chore: update versions (next-7) (#4581)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

.changeset/eighty-lobsters-study.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/ui-theme': patch
+'@verdaccio/ui-components': patch
+---
+
+feat: versions filter by semver range

.changeset/good-cups-train.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/search': patch
+'@verdaccio/search-indexer': patch
+---
+
+refactor: search package

.changeset/itchy-mangos-wink.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/middleware': patch
+'@verdaccio/url': patch
+---
+
+Improved TS types for renderHTML() and related functions (by @tobbe in #4605)

.changeset/long-moles-attend.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/search-indexer': patch
+---
+
+fix: remove node engine restriction

.changeset/pink-apples-nail.md

@@ -0,0 +1,7 @@
+---
+'@verdaccio/ui-theme': minor
+'@verdaccio/ui-components': minor
+'@verdaccio/config': minor
+---
+
+feat: forbidden user interface

.changeset/pink-balloons-leave.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/local-storage': patch
+---
+
+chore: reduce log to info if database is not found

.changeset/pre.json

@@ -1,6 +1,6 @@
 {
   "mode": "pre",
-  "tag": "next",
+  "tag": "next-7",
   "initialVersions": {
     "@verdaccio/test-cli-commons": "1.1.0",
     "@verdaccio/e2e-cli-npm6": "1.0.1",
@@ -39,7 +39,7 @@
     "verdaccio-memory": "11.0.0",
     "@verdaccio/ui-theme": "6.0.0",
     "@verdaccio/proxy": "6.0.0",
-    "@verdaccio/search": "6.0.0",
+    "@verdaccio/search-indexer": "6.0.0",
     "@verdaccio/server": "6.0.0",
     "@verdaccio/server-fastify": "6.0.0",
     "@verdaccio/signature": "6.0.0",
@@ -55,21 +55,41 @@
     "verdaccio": "6.0.0",
     "@verdaccio/web": "6.0.0",
     "@verdaccio/website": "5.20.2",
-    "@verdaccio/local-publish": "0.0.1"
+    "@verdaccio/local-publish": "0.0.1",
+    "@verdaccio/search": "7.0.0-next.0",
+    "@verdaccio/e2e-cli-pnpm9": "1.0.1"
   },
   "changesets": [
     "angry-trees-tie",
     "breezy-mayflies-pull",
     "chilled-carrots-guess",
     "eight-squids-judge",
+    "eighty-lobsters-study",
+    "good-cups-train",
+    "itchy-mangos-wink",
     "long-jars-collect",
+    "long-moles-attend",
     "old-turkeys-heal",
     "olive-bananas-wink",
     "perfect-chairs-act",
+    "pink-apples-nail",
+    "pink-balloons-leave",
+    "quick-buses-scream",
+    "real-socks-vanish",
+    "sharp-wolves-carry",
     "shiny-worms-retire",
     "shy-carrots-compare",
     "shy-garlics-cry",
+    "silent-shirts-knock",
+    "slow-wasps-glow",
+    "spicy-birds-flow",
+    "strange-points-repair",
+    "thirty-toes-swim",
+    "unlucky-cycles-sparkle",
     "weak-fans-explain",
+    "wicked-kiwis-check",
+    "wicked-worms-wash",
+    "wild-otters-talk",
     "young-donuts-own"
   ]
 }

.changeset/quick-buses-scream.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/store': patch
+---
+
+fix: avoid warning "time for version x already exists"

.changeset/real-socks-vanish.md

@@ -0,0 +1,5 @@
+---
+'verdaccio': patch
+---
+
+chore: test release

.changeset/sharp-wolves-carry.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/signature': minor
+---
+
+support for createCipher backward compatible

.changeset/silent-shirts-knock.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/config': patch
+---
+
+fix config builder erroring when passed partial config

.changeset/slow-wasps-glow.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/logger-prettify': patch
+---
+
+Avoid displaying "prettify pipeline error" if there is no error

.changeset/spicy-birds-flow.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/store': patch
+'@verdaccio/test-helper': patch
+---
+
+fix: store readme when publishing locally

.changeset/strange-points-repair.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/ui-theme': patch
+'@verdaccio/ui-components': patch
+---
+
+fix: render READMEs with correct font and highlighting

.changeset/thirty-toes-swim.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/ui-theme': patch
+'@verdaccio/ui-components': patch
+---
+
+fix: ui dialog break pages on open due remark error

.changeset/unlucky-cycles-sparkle.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/local-storage': patch
+---
+
+fix: error when writing tarball (missing folder)

.changeset/wicked-kiwis-check.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/auth': patch
+---
+
+fix: adduser error message grammar (@tobbe in #4586)

.changeset/wicked-worms-wash.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/store': patch
+'@verdaccio/tarball': patch
+---
+
+feat: add tarball details for published packages

.changeset/wild-otters-talk.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/api': patch
+---
+
+fix: bug on change password npm profile

.github/workflows/changesets.yml

@@ -25,16 +25,16 @@ jobs:
           fetch-depth: 0
 
       - name: setup node.js
-        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3
         with:
           node-version-file: '.nvmrc'
         env:
           NODE_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
 
-      - name: install pnpm
-        run: npm i pnpm@8.9.0 -g
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
+      - name: Install pnpm
+        run: |
+          corepack enable
+          corepack install
 
       - name: setup pnpm config
         run: pnpm config set store-dir $PNPM_CACHE_FOLDER

