chore: update versions (6-next) (#3591)

* refactor middleware dependencies

* improve wrap

* chore: fix local

* chore: fix test

* changeset

.changeset/big-years-repair.md

@@ -0,0 +1,8 @@
+---
+'@verdaccio/api': minor
+'@verdaccio/middleware': minor
+'@verdaccio/utils': minor
+'@verdaccio/web': minor
+---
+
+feat: expose middleware utils

.changeset/eight-bottles-own.md

@@ -0,0 +1,8 @@
+---
+'@verdaccio/middleware': patch
+'@verdaccio/server': patch
+'@verdaccio/test-helper': patch
+'@verdaccio/local-publish': patch
+---
+
+fix: extract logger from middleware

.changeset/pre.json

@@ -60,6 +60,7 @@
     "afraid-mice-obey",
     "angry-nails-appear",
     "big-lobsters-sin",
+    "big-years-repair",
     "brave-seahorses-press",
     "bright-poems-obey",
     "brown-cycles-laugh",
@@ -72,6 +73,7 @@
     "dry-planes-tap",
     "dull-monkeys-search",
     "early-jokes-nail",
+    "eight-bottles-own",
     "eleven-brooms-hunt",
     "eleven-spoons-matter",
     "fair-lemons-beam",

.github/workflows/codeql-analysis.yml

@@ -34,7 +34,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@515828d97454b8354517688ddc5b48402b723750 # tag=v2
+        uses: github/codeql-action/init@3ebbd71c74ef574dbc558c82f70e52732c8b44fe # tag=v2
 
       # Override language selection by uncommenting this and choosing your languages
       # with:
@@ -42,7 +42,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@515828d97454b8354517688ddc5b48402b723750 # tag=v2
+        uses: github/codeql-action/autobuild@3ebbd71c74ef574dbc558c82f70e52732c8b44fe # tag=v2
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -56,4 +56,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@515828d97454b8354517688ddc5b48402b723750 # tag=v2
+        uses: github/codeql-action/analyze@3ebbd71c74ef574dbc558c82f70e52732c8b44fe # tag=v2

.github/workflows/e2e-ci.yml

@@ -75,14 +75,15 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        pkg: [npm6, npm7, npm8, npm9, pnpm6, pnpm7, yarn1, yarn2,  yarn3, yarn4]
-    name:  ${{ matrix.pkg }} / ${{ matrix.os }}
+        pkg: [npm6, npm7, npm8, npm9, pnpm6, pnpm7, yarn1, yarn2, yarn3, yarn4]
+        node: [16, 18, 19]
+    name: ${{ matrix.pkg }}/ ubuntu-latest / ${{ matrix.node }}
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
       - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
-          node-version-file: '.nvmrc'
+          node-version: ${{ matrix.node }}
       - name: Install pnpm
         run: npm i pnpm@6.32.15 -g
       - uses: actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12 # v3

.github/workflows/website.yml

@@ -109,7 +109,7 @@ jobs:
 
       - name: Format lighthouse score
         id: format_lighthouse_score
-        uses: actions/github-script@d556feaca394842dc55e4734bf3bb9f685482fa0 # tag=v6
+        uses: actions/github-script@98814c53be79b1d30f795b907e553d8679345975 # tag=v6
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           script: |

e2e/cli/cli-commons/package.json

@@ -5,9 +5,9 @@
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
   "devDependencies": {
-    "verdaccio": "workspace:6.0.0-6-next.55",
-    "@verdaccio/core": "workspace:6.0.0-6-next.55",
-    "@verdaccio/config": "workspace:6.0.0-6-next.55",
+    "verdaccio": "workspace:6.0.0-6-next.57",
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
+    "@verdaccio/config": "workspace:6.0.0-6-next.57",
     "@verdaccio/types": "workspace:11.0.0-6-next.19",
     "yaml": "2.2.0",
     "debug": "4.3.4",

e2e/ui/package.json

@@ -3,10 +3,10 @@
   "name": "@verdaccio/e2e-ui",
   "version": "2.0.0-6-next.3",
   "devDependencies": {
-    "verdaccio": "workspace:6.0.0-6-next.55",
-    "@verdaccio/core": "workspace:6.0.0-6-next.55",
-    "@verdaccio/config": "workspace:6.0.0-6-next.55",
-    "@verdaccio/test-helper": "workspace:2.0.0-6-next.6",
+    "verdaccio": "workspace:6.0.0-6-next.57",
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
+    "@verdaccio/config": "workspace:6.0.0-6-next.57",
+    "@verdaccio/test-helper": "workspace:2.0.0-6-next.7",
     "debug": "4.3.4",
     "cypress": "11.2.0"
   },

package.json

@@ -73,8 +73,8 @@
     "@types/react-dom": "18.0.9",
     "@types/react-router-dom": "5.3.3",
     "@types/react-virtualized": "9.21.21",
-    "@typescript-eslint/eslint-plugin": "5.47.0",
-    "@typescript-eslint/parser": "5.47.0",
+    "@typescript-eslint/eslint-plugin": "5.49.0",
+    "@typescript-eslint/parser": "5.49.0",
     "@verdaccio/crowdin-translations": "workspace:*",
     "@verdaccio/eslint-config": "workspace:*",
     "@verdaccio/types": "workspace:*",
@@ -90,7 +90,7 @@
     "debug": "4.3.4",
     "detect-secrets": "1.0.6",
     "jest-diff": "29.3.1",
-    "eslint": "8.30.0",
+    "eslint": "8.33.0",
     "fs-extra": "10.1.0",
     "husky": "7.0.4",
     "in-publish": "2.0.1",
@@ -105,7 +105,7 @@
     "nock": "13.2.9",
     "nodemon": "2.0.20",
     "npm-run-all": "4.1.5",
-    "prettier": "2.8.1",
+    "prettier": "2.8.3",
     "rimraf": "3.0.2",
     "selfsigned": "1.10.14",
     "supertest": "6.3.3",
@@ -157,7 +157,8 @@
     "crowdin:sync": "pnpm crowdin:upload && pnpm crowdin:download --verbose",
     "postinstall": "husky install",
     "local:registry": "pnpm start --filter ...@verdaccio/local-publish",
-    "local:publish": "cross-env npm_config_registry=http://localhost:4873 pnpm ci:publish",
+    "local:snapshots": "changeset version --snapshot",
+    "local:publish": "cross-env npm_config_registry=http://localhost:4873 pnpm ci:publish -- --no-git-tag",
     "local:publish:release": "concurrently \"pnpm local:registry\" \"pnpm local:publish\""
   },
   "pnpm": {

packages/api/CHANGELOG.md

@@ -1,5 +1,35 @@
 # @verdaccio/api
 
+## 6.0.0-6-next.40
+
+### Patch Changes
+
+- Updated dependencies [9943e2b1]
+  - @verdaccio/middleware@6.0.0-6-next.36
+  - @verdaccio/store@6.0.0-6-next.37
+  - @verdaccio/core@6.0.0-6-next.57
+  - @verdaccio/config@6.0.0-6-next.57
+  - @verdaccio/auth@6.0.0-6-next.36
+  - @verdaccio/logger@6.0.0-6-next.25
+  - @verdaccio/utils@6.0.0-6-next.25
+
+## 6.0.0-6-next.39
+
+### Minor Changes
+
+- a1986e09: feat: expose middleware utils
+
+### Patch Changes
+
+- Updated dependencies [a1986e09]
+  - @verdaccio/middleware@6.0.0-6-next.35
+  - @verdaccio/utils@6.0.0-6-next.24
+  - @verdaccio/auth@6.0.0-6-next.35
+  - @verdaccio/config@6.0.0-6-next.56
+  - @verdaccio/store@6.0.0-6-next.36
+  - @verdaccio/core@6.0.0-6-next.56
+  - @verdaccio/logger@6.0.0-6-next.24
+
 ## 6.0.0-6-next.38
 
 ### Patch Changes

packages/api/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/api",
-  "version": "6.0.0-6-next.38",
+  "version": "6.0.0-6-next.40",
   "description": "loaders logic",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -39,13 +39,13 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@verdaccio/auth": "workspace:6.0.0-6-next.34",
-    "@verdaccio/config": "workspace:6.0.0-6-next.55",
-    "@verdaccio/core": "workspace:6.0.0-6-next.55",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.23",
-    "@verdaccio/middleware": "workspace:6.0.0-6-next.34",
-    "@verdaccio/store": "workspace:6.0.0-6-next.35",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.23",
+    "@verdaccio/auth": "workspace:6.0.0-6-next.36",
+    "@verdaccio/config": "workspace:6.0.0-6-next.57",
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.25",
+    "@verdaccio/middleware": "workspace:6.0.0-6-next.36",
+    "@verdaccio/store": "workspace:6.0.0-6-next.37",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.25",
     "abortcontroller-polyfill": "1.7.5",
     "cookies": "0.8.0",
     "debug": "4.3.4",
@@ -57,9 +57,9 @@
   },
   "devDependencies": {
     "@types/node": "16.18.10",
-    "@verdaccio/server": "workspace:6.0.0-6-next.44",
+    "@verdaccio/server": "workspace:6.0.0-6-next.46",
     "@verdaccio/types": "workspace:11.0.0-6-next.19",
-    "@verdaccio/test-helper": "workspace:2.0.0-6-next.6",
+    "@verdaccio/test-helper": "workspace:2.0.0-6-next.7",
     "supertest": "6.3.3",
     "nock": "13.2.9",
     "mockdate": "3.0.5"

packages/api/src/index.ts

@@ -42,7 +42,6 @@ export default function (config: Config, auth: Auth, storage: Storage): Router {
   // TODO: For some reason? what reason?
   app.param('_rev', match(/^-rev$/));
   app.param('org_couchdb_user', match(/^org\.couchdb\.user:/));
-  app.param('anything', match(/.*/));
   app.use(auth.apiJWTmiddleware());
   app.use(bodyParser.json({ strict: false, limit: config.max_body_size || '10mb' }));
   // @ts-ignore

packages/api/src/package.ts

@@ -58,13 +58,13 @@ export default function (route: Router, auth: Auth, storage: Storage): void {
   );
 
   route.get(
-    '/:pkg/-/:filename',
+    '/:package/-/:filename',
     can('access'),
     async function (req: $RequestExtend, res: $ResponseExtend, next): Promise<void> {
-      const { pkg, filename } = req.params;
+      const { package: pkgName, filename } = req.params;
       const abort = new AbortController();
       try {
-        const stream = (await storage.getTarballNext(pkg, filename, {
+        const stream = (await storage.getTarballNext(pkgName, filename, {
           signal: abort.signal,
           // TODO: review why this param
           // enableRemote: true,

packages/auth/CHANGELOG.md

@@ -1,5 +1,28 @@
 # @verdaccio/auth
 
+## 6.0.0-6-next.36
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.57
+- @verdaccio/config@6.0.0-6-next.57
+- @verdaccio/loaders@6.0.0-6-next.26
+- @verdaccio/logger@6.0.0-6-next.25
+- verdaccio-htpasswd@11.0.0-6-next.27
+- @verdaccio/utils@6.0.0-6-next.25
+
+## 6.0.0-6-next.35
+
+### Patch Changes
+
+- Updated dependencies [a1986e09]
+  - @verdaccio/utils@6.0.0-6-next.24
+  - @verdaccio/config@6.0.0-6-next.56
+  - @verdaccio/loaders@6.0.0-6-next.25
+  - verdaccio-htpasswd@11.0.0-6-next.26
+  - @verdaccio/core@6.0.0-6-next.56
+  - @verdaccio/logger@6.0.0-6-next.24
+
 ## 6.0.0-6-next.34
 
 ### Patch Changes

packages/auth/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/auth",
-  "version": "6.0.0-6-next.34",
+  "version": "6.0.0-6-next.36",
   "description": "logger",
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
@@ -39,16 +39,16 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.55",
-    "@verdaccio/config": "workspace:6.0.0-6-next.55",
-    "@verdaccio/loaders": "workspace:6.0.0-6-next.24",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.23",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.23",
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
+    "@verdaccio/config": "workspace:6.0.0-6-next.57",
+    "@verdaccio/loaders": "workspace:6.0.0-6-next.26",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.25",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.25",
     "debug": "4.3.4",
     "express": "4.18.2",
     "jsonwebtoken": "9.0.0",
     "lodash": "4.17.21",
-    "verdaccio-htpasswd": "workspace:11.0.0-6-next.25"
+    "verdaccio-htpasswd": "workspace:11.0.0-6-next.27"
   },
   "devDependencies": {
     "@verdaccio/types": "workspace:11.0.0-6-next.19"

packages/cli/CHANGELOG.md

@@ -1,5 +1,23 @@
 # @verdaccio/cli
 
+## 6.0.0-6-next.57
+
+### Patch Changes
+
+- @verdaccio/node-api@6.0.0-6-next.57
+- @verdaccio/core@6.0.0-6-next.57
+- @verdaccio/config@6.0.0-6-next.57
+- @verdaccio/logger@6.0.0-6-next.25
+
+## 6.0.0-6-next.56
+
+### Patch Changes
+
+- @verdaccio/config@6.0.0-6-next.56
+- @verdaccio/node-api@6.0.0-6-next.56
+- @verdaccio/core@6.0.0-6-next.56
+- @verdaccio/logger@6.0.0-6-next.24
+
 ## 6.0.0-6-next.55
 
