chore: update versions (6-next) (#3982)

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

.babelrc

@@ -10,5 +10,9 @@
     ],
     "@babel/typescript"
   ],
-  "ignore": ["**/*.d.ts"]
+  "ignore": ["**/*.d.ts"],
+  "plugins": [
+    "@babel/plugin-proposal-optional-chaining",
+    "@babel/plugin-proposal-nullish-coalescing-operator"
+  ]
 }

.changeset/chilly-trains-juggle.md

@@ -0,0 +1,8 @@
+---
+'@verdaccio/config': patch
+---
+
+Respect the `changePassword` configuration flag to enable changing the password through the web API.
+
+> **Note**
+> This feature is still experimental and not fully supported in the default web application.

.changeset/eight-clouds-look.md

@@ -0,0 +1,7 @@
+---
+'@verdaccio/api': minor
+'@verdaccio/middleware': minor
+'@verdaccio/server': minor
+---
+
+fix: expose middleware methods

.changeset/eighty-snails-admire.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/server-fastify': patch
+'@verdaccio/web': patch
+---
+
+Fix the password validation logic for the `/reset_password` route to ensure that the password is only reset if it is valid.

.changeset/khaki-carrots-crash.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/ui-theme': minor
+'@verdaccio/ui-components': minor
+---
+
+feat: ui bugfixes and improvements

.changeset/moody-beds-rule.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/proxy': patch
+'@verdaccio/hooks': patch
+---
+
+fix: improve legacy nodejs support

.changeset/pre.json

@@ -58,7 +58,8 @@
     "@verdaccio/logger-7": "6.0.0-6-next.1",
     "@verdaccio/logger-commons": "6.0.0-6-next.25",
     "@verdaccio/e2e-cli-pnpm8": "1.0.1-6-next.6",
-    "@verdaccio/signature": "6.0.0-6-next.1"
+    "@verdaccio/signature": "6.0.0-6-next.1",
+    "@verdaccio/search": "6.0.0-6-next.1"
   },
   "changesets": [
     "afraid-mice-obey",
@@ -74,11 +75,14 @@
     "chatty-pillows-perform",
     "chilled-ways-fetch",
     "chilly-glasses-occur",
+    "chilly-trains-juggle",
     "clever-pugs-warn",
     "dry-planes-tap",
     "dull-monkeys-search",
     "early-jokes-nail",
     "eight-bottles-own",
+    "eight-clouds-look",
+    "eighty-snails-admire",
     "eleven-brooms-hunt",
     "eleven-spoons-matter",
     "fair-lemons-beam",
@@ -106,6 +110,7 @@
     "heavy-ravens-lay",
     "hip-hounds-destroy",
     "honest-maps-hear",
+    "khaki-carrots-crash",
     "kind-bears-nail",
     "kind-ladybugs-admire",
     "late-adults-love",
@@ -118,6 +123,7 @@
     "many-vans-care",
     "modern-maps-lie",
     "modern-spies-tell",
+    "moody-beds-rule",
     "moody-clocks-roll",
     "neat-toes-report",
     "neat-toys-float",
@@ -140,12 +146,17 @@
     "red-chefs-float",
     "red-yaks-sell",
     "rich-badgers-begin",
+    "rich-bananas-chew",
     "rich-ghosts-rule",
     "shaggy-carrots-unite",
     "shaggy-parrots-smash",
     "shiny-chefs-heal",
     "shy-ducks-cover",
     "silly-moose-watch",
+    "silver-needles-drum",
+    "silver-spoons-nail",
+    "six-boats-sparkle",
+    "slimy-eggs-explain",
     "slow-carrots-relate",
     "slow-snails-sniff",
     "smart-apricots-kneel",
@@ -158,9 +169,12 @@
     "spicy-snakes-sip",
     "strange-ladybugs-nail",
     "strong-socks-type",
+    "stupid-sloths-leave",
     "swift-pumpkins-knock",
     "ten-parents-breathe",
     "tender-bags-call",
+    "tender-pots-yawn",
+    "tender-tigers-hammer",
     "thick-countries-move",
     "thick-geese-wash",
     "thick-readers-hang",

.changeset/rich-bananas-chew.md

@@ -0,0 +1,7 @@
+---
+'@verdaccio/api': patch
+'@verdaccio/core': patch
+'@verdaccio/middleware': patch
+---
+
+fix: official package "-" cannot be synced

.changeset/silver-needles-drum.md

@@ -0,0 +1,9 @@
+---
+'@verdaccio/core': patch
+'@verdaccio/hooks': patch
+'@verdaccio/proxy': patch
+'@verdaccio/store': patch
+'@verdaccio/web': patch
+---
+
+refactor: got instead undici

.changeset/silver-spoons-nail.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/proxy': minor
+'@verdaccio/store': minor
+---
+
+feat: refactor proxy with got v12

.changeset/six-boats-sparkle.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/search': minor
+---
+
+feat: add search package utilities

.changeset/slimy-eggs-explain.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/logger-commons': patch
+---
+
+fix: restore wrong dependency version

.changeset/stupid-sloths-leave.md

@@ -0,0 +1,7 @@
+---
+'@verdaccio/logger-7': patch
+'@verdaccio/logger-commons': patch
+'@verdaccio/logger-prettify': patch
+---
+
+fix: restore pino legacy version

.changeset/tender-pots-yawn.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-theme': patch
+---
+
+fix menuKey for Khmer language

.changeset/tender-tigers-hammer.md

@@ -0,0 +1,7 @@
+---
+'@verdaccio/auth': minor
+'@verdaccio/core': minor
+'verdaccio-htpasswd': minor
+---
+
+feat: async bcrypt hash

.github/workflows/changesets.yml

@@ -20,12 +20,12 @@ jobs:
     if: github.ref == 'refs/heads/master' && github.repository == 'verdaccio/verdaccio'
     steps:
       - name: checkout code repository
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           fetch-depth: 0
 
       - name: setup node.js
-        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
+        uses: actions/setup-node@bea5baf987ba7aa777a8a0b4ace377a21c45c381 # tag=v3
         with:
           node-version-file: '.nvmrc'
         env:

.github/workflows/ci-windows.yml

@@ -18,9 +18,9 @@ jobs:
         env:
           NODE_ENV: production          
     steps:
-    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
     - name: Node
-      uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
+      uses: actions/setup-node@bea5baf987ba7aa777a8a0b4ace377a21c45c381 # tag=v3
       with:
         node-version-file: '.nvmrc'
     - name: Install pnpm
@@ -47,9 +47,9 @@ jobs:
     name: Lint
     needs: prepare
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
       - name: Node
-        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
+        uses: actions/setup-node@bea5baf987ba7aa777a8a0b4ace377a21c45c381 # tag=v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
@@ -71,9 +71,9 @@ jobs:
     name: Format
     needs: prepare
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
       - name: Use Node
-        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
+        uses: actions/setup-node@bea5baf987ba7aa777a8a0b4ace377a21c45c381 # tag=v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
@@ -100,9 +100,9 @@ jobs:
     name: ${{ matrix.os }} / Node ${{ matrix.node_version }}
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
       - name: Use Node ${{ matrix.node_version }}
-        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
+        uses: actions/setup-node@bea5baf987ba7aa777a8a0b4ace377a21c45c381 # tag=v3
         with:
           node-version: ${{ matrix.node_version }}
       - name: Install pnpm
@@ -126,8 +126,8 @@ jobs:
     runs-on: windows-latest
     name: UI Test E2E
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
-      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
+      - uses: actions/setup-node@bea5baf987ba7aa777a8a0b4ace377a21c45c381 # tag=v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm

.github/workflows/ci.yml

@@ -27,9 +27,9 @@ jobs:
         env:
           NODE_ENV: production          
     steps:
-    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
     - name: Node
-      uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
+      uses: actions/setup-node@bea5baf987ba7aa777a8a0b4ace377a21c45c381 # tag=v3
       with:
         node-version-file: '.nvmrc'
     - name: Install pnpm
@@ -54,9 +54,9 @@ jobs:
     name: Lint
     needs: prepare
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
       - name: Node
-        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
+        uses: actions/setup-node@bea5baf987ba7aa777a8a0b4ace377a21c45c381 # tag=v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
@@ -79,9 +79,9 @@ jobs:
     name: Format
     needs: prepare
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
       - name: Use Node
-        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
+        uses: actions/setup-node@bea5baf987ba7aa777a8a0b4ace377a21c45c381 # tag=v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
@@ -109,9 +109,9 @@ jobs:
     name: ${{ matrix.os }} / Node ${{ matrix.node_version }}
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
       - name: Use Node ${{ matrix.node_version }}
-        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
+        uses: actions/setup-node@bea5baf987ba7aa777a8a0b4ace377a21c45c381 # tag=v3
         with:
           node-version: ${{ matrix.node_version }}
       - name: Install pnpm
@@ -137,8 +137,8 @@ jobs:
     name: synchronize translations
     if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
-      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
+      - uses: actions/setup-node@bea5baf987ba7aa777a8a0b4ace377a21c45c381 # tag=v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm

.github/workflows/codeql-analysis.yml

@@ -21,7 +21,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           # We must fetch at least the immediate parents so that if this is
           # a pull request then we can checkout the head.
@@ -34,7 +34,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@7df0ce34898d659f95c0c4a09eaa8d4e32ee64db # tag=v2
+        uses: github/codeql-action/init@a09933a12a80f87b87005513f0abb1494c27a716 # v2
 
       # Override language selection by uncommenting this and choosing your languages
       # with:
@@ -42,7 +42,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@7df0ce34898d659f95c0c4a09eaa8d4e32ee64db # tag=v2
+        uses: github/codeql-action/autobuild@a09933a12a80f87b87005513f0abb1494c27a716 # v2
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -56,4 +56,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@7df0ce34898d659f95c0c4a09eaa8d4e32ee64db # tag=v2
+        uses: github/codeql-action/analyze@a09933a12a80f87b87005513f0abb1494c27a716 # v2

.github/workflows/docker-proxy-apache-e2e.yml

@@ -15,13 +15,13 @@ jobs:
 
     steps:
     - name: Checkout
-      uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
+      uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
       
     - name: Start containers
       run: docker-compose -f "./e2e/docker/apache-verdaccio/docker-compose.yaml" up -d --build
 
     - name: Install node
-      uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3
+      uses: actions/setup-node@bea5baf987ba7aa777a8a0b4ace377a21c45c381 # v3
       with:
         node-version: 18
     - name: verdaccio cli

.github/workflows/docker-proxy-nginx-e2e.yml

@@ -12,13 +12,13 @@ jobs:
 
     steps:
     - name: Checkout
-      uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
+      uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
       
     - name: Start containers
       run: docker-compose -f "./e2e/docker/proxy-nginx/docker-compose.yaml" up -d --build
 
     - name: Install node
-      uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3
+      uses: actions/setup-node@bea5baf987ba7aa777a8a0b4ace377a21c45c381 # v3
       with:
         node-version: 18
     - name: npm setup

.github/workflows/docker-publish.yml

@@ -23,8 +23,8 @@ jobs:
   docker:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
-      - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # tag=v1
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
+      - uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # tag=v1
       - uses: docker/setup-buildx-action@v1
         with:
           driver-opts: network=host

.github/workflows/e2e-ci.yml

@@ -15,9 +15,9 @@ jobs:
         env:
           NODE_ENV: production
     steps:
-    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
     - name: Use Node
-      uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
+      uses: actions/setup-node@bea5baf987ba7aa777a8a0b4ace377a21c45c381 # tag=v3
       with:
         node-version-file: '.nvmrc'
     - name: Install pnpm
@@ -39,9 +39,9 @@ jobs:
     needs: [prepare]
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
       - name: Use Node 16
-        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
+        uses: actions/setup-node@bea5baf987ba7aa777a8a0b4ace377a21c45c381 # tag=v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
@@ -83,8 +83,8 @@ jobs:
     name: ${{ matrix.pkg }}/ ubuntu-latest / ${{ matrix.node }}
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
-      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
+      - uses: actions/setup-node@bea5baf987ba7aa777a8a0b4ace377a21c45c381 # tag=v3
         with:
           node-version: ${{ matrix.node }}
       - name: Install pnpm

.github/workflows/e2e-ui.yml

@@ -15,9 +15,9 @@ jobs:
         env:
           NODE_ENV: production
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
       - name: Use Node
-        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
+        uses: actions/setup-node@bea5baf987ba7aa777a8a0b4ace377a21c45c381 # tag=v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm

.github/workflows/static-data.yml

@@ -19,11 +19,11 @@ jobs:
     name: Run script
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           persist-credentials: false
           fetch-depth: 0
-      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
+      - uses: actions/setup-node@bea5baf987ba7aa777a8a0b4ace377a21c45c381 # tag=v3
         with:
           node-version: 18.x
       - name: install pnpm

.github/workflows/ui-components.yml

@@ -27,10 +27,10 @@ jobs:
     env:
       NODE_OPTIONS: --max_old_space_size=4096
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
 
       - name: Use Node
-        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
+        uses: actions/setup-node@bea5baf987ba7aa777a8a0b4ace377a21c45c381 # tag=v3
         with:
           node-version-file: '.nvmrc'
 