.github/workflows/ci-windows.yml

@@ -20,7 +20,7 @@ jobs:
     steps:
     - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
     - name: Node
-      uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
+      uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3
       with:
         node-version-file: '.nvmrc'
     - name: Install pnpm
@@ -29,14 +29,10 @@ jobs:
       run: |
         mkdir ~/.pnpm-store
         pnpm config set store-dir ~/.pnpm-store
-    - name: set store
-      run: |
-        mkdir ~/.pnpm-store
-        pnpm config set store-dir ~/.pnpm-store            
     - name: Install
       run: pnpm install --registry http://localhost:4873
     - name: Cache .pnpm-store
-      uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+      uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
       with:
         path: ~/.pnpm-store
         key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -49,12 +45,12 @@ jobs:
     steps:
       - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
       - name: Node
-        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
         run: npm i pnpm@latest-8 -g
-      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -73,12 +69,12 @@ jobs:
     steps:
       - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
       - name: Use Node
-        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
         run: npm i pnpm@latest-8 -g
-      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -102,12 +98,12 @@ jobs:
     steps:
       - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
       - name: Use Node ${{ matrix.node_version }}
-        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3
         with:
           node-version: ${{ matrix.node_version }}
       - name: Install pnpm
         run: npm i pnpm@latest-8 -g
-      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -127,12 +123,12 @@ jobs:
     name: UI Test E2E
     steps:
       - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
-      - uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
+      - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
         run: npm i pnpm@latest-8 -g
-      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}

.github/workflows/ci.yml

@@ -14,6 +14,9 @@ on:
       - 'pnpm-workspace.yaml'
 permissions:
   contents: read
+concurrency:
+  group: ci-${{ github.ref }}
+  cancel-in-progress: true  
 
 jobs:
   prepare:
@@ -29,7 +32,7 @@ jobs:
     steps:
       - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
       - name: Node
-        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
@@ -43,7 +46,7 @@ jobs:
       - name: Install
         run: pnpm install  --registry http://localhost:4873
       - name: Cache .pnpm-store
-        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+        uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -56,14 +59,14 @@ jobs:
     steps:
       - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
       - name: Node
-        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
         run: |
           corepack enable
           corepack install
-      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -81,14 +84,14 @@ jobs:
     steps:
       - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
       - name: Use Node
-        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
         run: |
           corepack enable
           corepack install
-      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -111,14 +114,14 @@ jobs:
     steps:
       - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
       - name: Use Node ${{ matrix.node_version }}
-        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3
         with:
           node-version: ${{ matrix.node_version }}
       - name: Install pnpm
         run: |
           corepack enable
           corepack prepare
-      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -135,17 +138,17 @@ jobs:
     needs: [test]
     runs-on: ubuntu-latest
     name: synchronize translations
-    if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
+    if: (github.event_name == 'push' && github.ref == 'refs/heads/master' && github.repository == 'verdaccio/verdaccio') || github.event_name == 'workflow_dispatch'
     steps:
       - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
-      - uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
+      - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
         run: |
           corepack enable
           corepack install
-      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}

.github/workflows/codeql-analysis.yml

@@ -34,7 +34,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@1500a131381b66de0c52ac28abb13cd79f4b7ecc # v2
+        uses: github/codeql-action/init@c7f9125735019aa87cfc361530512d50ea439c71 # v2
 
       # Override language selection by uncommenting this and choosing your languages
       # with:
@@ -42,7 +42,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@1500a131381b66de0c52ac28abb13cd79f4b7ecc # v2
+        uses: github/codeql-action/autobuild@c7f9125735019aa87cfc361530512d50ea439c71 # v2
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -56,4 +56,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@1500a131381b66de0c52ac28abb13cd79f4b7ecc # v2
+        uses: github/codeql-action/analyze@c7f9125735019aa87cfc361530512d50ea439c71 # v2

.github/workflows/docker-proxy-apache-e2e.yml

@@ -22,7 +22,7 @@ jobs:
       run: docker-compose -f "./e2e/docker/apache-verdaccio/docker-compose.yaml" up -d --build
 
     - name: Install node
-      uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
+      uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3
       with:
         node-version-file: '.nvmrc'
     - name: npm setup

.github/workflows/docker-proxy-nginx-e2e.yml

@@ -19,7 +19,7 @@ jobs:
       run: docker-compose -f "./e2e/docker/proxy-nginx/docker-compose.yaml" up -d --build
 
     - name: Install node
-      uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
+      uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3
       with:
         node-version-file: '.nvmrc'
     - name: npm setup

.github/workflows/docker-publish.yml

@@ -22,6 +22,7 @@ permissions:
 jobs:
   docker:
     runs-on: ubuntu-latest
+    if: github.repository == 'verdaccio/verdaccio'
     steps:
       - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
       - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # tag=v1