 ### Patch Changes

packages/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/cli",
-  "version": "6.0.0-6-next.55",
+  "version": "6.0.0-6-next.57",
   "author": {
     "name": "Juan Picado",
     "email": "juanpicado19@gmail.com"
@@ -44,10 +44,10 @@
     "start": "ts-node src/index.ts"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.55",
-    "@verdaccio/config": "workspace:6.0.0-6-next.55",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.23",
-    "@verdaccio/node-api": "workspace:6.0.0-6-next.55",
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
+    "@verdaccio/config": "workspace:6.0.0-6-next.57",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.25",
+    "@verdaccio/node-api": "workspace:6.0.0-6-next.57",
     "clipanion": "3.1.0",
     "envinfo": "7.8.1",
     "kleur": "3.0.3",

packages/config/CHANGELOG.md

@@ -1,5 +1,20 @@
 # @verdaccio/config
 
+## 6.0.0-6-next.57
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.57
+- @verdaccio/utils@6.0.0-6-next.25
+
+## 6.0.0-6-next.56
+
+### Patch Changes
+
+- Updated dependencies [a1986e09]
+  - @verdaccio/utils@6.0.0-6-next.24
+  - @verdaccio/core@6.0.0-6-next.56
+
 ## 6.0.0-6-next.55
 
 ### Patch Changes

packages/config/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/config",
-  "version": "6.0.0-6-next.55",
+  "version": "6.0.0-6-next.57",
   "description": "logger",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -38,8 +38,8 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.55",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.23",
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.25",
     "debug": "4.3.4",
     "yaml": "2.2.0",
     "lodash": "4.17.21",

packages/core/core/CHANGELOG.md

@@ -1,5 +1,9 @@
 # @verdaccio/core
 
+## 6.0.0-6-next.57
+
+## 6.0.0-6-next.56
+
 ## 6.0.0-6-next.55
 
 ### Patch Changes

packages/core/core/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/core",
-  "version": "6.0.0-6-next.55",
+  "version": "6.0.0-6-next.57",
   "description": "core utilities",
   "keywords": [
     "private",

packages/core/tarball/CHANGELOG.md

@@ -1,5 +1,22 @@
 # Change Log
 
+## 11.0.0-6-next.26
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.57
+- @verdaccio/url@11.0.0-6-next.23
+- @verdaccio/utils@6.0.0-6-next.25
+
+## 11.0.0-6-next.25
+
+### Patch Changes
+
+- Updated dependencies [a1986e09]
+  - @verdaccio/utils@6.0.0-6-next.24
+  - @verdaccio/core@6.0.0-6-next.56
+  - @verdaccio/url@11.0.0-6-next.22
+
 ## 11.0.0-6-next.24
 
 ### Patch Changes

packages/core/tarball/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/tarball",
-  "version": "11.0.0-6-next.24",
+  "version": "11.0.0-6-next.26",
   "description": "tarball utilities resolver",
   "keywords": [
     "private",
@@ -34,9 +34,9 @@
   },
   "dependencies": {
     "debug": "4.3.4",
-    "@verdaccio/core": "workspace:6.0.0-6-next.55",
-    "@verdaccio/url": "workspace:11.0.0-6-next.21",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.23",
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
+    "@verdaccio/url": "workspace:11.0.0-6-next.23",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.25",
     "lodash": "4.17.21"
   },
   "devDependencies": {

packages/core/url/CHANGELOG.md

@@ -1,5 +1,17 @@
 # Change Log
 
+## 11.0.0-6-next.23
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.57
+
+## 11.0.0-6-next.22
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.56
+
 ## 11.0.0-6-next.21
 
 ### Patch Changes

packages/core/url/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/url",
-  "version": "11.0.0-6-next.21",
+  "version": "11.0.0-6-next.23",
   "description": "url utilities resolver",
   "keywords": [
     "private",
@@ -33,7 +33,7 @@
     "access": "public"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.55",
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
     "debug": "4.3.4",
     "lodash": "4.17.21",
     "validator": "13.7.0"

packages/hooks/CHANGELOG.md

@@ -1,5 +1,19 @@
 # @verdaccio/hooks
 
+## 6.0.0-6-next.27
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.57
+- @verdaccio/logger@6.0.0-6-next.25
+
+## 6.0.0-6-next.26
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.56
+- @verdaccio/logger@6.0.0-6-next.24
+
 ## 6.0.0-6-next.25
 
 ### Patch Changes

packages/hooks/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/hooks",
-  "version": "6.0.0-6-next.25",
+  "version": "6.0.0-6-next.27",
   "description": "loaders logic",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -29,8 +29,8 @@
     "node": ">=16"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.55",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.23",
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.25",
     "core-js": "3.27.0",
     "debug": "4.3.4",
     "handlebars": "4.7.7",
@@ -38,8 +38,8 @@
   },
   "devDependencies": {
     "@types/node": "16.18.10",
-    "@verdaccio/auth": "workspace:6.0.0-6-next.34",
-    "@verdaccio/config": "workspace:6.0.0-6-next.55",
+    "@verdaccio/auth": "workspace:6.0.0-6-next.36",
+    "@verdaccio/config": "workspace:6.0.0-6-next.57",
     "@verdaccio/types": "workspace:11.0.0-6-next.19"
   },
   "scripts": {

packages/loaders/CHANGELOG.md

@@ -1,5 +1,17 @@
 # @verdaccio/loaders
 
+## 6.0.0-6-next.26
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.25
+
+## 6.0.0-6-next.25
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.24
+
 ## 6.0.0-6-next.24
 
 ### Patch Changes

packages/loaders/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/loaders",
-  "version": "6.0.0-6-next.24",
+  "version": "6.0.0-6-next.26",
   "description": "loaders logic",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -13,13 +13,13 @@
     "url": "https://github.com/verdaccio/verdaccio"
   },
   "dependencies": {
-    "@verdaccio/logger": "workspace:6.0.0-6-next.23",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.25",
     "debug": "4.3.4",
     "lodash": "4.17.21"
   },
   "devDependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.55",
-    "@verdaccio/config": "workspace:6.0.0-6-next.55",
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
+    "@verdaccio/config": "workspace:6.0.0-6-next.57",
     "@verdaccio/types": "workspace:11.0.0-6-next.19",
     "@verdaccio-scope/verdaccio-auth-foo": "0.0.2",
     "verdaccio-auth-memory": "workspace:*",

packages/logger/CHANGELOG.md

@@ -1,5 +1,17 @@
 # @verdaccio/logger
 
+## 6.0.0-6-next.25
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.57
+
+## 6.0.0-6-next.24
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.56
+
 ## 6.0.0-6-next.23
 
 ### Patch Changes

packages/logger/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/logger",
-  "version": "6.0.0-6-next.23",
+  "version": "6.0.0-6-next.25",
   "description": "logger",
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
@@ -38,7 +38,7 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.55",
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
     "@verdaccio/logger-prettify": "workspace:6.0.0-6-next.8",
     "debug": "4.3.4",
     "colorette": "2.0.19",

packages/middleware/.babelrc

@@ -1,3 +1,14 @@
 {
-  "extends": "../../.babelrc"
+  "extends": "../../.babelrc",
+  "presets": [
+    [
+      "@babel/env",
+      {
+        "targets": {
+          "node": 12
+        }
+      }
+    ],
+    "@babel/typescript"
+  ]
 }

packages/middleware/CHANGELOG.md

@@ -1,5 +1,26 @@
 # @verdaccio/middleware
 
+## 6.0.0-6-next.36
+
+### Patch Changes
+
+- 9943e2b1: fix: extract logger from middleware
+  - @verdaccio/core@6.0.0-6-next.57
+  - @verdaccio/utils@6.0.0-6-next.25
+
+## 6.0.0-6-next.35
+
+### Minor Changes
+
+- a1986e09: feat: expose middleware utils
+
+### Patch Changes
+
+- Updated dependencies [a1986e09]
+  - @verdaccio/utils@6.0.0-6-next.24
+  - @verdaccio/core@6.0.0-6-next.56
+  - @verdaccio/logger@6.0.0-6-next.24
+
 ## 6.0.0-6-next.34
 
 ### Patch Changes

packages/middleware/jest.config.js

@@ -1,3 +1,12 @@
 const config = require('../../jest/config');
 
-module.exports = Object.assign({}, config, {});
+module.exports = Object.assign({}, config, {
+  coverageThreshold: {
+    global: {
+      lines: 67,
+      functions: 75,
+      branches: 56,
+      statements: 67,
+    },
+  },
+});

packages/middleware/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/middleware",
-  "version": "6.0.0-6-next.34",
+  "version": "6.0.0-6-next.36",
   "description": "loaders logic",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -26,8 +26,7 @@
     "verdaccio"
   ],
   "engines": {
-    "node": ">=14",
-    "npm": ">=6"
+    "node": ">=12"
   },
   "scripts": {
     "clean": "rimraf ./build",
@@ -35,19 +34,23 @@
     "build:types": "tsc --emitDeclarationOnly -p tsconfig.build.json",
     "build:js": "babel src/ --out-dir build/ --copy-files --extensions \".ts,.tsx\" --source-maps",
     "watch": "pnpm build:js -- --watch",
+    "test": "jest",
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.25",
     "debug": "4.3.4",
-    "body-parser": "1.20.1",
-    "@verdaccio/auth": "workspace:6.0.0-6-next.34",
-    "@verdaccio/core": "workspace:6.0.0-6-next.55",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.23",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.23",
-    "lodash": "4.17.21"
+    "lodash": "4.17.21",
+    "mime": "2.6.0"
   },
   "funding": {
     "type": "opencollective",
     "url": "https://opencollective.com/verdaccio"
+  },
+  "devDependencies": {
+    "@verdaccio/logger": "workspace:6.0.0-6-next.25",
+    "body-parser": "1.20.1",
+    "supertest": "6.3.3"
   }
 }

packages/middleware/src/index.ts

@@ -1 +1,17 @@
-export * from './middleware';
+export { match } from './middlewares/match';
+export { setSecurityWebHeaders } from './middlewares/security-headers';
+export { validateName, validatePackage } from './middlewares/validation';
+export { media } from './middlewares/media';
+export { encodeScopePackage } from './middlewares/encode-pkg';
+export { expectJson } from './middlewares/json';
+export { antiLoop } from './middlewares/antiLoop';
+export { final } from './middlewares/final';
+export { allow } from './middlewares/allow';
+export { errorReportingMiddleware, handleError } from './middlewares/error';
+export {
+  log,
+  LOG_STATUS_MESSAGE,
+  LOG_VERDACCIO_BYTES,
+  LOG_VERDACCIO_ERROR,
+} from './middlewares/log';
+export * from './types';