@@ -65,7 +65,7 @@ jobs:
           build-dir: './packages/ui-components/storybook-static'          
       - name: 🤖 Deploy Preview UI Components Netlify
         if: github.repository == 'verdaccio/verdaccio'
-        uses: verdaccio/action-netlify-deploy@1c086d59169edeec9254672c7de17d2ceac3928f # v2.0.0
+        uses: semoal/action-netlify-deploy@1a53f098745bf78555d11b436f5ee3af87e6b566
         id: netlify_preview_ui
         with:
           draft: true

.github/workflows/website.yml

@@ -23,10 +23,10 @@ jobs:
     env:
       NODE_OPTIONS: --max_old_space_size=4096
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
 
       - name: Use Node 16
-        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
+        uses: actions/setup-node@bea5baf987ba7aa777a8a0b4ace377a21c45c381 # tag=v3
         with:
           node-version: 16
 
@@ -40,7 +40,7 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-build-${{ env.cache-name }}-${{ matrix.node-version }}-
 
-      - uses: pnpm/action-setup@c3b53f6a16e57305370b4ae5a540c2077a1d50dd # tag=v2.2.4
+      - uses: pnpm/action-setup@d882d12c64e032187b2edb46d3a0d003b7a43598 # tag=v2.4.0
         with:
           version: latest-8
           run_install: |
@@ -100,7 +100,7 @@ jobs:
       - name: Audit preview URL with Lighthouse
         if: github.repository == 'verdaccio/verdaccio'
         id: lighthouse_audit
-        uses: treosh/lighthouse-ci-action@2e159d989f91bb9e399801b3e1ad90bcd4749f75 # tag=9.6.8
+        uses: treosh/lighthouse-ci-action@03becbfc543944dd6e7534f7ff768abb8a296826 # tag=10.1.0
         with:
           urls: |
             ${{ steps.netlify_preview.outputs.preview-url }}
@@ -134,7 +134,7 @@ jobs:
       - name: Add comment to PR
         if: github.repository == 'verdaccio/verdaccio'
         id: comment_to_pr
-        uses: marocchino/sticky-pull-request-comment@3d60a5b2dae89d44e0c6ddc69dd7536aec2071cd # tag=v2
+        uses: marocchino/sticky-pull-request-comment@f6a2580ed520ae15da6076e7410b088d1c5dddd9 # v2
         with:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           number: ${{ github.event.issue.number }}

README.md

@@ -286,8 +286,8 @@ You can find and chat with then over Discord, click [here](http://chat.verdaccio
 - [Aurelia Framework](https://github.com/aurelia/framework) _(+11.6k ⭐️)_
 - [pnpm](https://github.com/pnpm/pnpm) _(+10.1k ⭐️)_
 - [ethereum/web3.js](https://github.com/ethereum/web3.js) _(+9.8k ⭐️)_
+- [Webiny CMS](https://github.com/webiny/webiny-js) _(+6.6k ⭐️)_
 - [NX](https://github.com/nrwl/nx) _(+6.1k ⭐️)_
-- [webiny-js](https://github.com/webiny/webiny-js) _(+4.3k ⭐️)_
 - [Mozilla Neutrino](https://github.com/neutrinojs/neutrino) _(+3.7k ⭐️)_
 - [workshopper how to npm](https://github.com/workshopper/how-to-npm) _(+1k ⭐️)_
 - [Amazon SDK v3](https://github.com/aws/aws-sdk-js-v3)

SECURITY.md

@@ -28,7 +28,7 @@ At Verdaccio, we consider the security of our systems a top priority. But no mat
 
 If you discover a security vulnerability, please use one of the following means of communications to report it to us:
 
-- Report the security issue to the Node.js Security WG through the [HackerOne program](https://hackerone.com/nodejs-ecosystem) for ecosystem modules on npm, or to [Snyk Security Team](https://snyk.io/vulnerability-disclosure). They will help triage the security issue and work with all involved parties to remediate and release a fix.
+- Report the security issue to [Snyk Security Team](https://snyk.io/vulnerability-disclosure). They will help triage the security issue and work with all involved parties to remediate and release a fix.
 
 Note that time-frame and processes are subject to each program’s own policy.
 

docker-examples/README.md

@@ -10,7 +10,7 @@ The following examples aim to be demonstrative and can be either improved or upd
 - [v5 examples](v5/README.md)
 - [v6 examples](v6/README.md)
 
-## Aditional data
+## Additional data
 
 This folder aims to create a collection of Docker and Kubernetes examples.
 

e2e/cli/cli-commons/package.json

@@ -5,8 +5,8 @@
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
   "devDependencies": {
-    "@verdaccio/config": "workspace:6.0.0-6-next.68",
-    "@verdaccio/core": "workspace:6.0.0-6-next.68",
+    "@verdaccio/config": "workspace:6.0.0-6-next.76",
+    "@verdaccio/core": "workspace:6.0.0-6-next.76",
     "@verdaccio/types": "workspace:11.0.0-6-next.25",
     "debug": "4.3.4",
     "fs-extra": "10.1.0",
@@ -14,7 +14,7 @@
     "js-yaml": "4.1.0",
     "get-port": "5.1.1",
     "lodash": "4.17.21",
-    "verdaccio": "workspace:6.0.0-6-next.68"
+    "verdaccio": "workspace:6.0.0-6-next.76"
   },
   "scripts": {
     "test": "jest",

e2e/cli/e2e-npm6/audit.spec.ts

@@ -33,9 +33,6 @@ describe('audit a package', () => {
       );
       const parsedBody = JSON.parse(resp.stdout as string);
       expect(parsedBody.metadata).toBeDefined();
-      expect(parsedBody.actions).toBeDefined();
-      expect(parsedBody.advisories).toBeDefined();
-      expect(parsedBody.muted).toBeDefined();
     }
   );
 

e2e/cli/e2e-npm6/package.json

@@ -4,7 +4,7 @@
   "version": "1.0.1-6-next.7",
   "dependencies": {
     "@verdaccio/test-cli-commons": "workspace:1.1.0-6-next.7",
-    "npm": "6.14.18"
+    "npm": "9.7.1"
   },
   "scripts": {
     "test": "jest"

e2e/cli/e2e-npm7/package.json

@@ -4,7 +4,7 @@
   "version": "1.0.1-6-next.7",
   "dependencies": {
     "@verdaccio/test-cli-commons": "workspace:1.1.0-6-next.7",
-    "npm": "7.24.2"
+    "npm": "9.7.1"
   },
   "scripts": {
     "test": "jest"

e2e/cli/e2e-npm8/package.json

@@ -4,7 +4,7 @@
   "version": "1.0.1-6-next.7",
   "dependencies": {
     "@verdaccio/test-cli-commons": "workspace:1.1.0-6-next.7",
-    "npm": "8.19.4"
+    "npm": "9.7.1"
   },
   "scripts": {
     "test": "jest"

e2e/cli/e2e-npm9/package.json

@@ -4,7 +4,7 @@
   "version": "1.0.1-6-next.7",
   "dependencies": {
     "@verdaccio/test-cli-commons": "workspace:1.1.0-6-next.7",
-    "npm": "9.6.3"
+    "npm": "9.7.1"
   },
   "scripts": {
     "test": "jest"

e2e/ui/package.json

@@ -3,12 +3,12 @@
   "name": "@verdaccio/e2e-ui",
   "version": "2.0.0-6-next.4",
   "devDependencies": {
-    "verdaccio": "workspace:6.0.0-6-next.68",
-    "@verdaccio/core": "workspace:6.0.0-6-next.68",
-    "@verdaccio/config": "workspace:6.0.0-6-next.68",
+    "verdaccio": "workspace:6.0.0-6-next.76",
+    "@verdaccio/core": "workspace:6.0.0-6-next.76",
+    "@verdaccio/config": "workspace:6.0.0-6-next.76",
     "@verdaccio/test-helper": "workspace:2.0.0-6-next.8",
     "debug": "4.3.4",
-    "cypress": "11.2.0",
+    "cypress": "^11.2.0",
     "get-port": "5.1.1"
   },
   "scripts": {

e2e/ui/pre-setup.js

@@ -1,4 +0,0 @@
-require('@babel/register')({
-  extensions: ['.ts', '.js'],
-});
-module.exports = require('./setup');

e2e/ui/setup.js

@@ -1,26 +0,0 @@
-const fs = require('fs');
-const os = require('os');
-const path = require('path');
-
-const { green } = require('colorette');
-const puppeteer = require('puppeteer');
-
-const DIR = path.join(os.tmpdir(), 'jest_puppeteer_global_setup');
-
-module.exports = async function () {
-  // eslint-disable-next-line no-console
-  console.log(green('Setup Puppeteer'));
-  const browser = await puppeteer.launch({
-    isMobile: false,
-    ignoreHTTPSErrors: true,
-    // invert values for local testing
-    devtools: false,
-    headless: true,
-    // slowMo: 6000,
-    // invert values for local testing
-    args: ['--no-sandbox'],
-  });
-  global.__BROWSER__ = browser;
-  fs.mkdirSync(DIR, { recursive: true, force: true });
-  fs.writeFileSync(path.join(DIR, 'wsEndpoint'), browser.wsEndpoint());
-};

e2e/ui/teardown.js

@@ -1,14 +0,0 @@
-const os = require('os');
-const path = require('path');
-
-const { green } = require('kleur');
-const rimraf = require('rimraf');
-
-const DIR = path.join(os.tmpdir(), 'jest_puppeteer_global_setup');
-
-module.exports = async function () {
-  // eslint-disable-next-line no-console
-  console.log(green('Teardown Puppeteer'));
-  await global.__BROWSER__.close();
-  rimraf.sync(DIR);
-};

package.json

@@ -15,42 +15,42 @@
     "url": "https://opencollective.com/verdaccio"
   },
   "devDependencies": {
-    "@babel/cli": "7.20.7",
-    "@babel/core": "7.20.7",
-    "@babel/eslint-parser": "7.11.0",
-    "@babel/node": "7.20.7",
+    "@babel/cli": "7.22.10",
+    "@babel/core": "7.22.10",
+    "@babel/eslint-parser": "7.22.10",
+    "@babel/node": "7.22.10",
     "@babel/plugin-proposal-class-properties": "7.18.6",
-    "@babel/plugin-proposal-decorators": "7.20.7",
+    "@babel/plugin-proposal-decorators": "7.22.10",
     "@babel/plugin-proposal-export-namespace-from": "7.18.9",
-    "@babel/plugin-proposal-function-sent": "7.18.6",
+    "@babel/plugin-proposal-function-sent": "7.22.5",
     "@babel/plugin-proposal-json-strings": "7.18.6",
     "@babel/plugin-proposal-nullish-coalescing-operator": "7.18.6",
     "@babel/plugin-proposal-numeric-separator": "7.18.6",
     "@babel/plugin-proposal-object-rest-spread": "7.20.7",
-    "@babel/plugin-proposal-optional-chaining": "7.20.7",
-    "@babel/plugin-proposal-throw-expressions": "7.18.6",
+    "@babel/plugin-proposal-optional-chaining": "7.21.0",
+    "@babel/plugin-proposal-throw-expressions": "7.22.5",
     "@babel/plugin-syntax-dynamic-import": "7.8.3",
     "@babel/plugin-syntax-import-meta": "7.10.4",
-    "@babel/plugin-transform-async-to-generator": "7.20.7",
-    "@babel/plugin-transform-classes": "7.20.7",
-    "@babel/plugin-transform-runtime": "7.19.6",
-    "@babel/preset-env": "7.20.2",
-    "@babel/preset-react": "7.18.6",
-    "@babel/preset-typescript": "7.18.6",
-    "@babel/register": "7.18.9",
-    "@babel/runtime": "7.20.7",
+    "@babel/plugin-transform-async-to-generator": "7.22.5",
+    "@babel/plugin-transform-classes": "7.22.6",
+    "@babel/plugin-transform-runtime": "7.22.10",
+    "@babel/preset-env": "7.22.10",
+    "@babel/preset-react": "7.22.5",
+    "@babel/preset-typescript": "7.22.5",
+    "@babel/register": "7.22.5",
+    "@babel/runtime": "7.22.10",
     "@changesets/changelog-github": "0.4.8",
     "@changesets/cli": "2.24.4",
-    "@changesets/get-dependents-graph": "1.3.5",
+    "@changesets/get-dependents-graph": "1.3.6",
     "@crowdin/cli": "3.10.1",
     "@dianmora/contributors": "5.0.0",
     "@emotion/react": "11.10.6",
     "@emotion/styled": "11.10.6",
     "@testing-library/dom": "8.19.1",
     "@testing-library/jest-dom": "5.16.5",
-    "@testing-library/react": "12.1.4",
+    "@testing-library/react": "12.1.5",
     "@trivago/prettier-plugin-sort-imports": "^4.0.0",
-    "@types/async": "3.2.16",
+    "@types/async": "3.2.20",
     "@types/body-parser": "1.19.2",
     "@types/connect": "3.4.35",
     "@types/cookiejar": "2.1.2",
@@ -60,11 +60,11 @@
     "@types/http-errors": "1.8.2",
     "@types/jest": "27.5.2",
     "@types/jsonwebtoken": "8.5.9",
-    "@types/lodash": "4.14.191",
+    "@types/lodash": "4.14.197",
     "@types/mime": "2.0.3",
     "@types/minimatch": "3.0.5",
-    "@types/node": "16.18.10",
-    "@types/node-fetch": "2.6.2",
+    "@types/node": "16.18.40",
+    "@types/node-fetch": "2.6.4",
     "@types/qs": "6.9.7",
     "@types/range-parser": "1.2.4",
     "@types/react": "18.0.26",
@@ -73,16 +73,16 @@
     "@types/react-virtualized": "9.21.21",
     "@types/redux": "3.6.0",
     "@types/request": "2.48.8",
-    "@types/semver": "7.3.13",
+    "@types/semver": "7.5.0",
     "@types/serve-static": "1.13.10",
-    "@types/superagent": "4.1.10",
+    "@types/superagent": "4.1.18",
     "@types/supertest": "2.0.12",
-    "@types/testing-library__jest-dom": "5.14.5",
-    "@types/validator": "13.7.12",
-    "@types/webpack": "5.28.0",
-    "@types/webpack-env": "1.18.0",
-    "@typescript-eslint/eslint-plugin": "5.52.0",
-    "@typescript-eslint/parser": "5.52.0",
+    "@types/testing-library__jest-dom": "5.14.9",
+    "@types/validator": "13.7.17",
+    "@types/webpack": "5.28.1",
+    "@types/webpack-env": "1.18.1",
+    "@typescript-eslint/eslint-plugin": "5.59.8",
+    "@typescript-eslint/parser": "5.59.8",
     "@verdaccio/crowdin-translations": "workspace:*",
     "@verdaccio/eslint-config": "workspace:*",
     "@verdaccio/types": "workspace:*",
@@ -95,7 +95,7 @@
     "cross-env": "7.0.3",
     "debug": "4.3.4",
     "detect-secrets": "1.0.6",
-    "eslint": "8.34.0",
+    "eslint": "8.42.0",
     "fs-extra": "10.1.0",
     "got": "11.8.6",
     "husky": "7.0.4",
@@ -106,12 +106,12 @@
     "jest-environment-jsdom-global": "3.1.2",
     "jest-environment-node": "29.3.1",
     "jest-junit": "12.3.0",
-    "kleur": "3.0.3",
+    "kleur": "4.1.5",
     "lint-staged": "11.2.6",
     "nock": "13.2.9",
     "nodemon": "2.0.20",
     "npm-run-all": "4.1.5",
-    "prettier": "2.8.4",
+    "prettier": "2.8.8",
     "react": "18.2.0",
     "react-dom": "18.2.0",
     "rimraf": "3.0.2",
@@ -166,7 +166,7 @@
     "postinstall": "husky install",
     "local:registry": "pnpm --filter ...@verdaccio/local-publish start",
     "local:snapshots": "changeset version --snapshot",
-    "local:publish": "cross-env npm_config_registry=http://localhost:4873 pnpm ci:publish -- --no-git-tag",
+    "local:publish": "cross-env npm_config_registry=http://localhost:4873 changeset publish --no-git-tag",
     "local:publish:release": "concurrently \"pnpm local:registry\" \"pnpm local:publish\""
   },
   "pnpm": {