.github/workflows/e2e-ci.yml

@@ -3,6 +3,9 @@ name: E2E CLI
 on: [pull_request]
 permissions:
   contents: read
+concurrency:
+  group: e2e-ci-${{ github.ref }}
+  cancel-in-progress: true
 jobs:
   prepare:
     runs-on: ubuntu-latest
@@ -17,7 +20,7 @@ jobs:
     steps:
       - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
       - name: Use Node
-        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
@@ -31,7 +34,7 @@ jobs:
       - name: Install
         run: pnpm install --reporter=silence --ignore-scripts --registry http://localhost:4873
       - name: Cache .pnpm-store
-        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+        uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
@@ -43,14 +46,14 @@ jobs:
     steps:
       - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
       - name: Use Node 16
-        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
         run: |
           corepack enable
           corepack prepare 
-      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
@@ -62,7 +65,7 @@ jobs:
       - name: build
         run: pnpm build
       - name: Cache packages
-        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+        uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
         id: cache-packages
         with:
           path: ./packages/
@@ -80,7 +83,7 @@ jobs:
   e2e-cli-npm:
     needs: [prepare, build]
     strategy:
-      fail-fast: false
+      fail-fast: false      
       matrix:
         pkg:
           [
@@ -95,14 +98,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
-      - uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
+      - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3
         with:
           node-version: ${{ matrix.node }}
       - name: Install pnpm
         run: |
           corepack enable
           corepack prepare 
-      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
@@ -111,7 +114,51 @@ jobs:
           pnpm config set store-dir ~/.pnpm-store
       - name: Install
         run: pnpm install --offline --reporter=silence --ignore-scripts --registry http://localhost:4873
-      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
+        with:
+          path: ./packages/
+          key: pkg-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+      # - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
+      #   with:
+      #     path: ./e2e/
+      #     key: test-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+      - name: build e2e
+        run: pnpm --filter @verdaccio/test-cli-commons build
+      - name: Test CLI
+        run: NODE_ENV=production pnpm test --filter ...@verdaccio/e2e-cli-${{matrix.pkg}}
+
+  e2e-cli-pnpm:
+    needs: [prepare, build]
+    strategy:
+      fail-fast: true
+      matrix:
+        pkg:
+          [
+            pnpm8,
+            pnpm9,
+          ]
+        node: [20, 21]
+    name: ${{ matrix.pkg }}/ ubuntu-latest / ${{ matrix.node }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
+      - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3
+        with:
+          node-version: ${{ matrix.node }}
+      - name: Install pnpm
+        run: |
+          corepack enable
+          corepack prepare
+      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+      - name: set store
+        run: |
+          pnpm config set store-dir ~/.pnpm-store
+      - name: Install
+        run: pnpm install --loglevel debug --ignore-scripts --registry http://localhost:4873
+      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
         with:
           path: ./packages/
           key: pkg-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
@@ -123,51 +170,6 @@ jobs:
         run: pnpm --filter @verdaccio/test-cli-commons build
       - name: Test CLI
         run: NODE_ENV=production pnpm test --filter ...@verdaccio/e2e-cli-${{matrix.pkg}}
-  # TODO: fix pnpm setup
-  # e2e-cli-pnpm:
-  #   needs: [prepare, build]
-  #   strategy:
-  #     fail-fast: true
-  #     matrix:
-  #       pkg:
-  #         [          
-  #           pnpm6,
-  #           pnpm7,
-  #           pnpm8          
-  #         ]
-  #       node: [20, 21]
-  #   name: ${{ matrix.pkg }}/ ubuntu-latest / ${{ matrix.node }}
-  #   runs-on: ubuntu-latest
-  #   steps:
-  #     - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
-  #     - uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
-  #       with:
-  #         node-version: ${{ matrix.node }}
-  #     - name: Install pnpm
-  #       run: |
-  #         corepack enable
-  #         corepack prepare
-  #     - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
-  #       with:
-  #         path: ~/.pnpm-store
-  #         key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
-  #     - name: set store
-  #       run: |
-  #         pnpm config set store-dir ~/.pnpm-store
-  #     - name: Install
-  #       run: pnpm install --loglevel debug --ignore-scripts --registry http://localhost:4873
-  #     - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
-  #       with:
-  #         path: ./packages/
-  #         key: pkg-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
-  #     # - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
-  #     #   with:
-  #     #     path: ./e2e/
-  #     #     key: test-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
-  #     - name: build e2e
-  #       run: pnpm --filter @verdaccio/test-cli-commons build
-  #     - name: Test CLI
-  #       run: NODE_ENV=production pnpm test --filter ...@verdaccio/e2e-cli-${{matrix.pkg}}
   e2e-cli-yarn:
     needs: [prepare, build]
     strategy:
@@ -185,14 +187,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
-      - uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
+      - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3
         with:
           node-version: ${{ matrix.node }}
       - name: Install pnpm
         run: |
           corepack enable
           corepack prepare 
-      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
@@ -201,7 +203,7 @@ jobs:
           pnpm config set store-dir ~/.pnpm-store
       - name: Install
         run: pnpm install --offline --reporter=silence --ignore-scripts --registry http://localhost:4873
-      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
         with:
           path: ./packages/
           key: pkg-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}

.github/workflows/e2e-ui.yml

@@ -3,6 +3,9 @@ name: E2E UI
 on: [pull_request]
 permissions:
   contents: read
+concurrency:
+  group: e2e-ui-${{ github.ref }}
+  cancel-in-progress: true  
 jobs:
   test:
     runs-on: ubuntu-latest
@@ -17,7 +20,7 @@ jobs:
     steps:
       - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
       - name: Use Node
-        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
@@ -30,7 +33,7 @@ jobs:
         run: pnpm build
       - name: Test UI
         run: pnpm test:e2e:ui
-      - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3
+      - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v3
         with:
           name: videos
           path: /home/runner/work/verdaccio/verdaccio/e2e/ui/cypress/videos

.github/workflows/static-data.yml

@@ -18,12 +18,13 @@ jobs:
   prepare:
     name: Run script
     runs-on: ubuntu-latest
+    if: github.repository == 'verdaccio/verdaccio'
     steps:
       - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
         with:
           persist-credentials: false
           fetch-depth: 0
-      - uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
+      - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3
         with:
           node-version: 18.x
       - name: install pnpm
@@ -45,7 +46,7 @@ jobs:
       - name: format
         run: pnpm format
       - name: Commit & Push changes
-        uses: actions-js/push@156f2b10c3aa000c44dbe75ea7018f32ae999772 # tag=v1.4
+        uses: actions-js/push@5a7cbd780d82c0c937b5977586e641b2fd94acc5 # tag=v1.5
         with:
           github_token: ${{ secrets.TOKEN_VERDACCIOBOT_GITHUB }}
           message: "chore: updated static data"

.github/workflows/ui-components.yml

@@ -1,19 +1,9 @@
 name: UI Components
 
-on: 
+on:
   workflow_dispatch:
-  pull_request:
-    branches-ignore:
-      - 'renovate/*'
-      - 'dependabot/*'    
-    paths:
-    - .github/workflows/ui-components.yml
-    - 'packages/ui-components/**'
-    - 'package.json'
-    - 'pnpm-workspace.yaml'
-    - 'pnpm-lock.yaml'
   schedule:
-      - cron: '0 0 * * 1'     
+    - cron: '0 0 * * *' 
 
 permissions:
   contents: read  #  to fetch code (actions/checkout)
@@ -29,18 +19,19 @@ jobs:
       pull-requests: write  #  to comment on pull-requests
 
     runs-on: ubuntu-latest
+    if: github.repository == 'verdaccio/verdaccio'
     env:
       NODE_OPTIONS: --max_old_space_size=4096
     steps:
       - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
 
