chore: update versions (6-next) (#3823)

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

.changeset/pre.json

@@ -58,7 +58,8 @@
     "@verdaccio/logger-7": "6.0.0-6-next.1",
     "@verdaccio/logger-commons": "6.0.0-6-next.25",
     "@verdaccio/e2e-cli-pnpm8": "1.0.1-6-next.6",
-    "@verdaccio/signature": "6.0.0-6-next.1"
+    "@verdaccio/signature": "6.0.0-6-next.1",
+    "@verdaccio/search": "6.0.0-6-next.1"
   },
   "changesets": [
     "afraid-mice-obey",
@@ -145,6 +146,8 @@
     "shaggy-parrots-smash",
     "shiny-chefs-heal",
     "shy-ducks-cover",
+    "silly-moose-watch",
+    "six-boats-sparkle",
     "slow-carrots-relate",
     "slow-snails-sniff",
     "smart-apricots-kneel",
@@ -157,15 +160,19 @@
     "spicy-snakes-sip",
     "strange-ladybugs-nail",
     "strong-socks-type",
+    "stupid-sloths-leave",
     "swift-pumpkins-knock",
     "ten-parents-breathe",
     "tender-bags-call",
+    "tender-pots-yawn",
+    "tender-tigers-hammer",
     "thick-countries-move",
     "thick-geese-wash",
     "thick-readers-hang",
     "three-moles-drop",
     "three-pots-sit",
     "tiny-seals-join",
+    "tough-days-search",
     "tricky-taxis-watch",
     "twelve-crabs-guess",
     "two-dolls-check",

.changeset/silly-moose-watch.md

@@ -0,0 +1,5 @@
+---
+'verdaccio-htpasswd': patch
+---
+
+fix wrong htpasswd file location

.changeset/six-boats-sparkle.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/search': minor
+---
+
+feat: add search package utilities

.changeset/stupid-sloths-leave.md

@@ -0,0 +1,7 @@
+---
+'@verdaccio/logger-7': patch
+'@verdaccio/logger-commons': patch
+'@verdaccio/logger-prettify': patch
+---
+
+fix: restore pino legacy version

.changeset/tender-pots-yawn.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-theme': patch
+---
+
+fix menuKey for Khmer language

.changeset/tender-tigers-hammer.md

@@ -0,0 +1,7 @@
+---
+'@verdaccio/auth': minor
+'@verdaccio/core': minor
+'verdaccio-htpasswd': minor
+---
+
+feat: async bcrypt hash

.changeset/tough-days-search.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/ui-theme': patch
+'@verdaccio/ui-components': patch
+---
+
+fix: undefined field on missing count

.github/ISSUE_TEMPLATE/config.yml

@@ -8,7 +8,4 @@ contact_links:
     about: I want to report a security vulnerability
   - name: Chat 🏘
     url: https://discord.gg/7qWJxBf
-    about: For a quick question you should do it through our community chat
-  - name: User Interface Report 👩🏼‍🎨👨🏼‍🎨
-    url: https://github.com/verdaccio/ui/issues/new/choose
-    about: Any report related with the User Interface should be posted in another repository
+    about: Quick question? Try out Discord chat, you can get faster feedback

.github/workflows/changesets.yml

@@ -20,20 +20,19 @@ jobs:
     if: github.ref == 'refs/heads/master' && github.repository == 'verdaccio/verdaccio'
     steps:
       - name: checkout code repository
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
         with:
           fetch-depth: 0
 
       - name: setup node.js
         uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
-          node-version: 14
-          registry-url: 'https://registry.npmjs.org'
+          node-version-file: '.nvmrc'
         env:
           NODE_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
 
       - name: install pnpm
-        run: npm i pnpm@6.32.15 -g
+        run: npm i pnpm@latest-8 -g
         env:
           NODE_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
 

.github/workflows/ci-windows.yml

@@ -18,19 +18,23 @@ jobs:
         env:
           NODE_ENV: production          
     steps:
-    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
     - name: Node
       uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
       with:
         node-version-file: '.nvmrc'
     - name: Install pnpm
-      run: npm i pnpm@6.32.15 -g
+      run: npm i pnpm@latest-8 -g
     - name: set store
       run: |
         mkdir ~/.pnpm-store
         pnpm config set store-dir ~/.pnpm-store
+    - name: set store
+      run: |
+        mkdir ~/.pnpm-store
+        pnpm config set store-dir ~/.pnpm-store            
     - name: Install
-      run: pnpm recursive install --frozen-lockfile --registry http://localhost:4873
+      run: pnpm install --registry http://localhost:4873
     - name: Cache .pnpm-store
       uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
       with:
@@ -43,19 +47,23 @@ jobs:
     name: Lint
     needs: prepare
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
       - name: Node
         uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
-        run: npm i pnpm@6.32.15 -g
+        run: npm i pnpm@latest-8 -g
       - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          mkdir ~/.pnpm-store
+          pnpm config set store-dir ~/.pnpm-store              
       - name: Install
-        run: pnpm recursive install --offline --frozen-lockfile --reporter=silence --ignore-scripts
+        run: pnpm install --offline --reporter=silence --ignore-scripts
       - name: Lint
         run: pnpm lint
   format:
@@ -63,19 +71,23 @@ jobs:
     name: Format
     needs: prepare
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
       - name: Use Node
         uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
-        run: npm i pnpm@6.32.15 -g
+        run: npm i pnpm@latest-8 -g
       - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          mkdir ~/.pnpm-store
+          pnpm config set store-dir ~/.pnpm-store          
       - name: Install
-        run: pnpm recursive install --offline --frozen-lockfile --reporter=silence --ignore-scripts
+        run: pnpm install --offline --reporter=silence --ignore-scripts
       - name: Lint
         run: pnpm format:check
   build:
@@ -88,19 +100,23 @@ jobs:
     name: ${{ matrix.os }} / Node ${{ matrix.node_version }}
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
       - name: Use Node ${{ matrix.node_version }}
         uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
           node-version: ${{ matrix.node_version }}
       - name: Install pnpm
-        run: npm i pnpm@6.32.15 -g
+        run: npm i pnpm@latest-8 -g
       - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          mkdir ~/.pnpm-store
+          pnpm config set store-dir ~/.pnpm-store          
       - name: Install
-        run: pnpm recursive install --offline --frozen-lockfile --reporter=silence --ignore-scripts --registry http://localhost:4873
+        run: pnpm install --offline --reporter=silence --ignore-scripts --registry http://localhost:4873
       - name: build
         run: pnpm build
       - name: Test
@@ -110,18 +126,22 @@ jobs:
     runs-on: windows-latest
     name: UI Test E2E
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
       - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
-        run: npm i pnpm@6.32.15 -g
+        run: npm i pnpm@latest-8 -g
       - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          mkdir ~/.pnpm-store
+          pnpm config set store-dir ~/.pnpm-store              
       - name: Install
-        run: pnpm recursive install --offline --frozen-lockfile --reporter=silence --registry http://localhost:4873
+        run: pnpm install --offline --reporter=silence --registry http://localhost:4873
       - name: build
         run: pnpm build
       - name: Test UI

.github/workflows/ci.yml

@@ -21,13 +21,13 @@ jobs:
     name: setup verdaccio
     services:
       verdaccio:
-        image: verdaccio/verdaccio:nightly-master
+        image: verdaccio/verdaccio:5
         ports:
           - 4873:4873
         env:
           NODE_ENV: production          
     steps:
-    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
     - name: Node
       uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
       with:
@@ -35,13 +35,13 @@ jobs:
     - name: Install pnpm
       run: |
         corepack enable
-        corepack prepare --activate pnpm@6.32.15
+        corepack prepare --activate pnpm@latest-8
     - name: set store
       run: |
         mkdir ~/.pnpm-store
         pnpm config set store-dir ~/.pnpm-store
     - name: Install
-      run: pnpm recursive install --frozen-lockfile --registry http://localhost:4873
+      run: pnpm install  --registry http://localhost:4873
     - name: Cache .pnpm-store
       uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
       with:
@@ -54,7 +54,7 @@ jobs:
     name: Lint
     needs: prepare
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
       - name: Node
         uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
@@ -62,13 +62,16 @@ jobs:
       - name: Install pnpm
         run: |
           corepack enable
-          corepack prepare --activate pnpm@6.32.15
+          corepack prepare --activate pnpm@latest-8
       - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          pnpm config set store-dir ~/.pnpm-store              
       - name: Install
-        run: pnpm recursive install --offline --frozen-lockfile --reporter=silence --ignore-scripts
+        run: pnpm install --offline   --ignore-scripts
       - name: Lint
         run: pnpm lint
   format:
@@ -76,7 +79,7 @@ jobs:
     name: Format
     needs: prepare
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
       - name: Use Node
         uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
@@ -84,13 +87,16 @@ jobs:
       - name: Install pnpm
         run: |
           corepack enable
-          corepack prepare --activate pnpm@6.32.15
+          corepack prepare --activate pnpm@latest-8
       - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          pnpm config set store-dir ~/.pnpm-store              
       - name: Install
-        run: pnpm recursive install --offline --frozen-lockfile --reporter=silence --ignore-scripts
+        run: pnpm install --offline   --ignore-scripts
       - name: Lint
         run: pnpm format:check
   test:
@@ -103,7 +109,7 @@ jobs:
     name: ${{ matrix.os }} / Node ${{ matrix.node_version }}
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
       - name: Use Node ${{ matrix.node_version }}
         uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
@@ -111,13 +117,16 @@ jobs:
       - name: Install pnpm
         run: |
           corepack enable
-          corepack prepare --activate pnpm@6.32.15
+          corepack prepare --activate pnpm@latest-8
       - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          pnpm config set store-dir ~/.pnpm-store              
       - name: Install
-        run: pnpm recursive install --offline --frozen-lockfile --reporter=silence --ignore-scripts --registry http://localhost:4873
+        run: pnpm install --offline   --ignore-scripts --registry http://localhost:4873
       - name: build
         run: pnpm build
       - name: Test
@@ -126,27 +135,30 @@ jobs:
     needs: [test]
     runs-on: ubuntu-latest
     name: synchronize translations
-    if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
+    if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
       - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
         run: |
           corepack enable
-          corepack prepare --activate pnpm@6.32.15
+          corepack prepare --activate pnpm@latest-8
       - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+      - name: set store
+        run: |
+          pnpm config set store-dir ~/.pnpm-store              
       - name: Install
         ## we need scripts, pupetter downloads aditional content
-        run: pnpm recursive install --frozen-lockfile --registry http://localhost:4873
+        run: pnpm install  --registry http://localhost:4873
       - name: build
         run: pnpm build
       - name: generate website translations
-        run: pnpm write-translations --filter ...@verdaccio/website
+        run: pnpm --filter ...@verdaccio/website write-translations
       - name: sync
         env:
           CROWDIN_VERDACCIO_API_KEY: ${{ secrets.CROWDIN_VERDACCIO_API_KEY }}

.github/workflows/codeql-analysis.yml

@@ -21,7 +21,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
         with:
           # We must fetch at least the immediate parents so that if this is
           # a pull request then we can checkout the head.
@@ -34,7 +34,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@16964e90ba004cdf0cd845b866b5df21038b7723 # tag=v2
+        uses: github/codeql-action/init@29b1f65c5e92e24fe6b6647da1eaabe529cec70f # v2
 
       # Override language selection by uncommenting this and choosing your languages
       # with:
@@ -42,7 +42,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@16964e90ba004cdf0cd845b866b5df21038b7723 # tag=v2
+        uses: github/codeql-action/autobuild@29b1f65c5e92e24fe6b6647da1eaabe529cec70f # v2
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -56,4 +56,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@16964e90ba004cdf0cd845b866b5df21038b7723 # tag=v2
+        uses: github/codeql-action/analyze@29b1f65c5e92e24fe6b6647da1eaabe529cec70f # v2

.github/workflows/docker-proxy-apache-e2e.yml

@@ -15,7 +15,7 @@ jobs:
 
     steps:
     - name: Checkout
-      uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3
+      uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
       
     - name: Start containers
       run: docker-compose -f "./e2e/docker/apache-verdaccio/docker-compose.yaml" up -d --build

.github/workflows/docker-proxy-nginx-e2e.yml

@@ -12,7 +12,7 @@ jobs:
 
     steps:
     - name: Checkout
-      uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3
+      uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
       
     - name: Start containers
       run: docker-compose -f "./e2e/docker/proxy-nginx/docker-compose.yaml" up -d --build

.github/workflows/docker-publish.yml

@@ -23,7 +23,7 @@ jobs:
   docker:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
       - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # tag=v1
       - uses: docker/setup-buildx-action@v1
         with:

.github/workflows/e2e-ci.yml

@@ -15,19 +15,19 @@ jobs:
         env:
           NODE_ENV: production
     steps:
-    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
     - name: Use Node
       uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
       with:
         node-version-file: '.nvmrc'
     - name: Install pnpm
-      run: npm i pnpm@6.32.15 -g
+      run: npm i pnpm@latest-8 -g
     - name: set store
       run: |
         mkdir ~/.pnpm-store
         pnpm config set store-dir ~/.pnpm-store
     - name: Install
-      run: pnpm recursive install --frozen-lockfile --reporter=silence --ignore-scripts --registry http://localhost:4873
+      run: pnpm install --reporter=silence --ignore-scripts --registry http://localhost:4873
     - name: Cache .pnpm-store
       uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
       with:
@@ -39,19 +39,22 @@ jobs:
     needs: [prepare]
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
       - name: Use Node 16
         uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
-        run: npm i pnpm@6.32.15 -g
+        run: npm i pnpm@latest-8 -g
       - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+      - name: set store
+        run: |
+          pnpm config set store-dir ~/.pnpm-store              
       - name: Install
-        run: pnpm recursive install --frozen-lockfile --reporter=silence --registry http://localhost:4873
+        run: pnpm recursive install --reporter=silence --registry http://localhost:4873
       - name: build
         run: pnpm build
       - name: Cache packages
@@ -80,18 +83,21 @@ jobs:
     name: ${{ matrix.pkg }}/ ubuntu-latest / ${{ matrix.node }}
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
       - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
           node-version: ${{ matrix.node }}
       - name: Install pnpm
-        run: npm i pnpm@6.32.15 -g
+        run: npm i pnpm@latest-8 -g
       - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+      - name: set store
+        run: |
+          pnpm config set store-dir ~/.pnpm-store              
       - name: Install
-        run: pnpm recursive install --offline --frozen-lockfile --reporter=silence --ignore-scripts --registry http://localhost:4873
+        run: pnpm install --offline --reporter=silence --ignore-scripts --registry http://localhost:4873
       - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
         with:
           path: ./packages/
@@ -101,6 +107,6 @@ jobs:
       #     path: ./e2e/
       #     key: test-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
       - name: build e2e
-        run: pnpm run build --filter=./e2e      
+        run:  pnpm --filter @verdaccio/test-cli-commons build
       - name: Test CLI
         run: NODE_ENV=production pnpm test --filter ...@verdaccio/e2e-cli-${{matrix.pkg}}

.github/workflows/e2e-ui.yml

@@ -15,7 +15,7 @@ jobs:
         env:
           NODE_ENV: production
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
       - name: Use Node
         uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
@@ -23,9 +23,9 @@ jobs:
       - name: Install pnpm
         run: |
          corepack enable
-         corepack prepare --activate pnpm@6.32.15
+         corepack prepare --activate pnpm@latest-8
       - name: Install
-        run: pnpm install --frozen-lockfile --reporter=silence --registry http://localhost:4873
+        run: pnpm install --reporter=silence --registry http://localhost:4873
       - name: build
         run: pnpm build
       - name: Test UI

.github/workflows/static-data.yml

@@ -19,7 +19,7 @@ jobs:
     name: Run script
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
         with:
           persist-credentials: false
           fetch-depth: 0
@@ -27,11 +27,11 @@ jobs:
         with:
           node-version: 18.x
       - name: install pnpm
-        run: sudo npm i pnpm@latest-6 -g
+        run: sudo npm i pnpm@latest-8 -g
       - name: install dependencies
         run: pnpm install
       - name: Build Translations percentage
-        run: pnpm build --filter "@verdaccio/crowdin-translations"
+        run: pnpm --filter @verdaccio/crowdin-translations build
       - name: update contributors
         run: pnpm run contributors
         env:

.github/workflows/ui-components.yml

@@ -27,7 +27,7 @@ jobs:
     env:
       NODE_OPTIONS: --max_old_space_size=4096
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
 