packages/api/CHANGELOG.md

@@ -1,5 +1,112 @@
 # @verdaccio/api
 
+## 6.0.0-6-next.59
+
+### Patch Changes
+
+- @verdaccio/store@6.0.0-6-next.56
+- @verdaccio/core@6.0.0-6-next.76
+- @verdaccio/config@6.0.0-6-next.76
+- @verdaccio/auth@6.0.0-6-next.55
+- @verdaccio/middleware@6.0.0-6-next.55
+- @verdaccio/utils@6.0.0-6-next.44
+- @verdaccio/logger@6.0.0-6-next.44
+
+## 6.0.0-6-next.58
+
+### Patch Changes
+
+- Updated dependencies [0a6412ca9]
+- Updated dependencies [0a6412ca9]
+  - @verdaccio/core@6.0.0-6-next.75
+  - @verdaccio/store@6.0.0-6-next.55
+  - @verdaccio/auth@6.0.0-6-next.54
+  - @verdaccio/config@6.0.0-6-next.75
+  - @verdaccio/middleware@6.0.0-6-next.54
+  - @verdaccio/utils@6.0.0-6-next.43
+  - @verdaccio/logger@6.0.0-6-next.43
+
+## 6.0.0-6-next.57
+
+### Minor Changes
+
+- ae93e039d: fix: expose middleware methods
+
+### Patch Changes
+
+- Updated dependencies [ae93e039d]
+  - @verdaccio/middleware@6.0.0-6-next.53
+  - @verdaccio/core@6.0.0-6-next.74
+  - @verdaccio/config@6.0.0-6-next.74
+  - @verdaccio/auth@6.0.0-6-next.53
+  - @verdaccio/store@6.0.0-6-next.54
+  - @verdaccio/utils@6.0.0-6-next.42
+  - @verdaccio/logger@6.0.0-6-next.42
+
+## 6.0.0-6-next.56
+
+### Patch Changes
+
+- f859d2b1a: fix: official package "-" cannot be synced
+- Updated dependencies [f859d2b1a]
+  - @verdaccio/core@6.0.0-6-next.73
+  - @verdaccio/middleware@6.0.0-6-next.52
+  - @verdaccio/auth@6.0.0-6-next.52
+  - @verdaccio/config@6.0.0-6-next.73
+  - @verdaccio/store@6.0.0-6-next.53
+  - @verdaccio/utils@6.0.0-6-next.41
+  - @verdaccio/logger@6.0.0-6-next.41
+
+## 6.0.0-6-next.55
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.72
+- @verdaccio/config@6.0.0-6-next.72
+- @verdaccio/auth@6.0.0-6-next.51
+- @verdaccio/middleware@6.0.0-6-next.51
+- @verdaccio/store@6.0.0-6-next.52
+- @verdaccio/utils@6.0.0-6-next.40
+- @verdaccio/logger@6.0.0-6-next.40
+
+## 6.0.0-6-next.54
+
+### Patch Changes
+
+- Updated dependencies [679c19c1b]
+  - @verdaccio/config@6.0.0-6-next.71
+  - @verdaccio/auth@6.0.0-6-next.50
+  - @verdaccio/middleware@6.0.0-6-next.50
+  - @verdaccio/store@6.0.0-6-next.51
+  - @verdaccio/logger@6.0.0-6-next.39
+  - @verdaccio/core@6.0.0-6-next.71
+  - @verdaccio/utils@6.0.0-6-next.39
+
+## 6.0.0-6-next.53
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.38
+- @verdaccio/auth@6.0.0-6-next.49
+- @verdaccio/middleware@6.0.0-6-next.49
+- @verdaccio/store@6.0.0-6-next.50
+- @verdaccio/core@6.0.0-6-next.70
+- @verdaccio/config@6.0.0-6-next.70
+- @verdaccio/utils@6.0.0-6-next.38
+
+## 6.0.0-6-next.52
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/auth@6.0.0-6-next.48
+  - @verdaccio/core@6.0.0-6-next.69
+  - @verdaccio/config@6.0.0-6-next.69
+  - @verdaccio/middleware@6.0.0-6-next.48
+  - @verdaccio/store@6.0.0-6-next.49
+  - @verdaccio/utils@6.0.0-6-next.37
+  - @verdaccio/logger@6.0.0-6-next.37
+
 ## 6.0.0-6-next.51
 
 ### Patch Changes

packages/api/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/api",
-  "version": "6.0.0-6-next.51",
+  "version": "6.0.0-6-next.59",
   "description": "loaders logic",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -39,25 +39,24 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@verdaccio/auth": "workspace:6.0.0-6-next.47",
-    "@verdaccio/config": "workspace:6.0.0-6-next.68",
-    "@verdaccio/core": "workspace:6.0.0-6-next.68",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.36",
-    "@verdaccio/middleware": "workspace:6.0.0-6-next.47",
-    "@verdaccio/store": "workspace:6.0.0-6-next.48",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.36",
+    "@verdaccio/auth": "workspace:6.0.0-6-next.55",
+    "@verdaccio/config": "workspace:6.0.0-6-next.76",
+    "@verdaccio/core": "workspace:6.0.0-6-next.76",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.44",
+    "@verdaccio/middleware": "workspace:6.0.0-6-next.55",
+    "@verdaccio/store": "workspace:6.0.0-6-next.56",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.44",
     "abortcontroller-polyfill": "1.7.5",
     "cookies": "0.8.0",
     "debug": "4.3.4",
-    "body-parser": "1.20.1",
+    "body-parser": "1.20.2",
     "express": "4.18.2",
     "lodash": "4.17.21",
     "mime": "2.6.0",
-    "semver": "7.3.8"
+    "semver": "7.5.4"
   },
   "devDependencies": {
-    "@types/node": "16.18.10",
-    "@verdaccio/server": "workspace:6.0.0-6-next.57",
+    "@verdaccio/server": "workspace:6.0.0-6-next.65",
     "@verdaccio/types": "workspace:11.0.0-6-next.25",
     "@verdaccio/test-helper": "workspace:2.0.0-6-next.8",
     "supertest": "6.3.3",

packages/api/src/index.ts

@@ -1,4 +1,3 @@
-import bodyParser from 'body-parser';
 import express, { Router } from 'express';
 
 import { Auth } from '@verdaccio/auth';
@@ -43,24 +42,22 @@ export default function (config: Config, auth: Auth, storage: Storage): Router {
   app.param('_rev', match(/^-rev$/));
   app.param('org_couchdb_user', match(/^org\.couchdb\.user:/));
   app.use(auth.apiJWTmiddleware());
-  app.use(bodyParser.json({ strict: false, limit: config.max_body_size || '10mb' }));
+  app.use(express.json({ strict: false, limit: config.max_body_size || '10mb' }));
   // @ts-ignore
   app.use(antiLoop(config));
   // encode / in a scoped package name to be matched as a single parameter in routes
   app.use(encodeScopePackage);
   // for "npm whoami"
   whoami(app);
-  pkg(app, auth, storage);
   profile(app, auth, config);
-  // @deprecated endpoint, 404 by default
   search(app);
   user(app, auth, config);
   distTags(app, auth, storage);
   publish(app, auth, storage);
   ping(app);
   stars(app, storage);
-  // @ts-ignore
   v1Search(app, auth, storage);
   token(app, auth, storage, config);
+  pkg(app, auth, storage);
   return app;
 }

packages/auth/CHANGELOG.md

@@ -1,5 +1,109 @@
 # @verdaccio/auth
 
+## 6.0.0-6-next.55
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.76
+- @verdaccio/config@6.0.0-6-next.76
+- @verdaccio/loaders@6.0.0-6-next.45
+- verdaccio-htpasswd@11.0.0-6-next.46
+- @verdaccio/utils@6.0.0-6-next.44
+- @verdaccio/signature@6.0.0-6-next.2
+- @verdaccio/logger@6.0.0-6-next.44
+
+## 6.0.0-6-next.54
+
+### Patch Changes
+
+- Updated dependencies [0a6412ca9]
+  - @verdaccio/core@6.0.0-6-next.75
+  - @verdaccio/config@6.0.0-6-next.75
+  - @verdaccio/loaders@6.0.0-6-next.44
+  - verdaccio-htpasswd@11.0.0-6-next.45
+  - @verdaccio/utils@6.0.0-6-next.43
+  - @verdaccio/signature@6.0.0-6-next.2
+  - @verdaccio/logger@6.0.0-6-next.43
+
+## 6.0.0-6-next.53
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.74
+- @verdaccio/config@6.0.0-6-next.74
+- @verdaccio/loaders@6.0.0-6-next.43
+- verdaccio-htpasswd@11.0.0-6-next.44
+- @verdaccio/utils@6.0.0-6-next.42
+- @verdaccio/signature@6.0.0-6-next.2
+- @verdaccio/logger@6.0.0-6-next.42
+
+## 6.0.0-6-next.52
+
+### Patch Changes
+
+- Updated dependencies [f859d2b1a]
+  - @verdaccio/core@6.0.0-6-next.73
+  - @verdaccio/config@6.0.0-6-next.73
+  - @verdaccio/loaders@6.0.0-6-next.42
+  - verdaccio-htpasswd@11.0.0-6-next.43
+  - @verdaccio/utils@6.0.0-6-next.41
+  - @verdaccio/signature@6.0.0-6-next.2
+  - @verdaccio/logger@6.0.0-6-next.41
+
+## 6.0.0-6-next.51
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.72
+- @verdaccio/config@6.0.0-6-next.72
+- @verdaccio/loaders@6.0.0-6-next.41
+- verdaccio-htpasswd@11.0.0-6-next.42
+- @verdaccio/utils@6.0.0-6-next.40
+- @verdaccio/signature@6.0.0-6-next.2
+- @verdaccio/logger@6.0.0-6-next.40
+
+## 6.0.0-6-next.50
+
+### Patch Changes
+
+- Updated dependencies [679c19c1b]
+  - @verdaccio/config@6.0.0-6-next.71
+  - @verdaccio/loaders@6.0.0-6-next.40
+  - verdaccio-htpasswd@11.0.0-6-next.41
+  - @verdaccio/signature@6.0.0-6-next.2
+  - @verdaccio/logger@6.0.0-6-next.39
+  - @verdaccio/core@6.0.0-6-next.71
+  - @verdaccio/utils@6.0.0-6-next.39
+
+## 6.0.0-6-next.49
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.38
+- @verdaccio/loaders@6.0.0-6-next.39
+- verdaccio-htpasswd@11.0.0-6-next.40
+- @verdaccio/core@6.0.0-6-next.70
+- @verdaccio/config@6.0.0-6-next.70
+- @verdaccio/utils@6.0.0-6-next.38
+- @verdaccio/signature@6.0.0-6-next.2
+
+## 6.0.0-6-next.48
+
+### Minor Changes
+
+- c9d1af0e: feat: async bcrypt hash
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+  - verdaccio-htpasswd@11.0.0-6-next.39
+  - @verdaccio/config@6.0.0-6-next.69
+  - @verdaccio/loaders@6.0.0-6-next.38
+  - @verdaccio/utils@6.0.0-6-next.37
+  - @verdaccio/signature@6.0.0-6-next.2
+  - @verdaccio/logger@6.0.0-6-next.37
+
 ## 6.0.0-6-next.47
 