       - name: Use Node
-        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3
         with:
           node-version-file: '.nvmrc'
 
       - name: Cache pnpm modules
-        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+        uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
         env:
           cache-name: cache-pnpm-modules
         with:
@@ -60,24 +51,8 @@ jobs:
       - name: Copy public content
         # the msw.js worker is need it at the storybook-static folder in production
         run: cp -R packages/ui-components/public/* packages/ui-components/storybook-static
-      - name: 🔥 Deploy Production UI Netlify
-        if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
-        uses: verdaccio/action-netlify-deploy@1c086d59169edeec9254672c7de17d2ceac3928f # v2.0.0
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          netlify-auth-token: ${{ secrets.NETLIFY_AUTH_TOKEN }}
-          netlify-site-id: ${{ secrets.NETLIFY_UI_SITE_ID }}
-          build-dir: './packages/ui-components/storybook-static'          
-      - name: 🤖 Deploy Preview UI Components Netlify
-        if: github.repository == 'verdaccio/verdaccio'
-        uses: semoal/action-netlify-deploy@1a53f098745bf78555d11b436f5ee3af87e6b566
-        id: netlify_preview_ui
-        with:
-          draft: true
-          comment-on-pull-request: true
-          github-deployment-is-production: false
-          github-deployment-is-transient: true
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          netlify-auth-token: ${{ secrets.NETLIFY_AUTH_TOKEN }}
-          netlify-site-id: ${{ secrets.NETLIFY_UI_SITE_ID }}
-          build-dir: './packages/ui-components/storybook-static'
+      - name: Deploy to Netlify
+        env:
+          NETLIFY_SITE_ID: ${{ secrets.NETLIFY_UI_SITE_ID }}
+          NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
+        run: pnpm --filter ...@verdaccio/ui-components netlify:ui:deploy

.github/workflows/website.yml

@@ -2,13 +2,6 @@ name: Verdaccio Website CI
 
 on:
   workflow_dispatch:
-  pull_request:
-    branches-ignore:
-      - 'renovate/*'
-      - 'dependabot/*'    
-    paths:
-        - 'website/**'
-        - './.github/workflows/website.yml'
   schedule:
     - cron: '0 0 * * *' 
 
@@ -23,6 +16,7 @@ jobs:
       pull-requests: write  #  to comment on pull-requests
 
     runs-on: ubuntu-latest
+    if: github.repository == 'verdaccio/verdaccio'
     name: setup verdaccio
     services:
       verdaccio:
@@ -37,7 +31,7 @@ jobs:
       - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
 
       - name: Node
-        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
@@ -51,7 +45,7 @@ jobs:
       - name: Install
         run: pnpm install  --registry http://localhost:4873
       - name: Cache .pnpm-store
-        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+        uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -62,94 +56,21 @@ jobs:
       - name: Build Translations percentage
         run: pnpm --filter @verdaccio/crowdin-translations build
       - name: Cache Docusaurus Build
-        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+        uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
         with:
           path: website/node_modules/.cache/webpack
           key: cache/webpack-${{github.ref}}-${{ hashFiles('**/pnpm-lock.yaml') }}
           restore-keys: cache/webpack-${{github.ref}}
-
-      # Will deploy to production on:
-        # 1st: When a push occurs on master branch
-        # 2nd: When we force the worflow dispatch through the UI
       - name: Build Production
-        if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
+        if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
         env:
           CROWDIN_VERDACCIO_API_KEY: ${{ secrets.CROWDIN_VERDACCIO_API_KEY }}
           SENTRY_KEY: ${{ secrets.SENTRY_KEY }}
           CONTEXT: production
-        run: pnpm --filter @verdaccio/website netlify:build:production
-
-      - name: 🔥 Deploy Production Netlify
-        if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
-        uses: semoal/action-netlify-deploy@1a53f098745bf78555d11b436f5ee3af87e6b566
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          netlify-auth-token: ${{ secrets.NETLIFY_AUTH_TOKEN }}
-          netlify-site-id: ${{ secrets.NETLIFY_SITE_ID }}
-          build-dir: './website/build'
-
-      # Will deploy to Preview URL, only when a pull request is open with changes on the website
-      - name: Build Deployment Preview
+        run: pnpm --filter @verdaccio/website netlify:build
+      - name: Deploy to Netlify
         env:
-          CONTEXT: deploy-preview
-        run: pnpm --filter ...@verdaccio/website netlify:build:deployPreview
+          NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }}
+          NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
+        run: pnpm --filter ...@verdaccio/website netlify:deploy 
 