       - name: Use Node
         uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
@@ -47,9 +47,9 @@ jobs:
       - name: Install pnpm
         run: |
           corepack enable
-            corepack prepare --activate pnpm@6.32.15
+            corepack prepare --activate pnpm@latest-8
       - name: Install
-        run: pnpm recursive install --frozen-lockfile  
+        run: pnpm install  
       - name: Build storybook
         run: pnpm ui:storybook:build
       - name: Copy public content
@@ -57,7 +57,7 @@ jobs:
         run: cp -R packages/ui-components/public/* packages/ui-components/storybook-static
       - name: 🔥 Deploy Production UI Netlify
         if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
-        uses: verdaccio/action-netlify-deploy@v2.0.0
+        uses: verdaccio/action-netlify-deploy@1c086d59169edeec9254672c7de17d2ceac3928f # v2.0.0
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           netlify-auth-token: ${{ secrets.NETLIFY_AUTH_TOKEN }}
@@ -65,7 +65,7 @@ jobs:
           build-dir: './packages/ui-components/storybook-static'          
       - name: 🤖 Deploy Preview UI Components Netlify
         if: github.repository == 'verdaccio/verdaccio'
-        uses: verdaccio/action-netlify-deploy@v2.0.0
+        uses: verdaccio/action-netlify-deploy@1c086d59169edeec9254672c7de17d2ceac3928f # v2.0.0
         id: netlify_preview_ui
         with:
           draft: true

.github/workflows/website.yml

@@ -23,7 +23,7 @@ jobs:
     env:
       NODE_OPTIONS: --max_old_space_size=4096
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
 
       - name: Use Node 16
         uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
@@ -42,14 +42,14 @@ jobs:
 
       - uses: pnpm/action-setup@c3b53f6a16e57305370b4ae5a540c2077a1d50dd # tag=v2.2.4
         with:
-          version: 6.32.15
+          version: latest-8
           run_install: |
             - recursive: true
               args: [--frozen-lockfile]
       - name: Build 
         run: pnpm build
       - name: Build Translations percentage
-        run: pnpm build --filter "@verdaccio/crowdin-translations"
+        run: pnpm --filter @verdaccio/crowdin-translations build
       - name: Cache Docusaurus Build
         uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
         with:
@@ -66,7 +66,7 @@ jobs:
           CROWDIN_VERDACCIO_API_KEY: ${{ secrets.CROWDIN_VERDACCIO_API_KEY }}
           SENTRY_KEY: ${{ secrets.SENTRY_KEY }}
           CONTEXT: production
-        run: pnpm netlify:build:production --filter ...@verdaccio/website
+        run: pnpm --filter @verdaccio/website netlify:build:production
 
       - name: 🔥 Deploy Production Netlify
         if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
@@ -81,7 +81,7 @@ jobs:
       - name: Build Deployment Preview
         env:
           CONTEXT: deploy-preview
-        run: pnpm netlify:build:deployPreview --filter ...@verdaccio/website
+        run: pnpm --filter ...@verdaccio/website netlify:build:deployPreview
 
       - name: 🤖 Deploy Preview Netlify
         if: github.repository == 'verdaccio/verdaccio'
@@ -100,7 +100,7 @@ jobs:
       - name: Audit preview URL with Lighthouse
         if: github.repository == 'verdaccio/verdaccio'
         id: lighthouse_audit
-        uses: treosh/lighthouse-ci-action@2e159d989f91bb9e399801b3e1ad90bcd4749f75 # tag=9.6.8
+        uses: treosh/lighthouse-ci-action@03becbfc543944dd6e7534f7ff768abb8a296826 # tag=10.1.0
         with:
           urls: |
             ${{ steps.netlify_preview.outputs.preview-url }}
@@ -109,7 +109,7 @@ jobs:
 
       - name: Format lighthouse score
         id: format_lighthouse_score
-        uses: actions/github-script@98814c53be79b1d30f795b907e553d8679345975 # tag=v6
+        uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # tag=v6
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           script: |
@@ -134,7 +134,7 @@ jobs:
       - name: Add comment to PR
         if: github.repository == 'verdaccio/verdaccio'
         id: comment_to_pr
-        uses: marocchino/sticky-pull-request-comment@3d60a5b2dae89d44e0c6ddc69dd7536aec2071cd # tag=v2
+        uses: marocchino/sticky-pull-request-comment@f61b6cf21ef2fcc468f4345cdfcc9bda741d2343 # v2
         with:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           number: ${{ github.event.issue.number }}

.npmrc

@@ -1,4 +1,3 @@
 always-auth = true
-recursive-install = true
 loglevel=info
 fetch-retries="10"

CONTRIBUTING.md

@@ -44,7 +44,7 @@ This setting would cause the `pnpm install` command to install incorrect version
 To begin your development setup, please install the latest version of pnpm globally:
 
 ```
-npm i -g pnpm@latest-6
+npm i -g pnpm@latest-8
 ```
 
 With pnpm installed, the first step is installing all dependencies:

Dockerfile

@@ -1,7 +1,7 @@
 FROM --platform=${BUILDPLATFORM:-linux/amd64} node:18-alpine as builder
 
 ENV NODE_ENV=development \
-    VERDACCIO_BUILD_REGISTRY=https://registry.verdaccio.org
+    VERDACCIO_BUILD_REGISTRY=https://registry.npmjs.org
 
 RUN apk --no-cache add openssl ca-certificates wget && \
     apk --no-cache add g++ gcc libgcc libstdc++ linux-headers make python3 && \
@@ -11,13 +11,13 @@ RUN apk --no-cache add openssl ca-certificates wget && \
 
 WORKDIR /opt/verdaccio-build
 COPY . .
-RUN npm -g i pnpm@6.32.15 && \
+RUN npm -g i pnpm@latest-8 && \
     pnpm config set registry $VERDACCIO_BUILD_REGISTRY && \
-    pnpm recursive install --frozen-lockfile --ignore-scripts && \
+    pnpm install --frozen-lockfile --ignore-scripts && \
     rm -Rf test && \
-    pnpm run build && \
-    pnpm install -P
-# FIXME: need to remove devDependencies from the build
+    pnpm run build
+# FIXME: need to remove devDependencies from the build    
+# NODE_ENV=production pnpm install --frozen-lockfile --ignore-scripts
 # RUN pnpm install --prod --ignore-scripts
 
 FROM node:18-alpine

README.md

@@ -275,6 +275,7 @@ You can find and chat with then over Discord, click [here](http://chat.verdaccio
 ## Who is using Verdaccio?
 
 - [create-react-app](https://github.com/facebook/create-react-app/blob/master/CONTRIBUTING.md#customizing-e2e-registry-configuration) _(+86.2k ⭐️)_
+- [Grafana](https://github.com/grafana/grafana/search?q=verdaccio) _(+54.9k ⭐️)_
 - [Gatsby](https://github.com/gatsbyjs/gatsby) _(+49.2k ⭐️)_
 - [Babel.js](https://github.com/babel/babel) _(+38.5k ⭐️)_
 - [Docusaurus](https://github.com/facebook/docusaurus) _(+34k ⭐️)_

SECURITY.md

@@ -28,7 +28,7 @@ At Verdaccio, we consider the security of our systems a top priority. But no mat
 
 If you discover a security vulnerability, please use one of the following means of communications to report it to us:
 
-- Report the security issue to the Node.js Security WG through the [HackerOne program](https://hackerone.com/nodejs-ecosystem) for ecosystem modules on npm, or to [Snyk Security Team](https://snyk.io/vulnerability-disclosure). They will help triage the security issue and work with all involved parties to remediate and release a fix.
+- Report the security issue to [Snyk Security Team](https://snyk.io/vulnerability-disclosure). They will help triage the security issue and work with all involved parties to remediate and release a fix.
 
 Note that time-frame and processes are subject to each program’s own policy.
 

e2e/cli/cli-commons/package.json

@@ -5,8 +5,8 @@
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
   "devDependencies": {
-    "@verdaccio/config": "workspace:6.0.0-6-next.67",
-    "@verdaccio/core": "workspace:6.0.0-6-next.67",
+    "@verdaccio/config": "workspace:6.0.0-6-next.70",
+    "@verdaccio/core": "workspace:6.0.0-6-next.70",
     "@verdaccio/types": "workspace:11.0.0-6-next.25",
     "debug": "4.3.4",
     "fs-extra": "10.1.0",
@@ -14,7 +14,7 @@
     "js-yaml": "4.1.0",
     "get-port": "5.1.1",
     "lodash": "4.17.21",
-    "verdaccio": "workspace:6.0.0-6-next.67"
+    "verdaccio": "workspace:6.0.0-6-next.70"
   },
   "scripts": {
     "test": "jest",

e2e/cli/e2e-npm6/audit.spec.ts

@@ -33,9 +33,6 @@ describe('audit a package', () => {
       );
       const parsedBody = JSON.parse(resp.stdout as string);
       expect(parsedBody.metadata).toBeDefined();
-      expect(parsedBody.actions).toBeDefined();
-      expect(parsedBody.advisories).toBeDefined();
-      expect(parsedBody.muted).toBeDefined();
     }
   );
 

e2e/cli/e2e-npm6/package.json

@@ -4,7 +4,7 @@
   "version": "1.0.1-6-next.7",
   "dependencies": {
     "@verdaccio/test-cli-commons": "workspace:1.1.0-6-next.7",
-    "npm": "6.14.18"
+    "npm": "9.6.6"
   },
   "scripts": {
     "test": "jest"

e2e/cli/e2e-npm7/package.json

@@ -4,7 +4,7 @@
   "version": "1.0.1-6-next.7",
   "dependencies": {
     "@verdaccio/test-cli-commons": "workspace:1.1.0-6-next.7",
-    "npm": "7.24.2"
+    "npm": "9.6.6"
   },
   "scripts": {
     "test": "jest"

e2e/cli/e2e-npm8/package.json

@@ -4,7 +4,7 @@
   "version": "1.0.1-6-next.7",
   "dependencies": {
     "@verdaccio/test-cli-commons": "workspace:1.1.0-6-next.7",
-    "npm": "8.19.4"
+    "npm": "9.6.6"
   },
   "scripts": {
     "test": "jest"

e2e/cli/e2e-npm9/package.json

@@ -4,7 +4,7 @@
   "version": "1.0.1-6-next.7",
   "dependencies": {
     "@verdaccio/test-cli-commons": "workspace:1.1.0-6-next.7",
-    "npm": "9.6.0"
+    "npm": "9.6.6"
   },
   "scripts": {
     "test": "jest"

e2e/ui/package.json

@@ -3,9 +3,9 @@
   "name": "@verdaccio/e2e-ui",
   "version": "2.0.0-6-next.4",
   "devDependencies": {
-    "verdaccio": "workspace:6.0.0-6-next.67",
-    "@verdaccio/core": "workspace:6.0.0-6-next.67",
-    "@verdaccio/config": "workspace:6.0.0-6-next.67",
+    "verdaccio": "workspace:6.0.0-6-next.70",
+    "@verdaccio/core": "workspace:6.0.0-6-next.70",
+    "@verdaccio/config": "workspace:6.0.0-6-next.70",
     "@verdaccio/test-helper": "workspace:2.0.0-6-next.8",
     "debug": "4.3.4",
     "cypress": "11.2.0",

package.json

@@ -17,6 +17,7 @@
   "devDependencies": {
     "@babel/cli": "7.20.7",
     "@babel/core": "7.20.7",
+    "@babel/eslint-parser": "7.11.0",
     "@babel/node": "7.20.7",
     "@babel/plugin-proposal-class-properties": "7.18.6",
     "@babel/plugin-proposal-decorators": "7.20.7",
@@ -41,16 +42,21 @@
     "@changesets/changelog-github": "0.4.8",
     "@changesets/cli": "2.24.4",
     "@changesets/get-dependents-graph": "1.3.5",
-    "@crowdin/cli": "3.9.1",
+    "@crowdin/cli": "3.10.1",
     "@dianmora/contributors": "5.0.0",
-    "@emotion/react": "11.10.5",
-    "@emotion/styled": "11.10.5",
+    "@emotion/react": "11.10.6",
+    "@emotion/styled": "11.10.6",
     "@testing-library/dom": "8.19.1",
     "@testing-library/jest-dom": "5.16.5",
-    "@testing-library/react": "12.1.4",
+    "@testing-library/react": "12.1.5",
     "@trivago/prettier-plugin-sort-imports": "^4.0.0",
-    "@types/async": "3.2.16",
+    "@types/async": "3.2.20",
+    "@types/body-parser": "1.19.2",
+    "@types/connect": "3.4.35",
+    "@types/cookiejar": "2.1.2",
+    "@types/debug": "^4.1.7",
     "@types/express": "4.17.15",
+    "@types/express-serve-static-core": "4.17.31",
     "@types/http-errors": "1.8.2",
     "@types/jest": "27.5.2",
     "@types/jsonwebtoken": "8.5.9",
@@ -59,6 +65,8 @@
     "@types/minimatch": "3.0.5",
     "@types/node": "16.18.10",
     "@types/node-fetch": "2.6.2",
+    "@types/qs": "6.9.7",
+    "@types/range-parser": "1.2.4",
     "@types/react": "18.0.26",
     "@types/react-dom": "18.0.9",
     "@types/react-router-dom": "5.3.3",
@@ -66,10 +74,12 @@
     "@types/redux": "3.6.0",
     "@types/request": "2.48.8",
     "@types/semver": "7.3.13",
+    "@types/serve-static": "1.13.10",
+    "@types/superagent": "4.1.10",
     "@types/supertest": "2.0.12",
     "@types/testing-library__jest-dom": "5.14.5",
     "@types/validator": "13.7.12",
-    "@types/webpack": "5.28.0",
+    "@types/webpack": "5.28.1",
     "@types/webpack-env": "1.18.0",
     "@typescript-eslint/eslint-plugin": "5.52.0",
     "@typescript-eslint/parser": "5.52.0",
@@ -78,7 +88,6 @@
     "@verdaccio/types": "workspace:*",
     "@verdaccio/ui-theme": "workspace:*",
     "babel-core": "7.0.0-bridge.0",
-    "babel-eslint": "10.1.0",
     "babel-jest": "29.4.3",
     "babel-plugin-dynamic-import-node": "2.3.3",
     "babel-plugin-emotion": "10.2.2",
@@ -97,7 +106,7 @@
     "jest-environment-jsdom-global": "3.1.2",
     "jest-environment-node": "29.3.1",
     "jest-junit": "12.3.0",
-    "kleur": "3.0.3",
+    "kleur": "4.1.5",
     "lint-staged": "11.2.6",
     "nock": "13.2.9",
     "nodemon": "2.0.20",
@@ -119,22 +128,22 @@
   "scripts": {
     "prepare": "husky install",
     "husky:pre-commit": "lint-staged",
-    "clean": "pnpm run clean --filter=./packages",
-    "build": "pnpm run build --filter=./packages && pnpm run build --filter=./e2e",
+    "clean": "pnpm --filter \"./packages/**\" clean",
+    "build": "pnpm --filter \"./packages/**\" build && pnpm --filter @verdaccio/test-cli-commons build",
     "docker": "docker build -t verdaccio/verdaccio:local . --no-cache",
     "format": "prettier --write \"**/*.{js,jsx,ts,tsx,json,yml,yaml,md}\"",
     "format:check": "prettier --check \"**/*.{js,jsx,ts,tsx,json,yml,yaml,md}\"",
     "lint": "eslint --max-warnings 100 \"**/*.{js,jsx,ts,tsx}\"",
-    "test": "pnpm recursive test --filter ./packages",
-    "test:e2e:cli": "pnpm test --filter ...@verdaccio/e2e-cli-* -- --coverage=false",
-    "test:e2e:ui": "pnpm test --filter ...@verdaccio/e2e-ui",
+    "test": "pnpm --filter \"./packages/**\" test",
+    "test:e2e:cli": "pnpm --filter ...@verdaccio/e2e-cli-* test -- --coverage=false",
+    "test:e2e:ui": "pnpm --filter ...@verdaccio/e2e-ui test",
     "start": "concurrently --kill-others \"pnpm _start:server\" \"pnpm _start:web\"",
     "contributors": "ts-node ./scripts/contributors-update.ts",
     "script:addson": "ts-node ./scripts/addon-update.ts",
     "start:watch": "concurrently --kill-others \"pnpm _build:watch\" \"pnpm _start:server\" \"pnpm _debug:reload\"",
     "_build:watch": "pnpm run --parallel watch --filter ./packages",
     "_start:server": "node --inspect packages/verdaccio/debug/bootstrap.js --listen 8000",
-    "_start:web": "pnpm start --filter ...@verdaccio/ui-theme",
+    "_start:web": "pnpm --filter ...@verdaccio/ui-theme start",
     "_debug:reload": "nodemon -d 3 packages/verdaccio/debug/bootstrap.js",
     "start:ts": "ts-node packages/verdaccio/src/start.ts -- --listen 8000",
     "debug": "node --trace-warnings --trace-uncaught --inspect packages/verdaccio/debug/bootstrap.js",
@@ -147,17 +156,17 @@
     "ci:version:changeset": "changeset version",
     "ci:publish": "changeset publish",
     "ts:ref": "update-ts-references --discardComments",
-    "website": "pnpm build --filter ...@verdaccio/website",
-    "ui:storybook:build": "pnpm build-storybook --filter ...@verdaccio/ui-components",
-    "ui:storybook": "pnpm storybook --filter ...@verdaccio/ui-components",
+    "website": "pnpm --filter ...@verdaccio/website build",
+    "ui:storybook:build": "pnpm --filter ...@verdaccio/ui-components build-storybook",
+    "ui:storybook": "pnpm --filter ...@verdaccio/ui-components storybook",
     "translations": "local-crowdin-api translations",
     "crowdin:upload": "crowdin upload sources --auto-update --config ./crowdin.yaml",
     "crowdin:download": "crowdin download --verbose --config ./crowdin.yaml",
-    "crowdin:sync": "pnpm crowdin:upload && pnpm crowdin:download --verbose",
+    "crowdin:sync": "pnpm crowdin:upload && pnpm crowdin:download",
     "postinstall": "husky install",
-    "local:registry": "pnpm start --filter ...@verdaccio/local-publish",
+    "local:registry": "pnpm --filter ...@verdaccio/local-publish start",
     "local:snapshots": "changeset version --snapshot",
-    "local:publish": "cross-env npm_config_registry=http://localhost:4873 pnpm ci:publish -- --no-git-tag",
+    "local:publish": "cross-env npm_config_registry=http://localhost:4873 changeset publish --no-git-tag",
     "local:publish:release": "concurrently \"pnpm local:registry\" \"pnpm local:publish\""
   },
   "pnpm": {
@@ -167,8 +176,7 @@
     }
   },
   "engines": {
-    "node": ">=16.5",
-    "pnpm": ">=6.32.3 <7.0.0"
+    "node": ">=16.5"
   },
   "license": "MIT",
   "lint-staged": {