 ### Patch Changes

packages/auth/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/auth",
-  "version": "6.0.0-6-next.47",
+  "version": "6.0.0-6-next.55",
   "description": "logger",
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
@@ -39,16 +39,16 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.68",
-    "@verdaccio/config": "workspace:6.0.0-6-next.68",
-    "@verdaccio/loaders": "workspace:6.0.0-6-next.37",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.36",
+    "@verdaccio/core": "workspace:6.0.0-6-next.76",
+    "@verdaccio/config": "workspace:6.0.0-6-next.76",
+    "@verdaccio/loaders": "workspace:6.0.0-6-next.45",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.44",
     "@verdaccio/signature": "workspace:6.0.0-6-next.2",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.36",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.44",
     "debug": "4.3.4",
     "express": "4.18.2",
     "lodash": "4.17.21",
-    "verdaccio-htpasswd": "workspace:11.0.0-6-next.38"
+    "verdaccio-htpasswd": "workspace:11.0.0-6-next.46"
   },
   "devDependencies": {
     "@verdaccio/types": "workspace:11.0.0-6-next.25"

packages/auth/test/auth.spec.ts

@@ -8,7 +8,7 @@ import { Config } from '@verdaccio/types';
 import { Auth } from '../src';
 import { authPluginFailureConf, authPluginPassThrougConf, authProfileConf } from './helper/plugin';
 
-setup({});
+setup({ level: 'debug', type: 'stdout' });
 
 describe('AuthTest', () => {
   test('should init correctly', async () => {
@@ -29,6 +29,18 @@ describe('AuthTest', () => {
     expect(auth).toBeDefined();
   });
 
+  test('should load custom algorithm', async () => {
+    const config: Config = new AppConfig({
+      ...authProfileConf,
+      auth: { htpasswd: { algorithm: 'sha1', file: './foo' } },
+    });
+    config.checkSecretKey('12345');
+
+    const auth: Auth = new Auth(config);
+    await auth.init();
+    expect(auth).toBeDefined();
+  });
+
   describe('test authenticate method', () => {
     describe('test authenticate states', () => {
       test('should be a success login', async () => {

packages/cli/CHANGELOG.md

@@ -1,5 +1,81 @@
 # @verdaccio/cli
 
+## 6.0.0-6-next.76
+
+### Patch Changes
+
+- @verdaccio/node-api@6.0.0-6-next.76
+- @verdaccio/core@6.0.0-6-next.76
+- @verdaccio/config@6.0.0-6-next.76
+- @verdaccio/logger@6.0.0-6-next.44
+
+## 6.0.0-6-next.75
+
+### Patch Changes
+
+- Updated dependencies [0a6412ca9]
+  - @verdaccio/core@6.0.0-6-next.75
+  - @verdaccio/config@6.0.0-6-next.75
+  - @verdaccio/node-api@6.0.0-6-next.75
+  - @verdaccio/logger@6.0.0-6-next.43
+
+## 6.0.0-6-next.74
+
+### Patch Changes
+
+- @verdaccio/node-api@6.0.0-6-next.74
+- @verdaccio/core@6.0.0-6-next.74
+- @verdaccio/config@6.0.0-6-next.74
+- @verdaccio/logger@6.0.0-6-next.42
+
+## 6.0.0-6-next.73
+
+### Patch Changes
+
+- Updated dependencies [f859d2b1a]
+  - @verdaccio/core@6.0.0-6-next.73
+  - @verdaccio/config@6.0.0-6-next.73
+  - @verdaccio/node-api@6.0.0-6-next.73
+  - @verdaccio/logger@6.0.0-6-next.41
+
+## 6.0.0-6-next.72
+
+### Patch Changes
+
+- @verdaccio/node-api@6.0.0-6-next.72
+- @verdaccio/core@6.0.0-6-next.72
+- @verdaccio/config@6.0.0-6-next.72
+- @verdaccio/logger@6.0.0-6-next.40
+
+## 6.0.0-6-next.71
+
+### Patch Changes
+
+- Updated dependencies [679c19c1b]
+  - @verdaccio/config@6.0.0-6-next.71
+  - @verdaccio/node-api@6.0.0-6-next.71
+  - @verdaccio/logger@6.0.0-6-next.39
+  - @verdaccio/core@6.0.0-6-next.71
+
+## 6.0.0-6-next.70
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.38
+- @verdaccio/node-api@6.0.0-6-next.70
+- @verdaccio/core@6.0.0-6-next.70
+- @verdaccio/config@6.0.0-6-next.70
+
+## 6.0.0-6-next.69
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+  - @verdaccio/config@6.0.0-6-next.69
+  - @verdaccio/node-api@6.0.0-6-next.69
+  - @verdaccio/logger@6.0.0-6-next.37
+
 ## 6.0.0-6-next.68
 
 ### Patch Changes

packages/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/cli",
-  "version": "6.0.0-6-next.68",
+  "version": "6.0.0-6-next.76",
   "author": {
     "name": "Juan Picado",
     "email": "juanpicado19@gmail.com"
@@ -44,14 +44,14 @@
     "start": "ts-node src/index.ts"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.68",
-    "@verdaccio/config": "workspace:6.0.0-6-next.68",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.36",
-    "@verdaccio/node-api": "workspace:6.0.0-6-next.68",
-    "clipanion": "3.2.0",
+    "@verdaccio/core": "workspace:6.0.0-6-next.76",
+    "@verdaccio/config": "workspace:6.0.0-6-next.76",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.44",
+    "@verdaccio/node-api": "workspace:6.0.0-6-next.76",
+    "clipanion": "3.2.1",
     "envinfo": "7.8.1",
-    "kleur": "3.0.3",
-    "semver": "7.3.8"
+    "kleur": "4.1.5",
+    "semver": "7.5.4"
   },
   "devDependencies": {
     "ts-node": "10.9.1"

packages/config/CHANGELOG.md

@@ -1,5 +1,69 @@
 # @verdaccio/config
 
+## 6.0.0-6-next.76
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.76
+- @verdaccio/utils@6.0.0-6-next.44
+
+## 6.0.0-6-next.75
+
+### Patch Changes
+
+- Updated dependencies [0a6412ca9]
+  - @verdaccio/core@6.0.0-6-next.75
+  - @verdaccio/utils@6.0.0-6-next.43
+
+## 6.0.0-6-next.74
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.74
+- @verdaccio/utils@6.0.0-6-next.42
+
+## 6.0.0-6-next.73
+
+### Patch Changes
+
+- Updated dependencies [f859d2b1a]
+  - @verdaccio/core@6.0.0-6-next.73
+  - @verdaccio/utils@6.0.0-6-next.41
+
+## 6.0.0-6-next.72
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.72
+- @verdaccio/utils@6.0.0-6-next.40
+
+## 6.0.0-6-next.71
+
+### Patch Changes
+
+- 679c19c1b: Respect the `changePassword` configuration flag to enable changing the password through the web API.
+
+  > **Note**
+  > This feature is still experimental and not fully supported in the default web application.
+
+  - @verdaccio/core@6.0.0-6-next.71
+  - @verdaccio/utils@6.0.0-6-next.39
+
+## 6.0.0-6-next.70
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.70
+- @verdaccio/utils@6.0.0-6-next.38
+
+## 6.0.0-6-next.69
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+  - @verdaccio/utils@6.0.0-6-next.37
+
 ## 6.0.0-6-next.68
 
 ### Patch Changes

packages/config/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/config",
-  "version": "6.0.0-6-next.68",
+  "version": "6.0.0-6-next.76",
   "description": "logger",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -38,8 +38,8 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.68",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.36",
+    "@verdaccio/core": "workspace:6.0.0-6-next.76",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.44",
     "debug": "4.3.4",
     "js-yaml": "4.1.0",
     "lodash": "4.17.21",

packages/config/src/config.ts

@@ -84,6 +84,7 @@ class Config implements AppConfig {
     this.serverSettings = serverSettings;
     this.flags = {
       searchRemote: config.flags?.searchRemote ?? true,
+      changePassword: config.flags?.changePassword ?? false,
     };
     this.user_agent = config.user_agent;
 

packages/core/core/CHANGELOG.md

@@ -1,5 +1,33 @@
 # @verdaccio/core
 
+## 6.0.0-6-next.76
+
+## 6.0.0-6-next.75
+
+### Patch Changes
+
+- 0a6412ca9: refactor: got instead undici
+
+## 6.0.0-6-next.74
+
+## 6.0.0-6-next.73
+
+### Patch Changes
+
+- f859d2b1a: fix: official package "-" cannot be synced
+
+## 6.0.0-6-next.72
+
+## 6.0.0-6-next.71
+
+## 6.0.0-6-next.70
+
+## 6.0.0-6-next.69
+
+### Minor Changes
+
+- c9d1af0e: feat: async bcrypt hash
+
 ## 6.0.0-6-next.68
 
 ## 6.0.0-6-next.67

packages/core/core/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/core",
-  "version": "6.0.0-6-next.68",
+  "version": "6.0.0-6-next.76",
   "description": "core utilities",
   "keywords": [
     "private",
@@ -33,12 +33,12 @@
     "access": "public"
   },
   "dependencies": {
-    "http-errors": "1.8.1",
+    "http-errors": "2.0.0",
     "http-status-codes": "2.2.0",
-    "semver": "7.3.8",
-    "ajv": "8.11.2",
+    "semver": "7.5.4",
+    "ajv": "8.12.0",
     "process-warning": "1.0.0",
-    "core-js": "3.28.0"
+    "core-js": "3.30.2"
   },
   "devDependencies": {
     "lodash": "4.17.21",

packages/core/core/src/constants.ts

@@ -13,6 +13,7 @@ export const HEADER_TYPE = {
   CONTENT_TYPE: 'content-type',
   CONTENT_LENGTH: 'content-length',
   ACCEPT_ENCODING: 'accept-encoding',
+  AUTHORIZATION: 'authorization',
 };
 
 export const CHARACTER_ENCODING = {
@@ -70,6 +71,7 @@ export const HTTP_STATUS = {
   INTERNAL_ERROR: httpCodes.INTERNAL_SERVER_ERROR,
   SERVICE_UNAVAILABLE: httpCodes.SERVICE_UNAVAILABLE,
   LOOP_DETECTED: 508,
+  CANNOT_HANDLE: 590,
 };
 
 export const ERROR_CODE = {
@@ -109,3 +111,10 @@ export const PACKAGE_ACCESS = {
   SCOPE: '@*/*',
   ALL: '**',
 };
+
+export enum HtpasswdHashAlgorithm {
+  md5 = 'md5',
+  sha1 = 'sha1',
+  crypt = 'crypt',
+  bcrypt = 'bcrypt',
+}

packages/core/core/src/error-utils.ts

@@ -29,6 +29,7 @@ export const API_ERROR = {
   REGISTRATION_DISABLED: 'user registration disabled',
   UNAUTHORIZED_ACCESS: 'unauthorized access',
   BAD_STATUS_CODE: 'bad status code',
+  SERVER_TIME_OUT: 'looks like the server is taking to long to respond',
   PACKAGE_EXIST: 'this package is already present',
   BAD_AUTH_HEADER: 'bad authorization header',
   WEB_DISABLED: 'Web interface is disabled in the config file',

packages/core/core/src/index.ts

@@ -23,6 +23,7 @@ export {
   DEFAULT_PASSWORD_VALIDATION,
   DEFAULT_USER,
   USERS,
+  HtpasswdHashAlgorithm,
 } from './constants';
 const validationUtils = validatioUtils;
 export {

packages/core/core/test/validation-utilts.spec.ts

@@ -10,6 +10,10 @@ import {
 
 describe('validatePackage', () => {
   test('should validate package names', () => {
+    expect(validatePackage('-')).toBeTruthy();
+    expect(validatePackage('--')).toBeTruthy();
+    expect(validatePackage('a')).toBeTruthy();
+    expect(validatePackage('a-')).toBeTruthy();
     expect(validatePackage('package-name')).toBeTruthy();
     expect(validatePackage('@scope/package-name')).toBeTruthy();
   });
@@ -21,6 +25,7 @@ describe('validatePackage', () => {
     expect(validatePackage('node_modules')).toBeFalsy();
     expect(validatePackage('__proto__')).toBeFalsy();
     expect(validatePackage('favicon.ico')).toBeFalsy();
+    expect(validatePackage('%')).toBeFalsy();
   });
 });
 