-      - name: 🤖 Deploy Preview Netlify
-        if: github.repository == 'verdaccio/verdaccio'
-        uses: semoal/action-netlify-deploy@1a53f098745bf78555d11b436f5ee3af87e6b566
-        id: netlify_preview
-        with:
-          draft: true
-          comment-on-pull-request: true
-          github-deployment-is-production: false
-          github-deployment-is-transient: true
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          netlify-auth-token: ${{ secrets.NETLIFY_AUTH_TOKEN }}
-          netlify-site-id: ${{ secrets.NETLIFY_SITE_ID }}
-          build-dir: './website/build'
-
-      - name: Audit preview URL with Lighthouse
-        if: github.repository == 'verdaccio/verdaccio'
-        id: lighthouse_audit
-        uses: treosh/lighthouse-ci-action@03becbfc543944dd6e7534f7ff768abb8a296826 # tag=10.1.0
-        with:
-          urls: |
-            ${{ steps.netlify_preview.outputs.preview-url }}
-          uploadArtifacts: true
-          temporaryPublicStorage: true
-
-      - name: Format lighthouse score
-        id: format_lighthouse_score
-        uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6
-        with:
-          github-token: ${{secrets.GITHUB_TOKEN}}
-          script: |
-            const result = ${{ steps.lighthouse_audit.outputs.manifest }}[0].summary
-            const links = ${{ steps.lighthouse_audit.outputs.links }}
-            const formatResult = (res) => Math.round((res * 100))
-            Object.keys(result).forEach(key => result[key] = formatResult(result[key]))
-            const score = res => res >= 90 ? '🟢' : res >= 50 ? '🟠' : '🔴'
-            const comment = [
-                `⚡️ [Lighthouse report](${Object.values(links)[0]}) for the changes in this PR:`,
-                '| Category | Score |',
-                '| --- | --- |',
-                `| ${score(result.performance)} Performance | ${result.performance} |`,
-                `| ${score(result.accessibility)} Accessibility | ${result.accessibility} |`,
-                `| ${score(result['best-practices'])} Best practices | ${result['best-practices']} |`,
-                `| ${score(result.seo)} SEO | ${result.seo} |`,
-                ' ',
-                `*Lighthouse ran on [${Object.keys(links)[0]}](${Object.keys(links)[0]})*`
-            ].join('\n')
-             core.setOutput("comment", comment);
-
-      - name: Add comment to PR
-        if: github.repository == 'verdaccio/verdaccio'
-        id: comment_to_pr
-        uses: marocchino/sticky-pull-request-comment@efaaab3fd41a9c3de579aba759d2552635e590fd # v2
-        with:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          number: ${{ github.event.issue.number }}
-          delete: true
-          header: lighthouse
-          message: |
-            ${{ steps.format_lighthouse_score.outputs.comment }}

.netlify/netlify-plugin-pnpm/index.js

@@ -1,10 +0,0 @@
-module.exports = {
-  onPreBuild: async ({ utils: { build, run } }) => {
-    try {
-      await run.command("npm install -g pnpm")
-      await run.command("pnpm install --ignore-scripts --frozen-lockfile")
-    } catch (error) {
-      return build.failBuild(error)
-    }
-  }
-}

.netlify/netlify-plugin-pnpm/manifest.yml

@@ -1,2 +0,0 @@
-name: netlify-plugin-pnpm
-inputs: []

CONTRIBUTING.md

@@ -78,14 +78,14 @@ pnpm build
 pnpm test
 ```
 
-Verdaccio is a mono repository. To run the tests for for a specific package:
+Verdaccio is a mono repository. To run the tests for a specific package:
 
 ```shell
 cd packages/store
 pnpm test
 ```
 
-or an specific test in that package:
+or a specific test in that package:
 
 ```shell
 pnpm test test/merge.dist.tags.spec.ts
@@ -129,7 +129,7 @@ The user interface is split in two packages, the `/packages/plugins/ui-theme` an
 
 Go to `/packages/ui-component` and run `pnpm watch` to enable _babel_ in watch mode, every change on the components will be hot reloaded in combination with the `pnpm start` command.
 
-Any change on the server packages, must be build independently (server do not has hot reload, `pnpm start` should be triggered again).
+Any change on the server packages, must be build independently (server does not have hot reload, `pnpm start` should be triggered again).
 
 Any interaction with the server should be done through the port `8000` eg: `npm login --registry http://localhost:8000` .
 
@@ -142,7 +142,7 @@ Any interaction with the server should be done through the port `8000` eg: `npm
 
 #### Debugging compiled code {#debugging-compiled-code}
 
-Currently you can only run pre-compiled packages in debug mode. To enable debug
+Currently, you can only run pre-compiled packages in debug mode. To enable debug
 while running add the `verdaccio` namespace using the `DEBUG` environment
 variable, like this:
 
@@ -164,7 +164,7 @@ of the output is sent to the logger module.
 
 #### Testing your changes in a local registry {#testing-local-registry}
 
-Once you have perform your changes in the code base, the build and tests passes you can publish a local version:
+Once you have performed your changes in the code base, the build and tests passes you can publish a local version:
 
 - Ensure you have built all modules by running `pnpm build` (or the one you have modified)
 - Run `pnpm local:publish:release` to launch a local registry and publish all packages into it. This command will be alive until server is killed (Control Key + C)
@@ -181,7 +181,7 @@ npm i -g verdaccio --registry=http://localhost:4873
 verdaccio
 ```
 
-If you perform more changes in the source code, repeat this process, there is not _hot reloading_ support.
+If you perform more changes in the source code, repeat this process, there is no _hot reloading_ support.
 
 ## Feature Request {#feature-request}
 
@@ -208,7 +208,7 @@ a report in our [issue tracker](https://github.com/verdaccio/verdaccio/issues),
 > **NOTE: Verdaccio still does not support all npm commands. Some were not
 > considered important and others have not been requested yet.**
 
-### What's is not considered a bug?
+### What is not considered a bug?
 
 - _Third party integrations_: proxies integrations, external plugins
 - _Package managers_: If a package manager does not support a specific command
@@ -272,7 +272,7 @@ information on [rebasing](https://git-scm.com/book/en/v2/Git-Branching-Rebasing)
 
 #### Caveats
 
-Feel free to commit as much times you want in your branch, but keep on mind on
+Feel free to commit as many times you want in your branch, but keep on mind on
 this repository we `git squash` on merge by default, as we like to maintain a
 clean git history.
 
@@ -359,7 +359,7 @@ The last step is to confirm your changeset or abort the operation:
 🦋  info /Users/user/verdaccio.clone/.changeset/light-scissors-smell.md
 ```
 
-Once the changeset is added (all will have an unique name) you can freely edit
+Once the changeset is added (all will have a unique name) you can freely edit
 using markdown, adding additional information, code snippets or whatever else
 you consider to be relevant.
 