packages/api/CHANGELOG.md

@@ -1,5 +1,42 @@
 # @verdaccio/api
 
+## 6.0.0-6-next.53
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.38
+- @verdaccio/auth@6.0.0-6-next.49
+- @verdaccio/middleware@6.0.0-6-next.49
+- @verdaccio/store@6.0.0-6-next.50
+- @verdaccio/core@6.0.0-6-next.70
+- @verdaccio/config@6.0.0-6-next.70
+- @verdaccio/utils@6.0.0-6-next.38
+
+## 6.0.0-6-next.52
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/auth@6.0.0-6-next.48
+  - @verdaccio/core@6.0.0-6-next.69
+  - @verdaccio/config@6.0.0-6-next.69
+  - @verdaccio/middleware@6.0.0-6-next.48
+  - @verdaccio/store@6.0.0-6-next.49
+  - @verdaccio/utils@6.0.0-6-next.37
+  - @verdaccio/logger@6.0.0-6-next.37
+
+## 6.0.0-6-next.51
+
+### Patch Changes
+
+- @verdaccio/auth@6.0.0-6-next.47
+- @verdaccio/core@6.0.0-6-next.68
+- @verdaccio/config@6.0.0-6-next.68
+- @verdaccio/middleware@6.0.0-6-next.47
+- @verdaccio/store@6.0.0-6-next.48
+- @verdaccio/utils@6.0.0-6-next.36
+- @verdaccio/logger@6.0.0-6-next.36
+
 ## 6.0.0-6-next.50
 
 ### Patch Changes

packages/api/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/api",
-  "version": "6.0.0-6-next.50",
+  "version": "6.0.0-6-next.53",
   "description": "loaders logic",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -39,25 +39,25 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@verdaccio/auth": "workspace:6.0.0-6-next.46",
-    "@verdaccio/config": "workspace:6.0.0-6-next.67",
-    "@verdaccio/core": "workspace:6.0.0-6-next.67",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.35",
-    "@verdaccio/middleware": "workspace:6.0.0-6-next.46",
-    "@verdaccio/store": "workspace:6.0.0-6-next.47",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.35",
+    "@verdaccio/auth": "workspace:6.0.0-6-next.49",
+    "@verdaccio/config": "workspace:6.0.0-6-next.70",
+    "@verdaccio/core": "workspace:6.0.0-6-next.70",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.38",
+    "@verdaccio/middleware": "workspace:6.0.0-6-next.49",
+    "@verdaccio/store": "workspace:6.0.0-6-next.50",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.38",
     "abortcontroller-polyfill": "1.7.5",
     "cookies": "0.8.0",
     "debug": "4.3.4",
-    "body-parser": "1.20.1",
+    "body-parser": "1.20.2",
     "express": "4.18.2",
     "lodash": "4.17.21",
     "mime": "2.6.0",
-    "semver": "7.3.8"
+    "semver": "7.5.0"
   },
   "devDependencies": {
     "@types/node": "16.18.10",
-    "@verdaccio/server": "workspace:6.0.0-6-next.56",
+    "@verdaccio/server": "workspace:6.0.0-6-next.59",
     "@verdaccio/types": "workspace:11.0.0-6-next.25",
     "@verdaccio/test-helper": "workspace:2.0.0-6-next.8",
     "supertest": "6.3.3",

packages/auth/CHANGELOG.md

@@ -1,5 +1,47 @@
 # @verdaccio/auth
 
+## 6.0.0-6-next.49
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.38
+- @verdaccio/loaders@6.0.0-6-next.39
+- verdaccio-htpasswd@11.0.0-6-next.40
+- @verdaccio/core@6.0.0-6-next.70
+- @verdaccio/config@6.0.0-6-next.70
+- @verdaccio/utils@6.0.0-6-next.38
+- @verdaccio/signature@6.0.0-6-next.2
+
+## 6.0.0-6-next.48
+
+### Minor Changes
+
+- c9d1af0e: feat: async bcrypt hash
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+  - verdaccio-htpasswd@11.0.0-6-next.39
+  - @verdaccio/config@6.0.0-6-next.69
+  - @verdaccio/loaders@6.0.0-6-next.38
+  - @verdaccio/utils@6.0.0-6-next.37
+  - @verdaccio/signature@6.0.0-6-next.2
+  - @verdaccio/logger@6.0.0-6-next.37
+
+## 6.0.0-6-next.47
+
+### Patch Changes
+
+- Updated dependencies [09753cc1]
+  - verdaccio-htpasswd@11.0.0-6-next.38
+  - @verdaccio/core@6.0.0-6-next.68
+  - @verdaccio/config@6.0.0-6-next.68
+  - @verdaccio/loaders@6.0.0-6-next.37
+  - @verdaccio/utils@6.0.0-6-next.36
+  - @verdaccio/signature@6.0.0-6-next.2
+  - @verdaccio/logger@6.0.0-6-next.36
+
 ## 6.0.0-6-next.46
 
 ### Patch Changes

packages/auth/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/auth",
-  "version": "6.0.0-6-next.46",
+  "version": "6.0.0-6-next.49",
   "description": "logger",
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
@@ -39,16 +39,16 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.67",
-    "@verdaccio/config": "workspace:6.0.0-6-next.67",
-    "@verdaccio/loaders": "workspace:6.0.0-6-next.36",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.35",
+    "@verdaccio/core": "workspace:6.0.0-6-next.70",
+    "@verdaccio/config": "workspace:6.0.0-6-next.70",
+    "@verdaccio/loaders": "workspace:6.0.0-6-next.39",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.38",
     "@verdaccio/signature": "workspace:6.0.0-6-next.2",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.35",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.38",
     "debug": "4.3.4",
     "express": "4.18.2",
     "lodash": "4.17.21",
-    "verdaccio-htpasswd": "workspace:11.0.0-6-next.37"
+    "verdaccio-htpasswd": "workspace:11.0.0-6-next.40"
   },
   "devDependencies": {
     "@verdaccio/types": "workspace:11.0.0-6-next.25"

packages/auth/test/auth.spec.ts

@@ -8,7 +8,7 @@ import { Config } from '@verdaccio/types';
 import { Auth } from '../src';
 import { authPluginFailureConf, authPluginPassThrougConf, authProfileConf } from './helper/plugin';
 
-setup({});
+setup({ level: 'debug', type: 'stdout' });
 
 describe('AuthTest', () => {
   test('should init correctly', async () => {
@@ -29,6 +29,18 @@ describe('AuthTest', () => {
     expect(auth).toBeDefined();
   });
 
+  test('should load custom algorithm', async () => {
+    const config: Config = new AppConfig({
+      ...authProfileConf,
+      auth: { htpasswd: { algorithm: 'sha1', file: './foo' } },
+    });
+    config.checkSecretKey('12345');
+
+    const auth: Auth = new Auth(config);
+    await auth.init();
+    expect(auth).toBeDefined();
+  });
+
   describe('test authenticate method', () => {
     describe('test authenticate states', () => {
       test('should be a success login', async () => {

packages/cli/CHANGELOG.md

@@ -1,5 +1,33 @@
 # @verdaccio/cli
 
+## 6.0.0-6-next.70
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.38
+- @verdaccio/node-api@6.0.0-6-next.70
+- @verdaccio/core@6.0.0-6-next.70
+- @verdaccio/config@6.0.0-6-next.70
+
+## 6.0.0-6-next.69
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+  - @verdaccio/config@6.0.0-6-next.69
+  - @verdaccio/node-api@6.0.0-6-next.69
+  - @verdaccio/logger@6.0.0-6-next.37
+
+## 6.0.0-6-next.68
+
+### Patch Changes
+
+- @verdaccio/node-api@6.0.0-6-next.68
+- @verdaccio/core@6.0.0-6-next.68
+- @verdaccio/config@6.0.0-6-next.68
+- @verdaccio/logger@6.0.0-6-next.36
+
 ## 6.0.0-6-next.67
 
 ### Patch Changes

packages/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/cli",
-  "version": "6.0.0-6-next.67",
+  "version": "6.0.0-6-next.70",
   "author": {
     "name": "Juan Picado",
     "email": "juanpicado19@gmail.com"
@@ -44,14 +44,14 @@
     "start": "ts-node src/index.ts"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.67",
-    "@verdaccio/config": "workspace:6.0.0-6-next.67",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.35",
-    "@verdaccio/node-api": "workspace:6.0.0-6-next.67",
+    "@verdaccio/core": "workspace:6.0.0-6-next.70",
+    "@verdaccio/config": "workspace:6.0.0-6-next.70",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.38",
+    "@verdaccio/node-api": "workspace:6.0.0-6-next.70",
     "clipanion": "3.2.0",
     "envinfo": "7.8.1",
-    "kleur": "3.0.3",
-    "semver": "7.3.8"
+    "kleur": "4.1.5",
+    "semver": "7.5.0"
   },
   "devDependencies": {
     "ts-node": "10.9.1"

packages/config/CHANGELOG.md

@@ -1,5 +1,27 @@
 # @verdaccio/config
 
+## 6.0.0-6-next.70
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.70
+- @verdaccio/utils@6.0.0-6-next.38
+
+## 6.0.0-6-next.69
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+  - @verdaccio/utils@6.0.0-6-next.37
+
+## 6.0.0-6-next.68
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.68
+- @verdaccio/utils@6.0.0-6-next.36
+
 ## 6.0.0-6-next.67
 
 ### Minor Changes

packages/config/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/config",
-  "version": "6.0.0-6-next.67",
+  "version": "6.0.0-6-next.70",
   "description": "logger",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -38,8 +38,8 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.67",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.35",
+    "@verdaccio/core": "workspace:6.0.0-6-next.70",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.38",
     "debug": "4.3.4",
     "js-yaml": "4.1.0",
     "lodash": "4.17.21",

packages/core/core/CHANGELOG.md

@@ -1,5 +1,15 @@
 # @verdaccio/core
 
+## 6.0.0-6-next.70
+
+## 6.0.0-6-next.69
+
+### Minor Changes
+
+- c9d1af0e: feat: async bcrypt hash
+
+## 6.0.0-6-next.68
+
 ## 6.0.0-6-next.67
 
 ### Minor Changes

packages/core/core/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/core",
-  "version": "6.0.0-6-next.67",
+  "version": "6.0.0-6-next.70",
   "description": "core utilities",
   "keywords": [
     "private",
@@ -33,12 +33,12 @@
     "access": "public"
   },
   "dependencies": {
-    "http-errors": "1.8.1",
+    "http-errors": "2.0.0",
     "http-status-codes": "2.2.0",
-    "semver": "7.3.8",
-    "ajv": "8.11.2",
+    "semver": "7.5.0",
+    "ajv": "8.12.0",
     "process-warning": "1.0.0",
-    "core-js": "3.28.0"
+    "core-js": "3.30.2"
   },
   "devDependencies": {
     "lodash": "4.17.21",

packages/core/core/src/constants.ts

@@ -109,3 +109,10 @@ export const PACKAGE_ACCESS = {
   SCOPE: '@*/*',
   ALL: '**',
 };
+
+export enum HtpasswdHashAlgorithm {
+  md5 = 'md5',
+  sha1 = 'sha1',
+  crypt = 'crypt',
+  bcrypt = 'bcrypt',
+}

packages/core/core/src/index.ts

@@ -23,6 +23,7 @@ export {
   DEFAULT_PASSWORD_VALIDATION,
   DEFAULT_USER,
   USERS,
+  HtpasswdHashAlgorithm,
 } from './constants';
 const validationUtils = validatioUtils;
 export {

packages/core/tarball/CHANGELOG.md

@@ -1,5 +1,30 @@
 # Change Log
 
+## 11.0.0-6-next.39
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.70
+- @verdaccio/url@11.0.0-6-next.36
+- @verdaccio/utils@6.0.0-6-next.38
+
+## 11.0.0-6-next.38
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+  - @verdaccio/url@11.0.0-6-next.35
+  - @verdaccio/utils@6.0.0-6-next.37
+
+## 11.0.0-6-next.37
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.68
+- @verdaccio/url@11.0.0-6-next.34
+- @verdaccio/utils@6.0.0-6-next.36
+
 ## 11.0.0-6-next.36
 
 ### Patch Changes

packages/core/tarball/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/tarball",
-  "version": "11.0.0-6-next.36",
+  "version": "11.0.0-6-next.39",
   "description": "tarball utilities resolver",
   "keywords": [
     "private",
@@ -34,9 +34,9 @@
   },
   "dependencies": {
     "debug": "4.3.4",
-    "@verdaccio/core": "workspace:6.0.0-6-next.67",
-    "@verdaccio/url": "workspace:11.0.0-6-next.33",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.35",
+    "@verdaccio/core": "workspace:6.0.0-6-next.70",
+    "@verdaccio/url": "workspace:11.0.0-6-next.36",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.38",
     "lodash": "4.17.21"
   },
   "devDependencies": {

packages/core/types/src/configuration.ts

@@ -18,9 +18,6 @@ export type LoggerLevel = 'http' | 'fatal' | 'warn' | 'info' | 'debug' | 'trace'
 
 export type LoggerConfigItem = {
   type?: LoggerType;
-  /**
-   * The format
-   */
   format?: LoggerFormat;
   path?: string;
   level?: string;

packages/core/url/CHANGELOG.md

@@ -1,5 +1,24 @@
 # Change Log
 
+## 11.0.0-6-next.36
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.70
+
+## 11.0.0-6-next.35
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+
+## 11.0.0-6-next.34
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.68
+
 ## 11.0.0-6-next.33
 
 ### Patch Changes

packages/core/url/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/url",
-  "version": "11.0.0-6-next.33",
+  "version": "11.0.0-6-next.36",
   "description": "url utilities resolver",
   "keywords": [
     "private",
@@ -33,7 +33,7 @@
     "access": "public"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.67",
+    "@verdaccio/core": "workspace:6.0.0-6-next.70",
     "debug": "4.3.4",
     "lodash": "4.17.21",
     "validator": "13.9.0"

packages/hooks/CHANGELOG.md

@@ -1,5 +1,27 @@
 # @verdaccio/hooks
 
+## 6.0.0-6-next.40
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.38
+- @verdaccio/core@6.0.0-6-next.70
+
+## 6.0.0-6-next.39
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+  - @verdaccio/logger@6.0.0-6-next.37
+
+## 6.0.0-6-next.38
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.68
+- @verdaccio/logger@6.0.0-6-next.36
+
 ## 6.0.0-6-next.37
 