@@ -75,6 +80,7 @@ describe('validateName', () => {
   test('good ones', () => {
     expect(validateName('verdaccio')).toBeTruthy();
     expect(validateName('some.weird.package-zzz')).toBeTruthy();
+    expect(validateName('--0.0.1.tgz')).toBeTruthy();
     expect(validateName('old-package@0.1.2.tgz')).toBeTruthy();
     // fix https://github.com/verdaccio/verdaccio/issues/1400
     expect(validateName('-build-infra')).toBeTruthy();

packages/core/tarball/CHANGELOG.md

@@ -1,5 +1,72 @@
 # Change Log
 
+## 11.0.0-6-next.45
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.76
+- @verdaccio/url@11.0.0-6-next.42
+- @verdaccio/utils@6.0.0-6-next.44
+
+## 11.0.0-6-next.44
+
+### Patch Changes
+
+- Updated dependencies [0a6412ca9]
+  - @verdaccio/core@6.0.0-6-next.75
+  - @verdaccio/url@11.0.0-6-next.41
+  - @verdaccio/utils@6.0.0-6-next.43
+
+## 11.0.0-6-next.43
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.74
+- @verdaccio/url@11.0.0-6-next.40
+- @verdaccio/utils@6.0.0-6-next.42
+
+## 11.0.0-6-next.42
+
+### Patch Changes
+
+- Updated dependencies [f859d2b1a]
+  - @verdaccio/core@6.0.0-6-next.73
+  - @verdaccio/url@11.0.0-6-next.39
+  - @verdaccio/utils@6.0.0-6-next.41
+
+## 11.0.0-6-next.41
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.72
+- @verdaccio/url@11.0.0-6-next.38
+- @verdaccio/utils@6.0.0-6-next.40
+
+## 11.0.0-6-next.40
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.71
+- @verdaccio/url@11.0.0-6-next.37
+- @verdaccio/utils@6.0.0-6-next.39
+
+## 11.0.0-6-next.39
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.70
+- @verdaccio/url@11.0.0-6-next.36
+- @verdaccio/utils@6.0.0-6-next.38
+
+## 11.0.0-6-next.38
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+  - @verdaccio/url@11.0.0-6-next.35
+  - @verdaccio/utils@6.0.0-6-next.37
+
 ## 11.0.0-6-next.37
 
 ### Patch Changes

packages/core/tarball/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/tarball",
-  "version": "11.0.0-6-next.37",
+  "version": "11.0.0-6-next.45",
   "description": "tarball utilities resolver",
   "keywords": [
     "private",
@@ -34,14 +34,14 @@
   },
   "dependencies": {
     "debug": "4.3.4",
-    "@verdaccio/core": "workspace:6.0.0-6-next.68",
-    "@verdaccio/url": "workspace:11.0.0-6-next.34",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.36",
+    "@verdaccio/core": "workspace:6.0.0-6-next.76",
+    "@verdaccio/url": "workspace:11.0.0-6-next.42",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.44",
     "lodash": "4.17.21"
   },
   "devDependencies": {
     "@verdaccio/types": "workspace:11.0.0-6-next.25",
-    "node-mocks-http": "1.12.1"
+    "node-mocks-http": "1.13.0"
   },
   "scripts": {
     "clean": "rimraf ./build",

packages/core/types/package.json

@@ -40,7 +40,6 @@
     "build": "echo 0"
   },
   "devDependencies": {
-    "@types/node": "16.18.10",
     "typedoc": "0.23.25"
   },
   "typedoc": {

packages/core/types/src/configuration.ts

@@ -18,9 +18,6 @@ export type LoggerLevel = 'http' | 'fatal' | 'warn' | 'info' | 'debug' | 'trace'
 
 export type LoggerConfigItem = {
   type?: LoggerType;
-  /**
-   * The format
-   */
   format?: LoggerFormat;
   path?: string;
   level?: string;

packages/core/url/CHANGELOG.md

@@ -1,5 +1,56 @@
 # Change Log
 
+## 11.0.0-6-next.42
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.76
+
+## 11.0.0-6-next.41
+
+### Patch Changes
+
+- Updated dependencies [0a6412ca9]
+  - @verdaccio/core@6.0.0-6-next.75
+
+## 11.0.0-6-next.40
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.74
+
+## 11.0.0-6-next.39
+
+### Patch Changes
+
+- Updated dependencies [f859d2b1a]
+  - @verdaccio/core@6.0.0-6-next.73
+
+## 11.0.0-6-next.38
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.72
+
+## 11.0.0-6-next.37
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.71
+
+## 11.0.0-6-next.36
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.70
+
+## 11.0.0-6-next.35
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+
 ## 11.0.0-6-next.34
 
 ### Patch Changes

packages/core/url/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/url",
-  "version": "11.0.0-6-next.34",
+  "version": "11.0.0-6-next.42",
   "description": "url utilities resolver",
   "keywords": [
     "private",
@@ -33,14 +33,14 @@
     "access": "public"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.68",
+    "@verdaccio/core": "workspace:6.0.0-6-next.76",
     "debug": "4.3.4",
     "lodash": "4.17.21",
     "validator": "13.9.0"
   },
   "devDependencies": {
     "@verdaccio/types": "workspace:11.0.0-6-next.25",
-    "node-mocks-http": "1.12.1"
+    "node-mocks-http": "1.13.0"
   },
   "scripts": {
     "clean": "rimraf ./build",

packages/hooks/CHANGELOG.md

@@ -1,5 +1,66 @@
 # @verdaccio/hooks
 
+## 6.0.0-6-next.46
+
+### Patch Changes
+
+- e381e4845: fix: improve legacy nodejs support
+  - @verdaccio/core@6.0.0-6-next.76
+  - @verdaccio/logger@6.0.0-6-next.44
+
+## 6.0.0-6-next.45
+
+### Patch Changes
+
+- 0a6412ca9: refactor: got instead undici
+- Updated dependencies [0a6412ca9]
+  - @verdaccio/core@6.0.0-6-next.75
+  - @verdaccio/logger@6.0.0-6-next.43
+
+## 6.0.0-6-next.44
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.74
+- @verdaccio/logger@6.0.0-6-next.42
+
+## 6.0.0-6-next.43
+
+### Patch Changes
+
+- Updated dependencies [f859d2b1a]
+  - @verdaccio/core@6.0.0-6-next.73
+  - @verdaccio/logger@6.0.0-6-next.41
+
+## 6.0.0-6-next.42
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.72
+- @verdaccio/logger@6.0.0-6-next.40
+
+## 6.0.0-6-next.41
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.39
+- @verdaccio/core@6.0.0-6-next.71
+
+## 6.0.0-6-next.40
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.38
+- @verdaccio/core@6.0.0-6-next.70
+
+## 6.0.0-6-next.39
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+  - @verdaccio/logger@6.0.0-6-next.37
+
 ## 6.0.0-6-next.38
 
 ### Patch Changes

packages/hooks/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/hooks",
-  "version": "6.0.0-6-next.38",
+  "version": "6.0.0-6-next.46",
   "description": "loaders logic",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -26,21 +26,21 @@
     "verdaccio"
   ],
   "engines": {
-    "node": ">=16"
+    "node": ">=12"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.68",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.36",
-    "core-js": "3.28.0",
+    "@verdaccio/core": "workspace:6.0.0-6-next.76",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.44",
+    "core-js": "3.30.2",
     "debug": "4.3.4",
     "handlebars": "4.7.7",
-    "undici": "4.16.0"
+    "got-cjs": "12.5.4"
   },
   "devDependencies": {
-    "@types/node": "16.18.10",
-    "@verdaccio/auth": "workspace:6.0.0-6-next.47",
-    "@verdaccio/config": "workspace:6.0.0-6-next.68",
-    "@verdaccio/types": "workspace:11.0.0-6-next.25"
+    "@verdaccio/auth": "workspace:6.0.0-6-next.55",
+    "@verdaccio/config": "workspace:6.0.0-6-next.76",
+    "@verdaccio/types": "workspace:11.0.0-6-next.25",
+    "nock": "13.2.9"
   },
   "scripts": {
     "clean": "rimraf ./build",

packages/hooks/src/notify-request.ts

@@ -1,5 +1,5 @@
 import buildDebug from 'debug';
-import { fetch } from 'undici';
+import got from 'got-cjs';
 
 import { HTTP_STATUS } from '@verdaccio/core';
 import { logger } from '@verdaccio/logger';
@@ -16,7 +16,7 @@ export async function notifyRequest(url: string, options: FetchOptions): Promise
   let response;
   try {
     debug('uri %o', url);
-    response = await fetch(url, {
+    response = got.post(url, {
       body: JSON.stringify(options.body),
       method: 'POST',
       headers: { 'Content-Type': 'application/json' },

packages/hooks/test/notify-request.spec.ts

@@ -1,4 +1,4 @@
-import { MockAgent, setGlobalDispatcher } from 'undici';
+import nock from 'nock';
 
 import { createRemoteUser, parseConfigFile } from '@verdaccio/config';
 import { setup } from '@verdaccio/logger';
@@ -21,26 +21,21 @@ const domain = 'http://slack-service';
 
 const options = {
   path: '/foo?auth_token=mySecretToken',
-  method: 'POST',
 };
 
 describe('Notifications:: notifyRequest', () => {
+  beforeEach(() => {
+    nock.cleanAll();
+  });
   test('when sending a empty notification', async () => {
-    const mockAgent = new MockAgent({ connections: 1 });
-    setGlobalDispatcher(mockAgent);
-    const mockClient = mockAgent.get(domain);
-    mockClient.intercept(options).reply(200, { body: 'test' });
+    nock(domain).post(options.path).reply(200, { body: 'test' });
 
     const notificationResponse = await notify({}, {}, createRemoteUser('foo', []), 'bar');
     expect(notificationResponse).toEqual([false]);
   });
 
   test('when sending a single notification', async () => {
-    const mockAgent = new MockAgent({ connections: 1 });
-    setGlobalDispatcher(mockAgent);
-    const mockClient = mockAgent.get(domain);
-    mockClient.intercept(options).reply(200, { body: 'test' });
-
+    nock(domain).post(options.path).reply(200, { body: 'test' });
     const notificationResponse = await notify(
       {},
       singleHeaderNotificationConfig,
@@ -48,14 +43,10 @@ describe('Notifications:: notifyRequest', () => {
       'bar'
     );
     expect(notificationResponse).toEqual([true]);
-    await mockClient.close();
   });
 
   test('when notification endpoint is missing', async () => {
-    const mockAgent = new MockAgent({ connections: 1 });
-    setGlobalDispatcher(mockAgent);
-    const mockClient = mockAgent.get(domain);
-    mockClient.intercept(options).reply(200, { body: 'test' });
+    nock(domain).post(options.path).reply(200, { body: 'test' });
     const name = 'package';
     const config: Partial<Config> = {
       // @ts-ignore
@@ -70,16 +61,22 @@ describe('Notifications:: notifyRequest', () => {
   });
 
   test('when multiple notifications', async () => {
-    const mockAgent = new MockAgent({ connections: 1 });
-    setGlobalDispatcher(mockAgent);
-    const mockClient = mockAgent.get(domain);
-    mockClient.intercept(options).reply(200, { body: 'test' });
-    mockClient.intercept(options).reply(400, {});
-    mockClient.intercept(options).reply(500, { message: 'Something bad happened' });
+    nock(domain)
+      .post(options.path)
+      .once()
+      .reply(200, { body: 'test' })
+      .post(options.path)
+      .once()
+      .reply(400, {})
+      .post(options.path)
+      .once()
+      .reply(500, { message: 'Something bad happened' });
+    // mockClient.intercept(options).reply(200, { body: 'test' });
+    // mockClient.intercept(options).reply(400, {});
+    // mockClient.intercept(options).reply(500, { message: 'Something bad happened' });
 
     const name = 'package';
     const responses = await notify({ name }, multiNotificationConfig, { name: 'foo' }, 'bar');
     expect(responses).toEqual([true, false, false]);
-    await mockClient.close();
   });
 });

packages/loaders/CHANGELOG.md

@@ -1,5 +1,53 @@
 # @verdaccio/loaders
 
+## 6.0.0-6-next.45
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.44
+
+## 6.0.0-6-next.44
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.43
+
+## 6.0.0-6-next.43
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.42
+
+## 6.0.0-6-next.42
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.41
+
+## 6.0.0-6-next.41
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.40
+
+## 6.0.0-6-next.40
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.39
+
+## 6.0.0-6-next.39
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.38
+
+## 6.0.0-6-next.38
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.37
+
 ## 6.0.0-6-next.37
 
