461b9eb0f8438fd15c7a9968e3c9ebb18ceff1 # tag=v3
+        run: |
+          corepack enable
+          corepack prepare --activate pnpm@6.32.15
+      - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -74,12 +78,14 @@ jobs:
     steps:
       - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3
       - name: Use Node
-        uses: actions/setup-node@969bd2663942d722d85b6a8626225850c2f7be4b # tag=v3
+        uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
-        run: npm i pnpm@6.32.15 -g
-      - uses: actions/cache@56461b9eb0f8438fd15c7a9968e3c9ebb18ceff1 # tag=v3
+        run: |
+          corepack enable
+          corepack prepare --activate pnpm@6.32.15
+      - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -87,7 +93,7 @@ jobs:
         run: pnpm recursive install --offline --frozen-lockfile --reporter=silence --ignore-scripts
       - name: Lint
         run: pnpm format:check
-  build:
+  test:
     needs: [format, lint]
     strategy:
       fail-fast: true
@@ -99,12 +105,14 @@ jobs:
     steps:
       - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3
       - name: Use Node ${{ matrix.node_version }}
-        uses: actions/setup-node@969bd2663942d722d85b6a8626225850c2f7be4b # tag=v3
+        uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3
         with:
           node-version: ${{ matrix.node_version }}
       - name: Install pnpm
-        run: npm i pnpm@6.32.15 -g
-      - uses: actions/cache@56461b9eb0f8438fd15c7a9968e3c9ebb18ceff1 # tag=v3
+        run: |
+          corepack enable
+          corepack prepare --activate pnpm@6.32.15
+      - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -114,42 +122,21 @@ jobs:
         run: pnpm build
       - name: Test
         run: pnpm test
-  ci-e2e-ui:
-    needs: [format, lint]
-    runs-on: ubuntu-latest
-    name: UI Test E2E
-    steps:
-      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3
-      - uses: actions/setup-node@969bd2663942d722d85b6a8626225850c2f7be4b # tag=v3
-        with:
-          node-version-file: '.nvmrc'
-      - name: Install pnpm
-        run: npm i pnpm@6.32.15 -g
-      - uses: actions/cache@56461b9eb0f8438fd15c7a9968e3c9ebb18ceff1 # tag=v3
-        with:
-          path: ~/.pnpm-store
-          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
-      - name: Install
-        run: pnpm recursive install --offline --frozen-lockfile --reporter=silence --registry http://localhost:4873
-      - name: build
-        run: pnpm build
-      - name: Test UI
-        run: pnpm test:e2e:ui
-        # env:
-        #  DEBUG: verdaccio:e2e*
   sync-translations:
-    needs: [ci-e2e-ui]
+    needs: [test]
     runs-on: ubuntu-latest
     name: synchronize translations
     if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
     steps:
       - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3
-      - uses: actions/setup-node@969bd2663942d722d85b6a8626225850c2f7be4b # tag=v3
+      - uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
-        run: npm i pnpm@6.32.15 -g
-      - uses: actions/cache@56461b9eb0f8438fd15c7a9968e3c9ebb18ceff1 # tag=v3
+        run: |
+          corepack enable
+          corepack prepare --activate pnpm@6.32.15
+      - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}

.github/workflows/codeql-analysis.yml

@@ -34,7 +34,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@807578363a7869ca324a79039e6db9c843e0e100 # tag=v2
+        uses: github/codeql-action/init@c3b6fce4ee2ca25bc1066aa3bf73962fda0e8898 # tag=v2
 
       # Override language selection by uncommenting this and choosing your languages
       # with:
@@ -42,7 +42,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@807578363a7869ca324a79039e6db9c843e0e100 # tag=v2
+        uses: github/codeql-action/autobuild@c3b6fce4ee2ca25bc1066aa3bf73962fda0e8898 # tag=v2
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -56,4 +56,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@807578363a7869ca324a79039e6db9c843e0e100 # tag=v2
+        uses: github/codeql-action/analyze@c3b6fce4ee2ca25bc1066aa3bf73962fda0e8898 # tag=v2

.github/workflows/docker-publish.yml

@@ -15,12 +15,16 @@ on:
       - 'master'
     tags:
       - 'v*'
+
+permissions:
+  contents: read  #  to fetch code (actions/checkout)
+
 jobs:
   docker:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3
-      - uses: docker/setup-qemu-action@27d0a4f181a40b142cce983c5393082c365d1480 # tag=v1
+      - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # tag=v1
       - uses: docker/setup-buildx-action@v1
         with:
           driver-opts: network=host

.github/workflows/e2e-ci.yml

@@ -17,7 +17,7 @@ jobs:
     steps:
     - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3
     - name: Use Node
-      uses: actions/setup-node@969bd2663942d722d85b6a8626225850c2f7be4b # tag=v3
+      uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3
       with:
         node-version-file: '.nvmrc'
     - name: Install pnpm
@@ -29,7 +29,7 @@ jobs:
     - name: Install
       run: pnpm recursive install --frozen-lockfile --reporter=silence --ignore-scripts --registry http://localhost:4873
     - name: Cache .pnpm-store
-      uses: actions/cache@56461b9eb0f8438fd15c7a9968e3c9ebb18ceff1 # tag=v3
+      uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
       with:
         path: ~/.pnpm-store
         key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
@@ -41,12 +41,12 @@ jobs:
     steps:
       - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3
       - name: Use Node 16
-        uses: actions/setup-node@969bd2663942d722d85b6a8626225850c2f7be4b # tag=v3
+        uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
         run: npm i pnpm@6.32.15 -g
-      - uses: actions/cache@56461b9eb0f8438fd15c7a9968e3c9ebb18ceff1 # tag=v3
+      - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
@@ -55,7 +55,7 @@ jobs:
       - name: build
         run: pnpm build
       - name: Cache packages
-        uses: actions/cache@56461b9eb0f8438fd15c7a9968e3c9ebb18ceff1 # tag=v3
+        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
         id: cache-packages
         with:
           path: ./packages/
@@ -63,7 +63,7 @@ jobs:
           restore-keys: |
             packages-
       # - name: Cache test
-      #   uses: actions/cache@56461b9eb0f8438fd15c7a9968e3c9ebb18ceff1 # tag=v3
+      #   uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
       #   id: cache-test
       #   with:
       #     path: ./e2e/
@@ -80,22 +80,22 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3
-      - uses: actions/setup-node@969bd2663942d722d85b6a8626225850c2f7be4b # tag=v3
+      - uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
         run: npm i pnpm@6.32.15 -g
-      - uses: actions/cache@56461b9eb0f8438fd15c7a9968e3c9ebb18ceff1 # tag=v3
+      - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
       - name: Install
         run: pnpm recursive install --offline --frozen-lockfile --reporter=silence --ignore-scripts --registry http://localhost:4873
-      - uses: actions/cache@56461b9eb0f8438fd15c7a9968e3c9ebb18ceff1 # tag=v3
+      - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
         with:
           path: ./packages/
           key: pkg-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
-      # - uses: actions/cache@56461b9eb0f8438fd15c7a9968e3c9ebb18ceff1 # tag=v3
+      # - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
       #   with:
       #     path: ./e2e/
       #     key: test-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}

.github/workflows/e2e-ui.yml

@@ -0,0 +1,36 @@
+name: E2E UI
+
+on: [pull_request]
+permissions:
+  contents: read
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    name: UI Test E2E
+    services:
+      verdaccio:
+        image: verdaccio/verdaccio:5
+        ports:
+          - 4873:4873
+        env:
+          NODE_ENV: production
+    steps:
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3
+      - name: Use Node
+        uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3
+        with:
+          node-version-file: '.nvmrc'
+      - name: Install pnpm
+        run: |
+         corepack enable
+         corepack prepare --activate pnpm@6.32.15
+      - name: Install
+        run: pnpm install --frozen-lockfile --reporter=silence --registry http://localhost:4873
+      - name: build
+        run: pnpm build
+      - name: Test UI
+        run: pnpm test:e2e:ui
+      - uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3
+        with:
+          name: videos
+          path: /home/runner/work/verdaccio/verdaccio/e2e/ui/cypress/videos

.github/workflows/static-data.yml

@@ -10,6 +10,10 @@ on:
   # push:
   #   branches:
   #     - master
+
+permissions:
+  contents: read  #  to fetch code (actions/checkout)
+
 jobs:
   prepare:
     name: Run script
@@ -19,7 +23,7 @@ jobs:
         with:
           persist-credentials: false
           fetch-depth: 0
-      - uses: actions/setup-node@969bd2663942d722d85b6a8626225850c2f7be4b # tag=v3
+      - uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3
         with:
           node-version: 18.x
       - name: install pnpm

.github/workflows/website.yml

@@ -8,8 +8,17 @@ on:
         - './.github/workflows/website.yml'
   schedule:
     - cron: '0 0 * * *' 
+
+permissions:
+  contents: read  #  to fetch code (actions/checkout)
+
 jobs:
   build:
+    permissions:
+      contents: read  #  to fetch code (actions/checkout)
+      deployments: write
+      pull-requests: write  #  to comment on pull-requests
+
     runs-on: ubuntu-latest
     env:
       NODE_OPTIONS: --max_old_space_size=4096
@@ -17,12 +26,12 @@ jobs:
       - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3
 
       - name: Use Node 16
-        uses: actions/setup-node@969bd2663942d722d85b6a8626225850c2f7be4b # tag=v3
+        uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3
         with:
           node-version: 16
 
       - name: Cache pnpm modules
-        uses: actions/cache@56461b9eb0f8438fd15c7a9968e3c9ebb18ceff1 # tag=v3
+        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
         env:
           cache-name: cache-pnpm-modules
         with:
@@ -31,7 +40,7 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-build-${{ env.cache-name }}-${{ matrix.node-version }}-
 
-      - uses: pnpm/action-setup@10693b3829bf86eb2572aef5f3571dcf5ca9287d # tag=v2.2.2
+      - uses: pnpm/action-setup@c3b53f6a16e57305370b4ae5a540c2077a1d50dd # tag=v2.2.4
         with:
           version: 6.32.15
           run_install: |
@@ -42,7 +51,7 @@ jobs:
       - name: Build Translations percentage
         run: pnpm build --filter "@verdaccio/crowdin-translations"
       - name: Cache Docusaurus Build
-        uses: actions/cache@56461b9eb0f8438fd15c7a9968e3c9ebb18ceff1 # tag=v3
+        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
         with:
           path: website/node_modules/.cache/webpack
           key: cache/webpack-${{github.ref}}-${{ hashFiles('**/pnpm-lock.yaml') }}
@@ -91,7 +100,7 @@ jobs:
       - name: Audit preview URL with Lighthouse
         if: github.repository == 'verdaccio/verdaccio'
         id: lighthouse_audit
-        uses: treosh/lighthouse-ci-action@b4dfae3eb959c5226e2c5c6afd563d493188bfaf # tag=9.3.0
+        uses: treosh/lighthouse-ci-action@e0fe113967eee84b631d526ed18ce001f35fe9e9 # tag=9.3.1
         with:
           urls: |
             ${{ steps.netlify_preview.outputs.preview-url }}
@@ -100,7 +109,7 @@ jobs:
 
       - name: Format lighthouse score
         id: format_lighthouse_score
-        uses: actions/github-script@7dff1a87643417cf3b95bb10b29f4c4bc60d8ebd # tag=v6
+        uses: actions/github-script@d556feaca394842dc55e4734bf3bb9f685482fa0 # tag=v6
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           script: |
@@ -125,7 +134,7 @@ jobs:
       - name: Add comment to PR
         if: github.repository == 'verdaccio/verdaccio'
         id: comment_to_pr
-        uses: marocchino/sticky-pull-request-comment@39c5b5dc7717447d0cba270cd115037d32d28443 # tag=v2
+        uses: marocchino/sticky-pull-request-comment@fcf6fe9e4a0409cd9316a5011435be0f3327f1e1 # tag=v2
         with:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           number: ${{ github.event.issue.number }}

.npmrc

@@ -1,5 +1,4 @@
 always-auth = true
 recursive-install = true
-registry = https://registry.verdaccio.org
 loglevel=info
 fetch-retries="10"

CONTRIBUTING.md

@@ -1,59 +1,33 @@
 # Contributing
 
-> Any change matters, whatever the size, just do it.
+> This guidelines refers to the main (`master`) that host the v6.x, if you want to contribute to `5.x` please read the following [link](https://github.com/verdaccio/verdaccio/blob/5.x/CONTRIBUTING.md).
 
-We're happy that you're considering contributing! To help, we've prepared these
-guidelines for you:
+We're happy that you're considering contributing!
 
-**Table of Contents**
-
-- [Contributing](#contributing)
-  - [How Do I Contribute?](#how-do-i-contribute)
-  - [Development Setup](#development-setup)
-    - [Building the project](#building-the-project)
-    - [Running test](#running-test)
-    - [Running and debugging](#running-and-debugging)
-    - [Debugging compiled code](#debugging-compiled-code)
-  - [Reporting Bugs](#reporting-bugs)
-    - [Read the documentation](#read-the-documentation)
-    - [What's is not considered a bug?](#whats-is-not-considered-a-bug)
-    - [Issue Search](#issue-search)
-    - [Chat](#chat)
-  - [Translations](#translations)
-  - [Request Features](#request-features)
-  - [Contributing Guidelines](#contributing-guidelines)
-    - [Submitting a Pull Request](#submitting-a-pull-request)
-    - [Make Changes and Commit](#make-changes-and-commit)
-      - [Caveats](#caveats)
-      - [Before Commit](#before-commit)
-      - [Commit Guidelines](#commit-guidelines)
-    - [Adding a changeset](#adding-a-changeset)
-    - [Update Tests](#update-tests)
-  - [Develop Plugins](#develop-plugins)
+To help you getting started we've prepared these guidelines for you, any change matter, just do it:
 
 ## How Do I Contribute?
 
 There are many ways to contribute:
 
-- Report a bug
-- Request a feature you think would be great for Verdaccio
-- Fix bugs
-- Test and triage bugs reported by others
-- Work on requested/approved features
-- Improve the codebase (linting, naming, comments, test descriptions, etc...)
+- [Report a bug](#reporting-bugs)
+- [Request a feature you think would be great for Verdaccio](#feature-request)
+- [Fixing bugs](https://github.com/verdaccio/verdaccio/issues?q=is%3Aopen+is%3Aissue+label%3A%22issue%3A+bug%22)
+- [Test and triage bugs reported by others](https://github.com/verdaccio/verdaccio/issues?q=is%3Aopen+is%3Aissue+label%3Aissue_needs_triage)
+- [Working on requested/approved features](https://github.com/verdaccio/verdaccio/issues?q=is%3Aopen+is%3Aissue+label%3A%22topic%3A+feature+request%22+)
+- [Improve the codebase (linting, naming, comments, test descriptions, etc...)](https://github.com/verdaccio/verdaccio/discussions/1461)
+- Improve code coverage for unit testing for every module, [end to end](https://github.com/verdaccio/verdaccio/tree/master/e2e/cli) or [UI test](https://github.com/verdaccio/verdaccio/tree/master/e2e/ui) (with cypress).
 
-The Verdaccio project is split into several areas:
+The Verdaccio project is split into several areas, the first three hosted in the main repository:
 
 - **Core**: The [core](https://github.com/verdaccio/verdaccio) is the main repository, built with **Node.js**.
 - **Website**: we use [**Docusaurus**](https://docusaurus.io/) for the **website** and if you are familiar with this technology, you might become the official webmaster.
 - **User Interface**: The [user Interface](https://github.com/verdaccio/ui) is based in **react** and **material-ui** and looking for front-end contributors.
 - **Kubernetes and Helm**: Ts the official repository for the [**Helm chart**](https://github.com/verdaccio/charts).
 
-> There are other areas to contribute, like documentation, translation which are
-> not hosted on this repo but check the last section of this notes for further
-> information.
+> There are other areas to contribute, like [documentation](https://github.com/verdaccio/verdaccio/tree/master/website/docs) or [translations](#translations}).
 
-## Development Setup
+## Prepare local setup {#local-setup}
 
 Verdaccio uses [pnpm](https://pnpm.io) as the package manager for development in this repository.
 
@@ -144,7 +118,7 @@ To run the application from the source code, ensure the project has been built w
 - `pnpm website`: Build the website, for more commands to run the _website_, run `cd website` and then `pnpm serve`, website will run on port `3000`.
 - `pnpm docker`: Build the docker image. Requires `docker` command available in your system.
 
-#### Debugging compiled code
+#### Debugging compiled code {#debugging-compiled-code}
 
 Currently you can only run pre-compiled packages in debug mode. To enable debug
 while running add the `verdaccio` namespace using the `DEBUG` environment
@@ -164,13 +138,50 @@ DEBUG=verdaccio:plugin:* node packages/verdaccio/debug/bootstrap.js
 The debug code is intended to analyze what is happening under the hood and none
 of the output is sent to the logger module.
 