@@ -395,7 +395,7 @@ For adding a new **language** on the UI follow these steps:
 1. Ensure the **language** has been enabled, must be visible in the `crowdin` platform.
 2. Find in the explorer the file `en.US.json` in the path `packages/plugins/ui-theme/src/i18n/crowdin/ui.json` and complete the translations, **not need to find approval on this**.
 3. Into the project, add a new field into `packages/plugins/ui-theme/src/i18n/crowdin/ui.json` file, in the section `lng`, the new language, eg: `{ lng: {korean:"Korean"}}`. (This file is English based, once the PR has been merged, this string will be available in crowdin for translate to the targeted language).
-4. Add the language, [flag icon](https://www.npmjs.com/package/country-flag-icons), and the menu key fort he new language eg: `menuKey: 'lng.korean'` to the file `packages/plugins/ui-theme/src/i18n/enabledLanguages.ts`.
+4. Add the language, [flag icon](https://www.npmjs.com/package/country-flag-icons), and the menu key for the new language eg: `menuKey: 'lng.korean'` to the file `packages/plugins/ui-theme/src/i18n/enabledLanguages.ts`.
 5. For local testing, read `packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md`.
 6. Add a `changeset` file, see more info below.
 

README.md

@@ -1,4 +1,4 @@
-[![BannerUK](https://cdn.verdaccio.dev/readme/banner-uk.svg)](https://donate.redcrossredcrescent.org/ua/donate/~my-donation?_cv=1)
+[![BannerHelp](https://cdn.verdaccio.dev/readme/banner-uk.svg)](https://u24.gov.ua)
 
 > Verdaccio stands for **peace**, stop the war, we will be yellow / blue 🇺🇦 until that happens.
 
@@ -43,7 +43,7 @@ Google Cloud Storage** or create your own plugin.
 Install with npm:
 
 ```bash
-npm install --location=global verdaccio@next
+npm install -g verdaccio@next
 ```
 
 With `yarn`
@@ -79,15 +79,37 @@ Furthermore, you can read the [**Debugging Guidelines**](https://github.com/verd
 You can develop your own [plugins](https://verdaccio.org/docs/plugins) with the [verdaccio generator](https://github.com/verdaccio/generator-verdaccio-plugin). Installing [Yeoman](https://yeoman.io/) is required.
 
 ```
-npm install --location=global yo
-npm install --location=global generator-verdaccio-plugin
+npm install -g yo
+npm install -g generator-verdaccio-plugin
 ```
 
 Learn more [here](https://verdaccio.org/docs/dev-plugins) how to develop plugins. Share your plugins with the community.
 
+## Integration Tests
+
+In our compatibility testing project, we're dedicated to ensuring that your favorite commands work seamlessly across different versions of npm, pnpm, and Yarn. From publishing packages to managing dependencies.
+Our goal is to give you the confidence to use your preferred package manager without any issues. So dive in, check out our matrix, and see how your commands fare across the board!
+
+[Learn or contribute here](https://github.com/verdaccio/verdaccio/tree/master/e2e/cli)
+
+### Commands
+
+| cmd       | npm6 | npm7 | npm8 | npm9 | npm10 | pnpm8 | pnpm9 (beta) | yarn1 | yarn2 | yarn3 | yarn4 |
+| --------- | ---- | ---- | ---- | ---- | ----- | ----- | ------------ | ----- | ----- | ----- | ----- |
+| publish   | ✅   | ✅   | ✅   | ✅   | ✅    | ✅    | ✅           | ✅    | ✅    | ✅    | ✅    |
+| info      | ✅   | ✅   | ✅   | ✅   | ✅    | ✅    | ✅           | ✅    | ✅    | ✅    | ✅    |
+| audit     | ✅   | ✅   | ✅   | ✅   | ✅    | ✅    | ✅           | ✅    | ✅    | ✅    | ❌    |
+| install   | ✅   | ✅   | ✅   | ✅   | ✅    | ✅    | ✅           | ✅    | ✅    | ✅    | ✅    |
+| deprecate | ✅   | ✅   | ✅   | ✅   | ✅    | ✅    | ✅           | ⛔    | ⛔    | ⛔    | ⛔    |
+| ping      | ✅   | ✅   | ✅   | ✅   | ✅    | ✅    | ✅           | ⛔    | ⛔    | ⛔    | ⛔    |
+| search    | ✅   | ✅   | ✅   | ✅   | ✅    | ✅    | ✅           | ⛔    | ⛔    | ⛔    | ⛔    |
+| star      | ✅   | ✅   | ✅   | ✅   | ✅    | ✅    | ✅           | ⛔    | ⛔    | ⛔    | ⛔    |
+| stars     | ✅   | ✅   | ✅   | ✅   | ✅    | ✅    | ✅           | ⛔    | ⛔    | ⛔    | ⛔    |
+| dist-tag  | ✅   | ✅   | ✅   | ✅   | ✅    | ✅    | ✅           | ✅    | ❌    | ❌    | ❌    |
+
 ## Donations
 
-Verdaccio is run by **volunteers**; nobody is working full-time on it. If you find this project to be useful and would like to support its development, consider do a long support donation - **and your logo will be on this section of the readme.**
+Verdaccio is run by **volunteers**; nobody is working full-time on it. If you find this project to be useful and would like to support its development, consider doing a long support donation - **and your logo will be on this section of the readme.**
 
 **[Donate](https://github.com/sponsors/verdaccio)** 💵👍🏻 starting from _$1/month_ or just one single contribution.
 
@@ -113,7 +135,7 @@ If you want to use a modified version of some 3rd-party package (for example, yo
 ### E2E Testing
 
 Verdaccio has proved to be a lightweight registry that can be
-booted in a couple of seconds, fast enough for any CI. Many open source projects use verdaccio for end to end testing, to mention some examples, **create-react-app**, **mozilla neutrino**, **pnpm**, **storybook**, **babel.js**, **angular-cli** or **docusaurus**. You can read more in [here](https://verdaccio.org/docs/e2e).
+booted in a couple of seconds, fast enough for any CI. Many open source projects use Verdaccio for end to end testing, to mention some examples, **create-react-app**, **mozilla neutrino**, **pnpm**, **storybook**, **babel.js**, **angular-cli** or **docusaurus**. You can read more in [here](https://verdaccio.org/docs/e2e).
 