packages/middleware/src/middleware.ts

@@ -1,413 +0,0 @@
-import buildDebug from 'debug';
-import { NextFunction, Request, Response } from 'express';
-import { HttpError } from 'http-errors';
-import _ from 'lodash';
-
-import { Auth } from '@verdaccio/auth';
-import {
-  API_ERROR,
-  HEADERS,
-  HEADER_TYPE,
-  HTTP_STATUS,
-  TOKEN_BASIC,
-  TOKEN_BEARER,
-  VerdaccioError,
-  errorUtils,
-} from '@verdaccio/core';
-import { logger } from '@verdaccio/logger';
-import { Config, Logger, Package, RemoteUser } from '@verdaccio/types';
-import {
-  isObject,
-  stringToMD5,
-  validateName as utilValidateName,
-  validatePackage as utilValidatePackage,
-} from '@verdaccio/utils';
-
-import { getVersionFromTarball } from './middleware-utils';
-
-export type $RequestExtend = Request & { remote_user?: RemoteUser; log: Logger };
-export type $ResponseExtend = Response & { cookies?: any };
-export type $NextFunctionVer = NextFunction & any;
-
-const debug = buildDebug('verdaccio:middleware');
-
-export function match(regexp: RegExp): any {
-  return function (
-    req: $RequestExtend,
-    res: $ResponseExtend,
-    next: $NextFunctionVer,
-    value: string
-  ): void {
-    if (regexp.exec(value)) {
-      next();
-    } else {
-      next('route');
-    }
-  };
-}
-
-// TODO: remove, was relocated to web package
-// @ts-deprecated
-export function setSecurityWebHeaders(
-  req: $RequestExtend,
-  res: $ResponseExtend,
-  next: $NextFunctionVer
-): void {
-  // disable loading in frames (clickjacking, etc.)
-  res.header(HEADERS.FRAMES_OPTIONS, 'deny');
-  // avoid stablish connections outside of domain
-  res.header(HEADERS.CSP, "connect-src 'self'");
-  // https://stackoverflow.com/questions/18337630/what-is-x-content-type-options-nosniff
-  res.header(HEADERS.CTO, 'nosniff');
-  // https://stackoverflow.com/questions/9090577/what-is-the-http-header-x-xss-protection
-  res.header(HEADERS.XSS, '1; mode=block');
-  next();
-}
-
-export function validateName(
-  req: $RequestExtend,
-  res: $ResponseExtend,
-  next: $NextFunctionVer,
-  value: string,
-  name: string
-): void {
-  if (value === '-') {
-    // special case in couchdb usually
-    next('route');
-  } else if (utilValidateName(value)) {
-    next();
-  } else {
-    next(errorUtils.getForbidden('invalid ' + name));
-  }
-}
-
-export function validatePackage(
-  req: $RequestExtend,
-  res: $ResponseExtend,
-  next: $NextFunctionVer,
-  value: string,
-  name: string
-): void {
-  if (value === '-') {
-    // special case in couchdb usually
-    next('route');
-  } else if (utilValidatePackage(value)) {
-    next();
-  } else {
-    next(errorUtils.getForbidden('invalid ' + name));
-  }
-}
-
-export function media(expect: string | null): any {
-  return function (req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer): void {
-    if (req.headers[HEADER_TYPE.CONTENT_TYPE] !== expect) {
-      next(
-        errorUtils.getCode(
-          HTTP_STATUS.UNSUPPORTED_MEDIA,
-          'wrong content-type, expect: ' + expect + ', got: ' + req.get[HEADER_TYPE.CONTENT_TYPE]
-        )
-      );
-    } else {
-      next();
-    }
-  };
-}
-
-export function encodeScopePackage(
-  req: $RequestExtend,
-  res: $ResponseExtend,
-  next: $NextFunctionVer
-): void {
-  if (req.url.indexOf('@') !== -1) {
-    // e.g.: /@org/pkg/1.2.3 -> /@org%2Fpkg/1.2.3, /@org%2Fpkg/1.2.3 -> /@org%2Fpkg/1.2.3
-    req.url = req.url.replace(/^(\/@[^\/%]+)\/(?!$)/, '$1%2F');
-  }
-  next();
-}
-
-export function expectJson(
-  req: $RequestExtend,
-  res: $ResponseExtend,
-  next: $NextFunctionVer
-): void {
-  if (!isObject(req.body)) {
-    return next(errorUtils.getBadRequest("can't parse incoming json"));
-  }
-  next();
-}
-
-export function antiLoop(config: Config): Function {
-  return function (req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer): void {
-    if (req?.headers?.via != null) {
-      const arr = req.headers.via.split(',');
-
-      for (let i = 0; i < arr.length; i++) {
-        const m = arr[i].match(/\s*(\S+)\s+(\S+)/);
-        if (m && m[2] === config.server_id) {
-          return next(errorUtils.getCode(HTTP_STATUS.LOOP_DETECTED, 'loop detected'));
-        }
-      }
-    }
-    next();
-  };
-}
-
-export function allow(auth: Auth): Function {
-  return function (action: string): Function {
-    return function (req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer): void {
-      req.pause();
-      const packageName = req.params.scope
-        ? `@${req.params.scope}/${req.params.package}`
-        : req.params.package;
-      const packageVersion = req.params.filename
-        ? getVersionFromTarball(req.params.filename)
-        : undefined;
-      const remote = req.remote_user;
-      logger.trace(
-        { action, user: remote?.name },
-        `[middleware/allow][@{action}] allow for @{user}`
-      );
-      auth['allow_' + action](
-        { packageName, packageVersion },
-        remote,
-        function (error, allowed): void {
-          req.resume();
-          if (error) {
-            next(error);
-          } else if (allowed) {
-            next();
-          } else {
-            // last plugin (that's our built-in one) returns either
-            // cb(err) or cb(null, true), so this should never happen
-            throw errorUtils.getInternalError(API_ERROR.PLUGIN_ERROR);
-          }
-        }
-      );
-    };
-  };
-}
-
-export interface MiddlewareError {
-  error: string;
-}
-
-export type FinalBody = Package | MiddlewareError | string;
-
-export function final(
-  body: FinalBody,
-  req: $RequestExtend,
-  res: $ResponseExtend,
-  // if we remove `next` breaks test
-  // eslint-disable-next-line @typescript-eslint/no-unused-vars
-  next: $NextFunctionVer
-): void {
-  if (res.statusCode === HTTP_STATUS.UNAUTHORIZED && !res.getHeader(HEADERS.WWW_AUTH)) {
-    // they say it's required for 401, so...
-    res.header(HEADERS.WWW_AUTH, `${TOKEN_BASIC}, ${TOKEN_BEARER}`);
-  }
-
-  try {
-    if (_.isString(body) || _.isObject(body)) {
-      if (!res.getHeader(HEADERS.CONTENT_TYPE)) {
-        res.header(HEADERS.CONTENT_TYPE, HEADERS.JSON);
-      }
-
-      if (typeof body === 'object' && _.isNil(body) === false) {
-        if (typeof (body as MiddlewareError).error === 'string') {
-          res.locals._verdaccio_error = (body as MiddlewareError).error;
-          // res._verdaccio_error = (body as MiddlewareError).error;
-        }
-        body = JSON.stringify(body, undefined, '  ') + '\n';
-      }
-
-      // don't send etags with errors
-      if (
-        !res.statusCode ||
-        (res.statusCode >= HTTP_STATUS.OK && res.statusCode < HTTP_STATUS.MULTIPLE_CHOICES)
-      ) {
-        res.header(HEADERS.ETAG, '"' + stringToMD5(body as string) + '"');
-      }
-    } else {
-      // send(null), send(204), etc.
-    }
-  } catch (err: any) {
-    // if verdaccio sends headers first, and then calls res.send()
-    // as an error handler, we can't report error properly,
-    // and should just close socket
-    if (err.message.match(/set headers after they are sent/)) {
-      if (_.isNil(res.socket) === false) {
-        res.socket?.destroy();
-      }
-      return;
-    }
-    throw err;
-  }
-
-  res.send(body);
-}
-
-// FIXME: deprecated, moved to @verdaccio/dev-commons
-export const LOG_STATUS_MESSAGE =
-  "@{status}, user: @{user}(@{remoteIP}), req: '@{request.method} @{request.url}'";
-export const LOG_VERDACCIO_ERROR = `${LOG_STATUS_MESSAGE}, error: @{!error}`;
-export const LOG_VERDACCIO_BYTES = `${LOG_STATUS_MESSAGE}, bytes: @{bytes.in}/@{bytes.out}`;
-
-export function log(req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer): void {
-  // logger
-  req.log = logger.child({ sub: 'in' });
-
-  const _auth = req.headers.authorization;
-  if (_.isNil(_auth) === false) {
-    req.headers.authorization = '<Classified>';
-  }
-
-  const _cookie = req.get('cookie');
-  if (_.isNil(_cookie) === false) {
-    req.headers.cookie = '<Classified>';
-  }
-
-  req.url = req.originalUrl;
-  req.log.info({ req: req, ip: req.ip }, "@{ip} requested '@{req.method} @{req.url}'");
-  req.originalUrl = req.url;
-
-  if (_.isNil(_auth) === false) {
-    req.headers.authorization = _auth;
-  }
-
-  if (_.isNil(_cookie) === false) {
-    req.headers.cookie = _cookie;
-  }
-
-  let bytesin = 0;
-  req.on('data', function (chunk): void {
-    bytesin += chunk.length;
-  });
-
-  let bytesout = 0;
-  const _write = res.write;
-  // FIXME: res.write should return boolean
-  // @ts-ignore
-  res.write = function (buf): boolean {
-    bytesout += buf.length;
-    /* eslint prefer-rest-params: "off" */
-    // @ts-ignore
-    _write.apply(res, arguments);
-  };
-
-  const log = function (): void {
-    const forwardedFor = req.get('x-forwarded-for');
-    const remoteAddress = req.connection.remoteAddress;
-    const remoteIP = forwardedFor ? `${forwardedFor} via ${remoteAddress}` : remoteAddress;
-    let message;
-    if (res.locals._verdaccio_error) {
-      message = LOG_VERDACCIO_ERROR;
-    } else {
-      message = LOG_VERDACCIO_BYTES;
-    }
-
-    req.url = req.originalUrl;
-    req.log.http(
-      {
-        request: {
-          method: req.method,
-          url: req.url,
-        },
-        user: (req.remote_user && req.remote_user.name) || null,
-        remoteIP,
-        status: res.statusCode,
-        error: res.locals._verdaccio_error,
-        bytes: {
-          in: bytesin,
-          out: bytesout,
-        },
-      },
-      message
-    );
-    req.originalUrl = req.url;
-  };
-
-  req.on('close', function (): void {
-    log();
-  });
-
-  const _end = res.end;
-  // @ts-ignore
-  res.end = function (buf): void {
-    if (buf) {
-      bytesout += buf.length;
-    }
-    /* eslint prefer-rest-params: "off" */
-    // @ts-ignore
-    _end.apply(res, arguments);
-    log();
-  };
-  next();
-}
-
-export function handleError(
-  err: HttpError,
-  req: $RequestExtend,
-  res: $ResponseExtend,
-  next: $NextFunctionVer
-) {
-  debug('error handler init');
-  if (_.isError(err)) {
-    debug('is native error');
-    if (err.code === 'ECONNABORT' && res.statusCode === HTTP_STATUS.NOT_MODIFIED) {
-      return next();
-    }
-    if (_.isFunction(res.locals.report_error) === false) {
-      debug('is locals error report ref');
-      // in case of very early error this middleware may not be loaded before error is generated
-      // fixing that
-      errorReportingMiddleware(req, res, _.noop);
-    }
-    debug('set locals error report ref');
-    res.locals.report_error(err);
-  } else {
-    // Fall to Middleware.final
-    debug('no error to report, jump next layer');
-    return next(err);
-  }
-}
-
-// Middleware
-export function errorReportingMiddleware(
-  req: $RequestExtend,
-  res: $ResponseExtend,
-  next: $NextFunctionVer
-): void {
-  debug('error report middleware');
-  res.locals.report_error =
-    res.locals.report_error ||
-    function (err: VerdaccioError): void {
-      if (err.status && err.status >= HTTP_STATUS.BAD_REQUEST && err.status < 600) {
-        debug('is error > 409 %o', err?.status);
-        if (_.isNil(res.headersSent) === false) {
-          debug('send status %o', err?.status);
-          res.status(err.status);
-          debug('next layer %o', err?.message);
-          next({ error: err.message || API_ERROR.UNKNOWN_ERROR });
-        }
-      } else {
-        debug('is error < 409 %o', err?.status);
-        logger.error({ err: err }, 'unexpected error: @{!err.message}\n@{err.stack}');
-        if (!res.status || !res.send) {
-          // TODO: decide which debug keep
-          logger.error('this is an error in express.js, please report this');
-          debug('this is an error in express.js, please report this, destroy response %o', err);
-          res.destroy();
-        } else if (!res.headersSent) {
-          debug('report internal error %o', err);
-          res.status(HTTP_STATUS.INTERNAL_ERROR);
-          next({ error: API_ERROR.INTERNAL_SERVER_ERROR });
-        } else {
-          // socket should be already closed
-          debug('this should not happen, otherwise report %o', err);
-        }
-      }
-    };
-
-  debug('error report middleware next()');
-  next();
-}

packages/middleware/src/middlewares/allow.ts

@@ -0,0 +1,40 @@
+import { API_ERROR, errorUtils } from '@verdaccio/core';
+import { logger } from '@verdaccio/logger';
+import { getVersionFromTarball } from '@verdaccio/utils';
+
+import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types';
+
+export function allow<T>(auth: T): Function {
+  return function (action: string): Function {
+    return function (req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer): void {
+      req.pause();
+      const packageName = req.params.scope
+        ? `@${req.params.scope}/${req.params.package}`
+        : req.params.package;
+      const packageVersion = req.params.filename
+        ? getVersionFromTarball(req.params.filename)
+        : undefined;
+      const remote = req.remote_user;
+      logger.trace(
+        { action, user: remote?.name },
+        `[middleware/allow][@{action}] allow for @{user}`
+      );
+      auth['allow_' + action](
+        { packageName, packageVersion },
+        remote,
+        function (error, allowed): void {
+          req.resume();
+          if (error) {
+            next(error);
+          } else if (allowed) {
+            next();
+          } else {
+            // last plugin (that's our built-in one) returns either
+            // cb(err) or cb(null, true), so this should never happen
+            throw errorUtils.getInternalError(API_ERROR.PLUGIN_ERROR);
+          }
+        }
+      );
+    };
+  };
+}