 ### Patch Changes

packages/hooks/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/hooks",
-  "version": "6.0.0-6-next.37",
+  "version": "6.0.0-6-next.40",
   "description": "loaders logic",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -29,17 +29,17 @@
     "node": ">=16"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.67",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.35",
-    "core-js": "3.28.0",
+    "@verdaccio/core": "workspace:6.0.0-6-next.70",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.38",
+    "core-js": "3.30.2",
     "debug": "4.3.4",
     "handlebars": "4.7.7",
     "undici": "4.16.0"
   },
   "devDependencies": {
     "@types/node": "16.18.10",
-    "@verdaccio/auth": "workspace:6.0.0-6-next.46",
-    "@verdaccio/config": "workspace:6.0.0-6-next.67",
+    "@verdaccio/auth": "workspace:6.0.0-6-next.49",
+    "@verdaccio/config": "workspace:6.0.0-6-next.70",
     "@verdaccio/types": "workspace:11.0.0-6-next.25"
   },
   "scripts": {

packages/loaders/CHANGELOG.md

@@ -1,5 +1,23 @@
 # @verdaccio/loaders
 
+## 6.0.0-6-next.39
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.38
+
+## 6.0.0-6-next.38
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.37
+
+## 6.0.0-6-next.37
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.36
+
 ## 6.0.0-6-next.36
 
 ### Patch Changes

packages/loaders/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/loaders",
-  "version": "6.0.0-6-next.36",
+  "version": "6.0.0-6-next.39",
   "description": "loaders logic",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -13,13 +13,13 @@
     "url": "https://github.com/verdaccio/verdaccio"
   },
   "dependencies": {
-    "@verdaccio/logger": "workspace:6.0.0-6-next.35",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.38",
     "debug": "4.3.4",
     "lodash": "4.17.21"
   },
   "devDependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.67",
-    "@verdaccio/config": "workspace:6.0.0-6-next.67",
+    "@verdaccio/core": "workspace:6.0.0-6-next.70",
+    "@verdaccio/config": "workspace:6.0.0-6-next.70",
     "@verdaccio/types": "workspace:11.0.0-6-next.25",
     "@verdaccio-scope/verdaccio-auth-foo": "0.0.2",
     "verdaccio-auth-memory": "workspace:*",

packages/logger/logger-7/CHANGELOG.md

@@ -1,5 +1,25 @@
 # @verdaccio/logger-7
 
+## 6.0.0-6-next.15
+
+### Patch Changes
+
+- 4a33e269: fix: restore pino legacy version
+- Updated dependencies [4a33e269]
+  - @verdaccio/logger-commons@6.0.0-6-next.38
+
+## 6.0.0-6-next.14
+
+### Patch Changes
+
+- @verdaccio/logger-commons@6.0.0-6-next.37
+
+## 6.0.0-6-next.13
+
+### Patch Changes
+
+- @verdaccio/logger-commons@6.0.0-6-next.36
+
 ## 6.0.0-6-next.12
 
 ### Patch Changes

packages/logger/logger-7/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/logger-7",
-  "version": "6.0.0-6-next.12",
+  "version": "6.0.0-6-next.15",
   "description": "logger for verdaccio 5.x version",
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
@@ -38,7 +38,7 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/logger-commons": "workspace:6.0.0-6-next.35",
+    "@verdaccio/logger-commons": "workspace:6.0.0-6-next.38",
     "pino": "7.11.0"
   },
   "devDependencies": {

packages/logger/logger-commons/CHANGELOG.md

@@ -1,5 +1,27 @@
 # @verdaccio/logger-commons
 
+## 6.0.0-6-next.38
+
+### Patch Changes
+
+- 4a33e269: fix: restore pino legacy version
+- Updated dependencies [4a33e269]
+  - @verdaccio/logger-prettify@6.0.0-6-next.10
+  - @verdaccio/core@6.0.0-6-next.70
+
+## 6.0.0-6-next.37
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+
+## 6.0.0-6-next.36
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.68
+
 ## 6.0.0-6-next.35
 
 ### Patch Changes

packages/logger/logger-commons/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/logger-commons",
-  "version": "6.0.0-6-next.35",
+  "version": "6.0.0-6-next.38",
   "description": "logger",
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
@@ -38,13 +38,13 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.67",
-    "@verdaccio/logger-prettify": "workspace:6.0.0-6-next.9",
+    "@verdaccio/core": "workspace:6.0.0-6-next.70",
+    "@verdaccio/logger-prettify": "workspace:6.0.0-6-next.10",
     "debug": "4.3.4",
-    "colorette": "2.0.19"
+    "colorette": "2.0.20"
   },
   "devDependencies": {
-    "pino": "8.10.0",
+    "pino": "8.12.1",
     "@verdaccio/types": "workspace:11.0.0-6-next.25"
   },
   "funding": {

packages/logger/logger-prettify/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @verdaccio/logger-prettify
 
+## 6.0.0-6-next.10
+
+### Patch Changes
+
+- 4a33e269: fix: restore pino legacy version
+
 ## 6.0.0-6-next.9
 
 ### Patch Changes

packages/logger/logger-prettify/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/logger-prettify",
-  "version": "6.0.0-6-next.9",
+  "version": "6.0.0-6-next.10",
   "description": "logger",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -40,12 +40,12 @@
   "dependencies": {
     "dayjs": "1.11.7",
     "pino-abstract-transport": "1.0.0",
-    "colorette": "2.0.19",
+    "colorette": "2.0.20",
     "lodash": "4.17.21",
-    "sonic-boom": "3.2.1"
+    "sonic-boom": "3.3.0"
   },
   "devDependencies": {
-    "pino": "8.10.0"
+    "pino": "8.12.1"
   },
   "funding": {
     "type": "opencollective",

packages/logger/logger/CHANGELOG.md

@@ -1,5 +1,24 @@
 # @verdaccio/logger
 
+## 6.0.0-6-next.38
+
+### Patch Changes
+
+- Updated dependencies [4a33e269]
+  - @verdaccio/logger-commons@6.0.0-6-next.38
+
+## 6.0.0-6-next.37
+
+### Patch Changes
+
+- @verdaccio/logger-commons@6.0.0-6-next.37
+
+## 6.0.0-6-next.36
+
+### Patch Changes
+
+- @verdaccio/logger-commons@6.0.0-6-next.36
+
 ## 6.0.0-6-next.35
 
 ### Patch Changes

packages/logger/logger/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/logger",
-  "version": "6.0.0-6-next.35",
+  "version": "6.0.0-6-next.38",
   "description": "logger",
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
@@ -38,8 +38,8 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/logger-commons": "workspace:6.0.0-6-next.35",
-    "pino": "8.10.0"
+    "@verdaccio/logger-commons": "workspace:6.0.0-6-next.38",
+    "pino": "8.14.1"
   },
   "devDependencies": {
     "@verdaccio/types": "workspace:11.0.0-6-next.25"

packages/middleware/CHANGELOG.md

@@ -1,5 +1,33 @@
 # @verdaccio/middleware
 
+## 6.0.0-6-next.49
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.70
+- @verdaccio/config@6.0.0-6-next.70
+- @verdaccio/url@11.0.0-6-next.36
+- @verdaccio/utils@6.0.0-6-next.38
+
+## 6.0.0-6-next.48
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+  - @verdaccio/config@6.0.0-6-next.69
+  - @verdaccio/url@11.0.0-6-next.35
+  - @verdaccio/utils@6.0.0-6-next.37
+
+## 6.0.0-6-next.47
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.68
+- @verdaccio/config@6.0.0-6-next.68
+- @verdaccio/url@11.0.0-6-next.34
+- @verdaccio/utils@6.0.0-6-next.36
+
 ## 6.0.0-6-next.46
 
 ### Patch Changes

packages/middleware/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/middleware",
-  "version": "6.0.0-6-next.46",
+  "version": "6.0.0-6-next.49",
   "description": "express middleware utils",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -38,12 +38,12 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.67",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.35",
-    "@verdaccio/config": "workspace:6.0.0-6-next.67",
-    "@verdaccio/url": "workspace:11.0.0-6-next.33",
+    "@verdaccio/core": "workspace:6.0.0-6-next.70",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.38",
+    "@verdaccio/config": "workspace:6.0.0-6-next.70",
+    "@verdaccio/url": "workspace:11.0.0-6-next.36",
     "debug": "4.3.4",
-    "lru-cache": "7.16.1",
+    "lru-cache": "7.18.3",
     "express": "4.18.2",
     "lodash": "4.17.21",
     "mime": "2.6.0",
@@ -54,8 +54,8 @@
     "url": "https://opencollective.com/verdaccio"
   },
   "devDependencies": {
-    "@verdaccio/logger": "workspace:6.0.0-6-next.35",
-    "body-parser": "1.20.1",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.38",
+    "body-parser": "1.20.2",
     "supertest": "6.3.3"
   }
 }

packages/node-api/CHANGELOG.md

@@ -1,5 +1,36 @@
 # @verdaccio/node-api
 
+## 6.0.0-6-next.70
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.38
+- @verdaccio/server@6.0.0-6-next.59
+- @verdaccio/server-fastify@6.0.0-6-next.51
+- @verdaccio/core@6.0.0-6-next.70
+- @verdaccio/config@6.0.0-6-next.70
+
+## 6.0.0-6-next.69
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+  - @verdaccio/server@6.0.0-6-next.58
+  - @verdaccio/server-fastify@6.0.0-6-next.50
+  - @verdaccio/config@6.0.0-6-next.69
+  - @verdaccio/logger@6.0.0-6-next.37
+
+## 6.0.0-6-next.68
+
+### Patch Changes
+
+- @verdaccio/server@6.0.0-6-next.57
+- @verdaccio/server-fastify@6.0.0-6-next.49
+- @verdaccio/core@6.0.0-6-next.68
+- @verdaccio/config@6.0.0-6-next.68
+- @verdaccio/logger@6.0.0-6-next.36
+
 ## 6.0.0-6-next.67
 
 ### Patch Changes

packages/node-api/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/node-api",
-  "version": "6.0.0-6-next.67",
+  "version": "6.0.0-6-next.70",
   "description": "node API",
   "main": "build/index.js",
   "types": "build/index.d.ts",
@@ -39,12 +39,12 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.67",
-    "@verdaccio/config": "workspace:6.0.0-6-next.67",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.35",
-    "@verdaccio/server": "workspace:6.0.0-6-next.56",
-    "@verdaccio/server-fastify": "workspace:6.0.0-6-next.48",
-    "core-js": "3.28.0",
+    "@verdaccio/core": "workspace:6.0.0-6-next.70",
+    "@verdaccio/config": "workspace:6.0.0-6-next.70",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.38",
+    "@verdaccio/server": "workspace:6.0.0-6-next.59",
+    "@verdaccio/server-fastify": "workspace:6.0.0-6-next.51",
+    "core-js": "3.30.2",
     "debug": "4.3.4",
     "lodash": "4.17.21"
   },

packages/plugins/audit/CHANGELOG.md

@@ -1,5 +1,27 @@
 # Change Log
 
+## 11.0.0-6-next.33
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.70
+- @verdaccio/config@6.0.0-6-next.70
+
+## 11.0.0-6-next.32
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+  - @verdaccio/config@6.0.0-6-next.69
+
+## 11.0.0-6-next.31
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.68
+- @verdaccio/config@6.0.0-6-next.68
+
 ## 11.0.0-6-next.30
 
 ### Patch Changes

packages/plugins/audit/package.json

@@ -1,6 +1,6 @@
 {
   "name": "verdaccio-audit",
-  "version": "11.0.0-6-next.30",
+  "version": "11.0.0-6-next.33",
   "description": "Verdaccio Middleware plugin to bypass npmjs audit",
   "keywords": [
     "private",
@@ -30,16 +30,16 @@
     "node": ">=12"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.67",
-    "@verdaccio/config": "workspace:6.0.0-6-next.67",
+    "@verdaccio/core": "workspace:6.0.0-6-next.70",
+    "@verdaccio/config": "workspace:6.0.0-6-next.70",
     "express": "4.18.2",
     "https-proxy-agent": "5.0.1",
     "node-fetch": "cjs"
   },
   "devDependencies": {
     "@verdaccio/types": "workspace:11.0.0-6-next.25",
-    "@verdaccio/auth": "workspace:6.0.0-6-next.46",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.35",
+    "@verdaccio/auth": "workspace:6.0.0-6-next.49",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.38",
     "nock": "13.2.9",
     "supertest": "6.3.3"
   },

packages/plugins/auth-memory/CHANGELOG.md

@@ -1,5 +1,24 @@
 # Change Log
 
+## 11.0.0-6-next.35
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.70
+
+## 11.0.0-6-next.34
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+
+## 11.0.0-6-next.33
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.68
+
 ## 11.0.0-6-next.32
 
 ### Patch Changes

packages/plugins/auth-memory/package.json

@@ -1,6 +1,6 @@
 {
   "name": "verdaccio-auth-memory",
-  "version": "11.0.0-6-next.32",
+  "version": "11.0.0-6-next.35",
   "description": "Auth plugin for Verdaccio that keeps users in memory",
   "keywords": [
     "private",
@@ -31,11 +31,12 @@
     "npm": ">=6"
   },
   "dependencies": {
-    "debug": "4.3.4",
-    "@verdaccio/core": "workspace:6.0.0-6-next.67"
+    "@verdaccio/core": "workspace:6.0.0-6-next.70",
+    "debug": "4.3.4"
   },
   "devDependencies": {
-    "@verdaccio/config": "workspace:6.0.0-6-next.67",
+    "@types/debug": "^4.1.7",
+    "@verdaccio/config": "workspace:6.0.0-6-next.70",
     "@verdaccio/types": "workspace:11.0.0-6-next.25"
   },
   "scripts": {

packages/plugins/aws-storage/package.json

@@ -32,7 +32,7 @@
   "types": "build/index.d.ts",
   "dependencies": {
     "@verdaccio/core": "workspace:6.0.0-6-next.5",
-    "aws-sdk": "2.1199.0"
+    "aws-sdk": "2.1354.0"
   },
   "devDependencies": {
     "@verdaccio/types": "workspace:11.0.0-6-next.12",

packages/plugins/htpasswd/CHANGELOG.md

@@ -1,5 +1,29 @@
 # Change Log
 
+## 11.0.0-6-next.40
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.70
+
+## 11.0.0-6-next.39
+
+### Minor Changes
+
+- c9d1af0e: feat: async bcrypt hash
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+
+## 11.0.0-6-next.38
+
+### Patch Changes
+
+- 09753cc1: fix wrong htpasswd file location
+  - @verdaccio/core@6.0.0-6-next.68
+
 ## 11.0.0-6-next.37
 
 ### Patch Changes

packages/plugins/htpasswd/package.json

@@ -1,6 +1,6 @@
 {
   "name": "verdaccio-htpasswd",
-  "version": "11.0.0-6-next.37",
+  "version": "11.0.0-6-next.40",
   "description": "htpasswd auth plugin for Verdaccio",
   "keywords": [
     "private",
@@ -34,20 +34,20 @@
     "npm": ">=6"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.67",
+    "@verdaccio/core": "workspace:6.0.0-6-next.70",
     "@verdaccio/file-locking": "workspace:11.0.0-6-next.7",
     "apache-md5": "1.1.8",
     "bcryptjs": "2.4.3",
-    "core-js": "3.28.0",
-    "http-errors": "1.8.1",
+    "core-js": "3.30.2",
+    "http-errors": "2.0.0",
     "debug": "4.3.4",
     "unix-crypt-td-js": "1.1.4"
   },
   "devDependencies": {
     "@types/bcryptjs": "2.4.2",
     "@verdaccio/types": "workspace:11.0.0-6-next.25",
-    "@verdaccio/config": "workspace:6.0.0-6-next.67",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.35",
+    "@verdaccio/config": "workspace:6.0.0-6-next.70",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.38",
     "mockdate": "3.0.5"
   },
   "scripts": {

packages/plugins/htpasswd/src/htpasswd.ts

@@ -1,13 +1,13 @@
 import buildDebug from 'debug';
 import fs from 'fs';
-import { dirname, join, resolve } from 'path';
+import { dirname, resolve } from 'path';
 
-import { pluginUtils } from '@verdaccio/core';
+import { constants, pluginUtils } from '@verdaccio/core';
 import { unlockFile } from '@verdaccio/file-locking';
 import { Callback, Logger } from '@verdaccio/types';
 
 import {
-  HtpasswdHashAlgorithm,
+  DEFAULT_BCRYPT_ROUNDS,
   HtpasswdHashConfig,
   addUserToHTPasswd,
   changePasswordToHTPasswd,
@@ -17,6 +17,8 @@ import {
   verifyPassword,
 } from './utils';
 