-## Reporting Bugs
+> [See the full guide how to debug with Verdaccio](https://github.com/verdaccio/verdaccio/wiki/Debugging-Verdaccio)
+
+#### Testing your changes in a local registry {#testing-local-registry}
+
+Once you have perform your changes in the code base, the build and tests passes you can publish a local version:
+
+- Ensure you have build all modules (or the one you have modified)
+- Run `pnpm local:publish:release` to launch a local registry and publish all packages into it. This command will be alive until server is killed (Control Key + C)
+
+```
+pnpm build
+pnpm local:publish:release
+```
+
+The last step consist on install globally the package from the local registry which runs on the default port (4873).
+
+```
+npm i -g verdaccio --registry=http://localhost:4873
+verdaccio
+```
+
+If you perform more changes in the source code, repeat this process, there is not _hot reloading_ support.
+
+## Feature Request {#feature-request}
+
+New feature requests are welcome. Analyse whether the idea fits within scope of the project. Adding in context and the use-case will really help!
+
+**Please provide:**
+
+- Create a [discussion](https://github.com/verdaccio/verdaccio/discussions/new).
+- A detailed description the advantages of your request.
+- Whether or not it's compatible with `npm`, `pnpm` and [_yarn classic_
+  ](https://github.com/yarnpkg/yarn) or [_yarn modern_
+  ](https://github.com/yarnpkg/berry).
+- A potential implementation or design
+- Whatever else is on your mind! 🤓
+
+## Reporting Bugs {#reporting-bugs}
 
 **Bugs are considered features that are not working as described in
 documentation.**
 
 If you've found a bug in Verdaccio **that isn't a security risk**, please file
-a report in our [issue tracker](https://github.com/verdaccio/verdaccio/issues).
+a report in our [issue tracker](https://github.com/verdaccio/verdaccio/issues), if you think a potential vulnerability please read the [security policy](https://verdaccio.org/community/security) .
 
 > **NOTE: Verdaccio still does not support all npm commands. Some were not
 > considered important and others have not been requested yet.**
@@ -189,7 +200,7 @@ a report in our [issue tracker](https://github.com/verdaccio/verdaccio/issues).
 If you intend to report a **security** issue, please follow our [Security policy
 guidelines](https://github.com/verdaccio/verdaccio/security/policy).
 
-### Issue Search
+### Issues {#issues}
 
 Before reporting a bug please:
 
@@ -201,53 +212,21 @@ In case any of those match with your search, up-vote it (using GitHub reactions)
 or add additional helpful details to the existing issue to show that it's
 affecting multiple people.
 
-### Chat
+### Contributing support
 
 Questions can be asked via [Discord](https://discord.gg/7qWJxBf)
 
-**Please use the `#help` channel.**
+**Please use the `#contribute` channel.**
 
-## Translations
+## Development Guidelines {#development-guidelines}
 
-All translations are provided by the `crowdin` platform:
-[https://translate.verdaccio.org/](https://translate.verdaccio.org/)
+It's recommended use a UNIX system for local development, Windows should works fine for development, but is not daily tested could not be perfect. To ensure a fast code review and merge, please follow the next guidelines:
 
-If you want to contribute by adding translations, create an account (GitHub could be used as fast alternative), in the platform you can contribute to two areas, the website or improve User Interface translations.
+Any contribution gives you the right to be part of this organization as _collaborator_ and your avatar will be automatically added to the [contributors page](https://verdaccio.org/contributors).
 
-If a language is not listed, ask for it in the [Discord](https://discord.gg/7qWJxBf) channel #contribute channel.
+## Pull Request {#pull-request}
 
-For adding a new **language** on the UI follow these steps:
-
-1. Ensure the **language** has been enabled, must be visible in the `crowdin` platform.
-2. Find in the explorer the file `en.US.json` in the path `packages/plugins/ui-theme/src/i18n/crowdin/ui.json` and complete the translations, **not need to find approval on this**.
-3. Into the project, add a new field into `packages/plugins/ui-theme/src/i18n/crowdin/ui.json` file, in the section `lng`, the new language, eg: `{ lng: {korean:"Korean"}}`. (This file is English based, once the PR has been merged, this string will be available in crowdin for translate to the targeted language).
-4. Add the language, [flag icon](https://www.npmjs.com/package/country-flag-icons), and the menu key fort he new language eg: `menuKey: 'lng.korean'` to the file `packages/plugins/ui-theme/src/i18n/enabledLanguages.ts`.
-5. For local testing, read `packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md`.
-6. Add a `changeset` file, see more info below.
-
-## Request Features
-
-New feature requests are welcome. Analyse whether the idea fits within scope of
-the project. Adding in context and the use-case will really help!
-
-**Please provide:**
-
-- A detailed description the advantages of your request
-- Whether or not it's compatible with `npm`, `pnpm` and [_yarn classic_
-  ](https://github.com/yarnpkg/yarn) or [_yarn modern_
-  ](https://github.com/yarnpkg/berry).
-- A potential implementation or design
-- Whatever else is on your mind! 🤓
-
-## Contributing Guidelines
-
-It's very exciting to become a Verdaccio contributor 🙌🏼. To ensure a fast code
-review and merge, please follow the next guidelines:
-
-> Any contribution gives you the right to be part of this organization as
-> _collaborator_.
-
-### Submitting a Pull Request
+### Submitting a Pull Request {#submit-pull-request}
 
 The following are the steps you should follow when creating a pull request.
 Subsequent pull requests only need to follow step 3 and beyond.
@@ -275,10 +254,10 @@ Feel free to commit as much times you want in your branch, but keep on mind on
 this repository we `git squash` on merge by default, as we like to maintain a
 clean git history.
 
-#### Before Commit
+#### Before Push {#before-push}
 
-Before committing, **you must ensure there are no linting errors and
-all tests pass.** To do this, run these commands before creating the PR:
+Before committing or push, **you must ensure there are no linting errors and
+all tests passes**. To do verify, run these commands before creating the PR:
 
 ```bash
 pnpm lint
@@ -292,40 +271,11 @@ pnpm test
 
 All good? Perfect! You should create the pull request.
 
-#### Commit Guidelines
+#### Commit Guidelines {#commits}
 
-For example:
+On a pull request, commit messages are not important, please focus on document properly the pull request content. The commit message will be taken from the pull request title, it is recommended to use lowercase format.
 
-- `feat: A new feature`
-- `fix: A bug fix`
-
-A commit of the type feat introduces a new feature to the codebase (this
-correlates with MINOR in semantic versioning).
-
-e.g.:
-
-```
-feat: xxxxxxxxxx
-```
-
-A commit of the type fix patches a bug in your codebase (this correlates with
-PATCH in semantic versioning).
-
-e.g.:
-
-```
-fix: xxxxxxxxxxx
-```
-
-Commits types such as as `docs:`,`style:`,`refactor:`,`perf:`,`test:` and
-`chore:` are valid but have no effect on versioning: **please use them!**
-
-All commits message are going to be validated when they are created using
-_husky_ hooks.
-
-> Please try to provide one single commit to help a clean and easy merge process
-
-### Adding a changeset
+### Adding a changeset {#changeset}
 
 We use [changesets](https://github.com/atlassian/changesets) in order to
 generate a detailed Changelog as possible.
@@ -407,7 +357,25 @@ If you need help with how testing works, please [refer to the following guide
 **If you are introducing new features, you MUST include new tests. PRs for
 features without tests will not be merged.**
 
-## Develop Plugins
+## Translations {#translations}
+
+All translations are provided by the **[crowdin](http://crowdin.com)** platform,
+[https://translate.verdaccio.org/](https://translate.verdaccio.org/)
+
+If you want to contribute by adding translations, create an account (GitHub could be used as fast alternative), in the platform you can contribute to two areas, the website or improve User Interface translations.
+
+If a language is not listed, ask for it in the [Discord](https://discord.gg/7qWJxBf) channel #contribute channel.
+
+For adding a new **language** on the UI follow these steps:
+
+1. Ensure the **language** has been enabled, must be visible in the `crowdin` platform.
+2. Find in the explorer the file `en.US.json` in the path `packages/plugins/ui-theme/src/i18n/crowdin/ui.json` and complete the translations, **not need to find approval on this**.
+3. Into the project, add a new field into `packages/plugins/ui-theme/src/i18n/crowdin/ui.json` file, in the section `lng`, the new language, eg: `{ lng: {korean:"Korean"}}`. (This file is English based, once the PR has been merged, this string will be available in crowdin for translate to the targeted language).
+4. Add the language, [flag icon](https://www.npmjs.com/package/country-flag-icons), and the menu key fort he new language eg: `menuKey: 'lng.korean'` to the file `packages/plugins/ui-theme/src/i18n/enabledLanguages.ts`.
+5. For local testing, read `packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md`.
+6. Add a `changeset` file, see more info below.
+
+## Develop Plugins {#develop-plugins}
 
 Plugins are add-ons that extend the functionality of the application.
 
@@ -420,25 +388,3 @@ If you want to develop your own plugin:
 3. You are free to host your plugin in your repository
 4. Provide a detailed description of your plugin to help users understand how to
    use it
-
-## Testing your changes in a local registry
-
-Once you have perform your changes in the code base, the build and tests passes you can publish a local version:
-
-- Ensure you have build all modules (or the one you have modified)
-- Run `pnpm local:publish:release` to launch a local registry and publish all packages into it. This command will be alive until server is killed (Control Key + C)
-
-```
-pnpm build
-pnpm local:publish:release
-```
-
-The last step consist on install globally the package from the local registry.
-
-```
-npm i -g verdaccio --registry=http://localhost:4873
-
-verdaccio
-```
-
-If you perform more changes in the source code, repeat this process, there is not _hot reloading_ support.

CONTRIBUTORS.md

@@ -1,39 +0,0 @@
-<!-- ALL-CONTRIBUTORS-LIST:START - Do not remove or modify this section -->
-<!-- markdownlint-disable -->
-<table>
-  <tr>
-    <td align="center"><a href="https://www.linkedin.com/in/jotadeveloper/"><img src="https://avatars0.githubusercontent.com/u/558752?v=4" width="100px;" alt=""/><br /><sub><b>Juan Picado</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=juanpicado" title="Documentation">📖</a> <a href="https://github.com/verdaccio/verdaccio/commits?author=juanpicado" title="Code">💻</a> <a href="#infra-juanpicado" title="Infrastructure (Hosting, Build-Tools, etc)">🚇</a> <a href="#eventOrganizing-juanpicado" title="Event Organizing">📋</a> <a href="#blog-juanpicado" title="Blogposts">📝</a> <a href="#maintenance-juanpicado" title="Maintenance">🚧</a></td>
-    <td align="center"><a href="https://github.com/sergiohgz"><img src="https://avatars3.githubusercontent.com/u/14012309?v=4" width="100px;" alt=""/><br /><sub><b>Sergio Herrera</b></sub></a><br /><a href="#infra-sergiohgz" title="Infrastructure (Hosting, Build-Tools, etc)">🚇</a> <a href="#maintenance-sergiohgz" title="Maintenance">🚧</a></td>
-    <td align="center"><a href="https://daniel-ruf.de/"><img src="https://avatars1.githubusercontent.com/u/827205?v=4" width="100px;" alt=""/><br /><sub><b>Daniel Ruf</b></sub></a><br /><a href="#security-DanielRuf" title="Security">🛡️</a> <a href="#infra-DanielRuf" title="Infrastructure (Hosting, Build-Tools, etc)">🚇</a> <a href="#maintenance-DanielRuf" title="Maintenance">🚧</a></td>
-    <td align="center"><a href="https://priscilawebdev.github.io/priscilaoliveira/"><img src="https://avatars1.githubusercontent.com/u/29228205?v=4" width="100px;" alt=""/><br /><sub><b>Priscila Oliveira</b></sub></a><br /><a href="#design-priscilawebdev" title="Design">🎨</a> <a href="https://github.com/verdaccio/verdaccio/commits?author=priscilawebdev" title="Code">💻</a> <a href="#maintenance-priscilawebdev" title="Maintenance">🚧</a></td>
-    <td align="center"><a href="http://ayusharma.github.io/"><img src="https://avatars0.githubusercontent.com/u/6918450?v=4" width="100px;" alt=""/><br /><sub><b>Ayush Sharma</b></sub></a><br /><a href="#infra-ayusharma" title="Infrastructure (Hosting, Build-Tools, etc)">🚇</a> <a href="https://github.com/verdaccio/verdaccio/commits?author=ayusharma" title="Code">💻</a> <a href="#design-ayusharma" title="Design">🎨</a></td>
-    <td align="center"><a href="https://github.com/trentearl"><img src="https://avatars2.githubusercontent.com/u/802857?v=4" width="100px;" alt=""/><br /><sub><b>Trent Earl</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=trentearl" title="Code">💻</a></td>
-    <td align="center"><a href="https://github.com/jmwilkinson"><img src="https://avatars0.githubusercontent.com/u/17836030?v=4" width="100px;" alt=""/><br /><sub><b>jmwilkinson</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=jmwilkinson" title="Code">💻</a></td>
-  </tr>
-  <tr>
-    <td align="center"><a href="https://github.com/bufferoverflow"><img src="https://avatars2.githubusercontent.com/u/378909?v=4" width="100px;" alt=""/><br /><sub><b>Roger Meier</b></sub></a><br /><a href="#plugin-bufferoverflow" title="Plugin/utility libraries">🔌</a></td>
-    <td align="center"><a href="https://ghuser.io/jamesgeorge007"><img src="https://avatars2.githubusercontent.com/u/25279263?v=4" width="100px;" alt=""/><br /><sub><b>James George</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=jamesgeorge007" title="Code">💻</a></td>
-    <td align="center"><a href="https://github.com/AvailCat"><img src="https://avatars3.githubusercontent.com/u/19658647?v=4" width="100px;" alt=""/><br /><sub><b>AvailCat</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=AvailCat" title="Code">💻</a> <a href="#infra-AvailCat" title="Infrastructure (Hosting, Build-Tools, etc)">🚇</a> <a href="#maintenance-AvailCat" title="Maintenance">🚧</a></td>
-    <td align="center"><a href="https://www.luciusgaitan.com/"><img src="https://avatars0.githubusercontent.com/u/5970350?v=4" width="100px;" alt=""/><br /><sub><b>Lucius Gaitán</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=lgaitan" title="Code">💻</a></td>
-    <td align="center"><a href="https://github.com/ramonornela"><img src="https://avatars1.githubusercontent.com/u/187946?v=4" width="100px;" alt=""/><br /><sub><b>Ramon Henrique Ornelas</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=ramonornela" title="Code">💻</a></td>
-    <td align="center"><a href="https://people.freebsd.org/~mi/resume/"><img src="https://avatars1.githubusercontent.com/u/1486340?v=4" width="100px;" alt=""/><br /><sub><b>UnitedMarsupials-zz</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=UnitedMarsupials-zz" title="Code">💻</a></td>
-    <td align="center"><a href="http://www.codingintrigue.co.uk/"><img src="https://avatars0.githubusercontent.com/u/9048902?v=4" width="100px;" alt=""/><br /><sub><b>Ryan Graham</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=ryan-codingintrigue" title="Code">💻</a></td>
-  </tr>
-  <tr>
-    <td align="center"><a href="https://github.com/coolsp"><img src="https://avatars1.githubusercontent.com/u/1246647?v=4" width="100px;" alt=""/><br /><sub><b>coolsp</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=coolsp" title="Code">💻</a></td>
-    <td align="center"><a href="http://ashishsurana.in/"><img src="https://avatars0.githubusercontent.com/u/5610944?v=4" width="100px;" alt=""/><br /><sub><b>Ashish Surana</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=ashishsurana" title="Code">💻</a></td>
-    <td align="center"><a href="https://github.com/buffaybu"><img src="https://avatars3.githubusercontent.com/u/2025661?v=4" width="100px;" alt=""/><br /><sub><b>Wang Yifei</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=buffaybu" title="Code">💻</a></td>
-    <td align="center"><a href="https://twitter.com/liran_tal"><img src="https://avatars1.githubusercontent.com/u/316371?v=4" width="100px;" alt=""/><br /><sub><b>Liran Tal</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=lirantal" title="Code">💻</a></td>
-    <td align="center"><a href="https://github.com/brenordr"><img src="https://avatars2.githubusercontent.com/u/19731692?v=4" width="100px;" alt=""/><br /><sub><b>Breno Rodrigues</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=brenordr" title="Code">💻</a></td>
-    <td align="center"><a href="https://github.com/jachstet-sea"><img src="https://avatars0.githubusercontent.com/u/7993508?v=4" width="100px;" alt=""/><br /><sub><b>jachstet-sea</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=jachstet-sea" title="Code">💻</a></td>
-    <td align="center"><a href="https://patrik.votocek.cz/"><img src="https://avatars1.githubusercontent.com/u/112567?v=4" width="100px;" alt=""/><br /><sub><b>Patrik Votoček</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=Vrtak-CZ" title="Code">💻</a></td>
-  </tr>
-  <tr>
-    <td align="center"><a href="https://github.com/monkeywithacupcake"><img src="https://avatars3.githubusercontent.com/u/7316730?v=4" width="100px;" alt=""/><br /><sub><b>jess</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=monkeywithacupcake" title="Code">💻</a></td>
-    <td align="center"><a href="https://github.com/toolsofraj"><img src="https://avatars0.githubusercontent.com/u/2507152?v=4" width="100px;" alt=""/><br /><sub><b>toolsofraj</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=toolsofraj" title="Code">💻</a></td>
-    <td align="center"><a href="https://github.com/ddhp"><img src="https://avatars1.githubusercontent.com/u/1715380?v=4" width="100px;" alt=""/><br /><sub><b>Jian-Chen Chen (jesse)</b></sub></a><br /><a href="#translation-ddhp" title="Translation">🌍</a> <a href="https://github.com/verdaccio/verdaccio/commits?author=ddhp" title="Code">💻</a></td>
-  </tr>
-</table>
-
-<!-- markdownlint-enable -->
-<!-- ALL-CONTRIBUTORS-LIST:END -->

Dockerfile

@@ -6,8 +6,8 @@ ENV NODE_ENV=development \
 RUN apk --no-cache add openssl ca-certificates wget && \
     apk --no-cache add g++ gcc libgcc libstdc++ linux-headers make python3 && \
     wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub && \
-    wget -q https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.25-r0/glibc-2.25-r0.apk && \
-    apk add glibc-2.25-r0.apk
+    wget -q https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.35-r0/glibc-2.35-r0.apk && \
+    apk add --force-overwrite glibc-2.35-r0.apk
 
 WORKDIR /opt/verdaccio-build
 COPY . .

docker-examples/v4/plugins/docker-extend/Dockerfile

@@ -4,7 +4,7 @@ USER root
 
 ENV NODE_ENV=production
 
-RUN npm i && npm install verdaccio-aws-s3-storage
+RUN npm i && npm -g install verdaccio-aws-s3-storage
 
 USER verdaccio
 

docker-examples/v5/plugins/docker-build-install-plugin/Dockerfile

@@ -1,25 +1,7 @@
-# Docs based on https://github.com/xlts-dev/verdaccio-prometheus-middleware#installation
-
-# Docker multi-stage build - https://docs.docker.com/develop/develop-images/multistage-build/
-# Use an alpine node image to install the plugin
-FROM node:lts-alpine as builder
-
-# Install the metrics middleware plugin
-# npm docs
-# --global-style https://docs.npmjs.com/cli/v7/commands/npm-install#global-style
-# --no-bin-links https://docs.npmjs.com/cli/v7/commands/npm-install#bin-links
-# --omit=optional 
-RUN mkdir -p /verdaccio/plugins \
-  && cd /verdaccio/plugins \
-  && npm install --global-style --no-bin-links --omit=optional verdaccio-auth-memory@latest
-
 # The final built image will be based on the standard Verdaccio docker image.
 FROM verdaccio/verdaccio:5
-
-# Copy the plugin files over from the 'builder' node image.
-# The `$VERDACCIO_USER_UID` env variable is defined in the base `verdaccio/verdaccio` image.
-# Refer to: https://github.com/verdaccio/verdaccio/blob/v5.2.0/Dockerfile#L32
 ADD docker.yaml /verdaccio/conf/config.yaml  
-COPY --chown=$VERDACCIO_USER_UID:root --from=builder \
-  /verdaccio/plugins/node_modules/verdaccio-auth-memory \
-  /verdaccio/plugins/verdaccio-auth-memory
+USER root
+RUN npm install --global verdaccio-static-token \
+  && npm install --global verdaccio-auth-memory
+USER $VERDACCIO_USER_UID

docker-examples/v5/plugins/docker-build-install-plugin/README.md

@@ -38,9 +38,11 @@ FROM verdaccio/verdaccio:5
 
 # copy your modified config.yaml into the image
 ADD docker.yaml /verdaccio/conf/config.yaml
-
-COPY --chown=$VERDACCIO_USER_UID:root --from=builder \
-  /verdaccio/plugins/node_modules/verdaccio-auth-memory \
-  /verdaccio/plugins/verdaccio-auth-memory
-
+# need it for install global plugins
+USER root
+# install plugins with npm global
+RUN npm install --global verdaccio-static-token \
+  && npm install --global verdaccio-auth-memory
+# back to original user
+USER $VERDACCIO_USER_UID
 ```