 ### Patch Changes

packages/loaders/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/loaders",
-  "version": "6.0.0-6-next.37",
+  "version": "6.0.0-6-next.45",
   "description": "loaders logic",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -13,13 +13,13 @@
     "url": "https://github.com/verdaccio/verdaccio"
   },
   "dependencies": {
-    "@verdaccio/logger": "workspace:6.0.0-6-next.36",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.44",
     "debug": "4.3.4",
     "lodash": "4.17.21"
   },
   "devDependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.68",
-    "@verdaccio/config": "workspace:6.0.0-6-next.68",
+    "@verdaccio/core": "workspace:6.0.0-6-next.76",
+    "@verdaccio/config": "workspace:6.0.0-6-next.76",
     "@verdaccio/types": "workspace:11.0.0-6-next.25",
     "@verdaccio-scope/verdaccio-auth-foo": "0.0.2",
     "verdaccio-auth-memory": "workspace:*",

packages/logger/logger-7/CHANGELOG.md

@@ -1,5 +1,56 @@
 # @verdaccio/logger-7
 
+## 6.0.0-6-next.21
+
+### Patch Changes
+
+- @verdaccio/logger-commons@6.0.0-6-next.44
+
+## 6.0.0-6-next.20
+
+### Patch Changes
+
+- @verdaccio/logger-commons@6.0.0-6-next.43
+
+## 6.0.0-6-next.19
+
+### Patch Changes
+
+- @verdaccio/logger-commons@6.0.0-6-next.42
+
+## 6.0.0-6-next.18
+
+### Patch Changes
+
+- @verdaccio/logger-commons@6.0.0-6-next.41
+
+## 6.0.0-6-next.17
+
+### Patch Changes
+
+- @verdaccio/logger-commons@6.0.0-6-next.40
+
+## 6.0.0-6-next.16
+
+### Patch Changes
+
+- Updated dependencies [84b2dffdb]
+  - @verdaccio/logger-commons@6.0.0-6-next.39
+
+## 6.0.0-6-next.15
+
+### Patch Changes
+
+- 4a33e269: fix: restore pino legacy version
+- Updated dependencies [4a33e269]
+  - @verdaccio/logger-commons@6.0.0-6-next.38
+
+## 6.0.0-6-next.14
+
+### Patch Changes
+
+- @verdaccio/logger-commons@6.0.0-6-next.37
+
 ## 6.0.0-6-next.13
 
 ### Patch Changes

packages/logger/logger-7/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/logger-7",
-  "version": "6.0.0-6-next.13",
+  "version": "6.0.0-6-next.21",
   "description": "logger for verdaccio 5.x version",
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
@@ -38,7 +38,7 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/logger-commons": "workspace:6.0.0-6-next.36",
+    "@verdaccio/logger-commons": "workspace:6.0.0-6-next.44",
     "pino": "7.11.0"
   },
   "devDependencies": {

packages/logger/logger-commons/CHANGELOG.md

@@ -1,5 +1,60 @@
 # @verdaccio/logger-commons
 
+## 6.0.0-6-next.44
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.76
+
+## 6.0.0-6-next.43
+
+### Patch Changes
+
+- Updated dependencies [0a6412ca9]
+  - @verdaccio/core@6.0.0-6-next.75
+
+## 6.0.0-6-next.42
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.74
+
+## 6.0.0-6-next.41
+
+### Patch Changes
+
+- Updated dependencies [f859d2b1a]
+  - @verdaccio/core@6.0.0-6-next.73
+
+## 6.0.0-6-next.40
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.72
+
+## 6.0.0-6-next.39
+
+### Patch Changes
+
+- 84b2dffdb: fix: restore wrong dependency version
+  - @verdaccio/core@6.0.0-6-next.71
+
+## 6.0.0-6-next.38
+
+### Patch Changes
+
+- 4a33e269: fix: restore pino legacy version
+- Updated dependencies [4a33e269]
+  - @verdaccio/logger-prettify@6.0.0-6-next.10
+  - @verdaccio/core@6.0.0-6-next.70
+
+## 6.0.0-6-next.37
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+
 ## 6.0.0-6-next.36
 
 ### Patch Changes

packages/logger/logger-commons/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/logger-commons",
-  "version": "6.0.0-6-next.36",
+  "version": "6.0.0-6-next.44",
   "description": "logger",
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
@@ -38,13 +38,13 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.68",
-    "@verdaccio/logger-prettify": "workspace:6.0.0-6-next.9",
+    "@verdaccio/core": "workspace:6.0.0-6-next.76",
+    "@verdaccio/logger-prettify": "workspace:6.0.0-6-next.10",
     "debug": "4.3.4",
-    "colorette": "2.0.19"
+    "colorette": "2.0.20"
   },
   "devDependencies": {
-    "pino": "8.11.0",
+    "pino": "7.11.0",
     "@verdaccio/types": "workspace:11.0.0-6-next.25"
   },
   "funding": {

packages/logger/logger-prettify/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @verdaccio/logger-prettify
 
+## 6.0.0-6-next.10
+
+### Patch Changes
+
+- 4a33e269: fix: restore pino legacy version
+
 ## 6.0.0-6-next.9
 
 ### Patch Changes

packages/logger/logger-prettify/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/logger-prettify",
-  "version": "6.0.0-6-next.9",
+  "version": "6.0.0-6-next.10",
   "description": "logger",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -40,12 +40,12 @@
   "dependencies": {
     "dayjs": "1.11.7",
     "pino-abstract-transport": "1.0.0",
-    "colorette": "2.0.19",
+    "colorette": "2.0.20",
     "lodash": "4.17.21",
-    "sonic-boom": "3.2.1"
+    "sonic-boom": "3.3.0"
   },
   "devDependencies": {
-    "pino": "8.11.0"
+    "pino": "8.12.1"
   },
   "funding": {
     "type": "opencollective",

packages/logger/logger/CHANGELOG.md

@@ -1,5 +1,55 @@
 # @verdaccio/logger
 
+## 6.0.0-6-next.44
+
+### Patch Changes
+
+- @verdaccio/logger-commons@6.0.0-6-next.44
+
+## 6.0.0-6-next.43
+
+### Patch Changes
+
+- @verdaccio/logger-commons@6.0.0-6-next.43
+
+## 6.0.0-6-next.42
+
+### Patch Changes
+
+- @verdaccio/logger-commons@6.0.0-6-next.42
+
+## 6.0.0-6-next.41
+
+### Patch Changes
+
+- @verdaccio/logger-commons@6.0.0-6-next.41
+
+## 6.0.0-6-next.40
+
+### Patch Changes
+
+- @verdaccio/logger-commons@6.0.0-6-next.40
+
+## 6.0.0-6-next.39
+
+### Patch Changes
+
+- Updated dependencies [84b2dffdb]
+  - @verdaccio/logger-commons@6.0.0-6-next.39
+
+## 6.0.0-6-next.38
+
+### Patch Changes
+
+- Updated dependencies [4a33e269]
+  - @verdaccio/logger-commons@6.0.0-6-next.38
+
+## 6.0.0-6-next.37
+
+### Patch Changes
+
+- @verdaccio/logger-commons@6.0.0-6-next.37
+
 ## 6.0.0-6-next.36
 
 ### Patch Changes

packages/logger/logger/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/logger",
-  "version": "6.0.0-6-next.36",
+  "version": "6.0.0-6-next.44",
   "description": "logger",
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
@@ -38,8 +38,8 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/logger-commons": "workspace:6.0.0-6-next.36",
-    "pino": "8.11.0"
+    "@verdaccio/logger-commons": "workspace:6.0.0-6-next.44",
+    "pino": "8.14.1"
   },
   "devDependencies": {
     "@verdaccio/types": "workspace:11.0.0-6-next.25"

packages/middleware/CHANGELOG.md

@@ -1,5 +1,86 @@
 # @verdaccio/middleware
 
+## 6.0.0-6-next.55
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.76
+- @verdaccio/config@6.0.0-6-next.76
+- @verdaccio/url@11.0.0-6-next.42
+- @verdaccio/utils@6.0.0-6-next.44
+
+## 6.0.0-6-next.54
+
+### Patch Changes
+
+- Updated dependencies [0a6412ca9]
+  - @verdaccio/core@6.0.0-6-next.75
+  - @verdaccio/config@6.0.0-6-next.75
+  - @verdaccio/url@11.0.0-6-next.41
+  - @verdaccio/utils@6.0.0-6-next.43
+
+## 6.0.0-6-next.53
+
+### Minor Changes
+
+- ae93e039d: fix: expose middleware methods
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.74
+- @verdaccio/config@6.0.0-6-next.74
+- @verdaccio/url@11.0.0-6-next.40
+- @verdaccio/utils@6.0.0-6-next.42
+
+## 6.0.0-6-next.52
+
+### Patch Changes
+
+- f859d2b1a: fix: official package "-" cannot be synced
+- Updated dependencies [f859d2b1a]
+  - @verdaccio/core@6.0.0-6-next.73
+  - @verdaccio/config@6.0.0-6-next.73
+  - @verdaccio/url@11.0.0-6-next.39
+  - @verdaccio/utils@6.0.0-6-next.41
+
+## 6.0.0-6-next.51
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.72
+- @verdaccio/config@6.0.0-6-next.72
+- @verdaccio/url@11.0.0-6-next.38
+- @verdaccio/utils@6.0.0-6-next.40
+
+## 6.0.0-6-next.50
+
+### Patch Changes
+
+- Updated dependencies [679c19c1b]
+  - @verdaccio/config@6.0.0-6-next.71
+  - @verdaccio/core@6.0.0-6-next.71
+  - @verdaccio/url@11.0.0-6-next.37
+  - @verdaccio/utils@6.0.0-6-next.39
+
+## 6.0.0-6-next.49
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.70
+- @verdaccio/config@6.0.0-6-next.70
+- @verdaccio/url@11.0.0-6-next.36
+- @verdaccio/utils@6.0.0-6-next.38
+
+## 6.0.0-6-next.48
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+  - @verdaccio/config@6.0.0-6-next.69
+  - @verdaccio/url@11.0.0-6-next.35
+  - @verdaccio/utils@6.0.0-6-next.37
+
 ## 6.0.0-6-next.47
 
 ### Patch Changes

packages/middleware/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/middleware",
-  "version": "6.0.0-6-next.47",
+  "version": "6.0.0-6-next.55",
   "description": "express middleware utils",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -38,12 +38,12 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.68",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.36",
-    "@verdaccio/config": "workspace:6.0.0-6-next.68",
-    "@verdaccio/url": "workspace:11.0.0-6-next.34",
+    "@verdaccio/core": "workspace:6.0.0-6-next.76",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.44",
+    "@verdaccio/config": "workspace:6.0.0-6-next.76",
+    "@verdaccio/url": "workspace:11.0.0-6-next.42",
     "debug": "4.3.4",
-    "lru-cache": "7.16.1",
+    "lru-cache": "7.18.3",
     "express": "4.18.2",
     "lodash": "4.17.21",
     "mime": "2.6.0",
@@ -54,8 +54,8 @@
     "url": "https://opencollective.com/verdaccio"
   },
   "devDependencies": {
-    "@verdaccio/logger": "workspace:6.0.0-6-next.36",
-    "body-parser": "1.20.1",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.44",
+    "body-parser": "1.20.2",
     "supertest": "6.3.3"
   }
 }

packages/middleware/src/index.ts

@@ -9,7 +9,7 @@ export { final } from './middlewares/final';
 export { allow } from './middlewares/allow';
 export { rateLimit } from './middlewares/rate-limit';
 export { userAgent } from './middlewares/user-agent';
-export { webMiddleware } from './middlewares/web';
+export { webMiddleware, renderWebMiddleware } from './middlewares/web';
 export { errorReportingMiddleware, handleError } from './middlewares/error';
 export {
   log,

packages/middleware/src/middlewares/validation.ts

@@ -1,27 +1,31 @@
-import { errorUtils } from '@verdaccio/core';
-import {
-  validateName as utilValidateName,
-  validatePackage as utilValidatePackage,
-} from '@verdaccio/utils';
+import { NextFunction, Request, Response } from 'express';
 
-export function validateName(_req, _res, next, value: string, name: string) {
-  if (value === '-') {
-    // special case in couchdb usually
-    next('route');
-  } else if (utilValidateName(value)) {
+import { errorUtils, validationUtils } from '@verdaccio/core';
+
+export function validateName(
+  _req: Request,
+  _res: Response,
+  next: NextFunction,
+  value: string,
+  name: string
+) {
+  if (validationUtils.validateName(value)) {
     next();
   } else {
-    next(errorUtils.getForbidden('invalid ' + name));
+    next(errorUtils.getBadRequest('invalid ' + name));
   }
 }
 
-export function validatePackage(_req, _res, next, value: string, name: string) {
-  if (value === '-') {
-    // special case in couchdb usually
-    next('route');
-  } else if (utilValidatePackage(value)) {
+export function validatePackage(
+  _req: Request,
+  _res,
+  next: NextFunction,
+  value: string,
+  name: string
+) {
+  if (validationUtils.validatePackage(value)) {
     next();
   } else {
-    next(errorUtils.getForbidden('invalid ' + name));
+    next(errorUtils.getBadRequest('invalid ' + name));
   }
 }

packages/middleware/src/middlewares/web/index.ts

@@ -1 +1,4 @@
 export { default as webMiddleware } from './web-middleware';
+export { webAPIMiddleware } from './web-api';
+export { setSecurityWebHeaders } from './security';
+export { renderWebMiddleware } from './render-web';

packages/middleware/src/middlewares/web/web-api.ts

@@ -1,10 +1,13 @@
 import express from 'express';
-import { Router } from 'express';
+import { RequestHandler, Router } from 'express';
 
 import { validateName, validatePackage } from '../validation';
 import { setSecurityWebHeaders } from './security';
 