+type HtpasswdHashAlgorithm = constants.HtpasswdHashAlgorithm;
+
 const debug = buildDebug('verdaccio:plugin:htpasswd');
 
 export type HTPasswdConfig = {
@@ -27,7 +29,6 @@ export type HTPasswdConfig = {
   slow_verify_ms?: number;
 };
 
-export const DEFAULT_BCRYPT_ROUNDS = 10;
 export const DEFAULT_SLOW_VERIFY_MS = 200;
 
 /**
@@ -63,15 +64,19 @@ export default class HTPasswd
     let algorithm: HtpasswdHashAlgorithm;
     let rounds: number | undefined;
 
-    if (config.algorithm === undefined) {
-      algorithm = HtpasswdHashAlgorithm.bcrypt;
-    } else if (HtpasswdHashAlgorithm[config.algorithm] !== undefined) {
-      algorithm = HtpasswdHashAlgorithm[config.algorithm];
+    if (typeof config.algorithm === 'undefined') {
+      algorithm = constants.HtpasswdHashAlgorithm.bcrypt;
+    } else if (constants.HtpasswdHashAlgorithm[config.algorithm] !== undefined) {
+      algorithm = constants.HtpasswdHashAlgorithm[config.algorithm];
     } else {
-      throw new Error(`Invalid algorithm "${config.algorithm}"`);
+      this.logger.warn(
+        `The algorithm selected %s is invalid, switching to to default one "bcrypt", password validation can be affected`,
+        config.algorithm
+      );
+      algorithm = constants.HtpasswdHashAlgorithm.bcrypt;
     }
     debug(`password hash algorithm: ${algorithm}`);
-    if (algorithm === HtpasswdHashAlgorithm.bcrypt) {
+    if (algorithm === constants.HtpasswdHashAlgorithm.bcrypt) {
       rounds = config.rounds || DEFAULT_BCRYPT_ROUNDS;
     } else if (config.rounds !== undefined) {
       this.logger.warn({ algo: algorithm }, 'Option "rounds" is not valid for "@{algo}" algorithm');
@@ -90,7 +95,7 @@ export default class HTPasswd
       throw new Error('should specify "file" in config');
     }
     debug('config path: %s', options?.config?.configPath);
-    this.path = join(resolve(dirname(options?.config?.configPath ?? '')), file);
+    this.path = resolve(dirname(options?.config?.configPath), file);
     this.logger.info({ file: this.path }, 'using htpasswd file: @{file}');
     debug('htpasswd path:', this.path);
     if (config.slow_verify_ms) {
@@ -202,7 +207,7 @@ export default class HTPasswd
       }
 
       try {
-        this._writeFile(addUserToHTPasswd(body, user, password, this.hashConfig), cb);
+        this._writeFile(await addUserToHTPasswd(body, user, password, this.hashConfig), cb);
       } catch (err: any) {
         return cb(err);
       }

packages/plugins/htpasswd/src/utils.ts

@@ -3,18 +3,15 @@ import bcrypt from 'bcryptjs';
 import crypto from 'crypto';
 import createError, { HttpError } from 'http-errors';
 
-import { API_ERROR, HTTP_STATUS } from '@verdaccio/core';
+import { API_ERROR, HTTP_STATUS, constants } from '@verdaccio/core';
 import { readFile } from '@verdaccio/file-locking';
 import { Callback } from '@verdaccio/types';
 
 import crypt3 from './crypt3';
 
-export enum HtpasswdHashAlgorithm {
-  md5 = 'md5',
-  sha1 = 'sha1',
-  crypt = 'crypt',
-  bcrypt = 'bcrypt',
-}
+export const DEFAULT_BCRYPT_ROUNDS = 10;
+
+type HtpasswdHashAlgorithm = constants.HtpasswdHashAlgorithm;
 
 export interface HtpasswdHashConfig {
   algorithm: HtpasswdHashAlgorithm;
@@ -80,24 +77,24 @@ export async function verifyPassword(passwd: string, hash: string): Promise<bool
  * @param {HtpasswdHashConfig} hashConfig
  * @returns {string}
  */
-export function generateHtpasswdLine(
+export async function generateHtpasswdLine(
   user: string,
   passwd: string,
   hashConfig: HtpasswdHashConfig
-): string {
+): Promise<string> {
   let hash: string;
 
   switch (hashConfig.algorithm) {
-    case HtpasswdHashAlgorithm.bcrypt:
-      hash = bcrypt.hashSync(passwd, hashConfig.rounds);
+    case constants.HtpasswdHashAlgorithm.bcrypt:
+      hash = await bcrypt.hash(passwd, hashConfig.rounds || DEFAULT_BCRYPT_ROUNDS);
       break;
-    case HtpasswdHashAlgorithm.crypt:
+    case constants.HtpasswdHashAlgorithm.crypt:
       hash = crypt3(passwd);
       break;
-    case HtpasswdHashAlgorithm.md5:
+    case constants.HtpasswdHashAlgorithm.md5:
       hash = md5(passwd);
       break;
-    case HtpasswdHashAlgorithm.sha1:
+    case constants.HtpasswdHashAlgorithm.sha1:
       hash = '{SHA}' + crypto.createHash('sha1').update(passwd, 'utf8').digest('base64');
       break;
     default:
@@ -116,12 +113,12 @@ export function generateHtpasswdLine(
  * @param {HtpasswdHashConfig} hashConfig
  * @returns {string}
  */
-export function addUserToHTPasswd(
+export async function addUserToHTPasswd(
   body: string,
   user: string,
   passwd: string,
   hashConfig: HtpasswdHashConfig
-): string {
+): Promise<string> {
   if (user !== encodeURIComponent(user)) {
     const err = createError('username should not contain non-uri-safe characters');
 
@@ -129,7 +126,7 @@ export function addUserToHTPasswd(
     throw err;
   }
 
-  let newline = generateHtpasswdLine(user, passwd, hashConfig);
+  let newline = await generateHtpasswdLine(user, passwd, hashConfig);
 
   if (body.length && body[body.length - 1] !== '\n') {
     newline = '\n' + newline;
@@ -190,13 +187,14 @@ export async function sanityCheck(
 }
 
 /**
+ * /**
  * changePasswordToHTPasswd - change password for existing user
  * @param {string} body
  * @param {string} user
  * @param {string} passwd
  * @param {string} newPasswd
  * @param {HtpasswdHashConfig} hashConfig
- * @returns {string}
+ * @returns {Promise<string>}
  */
 export async function changePasswordToHTPasswd(
   body: string,
@@ -215,7 +213,7 @@ export async function changePasswordToHTPasswd(
   if (!passwordValid) {
     throw new Error(`Unable to change password for user '${user}': invalid old password`);
   }
-  const updatedUserLine = generateHtpasswdLine(username, newPasswd, hashConfig);
+  const updatedUserLine = await generateHtpasswdLine(username, newPasswd, hashConfig);
   lines.splice(userLineIndex, 1, updatedUserLine);
   return lines.join('\n');
 }

packages/plugins/htpasswd/tests/htpasswd.test.ts

@@ -1,26 +1,18 @@
-/* eslint-disable jest/no-mocks-import */
-// @ts-ignore: Module has no default export
 import bcrypt from 'bcryptjs';
-// @ts-ignore: Module has no default export
 import crypto from 'crypto';
-// @ts-ignore: Module has no default export
 import fs from 'fs';
 import MockDate from 'mockdate';
 import path from 'path';
 
 import { Config, parseConfigFile } from '@verdaccio/config';
-import { logger, setup } from '@verdaccio/logger';
-import { PluginOptions } from '@verdaccio/types';
+import { constants, pluginUtils } from '@verdaccio/core';
 
 import HTPasswd, { DEFAULT_SLOW_VERIFY_MS, HTPasswdConfig } from '../src/htpasswd';
-import { HtpasswdHashAlgorithm } from '../src/utils';
-
-setup();
 
 const options = {
-  logger,
+  logger: { warn: jest.fn(), info: jest.fn() },
   config: new Config(parseConfigFile(path.join(__dirname, './__fixtures__/config.yaml'))),
-} as any as PluginOptions<HTPasswdConfig>;
+} as any as pluginUtils.PluginOptions<HTPasswdConfig>;
 
 const config = {
   file: './htpasswd',
@@ -34,7 +26,8 @@ describe('HTPasswd', () => {
     wrapper = new HTPasswd(config, options);
     jest.resetModules();
     jest.clearAllMocks();
-    // @ts-ignore: Module has no default export
+
+    // @ts-ignore
     crypto.randomBytes = jest.fn(() => {
       return {
         toString: (): string => '$6',
@@ -43,7 +36,15 @@ describe('HTPasswd', () => {
   });
 
   describe('constructor()', () => {
-    const emptyPluginOptions = { config: {} } as any as PluginOptions<HTPasswdConfig>;
+    const error = jest.fn();
+    const warn = jest.fn();
+    const info = jest.fn();
+    const emptyPluginOptions = {
+      config: {
+        configPath: '',
+      },
+      logger: { warn, info, error },
+    } as any as pluginUtils.PluginOptions<HTPasswdConfig>;
 
     test('should ensure file path configuration exists', () => {
       expect(function () {
@@ -51,11 +52,14 @@ describe('HTPasswd', () => {
       }).toThrow(/should specify "file" in config/);
     });
 
-    test('should throw error about incorrect algorithm', () => {
-      expect(function () {
-        let invalidConfig = { algorithm: 'invalid', ...config } as HTPasswdConfig;
-        new HTPasswd(invalidConfig, emptyPluginOptions);
-      }).toThrow(/Invalid algorithm "invalid"/);
+    test('should switch to bcrypt if incorrect algorithm is set', () => {
+      let invalidConfig = { algorithm: 'invalid', ...config } as HTPasswdConfig;
+      new HTPasswd(invalidConfig, emptyPluginOptions);
+      expect(warn).toHaveBeenCalledWith(
+        'The algorithm selected %s is invalid, switching to to default one "bcrypt", password validation can be affected',
+        'invalid'
+      );
+      expect(info).toHaveBeenCalled();
     });
   });
 
@@ -95,21 +99,20 @@ describe('HTPasswd', () => {
     test('it should warn on slow password verification', (done) => {
       // @ts-ignore
       // eslint-disable-next-line @typescript-eslint/no-unused-vars
-      bcrypt.compare = jest.fn(async (_passwd, _hash) => {
-        await new Promise((resolve) => setTimeout(resolve, DEFAULT_SLOW_VERIFY_MS + 1));
-        return true;
+      bcrypt.compare = jest.fn((_passwd, _hash) => {
+        return new Promise((resolve) => setTimeout(resolve, DEFAULT_SLOW_VERIFY_MS + 1)).then(
+          () => true
+        );
       });
       const callback = (a, b): void => {
         expect(a).toBeNull();
         expect(b).toContain('bcrypt');
-        // TODO: figure out how to test the warning properly without mocking the logger
-        // maybe mocking pino? not sure.
-        // const mockWarn = options.logger.warn as jest.MockedFn<jest.MockableFunction>;
-        // expect(mockWarn.mock.calls.length).toBe(1);
-        // const [{ user, durationMs }, message] = mockWarn.mock.calls[0];
-        // expect(user).toEqual('bcrypt');
-        // expect(durationMs).toBeGreaterThan(DEFAULT_SLOW_VERIFY_MS);
-        // expect(message).toEqual('Password for user "@{user}" took @{durationMs}ms to verify');
+        const mockWarn = options.logger.warn as jest.MockedFn<jest.MockableFunction>;
+        expect(mockWarn.mock.calls.length).toBe(1);
+        const [{ user, durationMs }, message] = mockWarn.mock.calls[0];
+        expect(user).toEqual('bcrypt');
+        expect(durationMs).toBeGreaterThan(DEFAULT_SLOW_VERIFY_MS);
+        expect(message).toEqual('Password for user "@{user}" took @{durationMs}ms to verify');
         done();
       };
       wrapper.authenticate('bcrypt', 'password', callback);
@@ -128,7 +131,7 @@ describe('HTPasswd', () => {
     test('it should add the user', (done) => {
       let dataToWrite;
       // @ts-ignore
-      fs.writeFile = jest.fn((_name, data, callback) => {
+      fs.writeFile = jest.fn((name, data, callback) => {
         dataToWrite = data;
         callback();
       });
@@ -150,7 +153,7 @@ describe('HTPasswd', () => {
         jest.doMock('../src/utils.ts', () => {
           return {
             sanityCheck: (): Error => Error('some error'),
-            HtpasswdHashAlgorithm,
+            HtpasswdHashAlgorithm: constants.HtpasswdHashAlgorithm,
           };
         });
 
@@ -168,7 +171,7 @@ describe('HTPasswd', () => {
           return {
             sanityCheck: (): any => null,
             lockAndRead: (_a, b): any => b(new Error('lock error')),
-            HtpasswdHashAlgorithm,
+            HtpasswdHashAlgorithm: constants.HtpasswdHashAlgorithm,
           };
         });
 
@@ -188,7 +191,7 @@ describe('HTPasswd', () => {
             parseHTPasswd: (): void => {},
             lockAndRead: (_a, b): any => b(null, ''),
             unlockFile: (_a, b): any => b(),
-            HtpasswdHashAlgorithm,
+            HtpasswdHashAlgorithm: constants.HtpasswdHashAlgorithm,
           };
         });
 
@@ -202,11 +205,11 @@ describe('HTPasswd', () => {
       test('writeFile should return an Error', (done) => {
         jest.doMock('../src/utils.ts', () => {
           return {
-            sanityCheck: (): any => null,
+            sanityCheck: () => Promise.resolve(null),
             parseHTPasswd: (): void => {},
             lockAndRead: (_a, b): any => b(null, ''),
             addUserToHTPasswd: (): void => {},
-            HtpasswdHashAlgorithm,
+            HtpasswdHashAlgorithm: constants.HtpasswdHashAlgorithm,
           };
         });
         jest.doMock('fs', () => {
@@ -246,9 +249,6 @@ describe('HTPasswd', () => {
       test('reload should fails on check file', (done) => {
         jest.doMock('fs', () => {
           return {
-            readFile: (_name, callback): void => {
-              callback(new Error('stat error'), null);
-            },
             stat: (_name, callback): void => {
               callback(new Error('stat error'), null);
             },
@@ -268,9 +268,6 @@ describe('HTPasswd', () => {
       test('reload times match', (done) => {
         jest.doMock('fs', () => {
           return {
-            readFile: (_name, callback): void => {
-              callback(new Error('stat error'), null);
-            },
             stat: (_name, callback): void => {
               callback(null, {
                 mtime: null,

packages/plugins/htpasswd/tests/utils.test.ts

@@ -3,9 +3,10 @@ import crypto from 'crypto';
 import { HttpError } from 'http-errors';
 import MockDate from 'mockdate';
 
-import { DEFAULT_BCRYPT_ROUNDS } from '../src/htpasswd';
+import { constants } from '@verdaccio/core';
+
+import { DEFAULT_BCRYPT_ROUNDS } from '../src/utils';
 import {
-  HtpasswdHashAlgorithm,
   addUserToHTPasswd,
   changePasswordToHTPasswd,
   generateHtpasswdLine,
@@ -19,7 +20,7 @@ const mockReadFile = jest.fn();
 const mockUnlockFile = jest.fn();
 
 const defaultHashConfig = {
-  algorithm: HtpasswdHashAlgorithm.bcrypt,
+  algorithm: constants.HtpasswdHashAlgorithm.bcrypt,
   rounds: DEFAULT_BCRYPT_ROUNDS,
 };
 
@@ -111,51 +112,56 @@ describe('generateHtpasswdLine', () => {
 
   const [user, passwd] = ['username', 'password'];
 
-  it('should correctly generate line for md5', () => {
-    const md5Conf = { algorithm: HtpasswdHashAlgorithm.md5 };
-    expect(generateHtpasswdLine(user, passwd, md5Conf)).toMatchSnapshot();
+  it('should correctly generate line for md5', async () => {
+    const md5Conf = { algorithm: constants.HtpasswdHashAlgorithm.md5 };
+    expect(await generateHtpasswdLine(user, passwd, md5Conf)).toMatchSnapshot();
   });
 
-  it('should correctly generate line for sha1', () => {
-    const sha1Conf = { algorithm: HtpasswdHashAlgorithm.sha1 };
-    expect(generateHtpasswdLine(user, passwd, sha1Conf)).toMatchSnapshot();
+  it('should correctly generate line for sha1', async () => {
+    const sha1Conf = { algorithm: constants.HtpasswdHashAlgorithm.sha1 };
+    expect(await generateHtpasswdLine(user, passwd, sha1Conf)).toMatchSnapshot();
   });
 