docker-examples/v5/plugins/docker-build-install-plugin/docker.yaml

@@ -176,6 +176,13 @@ server:
 middlewares:
   audit:
     enabled: true
+  static-token:
+    - token: mySecureToken
+      user: systemUser
+      password: systemPassword
+    - token: ABCD1234
+      user: uncle
+      password: tom
 
 # https://verdaccio.org/docs/logger
 # log settings

docker-examples/v6/plugins/docker-build-install-plugin/docker.yaml

@@ -176,6 +176,13 @@ server:
 middlewares:
   audit:
     enabled: true
+  static-token:
+    - token: mySecureToken
+      user: systemUser
+      password: systemPassword
+    - token: ABCD1234
+      user: uncle
+      password: tom
 
 # https://verdaccio.org/docs/logger
 # log settings

e2e/cli/README.md

@@ -20,6 +20,7 @@
 | ping      | ✅   | ✅   | ✅   | ✅   | ✅    | ✅    | ⛔    | ⛔    | ⛔    | ⛔    |
 | search    | ✅   | ✅   | ✅   | ✅   | ✅    | ✅    | ⛔    | ⛔    | ⛔    | ⛔    |
 | star      | ✅   | ✅   | ✅   | ✅   | ✅    | ✅    | ⛔    | ⛔    | ⛔    | ⛔    |
+| stars     | ✅   | ✅   | ✅   | ✅   | ✅    | ✅    | ⛔    | ⛔    | ⛔    | ⛔    |
 | dist-tag  | ✅   | ✅   | ✅   | ✅   | ✅    | ✅    | ✅    | ❌    | ❌    | ❌    |
 
 > notes:

e2e/cli/cli-commons/package.json

@@ -5,11 +5,11 @@
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
   "devDependencies": {
-    "verdaccio": "workspace:6.0.0-6-next.49",
-    "@verdaccio/core": "workspace:6.0.0-6-next.49",
-    "@verdaccio/config": "workspace:6.0.0-6-next.49",
+    "verdaccio": "workspace:6.0.0-6-next.52",
+    "@verdaccio/core": "workspace:6.0.0-6-next.52",
+    "@verdaccio/config": "workspace:6.0.0-6-next.52",
     "@verdaccio/types": "workspace:11.0.0-6-next.17",
-    "yaml": "2.1.1",
+    "yaml": "2.1.3",
     "debug": "4.3.4",
     "fs-extra": "10.1.0",
     "got": "11.8.5",

e2e/cli/e2e-npm6/star.spec.ts

@@ -63,6 +63,22 @@ describe('star a package', () => {
     expect(resp1.stdout).toEqual(`☆  ${pkgName}`);
   });
 
+  test('should list stars of a user %s', async () => {
+    const pkgName = '@verdaccio/stars';
+    const { tempFolder } = await prepareGenericEmptyProject(
+      pkgName,
+      '1.0.0-patch',
+      registry.port,
+      registry.getToken(),
+      registry.getRegistryUrl()
+    );
+    await npmUtils.publish(npm, tempFolder, pkgName, registry);
+    await npm({ cwd: tempFolder }, 'star', pkgName, ...addRegistry(registry.getRegistryUrl()));
+    const resp = await npm({ cwd: tempFolder }, 'stars', ...addRegistry(registry.getRegistryUrl()));
+    // side effects: this result is affected the the package published in the previous step
+    expect(resp.stdout).toEqual(`@verdaccio/foo@verdaccio/stars`);
+  });
+
   afterAll(async () => {
     registry.stop();
   });

e2e/cli/e2e-npm7/star.spec.ts

@@ -63,6 +63,22 @@ describe('star a package', () => {
     expect(resp1.stdout).toEqual(`☆  ${pkgName}`);
   });
 
+  test('should list stars of a user %s', async () => {
+    const pkgName = '@verdaccio/stars';
+    const { tempFolder } = await prepareGenericEmptyProject(
+      pkgName,
+      '1.0.0-patch',
+      registry.port,
+      registry.getToken(),
+      registry.getRegistryUrl()
+    );
+    await npmUtils.publish(npm, tempFolder, pkgName, registry);
+    await npm({ cwd: tempFolder }, 'star', pkgName, ...addRegistry(registry.getRegistryUrl()));
+    const resp = await npm({ cwd: tempFolder }, 'stars', ...addRegistry(registry.getRegistryUrl()));
+    // side effects: this result is affected the the package published in the previous step
+    expect(resp.stdout).toEqual(`@verdaccio/foo@verdaccio/stars`);
+  });
+
   afterAll(async () => {
     registry.stop();
   });

e2e/cli/e2e-npm8/package.json

@@ -4,7 +4,7 @@
   "version": "1.0.1-6-next.5",
   "dependencies": {
     "@verdaccio/test-cli-commons": "workspace:1.0.1-6-next.5",
-    "npm": "8.19.2"
+    "npm": "8.19.3"
   },
   "scripts": {
     "test": "jest"

e2e/cli/e2e-npm8/star.spec.ts

@@ -63,6 +63,22 @@ describe('star a package', () => {
     expect(resp1.stdout).toEqual(`☆  ${pkgName}`);
   });
 
+  test('should list stars of a user %s', async () => {
+    const pkgName = '@verdaccio/stars';
+    const { tempFolder } = await prepareGenericEmptyProject(
+      pkgName,
+      '1.0.0-patch',
+      registry.port,
+      registry.getToken(),
+      registry.getRegistryUrl()
+    );
+    await npmUtils.publish(npm, tempFolder, pkgName, registry);
+    await npm({ cwd: tempFolder }, 'star', pkgName, ...addRegistry(registry.getRegistryUrl()));
+    const resp = await npm({ cwd: tempFolder }, 'stars', ...addRegistry(registry.getRegistryUrl()));
+    // side effects: this result is affected the the package published in the previous step
+    expect(resp.stdout).toEqual(`@verdaccio/foo@verdaccio/stars`);
+  });
+
   afterAll(async () => {
     registry.stop();
   });

e2e/cli/e2e-npm9/package.json

@@ -4,7 +4,7 @@
   "version": "1.0.1-6-next.5",
   "dependencies": {
     "@verdaccio/test-cli-commons": "workspace:1.0.1-6-next.5",
-    "npm": "9.0.0-pre.2"
+    "npm": "9.1.2"
   },
   "scripts": {
     "test": "jest"

e2e/cli/e2e-npm9/star.spec.ts

@@ -63,6 +63,22 @@ describe('star a package', () => {
     expect(resp1.stdout).toEqual(`☆  ${pkgName}`);
   });
 
+  test('should list stars of a user %s', async () => {
+    const pkgName = '@verdaccio/stars';
+    const { tempFolder } = await prepareGenericEmptyProject(
+      pkgName,
+      '1.0.0-patch',
+      registry.port,
+      registry.getToken(),
+      registry.getRegistryUrl()
+    );
+    await npmUtils.publish(npm, tempFolder, pkgName, registry);
+    await npm({ cwd: tempFolder }, 'star', pkgName, ...addRegistry(registry.getRegistryUrl()));
+    const resp = await npm({ cwd: tempFolder }, 'stars', ...addRegistry(registry.getRegistryUrl()));
+    // side effects: this result is affected the the package published in the previous step
+    expect(resp.stdout).toEqual(`@verdaccio/foo@verdaccio/stars`);
+  });
+
   afterAll(async () => {
     registry.stop();
   });

e2e/cli/e2e-pnpm6/star.spec.ts

@@ -63,6 +63,26 @@ describe('star a package', () => {
     expect(resp1.stdout).toEqual(`☆  ${pkgName}`);
   });
 
+  test('should list stars of a user %s', async () => {
+    const pkgName = '@verdaccio/stars';
+    const { tempFolder } = await prepareGenericEmptyProject(
+      pkgName,
+      '1.0.0-patch',
+      registry.port,
+      registry.getToken(),
+      registry.getRegistryUrl()
+    );
+    await pnpmUtils.publish(pnpm, tempFolder, pkgName, registry);
+    await pnpm({ cwd: tempFolder }, 'star', pkgName, ...addRegistry(registry.getRegistryUrl()));
+    const resp = await pnpm(
+      { cwd: tempFolder },
+      'stars',
+      ...addRegistry(registry.getRegistryUrl())
+    );
+    // side effects: this result is affected the the package published in the previous step
+    expect(resp.stdout).toEqual(`@verdaccio/foo@verdaccio/stars`);
+  });
+
   afterAll(async () => {
     registry.stop();
   });

e2e/cli/e2e-pnpm7/star.spec.ts

@@ -63,6 +63,26 @@ describe('star a package', () => {
     expect(resp1.stdout).toEqual(`☆  ${pkgName}`);
   });
 
+  test('should list stars of a user %s', async () => {
+    const pkgName = '@verdaccio/stars';
+    const { tempFolder } = await prepareGenericEmptyProject(
+      pkgName,
+      '1.0.0-patch',
+      registry.port,
+      registry.getToken(),
+      registry.getRegistryUrl()
+    );
+    await pnpmUtils.publish(pnpm, tempFolder, pkgName, registry);
+    await pnpm({ cwd: tempFolder }, 'star', pkgName, ...addRegistry(registry.getRegistryUrl()));
+    const resp = await pnpm(
+      { cwd: tempFolder },
+      'stars',
+      ...addRegistry(registry.getRegistryUrl())
+    );
+    // side effects: this result is affected the the package published in the previous step
+    expect(resp.stdout).toEqual(`@verdaccio/foo@verdaccio/stars`);
+  });
+
   afterAll(async () => {
     registry.stop();
   });

e2e/cli/e2e-yarn3/package.json

@@ -4,7 +4,7 @@
   "version": "1.0.1-6-next.5",
   "dependencies": {
     "@verdaccio/test-cli-commons": "workspace:1.0.1-6-next.5",
-    "@yarnpkg/cli-dist": "3.2.3"
+    "@yarnpkg/cli-dist": "3.3.0"
   },
   "scripts": {
     "test": "jest"

e2e/ui/config/config.yaml

@@ -3,18 +3,26 @@ web:
   title: verdaccio-server-e2e
   login: true
 
-log: { type: stdout, format: pretty, level: debug }
+log: { type: stdout, format: json, level: info }
+
+uplinks:
+  npmjs:
+    url: https://registry.npmjs.org/
 
 auth:
   htpasswd:
     file: ./htpasswd
 
 packages:
+  '@verdaccio/*':
+    access: $all
+    publish: $authenticated
   '@*/*':
     access: $all
     publish: $authenticated
+    proxy: npmjs
   '**':
     access: $all
     publish: $authenticated
-
+    proxy: npmjs
 _debug: true

e2e/ui/cypress.config.ts

@@ -29,8 +29,8 @@ export default defineConfig({
       });
 
       on('task', {
-        publishScoped() {
-          const scopedPackageMetadata = generatePackageMetadata('pkg-scoped', '1.0.6');
+        publishScoped({ pkgName }) {
+          const scopedPackageMetadata = generatePackageMetadata(pkgName, '1.0.6');
           const server = new ServerQuery(registry1.getRegistryUrl());
           server
             .putPackage(scopedPackageMetadata.name, scopedPackageMetadata, {

e2e/ui/cypress/e2e/publish.cy.ts

@@ -5,18 +5,19 @@ describe('publish spec', () => {
     // @ts-expect-error
     const registry = await cy.task('registry');
     ctx.url = registry.registryUrl;
+    const pkgName = `@verdaccio/pkg-scoped`;
     cy.intercept('POST', '/-/verdaccio/sec/login').as('sign');
     cy.intercept('GET', '/-/verdaccio/data/packages').as('pkgs');
-    cy.intercept('GET', '/-/verdaccio/data/sidebar/pkg-scoped').as('sidebar');
-    cy.intercept('GET', '/-/verdaccio/data/package/readme/pkg-scoped').as('readme');
-    cy.task('publishScoped', { pkgName: 'pkg-protected' });
+    cy.intercept('GET', `/-/verdaccio/data/sidebar/${pkgName}`).as('sidebar');
+    cy.intercept('GET', `/-/verdaccio/data/package/readme/${pkgName}`).as('readme');
+    cy.task('publishScoped', { pkgName });
   });
 
   it('should have one published package', () => {
     cy.visit(ctx.url);
     cy.login(credentials.user, credentials.password);
     cy.wait('@sign');
-    cy.getByTestId('package-title').should('have.length', 1);
+    // cy.getByTestId('package-title').should('have.length', 1);
   });
 
   it('should navigate to page detail', () => {
@@ -25,9 +26,7 @@ describe('publish spec', () => {
     cy.wait('@sign');
     cy.wait('@pkgs');
     cy.wait(300);
-    cy.getByTestId('package-title').click();
-    cy.wait('@sidebar');
-    cy.wait('@readme');
+    cy.getByTestId('package-title').first().click();
   });
 
   it('should have readme content', () => {
@@ -35,9 +34,9 @@ describe('publish spec', () => {
     cy.login(credentials.user, credentials.password);
     cy.wait('@sign');
     cy.wait('@pkgs');
-    cy.getByTestId('package-title').click();
-    cy.wait('@sidebar');
+    cy.getByTestId('package-title').first().click();
     cy.wait('@readme');
+    cy.wait('@sidebar');
     cy.get('.markdown-body').should('have.length', 1);
     cy.contains('.markdown-body', /test/);
   });
@@ -47,9 +46,10 @@ describe('publish spec', () => {
     cy.login(credentials.user, credentials.password);
     cy.wait('@sign');
     cy.wait('@pkgs');
-    cy.getByTestId('package-title').click();
-    cy.wait('@sidebar');
+    cy.wait(300);
+    cy.getByTestId('package-title').first().click();
     cy.wait('@readme');
+    cy.wait('@sidebar');
     cy.getByTestId('dependencies-tab').click();
     cy.wait(100);
     cy.getByTestId('dependencies').should('have.length', 1);
@@ -65,9 +65,10 @@ describe('publish spec', () => {
     cy.login(credentials.user, credentials.password);
     cy.wait('@sign');
     cy.wait('@pkgs');
-    cy.getByTestId('package-title').click();
-    cy.wait('@sidebar');
+    cy.wait(300);
+    cy.getByTestId('package-title').first().click();
     cy.wait('@readme');
+    cy.wait('@sidebar');
     cy.getByTestId('versions-tab').click();
     cy.getByTestId('tag-latest').children().invoke('text').should('match', /1.0.6/);
     cy.screenshot();
@@ -78,9 +79,10 @@ describe('publish spec', () => {
     cy.login(credentials.user, credentials.password);
     cy.wait('@sign');
     cy.wait('@pkgs');
-    cy.getByTestId('package-title').click();
-    cy.wait('@sidebar');
+    cy.wait(300);
+    cy.getByTestId('package-title').first().click();
     cy.wait('@readme');
+    cy.wait('@sidebar');
     cy.getByTestId('uplinks-tab').click();
     cy.getByTestId('no-uplinks').should('be.visible');
     cy.screenshot();