packages/middleware/src/middlewares/antiLoop.ts

@@ -0,0 +1,30 @@
+import { HTTP_STATUS, errorUtils } from '@verdaccio/core';
+import { Config } from '@verdaccio/types';
+
+import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types';
+
+/**
+ * A middleware that avoid a registry points itself as proxy and avoid create infinite loops.
+ * @param config
+ * @returns
+ */
+export function antiLoop(config: Config): Function {
+  return function (req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer): void {
+    if (req?.headers?.via != null) {
+      const arr = req.get('via')?.split(',');
+      if (Array.isArray(arr)) {
+        for (let i = 0; i < arr.length; i++) {
+          // the "via" header must contains an specific headers, this has to be on sync
+          // with the proxy request
+          // match eg: Server 1 or Server 2
+          // TODO: improve this RegEX
+          const m = arr[i].trim().match(/\s*(\S+)\s+(\S+)/);
+          if (m && m[2] === config.server_id) {
+            return next(errorUtils.getCode(HTTP_STATUS.LOOP_DETECTED, 'loop detected'));
+          }
+        }
+      }
+    }
+    next();
+  };
+}

packages/middleware/src/middlewares/encode-pkg.ts

@@ -0,0 +1,19 @@
+import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types';
+
+/**
+ * Encode / in a scoped package name to be matched as a single parameter in routes
+ * @param req
+ * @param res
+ * @param next
+ */
+export function encodeScopePackage(
+  req: $RequestExtend,
+  res: $ResponseExtend,
+  next: $NextFunctionVer
+): void {
+  if (req.url.indexOf('@') !== -1) {
+    // e.g.: /@org/pkg/1.2.3 -> /@org%2Fpkg/1.2.3, /@org%2Fpkg/1.2.3 -> /@org%2Fpkg/1.2.3
+    req.url = req.url.replace(/^(\/@[^\/%]+)\/(?!$)/, '$1%2F');
+  }
+  next();
+}

packages/middleware/src/middlewares/error.ts

@@ -0,0 +1,79 @@
+import buildDebug from 'debug';
+import { HttpError } from 'http-errors';
+import _ from 'lodash';
+
+import { API_ERROR, HTTP_STATUS, VerdaccioError } from '@verdaccio/core';
+
+import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types';
+
+const debug = buildDebug('verdaccio:middleware:error');
+
+export const handleError = (logger) =>
+  function handleError(
+    err: HttpError,
+    req: $RequestExtend,
+    res: $ResponseExtend,
+    next: $NextFunctionVer
+  ) {
+    debug('error handler init');
+    if (_.isError(err)) {
+      debug('is native error');
+      if (err.code === 'ECONNABORT' && res.statusCode === HTTP_STATUS.NOT_MODIFIED) {
+        return next();
+      }
+      if (_.isFunction(res.locals.report_error) === false) {
+        debug('is locals error report ref');
+        // in case of very early error this middleware may not be loaded before error is generated
+        // fixing that
+        errorReportingMiddleware(logger)(req, res, _.noop);
+      }
+      debug('set locals error report ref');
+      res.locals.report_error(err);
+    } else {
+      // Fall to Middleware.final
+      debug('no error to report, jump next layer');
+      return next(err);
+    }
+  };
+
+// Middleware
+export const errorReportingMiddleware = (logger) =>
+  function errorReportingMiddleware(
+    req: $RequestExtend,
+    res: $ResponseExtend,
+    next: $NextFunctionVer
+  ): void {
+    debug('error report middleware');
+    res.locals.report_error =
+      res.locals.report_error ||
+      function (err: VerdaccioError): void {
+        if (err.status && err.status >= HTTP_STATUS.BAD_REQUEST && err.status < 600) {
+          debug('is error > 409 %o', err?.status);
+          if (_.isNil(res.headersSent) === false) {
+            debug('send status %o', err?.status);
+            res.status(err.status);
+            debug('next layer %o', err?.message);
+            next({ error: err.message || API_ERROR.UNKNOWN_ERROR });
+          }
+        } else {
+          debug('is error < 409 %o', err?.status);
+          logger.error({ err: err }, 'unexpected error: @{!err.message}\n@{err.stack}');
+          if (!res.status || !res.send) {
+            // TODO: decide which debug keep
+            logger.error('this is an error in express.js, please report this');
+            debug('this is an error in express.js, please report this, destroy response %o', err);
+            res.destroy();
+          } else if (!res.headersSent) {
+            debug('report internal error %o', err);
+            res.status(HTTP_STATUS.INTERNAL_ERROR);
+            next({ error: API_ERROR.INTERNAL_SERVER_ERROR });
+          } else {
+            // socket should be already closed
+            debug('this should not happen, otherwise report %o', err);
+          }
+        }
+      };
+
+    debug('error report middleware next()');
+    next();
+  };

packages/middleware/src/middlewares/final.ts

@@ -0,0 +1,60 @@
+import _ from 'lodash';
+
+import { HEADERS, HTTP_STATUS, TOKEN_BASIC, TOKEN_BEARER } from '@verdaccio/core';
+import { Manifest } from '@verdaccio/types';
+import { stringToMD5 } from '@verdaccio/utils';
+
+import { $NextFunctionVer, $RequestExtend, $ResponseExtend, MiddlewareError } from '../types';
+
+export type FinalBody = Manifest | MiddlewareError | string;
+
+export function final(
+  body: FinalBody,
+  req: $RequestExtend,
+  res: $ResponseExtend,
+  // if we remove `next` breaks test
+  // eslint-disable-next-line @typescript-eslint/no-unused-vars
+  next: $NextFunctionVer
+): void {
+  if (res.statusCode === HTTP_STATUS.UNAUTHORIZED && !res.getHeader(HEADERS.WWW_AUTH)) {
+    res.header(HEADERS.WWW_AUTH, `${TOKEN_BASIC}, ${TOKEN_BEARER}`);
+  }
+
+  try {
+    if (_.isString(body) || _.isObject(body)) {
+      if (!res.get(HEADERS.CONTENT_TYPE)) {
+        res.header(HEADERS.CONTENT_TYPE, HEADERS.JSON);
+      }
+
+      if (typeof body === 'object' && _.isNil(body) === false) {
+        if (typeof (body as MiddlewareError).error === 'string') {
+          res.locals._verdaccio_error = (body as MiddlewareError).error;
+        }
+        body = JSON.stringify(body, undefined, '  ') + '\n';
+      }
+
+      // don't send etags with errors
+      if (
+        !res.statusCode ||
+        (res.statusCode >= HTTP_STATUS.OK && res.statusCode < HTTP_STATUS.MULTIPLE_CHOICES)
+      ) {
+        res.header(HEADERS.ETAG, '"' + stringToMD5(body as string) + '"');
+      }
+    } else {
+      // send(null), send(204), etc.
+    }
+  } catch (err: any) {
+    // if verdaccio sends headers first, and then calls res.send()
+    // as an error handler, we can't report error properly,
+    // and should just close socket
+    if (err.message.match(/set headers after they are sent/)) {
+      if (_.isNil(res.socket) === false) {
+        res.socket?.destroy();
+      }
+      return;
+    }
+    throw err;
+  }
+
+  res.send(body);
+}

packages/middleware/src/middlewares/json.ts

@@ -0,0 +1,15 @@
+import { errorUtils } from '@verdaccio/core';
+import { isObject } from '@verdaccio/utils';
+
+import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types';
+
+export function expectJson(
+  req: $RequestExtend,
+  res: $ResponseExtend,
+  next: $NextFunctionVer
+): void {
+  if (!isObject(req.body)) {
+    return next(errorUtils.getBadRequest("can't parse incoming json"));
+  }
+  next();
+}

packages/middleware/src/middlewares/log.ts

@@ -0,0 +1,103 @@
+import _ from 'lodash';
+
+import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types';
+
+// FIXME: deprecated, moved to @verdaccio/dev-commons
+export const LOG_STATUS_MESSAGE =
+  "@{status}, user: @{user}(@{remoteIP}), req: '@{request.method} @{request.url}'";
+export const LOG_VERDACCIO_ERROR = `${LOG_STATUS_MESSAGE}, error: @{!error}`;
+export const LOG_VERDACCIO_BYTES = `${LOG_STATUS_MESSAGE}, bytes: @{bytes.in}/@{bytes.out}`;
+
+export const log = (logger) => {
+  return function log(req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer): void {
+    // logger
+    req.log = logger.child({ sub: 'in' });
+
+    const _auth = req.headers.authorization;
+    if (_.isNil(_auth) === false) {
+      req.headers.authorization = '<Classified>';
+    }
+
+    const _cookie = req.get('cookie');
+    if (_.isNil(_cookie) === false) {
+      req.headers.cookie = '<Classified>';
+    }
+
+    req.url = req.originalUrl;
+    req.log.info({ req: req, ip: req.ip }, "@{ip} requested '@{req.method} @{req.url}'");
+    req.originalUrl = req.url;
+
+    if (_.isNil(_auth) === false) {
+      req.headers.authorization = _auth;
+    }
+
+    if (_.isNil(_cookie) === false) {
+      req.headers.cookie = _cookie;
+    }
+
+    let bytesin = 0;
+    req.on('data', function (chunk): void {
+      bytesin += chunk.length;
+    });
+
+    let bytesout = 0;
+    const _write = res.write;
+    // FIXME: res.write should return boolean
+    // @ts-ignore
+    res.write = function (buf): boolean {
+      bytesout += buf.length;
+      /* eslint prefer-rest-params: "off" */
+      // @ts-ignore
+      _write.apply(res, arguments);
+    };
+
+    const log = function (): void {
+      const forwardedFor = req.get('x-forwarded-for');
+      const remoteAddress = req.connection.remoteAddress;
+      const remoteIP = forwardedFor ? `${forwardedFor} via ${remoteAddress}` : remoteAddress;
+      let message;
+      if (res.locals._verdaccio_error) {
+        message = LOG_VERDACCIO_ERROR;
+      } else {
+        message = LOG_VERDACCIO_BYTES;
+      }
+
+      req.url = req.originalUrl;
+      req.log.http(
+        {
+          request: {
+            method: req.method,
+            url: req.url,
+          },
+          user: req.remote_user?.name || null,
+          remoteIP,
+          status: res.statusCode,
+          error: res.locals._verdaccio_error,
+          bytes: {
+            in: bytesin,
+            out: bytesout,
+          },
+        },
+        message
+      );
+      req.originalUrl = req.url;
+    };
+
+    req.on('close', function (): void {
+      log();
+    });
+
+    const _end = res.end;
+    // @ts-ignore
+    res.end = function (buf): void {
+      if (buf) {
+        bytesout += buf.length;
+      }
+      /* eslint prefer-rest-params: "off" */
+      // @ts-ignore
+      _end.apply(res, arguments);
+      log();
+    };
+    next();
+  };
+};

packages/middleware/src/middlewares/match.ts

@@ -0,0 +1,16 @@
+import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types';
+
+export function match(regexp: RegExp): any {
+  return function (
+    req: $RequestExtend,
+    res: $ResponseExtend,
+    next: $NextFunctionVer,
+    value: string
+  ): void {
+    if (regexp.exec(value)) {
+      next();
+    } else {
+      next('route');
+    }
+  };
+}

packages/middleware/src/middlewares/media.ts

@@ -0,0 +1,18 @@
+import { HEADER_TYPE, HTTP_STATUS, errorUtils } from '@verdaccio/core';
+
+import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types';
+
+export function media(expect: string | null): any {
+  return function (req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer): void {
+    if (req.headers[HEADER_TYPE.CONTENT_TYPE] !== expect) {
+      next(
+        errorUtils.getCode(
+          HTTP_STATUS.UNSUPPORTED_MEDIA,
+          'wrong content-type, expect: ' + expect + ', got: ' + req.get[HEADER_TYPE.CONTENT_TYPE]
+        )
+      );
+    } else {
+      next();
+    }
+  };
+}

packages/middleware/src/middlewares/security-headers.ts

@@ -0,0 +1,21 @@
+import { HEADERS } from '@verdaccio/core';
+
+import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types';
+
+// TODO: remove, was relocated to web package
+// @ts-deprecated
+export function setSecurityWebHeaders(
+  req: $RequestExtend,
+  res: $ResponseExtend,
+  next: $NextFunctionVer
+): void {
+  // disable loading in frames (clickjacking, etc.)
+  res.header(HEADERS.FRAMES_OPTIONS, 'deny');
+  // avoid stablish connections outside of domain
+  res.header(HEADERS.CSP, "connect-src 'self'");
+  // https://stackoverflow.com/questions/18337630/what-is-x-content-type-options-nosniff
+  res.header(HEADERS.CTO, 'nosniff');
+  // https://stackoverflow.com/questions/9090577/what-is-the-http-header-x-xss-protection
+  res.header(HEADERS.XSS, '1; mode=block');
+  next();
+}