-  it('should correctly generate line for crypt', () => {
-    const cryptConf = { algorithm: HtpasswdHashAlgorithm.crypt };
-    expect(generateHtpasswdLine(user, passwd, cryptConf)).toMatchSnapshot();
+  it('should correctly generate line for crypt', async () => {
+    const cryptConf = { algorithm: constants.HtpasswdHashAlgorithm.crypt };
+    expect(await generateHtpasswdLine(user, passwd, cryptConf)).toMatchSnapshot();
   });
 
-  it('should correctly generate line for bcrypt', () => {
+  it('should correctly generate line for bcrypt', async () => {
     const bcryptAlgoConfig = {
-      algorithm: HtpasswdHashAlgorithm.bcrypt,
+      algorithm: constants.HtpasswdHashAlgorithm.bcrypt,
       rounds: 2,
     };
-    expect(generateHtpasswdLine(user, passwd, bcryptAlgoConfig)).toMatchSnapshot();
+    expect(await generateHtpasswdLine(user, passwd, bcryptAlgoConfig)).toMatchSnapshot();
   });
 });
 
 describe('addUserToHTPasswd - bcrypt', () => {
   beforeAll(mockTimeAndRandomBytes);
 
-  it('should add new htpasswd to the end', () => {
+  it('should add new htpasswd to the end', async () => {
     const input = ['', 'username', 'password'];
-    expect(addUserToHTPasswd(input[0], input[1], input[2], defaultHashConfig)).toMatchSnapshot();
+    expect(
+      await addUserToHTPasswd(input[0], input[1], input[2], defaultHashConfig)
+    ).toMatchSnapshot();
   });
 
-  it('should add new htpasswd to the end in multiline input', () => {
+  it('should add new htpasswd to the end in multiline input', async () => {
     const body = `test1:$6b9MlB3WUELU:autocreated 2017-11-06T18:17:21.957Z
     test2:$6FrCaT/v0dwE:autocreated 2017-12-14T13:30:20.838Z`;
     const input = [body, 'username', 'password'];
-    expect(addUserToHTPasswd(input[0], input[1], input[2], defaultHashConfig)).toMatchSnapshot();
+    expect(
+      await addUserToHTPasswd(input[0], input[1], input[2], defaultHashConfig)
+    ).toMatchSnapshot();
   });
 
-  it('should throw an error for incorrect username with space', () => {
+  it('should throw an error for incorrect username with space', async () => {
     const [a, b, c] = ['', 'firstname lastname', 'password'];
-    expect(() => addUserToHTPasswd(a, b, c, defaultHashConfig)).toThrowErrorMatchingSnapshot();
+    await expect(
+      addUserToHTPasswd(a, b, c, defaultHashConfig)
+    ).rejects.toThrowErrorMatchingSnapshot();
   });
 });
-
 describe('lockAndRead', () => {
   it('should call the readFile method', () => {
     const cb = (): void => {};

packages/plugins/local-storage/CHANGELOG.md

@@ -1,5 +1,27 @@
 # Change Log
 
+## 11.0.0-6-next.40
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.70
+- @verdaccio/utils@6.0.0-6-next.38
+
+## 11.0.0-6-next.39
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+  - @verdaccio/utils@6.0.0-6-next.37
+
+## 11.0.0-6-next.38
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.68
+- @verdaccio/utils@6.0.0-6-next.36
+
 ## 11.0.0-6-next.37
 
 ### Patch Changes

packages/plugins/local-storage/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/local-storage",
-  "version": "11.0.0-6-next.37",
+  "version": "11.0.0-6-next.40",
   "description": "Local storage implementation",
   "keywords": [
     "private",
@@ -37,23 +37,23 @@
     "npm": ">=7"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.67",
+    "@verdaccio/core": "workspace:6.0.0-6-next.70",
     "@verdaccio/file-locking": "workspace:11.0.0-6-next.7",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.35",
-    "core-js": "3.28.0",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.38",
+    "core-js": "3.30.2",
     "debug": "4.3.4",
     "globby": "11.1.0",
     "lockfile": "1.0.4",
     "sanitize-filename": "1.6.3",
     "lodash": "4.17.21",
     "lowdb": "1.0.0",
-    "lru-cache": "7.16.1"
+    "lru-cache": "7.18.3"
   },
   "devDependencies": {
     "@types/minimatch": "3.0.5",
     "@verdaccio/types": "workspace:11.0.0-6-next.25",
-    "@verdaccio/config": "workspace:6.0.0-6-next.67",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.35",
+    "@verdaccio/config": "workspace:6.0.0-6-next.70",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.38",
     "@verdaccio/test-helper": "workspace:2.0.0-6-next.8",
     "minimatch": "3.1.2"
   },

packages/plugins/memory/CHANGELOG.md

@@ -1,5 +1,24 @@
 # Change Log
 
+## 11.0.0-6-next.37
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.70
+
+## 11.0.0-6-next.36
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+
+## 11.0.0-6-next.35
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.68
+
 ## 11.0.0-6-next.34
 
 ### Patch Changes

packages/plugins/memory/package.json

@@ -1,6 +1,6 @@
 {
   "name": "verdaccio-memory",
-  "version": "11.0.0-6-next.34",
+  "version": "11.0.0-6-next.37",
   "description": "Storage implementation in memory",
   "keywords": [
     "private",
@@ -31,15 +31,15 @@
     "npm": ">=6"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.67",
+    "@verdaccio/core": "workspace:6.0.0-6-next.70",
     "memory-fs": "0.5.0",
     "debug": "4.3.4",
-    "memfs": "3.4.12"
+    "memfs": "3.5.1"
   },
   "devDependencies": {
     "@verdaccio/types": "workspace:11.0.0-6-next.25",
-    "@verdaccio/config": "workspace:6.0.0-6-next.67",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.35"
+    "@verdaccio/config": "workspace:6.0.0-6-next.70",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.38"
   },
   "scripts": {
     "clean": "rimraf ./build",

packages/plugins/ui-theme/CHANGELOG.md

@@ -1,5 +1,19 @@
 # @verdaccio/ui-theme
 
+## 6.0.0-6-next.70
+
+## 6.0.0-6-next.69
+
+### Patch Changes
+
+- 910fc03f: fix menuKey for Khmer language
+
+## 6.0.0-6-next.68
+
+### Patch Changes
+
+- 0dafa982: fix: undefined field on missing count
+
 ## 6.0.0-6-next.67
 
 ## 6.0.0-6-next.66

packages/plugins/ui-theme/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/ui-theme",
-  "version": "6.0.0-6-next.67",
+  "version": "6.0.0-6-next.70",
   "description": "Verdaccio User Interface",
   "author": {
     "name": "Verdaccio Contributors",
@@ -13,49 +13,49 @@
   "homepage": "https://verdaccio.org",
   "main": "index.js",
   "devDependencies": {
-    "@emotion/react": "11.10.5",
-    "@emotion/styled": "11.10.5",
-    "@mui/icons-material": "5.11.9",
-    "@mui/styles": "5.11.9",
-    "@mui/material": "5.11.9",
-    "@emotion/babel-plugin": "11.10.5",
-    "@emotion/css": "11.10.5",
+    "@emotion/babel-plugin": "11.10.6",
+    "@emotion/css": "11.10.6",
     "@emotion/jest": "11.10.5",
+    "@emotion/react": "11.10.6",
+    "@emotion/styled": "11.10.6",
+    "@mui/icons-material": "5.11.16",
+    "@mui/material": "5.12.0",
+    "@mui/styles": "5.12.0",
     "@rematch/core": "2.2.0",
     "@rematch/loading": "2.1.2",
     "@rematch/persist": "2.1.2",
     "@testing-library/dom": "8.19.1",
     "@testing-library/jest-dom": "5.16.5",
     "@testing-library/react": "13.4.0",
-    "@verdaccio/node-api": "workspace:6.0.0-6-next.67",
-    "@verdaccio/ui-components": "workspace:2.0.0-6-next.8",
+    "@verdaccio/node-api": "workspace:6.0.0-6-next.70",
     "@verdaccio/types": "workspace:*",
-    "normalize.css": "8.0.1",
+    "@verdaccio/ui-components": "workspace:2.0.0-6-next.9",
     "babel-loader": "8.3.0",
     "babel-plugin-dynamic-import-node": "2.3.3",
     "country-flag-icons": "1.5.5",
     "css-loader": "6.7.3",
     "dayjs": "1.11.7",
+    "dompurify": "2.4.5",
     "friendly-errors-webpack-plugin": "1.7.0",
+    "github-markdown-css": "4.0.0",
     "harmony-reflect": "1.6.2",
+    "highlight.js": "11.7.0",
     "history": "4.10.1",
-    "html-webpack-plugin": "5.5.0",
+    "html-webpack-plugin": "5.5.1",
     "i18next": "20.6.1",
     "in-publish": "2.0.1",
     "js-base64": "3.7.3",
-    "js-yaml": "3.14.1",
+    "js-yaml": "4.1.0",
     "localstorage-memory": "1.0.3",
     "lodash": "4.17.21",
+    "marked": "4.3.0",
     "mini-css-extract-plugin": "2.7.2",
     "msw": "0.49.2",
     "mutationobserver-shim": "0.3.7",
     "node-mocks-http": "1.12.1",
+    "normalize.css": "8.0.1",
     "optimize-css-assets-webpack-plugin": "6.0.1",
     "ora": "5.4.1",
-    "dompurify": "2.4.5",
-    "highlight.js": "11.7.0",
-    "github-markdown-css": "4.0.0",
-    "marked": "4.2.12",
     "raw-loader": "4.0.2",
     "react": "18.2.0",
     "react-dom": "18.2.0",
@@ -82,7 +82,7 @@
     "terser-webpack-plugin": "5.3.6",
     "url-loader": "4.1.1",
     "validator": "13.9.0",
-    "webpack": "5.75.0",
+    "webpack": "5.82.1",
     "webpack-bundle-analyzer": "4.7.0",
     "webpack-bundle-size-analyzer": "3.1.0",
     "webpack-cli": "^4.10.0",
@@ -114,7 +114,8 @@
     "verdaccio:server": "node tools/verdaccio.js",
     "build": "pnpm clean && webpack --config tools/webpack.prod.config.babel.js",
     "build:stats": "webpack --config tools/webpack.prod.config.babel.js --json > stats.json",
-    "build:size": "webpack --config tools/webpack.prod.config.babel.js --json | webpack-bundle-size-analyzer"
+    "build:size": "webpack --config tools/webpack.prod.config.babel.js --json | webpack-bundle-size-analyzer",
+    "view-bundle": "pnpm run build:stats && webpack-bundle-analyzer stats.json"
   },
   "license": "MIT",
   "collective": {

packages/plugins/ui-theme/src/App/App.tsx

@@ -29,9 +29,11 @@ import { listLanguages } from '../i18n/enabledLanguages';
 import loadDayJSLocale from '../i18n/load-dayjs-locale';
 import AppRoute, { history } from './AppRoute';
 
-const StyledBox = styled(Box)<{ theme?: Theme }>(({ theme }) => ({
-  backgroundColor: theme?.palette.background.default,
-}));
+const StyledBox = styled(Box)<{ theme?: Theme }>(({ theme }) => {
+  return {
+    backgroundColor: theme?.palette.background.default,
+  };
+});
 
 const StyledBoxContent = styled(Box)<{ theme?: Theme }>(({ theme }) => ({
   [`@media screen and (min-width: ${theme?.breakPoints.container}px)`]: {
@@ -87,6 +89,7 @@ const App: React.FC = () => {
   useEffect(() => {
     loadDayJSLocale();
   }, []);
+
   return (
     <StrictMode>
       <TranslatorProvider i18n={i18n} listLanguages={listLanguages} onMount={loadDayJSLocale}>

packages/plugins/ui-theme/src/components/Contributors/generated_contributors_list.json

@@ -23,14 +23,14 @@
     "username": "griffithtp",
     "id": 20119184
   },
-  {
-    "username": "030",
-    "id": 7524528
-  },
   {
     "username": "DanielRuf",
     "id": 827205
   },
+  {
+    "username": "030",
+    "id": 7524528
+  },
   {
     "username": "dianmorales",
     "id": 558740
@@ -267,6 +267,10 @@
     "username": "rmkanda",
     "id": 38713281
   },
+  {
+    "username": "kuoruan",
+    "id": 8685618
+  },
   {
     "username": "wiggisser",
     "id": 3647678
@@ -399,6 +403,10 @@
     "username": "mysiar",
     "id": 13708162
   },
+  {
+    "username": "rluvaton",
+    "id": 16746759
+  },
   {
     "username": "innosatyam",
     "id": 85342175
@@ -411,10 +419,6 @@
     "username": "varijkapil13",
     "id": 8291077
   },
-  {
-    "username": "kuoruan",
-    "id": 8685618
-  },
   {
     "username": "Jinshichi",
     "id": 8655722
@@ -887,10 +891,6 @@
     "username": "rbpinheiro",
     "id": 1257483
   },
-  {
-    "username": "rluvaton",
-    "id": 16746759
-  },
   {
     "username": "r3wald",
     "id": 190202

packages/plugins/ui-theme/src/components/Support/Support.tsx

@@ -12,12 +12,12 @@ const title = 'Support people affected by the war in Ukraine';
 
 const links = [
   {
-    href: 'https://twitter.com/denysdovhan/status/1501486563842211843',
-    text: 'Listen OSS developers about the war on Twitter',
+    href: 'https://www.youtube.com/watch?v=LeG09zu_p_g',
+    text: 'Ask Ukrainian open-source developers about war — Twitter Space',
   },
   {
     href: 'https://snyk.io/blog/celebrating-amazing-open-source-innovation-ukraine/',
-    text: 'Learn more about Open Source developers in Ukraine',
+    text: 'Snyk blog - Learn more about Open Source developers in Ukraine',
   },
   {
     href: 'https://www.savethechildren.org/us/where-we-work/ukraine/',

packages/plugins/ui-theme/src/i18n/config.ts

@@ -29,7 +29,6 @@ i18n
     whitelist: [...listLanguagesAsString],
     load: 'currentOnly',
     react: {
-      wait: true,
       useSuspense: false,
     },
     resources: languages,

packages/plugins/ui-theme/src/i18n/enabledLanguages.ts

@@ -21,7 +21,7 @@ export const listLanguages: LanguageConfiguration[] = [
   { lng: 'ru-RU', icon: Flags.RU, menuKey: 'lng.russian' },
   { lng: 'tr-TR', icon: Flags.TR, menuKey: 'lng.turkish' },
   { lng: 'uk-UA', icon: Flags.UA, menuKey: 'lng.ukraine' },
-  { lng: 'km-KH', icon: Flags.KH, menuKey: 'lng.khme' },
+  { lng: 'km-KH', icon: Flags.KH, menuKey: 'lng.khmer' },
   { lng: 'zh-CN', icon: Flags.CN, menuKey: 'lng.chinese' },
   { lng: 'zh-TW', icon: Flags.TW, menuKey: 'lng.chineseTraditional' },
 ];

packages/plugins/ui-theme/tools/verdaccio.js

@@ -8,7 +8,7 @@ const storageLocation = path.join(__dirname, '../partials/storage');
 const pluginsLocation = path.join(__dirname, '../partials/plugins');
 const configJsonFormat = Object.assign(
   {},
-  yaml.safeLoad(fs.readFileSync('./tools/_verdaccio.config.yaml', 'utf8')),
+  yaml.load(fs.readFileSync('./tools/_verdaccio.config.yaml', 'utf8')),
   {
     storage: storageLocation,
     plugins: pluginsLocation,

packages/plugins/ui-theme/tools/webpack.config.js

@@ -47,11 +47,6 @@ module.exports = {
 
   module: {
     rules: [
-      {
-        test: /\.jsx?$/,
-        exclude: /node_modules/,
-        use: 'babel-loader',
-      },
       {
         test: /\.m?js/,
         resolve: {
@@ -70,7 +65,6 @@ module.exports = {
         test: /\.md$/,
         use: 'raw-loader',
       },
-      /* Typescript loader */
       {
         test: /\.tsx?$/,
         use: 'babel-loader',

packages/plugins/ui-theme/tools/webpack.dev.config.babel.js

@@ -9,7 +9,7 @@ import env from '../config/env';
 import getPackageJson from './getPackageJson';
 import baseConfig from './webpack.config';
 