e2e/ui/cypress/e2e/signin.cy.ts

@@ -25,6 +25,7 @@ describe('sign spec', () => {
     cy.wait(100);
     cy.getByTestId('logOutDialogIcon').click();
     cy.screenshot();
+    cy.wait(200);
     cy.getByTestId('header--button-login').contains('Login');
     cy.screenshot();
   });

e2e/ui/cypress/support/commands.ts

@@ -8,8 +8,11 @@ Cypress.Commands.add('getByTestId', (selector, ...args) => {
 // -- This is a parent command --
 Cypress.Commands.add('login', (user, password) => {
   cy.getByTestId('header--button-login').click();
+  cy.wait(300);
   cy.get('#login--dialog-username').type(user);
+  cy.wait(200);
   cy.get('#login--dialog-password').type(password);
+  cy.wait(500);
   cy.get('#login--dialog-button-submit').click();
 });
 //

e2e/ui/package.json

@@ -3,12 +3,12 @@
   "name": "@verdaccio/e2e-ui",
   "version": "2.0.0-6-next.3",
   "devDependencies": {
-    "verdaccio": "workspace:6.0.0-6-next.49",
-    "@verdaccio/core": "workspace:6.0.0-6-next.49",
-    "@verdaccio/config": "workspace:6.0.0-6-next.49",
+    "verdaccio": "workspace:6.0.0-6-next.52",
+    "@verdaccio/core": "workspace:6.0.0-6-next.52",
+    "@verdaccio/config": "workspace:6.0.0-6-next.52",
     "@verdaccio/test-helper": "workspace:2.0.0-6-next.6",
     "debug": "4.3.4",
-    "cypress": "10.10.0"
+    "cypress": "11.1.0"
   },
   "scripts": {
     "cypress:open": "cypress open",

package.json

@@ -16,92 +16,92 @@
   },
   "devDependencies": {
     "@babel/cli": "7.19.3",
-    "@babel/core": "7.19.3",
-    "@babel/node": "7.19.1",
+    "@babel/core": "7.20.2",
+    "@babel/node": "7.20.2",
     "@babel/plugin-proposal-class-properties": "7.18.6",
-    "@babel/plugin-proposal-decorators": "7.19.3",
+    "@babel/plugin-proposal-decorators": "7.20.2",
     "@babel/plugin-proposal-export-namespace-from": "7.18.9",
     "@babel/plugin-proposal-function-sent": "7.18.6",
     "@babel/plugin-proposal-json-strings": "7.18.6",
     "@babel/plugin-proposal-nullish-coalescing-operator": "7.18.6",
     "@babel/plugin-proposal-numeric-separator": "7.18.6",
-    "@babel/plugin-proposal-object-rest-spread": "7.18.9",
+    "@babel/plugin-proposal-object-rest-spread": "7.20.2",
     "@babel/plugin-proposal-optional-chaining": "7.18.9",
     "@babel/plugin-proposal-throw-expressions": "7.18.6",
     "@babel/plugin-syntax-dynamic-import": "7.8.3",
     "@babel/plugin-syntax-import-meta": "7.10.4",
     "@babel/plugin-transform-async-to-generator": "7.18.6",
-    "@babel/plugin-transform-classes": "7.19.0",
-    "@babel/plugin-transform-runtime": "7.19.1",
-    "@babel/preset-env": "7.19.3",
+    "@babel/plugin-transform-classes": "7.20.2",
+    "@babel/plugin-transform-runtime": "7.19.6",
+    "@babel/preset-env": "7.20.2",
     "@babel/preset-react": "7.18.6",
     "@babel/preset-typescript": "7.18.6",
     "@babel/register": "7.18.9",
-    "@babel/runtime": "7.19.0",
+    "@babel/runtime": "7.20.1",
     "@dianmora/contributors": "5.0.0",
-    "@changesets/changelog-github": "0.4.6",
+    "@changesets/changelog-github": "0.4.7",
     "@changesets/cli": "2.24.4",
-    "@changesets/get-dependents-graph": "1.3.3",
-    "@crowdin/cli": "3.8.1",
-    "@trivago/prettier-plugin-sort-imports": "3.3.0",
+    "@changesets/get-dependents-graph": "1.3.4",
+    "@crowdin/cli": "3.9.1",
+    "@trivago/prettier-plugin-sort-imports": "3.4.0",
     "@types/async": "3.2.15",
-    "@types/autocannon": "4.1.1",
     "@types/express": "4.17.14",
     "@types/http-errors": "1.8.2",
     "@types/jest": "27.5.2",
-    "@types/lodash": "4.14.186",
+    "@types/lodash": "4.14.189",
     "@types/mime": "2.0.3",
     "@types/minimatch": "3.0.5",
-    "@types/node": "16.11.62",
+    "@types/node": "16.18.3",
     "@types/jsonwebtoken": "8.5.9",
     "@types/request": "2.48.8",
-    "@types/semver": "7.3.12",
+    "@types/semver": "7.3.13",
     "@types/node-fetch": "2.6.2",
     "@types/supertest": "2.0.12",
     "@types/testing-library__jest-dom": "5.14.5",
-    "@types/validator": "13.7.7",
+    "@types/validator": "13.7.10",
     "@types/webpack": "5.28.0",
     "@types/webpack-env": "1.18.0",
-    "@typescript-eslint/eslint-plugin": "5.37.0",
-    "@typescript-eslint/parser": "5.37.0",
-    "@verdaccio/benchmark": "workspace:*",
+    "@types/react": "18.0.25",
+    "@types/react-dom": "18.0.9",
+    "@types/react-router-dom": "5.3.3",
+    "@types/react-virtualized": "9.21.21",
+    "@typescript-eslint/eslint-plugin": "5.41.0",
+    "@typescript-eslint/parser": "5.41.0",
     "@verdaccio/crowdin-translations": "workspace:*",
     "@verdaccio/eslint-config": "workspace:*",
     "@verdaccio/types": "workspace:*",
     "@verdaccio/ui-theme": "workspace:*",
-    "autocannon": "7.10.0",
     "babel-core": "7.0.0-bridge.0",
     "babel-eslint": "10.1.0",
-    "babel-jest": "29.1.0",
+    "babel-jest": "29.3.1",
     "babel-plugin-dynamic-import-node": "2.3.3",
     "babel-plugin-emotion": "10.2.2",
     "concurrently": "6.5.1",
-    "core-js": "3.25.3",
+    "core-js": "3.26.1",
     "cross-env": "7.0.3",
     "debug": "4.3.4",
     "detect-secrets": "1.0.6",
-    "jest-diff": "29.1.0",
-    "eslint": "8.23.1",
+    "jest-diff": "29.3.1",
+    "eslint": "8.26.0",
     "fs-extra": "10.1.0",
     "husky": "7.0.4",
     "in-publish": "2.0.1",
-    "jest": "29.1.1",
-    "jest-environment-jsdom": "29.1.1",
+    "jest": "29.3.1",
+    "jest-environment-jsdom": "29.3.1",
     "jest-environment-jsdom-global": "3.1.2",
-    "jest-environment-node": "29.1.1",
+    "jest-environment-node": "29.3.1",
     "jest-junit": "12.3.0",
     "kleur": "3.0.3",
     "lint-staged": "11.2.6",
     "nock": "13.2.9",
-    "node-fetch": "cjs",
     "nodemon": "2.0.20",
     "npm-run-all": "4.1.5",
     "prettier": "2.7.1",
     "rimraf": "3.0.2",
     "selfsigned": "1.10.14",
-    "supertest": "6.2.4",
+    "supertest": "6.3.1",
     "ts-node": "10.9.1",
-    "typescript": "4.8.4",
+    "typescript": "4.9.3",
     "update-ts-references": "2.4.1",
     "verdaccio-audit": "workspace:*",
     "verdaccio-auth-memory": "workspace:*",
@@ -121,9 +121,6 @@
     "test:e2e:cli": "pnpm test --filter ...@verdaccio/e2e-cli-* -- --coverage=false",
     "test:e2e:ui": "pnpm test --filter ...@verdaccio/e2e-ui",
     "start": "concurrently --kill-others \"pnpm _start:server\" \"pnpm _start:web\"",
-    "benchmark:hyper": "verdaccio-benchmark hyper -r ./hyper-results.json",
-    "benchmark:api": "verdaccio-benchmark api",
-    "benchmark:submit": "pnpm ts-node ./scripts/submit-metrics.ts",
     "contributors": "ts-node ./scripts/contributors-update.ts",
     "start:watch": "concurrently --kill-others \"pnpm _build:watch\" \"pnpm _start:server\" \"pnpm _debug:reload\"",
     "_build:watch": "pnpm run --parallel watch --filter ./packages",

packages/api/CHANGELOG.md

@@ -1,5 +1,56 @@
 # @verdaccio/api
 
+## 6.0.0-6-next.35
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.52
+- @verdaccio/config@6.0.0-6-next.52
+- @verdaccio/auth@6.0.0-6-next.31
+- @verdaccio/logger@6.0.0-6-next.20
+- @verdaccio/middleware@6.0.0-6-next.31
+- @verdaccio/store@6.0.0-6-next.32
+- @verdaccio/utils@6.0.0-6-next.20
+
+## 6.0.0-6-next.34
+
+### Minor Changes
+
+- 4b29d715: chore: move improvements from v5 to v6
+
+  Migrate improvements form v5 to v6:
+
+  - https://github.com/verdaccio/verdaccio/pull/3158
+  - https://github.com/verdaccio/verdaccio/pull/3151
+  - https://github.com/verdaccio/verdaccio/pull/2271
+  - https://github.com/verdaccio/verdaccio/pull/2787
+  - https://github.com/verdaccio/verdaccio/pull/2791
+  - https://github.com/verdaccio/verdaccio/pull/2205
+
+### Patch Changes
+
+- Updated dependencies [4b29d715]
+  - @verdaccio/auth@6.0.0-6-next.30
+  - @verdaccio/config@6.0.0-6-next.51
+  - @verdaccio/core@6.0.0-6-next.51
+  - @verdaccio/middleware@6.0.0-6-next.30
+  - @verdaccio/store@6.0.0-6-next.31
+  - @verdaccio/logger@6.0.0-6-next.19
+  - @verdaccio/utils@6.0.0-6-next.19
+
+## 6.0.0-6-next.33
+
+### Patch Changes
+
+- b4cc8001: fix: improve abort request search
+  - @verdaccio/core@6.0.0-6-next.50
+  - @verdaccio/config@6.0.0-6-next.50
+  - @verdaccio/auth@6.0.0-6-next.29
+  - @verdaccio/logger@6.0.0-6-next.18
+  - @verdaccio/middleware@6.0.0-6-next.29
+  - @verdaccio/store@6.0.0-6-next.30
+  - @verdaccio/utils@6.0.0-6-next.18
+
 ## 6.0.0-6-next.32
 
 ### Minor Changes

packages/api/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/api",
-  "version": "6.0.0-6-next.32",
+  "version": "6.0.0-6-next.35",
   "description": "loaders logic",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -39,28 +39,28 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@verdaccio/auth": "workspace:6.0.0-6-next.28",
-    "@verdaccio/config": "workspace:6.0.0-6-next.49",
-    "@verdaccio/core": "workspace:6.0.0-6-next.49",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.17",
-    "@verdaccio/middleware": "workspace:6.0.0-6-next.28",
-    "@verdaccio/store": "workspace:6.0.0-6-next.29",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.17",
-    "abortcontroller-polyfill": "1.7.3",
+    "@verdaccio/auth": "workspace:6.0.0-6-next.31",
+    "@verdaccio/config": "workspace:6.0.0-6-next.52",
+    "@verdaccio/core": "workspace:6.0.0-6-next.52",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.20",
+    "@verdaccio/middleware": "workspace:6.0.0-6-next.31",
+    "@verdaccio/store": "workspace:6.0.0-6-next.32",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.20",
+    "abortcontroller-polyfill": "1.7.5",
     "cookies": "0.8.0",
     "debug": "4.3.4",
-    "body-parser": "1.20.0",
-    "express": "4.18.1",
+    "body-parser": "1.20.1",
+    "express": "4.18.2",
     "lodash": "4.17.21",
     "mime": "2.6.0",
-    "semver": "7.3.7"
+    "semver": "7.3.8"
   },
   "devDependencies": {
-    "@types/node": "16.11.62",
-    "@verdaccio/server": "workspace:6.0.0-6-next.38",
+    "@types/node": "16.18.3",
+    "@verdaccio/server": "workspace:6.0.0-6-next.41",
     "@verdaccio/types": "workspace:11.0.0-6-next.17",
     "@verdaccio/test-helper": "workspace:2.0.0-6-next.6",
-    "supertest": "6.2.4",
+    "supertest": "6.3.1",
     "nock": "13.2.9",
     "mockdate": "3.0.5"
   },

packages/api/src/dist-tags.ts

@@ -98,24 +98,4 @@ export default function (route: Router, auth: Auth, storage: Storage): void {
       }
     }
   );
-
-  route.post(
-    '/-/package/:package/dist-tags',
-    can('publish'),
-    async function (
-      req: $RequestExtend,
-      res: $ResponseExtend,
-      next: $NextFunctionVer
-    ): Promise<void> {
-      try {
-        await storage.mergeTagsNext(req.params.package, req.body);
-        res.status(constants.HTTP_STATUS.CREATED);
-        return next({
-          ok: constants.API_MESSAGE.TAG_UPDATED,
-        });
-      } catch (err) {
-        next(err);
-      }
-    }
-  );
 }

packages/api/src/star.ts

@@ -1,88 +0,0 @@
-/* eslint-disable @typescript-eslint/no-unused-vars */
-import buildDebug from 'debug';
-import { Response } from 'express';
-import _ from 'lodash';
-
-import { HTTP_STATUS, USERS } from '@verdaccio/core';
-import { Storage } from '@verdaccio/store';
-
-import { $NextFunctionVer, $RequestExtend } from '../types/custom';
-
-const debug = buildDebug('verdaccio:api:publish:star');
-
-export default function (
-  storage: Storage
-): (req: $RequestExtend, res: Response, next: $NextFunctionVer) => void {
-  const validateInputs = (newUsers, localUsers, username, isStar): boolean => {
-    const isExistlocalUsers = _.isNil(localUsers[username]) === false;
-    if (isStar && isExistlocalUsers && localUsers[username]) {
-      return true;
-    } else if (!isStar && isExistlocalUsers) {
-      return false;
-    } else if (!isStar && !isExistlocalUsers) {
-      return true;
-    }
-    return false;
-  };
-
-  return (req: $RequestExtend, res: Response, next: $NextFunctionVer): void => {
-    const name = req.params.package;
-    debug('starring a package for %o', name);
-    // const afterChangePackage = function (err?: Error) {
-    //   if (err) {
-    //     debug('error on update package for %o', name);
-    //     return next(err);
-    //   }
-
-    //   debug('succes update package for %o', name);
-    //   res.status(HTTP_STATUS.OK);
-    //   next({
-    //     success: true,
-    //   });
-    // };
-
-    debug('get package info package for %o', name);
-    // @ts-ignore
-    // storage.getPackage({
-    //   name,
-    //   req,
-    //   callback: function (err, info) {
-    //     if (err) {
-    //       debug('error on get package info package for %o', name);
-    //       return next(err);
-    //     }
-    //     const newStarUser = req.body[USERS];
-    //     const remoteUsername = req.remote_user.name;
-    //     const localStarUsers = info[USERS];
-    //     // Check is star or unstar
-    //     const isStar = Object.keys(newStarUser).includes(remoteUsername);
-    //     debug('is start? %o', isStar);
-    //     if (
-    //       _.isNil(localStarUsers) === false &&
-    //       validateInputs(newStarUser, localStarUsers, remoteUsername, isStar)
-    //     ) {
-    //       return afterChangePackage();
-    //     }
-    //     const users = isStar
-    //       ? {
-    //           ...localStarUsers,
-    //           [remoteUsername]: true,
-    //         }
-    //       : _.reduce(
-    //           localStarUsers,
-    //           (users, value, key) => {
-    //             if (key !== remoteUsername) {
-    //               users[key] = value;
-    //             }
-    //             return users;
-    //           },
-    //           {}
-    //         );
-    //     debug('update package for  %o', name);
-    //     storage.changePackage(name, { ...info, users }, req.body._rev, function (err) {
-    //       afterChangePackage(err);
-    //     });
-    //   },
-    // });
-  };
-}

packages/api/src/stars.ts

@@ -1,7 +1,7 @@
 import { Response, Router } from 'express';
 import _ from 'lodash';
 
-import { HTTP_STATUS, USERS } from '@verdaccio/core';
+import { HTTP_STATUS, USERS, errorUtils } from '@verdaccio/core';
 import { Storage } from '@verdaccio/store';
 import { Version } from '@verdaccio/types';
 