packages/middleware/src/middlewares/validation.ts

@@ -0,0 +1,41 @@
+import { errorUtils } from '@verdaccio/core';
+import {
+  validateName as utilValidateName,
+  validatePackage as utilValidatePackage,
+} from '@verdaccio/utils';
+
+import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types';
+
+export function validateName(
+  req: $RequestExtend,
+  res: $ResponseExtend,
+  next: $NextFunctionVer,
+  value: string,
+  name: string
+): void {
+  if (value === '-') {
+    // special case in couchdb usually
+    next('route');
+  } else if (utilValidateName(value)) {
+    next();
+  } else {
+    next(errorUtils.getForbidden('invalid ' + name));
+  }
+}
+
+export function validatePackage(
+  req: $RequestExtend,
+  res: $ResponseExtend,
+  next: $NextFunctionVer,
+  value: string,
+  name: string
+): void {
+  if (value === '-') {
+    // special case in couchdb usually
+    next('route');
+  } else if (utilValidatePackage(value)) {
+    next();
+  } else {
+    next(errorUtils.getForbidden('invalid ' + name));
+  }
+}

packages/middleware/src/types.ts

@@ -0,0 +1,11 @@
+import { NextFunction, Request, Response } from 'express';
+
+import { Logger, RemoteUser } from '@verdaccio/types';
+
+export type $RequestExtend = Request & { remote_user?: RemoteUser; log: Logger };
+export type $ResponseExtend = Response & { cookies?: any };
+export type $NextFunctionVer = NextFunction & any;
+
+export interface MiddlewareError {
+  error: string;
+}

packages/middleware/test/allow.spec.ts

@@ -0,0 +1,82 @@
+import request from 'supertest';
+
+import { HTTP_STATUS } from '@verdaccio/core';
+import { setup } from '@verdaccio/logger';
+
+import { allow } from '../src';
+import { getApp } from './helper';
+
+setup({});
+
+test('should allow request', async () => {
+  const can = allow({
+    allow_publish: (params, remove, cb) => {
+      return cb(null, true);
+    },
+  });
+  const app = getApp([]);
+  // @ts-ignore
+  app.get('/:package', can('publish'), (req, res) => {
+    res.status(HTTP_STATUS.OK).json({});
+  });
+
+  return request(app).get('/react').expect(HTTP_STATUS.OK);
+});
+
+test('should allow scope request', async () => {
+  const can = allow({
+    allow_publish: (params, remove, cb) => {
+      return cb(null, true);
+    },
+  });
+  const app = getApp([]);
+  // @ts-ignore
+  app.get('/:package/:scope', can('publish'), (req, res) => {
+    res.status(HTTP_STATUS.OK).json({});
+  });
+
+  return request(app).get('/@verdaccio/core').expect(HTTP_STATUS.OK);
+});
+
+test('should allow filename request', async () => {
+  const can = allow({
+    allow_publish: (params, remove, cb) => {
+      return cb(null, true);
+    },
+  });
+  const app = getApp([]);
+  // @ts-ignore
+  app.get('/:filename', can('publish'), (req, res) => {
+    res.status(HTTP_STATUS.OK).json({});
+  });
+
+  return request(app).get('/aaa-0.0.1.tgz').expect(HTTP_STATUS.OK);
+});
+
+test('should not allow request', async () => {
+  const can = allow({
+    allow_publish: (params, remove, cb) => {
+      return cb(null, false);
+    },
+  });
+  const app = getApp([]);
+  // @ts-ignore
+  app.get('/sec', can('publish'), (req, res) => {
+    res.status(HTTP_STATUS.OK).json({});
+  });
+
+  return request(app).get('/sec').expect(HTTP_STATUS.INTERNAL_ERROR);
+});
+
+test('should handle error request', async () => {
+  const can = allow({
+    allow_publish: (params, remove, cb) => {
+      return cb(Error('foo error'));
+    },
+  });
+  const app = getApp([]);
+  // @ts-ignore
+  app.get('/err', can('publish'));
+
+  return request(app).get('/err').expect(HTTP_STATUS.INTERNAL_ERROR);
+});

packages/middleware/test/encode.spec.ts

@@ -0,0 +1,21 @@
+import request from 'supertest';
+
+import { HTTP_STATUS } from '@verdaccio/core';
+
+import { encodeScopePackage } from '../src';
+import { getApp } from './helper';
+
+test('encode is json', async () => {
+  const app = getApp([]);
+  // @ts-ignore
+  app.use(encodeScopePackage);
+  // @ts-ignore
+  app.get('/:id', (req, res) => {
+    const { id } = req.params;
+    res.status(HTTP_STATUS.OK).json({ id });
+  });
+
+  const res = await request(app).get('/@scope/foo');
+  expect(res.body).toEqual({ id: '@scope/foo' });
+  expect(res.status).toEqual(HTTP_STATUS.OK);
+});

packages/middleware/test/final.spec.ts

@@ -0,0 +1,60 @@
+import bodyParser from 'body-parser';
+import express from 'express';
+import request from 'supertest';
+
+import { HEADERS, HTTP_STATUS } from '@verdaccio/core';
+
+import { final } from '../src';
+
+test('handle error as object', async () => {
+  const app = express();
+  app.use(bodyParser.json({ strict: false, limit: '10mb' }));
+  app.get('/401', (req, res, next) => {
+    res.status(HTTP_STATUS.UNAUTHORIZED);
+    next({ error: 'some error' });
+  });
+  // @ts-ignore
+  app.use(final);
+
+  const res = await request(app).get('/401');
+  expect(res.get(HEADERS.WWW_AUTH)).toEqual('Basic, Bearer');
+  expect(res.get(HEADERS.CONTENT_TYPE)).toEqual(HEADERS.JSON_CHARSET);
+  expect(res.get(HEADERS.ETAG)).toEqual('W/"1c-CP1UoQiM59AjHpEk0334sfSp1kc"');
+  expect(res.body).toEqual({ error: 'some error' });
+});
+
+test('handle error as string', async () => {
+  const app = express();
+  app.use(bodyParser.json({ strict: false, limit: '10mb' }));
+  app.get('/200', (req, res, next) => {
+    res.status(HTTP_STATUS.OK);
+    // error as json string
+    next(JSON.stringify({ error: 'some error' }));
+  });
+  // @ts-ignore
+  app.use(final);
+
+  const res = await request(app).get('/200');
+  expect(res.get(HEADERS.WWW_AUTH)).not.toBeDefined();
+  expect(res.get(HEADERS.CONTENT_TYPE)).toEqual(HEADERS.JSON_CHARSET);
+  expect(res.get(HEADERS.ETAG)).toEqual('"3f3a7b9afa23269e16685af6e707d109"');
+  expect(res.body).toEqual({ error: 'some error' });
+});
+
+test('handle error as unknown string no parsable', async () => {
+  const app = express();
+  app.use(bodyParser.json({ strict: false, limit: '10mb' }));
+  app.get('/200', (req, res) => {
+    res.status(HTTP_STATUS.OK);
+    // error as json string
+    throw Error('uknonwn');
+  });
+  // @ts-ignore
+  app.use(final);
+
+  const res = await request(app).get('/200');
+  expect(res.get(HEADERS.WWW_AUTH)).not.toBeDefined();
+  expect(res.get(HEADERS.CONTENT_TYPE)).toEqual(HEADERS.JSON_CHARSET);
+  expect(res.get(HEADERS.ETAG)).toEqual('"8a80554c91d9fca8acb82f023de02f11"');
+  expect(res.body).toEqual({});
+});

packages/middleware/test/helper.ts

@@ -0,0 +1,14 @@
+import express from 'express';
+
+export const getApp = (middlewares = []) => {
+  const app = express();
+  middlewares.map((middleware) => {
+    app.use(middleware);
+  });
+
+  // app.get('/', function (req, res) {
+  //   res.status(200).json({ name: 'pkg' });
+  // });
+
+  return app;
+};

packages/middleware/test/json.spec.ts

@@ -0,0 +1,32 @@
+import bodyParser from 'body-parser';
+import request from 'supertest';
+
+import { HEADERS, HTTP_STATUS } from '@verdaccio/core';
+
+import { expectJson } from '../src';
+import { getApp } from './helper';
+
+test('body is json', async () => {
+  const app = getApp([]);
+  app.use(bodyParser.json({ strict: false, limit: '10mb' }));
+  // @ts-ignore
+  app.put('/json', expectJson, (req, res) => {
+    res.status(HTTP_STATUS.OK).json({});
+  });
+
+  return request(app)
+    .put('/json')
+    .send({ name: 'john' })
+    .set(HEADERS.CONTENT_TYPE, 'application/json')
+    .expect(HTTP_STATUS.OK);
+});
+
+test('body is not json', async () => {
+  const app = getApp([]);
+  // @ts-ignore
+  app.put('/json', expectJson, (req, res) => {
+    res.status(HTTP_STATUS.OK).json({});
+  });
+
+  return request(app).put('/json').send('test=4').expect(HTTP_STATUS.BAD_REQUEST);
+});

packages/middleware/test/log.spec.ts

@@ -0,0 +1,28 @@
+import path from 'path';
+import request from 'supertest';
+
+import { HTTP_STATUS } from '@verdaccio/core';
+import { logger, setup } from '@verdaccio/logger';
+
+import { log } from '../src';
+import { getApp } from './helper';
+
+setup({
+  type: 'file',
+  path: path.join(__dirname, './verdaccio.log'),
+  level: 'trace',
+  format: 'json',
+});
+
+test('should log request', async () => {
+  const app = getApp([]);
+  // @ts-ignore
+  app.use(log(logger));
+  // @ts-ignore
+  app.get('/:package', (req, res) => {
+    res.status(HTTP_STATUS.OK).json({});
+  });
+
+  // TODO: pending output
+  return request(app).get('/react').expect(HTTP_STATUS.OK);
+});

packages/middleware/test/loop.spec.ts

@@ -0,0 +1,31 @@
+import request from 'supertest';
+
+import { HTTP_STATUS } from '@verdaccio/core';
+
+import { antiLoop } from '../src';
+import { getApp } from './helper';
+
+test('should not be a loop', async () => {
+  const app = getApp([]);
+  // @ts-ignore
+  app.use(antiLoop({ server_id: '1' }));
+  app.get('/sec', (req, res) => {
+    res.status(HTTP_STATUS.OK).json({});
+  });
+
+  return request(app).get('/sec').set('via', 'Server 2').expect(HTTP_STATUS.OK);
+});
+
+test('should be a loop', async () => {
+  const app = getApp([]);
+  // @ts-ignore
+  app.use(antiLoop({ server_id: '1' }));
+  app.get('/sec', (req, res) => {
+    res.status(HTTP_STATUS.OK).json({});
+  });
+
+  return request(app)
+    .get('/sec')
+    .set('via', 'Server 1, Server 2')
+    .expect(HTTP_STATUS.LOOP_DETECTED);
+});

packages/middleware/test/media.spec.ts

@@ -0,0 +1,33 @@
+import mime from 'mime';
+import request from 'supertest';
+
+import { HEADERS, HTTP_STATUS } from '@verdaccio/core';
+
+import { media } from '../src';
+import { getApp } from './helper';
+
+test('media is json', async () => {
+  const app = getApp([]);
+  app.get('/json', media(mime.getType('json')), (req, res) => {
+    res.status(200).json();
+  });
+
+  return request(app)
+    .get('/json')
+    .set(HEADERS.CONTENT_TYPE, 'application/json')
+    .expect('Content-Type', /json/)
+    .expect(200);
+});
+
+test('media is not json', async () => {
+  const app = getApp([]);
+  app.get('/json', media(mime.getType('json')), (req, res) => {
+    res.status(HTTP_STATUS.OK).json({});
+  });
+
+  return request(app)
+    .get('/json')
+    .set(HEADERS.CONTENT_TYPE, 'text/html; charset=utf-8')
+    .expect('Content-Type', /html/)
+    .expect(HTTP_STATUS.UNSUPPORTED_MEDIA);
+});