-const configJsonFormat = yaml.safeLoad(fs.readFileSync('./tools/_verdaccio.config.yaml', 'utf8'));
+const configJsonFormat = yaml.load(fs.readFileSync('./tools/_verdaccio.config.yaml', 'utf8'));
 export default {
   ...baseConfig,
   mode: 'development',

packages/proxy/CHANGELOG.md

@@ -1,5 +1,36 @@
 # @verdaccio/proxy
 
+## 6.0.0-6-next.48
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.38
+- @verdaccio/local-storage@11.0.0-6-next.40
+- @verdaccio/core@6.0.0-6-next.70
+- @verdaccio/config@6.0.0-6-next.70
+- @verdaccio/utils@6.0.0-6-next.38
+
+## 6.0.0-6-next.47
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+  - @verdaccio/config@6.0.0-6-next.69
+  - @verdaccio/local-storage@11.0.0-6-next.39
+  - @verdaccio/utils@6.0.0-6-next.37
+  - @verdaccio/logger@6.0.0-6-next.37
+
+## 6.0.0-6-next.46
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.68
+- @verdaccio/config@6.0.0-6-next.68
+- @verdaccio/local-storage@11.0.0-6-next.38
+- @verdaccio/utils@6.0.0-6-next.36
+- @verdaccio/logger@6.0.0-6-next.36
+
 ## 6.0.0-6-next.45
 
 ### Patch Changes

packages/proxy/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/proxy",
-  "version": "6.0.0-6-next.45",
+  "version": "6.0.0-6-next.48",
   "description": "verdaccio proxy fetcher",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -39,11 +39,11 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/config": "workspace:6.0.0-6-next.67",
-    "@verdaccio/core": "workspace:6.0.0-6-next.67",
-    "@verdaccio/local-storage": "workspace:11.0.0-6-next.37",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.35",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.35",
+    "@verdaccio/config": "workspace:6.0.0-6-next.70",
+    "@verdaccio/core": "workspace:6.0.0-6-next.70",
+    "@verdaccio/local-storage": "workspace:11.0.0-6-next.40",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.38",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.38",
     "JSONStream": "1.3.5",
     "debug": "4.3.4",
     "lodash": "4.17.21",
@@ -58,7 +58,7 @@
     "get-stream": "^6.0.1",
     "nock": "13.2.9",
     "node-mocks-http": "1.12.1",
-    "semver": "7.3.8"
+    "semver": "7.5.0"
   },
   "funding": {
     "type": "opencollective",

packages/search/.babelrc

@@ -0,0 +1,3 @@
+{
+  "extends": "../../.babelrc"
+}

packages/search/CHANGELOG.md

@@ -0,0 +1,735 @@
+# @verdaccio/proxy
+
+## 6.0.0-6-next.2
+
+### Minor Changes
+
+- 15e58d98: feat: add search package utilities
+
+## 6.0.0-6-next.46
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.68
+- @verdaccio/config@6.0.0-6-next.68
+- @verdaccio/local-storage@11.0.0-6-next.38
+- @verdaccio/utils@6.0.0-6-next.36
+- @verdaccio/logger@6.0.0-6-next.36
+
+## 6.0.0-6-next.45
+
+### Patch Changes
+
+- Updated dependencies [16e38df8]
+  - @verdaccio/config@6.0.0-6-next.67
+  - @verdaccio/core@6.0.0-6-next.67
+  - @verdaccio/local-storage@11.0.0-6-next.37
+  - @verdaccio/utils@6.0.0-6-next.35
+  - @verdaccio/logger@6.0.0-6-next.35
+
+## 6.0.0-6-next.44
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.66
+- @verdaccio/logger@6.0.0-6-next.34
+- @verdaccio/local-storage@11.0.0-6-next.36
+- @verdaccio/config@6.0.0-6-next.66
+- @verdaccio/utils@6.0.0-6-next.34
+
+## 6.0.0-6-next.43
+
+### Patch Changes
+
+- Updated dependencies [a1da1130]
+  - @verdaccio/core@6.0.0-6-next.65
+  - @verdaccio/config@6.0.0-6-next.65
+  - @verdaccio/local-storage@11.0.0-6-next.35
+  - @verdaccio/utils@6.0.0-6-next.33
+  - @verdaccio/logger@6.0.0-6-next.33
+
+## 6.0.0-6-next.42
+
+### Patch Changes
+
+- Updated dependencies [974cd8c1]
+  - @verdaccio/core@6.0.0-6-next.64
+  - @verdaccio/config@6.0.0-6-next.64
+  - @verdaccio/local-storage@11.0.0-6-next.34
+  - @verdaccio/utils@6.0.0-6-next.32
+  - @verdaccio/logger@6.0.0-6-next.32
+
+## 6.0.0-6-next.41
+
+### Patch Changes
+
+- Updated dependencies [ddb6a223]
+- Updated dependencies [dc571aab]
+  - @verdaccio/config@6.0.0-6-next.63
+  - @verdaccio/core@6.0.0-6-next.63
+  - @verdaccio/local-storage@11.0.0-6-next.33
+  - @verdaccio/utils@6.0.0-6-next.31
+  - @verdaccio/logger@6.0.0-6-next.31
+
+## 6.0.0-6-next.40
+
+### Patch Changes
+
+- Updated dependencies [378e907d]
+  - @verdaccio/core@6.0.0-6-next.62
+  - @verdaccio/logger@6.0.0-6-next.30
+  - @verdaccio/local-storage@11.0.0-6-next.32
+  - @verdaccio/config@6.0.0-6-next.62
+  - @verdaccio/utils@6.0.0-6-next.30
+
+## 6.0.0-6-next.39
+
+### Patch Changes
+
+- Updated dependencies [d167f92e]
+  - @verdaccio/config@6.0.0-6-next.61
+  - @verdaccio/local-storage@11.0.0-6-next.31
+  - @verdaccio/core@6.0.0-6-next.61
+  - @verdaccio/utils@6.0.0-6-next.29
+  - @verdaccio/logger@6.0.0-6-next.29
+
+## 6.0.0-6-next.38
+
+### Minor Changes
+
+- 45c03819: refactor: render html middleware
+
+### Patch Changes
+
+- Updated dependencies [45c03819]
+  - @verdaccio/config@6.0.0-6-next.60
+  - @verdaccio/local-storage@11.0.0-6-next.30
+  - @verdaccio/core@6.0.0-6-next.60
+  - @verdaccio/logger@6.0.0-6-next.28
+  - @verdaccio/utils@6.0.0-6-next.28
+
+## 6.0.0-6-next.37
+
+### Patch Changes
+
+- Updated dependencies [65f88b82]
+  - @verdaccio/logger@6.0.0-6-next.27
+  - @verdaccio/local-storage@11.0.0-6-next.29
+  - @verdaccio/core@6.0.0-6-next.59
+  - @verdaccio/config@6.0.0-6-next.59
+  - @verdaccio/utils@6.0.0-6-next.27
+
+## 6.0.0-6-next.36
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.58
+- @verdaccio/config@6.0.0-6-next.58
+- @verdaccio/local-storage@11.0.0-6-next.28
+- @verdaccio/utils@6.0.0-6-next.26
+- @verdaccio/logger@6.0.0-6-next.26
+
+## 6.0.0-6-next.35
+
+### Patch Changes
+
+- @verdaccio/local-storage@11.0.0-6-next.27
+- @verdaccio/core@6.0.0-6-next.57
+- @verdaccio/config@6.0.0-6-next.57
+- @verdaccio/logger@6.0.0-6-next.25
+- @verdaccio/utils@6.0.0-6-next.25
+
+## 6.0.0-6-next.34
+
+### Patch Changes
+
+- Updated dependencies [a1986e09]
+  - @verdaccio/utils@6.0.0-6-next.24
+  - @verdaccio/config@6.0.0-6-next.56
+  - @verdaccio/local-storage@11.0.0-6-next.26
+  - @verdaccio/core@6.0.0-6-next.56
+  - @verdaccio/logger@6.0.0-6-next.24
+
+## 6.0.0-6-next.33
+
+### Patch Changes
+
+- Updated dependencies [9718e033]
+  - @verdaccio/config@6.0.0-6-next.55
+  - @verdaccio/core@6.0.0-6-next.55
+  - @verdaccio/utils@6.0.0-6-next.23
+  - @verdaccio/local-storage@11.0.0-6-next.25
+  - @verdaccio/logger@6.0.0-6-next.23
+
+## 6.0.0-6-next.32
+
+### Patch Changes
+
+- Updated dependencies [ef88da3b]
+  - @verdaccio/config@6.0.0-6-next.54
+  - @verdaccio/core@6.0.0-6-next.54
+  - @verdaccio/logger@6.0.0-6-next.22
+  - @verdaccio/local-storage@11.0.0-6-next.24
+  - @verdaccio/utils@6.0.0-6-next.22
+
+## 6.0.0-6-next.31
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.53
+- @verdaccio/logger@6.0.0-6-next.21
+- @verdaccio/local-storage@11.0.0-6-next.23
+- @verdaccio/config@6.0.0-6-next.53
+- @verdaccio/utils@6.0.0-6-next.21
+
+## 6.0.0-6-next.30
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.52
+- @verdaccio/config@6.0.0-6-next.52
+- @verdaccio/logger@6.0.0-6-next.20
+- @verdaccio/local-storage@11.0.0-6-next.22
+- @verdaccio/utils@6.0.0-6-next.20
+
+## 6.0.0-6-next.29
+
+### Patch Changes
+
+- Updated dependencies [4b29d715]
+  - @verdaccio/config@6.0.0-6-next.51
+  - @verdaccio/core@6.0.0-6-next.51
+  - @verdaccio/local-storage@11.0.0-6-next.21
+  - @verdaccio/logger@6.0.0-6-next.19
+  - @verdaccio/utils@6.0.0-6-next.19
+
+## 6.0.0-6-next.28
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.50
+- @verdaccio/config@6.0.0-6-next.50
+- @verdaccio/logger@6.0.0-6-next.18
+- @verdaccio/local-storage@11.0.0-6-next.20
+- @verdaccio/utils@6.0.0-6-next.18
+
+## 6.0.0-6-next.27
+
+### Patch Changes
+
+- @verdaccio/local-storage@11.0.0-6-next.19
+- @verdaccio/core@6.0.0-6-next.49
+- @verdaccio/config@6.0.0-6-next.49
+- @verdaccio/logger@6.0.0-6-next.17
+- @verdaccio/utils@6.0.0-6-next.17
+
+## 6.0.0-6-next.26
+
+### Patch Changes
+
+- Updated dependencies [43f32687]
+- Updated dependencies [9fc2e796]
+- Updated dependencies [62c24b63]
+  - @verdaccio/core@6.0.0-6-next.48
+  - @verdaccio/config@6.0.0-6-next.48
+  - @verdaccio/local-storage@11.0.0-6-next.18
+  - @verdaccio/utils@6.0.0-6-next.16
+  - @verdaccio/logger@6.0.0-6-next.16
+
+## 6.0.0-6-next.25
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.47
+- @verdaccio/config@6.0.0-6-next.47
+- @verdaccio/logger@6.0.0-6-next.15
+- @verdaccio/local-storage@11.0.0-6-next.17
+- @verdaccio/utils@6.0.0-6-next.15
+
+## 6.0.0-6-next.24
+
+### Patch Changes
+
+- Updated dependencies [b849128d]
+  - @verdaccio/core@6.0.0-6-next.8
+  - @verdaccio/config@6.0.0-6-next.17
+  - @verdaccio/logger@6.0.0-6-next.14
+  - @verdaccio/local-storage@11.0.0-6-next.16
+  - @verdaccio/utils@6.0.0-6-next.14
+
+## 6.0.0-6-next.23
+
+### Patch Changes
+
+- 351aeeaa: fix(deps): @verdaccio/utils should be a prod dep of local-storage
+- Updated dependencies [351aeeaa]
+  - @verdaccio/core@6.0.0-6-next.7
+  - @verdaccio/logger@6.0.0-6-next.13
+  - @verdaccio/local-storage@11.0.0-6-next.15
+  - @verdaccio/config@6.0.0-6-next.16
+  - @verdaccio/utils@6.0.0-6-next.13
+
+## 6.0.0-6-next.22
+
+### Patch Changes
+
+- Updated dependencies [37274e4c]
+  - @verdaccio/local-storage@11.0.0-6-next.14
+  - @verdaccio/core@6.0.0-6-next.6
+  - @verdaccio/logger@6.0.0-6-next.12
+
+## 6.0.0-6-next.21
+
+### Major Changes
+
+- 292c0a37: feat!: replace deprecated request dependency by got
+
+  This is a big refactoring of the core, fetching dependencies, improve code, more tests and better stability. This is essential for the next release, will take some time but would allow modularize more the core.
+
+  ## Notes
+
+  - Remove deprecated `request` by other `got`, retry improved, custom Agent ( got does not include it built-in)
+  - Remove `async` dependency from storage (used by core) it was linked with proxy somehow safe to remove now
+  - Refactor with promises instead callback wherever is possible
+  - ~Document the API~
+  - Improve testing, integration tests
+  - Bugfix
+  - Clean up old validations
+  - Improve performance
+
+  ## 💥 Breaking changes
+
+  - Plugin API methods were callbacks based are returning promises, this will break current storage plugins, check documentation for upgrade.
+  - Write Tarball, Read Tarball methods parameters change, a new set of options like `AbortController` signals are being provided to the `addAbortSignal` can be internally used with Streams when a request is aborted. eg: `addAbortSignal(signal, fs.createReadStream(pathName));`
+  - `@verdaccio/streams` stream abort support is legacy is being deprecated removed
+  - Remove AWS and Google Cloud packages for future refactoring [#2574](https://github.com/verdaccio/verdaccio/pull/2574).
+
+### Patch Changes
+
+- Updated dependencies [292c0a37]
+- Updated dependencies [a3a209b5]
+- Updated dependencies [00d1d2a1]
+  - @verdaccio/config@6.0.0-6-next.15
+  - @verdaccio/core@6.0.0-6-next.6
+  - @verdaccio/logger@6.0.0-6-next.12
+  - @verdaccio/local-storage@11.0.0-6-next.13
+  - @verdaccio/utils@6.0.0-6-next.12
+
+## 6.0.0-6-next.20
+
+### Patch Changes
+
+- Updated dependencies [d43894e8]
+- Updated dependencies [d08fe29d]
+  - @verdaccio/config@6.0.0-6-next.14
+  - @verdaccio/local-storage@11.0.0-6-next.12
+  - @verdaccio/core@6.0.0-6-next.5
+  - @verdaccio/streams@11.0.0-6-next.5
+  - @verdaccio/logger@6.0.0-6-next.11
+
+## 6.0.0-6-next.19
+
+### Major Changes
+
+- 82cb0f2b: feat!: config.logs throw an error, logging config not longer accept array or logs property
+
+  ### 💥 Breaking change
+
+  This is valid
+
+  ```yaml
+  log: { type: stdout, format: pretty, level: http }
+  ```
+
+  This is invalid
+
+  ```yaml
+  logs: { type: stdout, format: pretty, level: http }
+  ```
+
+  or
+
+  ```yaml
+  logs:
+    - [{ type: stdout, format: pretty, level: http }]
+  ```
+
+### Minor Changes
+
+- 5167bb52: feat: ui search support for remote, local and private packages
+
+  The command `npm search` search globally and return all matches, with this improvement the user interface
+  is powered with the same capabilities.
+
+  The UI also tag where is the origin the package with a tag, also provide the latest version and description of the package.
+
+### Patch Changes
+
+- Updated dependencies [82cb0f2b]
+- Updated dependencies [5167bb52]
+  - @verdaccio/config@6.0.0-6-next.13
+  - @verdaccio/core@6.0.0-6-next.5
+  - @verdaccio/logger@6.0.0-6-next.11
+  - @verdaccio/local-storage@11.0.0-6-next.12
+  - @verdaccio/utils@6.0.0-6-next.11
+  - @verdaccio/streams@11.0.0-6-next.5
+
+## 6.0.0-6-next.18
+
+### Patch Changes
+
+- Updated dependencies [b78f3525]
+  - @verdaccio/logger@6.0.0-6-next.10
+
+## 6.0.0-6-next.17
+
+### Patch Changes
+
+- Updated dependencies [730b5d8c]
+  - @verdaccio/logger@6.0.0-6-next.9
+
+## 6.0.0-6-next.16
+
+### Patch Changes
+
+- Updated dependencies [a828271d]
+- Updated dependencies [24b9be02]
+- Updated dependencies [e75c0a3b]
+- Updated dependencies [b13a3fef]
+  - @verdaccio/local-storage@11.0.0-6-next.11
+  - @verdaccio/utils@6.0.0-6-next.10
+  - @verdaccio/core@6.0.0-6-next.4
+  - @verdaccio/logger@6.0.0-6-next.8
+  - @verdaccio/config@6.0.0-6-next.12
+  - @verdaccio/streams@11.0.0-6-next.5
+
+## 6.0.0-6-next.15
+
+### Patch Changes
+
+- Updated dependencies [f86c31ed]
+  - @verdaccio/utils@6.0.0-6-next.9
+  - @verdaccio/config@6.0.0-6-next.11
+  - @verdaccio/local-storage@11.0.0-6-next.10
+
+## 6.0.0-6-next.14
+
+### Patch Changes
+
+- Updated dependencies [6c1eb021]
+  - @verdaccio/core@6.0.0-6-next.3
+  - @verdaccio/logger@6.0.0-6-next.7
+  - @verdaccio/config@6.0.0-6-next.10
+  - @verdaccio/local-storage@11.0.0-6-next.10
+  - @verdaccio/utils@6.0.0-6-next.8
+
+## 6.0.0-6-next.13
+
+### Minor Changes
+
+- b702ea36: abort search request support for proxy
+- 154b2ecd: refactor: remove @verdaccio/commons-api in favor @verdaccio/core and remove duplications
+
+### Patch Changes
+
+- Updated dependencies [794af76c]
+- Updated dependencies [154b2ecd]
+  - @verdaccio/config@6.0.0-6-next.9
+  - @verdaccio/core@6.0.0-6-next.2
+  - @verdaccio/streams@11.0.0-6-next.5
+  - @verdaccio/logger@6.0.0-6-next.6
+  - @verdaccio/utils@6.0.0-6-next.7
+  - @verdaccio/local-storage@11.0.0-6-next.9
+
+## 6.0.0-6-next.12
+
+### Patch Changes
+
+- Updated dependencies [2c594910]
+  - @verdaccio/logger@6.0.0-6-next.5
+
+## 6.0.0-6-next.11
+
+### Major Changes
+
+- 459b6fa7: refactor: search v1 endpoint and local-database
+
+  - refactor search `api v1` endpoint, improve performance
+  - remove usage of `async` dependency https://github.com/verdaccio/verdaccio/issues/1225
+  - refactor method storage class
+  - create new module `core` to reduce the ammount of modules with utilities
+  - use `undici` instead `node-fetch`
+  - use `fastify` instead `express` for functional test
+
+  ### Breaking changes
+
+  - plugin storage API changes
+  - remove old search endpoint (return 404)
+  - filter local private packages at plugin level
+
+  The storage api changes for methods `get`, `add`, `remove` as promise base. The `search` methods also changes and recieves a `query` object that contains all query params from the client.
+
+  ```ts
+  export interface IPluginStorage<T> extends IPlugin {
+    add(name: string): Promise<void>;
+    remove(name: string): Promise<void>;
+    get(): Promise<any>;
+    init(): Promise<void>;
+    getSecret(): Promise<string>;
+    setSecret(secret: string): Promise<any>;
+    getPackageStorage(packageInfo: string): IPackageStorage;
+    search(query: searchUtils.SearchQuery): Promise<searchUtils.SearchItem[]>;
+    saveToken(token: Token): Promise<any>;
+    deleteToken(user: string, tokenKey: string): Promise<any>;
+    readTokens(filter: TokenFilter): Promise<Token[]>;
+  }
+  ```
+
+### Patch Changes
+
+- Updated dependencies [459b6fa7]
+  - @verdaccio/config@6.0.0-6-next.8
+  - @verdaccio/commons-api@11.0.0-6-next.4
+  - @verdaccio/core@6.0.0-6-next.1
+  - @verdaccio/local-storage@11.0.0-6-next.8
+  - @verdaccio/streams@11.0.0-6-next.4
+  - @verdaccio/utils@6.0.0-6-next.6
+  - @verdaccio/logger@6.0.0-6-next.4
+
+## 6.0.0-6-next.10
+
+### Patch Changes
+
+- Updated dependencies [df0da3d6]
+  - @verdaccio/local-storage@11.0.0-6-next.7
+
+## 6.0.0-6-next.9
+
+### Patch Changes
+
+- Updated dependencies [d2c65da9]
+  - @verdaccio/utils@6.0.0-6-next.5
+  - @verdaccio/config@6.0.0-6-next.7
+
+## 6.0.0-6-next.8
+
+### Patch Changes
+
+- Updated dependencies [1b217fd3]
+  - @verdaccio/config@6.0.0-6-next.6
+  - @verdaccio/local-storage@11.0.0-6-next.6
+
+## 6.0.0-6-next.7
+
+### Patch Changes
+
+- Updated dependencies [1810ed0d]
+- Updated dependencies [648575aa]
+  - @verdaccio/config@6.0.0-6-next.5
+  - @verdaccio/utils@6.0.0-6-next.4
+
+## 6.0.0-6-next.6
+
+### Patch Changes
+
+- Updated dependencies [5c5057fc]
+  - @verdaccio/config@6.0.0-6-next.4
+  - @verdaccio/logger@6.0.0-6-next.4
+  - @verdaccio/local-storage@11.0.0-6-next.5
+  - @verdaccio/streams@11.0.0-alpha.3
+
+## 6.0.0-6-next.5
+
+### Patch Changes
+
+- Updated dependencies [cb2281a5]
+  - @verdaccio/local-storage@11.0.0-6-next.5
+
+## 5.0.0-alpha.4
+
+### Patch Changes
+
+- fecbb9be: chore: add release step to private regisry on merge changeset pr
+- Updated dependencies [fecbb9be]
+  - @verdaccio/local-storage@10.0.0-alpha.4
+  - @verdaccio/config@5.0.0-alpha.3
+  - @verdaccio/commons-api@10.0.0-alpha.3
+  - @verdaccio/streams@10.0.0-alpha.3
+  - @verdaccio/logger@5.0.0-alpha.3
+  - @verdaccio/utils@5.0.0-alpha.3
+
+## 5.0.0-alpha.3
+
+### Minor Changes
+
+- 54c58d1e: feat: add server rate limit protection to all request
+
+  To modify custom values, use the server settings property.
+
+  ```markdown
+  server:
+
+  ## https://www.npmjs.com/package/express-rate-limit#configuration-options
+
+  rateLimit:
+  windowMs: 1000
+  max: 10000
+  ```
+
+  The values are intended to be high, if you want to improve security of your server consider
+  using different values.
+
+### Patch Changes
+
+- Updated dependencies [54c58d1e]
+  - @verdaccio/config@5.0.0-alpha.2
+  - @verdaccio/commons-api@10.0.0-alpha.2
+  - @verdaccio/local-storage@10.0.0-alpha.3
+  - @verdaccio/streams@10.0.0-alpha.2
+  - @verdaccio/logger@5.0.0-alpha.2
+  - @verdaccio/utils@5.0.0-alpha.2
+
+## 5.0.0-alpha.2
+
+### Patch Changes
+
+- Updated dependencies [2a327c4b]
+  - @verdaccio/local-storage@10.0.0-alpha.2
+
+## 5.0.0-alpha.1
+
+### Major Changes
+
+- d87fa026: feat!: experiments config renamed to flags
+
+  - The `experiments` configuration is renamed to `flags`. The functionality is exactly the same.
+
+  ```js
+  flags: token: false;
+  search: false;
+  ```
+
+  - The `self_path` property from the config file is being removed in favor of `config_file` full path.
+  - Refactor `config` module, better types and utilities
+
+- da1ee9c8: - Replace signature handler for legacy tokens by removing deprecated crypto.createDecipher by createCipheriv
+
+  - Introduce environment variables for legacy tokens
+
+  ### Code Improvements
+
+  - Add debug library for improve developer experience
+
+  ### Breaking change
+
+  - The new signature invalidates all previous tokens generated by Verdaccio 4 or previous versions.
+  - The secret key must have 32 characters long.
+
+  ### New environment variables
+
+  - `VERDACCIO_LEGACY_ALGORITHM`: Allows to define the specific algorithm for the token signature which by default is `aes-256-ctr`
+  - `VERDACCIO_LEGACY_ENCRYPTION_KEY`: By default, the token stores in the database, but using this variable allows to get it from memory
+
+### Minor Changes
+
+- 26b494cb: feat: add typescript project references settings
+
+  Reading https://ebaytech.berlin/optimizing-multi-package-apps-with-typescript-project-references-d5c57a3b4440 I realized I can use project references to solve the issue to pre-compile modules on develop mode.
+
+  It allows to navigate (IDE) trough the packages without need compile the packages.
+
+  Add two `tsconfig`, one using the previous existing configuration that is able to produce declaration files (`tsconfig.build`) and a new one `tsconfig` which is enables [_projects references_](https://www.typescriptlang.org/docs/handbook/project-references.html).
+
+### Patch Changes
+
+- ae52ba35: refactor: migrate request to node-fetch at hooks package
+- b57b4338: Enable prerelease mode with **changesets**
+- 31af0164: ESLint Warnings Fixed
+
+  Related to issue #1461
+
+  - max-len: most of the sensible max-len errors are fixed
+  - no-unused-vars: most of these types of errors are fixed by deleting not needed declarations
+  - @typescript-eslint/no-unused-vars: same as above
+
+- Updated dependencies [d87fa026]
+- Updated dependencies [da1ee9c8]
+- Updated dependencies [26b494cb]
+- Updated dependencies [b57b4338]
+- Updated dependencies [add778d5]
+- Updated dependencies [31af0164]
+  - @verdaccio/config@5.0.0-alpha.1
+  - @verdaccio/commons-api@10.0.0-alpha.1
+  - @verdaccio/local-storage@10.0.0-alpha.1
+  - @verdaccio/streams@10.0.0-alpha.1
+  - @verdaccio/logger@5.0.0-alpha.1
+  - @verdaccio/utils@5.0.0-alpha.1
+
+## 5.0.0-alpha.1
+
+### Major Changes
+
+- d87fa0268: feat!: experiments config renamed to flags
+
+  - The `experiments` configuration is renamed to `flags`. The functionality is exactly the same.
+
+  ```js
+  flags: token: false;
+  search: false;
+  ```
+
+  - The `self_path` property from the config file is being removed in favor of `config_file` full path.
+  - Refactor `config` module, better types and utilities
+
+- da1ee9c82: - Replace signature handler for legacy tokens by removing deprecated crypto.createDecipher by createCipheriv
+
+  - Introduce environment variables for legacy tokens
+
+  ### Code Improvements
+
+  - Add debug library for improve developer experience
+
+  ### Breaking change
+
+  - The new signature invalidates all previous tokens generated by Verdaccio 4 or previous versions.
+  - The secret key must have 32 characters long.
+
+  ### New environment variables
+
+  - `VERDACCIO_LEGACY_ALGORITHM`: Allows to define the specific algorithm for the token signature which by default is `aes-256-ctr`
+  - `VERDACCIO_LEGACY_ENCRYPTION_KEY`: By default, the token stores in the database, but using this variable allows to get it from memory
+
+### Minor Changes
+
+- 26b494cbd: feat: add typescript project references settings
+
+  Reading https://ebaytech.berlin/optimizing-multi-package-apps-with-typescript-project-references-d5c57a3b4440 I realized I can use project references to solve the issue to pre-compile modules on develop mode.
+
+  It allows to navigate (IDE) trough the packages without need compile the packages.
+
+  Add two `tsconfig`, one using the previous existing configuration that is able to produce declaration files (`tsconfig.build`) and a new one `tsconfig` which is enables [_projects references_](https://www.typescriptlang.org/docs/handbook/project-references.html).
+
+### Patch Changes
+
+- ae52ba352: refactor: migrate request to node-fetch at hooks package
+- b57b43388: Enable prerelease mode with **changesets**
+- 31af01641: ESLint Warnings Fixed
+
+  Related to issue #1461
+
+  - max-len: most of the sensible max-len errors are fixed
+  - no-unused-vars: most of these types of errors are fixed by deleting not needed declarations
+  - @typescript-eslint/no-unused-vars: same as above
+
+- Updated dependencies [d87fa0268]
+- Updated dependencies [da1ee9c82]
+- Updated dependencies [26b494cbd]
+- Updated dependencies [b57b43388]
+- Updated dependencies [add778d55]
+- Updated dependencies [31af01641]
+  - @verdaccio/config@5.0.0-alpha.1
+  - @verdaccio/commons-api@10.0.0-alpha.0
+  - @verdaccio/local-storage@10.0.0-alpha.0
+  - @verdaccio/streams@10.0.0-alpha.0
+  - @verdaccio/logger@5.0.0-alpha.1
+  - @verdaccio/utils@5.0.0-alpha.1