@@ -11,13 +11,15 @@ export default function (route: Router, storage: Storage): void {
   route.get(
     '/-/_view/starredByUser',
     async (req: $RequestExtend, res: Response, next: $NextFunctionVer): Promise<void> => {
-      const remoteUsername = req.remote_user.name;
+      const query: { key: string } = req.query;
+      if (typeof query?.key !== 'string') {
+        return next(errorUtils.getBadRequest('missing query key username'));
+      }
 
       try {
-        const localPackages: Version[] = await storage.getLocalDatabaseNext();
-
+        const localPackages: Version[] = await storage.getLocalDatabase();
         const filteredPackages: Version[] = localPackages.filter((localPackage: Version) =>
-          _.keys(localPackage[USERS]).includes(remoteUsername)
+          _.keys(localPackage[USERS]).includes(query?.key.toString().replace(/['"]+/g, ''))
         );
 
         res.status(HTTP_STATUS.OK);

packages/api/src/user.ts

@@ -4,7 +4,14 @@ import { Response, Router } from 'express';
 import { getApiToken } from '@verdaccio/auth';
 import { Auth } from '@verdaccio/auth';
 import { createRemoteUser } from '@verdaccio/config';
-import { API_ERROR, API_MESSAGE, HTTP_STATUS, errorUtils, validatioUtils } from '@verdaccio/core';
+import {
+  API_ERROR,
+  API_MESSAGE,
+  HEADERS,
+  HTTP_STATUS,
+  errorUtils,
+  validatioUtils,
+} from '@verdaccio/core';
 import { logger } from '@verdaccio/logger';
 import { Config, RemoteUser } from '@verdaccio/types';
 import { getAuthenticatedMessage, mask } from '@verdaccio/utils';
@@ -75,6 +82,7 @@ export default function (route: Router, auth: Auth, config: Config): void {
             }
 
             res.status(HTTP_STATUS.CREATED);
+            res.set(HEADERS.CACHE_CONTROL, 'no-cache, no-store');
 
             const message = getAuthenticatedMessage(req.remote_user.name);
             debug('login: created user message %o', message);
@@ -124,6 +132,7 @@ export default function (route: Router, auth: Auth, config: Config): void {
 
           req.remote_user = user;
           res.status(HTTP_STATUS.CREATED);
+          res.set(HEADERS.CACHE_CONTROL, 'no-cache, no-store');
           debug('adduser: user has been created');
           return next({
             ok: `user '${req.body.name}' created`,

packages/api/src/v1/search.ts

@@ -41,7 +41,8 @@ export default function (route, auth: Auth, storage: Storage): void {
     let data;
     const abort = new AbortController();
 
-    req.on('aborted', () => {
+    req.socket.on('close', function () {
+      debug('search web aborted');
       abort.abort();
     });
 

packages/api/src/v1/token.ts

@@ -3,7 +3,7 @@ import _ from 'lodash';
 
 import { getApiToken } from '@verdaccio/auth';
 import { Auth } from '@verdaccio/auth';
-import { HTTP_STATUS, SUPPORT_ERRORS, errorUtils } from '@verdaccio/core';
+import { HEADERS, HTTP_STATUS, SUPPORT_ERRORS, errorUtils } from '@verdaccio/core';
 import { logger } from '@verdaccio/logger';
 import { Storage } from '@verdaccio/store';
 import { Config, RemoteUser, Token } from '@verdaccio/types';
@@ -102,6 +102,7 @@ export default function (route: Router, auth: Auth, storage: Storage, config: Co
 
           await storage.saveToken(saveToken);
           logger.debug({ key, name }, 'token @{key} was created for user @{name}');
+          res.set(HEADERS.CACHE_CONTROL, 'no-cache, no-store');
           return next(
             normalizeToken({
               token,

packages/api/test/integration/_helper.ts

@@ -11,7 +11,7 @@ import {
   generatePackageMetadata,
   initializeServer as initializeServerHelper,
 } from '@verdaccio/test-helper';
-import { GenericBody } from '@verdaccio/types';
+import { GenericBody, PackageUsers } from '@verdaccio/types';
 import { buildToken, generateRandomHexString } from '@verdaccio/utils';
 
 import apiMiddleware from '../../src';
@@ -39,6 +39,7 @@ export function createUser(app, name: string, password: string): supertest.Test
       password: password,
     })
     .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
+    .expect(HEADERS.CACHE_CONTROL, 'no-cache, no-store')
     .expect(HTTP_STATUS.CREATED);
 }
 
@@ -91,16 +92,54 @@ export function publishVersion(
   app,
   pkgName: string,
   version: string,
-  distTags?: GenericBody
+  distTags?: GenericBody,
+  token?: string
 ): supertest.Test {
   const pkgMetadata = generatePackageMetadata(pkgName, version, distTags);
 
-  return supertest(app)
+  const test = supertest(app)
     .put(`/${encodeURIComponent(pkgName)}`)
     .set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)
     .send(JSON.stringify(pkgMetadata))
     .set('accept', HEADERS.GZIP)
     .set(HEADER_TYPE.ACCEPT_ENCODING, HEADERS.JSON);
+
+  if (typeof token === 'string') {
+    test.set(HEADERS.AUTHORIZATION, buildToken(TOKEN_BEARER, token));
+  }
+
+  return test;
+}
+
+export function starPackage(
+  app,
+  options: {
+    users: PackageUsers;
+    name: string;
+    _rev: string;
+    _id?: string;
+  },
+  token?: string
+): supertest.Test {
+  const { _rev, _id, users } = options;
+  const starManifest = {
+    _rev,
+    _id,
+    users,
+  };
+
+  const test = supertest(app)
+    .put(`/${encodeURIComponent(options.name)}`)
+    .set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)
+    .send(JSON.stringify(starManifest))
+    .set('accept', HEADERS.GZIP)
+    .set(HEADER_TYPE.ACCEPT_ENCODING, HEADERS.JSON);
+
+  if (typeof token === 'string') {
+    test.set(HEADERS.AUTHORIZATION, buildToken(TOKEN_BEARER, token));
+  }
+
+  return test;
 }
 
 export function getDisTags(app, pkgName) {

packages/api/test/integration/config/star.yaml

@@ -0,0 +1,26 @@
+auth:
+  htpasswd:
+    file: ./htpasswd-star
+web:
+  enable: true
+  title: verdaccio
+
+uplinks:
+  npmjs:
+    url: https://registry.npmjs.org/
+
+log: { type: stdout, format: pretty, level: info }
+
+packages:
+  '@*/*':
+    access: $all
+    publish: $authenticated
+    unpublish: $authenticated
+    proxy: npmjs
+  '**':
+    access: $all
+    publish: $authenticated
+    unpublish: $authenticated
+    proxy: npmjs
+
+_debug: true

packages/api/test/integration/publish.spec.ts

@@ -6,38 +6,8 @@ import { HTTP_STATUS } from '@verdaccio/core';
 import { API_ERROR, API_MESSAGE, HEADERS, HEADER_TYPE } from '@verdaccio/core';
 import { generatePackageMetadata, generateRemotePackageMetadata } from '@verdaccio/test-helper';
 
-import { $RequestExtend, $ResponseExtend } from '../../types/custom';
 import { getPackage, initializeServer, publishVersion } from './_helper';
 
-const mockApiJWTmiddleware = jest.fn(
-  () =>
-    (req: $RequestExtend, res: $ResponseExtend, _next): void => {
-      req.remote_user = { name: 'foo', groups: [], real_groups: [] };
-      _next();
-    }
-);
-
-jest.mock('@verdaccio/auth', () => ({
-  Auth: class {
-    apiJWTmiddleware() {
-      return mockApiJWTmiddleware();
-    }
-    init() {
-      return Promise.resolve();
-    }
-    allow_access(_d, f_, cb) {
-      cb(null, true);
-    }
-    allow_publish(_d, f_, cb) {
-      cb(null, true);
-    }
-
-    allow_unpublish(_d, f_, cb) {
-      cb(null, true);
-    }
-  },
-}));
-
 describe('publish', () => {
   describe('handle errors', () => {
     const pkgName = 'test';
@@ -80,6 +50,22 @@ describe('publish', () => {
           });
       });
     });
+
+    test.each([['foo', '@scope/foo']])(
+      'should fails on publish a duplicated package',
+      async (pkgName) => {
+        const app = await initializeServer('publish.yaml');
+        await publishVersion(app, pkgName, '1.0.0');
+        return new Promise((resolve) => {
+          publishVersion(app, pkgName, '1.0.0')
+            .expect(HTTP_STATUS.CONFLICT)
+            .then((response) => {
+              expect(response.body.error).toEqual(API_ERROR.PACKAGE_EXIST);
+              resolve(response);
+            });
+        });
+      }
+    );
   });
 
   describe('publish a package', () => {
@@ -141,6 +127,7 @@ describe('publish', () => {
         });
       });
     });
+
     describe('proxies setup', () => {
       test.each([['foo', '@scope%2Ffoo']])(
         'should publish a a patch package that already exist on a remote',
@@ -172,22 +159,6 @@ describe('publish', () => {
     });
   });
 
-  test.each([['foo', '@scope/foo']])(
-    'should fails on publish a duplicated package',
-    async (pkgName) => {
-      const app = await initializeServer('publish.yaml');
-      await publishVersion(app, pkgName, '1.0.0');
-      return new Promise((resolve) => {
-        publishVersion(app, pkgName, '1.0.0')
-          .expect(HTTP_STATUS.CONFLICT)
-          .then((response) => {
-            expect(response.body.error).toEqual(API_ERROR.PACKAGE_EXIST);
-            resolve(response);
-          });
-      });
-    }
-  );
-
   describe('unpublish a package', () => {
     test.each([['foo', '@scope/foo']])('should unpublish entirely a package', async (pkgName) => {
       const app = await initializeServer('publish.yaml');
@@ -257,6 +228,4 @@ describe('publish', () => {
       }
     );
   });
-
-  describe('star a package', () => {});
 });

packages/api/test/integration/star.spec.ts

@@ -0,0 +1,73 @@
+import nock from 'nock';
+import supertest from 'supertest';
+
+import { HTTP_STATUS } from '@verdaccio/core';
+import { HEADERS, HEADER_TYPE } from '@verdaccio/core';
+
+import { getNewToken, getPackage, initializeServer, publishVersion, starPackage } from './_helper';
+
+describe('star', () => {
+  test.each([['foo', '@scope%2Ffoo']])(
+    'should list stared packages for an user',
+    async (pkgName) => {
+      const userLogged = 'jota_token';
+      nock('https://registry.npmjs.org').get(`/${pkgName}`).reply(404);
+      const app = await initializeServer('star.yaml');
+      const token = await getNewToken(app, { name: userLogged, password: 'secretPass' });
+      await publishVersion(app, pkgName, '1.0.0', undefined, token).expect(HTTP_STATUS.CREATED);
+      await publishVersion(app, 'pkg-1', '1.0.0', undefined, token).expect(HTTP_STATUS.CREATED);
+      await publishVersion(app, 'pkg-2', '1.0.0', undefined, token).expect(HTTP_STATUS.CREATED);
+      const manifest = await getPackage(app, '', decodeURIComponent(pkgName));
+      await starPackage(
+        app,
+        {
+          _rev: manifest.body._rev,
+          _id: manifest.body.id,
+          name: pkgName,
+          users: { [userLogged]: true },
+        },
+        token
+      ).expect(HTTP_STATUS.CREATED);
+      await starPackage(
+        app,
+        {
+          _rev: manifest.body._rev,
+          _id: manifest.body.id,
+          name: 'pkg-1',
+          users: { [userLogged]: true },
+        },
+        token
+      ).expect(HTTP_STATUS.CREATED);
+      await starPackage(
+        app,
+        {
+          _rev: manifest.body._rev,
+          _id: manifest.body.id,
+          name: 'pkg-2',
+          users: { [userLogged]: true },
+        },
+        token
+      ).expect(HTTP_STATUS.CREATED);
+      const resp = await supertest(app)
+        .get(`/-/_view/starredByUser?key=%22jota_token%22`)
+        .set('Accept', HEADERS.JSON)
+        .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
+        .expect(HTTP_STATUS.OK);
+      expect(resp.body.rows).toHaveLength(3);
+      expect(resp.body.rows).toEqual([{ value: 'foo' }, { value: 'pkg-1' }, { value: 'pkg-2' }]);
+    }
+  );
+
+  test.each([['foo']])('should requires parameters', async (pkgName) => {
+    const userLogged = 'jota_token';
+    nock('https://registry.npmjs.org').get(`/${pkgName}`).reply(404);
+    const app = await initializeServer('star.yaml');
+    const token = await getNewToken(app, { name: userLogged, password: 'secretPass' });
+    await publishVersion(app, pkgName, '1.0.0', undefined, token).expect(HTTP_STATUS.CREATED);
+    return supertest(app)
+      .get(`/-/_view/starredByUser?key_xxxxx=other`)
+      .set('Accept', HEADERS.JSON)
+      .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
+      .expect(HTTP_STATUS.BAD_REQUEST);
+  });
+});

packages/api/types/custom.d.ts

@@ -2,7 +2,7 @@ import { NextFunction, Request, Response } from 'express';
 
 import { Logger, RemoteUser } from '@verdaccio/types';
 
-export type $RequestExtend = Request & { remote_user?: any; log: Logger };
+export type $RequestExtend = Request & { remote_user?: any; log: Logger; query?: { key: string } };
 export type $ResponseExtend = Response & { cookies?: any };
 export type $NextFunctionVer = NextFunction & any;
 

packages/auth/CHANGELOG.md

@@ -1,5 +1,52 @@
 # @verdaccio/auth
 
+## 6.0.0-6-next.31
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.52
+- @verdaccio/config@6.0.0-6-next.52
+- @verdaccio/loaders@6.0.0-6-next.21
+- @verdaccio/logger@6.0.0-6-next.20
+- verdaccio-htpasswd@11.0.0-6-next.22
+- @verdaccio/utils@6.0.0-6-next.20
+
+## 6.0.0-6-next.30
+
+### Minor Changes
+
+- 4b29d715: chore: move improvements from v5 to v6
+
+  Migrate improvements form v5 to v6:
+
+  - https://github.com/verdaccio/verdaccio/pull/3158
+  - https://github.com/verdaccio/verdaccio/pull/3151
+  - https://github.com/verdaccio/verdaccio/pull/2271
+  - https://github.com/verdaccio/verdaccio/pull/2787
+  - https://github.com/verdaccio/verdaccio/pull/2791
+  - https://github.com/verdaccio/verdaccio/pull/2205
+
+### Patch Changes
+
+- Updated dependencies [4b29d715]
+  - @verdaccio/config@6.0.0-6-next.51
+  - @verdaccio/core@6.0.0-6-next.51
+  - @verdaccio/loaders@6.0.0-6-next.20
+  - verdaccio-htpasswd@11.0.0-6-next.21
+  - @verdaccio/logger@6.0.0-6-next.19
+  - @verdaccio/utils@6.0.0-6-next.19
+
+## 6.0.0-6-next.29
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.50
+- @verdaccio/config@6.0.0-6-next.50
+- @verdaccio/loaders@6.0.0-6-next.19
+- @verdaccio/logger@6.0.0-6-next.18
+- verdaccio-htpasswd@11.0.0-6-next.20
+- @verdaccio/utils@6.0.0-6-next.18
+
 ## 6.0.0-6-next.28
 
 ### Patch Changes

packages/auth/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/auth",
-  "version": "6.0.0-6-next.28",
+  "version": "6.0.0-6-next.31",
   "description": "logger",
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
@@ -39,16 +39,16 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.49",
-    "@verdaccio/config": "workspace:6.0.0-6-next.49",
-    "@verdaccio/loaders": "workspace:6.0.0-6-next.18",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.17",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.17",
+    "@verdaccio/core": "workspace:6.0.0-6-next.52",
+    "@verdaccio/config": "workspace:6.0.0-6-next.52",
+    "@verdaccio/loaders": "workspace:6.0.0-6-next.21",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.20",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.20",
     "debug": "4.3.4",
-    "express": "4.18.1",
+    "express": "4.18.2",
     "jsonwebtoken": "8.5.1",
     "lodash": "4.17.21",
-    "verdaccio-htpasswd": "workspace:11.0.0-6-next.19"
+    "verdaccio-htpasswd": "workspace:11.0.0-6-next.22"
   },
   "devDependencies": {
     "@verdaccio/types": "workspace:11.0.0-6-next.17"

packages/auth/src/auth.ts

@@ -574,7 +574,9 @@ class Auth implements IAuthMiddleware, TokenEncryption, pluginUtils.IBasicAuth {
     const { real_groups, name, groups } = user;
     debug('jwt encrypt %o', name);
     const realGroupsValidated = _.isNil(real_groups) ? [] : real_groups;
-    const groupedGroups = _.isNil(groups) ? real_groups : groups.concat(realGroupsValidated);
+    const groupedGroups = _.isNil(groups)
+      ? real_groups
+      : Array.from(new Set([...groups.concat(realGroupsValidated)]));
     const payload: RemoteUser = {
       real_groups: realGroupsValidated,
       name,

packages/auth/test/auth-utils.spec.ts

@@ -77,8 +77,8 @@ describe('Auth utilities', () => {
     const spyNotCalled = jest.spyOn(auth, methodNotBeenCalled);
     const user: RemoteUser = {
       name: username,
-      real_groups: [],
-      groups: [],
+      real_groups: ['test', '$all', '$authenticated', '@all', '@authenticated', 'all'],
+      groups: ['company-role1', 'company-role2'],
     };
     const token = await getApiToken(auth, config, user, password);
     expect(spy).toHaveBeenCalled();
@@ -93,7 +93,25 @@ describe('Auth utilities', () => {
     const payload = verifyPayload(token, secret);
     expect(payload.name).toBe(user);
     expect(payload.groups).toBeDefined();
+    expect(payload.groups).toEqual([
+      'company-role1',
+      'company-role2',
+      'test',
+      '$all',
+      '$authenticated',
+      '@all',
+      '@authenticated',
+      'all',
+    ]);
     expect(payload.real_groups).toBeDefined();
+    expect(payload.real_groups).toEqual([
+      'test',
+      '$all',
+      '$authenticated',
+      '@all',
+      '@authenticated',
+      'all',
+    ]);
   };
 
   const verifyAES = (token: string, user: string, password: string, secret: string) => {
@@ -219,6 +237,30 @@ describe('Auth utilities', () => {
     });
   });
 