packages/middleware/test/params.spec.ts

@@ -0,0 +1,83 @@
+import request from 'supertest';
+
+import { HTTP_STATUS } from '@verdaccio/core';
+
+import { match, validateName, validatePackage } from '../src';
+import { getApp } from './helper';
+
+describe('validate params', () => {
+  test('should validate package name', async () => {
+    const app = getApp([]);
+    // @ts-ignore
+    app.param('package', validatePackage);
+    app.get('/pkg/:package', (req, res) => {
+      res.status(HTTP_STATUS.OK).json({});
+    });
+
+    return request(app).get('/pkg/react').expect(HTTP_STATUS.OK);
+  });
+
+  test('should fails validate package name', async () => {
+    const app = getApp([]);
+    // @ts-ignore
+    app.param('package', validatePackage);
+    app.get('/pkg/:package', (req, res) => {
+      res.status(HTTP_STATUS.OK).json({});
+    });
+
+    return request(app).get('/pkg/node_modules').expect(HTTP_STATUS.FORBIDDEN);
+  });
+
+  test('should fails file name package name', async () => {
+    const app = getApp([]);
+    // @ts-ignore
+    app.param('filename', validateName);
+    app.get('/file/:filename', (req, res) => {
+      res.status(HTTP_STATUS.OK).json({});
+    });
+
+    return request(app).get('/file/__proto__').expect(HTTP_STATUS.FORBIDDEN);
+  });
+
+  test('should validate file name package name', async () => {
+    const app = getApp([]);
+    // @ts-ignore
+    app.param('filename', validateName);
+    app.get('/file/:filename', (req, res) => {
+      res.status(HTTP_STATUS.OK).json({});
+    });
+
+    return request(app).get('/file/react.tar.gz').expect(HTTP_STATUS.OK);
+  });
+});
+
+describe('match', () => {
+  test('should not match middleware', async () => {
+    const app = getApp([]);
+    app.param('_rev', match(/^-rev$/));
+    app.param('org_couchdb_user', match(/^org\.couchdb\.user:/));
+    app.get('/-/user/:org_couchdb_user', (req, res) => {
+      res.status(HTTP_STATUS.OK).json({});
+    });
+
+    app.use((res: any) => {
+      res.status(HTTP_STATUS.INTERNAL_ERROR);
+    });
+
+    return request(app).get('/-/user/test').expect(HTTP_STATUS.INTERNAL_ERROR);
+  });
+
+  test('should match middleware', async () => {
+    const app = getApp([]);
+    app.param('_rev', match(/^-rev$/));
+    app.get('/-/user/:_rev?', (req, res) => {
+      res.status(HTTP_STATUS.OK).json({});
+    });
+
+    app.use((res: any) => {
+      res.status(HTTP_STATUS.INTERNAL_ERROR);
+    });
+
+    return request(app).get('/-/user/-rev').expect(HTTP_STATUS.OK);
+  });
+});

packages/middleware/test/security.spec.ts

@@ -0,0 +1,54 @@
+import request from 'supertest';
+
+import { HEADERS, HTTP_STATUS } from '@verdaccio/core';
+
+import { setSecurityWebHeaders } from '../src';
+import { getApp } from './helper';
+
+test('should get frame options', async () => {
+  const app = getApp([]);
+  // @ts-ignore
+  app.use(setSecurityWebHeaders);
+  app.get('/sec', (req, res) => {
+    res.status(HTTP_STATUS.OK).json({});
+  });
+
+  const res = await request(app).get('/sec').expect(HTTP_STATUS.OK);
+  expect(res.get(HEADERS.FRAMES_OPTIONS)).toEqual('deny');
+});
+
+test('should get csp options', async () => {
+  const app = getApp([]);
+  // @ts-ignore
+  app.use(setSecurityWebHeaders);
+  app.get('/sec', (req, res) => {
+    res.status(HTTP_STATUS.OK).json({});
+  });
+
+  const res = await request(app).get('/sec').expect(HTTP_STATUS.OK);
+  expect(res.get(HEADERS.CSP)).toEqual("connect-src 'self'");
+});
+
+test('should get cto', async () => {
+  const app = getApp([]);
+  // @ts-ignore
+  app.use(setSecurityWebHeaders);
+  app.get('/sec', (req, res) => {
+    res.status(HTTP_STATUS.OK).json({});
+  });
+
+  const res = await request(app).get('/sec').expect(HTTP_STATUS.OK);
+  expect(res.get(HEADERS.CTO)).toEqual('nosniff');
+});
+
+test('should get xss', async () => {
+  const app = getApp([]);
+  // @ts-ignore
+  app.use(setSecurityWebHeaders);
+  app.get('/sec', (req, res) => {
+    res.status(HTTP_STATUS.OK).json({});
+  });
+
+  const res = await request(app).get('/sec').expect(HTTP_STATUS.OK);
+  expect(res.get(HEADERS.XSS)).toEqual('1; mode=block');
+});

packages/node-api/CHANGELOG.md

@@ -1,5 +1,26 @@
 # @verdaccio/node-api
 
+## 6.0.0-6-next.57
+
+### Patch Changes
+
+- Updated dependencies [9943e2b1]
+  - @verdaccio/server@6.0.0-6-next.46
+  - @verdaccio/core@6.0.0-6-next.57
+  - @verdaccio/config@6.0.0-6-next.57
+  - @verdaccio/logger@6.0.0-6-next.25
+  - @verdaccio/server-fastify@6.0.0-6-next.38
+
+## 6.0.0-6-next.56
+
+### Patch Changes
+
+- @verdaccio/server@6.0.0-6-next.45
+- @verdaccio/config@6.0.0-6-next.56
+- @verdaccio/server-fastify@6.0.0-6-next.37
+- @verdaccio/core@6.0.0-6-next.56
+- @verdaccio/logger@6.0.0-6-next.24
+
 ## 6.0.0-6-next.55
 
 ### Patch Changes

packages/node-api/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/node-api",
-  "version": "6.0.0-6-next.55",
+  "version": "6.0.0-6-next.57",
   "description": "node API",
   "main": "build/index.js",
   "types": "build/index.d.ts",
@@ -39,11 +39,11 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.55",
-    "@verdaccio/config": "workspace:6.0.0-6-next.55",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.23",
-    "@verdaccio/server": "workspace:6.0.0-6-next.44",
-    "@verdaccio/server-fastify": "workspace:6.0.0-6-next.36",
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
+    "@verdaccio/config": "workspace:6.0.0-6-next.57",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.25",
+    "@verdaccio/server": "workspace:6.0.0-6-next.46",
+    "@verdaccio/server-fastify": "workspace:6.0.0-6-next.38",
     "core-js": "3.27.0",
     "debug": "4.3.4",
     "lodash": "4.17.21"

packages/plugins/audit/CHANGELOG.md

@@ -1,5 +1,21 @@
 # Change Log
 
+## 11.0.0-6-next.20
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.57
+- @verdaccio/config@6.0.0-6-next.57
+- @verdaccio/logger@6.0.0-6-next.25
+
+## 11.0.0-6-next.19
+
+### Patch Changes
+
+- @verdaccio/config@6.0.0-6-next.56
+- @verdaccio/core@6.0.0-6-next.56
+- @verdaccio/logger@6.0.0-6-next.24
+
 ## 11.0.0-6-next.18
 
 ### Patch Changes

packages/plugins/audit/package.json

@@ -1,6 +1,6 @@
 {
   "name": "verdaccio-audit",
-  "version": "11.0.0-6-next.18",
+  "version": "11.0.0-6-next.20",
   "description": "Verdaccio Middleware plugin to bypass npmjs audit",
   "keywords": [
     "private",
@@ -31,9 +31,9 @@
     "npm": ">=6"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.55",
-    "@verdaccio/config": "workspace:6.0.0-6-next.55",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.23",
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
+    "@verdaccio/config": "workspace:6.0.0-6-next.57",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.25",
     "express": "4.18.2",
     "body-parser": "1.20.1",
     "https-proxy-agent": "5.0.1",
@@ -41,7 +41,7 @@
   },
   "devDependencies": {
     "@verdaccio/types": "workspace:11.0.0-6-next.19",
-    "@verdaccio/auth": "workspace:6.0.0-6-next.34",
+    "@verdaccio/auth": "workspace:6.0.0-6-next.36",
     "nock": "13.2.9",
     "supertest": "6.3.3"
   },

packages/plugins/auth-memory/CHANGELOG.md

@@ -1,5 +1,17 @@
 # Change Log
 
+## 11.0.0-6-next.22
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.57
+
+## 11.0.0-6-next.21
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.56
+
 ## 11.0.0-6-next.20
 
 ### Patch Changes

packages/plugins/auth-memory/package.json

@@ -1,6 +1,6 @@
 {
   "name": "verdaccio-auth-memory",
-  "version": "11.0.0-6-next.20",
+  "version": "11.0.0-6-next.22",
   "description": "Auth plugin for Verdaccio that keeps users in memory",
   "keywords": [
     "private",
@@ -32,10 +32,10 @@
   },
   "dependencies": {
     "debug": "4.3.4",
-    "@verdaccio/core": "workspace:6.0.0-6-next.55"
+    "@verdaccio/core": "workspace:6.0.0-6-next.57"
   },
   "devDependencies": {
-    "@verdaccio/config": "workspace:6.0.0-6-next.55",
+    "@verdaccio/config": "workspace:6.0.0-6-next.57",
     "@verdaccio/types": "workspace:11.0.0-6-next.19"
   },
   "scripts": {

packages/plugins/htpasswd/CHANGELOG.md

@@ -1,5 +1,17 @@
 # Change Log
 
+## 11.0.0-6-next.27
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.57
+
+## 11.0.0-6-next.26
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.56
+
 ## 11.0.0-6-next.25
 
 ### Patch Changes

packages/plugins/htpasswd/package.json

@@ -1,6 +1,6 @@
 {
   "name": "verdaccio-htpasswd",
-  "version": "11.0.0-6-next.25",
+  "version": "11.0.0-6-next.27",
   "description": "htpasswd auth plugin for Verdaccio",
   "keywords": [
     "private",
@@ -34,7 +34,7 @@
     "npm": ">=6"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.55",
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
     "@verdaccio/file-locking": "workspace:11.0.0-6-next.7",
     "apache-md5": "1.1.8",
     "bcryptjs": "2.4.3",
@@ -46,8 +46,8 @@
   "devDependencies": {
     "@types/bcryptjs": "2.4.2",
     "@verdaccio/types": "workspace:11.0.0-6-next.19",
-    "@verdaccio/config": "workspace:6.0.0-6-next.55",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.23",
+    "@verdaccio/config": "workspace:6.0.0-6-next.57",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.25",
     "mockdate": "3.0.5"
   },
   "scripts": {

packages/plugins/local-storage/CHANGELOG.md

@@ -1,5 +1,20 @@
 # Change Log
 
+## 11.0.0-6-next.27
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.57
+- @verdaccio/utils@6.0.0-6-next.25
+
+## 11.0.0-6-next.26
+
+### Patch Changes
+
+- Updated dependencies [a1986e09]
+  - @verdaccio/utils@6.0.0-6-next.24
+  - @verdaccio/core@6.0.0-6-next.56
+
 ## 11.0.0-6-next.25
 
 ### Patch Changes

packages/plugins/local-storage/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/local-storage",
-  "version": "11.0.0-6-next.25",
+  "version": "11.0.0-6-next.27",
   "description": "Local storage implementation",
   "keywords": [
     "private",
@@ -37,9 +37,9 @@
     "npm": ">=7"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.55",
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
     "@verdaccio/file-locking": "workspace:11.0.0-6-next.7",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.23",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.25",
     "core-js": "3.27.0",
     "debug": "4.3.4",
     "globby": "11.1.0",
@@ -52,9 +52,9 @@
   "devDependencies": {
     "@types/minimatch": "3.0.5",
     "@verdaccio/types": "workspace:11.0.0-6-next.19",
-    "@verdaccio/config": "workspace:6.0.0-6-next.55",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.23",
-    "@verdaccio/test-helper": "workspace:2.0.0-6-next.6",
+    "@verdaccio/config": "workspace:6.0.0-6-next.57",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.25",
+    "@verdaccio/test-helper": "workspace:2.0.0-6-next.7",
     "minimatch": "3.1.2"
   },
   "scripts": {

packages/plugins/memory/CHANGELOG.md

@@ -1,5 +1,17 @@
 # Change Log
 
+## 11.0.0-6-next.24
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.57
+
+## 11.0.0-6-next.23
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.56
+
 ## 11.0.0-6-next.22
 