 Furthermore, here few examples how to start:
 
@@ -123,7 +145,7 @@ Furthermore, here few examples how to start:
 
 ## Watch our Videos
 
-**Node Congress 2022, February 2022, Online Free**
+**Node 2022, February 2022, Online Free**
 
 <div>
    <a href="https://portal.gitnation.org/contents/five-ways-of-taking-advantage-of-verdaccio-your-private-and-proxy-nodejs-registry">
@@ -200,7 +222,7 @@ docker pull verdaccio/verdaccio:nightly-master
 
 Available as [tags](https://hub.docker.com/r/verdaccio/verdaccio/tags/).
 
-### Running verdaccio using Docker
+### Running Verdaccio using Docker
 
 To run the docker container:
 
@@ -212,35 +234,35 @@ Docker examples are available [in this repository](https://github.com/verdaccio/
 
 ## Compatibility
 
-Verdaccio aims to support all features of a standard npm client that make sense to support in private repository. Unfortunately, it isn't always possible.
+Verdaccio aims to support all features of a standard npm client that make sense to support in a private repository. Unfortunately, it isn't always possible.
 
 ### Basic features
 
-- Installing packages (npm install, npm upgrade, etc.) - **supported**
-- Publishing packages (npm publish) - **supported**
+- Installing packages (`npm install`, `npm update`, etc.) - **supported**
+- Publishing packages (`npm publish`) - **supported**
 
 ### Advanced package control
 
-- Unpublishing packages (npm unpublish) - **supported**
-- Tagging (npm tag) - **supported**
-- Deprecation (npm deprecate) - **supported**
+- Unpublishing packages (`npm unpublish`) - **supported**
+- Tagging (`npm dist-tag`) - **supported**
+- Deprecation (`npm deprecate`) - **supported**
 
 ### User management
 
-- Registering new users (npm adduser {newuser}) - **supported**
-- Change password (npm profile set password) - **supported**
-- Transferring ownership (npm owner add {user} {pkg}) - not supported, _PR-welcome_
-- Token (npm token) - **supported**
+- Registering new users (`npm adduser {newuser}`) - **supported**
+- Change password (`npm profile set password`) - **supported**
+- Transferring ownership (`npm owner add {user} {pkg}`) - not supported, _PR-welcome_
+- Token (`npm token`) - **supported**
 
-### Miscellany
+### Miscellaneous
 
-- Searching (npm search) - **supported** (cli / browser)
-- Ping (npm ping) - **supported**
-- Starring (npm star, npm unstar, npm stars) - **supported**
+- Searching (`npm search`) - **supported** (cli / browser)
+- Ping (`npm ping`) - **supported**
+- Starring (`npm star`, `npm unstar`, `npm stars`) - **supported**
 
 ### Security
 
-- npm/yarn audit - **supported**
+- Audit (`npm/yarn audit`) - **supported**
 
 ## Report a vulnerability
 
@@ -269,7 +291,7 @@ Thanks to the following companies to help us to achieve our goals providing free
 | ![priscilawebdev](https://avatars2.githubusercontent.com/u/29228205?s=120&v=4) | ![DanielRuf](https://avatars3.githubusercontent.com/u/827205?s=120&v=4)  |
 | [@priscilawebdev](https://twitter.com/priscilawebdev)                          | [@DanielRufde](https://twitter.com/DanielRufde)                          |
 
-You can find and chat with then over Discord, click [here](http://chat.verdaccio.org) or follow them at _Twitter_.
+You can find and chat with them over Discord, click [here](http://chat.verdaccio.org) or follow them at _Twitter_.
 
 ## Who is using Verdaccio?
 
@@ -323,7 +345,7 @@ This project exists thanks to all the people who contribute. [[Contribute](CONTR
 
 ### FAQ / Contact / Troubleshoot
 
-If you have any issue you can try the following options, do no desist to ask or check our issues database, perhaps someone has asked already what you are looking for.
+If you have any issue you can try the following options. Do no hesitate to ask or check our issues database. Perhaps someone has asked already what you are looking for.
 
 - [Blog](https://verdaccio.org/blog/)
 - [Donations](https://github.com/sponsors/verdaccio)

SECURITY.md

@@ -34,7 +34,7 @@ Note that time-frame and processes are subject to each program’s own policy.
 
 - Report the security issue to the project maintainers directly at verdaccio@pm.me. If the report contains highly sensitive information, please be advised to encrypt your findings using our [PGP key](https://cdn.verdaccio.dev/gpg/publickey.verdaccio@pm.me.asc) which is also available in this document.
 
-Your efforts to responsibly disclose your findings are sincerely appreciated and will be taken into account to acknowledge your contributions.
+Your efforts to responsibly disclose your findings are sincerely appreciated. There isn't a security bounty program available, but any security contributions will be duly acknowledged to recognize your valuable input.
 