+  describe('createRemoteUser', () => {
+    test('create remote user', () => {
+      expect(createRemoteUser('test', [])).toEqual({
+        name: 'test',
+        real_groups: [],
+        groups: ['$all', '$authenticated', '@all', '@authenticated', 'all'],
+      });
+    });
+    test('create remote user with groups', () => {
+      expect(createRemoteUser('test', ['group1', 'group2'])).toEqual({
+        name: 'test',
+        real_groups: ['group1', 'group2'],
+        groups: ['group1', 'group2', '$all', '$authenticated', '@all', '@authenticated', 'all'],
+      });
+    });
+    test('create anonymous remote user', () => {
+      expect(createAnonymousRemoteUser()).toEqual({
+        name: undefined,
+        real_groups: [],
+        groups: ['$all', '$anonymous', '@all', '@anonymous'],
+      });
+    });
+  });
+
   describe('getApiToken test', () => {
     test('should sign token with aes and security missing', async () => {
       const token = await getTokenByConfiguration(
@@ -445,15 +487,13 @@ describe('Auth utilities', () => {
           security,
           '12345',
           buildToken(TOKEN_BEARER, 'fakeToken')
-        );
+        ) as RemoteUser;
 
         expect(credentials).toBeDefined();
-        // @ts-ignore
         expect(credentials.name).not.toBeDefined();
-        // @ts-ignore
         expect(credentials.real_groups).toBeDefined();
-        // @ts-ignore
-        expect(credentials.real_groups).toEqual([]);
+
+        expect(credentials.groups).toEqual(['$all', '$anonymous', '@all', '@anonymous']);
       });
 
       test('should return anonymous whether token and scheme are corrupted', () => {
@@ -485,14 +525,29 @@ describe('Auth utilities', () => {
           security,
           secret,
           buildToken(TOKEN_BEARER, token)
-        );
+        ) as RemoteUser;
         expect(credentials).toBeDefined();
-        // @ts-ignore
+
         expect(credentials.name).toEqual(user);
-        // @ts-ignore
         expect(credentials.real_groups).toBeDefined();
-        // @ts-ignore
-        expect(credentials.real_groups).toEqual([]);
+        expect(credentials.real_groups).toEqual([
+          'test',
+          '$all',
+          '$authenticated',
+          '@all',
+          '@authenticated',
+          'all',
+        ]);
+        expect(credentials.groups).toEqual([
+          'company-role1',
+          'company-role2',
+          'test',
+          '$all',
+          '$authenticated',
+          '@all',
+          '@authenticated',
+          'all',
+        ]);
       });
     });
   });

packages/cli/CHANGELOG.md

@@ -1,5 +1,33 @@
 # @verdaccio/cli
 
+## 6.0.0-6-next.52
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.52
+- @verdaccio/config@6.0.0-6-next.52
+- @verdaccio/node-api@6.0.0-6-next.52
+- @verdaccio/logger@6.0.0-6-next.20
+
+## 6.0.0-6-next.51
+
+### Patch Changes
+
+- Updated dependencies [4b29d715]
+  - @verdaccio/config@6.0.0-6-next.51
+  - @verdaccio/core@6.0.0-6-next.51
+  - @verdaccio/node-api@6.0.0-6-next.51
+  - @verdaccio/logger@6.0.0-6-next.19
+
+## 6.0.0-6-next.50
+
+### Patch Changes
+
+- @verdaccio/node-api@6.0.0-6-next.50
+- @verdaccio/core@6.0.0-6-next.50
+- @verdaccio/config@6.0.0-6-next.50
+- @verdaccio/logger@6.0.0-6-next.18
+
 ## 6.0.0-6-next.49
 
 ### Patch Changes

packages/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/cli",
-  "version": "6.0.0-6-next.49",
+  "version": "6.0.0-6-next.52",
   "author": {
     "name": "Juan Picado",
     "email": "juanpicado19@gmail.com"
@@ -44,14 +44,14 @@
     "start": "ts-node src/index.ts"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.49",
-    "@verdaccio/config": "workspace:6.0.0-6-next.49",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.17",
-    "@verdaccio/node-api": "workspace:6.0.0-6-next.49",
+    "@verdaccio/core": "workspace:6.0.0-6-next.52",
+    "@verdaccio/config": "workspace:6.0.0-6-next.52",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.20",
+    "@verdaccio/node-api": "workspace:6.0.0-6-next.52",
     "clipanion": "3.1.0",
     "envinfo": "7.8.1",
     "kleur": "3.0.3",
-    "semver": "7.3.7"
+    "semver": "7.3.8"
   },
   "devDependencies": {
     "ts-node": "10.9.1"

packages/config/CHANGELOG.md

@@ -1,5 +1,40 @@
 # @verdaccio/config
 
+## 6.0.0-6-next.52
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.52
+- @verdaccio/utils@6.0.0-6-next.20
+
+## 6.0.0-6-next.51
+
+### Minor Changes
+
+- 4b29d715: chore: move improvements from v5 to v6
+
+  Migrate improvements form v5 to v6:
+
+  - https://github.com/verdaccio/verdaccio/pull/3158
+  - https://github.com/verdaccio/verdaccio/pull/3151
+  - https://github.com/verdaccio/verdaccio/pull/2271
+  - https://github.com/verdaccio/verdaccio/pull/2787
+  - https://github.com/verdaccio/verdaccio/pull/2791
+  - https://github.com/verdaccio/verdaccio/pull/2205
+
+### Patch Changes
+
+- Updated dependencies [4b29d715]
+  - @verdaccio/core@6.0.0-6-next.51
+  - @verdaccio/utils@6.0.0-6-next.19
+
+## 6.0.0-6-next.50
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.50
+- @verdaccio/utils@6.0.0-6-next.18
+
 ## 6.0.0-6-next.49
 
 ### Patch Changes

packages/config/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/config",
-  "version": "6.0.0-6-next.49",
+  "version": "6.0.0-6-next.52",
   "description": "logger",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -39,10 +39,10 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.49",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.17",
+    "@verdaccio/core": "workspace:6.0.0-6-next.52",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.20",
     "debug": "4.3.4",
-    "yaml": "2.1.1",
+    "yaml": "2.1.3",
     "lodash": "4.17.21",
     "minimatch": "3.1.2",
     "yup": "0.32.11"

packages/config/src/security.ts

@@ -1,11 +1,12 @@
 import { APITokenOptions, JWTOptions, Security } from '@verdaccio/types';
 
-export const TIME_EXPIRATION_7D = '7d';
+// TODO: get this from core package
+export const TIME_EXPIRATION_1H = '1h';
 
 const defaultWebTokenOptions: JWTOptions = {
   sign: {
     // The expiration token for the website is 7 days
-    expiresIn: TIME_EXPIRATION_7D,
+    expiresIn: TIME_EXPIRATION_1H,
   },
   verify: {},
 };

packages/config/src/user.ts

@@ -29,7 +29,9 @@ export const defaultNonLoggedUserRoles = [
  */
 export function createRemoteUser(name: string, pluginGroups: string[]): RemoteUser {
   const isGroupValid: boolean = Array.isArray(pluginGroups);
-  const groups = (isGroupValid ? pluginGroups : []).concat([...defaultLoggedUserRoles]);
+  const groups = Array.from(
+    new Set((isGroupValid ? pluginGroups : []).concat([...defaultLoggedUserRoles]))
+  );
 
   return {
     name,

packages/core/core/CHANGELOG.md

@@ -1,5 +1,24 @@
 # @verdaccio/core
 
+## 6.0.0-6-next.52
+
+## 6.0.0-6-next.51
+
+### Minor Changes
+
+- 4b29d715: chore: move improvements from v5 to v6
+
+  Migrate improvements form v5 to v6:
+
+  - https://github.com/verdaccio/verdaccio/pull/3158
+  - https://github.com/verdaccio/verdaccio/pull/3151
+  - https://github.com/verdaccio/verdaccio/pull/2271
+  - https://github.com/verdaccio/verdaccio/pull/2787
+  - https://github.com/verdaccio/verdaccio/pull/2791
+  - https://github.com/verdaccio/verdaccio/pull/2205
+
+## 6.0.0-6-next.50
+
 ## 6.0.0-6-next.49
 
 ## 6.0.0-6-next.48

packages/core/core/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/core",
-  "version": "6.0.0-6-next.49",
+  "version": "6.0.0-6-next.52",
   "description": "core utilities",
   "keywords": [
     "private",
@@ -36,14 +36,14 @@
   "dependencies": {
     "http-errors": "1.8.1",
     "http-status-codes": "2.2.0",
-    "semver": "7.3.7",
-    "ajv": "8.11.0",
+    "semver": "7.3.8",
+    "ajv": "8.11.2",
     "process-warning": "1.0.0",
-    "core-js": "3.25.3"
+    "core-js": "3.26.1"
   },
   "devDependencies": {
     "lodash": "4.17.21",
-    "typedoc": "0.23.15",
+    "typedoc": "0.23.21",
     "typedoc-plugin-missing-exports": "latest",
     "@verdaccio/types": "workspace:11.0.0-6-next.17"
   },

packages/core/core/src/constants.ts

@@ -2,7 +2,7 @@ import httpCodes from 'http-status-codes';
 
 export const DEFAULT_PASSWORD_VALIDATION = /.{3}$/;
 export const TIME_EXPIRATION_24H = '24h';
-export const TIME_EXPIRATION_7D = '7d';
+export const TIME_EXPIRATION_1H = '1h';
 export const DIST_TAGS = 'dist-tags';
 export const LATEST = 'latest';
 export const USERS = 'users';
@@ -35,6 +35,7 @@ export const HEADERS = {
   TEXT_HTML_UTF8: 'text/html; charset=utf-8',
   TEXT_HTML: 'text/html',
   AUTHORIZATION: 'authorization',
+  CACHE_CONTROL: 'Cache-Control',
   // only set with proxy that setup HTTPS
   // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto
   FORWARDED_PROTO: 'X-Forwarded-Proto',

packages/core/readme/.babelrc

@@ -1,3 +0,0 @@
-{
-  "extends": "../../../.babelrc"
-}

packages/core/readme/.gitignore

@@ -1 +0,0 @@
-lib/

packages/core/readme/CHANGELOG.md

@@ -1,307 +0,0 @@
-# Change Log
-
-## 11.0.0-6-next.6
-
-### Patch Changes
-
-- 351aeeaa: fix(deps): @verdaccio/utils should be a prod dep of local-storage
-
-## 11.0.0-6-next.5
-
-### Major Changes
-
-- 292c0a37: feat!: replace deprecated request dependency by got
-
-  This is a big refactoring of the core, fetching dependencies, improve code, more tests and better stability. This is essential for the next release, will take some time but would allow modularize more the core.
-
-  ## Notes
-
-  - Remove deprecated `request` by other `got`, retry improved, custom Agent ( got does not include it built-in)
-  - Remove `async` dependency from storage (used by core) it was linked with proxy somehow safe to remove now
-  - Refactor with promises instead callback wherever is possible
-  - ~Document the API~
-  - Improve testing, integration tests
-  - Bugfix
-  - Clean up old validations
-  - Improve performance
-
-  ## 💥 Breaking changes
-
-  - Plugin API methods were callbacks based are returning promises, this will break current storage plugins, check documentation for upgrade.
-  - Write Tarball, Read Tarball methods parameters change, a new set of options like `AbortController` signals are being provided to the `addAbortSignal` can be internally used with Streams when a request is aborted. eg: `addAbortSignal(signal, fs.createReadStream(pathName));`
-  - `@verdaccio/streams` stream abort support is legacy is being deprecated removed
-  - Remove AWS and Google Cloud packages for future refactoring [#2574](https://github.com/verdaccio/verdaccio/pull/2574).
-
-## 11.0.0-6-next.4
-
-### Major Changes
-
-- 794af76c: Remove Node 12 support
-
-  - We need move to the new `undici` and does not support Node.js 12
-
-## 10.0.0-alpha.3
-
-### Patch Changes
-
-- fecbb9be: chore: add release step to private regisry on merge changeset pr
-
-## 10.0.0-alpha.2
-
-### Minor Changes
-
-- 54c58d1e: feat: add server rate limit protection to all request
-
-  To modify custom values, use the server settings property.
-
-  ```markdown
-  server:
-
-  ## https://www.npmjs.com/package/express-rate-limit#configuration-options
-
-  rateLimit:
-  windowMs: 1000
-  max: 10000
-  ```
-
-  The values are intended to be high, if you want to improve security of your server consider
-  using different values.
-
-## 10.0.0-alpha.1
-
-### Major Changes
-
-- d87fa026: feat!: experiments config renamed to flags
-
-  - The `experiments` configuration is renamed to `flags`. The functionality is exactly the same.
-
-  ```js
-  flags: token: false;
-  search: false;
-  ```
-
-  - The `self_path` property from the config file is being removed in favor of `config_file` full path.
-  - Refactor `config` module, better types and utilities
-
-- da1ee9c8: - Replace signature handler for legacy tokens by removing deprecated crypto.createDecipher by createCipheriv
-
-  - Introduce environment variables for legacy tokens
-
-  ### Code Improvements
-
-  - Add debug library for improve developer experience
-
-  ### Breaking change
-
-  - The new signature invalidates all previous tokens generated by Verdaccio 4 or previous versions.
-  - The secret key must have 32 characters long.
-
-  ### New environment variables
-
-  - `VERDACCIO_LEGACY_ALGORITHM`: Allows to define the specific algorithm for the token signature which by default is `aes-256-ctr`
-  - `VERDACCIO_LEGACY_ENCRYPTION_KEY`: By default, the token stores in the database, but using this variable allows to get it from memory
-
-### Minor Changes
-
-- 26b494cb: feat: add typescript project references settings
-
-  Reading https://ebaytech.berlin/optimizing-multi-package-apps-with-typescript-project-references-d5c57a3b4440 I realized I can use project references to solve the issue to pre-compile modules on develop mode.
-
-  It allows to navigate (IDE) trough the packages without need compile the packages.
-
-  Add two `tsconfig`, one using the previous existing configuration that is able to produce declaration files (`tsconfig.build`) and a new one `tsconfig` which is enables [_projects references_](https://www.typescriptlang.org/docs/handbook/project-references.html).
-
-### Patch Changes
-
-- b57b4338: Enable prerelease mode with **changesets**
-- 31af0164: ESLint Warnings Fixed
-
-  Related to issue #1461
-
-  - max-len: most of the sensible max-len errors are fixed
-  - no-unused-vars: most of these types of errors are fixed by deleting not needed declarations
-  - @typescript-eslint/no-unused-vars: same as above
-
-All notable changes to this project will be documented in this file.
-See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
-
-## [9.7.3](https://github.com/verdaccio/monorepo/compare/v9.7.2...v9.7.3) (2020-07-30)
-
-### Bug Fixes
-
-- update marked / request security vulnerability ([#378](https://github.com/verdaccio/monorepo/issues/378)) ([4188e08](https://github.com/verdaccio/monorepo/commit/4188e088f42d0f6e090c948b869312ba1f30cd79))
-
-## [9.7.2](https://github.com/verdaccio/monorepo/compare/v9.7.1...v9.7.2) (2020-07-20)
-
-**Note:** Version bump only for package @verdaccio/readme
-
-## [9.7.1](https://github.com/verdaccio/monorepo/compare/v9.7.0...v9.7.1) (2020-07-10)
-
-**Note:** Version bump only for package @verdaccio/readme
-
-# [9.7.0](https://github.com/verdaccio/monorepo/compare/v9.6.1...v9.7.0) (2020-06-24)
-
-**Note:** Version bump only for package @verdaccio/readme
-
-## [9.6.1](https://github.com/verdaccio/monorepo/compare/v9.6.0...v9.6.1) (2020-06-07)
-
-**Note:** Version bump only for package @verdaccio/readme
-
-## [9.5.1](https://github.com/verdaccio/monorepo/compare/v9.5.0...v9.5.1) (2020-06-03)
-
-### Bug Fixes
-
-- restore Node v8 support ([#361](https://github.com/verdaccio/monorepo/issues/361)) ([9be55a1](https://github.com/verdaccio/monorepo/commit/9be55a1deebe954e8eef9edc59af9fd16e29daed))
-
-# [9.5.0](https://github.com/verdaccio/monorepo/compare/v9.4.1...v9.5.0) (2020-05-02)
-
-**Note:** Version bump only for package @verdaccio/readme
-
-# [9.4.0](https://github.com/verdaccio/monorepo/compare/v9.3.4...v9.4.0) (2020-03-21)
-
-**Note:** Version bump only for package @verdaccio/readme
-
-## [9.3.3](https://github.com/verdaccio/monorepo/compare/v9.3.2...v9.3.3) (2020-03-11)
-
-### Bug Fixes
-
-- update jsdom@16.2.1 ([#340](https://github.com/verdaccio/monorepo/issues/340)) ([6060769](https://github.com/verdaccio/monorepo/commit/6060769d52f796337dda9f1a54f149c5fb22ca17))
-
-## [9.3.2](https://github.com/verdaccio/monorepo/compare/v9.3.1...v9.3.2) (2020-03-08)
-
-### Bug Fixes
-
-- security dependency jsdom@16.2.0 update ([#338](https://github.com/verdaccio/monorepo/issues/338)) ([0599f3e](https://github.com/verdaccio/monorepo/commit/0599f3e16fd1de993494943e2e7464d10b62d6be))
-- update dependencies ([#332](https://github.com/verdaccio/monorepo/issues/332)) ([b6165ae](https://github.com/verdaccio/monorepo/commit/b6165aea9b7e4012477081eae68bfa7159c58f56))
-
-## [9.3.1](https://github.com/verdaccio/monorepo/compare/v9.3.0...v9.3.1) (2020-02-23)
-
-**Note:** Version bump only for package @verdaccio/readme
-
-# [9.3.0](https://github.com/verdaccio/monorepo/compare/v9.2.0...v9.3.0) (2020-01-29)
-
-**Note:** Version bump only for package @verdaccio/readme
-
-# [9.0.0](https://github.com/verdaccio/monorepo/compare/v8.5.3...v9.0.0) (2020-01-07)
-
-**Note:** Version bump only for package @verdaccio/readme
-
-## [8.5.2](https://github.com/verdaccio/monorepo/compare/v8.5.1...v8.5.2) (2019-12-25)
-
-**Note:** Version bump only for package @verdaccio/readme
-
-## [8.5.1](https://github.com/verdaccio/monorepo/compare/v8.5.0...v8.5.1) (2019-12-24)
-
-**Note:** Version bump only for package @verdaccio/readme
-
-# [8.5.0](https://github.com/verdaccio/monorepo/compare/v8.4.2...v8.5.0) (2019-12-22)
-
-**Note:** Version bump only for package @verdaccio/readme
-
-## [8.4.2](https://github.com/verdaccio/monorepo/compare/v8.4.1...v8.4.2) (2019-11-23)
-
-**Note:** Version bump only for package @verdaccio/readme
-
-## [8.4.1](https://github.com/verdaccio/monorepo/compare/v8.4.0...v8.4.1) (2019-11-22)
-
-**Note:** Version bump only for package @verdaccio/readme
-
-# [8.4.0](https://github.com/verdaccio/monorepo/compare/v8.3.0...v8.4.0) (2019-11-22)
-
-**Note:** Version bump only for package @verdaccio/readme
-
-# [8.3.0](https://github.com/verdaccio/monorepo/compare/v8.2.0...v8.3.0) (2019-10-27)
-
-**Note:** Version bump only for package @verdaccio/readme
-
-# [8.2.0](https://github.com/verdaccio/monorepo/compare/v8.2.0-next.0...v8.2.0) (2019-10-23)
-
-### Bug Fixes
-
-- core/readme/package.json to reduce vulnerabilities ([#216](https://github.com/verdaccio/monorepo/issues/216)) ([40299ab](https://github.com/verdaccio/monorepo/commit/40299ab))
-
-# [8.2.0-next.0](https://github.com/verdaccio/monorepo/compare/v8.1.4...v8.2.0-next.0) (2019-10-08)
-
-### Bug Fixes
-
-- fixed lint errors ([5e677f7](https://github.com/verdaccio/monorepo/commit/5e677f7))
-- fixed lint errors ([c80e915](https://github.com/verdaccio/monorepo/commit/c80e915))
-- quotes should be single ([ae9aa44](https://github.com/verdaccio/monorepo/commit/ae9aa44))
-
-## [8.1.2](https://github.com/verdaccio/monorepo/compare/v8.1.1...v8.1.2) (2019-09-29)
-
-### Bug Fixes
-
-- **readme:** security vulnerabilities in marked dep ([ee604b1](https://github.com/verdaccio/monorepo/commit/ee604b1))
-
-## [8.1.1](https://github.com/verdaccio/monorepo/compare/v8.1.0...v8.1.1) (2019-09-26)
-
-### Bug Fixes
-
-- **security:** Cross-site Scripting (XSS) for readme ([7b53e1b](https://github.com/verdaccio/monorepo/commit/7b53e1b))
-
-# [8.1.0](https://github.com/verdaccio/monorepo/compare/v8.0.1-next.1...v8.1.0) (2019-09-07)
-
-**Note:** Version bump only for package @verdaccio/readme
-
-## [8.0.1-next.1](https://github.com/verdaccio/monorepo/compare/v8.0.1-next.0...v8.0.1-next.1) (2019-08-29)
-
-**Note:** Version bump only for package @verdaccio/readme
-
-## [8.0.1-next.0](https://github.com/verdaccio/monorepo/compare/v8.0.0...v8.0.1-next.0) (2019-08-29)
-
-**Note:** Version bump only for package @verdaccio/readme
-
-# [8.0.0](https://github.com/verdaccio/monorepo/compare/v8.0.0-next.4...v8.0.0) (2019-08-22)
-
-**Note:** Version bump only for package @verdaccio/readme
-
-# [8.0.0-next.4](https://github.com/verdaccio/monorepo/compare/v8.0.0-next.3...v8.0.0-next.4) (2019-08-18)
-
-**Note:** Version bump only for package @verdaccio/readme
-
-# [8.0.0-next.2](https://github.com/verdaccio/monorepo/compare/v8.0.0-next.1...v8.0.0-next.2) (2019-08-03)
-
-**Note:** Version bump only for package @verdaccio/readme
-
-# [8.0.0-next.1](https://github.com/verdaccio/monorepo/compare/v8.0.0-next.0...v8.0.0-next.1) (2019-08-01)
-
-**Note:** Version bump only for package @verdaccio/readme
-
-# [8.0.0-next.0](https://github.com/verdaccio/monorepo/compare/v2.0.0...v8.0.0-next.0) (2019-08-01)
-
-### Features
-
-- **readme:** import readme package ([f4bbf3a](https://github.com/verdaccio/monorepo/commit/f4bbf3a))
-- **readme:** modernize project ([0d8f963](https://github.com/verdaccio/monorepo/commit/0d8f963))
-
-# Changelog
-
-All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
-
-### [1.0.4](https://github.com/verdaccio/readme/compare/v1.0.3...v1.0.4) (2019-06-22)
-
-### Bug Fixes
-
-- update dependencies ([3316ccf](https://github.com/verdaccio/readme/commit/3316ccf))
-
-### [1.0.3](https://github.com/verdaccio/readme/compare/v1.0.2...v1.0.3) (2019-05-15)
-
-### Bug Fixes
-
-- **build:** lib folder as main ([e1ac882](https://github.com/verdaccio/readme/commit/e1ac882))
-
-### [1.0.2](https://github.com/verdaccio/readme/compare/v1.0.1...v1.0.2) (2019-05-15)
-
-### Bug Fixes
-
-- **build:** remove publish script ([9b36d5f](https://github.com/verdaccio/readme/commit/9b36d5f))
-
-### 1.0.1 (2019-05-15)
-
-### Tests
-
-- add basic test ([774a54d](https://github.com/verdaccio/readme/commit/774a54d))
-- add image test ([8c4639e](https://github.com/verdaccio/readme/commit/8c4639e))
-- add xss scenarios ([81e43e8](https://github.com/verdaccio/readme/commit/81e43e8))
-- add xss scenarios ([b211b97](https://github.com/verdaccio/readme/commit/b211b97))