 ### Patch Changes

packages/plugins/memory/package.json

@@ -1,6 +1,6 @@
 {
   "name": "verdaccio-memory",
-  "version": "11.0.0-6-next.22",
+  "version": "11.0.0-6-next.24",
   "description": "Storage implementation in memory",
   "keywords": [
     "private",
@@ -31,15 +31,15 @@
     "npm": ">=6"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.55",
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
     "memory-fs": "0.5.0",
     "debug": "4.3.4",
     "memfs": "3.4.12"
   },
   "devDependencies": {
     "@verdaccio/types": "workspace:11.0.0-6-next.19",
-    "@verdaccio/config": "workspace:6.0.0-6-next.55",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.23"
+    "@verdaccio/config": "workspace:6.0.0-6-next.57",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.25"
   },
   "scripts": {
     "clean": "rimraf ./build",

packages/plugins/ui-theme/CHANGELOG.md

@@ -1,5 +1,9 @@
 # @verdaccio/ui-theme
 
+## 6.0.0-6-next.57
+
+## 6.0.0-6-next.56
+
 ## 6.0.0-6-next.55
 
 ## 6.0.0-6-next.54

packages/plugins/ui-theme/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/ui-theme",
-  "version": "6.0.0-6-next.55",
+  "version": "6.0.0-6-next.57",
   "description": "Verdaccio User Interface",
   "author": {
     "name": "Verdaccio Contributors",
@@ -27,7 +27,7 @@
     "@testing-library/dom": "8.19.1",
     "@testing-library/jest-dom": "5.16.5",
     "@testing-library/react": "13.4.0",
-    "@verdaccio/node-api": "workspace:6.0.0-6-next.55",
+    "@verdaccio/node-api": "workspace:6.0.0-6-next.57",
     "@verdaccio/ui-components": "workspace:2.0.0-6-next.2",
     "@verdaccio/types": "workspace:*",
     "normalize.css": "8.0.1",
@@ -73,7 +73,7 @@
     "remark-gfm": "3.0.1",
     "rimraf": "3.0.2",
     "style-loader": "3.3.1",
-    "stylelint": "14.16.0",
+    "stylelint": "14.16.1",
     "stylelint-config-recommended": "7.0.0",
     "stylelint-config-styled-components": "0.1.1",
     "stylelint-processor-styled-components": "1.10.0",

packages/plugins/ui-theme/src/components/Contributors/generated_contributors_list.json

@@ -947,6 +947,10 @@
     "username": "stephanebachelier",
     "id": 172615
   },
+  {
+    "username": "TLDMain",
+    "id": 119927819
+  },
   {
     "username": "tarun1793",
     "id": 1783440

packages/proxy/CHANGELOG.md

@@ -1,5 +1,26 @@
 # @verdaccio/proxy
 
+## 6.0.0-6-next.35
+
+### Patch Changes
+
+- @verdaccio/local-storage@11.0.0-6-next.27
+- @verdaccio/core@6.0.0-6-next.57
+- @verdaccio/config@6.0.0-6-next.57
+- @verdaccio/logger@6.0.0-6-next.25
+- @verdaccio/utils@6.0.0-6-next.25
+
+## 6.0.0-6-next.34
+
+### Patch Changes
+
+- Updated dependencies [a1986e09]
+  - @verdaccio/utils@6.0.0-6-next.24
+  - @verdaccio/config@6.0.0-6-next.56
+  - @verdaccio/local-storage@11.0.0-6-next.26
+  - @verdaccio/core@6.0.0-6-next.56
+  - @verdaccio/logger@6.0.0-6-next.24
+
 ## 6.0.0-6-next.33
 
 ### Patch Changes

packages/proxy/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/proxy",
-  "version": "6.0.0-6-next.33",
+  "version": "6.0.0-6-next.35",
   "description": "verdaccio proxy fetcher",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -39,11 +39,11 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/config": "workspace:6.0.0-6-next.55",
-    "@verdaccio/core": "workspace:6.0.0-6-next.55",
-    "@verdaccio/local-storage": "workspace:11.0.0-6-next.25",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.23",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.23",
+    "@verdaccio/config": "workspace:6.0.0-6-next.57",
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
+    "@verdaccio/local-storage": "workspace:11.0.0-6-next.27",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.25",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.25",
     "JSONStream": "1.3.5",
     "debug": "4.3.4",
     "lodash": "4.17.21",

packages/server/express/CHANGELOG.md

@@ -1,5 +1,40 @@
 # @verdaccio/server
 
+## 6.0.0-6-next.46
+
+### Patch Changes
+
+- 9943e2b1: fix: extract logger from middleware
+- Updated dependencies [9943e2b1]
+  - @verdaccio/middleware@6.0.0-6-next.36
+  - @verdaccio/api@6.0.0-6-next.40
+  - @verdaccio/web@6.0.0-6-next.44
+  - @verdaccio/store@6.0.0-6-next.37
+  - @verdaccio/core@6.0.0-6-next.57
+  - @verdaccio/config@6.0.0-6-next.57
+  - @verdaccio/auth@6.0.0-6-next.36
+  - @verdaccio/loaders@6.0.0-6-next.26
+  - @verdaccio/logger@6.0.0-6-next.25
+  - verdaccio-audit@11.0.0-6-next.20
+  - @verdaccio/utils@6.0.0-6-next.25
+
+## 6.0.0-6-next.45
+
+### Patch Changes
+
+- Updated dependencies [a1986e09]
+  - @verdaccio/api@6.0.0-6-next.39
+  - @verdaccio/middleware@6.0.0-6-next.35
+  - @verdaccio/utils@6.0.0-6-next.24
+  - @verdaccio/web@6.0.0-6-next.43
+  - @verdaccio/auth@6.0.0-6-next.35
+  - @verdaccio/config@6.0.0-6-next.56
+  - @verdaccio/store@6.0.0-6-next.36
+  - verdaccio-audit@11.0.0-6-next.19
+  - @verdaccio/loaders@6.0.0-6-next.25
+  - @verdaccio/core@6.0.0-6-next.56
+  - @verdaccio/logger@6.0.0-6-next.24
+
 ## 6.0.0-6-next.44
 
 ### Patch Changes

packages/server/express/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/server",
-  "version": "6.0.0-6-next.44",
+  "version": "6.0.0-6-next.46",
   "description": "server logic",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -30,17 +30,17 @@
     "npm": ">=6"
   },
   "dependencies": {
-    "@verdaccio/api": "workspace:6.0.0-6-next.38",
-    "@verdaccio/auth": "workspace:6.0.0-6-next.34",
-    "@verdaccio/core": "workspace:6.0.0-6-next.55",
-    "@verdaccio/config": "workspace:6.0.0-6-next.55",
-    "@verdaccio/loaders": "workspace:6.0.0-6-next.24",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.23",
-    "@verdaccio/middleware": "workspace:6.0.0-6-next.34",
-    "@verdaccio/store": "workspace:6.0.0-6-next.35",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.23",
-    "@verdaccio/web": "workspace:6.0.0-6-next.42",
-    "verdaccio-audit": "workspace:11.0.0-6-next.18",
+    "@verdaccio/api": "workspace:6.0.0-6-next.40",
+    "@verdaccio/auth": "workspace:6.0.0-6-next.36",
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
+    "@verdaccio/config": "workspace:6.0.0-6-next.57",
+    "@verdaccio/loaders": "workspace:6.0.0-6-next.26",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.25",
+    "@verdaccio/middleware": "workspace:6.0.0-6-next.36",
+    "@verdaccio/store": "workspace:6.0.0-6-next.37",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.25",
+    "@verdaccio/web": "workspace:6.0.0-6-next.44",
+    "verdaccio-audit": "workspace:11.0.0-6-next.20",
     "compression": "1.7.4",
     "cors": "2.8.5",
     "debug": "4.3.4",
@@ -50,8 +50,8 @@
   },
   "devDependencies": {
     "@types/node": "16.18.10",
-    "@verdaccio/proxy": "workspace:6.0.0-6-next.33",
-    "@verdaccio/test-helper": "workspace:2.0.0-6-next.6",
+    "@verdaccio/proxy": "workspace:6.0.0-6-next.35",
+    "@verdaccio/test-helper": "workspace:2.0.0-6-next.7",
     "http-errors": "1.8.1"
   },
   "scripts": {

packages/server/express/src/server.ts

@@ -36,9 +36,11 @@ const defineAPI = async function (config: IConfig, storage: Storage): Promise<an
   app.use(cors());
   app.use(limiter);
 
+  const errorReportingMiddlewareWrap = errorReportingMiddleware(logger);
+
   // Router setup
-  app.use(log);
-  app.use(errorReportingMiddleware);
+  app.use(log(logger));
+  app.use(errorReportingMiddlewareWrap);
   app.use(function (req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer): void {
     res.setHeader('x-powered-by', getUserAgent(config.user_agent));
     next();
@@ -111,7 +113,7 @@ const defineAPI = async function (config: IConfig, storage: Storage): Promise<an
       if (_.isFunction(res.locals.report_error) === false) {
         // in case of very early error this middleware may not be loaded before error is generated
         // fixing that
-        errorReportingMiddleware(req, res, _.noop);
+        errorReportingMiddlewareWrap(req, res, _.noop);
       }
       res.locals.report_error(err);
     } else {

packages/server/fastify/CHANGELOG.md

@@ -1,5 +1,30 @@
 # @verdaccio/server-fastify
 
+## 6.0.0-6-next.38
+
+### Patch Changes
+
+- @verdaccio/store@6.0.0-6-next.37
+- @verdaccio/core@6.0.0-6-next.57
+- @verdaccio/config@6.0.0-6-next.57
+- @verdaccio/auth@6.0.0-6-next.36
+- @verdaccio/tarball@11.0.0-6-next.26
+- @verdaccio/logger@6.0.0-6-next.25
+- @verdaccio/utils@6.0.0-6-next.25
+
+## 6.0.0-6-next.37
+
+### Patch Changes
+
+- Updated dependencies [a1986e09]
+  - @verdaccio/utils@6.0.0-6-next.24
+  - @verdaccio/auth@6.0.0-6-next.35
+  - @verdaccio/config@6.0.0-6-next.56
+  - @verdaccio/tarball@11.0.0-6-next.25
+  - @verdaccio/store@6.0.0-6-next.36
+  - @verdaccio/core@6.0.0-6-next.56
+  - @verdaccio/logger@6.0.0-6-next.24
+
 ## 6.0.0-6-next.36
 
 ### Patch Changes

packages/server/fastify/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/server-fastify",
-  "version": "6.0.0-6-next.36",
+  "version": "6.0.0-6-next.38",
   "description": "fastify server api implementation",
   "keywords": [
     "private",
@@ -34,13 +34,13 @@
     "access": "public"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.55",
-    "@verdaccio/config": "workspace:6.0.0-6-next.55",
-    "@verdaccio/auth": "workspace:6.0.0-6-next.34",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.23",
-    "@verdaccio/store": "workspace:6.0.0-6-next.35",
-    "@verdaccio/tarball": "workspace:11.0.0-6-next.24",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.23",
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
+    "@verdaccio/config": "workspace:6.0.0-6-next.57",
+    "@verdaccio/auth": "workspace:6.0.0-6-next.36",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.25",
+    "@verdaccio/store": "workspace:6.0.0-6-next.37",
+    "@verdaccio/tarball": "workspace:11.0.0-6-next.26",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.25",
     "core-js": "3.27.0",
     "debug": "4.3.4",
     "fastify": "4.10.2",

packages/standalone/package.json

@@ -32,8 +32,8 @@
   "homepage": "https://verdaccio.org",
   "license": "MIT",
   "devDependencies": {
-    "@verdaccio/cli": "workspace:6.0.0-6-next.55",
-    "@verdaccio/ui-theme": "workspace:6.0.0-6-next.55",
+    "@verdaccio/cli": "workspace:6.0.0-6-next.57",
+    "@verdaccio/ui-theme": "workspace:6.0.0-6-next.57",
     "fs-extra": "10.1.0",
     "webpack": "5.75.0",
     "webpack-bundle-analyzer": "4.7.0",

packages/store/CHANGELOG.md

@@ -1,5 +1,36 @@
 # @verdaccio/store
 
+## 6.0.0-6-next.37
+
+### Patch Changes
+
+- @verdaccio/local-storage@11.0.0-6-next.27
+- @verdaccio/core@6.0.0-6-next.57
+- @verdaccio/config@6.0.0-6-next.57
+- @verdaccio/tarball@11.0.0-6-next.26
+- @verdaccio/url@11.0.0-6-next.23
+- @verdaccio/hooks@6.0.0-6-next.27
+- @verdaccio/loaders@6.0.0-6-next.26
+- @verdaccio/logger@6.0.0-6-next.25
+- @verdaccio/proxy@6.0.0-6-next.35
+- @verdaccio/utils@6.0.0-6-next.25
+
+## 6.0.0-6-next.36
+
+### Patch Changes
+
+- Updated dependencies [a1986e09]
+  - @verdaccio/utils@6.0.0-6-next.24
+  - @verdaccio/config@6.0.0-6-next.56
+  - @verdaccio/tarball@11.0.0-6-next.25
+  - @verdaccio/local-storage@11.0.0-6-next.26
+  - @verdaccio/proxy@6.0.0-6-next.34
+  - @verdaccio/hooks@6.0.0-6-next.26
+  - @verdaccio/loaders@6.0.0-6-next.25
+  - @verdaccio/core@6.0.0-6-next.56
+  - @verdaccio/url@11.0.0-6-next.22
+  - @verdaccio/logger@6.0.0-6-next.24
+
 ## 6.0.0-6-next.35
 