-export function webMiddleware(tokenMiddleware, webEndpointsApi) {
+export function webAPIMiddleware(
+  tokenMiddleware: RequestHandler,
+  webEndpointsApi: RequestHandler
+): Router {
   // eslint-disable-next-line new-cap
   const route = Router();
   // validate all of these params as a package name
@@ -13,15 +16,15 @@ export function webMiddleware(tokenMiddleware, webEndpointsApi) {
   route.param('filename', validateName);
   route.param('version', validateName);
   route.use(express.urlencoded({ extended: false }));
+  route.use(setSecurityWebHeaders);
 
   if (typeof tokenMiddleware === 'function') {
     route.use(tokenMiddleware);
   }
 
-  route.use(setSecurityWebHeaders);
-
-  if (webEndpointsApi) {
+  if (typeof webEndpointsApi === 'function') {
     route.use(webEndpointsApi);
   }
+
   return route;
 }

packages/middleware/src/middlewares/web/web-middleware.ts

@@ -1,7 +1,7 @@
 import express from 'express';
 
 import { renderWebMiddleware } from './render-web';
-import { webMiddleware } from './web-api';
+import { webAPIMiddleware } from './web-api';
 
 export default (config, middlewares, pluginOptions): any => {
   // eslint-disable-next-line new-cap
@@ -10,6 +10,6 @@ export default (config, middlewares, pluginOptions): any => {
   // render web
   router.use('/', renderWebMiddleware(config, tokenMiddleware, pluginOptions));
   // web endpoints, search, packages, etc
-  router.use('/-/verdaccio/', webMiddleware(tokenMiddleware, webEndpointsApi));
+  router.use('/-/verdaccio/', webAPIMiddleware(tokenMiddleware, webEndpointsApi));
   return router;
 };

packages/middleware/test/final.spec.ts

@@ -1,4 +1,3 @@
-import bodyParser from 'body-parser';
 import express from 'express';
 import request from 'supertest';
 
@@ -6,6 +5,8 @@ import { HEADERS, HTTP_STATUS } from '@verdaccio/core';
 
 import { final } from '../src';
 
+const bodyParser = express;
+
 test('handle error as object', async () => {
   const app = express();
   app.use(bodyParser.json({ strict: false, limit: '10mb' }));

packages/middleware/test/json.spec.ts

@@ -1,4 +1,4 @@
-import bodyParser from 'body-parser';
+import express from 'express';
 import request from 'supertest';
 
 import { HEADERS, HTTP_STATUS } from '@verdaccio/core';
@@ -8,7 +8,7 @@ import { getApp } from './helper';
 
 test('body is json', async () => {
   const app = getApp([]);
-  app.use(bodyParser.json({ strict: false, limit: '10mb' }));
+  app.use(express.json({ strict: false, limit: '10mb' }));
   // @ts-ignore
   app.put('/json', expectJson, (req, res) => {
     res.status(HTTP_STATUS.OK).json({});

packages/middleware/test/params.spec.ts

@@ -2,55 +2,9 @@ import request from 'supertest';
 
 import { HTTP_STATUS } from '@verdaccio/core';
 
-import { match, validateName, validatePackage } from '../src';
+import { match } from '../src';
 import { getApp } from './helper';
 
-describe('validate params', () => {
-  test('should validate package name', async () => {
-    const app = getApp([]);
-    // @ts-ignore
-    app.param('package', validatePackage);
-    app.get('/pkg/:package', (req, res) => {
-      res.status(HTTP_STATUS.OK).json({});
-    });
-
-    return request(app).get('/pkg/react').expect(HTTP_STATUS.OK);
-  });
-
-  test('should fails validate package name', async () => {
-    const app = getApp([]);
-    // @ts-ignore
-    app.param('package', validatePackage);
-    app.get('/pkg/:package', (req, res) => {
-      res.status(HTTP_STATUS.OK).json({});
-    });
-
-    return request(app).get('/pkg/node_modules').expect(HTTP_STATUS.FORBIDDEN);
-  });
-
-  test('should fails file name package name', async () => {
-    const app = getApp([]);
-    // @ts-ignore
-    app.param('filename', validateName);
-    app.get('/file/:filename', (req, res) => {
-      res.status(HTTP_STATUS.OK).json({});
-    });
-
-    return request(app).get('/file/__proto__').expect(HTTP_STATUS.FORBIDDEN);
-  });
-
-  test('should validate file name package name', async () => {
-    const app = getApp([]);
-    // @ts-ignore
-    app.param('filename', validateName);
-    app.get('/file/:filename', (req, res) => {
-      res.status(HTTP_STATUS.OK).json({});
-    });
-
-    return request(app).get('/file/react.tar.gz').expect(HTTP_STATUS.OK);
-  });
-});
-
 describe('match', () => {
   test('should not match middleware', async () => {
     const app = getApp([]);

packages/middleware/test/validation.spec.ts

@@ -0,0 +1,92 @@
+import request from 'supertest';
+
+import { HTTP_STATUS } from '@verdaccio/core';
+
+import { validateName, validatePackage } from '../src';
+import { getApp } from './helper';
+
+describe('validate package name middleware', () => {
+  test.each(['jquery', '-'])('%s should be valid package name', (pkg) => {
+    const app = getApp([]);
+    app.param('pkg', validatePackage);
+    app.get('/:pkg', (_req, res) => {
+      res.status(HTTP_STATUS.OK).json({});
+    });
+
+    return request(app).get(`/${pkg}`).expect(HTTP_STATUS.OK);
+  });
+
+  test.each(['node_modules', '%'])('%s should be invalid package name', (pkg) => {
+    const app = getApp([]);
+    app.param('pkg', validatePackage);
+    app.get('/:pkg', (_req, res) => {
+      res.status(HTTP_STATUS.OK).json({});
+    });
+
+    return request(app).get(`/${pkg}`).expect(HTTP_STATUS.BAD_REQUEST);
+  });
+
+  test('should validate package name double level', async () => {
+    const app = getApp([]);
+    // @ts-ignore
+    app.param('package', validatePackage);
+    app.get('/pkg/:package', (req, res) => {
+      res.status(HTTP_STATUS.OK).json({});
+    });
+
+    return request(app).get('/pkg/react').expect(HTTP_STATUS.OK);
+  });
+
+  test('should fails validate package name double level', async () => {
+    const app = getApp([]);
+    // @ts-ignore
+    app.param('package', validatePackage);
+    app.get('/pkg/:package', (req, res) => {
+      res.status(HTTP_STATUS.OK).json({});
+    });
+
+    return request(app).get('/pkg/node_modules').expect(HTTP_STATUS.BAD_REQUEST);
+  });
+});
+
+describe('validate file name name middleware', () => {
+  test.each(['old-package@0.1.2.tgz', '--0.0.1.tgz'])('%s should be valid file name', (pkg) => {
+    const app = getApp([]);
+    app.param('pkg', validateName);
+    app.get('/:pkg', (_req, res) => {
+      res.status(HTTP_STATUS.OK).json({});
+    });
+
+    return request(app).get(`/${pkg}`).expect(HTTP_STATUS.OK);
+  });
+
+  test.each(['some%2Fthing', '.bin'])('%s should be invalid package name', (pkg) => {
+    const app = getApp([]);
+    app.param('pkg', validateName);
+    app.get('/:pkg', (_req, res) => {
+      res.status(HTTP_STATUS.OK).json({});
+    });
+
+    return request(app).get(`/${pkg}`).expect(HTTP_STATUS.BAD_REQUEST);
+  });
+
+  test('should fails file name package name', async () => {
+    const app = getApp([]);
+    app.param('filename', validateName);
+    app.get('/file/:filename', (req, res) => {
+      res.status(HTTP_STATUS.OK).json({});
+    });
+
+    return request(app).get('/file/__proto__').expect(HTTP_STATUS.BAD_REQUEST);
+  });
+
+  test('should validate file name package name', async () => {
+    const app = getApp([]);
+    app.param('filename', validateName);
+    app.get('/file/:filename', (req, res) => {
+      res.status(HTTP_STATUS.OK).json({});
+    });
+
+    return request(app).get('/file/react.tar.gz').expect(HTTP_STATUS.OK);
+  });
+});

packages/node-api/CHANGELOG.md

@@ -1,5 +1,91 @@
 # @verdaccio/node-api
 
+## 6.0.0-6-next.76
+
+### Patch Changes
+
+- @verdaccio/server@6.0.0-6-next.65
+- @verdaccio/server-fastify@6.0.0-6-next.57
+- @verdaccio/core@6.0.0-6-next.76
+- @verdaccio/config@6.0.0-6-next.76
+- @verdaccio/logger@6.0.0-6-next.44
+
+## 6.0.0-6-next.75
+
+### Patch Changes
+
+- Updated dependencies [0a6412ca9]
+  - @verdaccio/core@6.0.0-6-next.75
+  - @verdaccio/config@6.0.0-6-next.75
+  - @verdaccio/server@6.0.0-6-next.64
+  - @verdaccio/server-fastify@6.0.0-6-next.56
+  - @verdaccio/logger@6.0.0-6-next.43
+
+## 6.0.0-6-next.74
+
+### Patch Changes
+
+- Updated dependencies [ae93e039d]
+  - @verdaccio/server@6.0.0-6-next.63
+  - @verdaccio/core@6.0.0-6-next.74
+  - @verdaccio/config@6.0.0-6-next.74
+  - @verdaccio/server-fastify@6.0.0-6-next.55
+  - @verdaccio/logger@6.0.0-6-next.42
+
+## 6.0.0-6-next.73
+
+### Patch Changes
+
+- Updated dependencies [f859d2b1a]
+  - @verdaccio/core@6.0.0-6-next.73
+  - @verdaccio/server@6.0.0-6-next.62
+  - @verdaccio/config@6.0.0-6-next.73
+  - @verdaccio/server-fastify@6.0.0-6-next.54
+  - @verdaccio/logger@6.0.0-6-next.41
+
+## 6.0.0-6-next.72
+
+### Patch Changes
+
+- Updated dependencies [702d5c497]
+  - @verdaccio/server-fastify@6.0.0-6-next.53
+  - @verdaccio/server@6.0.0-6-next.61
+  - @verdaccio/core@6.0.0-6-next.72
+  - @verdaccio/config@6.0.0-6-next.72
+  - @verdaccio/logger@6.0.0-6-next.40
+
+## 6.0.0-6-next.71
+
+### Patch Changes
+
+- Updated dependencies [679c19c1b]
+  - @verdaccio/config@6.0.0-6-next.71
+  - @verdaccio/server@6.0.0-6-next.60
+  - @verdaccio/server-fastify@6.0.0-6-next.52
+  - @verdaccio/logger@6.0.0-6-next.39
+  - @verdaccio/core@6.0.0-6-next.71
+
+## 6.0.0-6-next.70
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.38
+- @verdaccio/server@6.0.0-6-next.59
+- @verdaccio/server-fastify@6.0.0-6-next.51
+- @verdaccio/core@6.0.0-6-next.70
+- @verdaccio/config@6.0.0-6-next.70
+
+## 6.0.0-6-next.69
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+  - @verdaccio/server@6.0.0-6-next.58
+  - @verdaccio/server-fastify@6.0.0-6-next.50
+  - @verdaccio/config@6.0.0-6-next.69
+  - @verdaccio/logger@6.0.0-6-next.37
+
 ## 6.0.0-6-next.68
 
 ### Patch Changes

packages/node-api/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/node-api",
-  "version": "6.0.0-6-next.68",
+  "version": "6.0.0-6-next.76",
   "description": "node API",
   "main": "build/index.js",
   "types": "build/index.d.ts",
@@ -39,19 +39,17 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.68",
-    "@verdaccio/config": "workspace:6.0.0-6-next.68",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.36",
-    "@verdaccio/server": "workspace:6.0.0-6-next.57",
-    "@verdaccio/server-fastify": "workspace:6.0.0-6-next.49",
-    "core-js": "3.28.0",
+    "@verdaccio/core": "workspace:6.0.0-6-next.76",
+    "@verdaccio/config": "workspace:6.0.0-6-next.76",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.44",
+    "@verdaccio/server": "workspace:6.0.0-6-next.65",
+    "@verdaccio/server-fastify": "workspace:6.0.0-6-next.57",
+    "core-js": "3.30.2",
     "debug": "4.3.4",
     "lodash": "4.17.21"
   },
   "devDependencies": {
-    "@types/node": "16.18.10",
     "@verdaccio/types": "workspace:11.0.0-6-next.25",
-    "jest-mock-process": "1.5.1",
     "selfsigned": "1.10.14",
     "supertest": "6.3.3"
   },

packages/plugins/audit/CHANGELOG.md

@@ -1,5 +1,65 @@
 # Change Log
 
+## 11.0.0-6-next.39
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.76
+- @verdaccio/config@6.0.0-6-next.76
+
+## 11.0.0-6-next.38
+
+### Patch Changes
+
+- Updated dependencies [0a6412ca9]
+  - @verdaccio/core@6.0.0-6-next.75
+  - @verdaccio/config@6.0.0-6-next.75
+
+## 11.0.0-6-next.37
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.74
+- @verdaccio/config@6.0.0-6-next.74
+
+## 11.0.0-6-next.36
+
+### Patch Changes
+
+- Updated dependencies [f859d2b1a]
+  - @verdaccio/core@6.0.0-6-next.73
+  - @verdaccio/config@6.0.0-6-next.73
+
+## 11.0.0-6-next.35
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.72
+- @verdaccio/config@6.0.0-6-next.72
+
+## 11.0.0-6-next.34
+
+### Patch Changes
+
+- Updated dependencies [679c19c1b]
+  - @verdaccio/config@6.0.0-6-next.71
+  - @verdaccio/core@6.0.0-6-next.71
+
+## 11.0.0-6-next.33
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.70
+- @verdaccio/config@6.0.0-6-next.70
+
+## 11.0.0-6-next.32
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+  - @verdaccio/config@6.0.0-6-next.69
+
 ## 11.0.0-6-next.31
 