packages/core/readme/LICENSE

@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2019 Verdaccio
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.

packages/core/readme/README.md

@@ -1,22 +0,0 @@
-# @verdaccio/readme
-
-📃 Readme markdown parser
-
-[![verdaccio (latest)](https://img.shields.io/npm/v/@verdaccio/readme/latest.svg)](https://www.npmjs.com/package/@verdaccio/readme)
-[![CircleCI](https://circleci.com/gh/verdaccio/readme/tree/master.svg?style=svg)](https://circleci.com/gh/verdaccio/readme/tree/master)
-[![Known Vulnerabilities](https://snyk.io/test/github/verdaccio/readme/badge.svg?targetFile=package.json)](https://snyk.io/test/github/verdaccio/readme?targetFile=package.json)
-[![codecov](https://codecov.io/gh/verdaccio/readme/branch/master/graph/badge.svg)](https://codecov.io/gh/verdaccio/readme)
-[![backers](https://opencollective.com/verdaccio/tiers/backer/badge.svg?label=Backer&color=brightgreen)](https://opencollective.com/verdaccio)
-[![discord](https://img.shields.io/discord/388674437219745793.svg)](http://chat.verdaccio.org/)
-![MIT](https://img.shields.io/github/license/mashape/apistatus.svg)
-[![node](https://img.shields.io/node/v/@verdaccio/readme/latest.svg)](https://www.npmjs.com/package/@verdaccio/readme)
-
-> This package is already built-in in verdaccio
-
-```
-npm install @verdaccio/readme
-```
-
-## License
-
-Verdaccio is [MIT licensed](https://github.com/verdaccio/readme/blob/master/LICENSE).

packages/core/readme/jest.config.js

@@ -1,3 +0,0 @@
-const config = require('../../../jest/config');
-
-module.exports = Object.assign({}, config, {});

packages/core/readme/package.json

@@ -1,62 +0,0 @@
-{
-  "name": "@verdaccio/readme",
-  "version": "11.0.0-6-next.6",
-  "description": "Readme markdown parser",
-  "keywords": [
-    "private",
-    "package",
-    "repository",
-    "registry",
-    "enterprise",
-    "modules",
-    "proxy",
-    "server",
-    "verdaccio"
-  ],
-  "author": {
-    "name": "Juan Picado",
-    "email": "juanpicado19@gmail.com"
-  },
-  "license": "MIT",
-  "homepage": "https://verdaccio.org",
-  "engines": {
-    "node": ">=14",
-    "npm": ">=6"
-  },
-  "repository": {
-    "type": "https",
-    "url": "https://github.com/verdaccio/verdaccio",
-    "directory": "packages/core/readme"
-  },
-  "bugs": {
-    "url": "https://github.com/verdaccio/verdaccio/issues"
-  },
-  "publishConfig": {
-    "access": "public"
-  },
-  "main": "./build/index.js",
-  "types": "./build/index.d.ts",
-  "files": [
-    "build"
-  ],
-  "dependencies": {
-    "dompurify": "2.4.0",
-    "jsdom": "17.0.0",
-    "marked": "3.0.8"
-  },
-  "devDependencies": {
-    "@verdaccio/types": "workspace:11.0.0-6-next.17"
-  },
-  "scripts": {
-    "clean": "rimraf ./build",
-    "test": "jest",
-    "build:types": "tsc --emitDeclarationOnly -p tsconfig.build.json",
-    "build:js": "babel src/ --out-dir build/ --copy-files --extensions \".ts,.tsx\" --source-maps",
-    "watch": "pnpm build:js -- --watch",
-    "build": "pnpm run build:js && pnpm run build:types"
-  },
-  "funding": {
-    "type": "opencollective",
-    "url": "https://opencollective.com/verdaccio"
-  }
-}

packages/core/readme/src/index.ts

@@ -1,17 +0,0 @@
-import createDOMPurify from 'dompurify';
-import { JSDOM } from 'jsdom';
-import marked from 'marked';
-
-const DOMPurify = createDOMPurify(new JSDOM('').window);
-
-export default function parseReadme(readme: string): string | void {
-  if (readme) {
-    return DOMPurify.sanitize(
-      marked(readme, {
-        sanitize: false,
-      }).trim()
-    );
-  }
-
-  return;
-}

packages/core/readme/tests/__snapshots__/readme.spec.ts.snap

@@ -1,3 +0,0 @@
-// Jest Snapshot v1, https://goo.gl/fbAQLP
-
-exports[`readme mix readmes / markdown should parse marked 1`] = `"<h1 id="mix-html-and-xss-markdown">mix html and XSS markdown</h1><p><a>Basic</a></p><p><a href="https://github.com/webpack/webpack"><img src="https://webpack.js.org/assets/icon-square-big.svg" height="200" width="200"></a></p>"`;

packages/core/readme/tests/partials/mixed-html-mk/readme.md

@@ -1,5 +0,0 @@
-# mix html and XSS markdown
-
-[Basic](<javascript:alert('Basic')>)
-
-<a href="https://github.com/webpack/webpack"><img width="200" height="200" src="https://webpack.js.org/assets/icon-square-big.svg"></a>

packages/core/readme/tests/readme.spec.ts

@@ -1,247 +0,0 @@
-import fs from 'fs';
-import path from 'path';
-
-import parseReadme from '../src';
-
-function readReadme(project: string, fileName = 'readme.md'): Promise<string> {
-  return new Promise((resolve, reject): void => {
-    fs.readFile(path.join(__dirname, 'partials', project, fileName), 'utf8', (err, data) => {
-      if (err) {
-        return reject(err);
-      }
-
-      return resolve(data.toString());
-    });
-  });
-}
-
-function clean(text: string): string {
-  return text.replace(/\n|\r/g, '').trim();
-}
-
-describe('readme', () => {
-  test('should handle empty readme', () => {
-    expect(parseReadme('')).toBeUndefined();
-  });
-
-  test('should handle single string readme', () => {
-    expect(parseReadme('this is a readme')).toEqual('<p>this is a readme</p>');
-  });
-
-  test('should handle wrong text', () => {
-    // @ts-expect-error
-    expect(parseReadme(undefined)).toBeUndefined();
-  });
-
-  describe('basic parsing', () => {
-    test('should parse basic', () => {
-      expect(parseReadme('# hi')).toEqual(`<h1 id=\"hi\">hi</h1>`);
-    });
-
-    test('should parse basic / js alert', () => {
-      expect(parseReadme("[Basic](javascript:alert('Basic'))")).toEqual('<p><a>Basic</a></p>');
-    });
-
-    test('should parse basic / local storage', () => {
-      expect(
-        parseReadme('[Local Storage](javascript:alert(JSON.stringify(localStorage)))')
-      ).toEqual('<p><a>Local Storage</a></p>');
-    });
-
-    test('should parse basic / case insensitive', () => {
-      expect(parseReadme("[CaseInsensitive](JaVaScRiPt:alert('CaseInsensitive'))")).toEqual(
-        '<p><a>CaseInsensitive</a></p>'
-      );
-    });
-
-    test('should parse basic / url', () => {
-      expect(parseReadme("[URL](javascript://www.google.com%0Aalert('URL'))")).toEqual(
-        '<p><a>URL</a></p>'
-      );
-    });
-
-    test('should parse basic / in quotes', () => {
-      expect(parseReadme('[In Quotes](\'javascript:alert("InQuotes")\')')).toEqual(
-        '<p><a href="\'javascript:alert(%22InQuotes%22)\'">In Quotes</a></p>'
-      );
-    });
-  });
-
-  describe('should parse images', () => {
-    test('in quotes', () => {
-      expect(
-        parseReadme(
-          '![Escape SRC - onload](https://www.example.com/image.png"onload="alert(\'ImageOnLoad\'))'
-        )
-      ).toEqual(
-        '<p><img alt="Escape SRC - onload" src="https://www.example.com/image.png%22onload=' +
-          "%22alert('ImageOnLoad')\"></p>"
-      );
-    });
-
-    test('in image error', () => {
-      expect(parseReadme('![Escape SRC - onerror]("onerror="alert(\'ImageOnError\'))')).toEqual(
-        '<p><img alt="Escape SRC - onerror" src="%22onerror=%22alert(\'ImageOnError\')"></p>'
-      );
-    });
-  });
-
-  describe('should test fuzzing', () => {
-    test('xss / document cookie', () => {
-      expect(parseReadme('[XSS](javascript:prompt(document.cookie))')).toEqual('<p><a>XSS</a></p>');
-    });
-
-    test('xss / white space cookie', () => {
-      expect(
-        parseReadme('[XSS](j    a   v   a   s   c   r   i   p   t:prompt(document.cookie))')
-      ).toEqual('<p>[XSS](j    a   v   a   s   c   r   i   p   t:prompt(document.cookie))</p>');
-    });
-
-    test('xss / data test/html', () => {
-      expect(
-        parseReadme('[XSS](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K)')
-      ).toEqual('<p><a>XSS</a></p>');
-    });
-
-    test('xss / data test/html encoded', () => {
-      expect(
-        parseReadme(
-          '[XSS](&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x7' +
-            '2&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29)'
-        )
-      ).toEqual(
-        '<p><a href="&amp;#x6A&amp;#x61&amp;#x76&amp;#x61&amp;#x73&amp;#x63&amp;#x72&amp;' +
-          '#x69&amp;#x70&amp;#x74&amp;#x3A&amp;#x61&amp;#x6C&amp;#x65&amp;#x72&amp;#x74&amp' +
-          ';#x28&amp;#x27&amp;#x58&amp;#x53&amp;#x53&amp;#x27&amp;#x29">XSS</a></p>'
-      );
-    });
-
-    test('xss / js prompt', () => {
-      expect(parseReadme('[XSS]: (javascript:prompt(document.cookie))')).toEqual('');
-    });
-
-    test('xss / js window error alert', () => {
-      expect(parseReadme('[XSS](javascript:window.onerror=alert;throw%20document.cookie)')).toEqual(
-        '<p><a>XSS</a></p>'
-      );
-    });
-
-    test('xss / js window encoded prompt', () => {
-      expect(parseReadme('[XSS](javascript://%0d%0aprompt(1))')).toEqual('<p><a>XSS</a></p>');
-    });
-
-    test('xss / js window encoded prompt multiple statement', () => {
-      expect(parseReadme('[XSS](javascript://%0d%0aprompt(1);com)')).toEqual('<p><a>XSS</a></p>');
-    });
-
-    test('xss / js window encoded window error alert multiple statement', () => {
-      expect(parseReadme('[XSS](javascript:window.onerror=alert;throw%20document.cookie)')).toEqual(
-        '<p><a>XSS</a></p>'
-      );
-    });
-
-    test('xss / js window encoded window error alert throw error', () => {
-      expect(
-        parseReadme('[XSS](javascript://%0d%0awindow.onerror=alert;throw%20document.cookie)')
-      ).toEqual('<p><a>XSS</a></p>');
-    });
-
-    test('xss / js window encoded data text/html base 64', () => {
-      expect(
-        parseReadme('[XSS](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K)')
-      ).toEqual('<p><a>XSS</a></p>');
-    });
-
-    test('xss / js vbscript alert', () => {
-      expect(parseReadme('[XSS](vbscript:alert(document.domain))')).toEqual('<p><a>XSS</a></p>');
-    });
-
-    describe('xss / js alert this', () => {
-      test('xss / js case #1', () => {
-        expect(parseReadme('[XSS](javascript:this;alert(1))')).toEqual('<p><a>XSS</a></p>');
-      });
-
-      test('xss / js case #2', () => {
-        expect(parseReadme('[XSS](javascript:this;alert(1&#41;)')).toEqual('<p><a>XSS</a></p>');
-      });
-
-      test('xss / js case #3', () => {
-        expect(parseReadme('[XSS](javascript&#58this;alert(1&#41;)')).toEqual('<p><a>XSS</a></p>');
-      });
-
-      test('xss / js case #4', () => {
-        expect(parseReadme('[XSS](Javas&#99;ript:alert(1&#41;)')).toEqual('<p><a>XSS</a></p>');
-      });
-
-      test('xss / js case #5', () => {
-        expect(parseReadme('[XSS](Javas%26%2399;ript:alert(1&#41;)')).toEqual(
-          '<p><a href="Javas%26%2399;ript:alert(1)">XSS</a></p>'
-        );
-      });
-
-      test('xss / js case #6', () => {
-        expect(parseReadme('[XSS](javascript:alert&#65534;(1&#41;)')).toEqual('<p><a>XSS</a></p>');
-      });
-    });
-
-    test('xss / js confirm', () => {
-      expect(parseReadme('[XSS](javascript:confirm(1)')).toEqual('<p><a>XSS</a></p>');
-    });
-
-    describe('xss / js url', () => {
-      test('xss / case #1', () => {
-        expect(parseReadme('[XSS](javascript://www.google.com%0Aprompt(1))')).toEqual(
-          '<p><a>XSS</a></p>'
-        );
-      });
-
-      test('xss / case #2', () => {
-        expect(parseReadme('[XSS](javascript://%0d%0aconfirm(1);com)')).toEqual(
-          '<p><a>XSS</a></p>'
-        );
-      });
-
-      test('xss / case #3', () => {
-        expect(parseReadme('[XSS](javascript:window.onerror=confirm;throw%201)')).toEqual(
-          '<p><a>XSS</a></p>'
-        );
-      });
-
-      test('xss / case #4', () => {
-        expect(parseReadme('[XSS](<28>javascript:alert(document.domain&#41;)')).toEqual(
-          '<p><a href="%EF%BF%BDjavascript:alert(document.domain)">XSS</a></p>'
-        );
-      });
-
-      test('xss / case #5', () => {
-        expect(parseReadme('![XSS](javascript:prompt(document.cookie))\\')).toEqual(
-          '<p><img alt="XSS">\\</p>'
-        );
-      });
-
-      test('xss / case #6', () => {
-        expect(
-          parseReadme('![XSS](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K)\\')
-        ).toEqual(
-          '<p><img alt="XSS" src="data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3Nj' +
-            'cmlwdD4K">\\</p>'
-        );
-      });
-
-      // FIXME: requires proper parsing
-      test.skip('xss / case #7', () => {
-        expect(parseReadme(`![XSS'"\`onerror=prompt(document.cookie)](x)\\`)).toEqual(
-          '<p>![XSS\'\\"`onerror=prompt(document.cookie)](x)\\\\</p>'
-        );
-      });
-    });
-  });
-
-  describe('mix readmes / markdown', () => {
-    test('should parse marked', async () => {
-      const readme: string = await readReadme('mixed-html-mk');
-
-      expect(clean(parseReadme(readme) as string)).toMatchSnapshot();
-    });
-  });
-});