packages/search/README.md

@@ -0,0 +1,29 @@
+# @verdaccio/search
+
+Search utilities
+
+```bash
+npm install @verdaccio/search
+```
+
+[![backers](https://opencollective.com/verdaccio/tiers/backer/badge.svg?label=Backer&color=brightgreen)](https://opencollective.com/verdaccio)
+[![stackshare](https://img.shields.io/badge/Follow%20on-StackShare-blue.svg?logo=stackshare&style=flat)](https://stackshare.io/verdaccio)
+[![MIT](https://img.shields.io/github/license/mashape/apistatus.svg)](https://github.com/verdaccio/verdaccio/blob/master/LICENSE)
+[![Crowdin](https://d322cqt584bo4o.cloudfront.net/verdaccio/localized.svg)](https://crowdin.com/project/verdaccio)
+[![TODOs](https://badgen.net/https/api.tickgit.com/badgen/github.com/verdaccio/verdaccio)](https://www.tickgit.com/browse?repo=github.com/verdaccio/verdaccio)
+
+[![Twitter followers](https://img.shields.io/twitter/follow/verdaccio_npm.svg?style=social&label=Follow)](https://twitter.com/verdaccio_npm)
+[![Github](https://img.shields.io/github/stars/verdaccio/verdaccio.svg?style=social&label=Stars)](https://github.com/verdaccio/verdaccio/stargazers)
+
+## Donations
+
+Verdaccio is run by **volunteers**; nobody is working full-time on it. If you find this project to be useful and would like to support its development, consider making a donation - **your logo might end up in this readme.** 😉
+
+**[Donate](https://opencollective.com/verdaccio)** 💵👍🏻 starting from _\$1/month_ or just one single contribution.
+
+### License
+
+Verdaccio is [MIT licensed](https://github.com/verdaccio/verdaccio/blob/master/LICENSE)
+
+The Verdaccio documentation and logos (excluding /thanks, e.g., .md, .png, .sketch) files within the /assets folder) is
+[Creative Commons licensed](https://github.com/verdaccio/verdaccio/blob/master/LICENSE-docs).

packages/search/jest.config.js

@@ -0,0 +1,12 @@
+const config = require('../../jest/config');
+
+module.exports = Object.assign({}, config, {
+  coverageThreshold: {
+    global: {
+      branches: 79,
+      functions: 94,
+      lines: 87,
+      statements: 87,
+    },
+  },
+});

packages/search/package.json

@@ -0,0 +1,51 @@
+{
+  "name": "@verdaccio/search",
+  "version": "6.0.0-6-next.2",
+  "description": "verdaccio search utitlity tools",
+  "main": "./build/dist.js",
+  "types": "build/index.d.ts",
+  "author": {
+    "name": "Juan Picado",
+    "email": "juanpicado19@gmail.com"
+  },
+  "repository": {
+    "type": "https",
+    "url": "https://github.com/verdaccio/verdaccio"
+  },
+  "license": "MIT",
+  "homepage": "https://verdaccio.org",
+  "keywords": [
+    "private",
+    "package",
+    "repository",
+    "registry",
+    "enterprise",
+    "modules",
+    "proxy",
+    "server",
+    "verdaccio"
+  ],
+  "engines": {
+    "node": ">=12",
+    "npm": ">=6"
+  },
+  "scripts": {
+    "clean": "rimraf ./build",
+    "test": "echo 1",
+    "type-check": "tsc --noEmit -p tsconfig.build.json",
+    "build:types": "tsc --emitDeclarationOnly -p tsconfig.build.json",
+    "build:js": "babel src/ --out-dir build/ --copy-files --extensions \".ts,.tsx\" --source-maps",
+    "build": "esbuild src/index.ts --bundle --outfile=build/dist.js --platform=node --target=node12  && pnpm run build:types"
+  },
+  "devDependencies": {
+    "@types/node": "16.18.10",
+    "@verdaccio/types": "workspace:11.0.0-6-next.25",
+    "@orama/orama": "1.0.0-beta.16",
+    "debug": "4.3.4",
+    "esbuild": "0.14.10"
+  },
+  "funding": {
+    "type": "opencollective",
+    "url": "https://opencollective.com/verdaccio"
+  }
+}

packages/search/src/index.ts

@@ -0,0 +1 @@
+export { default as SearchMemoryIndexer } from './indexer';