 ### Patch Changes

packages/plugins/audit/package.json

@@ -1,6 +1,6 @@
 {
   "name": "verdaccio-audit",
-  "version": "11.0.0-6-next.31",
+  "version": "11.0.0-6-next.39",
   "description": "Verdaccio Middleware plugin to bypass npmjs audit",
   "keywords": [
     "private",
@@ -30,16 +30,16 @@
     "node": ">=12"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.68",
-    "@verdaccio/config": "workspace:6.0.0-6-next.68",
+    "@verdaccio/core": "workspace:6.0.0-6-next.76",
+    "@verdaccio/config": "workspace:6.0.0-6-next.76",
     "express": "4.18.2",
     "https-proxy-agent": "5.0.1",
     "node-fetch": "cjs"
   },
   "devDependencies": {
     "@verdaccio/types": "workspace:11.0.0-6-next.25",
-    "@verdaccio/auth": "workspace:6.0.0-6-next.47",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.36",
+    "@verdaccio/auth": "workspace:6.0.0-6-next.55",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.44",
     "nock": "13.2.9",
     "supertest": "6.3.3"
   },

packages/plugins/auth-memory/CHANGELOG.md

@@ -1,5 +1,56 @@
 # Change Log
 
+## 11.0.0-6-next.41
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.76
+
+## 11.0.0-6-next.40
+
+### Patch Changes
+
+- Updated dependencies [0a6412ca9]
+  - @verdaccio/core@6.0.0-6-next.75
+
+## 11.0.0-6-next.39
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.74
+
+## 11.0.0-6-next.38
+
+### Patch Changes
+
+- Updated dependencies [f859d2b1a]
+  - @verdaccio/core@6.0.0-6-next.73
+
+## 11.0.0-6-next.37
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.72
+
+## 11.0.0-6-next.36
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.71
+
+## 11.0.0-6-next.35
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.70
+
+## 11.0.0-6-next.34
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+
 ## 11.0.0-6-next.33
 
 ### Patch Changes

packages/plugins/auth-memory/package.json

@@ -1,6 +1,6 @@
 {
   "name": "verdaccio-auth-memory",
-  "version": "11.0.0-6-next.33",
+  "version": "11.0.0-6-next.41",
   "description": "Auth plugin for Verdaccio that keeps users in memory",
   "keywords": [
     "private",
@@ -31,12 +31,12 @@
     "npm": ">=6"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.68",
+    "@verdaccio/core": "workspace:6.0.0-6-next.76",
     "debug": "4.3.4"
   },
   "devDependencies": {
     "@types/debug": "^4.1.7",
-    "@verdaccio/config": "workspace:6.0.0-6-next.68",
+    "@verdaccio/config": "workspace:6.0.0-6-next.76",
     "@verdaccio/types": "workspace:11.0.0-6-next.25"
   },
   "scripts": {

packages/plugins/aws-storage/package.json

@@ -32,7 +32,7 @@
   "types": "build/index.d.ts",
   "dependencies": {
     "@verdaccio/core": "workspace:6.0.0-6-next.5",
-    "aws-sdk": "2.1199.0"
+    "aws-sdk": "2.1354.0"
   },
   "devDependencies": {
     "@verdaccio/types": "workspace:11.0.0-6-next.12",

packages/plugins/htpasswd/CHANGELOG.md

@@ -1,5 +1,60 @@
 # Change Log
 
+## 11.0.0-6-next.46
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.76
+
+## 11.0.0-6-next.45
+
+### Patch Changes
+
+- Updated dependencies [0a6412ca9]
+  - @verdaccio/core@6.0.0-6-next.75
+
+## 11.0.0-6-next.44
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.74
+
+## 11.0.0-6-next.43
+
+### Patch Changes
+
+- Updated dependencies [f859d2b1a]
+  - @verdaccio/core@6.0.0-6-next.73
+
+## 11.0.0-6-next.42
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.72
+
+## 11.0.0-6-next.41
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.71
+
+## 11.0.0-6-next.40
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.70
+
+## 11.0.0-6-next.39
+
+### Minor Changes
+
+- c9d1af0e: feat: async bcrypt hash
+
+### Patch Changes
+
+- Updated dependencies [c9d1af0e]
+  - @verdaccio/core@6.0.0-6-next.69
+
 ## 11.0.0-6-next.38
 
 ### Patch Changes

packages/plugins/htpasswd/package.json

@@ -1,6 +1,6 @@
 {
   "name": "verdaccio-htpasswd",
-  "version": "11.0.0-6-next.38",
+  "version": "11.0.0-6-next.46",
   "description": "htpasswd auth plugin for Verdaccio",
   "keywords": [
     "private",
@@ -34,20 +34,20 @@
     "npm": ">=6"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.68",
+    "@verdaccio/core": "workspace:6.0.0-6-next.76",
     "@verdaccio/file-locking": "workspace:11.0.0-6-next.7",
     "apache-md5": "1.1.8",
     "bcryptjs": "2.4.3",
-    "core-js": "3.28.0",
-    "http-errors": "1.8.1",
+    "core-js": "3.30.2",
+    "http-errors": "2.0.0",
     "debug": "4.3.4",
     "unix-crypt-td-js": "1.1.4"
   },
   "devDependencies": {
     "@types/bcryptjs": "2.4.2",
     "@verdaccio/types": "workspace:11.0.0-6-next.25",
-    "@verdaccio/config": "workspace:6.0.0-6-next.68",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.36",
+    "@verdaccio/config": "workspace:6.0.0-6-next.76",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.44",
     "mockdate": "3.0.5"
   },
   "scripts": {

packages/plugins/htpasswd/src/htpasswd.ts

@@ -2,12 +2,12 @@ import buildDebug from 'debug';
 import fs from 'fs';
 import { dirname, resolve } from 'path';
 
-import { pluginUtils } from '@verdaccio/core';
+import { constants, pluginUtils } from '@verdaccio/core';
 import { unlockFile } from '@verdaccio/file-locking';
 import { Callback, Logger } from '@verdaccio/types';
 
 import {
-  HtpasswdHashAlgorithm,
+  DEFAULT_BCRYPT_ROUNDS,
   HtpasswdHashConfig,
   addUserToHTPasswd,
   changePasswordToHTPasswd,
@@ -17,6 +17,8 @@ import {
   verifyPassword,
 } from './utils';
 
+type HtpasswdHashAlgorithm = constants.HtpasswdHashAlgorithm;
+
 const debug = buildDebug('verdaccio:plugin:htpasswd');
 
 export type HTPasswdConfig = {
@@ -27,7 +29,6 @@ export type HTPasswdConfig = {
   slow_verify_ms?: number;
 };
 
-export const DEFAULT_BCRYPT_ROUNDS = 10;
 export const DEFAULT_SLOW_VERIFY_MS = 200;
 
 /**
@@ -63,15 +64,19 @@ export default class HTPasswd
     let algorithm: HtpasswdHashAlgorithm;
     let rounds: number | undefined;
 
-    if (config.algorithm === undefined) {
-      algorithm = HtpasswdHashAlgorithm.bcrypt;
-    } else if (HtpasswdHashAlgorithm[config.algorithm] !== undefined) {
-      algorithm = HtpasswdHashAlgorithm[config.algorithm];
+    if (typeof config.algorithm === 'undefined') {
+      algorithm = constants.HtpasswdHashAlgorithm.bcrypt;
+    } else if (constants.HtpasswdHashAlgorithm[config.algorithm] !== undefined) {
+      algorithm = constants.HtpasswdHashAlgorithm[config.algorithm];
     } else {
-      throw new Error(`Invalid algorithm "${config.algorithm}"`);
+      this.logger.warn(
+        `The algorithm selected %s is invalid, switching to to default one "bcrypt", password validation can be affected`,
+        config.algorithm
+      );
+      algorithm = constants.HtpasswdHashAlgorithm.bcrypt;
     }
     debug(`password hash algorithm: ${algorithm}`);
-    if (algorithm === HtpasswdHashAlgorithm.bcrypt) {
+    if (algorithm === constants.HtpasswdHashAlgorithm.bcrypt) {
       rounds = config.rounds || DEFAULT_BCRYPT_ROUNDS;
     } else if (config.rounds !== undefined) {
       this.logger.warn({ algo: algorithm }, 'Option "rounds" is not valid for "@{algo}" algorithm');
@@ -202,7 +207,7 @@ export default class HTPasswd
       }
 
       try {
-        this._writeFile(addUserToHTPasswd(body, user, password, this.hashConfig), cb);
+        this._writeFile(await addUserToHTPasswd(body, user, password, this.hashConfig), cb);
       } catch (err: any) {
         return cb(err);
       }

packages/plugins/htpasswd/src/utils.ts

@@ -3,18 +3,15 @@ import bcrypt from 'bcryptjs';
 import crypto from 'crypto';
 import createError, { HttpError } from 'http-errors';
 
-import { API_ERROR, HTTP_STATUS } from '@verdaccio/core';
+import { API_ERROR, HTTP_STATUS, constants } from '@verdaccio/core';
 import { readFile } from '@verdaccio/file-locking';
 import { Callback } from '@verdaccio/types';
 
 import crypt3 from './crypt3';
 
-export enum HtpasswdHashAlgorithm {
-  md5 = 'md5',
-  sha1 = 'sha1',
-  crypt = 'crypt',
-  bcrypt = 'bcrypt',
-}
+export const DEFAULT_BCRYPT_ROUNDS = 10;
+
+type HtpasswdHashAlgorithm = constants.HtpasswdHashAlgorithm;
 
 export interface HtpasswdHashConfig {
   algorithm: HtpasswdHashAlgorithm;
@@ -80,24 +77,24 @@ export async function verifyPassword(passwd: string, hash: string): Promise<bool
  * @param {HtpasswdHashConfig} hashConfig
  * @returns {string}
  */
-export function generateHtpasswdLine(
+export async function generateHtpasswdLine(
   user: string,
   passwd: string,
   hashConfig: HtpasswdHashConfig
-): string {
+): Promise<string> {
   let hash: string;
 
   switch (hashConfig.algorithm) {
-    case HtpasswdHashAlgorithm.bcrypt:
-      hash = bcrypt.hashSync(passwd, hashConfig.rounds);
+    case constants.HtpasswdHashAlgorithm.bcrypt:
+      hash = await bcrypt.hash(passwd, hashConfig.rounds || DEFAULT_BCRYPT_ROUNDS);
       break;
-    case HtpasswdHashAlgorithm.crypt:
+    case constants.HtpasswdHashAlgorithm.crypt:
       hash = crypt3(passwd);
       break;
-    case HtpasswdHashAlgorithm.md5:
+    case constants.HtpasswdHashAlgorithm.md5:
       hash = md5(passwd);
       break;
-    case HtpasswdHashAlgorithm.sha1:
+    case constants.HtpasswdHashAlgorithm.sha1:
       hash = '{SHA}' + crypto.createHash('sha1').update(passwd, 'utf8').digest('base64');
       break;
     default:
@@ -116,12 +113,12 @@ export function generateHtpasswdLine(
  * @param {HtpasswdHashConfig} hashConfig
  * @returns {string}
  */
-export function addUserToHTPasswd(
+export async function addUserToHTPasswd(
   body: string,
   user: string,
   passwd: string,
   hashConfig: HtpasswdHashConfig
-): string {
+): Promise<string> {
   if (user !== encodeURIComponent(user)) {
     const err = createError('username should not contain non-uri-safe characters');
 
@@ -129,7 +126,7 @@ export function addUserToHTPasswd(
     throw err;
   }
 
-  let newline = generateHtpasswdLine(user, passwd, hashConfig);
+  let newline = await generateHtpasswdLine(user, passwd, hashConfig);
 
   if (body.length && body[body.length - 1] !== '\n') {
     newline = '\n' + newline;
@@ -190,13 +187,14 @@ export async function sanityCheck(
 }
 
 /**
+ * /**
  * changePasswordToHTPasswd - change password for existing user
  * @param {string} body
  * @param {string} user
  * @param {string} passwd
  * @param {string} newPasswd
  * @param {HtpasswdHashConfig} hashConfig
- * @returns {string}
+ * @returns {Promise<string>}
  */
 export async function changePasswordToHTPasswd(
   body: string,
@@ -215,7 +213,7 @@ export async function changePasswordToHTPasswd(
   if (!passwordValid) {
     throw new Error(`Unable to change password for user '${user}': invalid old password`);
   }
-  const updatedUserLine = generateHtpasswdLine(username, newPasswd, hashConfig);
+  const updatedUserLine = await generateHtpasswdLine(username, newPasswd, hashConfig);
   lines.splice(userLineIndex, 1, updatedUserLine);
   return lines.join('\n');
 }