packages/core/readme/tsconfig.build.json

@@ -1,9 +0,0 @@
-{
-  "extends": "../../../tsconfig.base.json",
-  "compilerOptions": {
-    "rootDir": "./src",
-    "outDir": "./build"
-  },
-  "include": ["src/**/*"],
-  "exclude": ["src/**/*.test.ts"]
-}

packages/core/readme/tsconfig.json

@@ -1,13 +0,0 @@
-{
-  "extends": "../../../tsconfig.reference.json",
-  "compilerOptions": {
-    "rootDir": "./src",
-    "outDir": "./build",
-    "preserveSymlinks": true,
-    "composite": true,
-    "declaration": true,
-    "declarationMap": true
-  },
-  "include": ["src/**/*.ts"],
-  "exclude": ["src/**/*.test.ts"]
-}

packages/core/tarball/CHANGELOG.md

@@ -1,5 +1,30 @@
 # Change Log
 
+## 11.0.0-6-next.21
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.52
+- @verdaccio/url@11.0.0-6-next.18
+- @verdaccio/utils@6.0.0-6-next.20
+
+## 11.0.0-6-next.20
+
+### Patch Changes
+
+- Updated dependencies [4b29d715]
+  - @verdaccio/core@6.0.0-6-next.51
+  - @verdaccio/url@11.0.0-6-next.17
+  - @verdaccio/utils@6.0.0-6-next.19
+
+## 11.0.0-6-next.19
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.50
+- @verdaccio/url@11.0.0-6-next.16
+- @verdaccio/utils@6.0.0-6-next.18
+
 ## 11.0.0-6-next.18
 
 ### Patch Changes

packages/core/tarball/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/tarball",
-  "version": "11.0.0-6-next.18",
+  "version": "11.0.0-6-next.21",
   "description": "tarball utilities resolver",
   "keywords": [
     "private",
@@ -35,14 +35,14 @@
   },
   "dependencies": {
     "debug": "4.3.4",
-    "@verdaccio/core": "workspace:6.0.0-6-next.49",
-    "@verdaccio/url": "workspace:11.0.0-6-next.15",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.17",
+    "@verdaccio/core": "workspace:6.0.0-6-next.52",
+    "@verdaccio/url": "workspace:11.0.0-6-next.18",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.20",
     "lodash": "4.17.21"
   },
   "devDependencies": {
     "@verdaccio/types": "workspace:11.0.0-6-next.17",
-    "node-mocks-http": "1.11.0"
+    "node-mocks-http": "1.12.1"
   },
   "scripts": {
     "clean": "rimraf ./build",

packages/core/types/package.json

@@ -41,8 +41,8 @@
     "build": "tsc --emitDeclarationOnly -p tsconfig.build.json"
   },
   "devDependencies": {
-    "@types/node": "16.11.62",
-    "typedoc": "0.23.15"
+    "@types/node": "16.18.3",
+    "typedoc": "0.23.21"
   },
   "typedoc": {
     "entryPoint": "./src/types.ts",

packages/core/url/CHANGELOG.md

@@ -1,5 +1,37 @@
 # Change Log
 
+## 11.0.0-6-next.18
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.52
+
+## 11.0.0-6-next.17
+
+### Minor Changes
+
+- 4b29d715: chore: move improvements from v5 to v6
+
+  Migrate improvements form v5 to v6:
+
+  - https://github.com/verdaccio/verdaccio/pull/3158
+  - https://github.com/verdaccio/verdaccio/pull/3151
+  - https://github.com/verdaccio/verdaccio/pull/2271
+  - https://github.com/verdaccio/verdaccio/pull/2787
+  - https://github.com/verdaccio/verdaccio/pull/2791
+  - https://github.com/verdaccio/verdaccio/pull/2205
+
+### Patch Changes
+
+- Updated dependencies [4b29d715]
+  - @verdaccio/core@6.0.0-6-next.51
+
+## 11.0.0-6-next.16
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.50
+
 ## 11.0.0-6-next.15
 
 ### Minor Changes

packages/core/url/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/url",
-  "version": "11.0.0-6-next.15",
+  "version": "11.0.0-6-next.18",
   "description": "url utilities resolver",
   "keywords": [
     "private",
@@ -34,14 +34,14 @@
     "access": "public"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.49",
+    "@verdaccio/core": "workspace:6.0.0-6-next.52",
     "debug": "4.3.4",
     "lodash": "4.17.21",
     "validator": "13.7.0"
   },
   "devDependencies": {
     "@verdaccio/types": "workspace:11.0.0-6-next.17",
-    "node-mocks-http": "1.11.0"
+    "node-mocks-http": "1.12.1"
   },
   "scripts": {
     "clean": "rimraf ./build",

packages/core/url/tests/getPublicUrl.spec.ts

@@ -295,6 +295,27 @@ describe('env variable', () => {
     delete process.env.VERDACCIO_PUBLIC_URL;
   });
 
+  test('with the VERDACCIO_FORWARDED_PROTO undefined', () => {
+    process.env.VERDACCIO_FORWARDED_PROTO = undefined;
+    const req = httpMocks.createRequest({
+      method: 'GET',
+      headers: {
+        host: 'some.com',
+        [HEADERS.FORWARDED_PROTO]: 'https',
+      },
+      url: '/',
+    });
+
+    expect(
+      getPublicUrl('/test/', {
+        host: req.hostname,
+        headers: req.headers as any,
+        protocol: req.protocol,
+      })
+    ).toEqual('http://some.com/test/');
+    delete process.env.VERDACCIO_FORWARDED_PROTO;
+  });
+
   test('with a invalid X-Forwarded-Proto https and host injection with invalid host', () => {
     process.env.VERDACCIO_PUBLIC_URL = 'http://injection.test.com"><svg onload="alert(1)">';
     const req = httpMocks.createRequest({

packages/hooks/CHANGELOG.md

@@ -1,5 +1,27 @@
 # @verdaccio/hooks
 
+## 6.0.0-6-next.22
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.52
+- @verdaccio/logger@6.0.0-6-next.20
+
+## 6.0.0-6-next.21
+
+### Patch Changes
+
+- Updated dependencies [4b29d715]
+  - @verdaccio/core@6.0.0-6-next.51
+  - @verdaccio/logger@6.0.0-6-next.19
+
+## 6.0.0-6-next.20
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.50
+- @verdaccio/logger@6.0.0-6-next.18
+
 ## 6.0.0-6-next.19
 
 ### Patch Changes

packages/hooks/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/hooks",
-  "version": "6.0.0-6-next.19",
+  "version": "6.0.0-6-next.22",
   "description": "loaders logic",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -30,17 +30,17 @@
     "npm": ">=6"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.49",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.17",
-    "core-js": "3.25.3",
+    "@verdaccio/core": "workspace:6.0.0-6-next.52",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.20",
+    "core-js": "3.26.1",
     "debug": "4.3.4",
     "handlebars": "4.7.7",
     "undici": "4.16.0"
   },
   "devDependencies": {
-    "@types/node": "16.11.62",
-    "@verdaccio/auth": "workspace:6.0.0-6-next.28",
-    "@verdaccio/config": "workspace:6.0.0-6-next.49",
+    "@types/node": "16.18.3",
+    "@verdaccio/auth": "workspace:6.0.0-6-next.31",
+    "@verdaccio/config": "workspace:6.0.0-6-next.52",
     "@verdaccio/types": "workspace:11.0.0-6-next.17"
   },
   "scripts": {

packages/loaders/CHANGELOG.md

@@ -1,5 +1,23 @@
 # @verdaccio/loaders
 
+## 6.0.0-6-next.21
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.20
+
+## 6.0.0-6-next.20
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.19
+
+## 6.0.0-6-next.19
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.18
+
 ## 6.0.0-6-next.18
 
 ### Patch Changes

packages/loaders/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/loaders",
-  "version": "6.0.0-6-next.18",
+  "version": "6.0.0-6-next.21",
   "description": "loaders logic",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -13,13 +13,13 @@
     "url": "https://github.com/verdaccio/verdaccio"
   },
   "dependencies": {
-    "@verdaccio/logger": "workspace:6.0.0-6-next.17",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.20",
     "debug": "4.3.4",
     "lodash": "4.17.21"
   },
   "devDependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.49",
-    "@verdaccio/config": "workspace:6.0.0-6-next.49",
+    "@verdaccio/core": "workspace:6.0.0-6-next.52",
+    "@verdaccio/config": "workspace:6.0.0-6-next.52",
     "@verdaccio/types": "workspace:11.0.0-6-next.17",
     "@verdaccio-scope/verdaccio-auth-foo": "0.0.2",
     "verdaccio-auth-memory": "workspace:*",

packages/logger-prettify/package.json

@@ -39,14 +39,14 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "dayjs": "1.11.5",
+    "dayjs": "1.11.6",
     "pino-abstract-transport": "1.0.0",
     "colorette": "2.0.19",
     "lodash": "4.17.21",
     "sonic-boom": "3.2.0"
   },
   "devDependencies": {
-    "pino": "8.6.1"
+    "pino": "8.7.0"
   },
   "funding": {
     "type": "opencollective",

packages/logger-prettify/src/types.ts

@@ -1,6 +1,6 @@
-import { PrettyOptions } from 'pino';
+import { LoggerOptions } from 'pino';
 
-export interface PrettyOptionsExtended extends PrettyOptions {
+export interface PrettyOptionsExtended extends LoggerOptions {
   prettyStamp: boolean;
   colors?: boolean;
 }

packages/logger/CHANGELOG.md

@@ -1,5 +1,24 @@
 # @verdaccio/logger
 
+## 6.0.0-6-next.20
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.52
+
+## 6.0.0-6-next.19
+
+### Patch Changes
+
+- Updated dependencies [4b29d715]
+  - @verdaccio/core@6.0.0-6-next.51
+
+## 6.0.0-6-next.18
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.50
+
 ## 6.0.0-6-next.17
 
 ### Patch Changes

packages/logger/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/logger",
-  "version": "6.0.0-6-next.17",
+  "version": "6.0.0-6-next.20",
   "description": "logger",
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
@@ -39,11 +39,11 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.49",
+    "@verdaccio/core": "workspace:6.0.0-6-next.52",
     "@verdaccio/logger-prettify": "workspace:6.0.0-6-next.7",
     "debug": "4.3.4",
     "colorette": "2.0.19",
-    "pino": "8.6.1"
+    "pino": "8.7.0"
   },
   "devDependencies": {
     "@verdaccio/types": "workspace:11.0.0-6-next.17"

packages/middleware/CHANGELOG.md

@@ -1,5 +1,46 @@
 # @verdaccio/middleware
 
+## 6.0.0-6-next.31
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.52
+- @verdaccio/auth@6.0.0-6-next.31
+- @verdaccio/logger@6.0.0-6-next.20
+- @verdaccio/utils@6.0.0-6-next.20
+
+## 6.0.0-6-next.30
+
+### Minor Changes
+
+- 4b29d715: chore: move improvements from v5 to v6
+
+  Migrate improvements form v5 to v6:
+
+  - https://github.com/verdaccio/verdaccio/pull/3158
+  - https://github.com/verdaccio/verdaccio/pull/3151
+  - https://github.com/verdaccio/verdaccio/pull/2271
+  - https://github.com/verdaccio/verdaccio/pull/2787
+  - https://github.com/verdaccio/verdaccio/pull/2791
+  - https://github.com/verdaccio/verdaccio/pull/2205
+
+### Patch Changes
+
+- Updated dependencies [4b29d715]
+  - @verdaccio/auth@6.0.0-6-next.30
+  - @verdaccio/core@6.0.0-6-next.51
+  - @verdaccio/logger@6.0.0-6-next.19
+  - @verdaccio/utils@6.0.0-6-next.19
+
+## 6.0.0-6-next.29
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.50
+- @verdaccio/auth@6.0.0-6-next.29
+- @verdaccio/logger@6.0.0-6-next.18
+- @verdaccio/utils@6.0.0-6-next.18
+
 ## 6.0.0-6-next.28
 
 ### Patch Changes

packages/middleware/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/middleware",
-  "version": "6.0.0-6-next.28",
+  "version": "6.0.0-6-next.31",
   "description": "loaders logic",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -39,11 +39,11 @@
   },
   "dependencies": {
     "debug": "4.3.4",
-    "body-parser": "1.20.0",
-    "@verdaccio/auth": "workspace:6.0.0-6-next.28",
-    "@verdaccio/core": "workspace:6.0.0-6-next.49",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.17",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.17",
+    "body-parser": "1.20.1",
+    "@verdaccio/auth": "workspace:6.0.0-6-next.31",
+    "@verdaccio/core": "workspace:6.0.0-6-next.52",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.20",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.20",
     "lodash": "4.17.21"
   },
   "funding": {

packages/middleware/src/middleware.ts

@@ -104,10 +104,7 @@ export function media(expect: string | null): any {
       next(
         errorUtils.getCode(
           HTTP_STATUS.UNSUPPORTED_MEDIA,
-          'wrong content-type, expect: ' +
-            expect +
-            ', got: ' +
-            req.headers[HEADER_TYPE.CONTENT_TYPE]
+          'wrong content-type, expect: ' + expect + ', got: ' + req.get[HEADER_TYPE.CONTENT_TYPE]
         )
       );
     } else {
@@ -141,7 +138,7 @@ export function expectJson(
 
 export function antiLoop(config: Config): Function {
   return function (req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer): void {
-    if (req.headers.via != null) {
+    if (req?.headers?.via != null) {
       const arr = req.headers.via.split(',');
 
       for (let i = 0; i < arr.length; i++) {
@@ -264,7 +261,7 @@ export function log(req: $RequestExtend, res: $ResponseExtend, next: $NextFuncti
     req.headers.authorization = '<Classified>';
   }
 
-  const _cookie = req.headers.cookie;
+  const _cookie = req.get('cookie');
   if (_.isNil(_cookie) === false) {
     req.headers.cookie = '<Classified>';
   }
@@ -298,7 +295,7 @@ export function log(req: $RequestExtend, res: $ResponseExtend, next: $NextFuncti
   };
 
   const log = function (): void {
-    const forwardedFor = req.headers['x-forwarded-for'];
+    const forwardedFor = req.get('x-forwarded-for');
     const remoteAddress = req.connection.remoteAddress;
     const remoteIP = forwardedFor ? `${forwardedFor} via ${remoteAddress}` : remoteAddress;
     let message;