 ### Patch Changes

packages/store/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/store",
-  "version": "6.0.0-6-next.35",
+  "version": "6.0.0-6-next.37",
   "description": "loaders logic",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -39,16 +39,16 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/config": "workspace:6.0.0-6-next.55",
-    "@verdaccio/core": "workspace:6.0.0-6-next.55",
-    "@verdaccio/hooks": "workspace:6.0.0-6-next.25",
-    "@verdaccio/loaders": "workspace:6.0.0-6-next.24",
-    "@verdaccio/local-storage": "workspace:11.0.0-6-next.25",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.23",
-    "@verdaccio/proxy": "workspace:6.0.0-6-next.33",
-    "@verdaccio/url": "workspace:11.0.0-6-next.21",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.23",
-    "@verdaccio/tarball": "workspace:11.0.0-6-next.24",
+    "@verdaccio/config": "workspace:6.0.0-6-next.57",
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
+    "@verdaccio/hooks": "workspace:6.0.0-6-next.27",
+    "@verdaccio/loaders": "workspace:6.0.0-6-next.26",
+    "@verdaccio/local-storage": "workspace:11.0.0-6-next.27",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.25",
+    "@verdaccio/proxy": "workspace:6.0.0-6-next.35",
+    "@verdaccio/url": "workspace:11.0.0-6-next.23",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.25",
+    "@verdaccio/tarball": "workspace:11.0.0-6-next.26",
     "JSONStream": "1.3.5",
     "debug": "4.3.4",
     "lodash": "4.17.21",
@@ -58,7 +58,7 @@
   "devDependencies": {
     "@types/node": "16.18.10",
     "@verdaccio/types": "workspace:11.0.0-6-next.19",
-    "@verdaccio/test-helper": "workspace:2.0.0-6-next.6",
+    "@verdaccio/test-helper": "workspace:2.0.0-6-next.7",
     "undici": "4.16.0",
     "nock": "13.2.9",
     "node-mocks-http": "1.12.1",

packages/tools/docusaurus-plugin-contributors/src/contributors.json

@@ -3,11 +3,11 @@
     {
       "id": 558752,
       "login": "juanpicado",
-      "contributions": 4949,
+      "contributions": 4957,
       "repositories": [
         {
           "name": "verdaccio",
-          "contributions": 2666
+          "contributions": 2671
         },
         {
           "name": "verdaccio-cookbook",
@@ -59,7 +59,7 @@
         },
         {
           "name": "monorepo",
-          "contributions": 186
+          "contributions": 187
         },
         {
           "name": "authentication-plugin-sample",
@@ -135,7 +135,7 @@
         },
         {
           "name": "e2e-5.x",
-          "contributions": 42
+          "contributions": 44
         }
       ]
     },
@@ -3115,6 +3115,17 @@
         }
       ]
     },
+    {
+      "id": 119927819,
+      "login": "TLDMain",
+      "contributions": 1,
+      "repositories": [
+        {
+          "name": "verdaccio",
+          "contributions": 1
+        }
+      ]
+    },
     {
       "id": 1783440,
       "login": "tarun1793",
@@ -4751,7 +4762,7 @@
       "full_name": "verdaccio/verdaccio",
       "html_url": "https://github.com/verdaccio/verdaccio",
       "description": "📦🔐 A lightweight Node.js private proxy registry",
-      "stargazers_count": 14363,
+      "stargazers_count": 14383,
       "archived": false
     },
     {

packages/tools/eslint/package.json

@@ -13,13 +13,13 @@
   },
   "dependencies": {
     "eslint-config-google": "0.14.0",
-    "eslint-config-prettier": "8.5.0",
+    "eslint-config-prettier": "8.6.0",
     "eslint-plugin-babel": "5.3.1",
-    "eslint-plugin-import": "2.26.0",
+    "eslint-plugin-import": "2.27.5",
     "eslint-plugin-jest": "26.9.0",
-    "eslint-plugin-jsx-a11y": "6.6.1",
+    "eslint-plugin-jsx-a11y": "6.7.1",
     "eslint-plugin-prettier": "4.2.1",
-    "eslint-plugin-react": "7.31.11",
+    "eslint-plugin-react": "7.32.2",
     "eslint-plugin-cypress": "2.12.1",
     "eslint-plugin-react-hooks": "4.6.0",
     "eslint-plugin-simple-import-sort": "7.0.0",

packages/tools/helpers/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Change Log
 
+## 2.0.0-6-next.7
+
+### Patch Changes
+
+- 9943e2b1: fix: extract logger from middleware
+
 ## 2.0.0-6-next.6
 
 ### Minor Changes

packages/tools/helpers/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/test-helper",
-  "version": "2.0.0-6-next.6",
+  "version": "2.0.0-6-next.7",
   "private": true,
   "description": "test helpers",
   "author": "Juan Picado <juanpicado19@gmail.com>",
@@ -10,11 +10,12 @@
   "types": "build/index.d.ts",
   "devDependencies": {
     "@verdaccio/types": "workspace:11.0.0-6-next.19",
-    "@verdaccio/auth": "workspace:6.0.0-6-next.34",
-    "@verdaccio/core": "workspace:6.0.0-6-next.55",
-    "@verdaccio/config": "workspace:6.0.0-6-next.55",
-    "@verdaccio/middleware": "workspace:6.0.0-6-next.34",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.23",
+    "@verdaccio/auth": "workspace:6.0.0-6-next.36",
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
+    "@verdaccio/config": "workspace:6.0.0-6-next.57",
+    "@verdaccio/middleware": "workspace:6.0.0-6-next.36",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.25",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.25",
     "body-parser": "1.20.1",
     "express": "4.18.2",
     "supertest": "6.3.3",

packages/tools/helpers/src/initializeServer.ts

@@ -7,6 +7,7 @@ import path from 'path';
 import { Auth } from '@verdaccio/auth';
 import { Config } from '@verdaccio/config';
 import { errorUtils } from '@verdaccio/core';
+import { logger } from '@verdaccio/logger';
 import { errorReportingMiddleware, final, handleError } from '@verdaccio/middleware';
 import { generateRandomHexString } from '@verdaccio/utils';
 
@@ -31,7 +32,7 @@ export async function initializeServer(
   // TODO: this might not be need it, used in apiEndpoints
   app.use(bodyParser.json({ strict: false, limit: '10mb' }));
   // @ts-ignore
-  app.use(errorReportingMiddleware);
+  app.use(errorReportingMiddleware(logger));
   for (let route of routesMiddleware) {
     if (route.async) {
       const middleware = await route.routes(config, auth, storage);
@@ -47,7 +48,7 @@ export async function initializeServer(
   });
 
   // @ts-ignore
-  app.use(handleError);
+  app.use(handleError(logger));
   // @ts-ignore
   app.use(final);
 

packages/tools/local-publish/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @verdaccio/local-publish
 
+## 0.0.2-6-next.1
+
+### Patch Changes
+
+- 9943e2b1: fix: extract logger from middleware
+
 ## 0.0.2-6-next.0
 
 ### Patch Changes

packages/tools/local-publish/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/local-publish",
-  "version": "0.0.2-6-next.0",
+  "version": "0.0.2-6-next.1",
   "private": true,
   "description": "trigger server for local development",
   "author": "Juan Picado <juanpicado19@gmail.com>",
@@ -10,9 +10,9 @@
   "types": "build/index.d.ts",
   "devDependencies": {
     "@verdaccio/types": "workspace:11.0.0-6-next.19",
-    "@verdaccio/core": "workspace:6.0.0-6-next.55",
-    "@verdaccio/config": "workspace:6.0.0-6-next.55",
-    "verdaccio": "6.0.0-6-next.55",
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
+    "@verdaccio/config": "workspace:6.0.0-6-next.57",
+    "verdaccio": "6.0.0-6-next.57",
     "ts-node": "10.9.1"
   },
   "scripts": {

packages/tools/local-publish/src/index.ts

@@ -12,7 +12,7 @@ fileUtils
       logs: { level: 'info', type: 'stdout', format: 'pretty' },
       uplinks: {},
       packages: {},
-      self_path: folderPath,
+      configPath: folderPath,
     })
       .addUplink('npmjs', { url: 'https://registry.npmjs.org' })
       .addPackageAccess('@verdaccio/*', {

packages/tools/translations/src/progress_lang.json

@@ -12,7 +12,7 @@
     "approvalProgress": 23
   },
   "fr": {
-    "translationProgress": 23,
+    "translationProgress": 27,
     "approvalProgress": 23
   },
   "gl": {
@@ -20,7 +20,7 @@
     "approvalProgress": 1
   },
   "it": {
-    "translationProgress": 68,
+    "translationProgress": 100,
     "approvalProgress": 66
   },
   "ja": {

packages/utils/CHANGELOG.md

@@ -1,5 +1,21 @@
 # @verdaccio/utils
 
+## 6.0.0-6-next.25
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.57
+
+## 6.0.0-6-next.24
+
+### Minor Changes
+
+- a1986e09: feat: expose middleware utils
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.56
+
 ## 6.0.0-6-next.23
 
 ### Patch Changes

packages/utils/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/utils",
-  "version": "6.0.0-6-next.23",
+  "version": "6.0.0-6-next.25",
   "description": "verdaccio utilities",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -29,7 +29,7 @@
     "node": ">=12"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.55",
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
     "minimatch": "3.1.2",
     "semver": "7.3.8",
     "lodash": "4.17.21"

packages/utils/src/index.ts

@@ -3,3 +3,4 @@ export * from './utils';
 export * from './crypto-utils';
 export * from './replace-lodash';
 export * from './matcher';
+export * from './middleware-utils';

packages/verdaccio/CHANGELOG.md

@@ -1,5 +1,32 @@
 # verdaccio
 
+## 6.0.0-6-next.57
+
+### Patch Changes
+
+- @verdaccio/node-api@6.0.0-6-next.57
+- @verdaccio/cli@6.0.0-6-next.57
+- @verdaccio/ui-theme@6.0.0-6-next.57
+- @verdaccio/hooks@6.0.0-6-next.27
+- @verdaccio/logger@6.0.0-6-next.25
+- verdaccio-audit@11.0.0-6-next.20
+- verdaccio-htpasswd@11.0.0-6-next.27
+- @verdaccio/utils@6.0.0-6-next.25
+
+## 6.0.0-6-next.56
+
+### Patch Changes
+
+- Updated dependencies [a1986e09]
+  - @verdaccio/utils@6.0.0-6-next.24
+  - @verdaccio/node-api@6.0.0-6-next.56
+  - @verdaccio/hooks@6.0.0-6-next.26
+  - verdaccio-audit@11.0.0-6-next.19
+  - @verdaccio/cli@6.0.0-6-next.56
+  - verdaccio-htpasswd@11.0.0-6-next.26
+  - @verdaccio/ui-theme@6.0.0-6-next.56
+  - @verdaccio/logger@6.0.0-6-next.24
+
 ## 6.0.0-6-next.55
 
 ### Patch Changes

packages/verdaccio/package.json

@@ -1,6 +1,6 @@
 {
   "name": "verdaccio",
-  "version": "6.0.0-6-next.55",
+  "version": "6.0.0-6-next.57",
   "description": "A lightweight private npm proxy registry",
   "main": "build/index.js",
   "types": "build/index.d.ts",
@@ -38,21 +38,21 @@
   },
   "homepage": "https://verdaccio.org",
   "dependencies": {
-    "@verdaccio/cli": "workspace:6.0.0-6-next.55",
-    "@verdaccio/hooks": "workspace:6.0.0-6-next.25",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.23",
-    "@verdaccio/node-api": "workspace:6.0.0-6-next.55",
-    "@verdaccio/ui-theme": "workspace:6.0.0-6-next.55",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.23",
-    "verdaccio-audit": "workspace:11.0.0-6-next.18",
-    "verdaccio-htpasswd": "workspace:11.0.0-6-next.25"
+    "@verdaccio/cli": "workspace:6.0.0-6-next.57",
+    "@verdaccio/hooks": "workspace:6.0.0-6-next.27",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.25",
+    "@verdaccio/node-api": "workspace:6.0.0-6-next.57",
+    "@verdaccio/ui-theme": "workspace:6.0.0-6-next.57",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.25",
+    "verdaccio-audit": "workspace:11.0.0-6-next.20",
+    "verdaccio-htpasswd": "workspace:11.0.0-6-next.27"
   },
   "devDependencies": {
-    "@verdaccio/auth": "workspace:6.0.0-6-next.34",
-    "@verdaccio/core": "workspace:6.0.0-6-next.55",
-    "@verdaccio/config": "workspace:6.0.0-6-next.55",
-    "@verdaccio/store": "workspace:6.0.0-6-next.35",
-    "@verdaccio/test-helper": "workspace:2.0.0-6-next.6",
+    "@verdaccio/auth": "workspace:6.0.0-6-next.36",
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
+    "@verdaccio/config": "workspace:6.0.0-6-next.57",
+    "@verdaccio/store": "workspace:6.0.0-6-next.37",
+    "@verdaccio/test-helper": "workspace:2.0.0-6-next.7",
     "fastify": "4.10.2",
     "yaml": "2.2.0",
     "got": "11.8.6",