 ## PGP key
 

docker-examples/v5/plugins/docker-build-install-plugin/docker.yaml

@@ -88,7 +88,7 @@ packages:
     # and three keywords: "$all", "$anonymous", "$authenticated"
     access: $all
 
-    # allow all known users to publish/publish packages
+    # allow all known users to publish/unpublish packages
     # (anyone can register by default, remember?)
     publish: $authenticated
     unpublish: $authenticated

docker-examples/v5/plugins/docker-local-plugin/docker.yaml

@@ -90,7 +90,7 @@ packages:
     # and three keywords: "$all", "$anonymous", "$authenticated"
     access: $all
 
-    # allow all known users to publish/publish packages
+    # allow all known users to publish/unpublish packages
     # (anyone can register by default, remember?)
     publish: $authenticated
     unpublish: $authenticated

docker-examples/v6/plugins/docker-build-install-plugin/docker.yaml

@@ -88,7 +88,7 @@ packages:
     # and three keywords: "$all", "$anonymous", "$authenticated"
     access: $all
 
-    # allow all known users to publish/publish packages
+    # allow all known users to publish/unpublish packages
     # (anyone can register by default, remember?)
     publish: $authenticated
     unpublish: $authenticated

docker-examples/v6/plugins/docker-local-plugin/docker.yaml

@@ -90,7 +90,7 @@ packages:
     # and three keywords: "$all", "$anonymous", "$authenticated"
     access: $all
 
-    # allow all known users to publish/publish packages
+    # allow all known users to publish/unpublish packages
     # (anyone can register by default, remember?)
     publish: $authenticated
     unpublish: $authenticated

e2e/cli/README.md

@@ -7,18 +7,18 @@
 
 ### Commands Tested
 
-| cmd       | npm6 | npm7 | npm8 | npm9 | npm10 | pnpm6 | pnpm7 | yarn1 | yarn2 | yarn3 | yarn4 |
-| --------- | ---- | ---- | ---- | ---- | ----- | ----- | ----- | ----- | ----- | ----- | ----- |
-| publish   | ✅   | ✅   | ✅   | ✅   | ✅    | ✅    | ✅    | ✅    | ✅    | ✅    | ✅    |
-| info      | ✅   | ✅   | ✅   | ✅   | ✅    | ✅    | ✅    | ✅    | ✅    | ✅    | ✅    |
-| audit     | ✅   | ✅   | ✅   | ✅   | ✅    | ✅    | ✅    | ✅    | ✅    | ✅    | ❌    |
-| install   | ✅   | ✅   | ✅   | ✅   | ✅    | ✅    | ✅    | ✅    | ✅    | ✅    | ✅    |
-| deprecate | ✅   | ✅   | ✅   | ✅   | ✅    | ✅    | ✅    | ⛔    | ⛔    | ⛔    | ⛔    |
-| ping      | ✅   | ✅   | ✅   | ✅   | ✅    | ✅    | ✅    | ⛔    | ⛔    | ⛔    | ⛔    |
-| search    | ✅   | ✅   | ✅   | ✅   | ✅    | ✅    | ✅    | ⛔    | ⛔    | ⛔    | ⛔    |
-| star      | ✅   | ✅   | ✅   | ✅   | ✅    | ✅    | ✅    | ⛔    | ⛔    | ⛔    | ⛔    |
-| stars     | ✅   | ✅   | ✅   | ✅   | ✅    | ✅    | ✅    | ⛔    | ⛔    | ⛔    | ⛔    |
-| dist-tag  | ✅   | ✅   | ✅   | ✅   | ✅    | ✅    | ✅    | ✅    | ❌    | ❌    | ❌    |
+| cmd       | npm6 | npm7 | npm8 | npm9 | npm10 | pnpm8 | pnpm9 (beta) | yarn1 | yarn2 | yarn3 | yarn4 |
+| --------- | ---- | ---- | ---- | ---- | ----- | ----- | ------------ | ----- | ----- | ----- | ----- |
+| publish   | ✅   | ✅   | ✅   | ✅   | ✅    | ✅    | ✅           | ✅    | ✅    | ✅    | ✅    |
+| info      | ✅   | ✅   | ✅   | ✅   | ✅    | ✅    | ✅           | ✅    | ✅    | ✅    | ✅    |
+| audit     | ✅   | ✅   | ✅   | ✅   | ✅    | ✅    | ✅           | ✅    | ✅    | ✅    | ❌    |
+| install   | ✅   | ✅   | ✅   | ✅   | ✅    | ✅    | ✅           | ✅    | ✅    | ✅    | ✅    |
+| deprecate | ✅   | ✅   | ✅   | ✅   | ✅    | ✅    | ✅           | ⛔    | ⛔    | ⛔    | ⛔    |
+| ping      | ✅   | ✅   | ✅   | ✅   | ✅    | ✅    | ✅           | ⛔    | ⛔    | ⛔    | ⛔    |
+| search    | ✅   | ✅   | ✅   | ✅   | ✅    | ✅    | ✅           | ⛔    | ⛔    | ⛔    | ⛔    |
+| star      | ✅   | ✅   | ✅   | ✅   | ✅    | ✅    | ✅           | ⛔    | ⛔    | ⛔    | ⛔    |
+| stars     | ✅   | ✅   | ✅   | ✅   | ✅    | ✅    | ✅           | ⛔    | ⛔    | ⛔    | ⛔    |
+| dist-tag  | ✅   | ✅   | ✅   | ✅   | ✅    | ✅    | ✅           | ✅    | ❌    | ❌    | ❌    |
 
 > notes:
 >

e2e/cli/cli-commons/package.json

@@ -5,8 +5,8 @@
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
   "devDependencies": {
-    "@verdaccio/config": "workspace:7.0.0-next.6",
-    "@verdaccio/core": "workspace:7.0.0-next.6",
+    "@verdaccio/config": "workspace:7.0.0-next-7.14",
+    "@verdaccio/core": "workspace:7.0.0-next-7.14",
     "@verdaccio/types": "workspace:12.0.0-next.2",
     "debug": "4.3.4",
     "fs-extra": "11.2.0",
@@ -14,7 +14,7 @@
     "got": "11.8.6",
     "js-yaml": "4.1.0",
     "lodash": "4.17.21",
-    "verdaccio": "workspace:7.0.0-next.6"
+    "verdaccio": "workspace:7.0.0-next-7.14"
   },
   "scripts": {
     "test": "jest",

e2e/cli/e2e-npm10/package.json

@@ -4,7 +4,7 @@
   "version": "1.0.1",
   "dependencies": {
     "@verdaccio/test-cli-commons": "workspace:1.1.0",
-    "npm": "10.2.5"
+    "npm": "10.5.0"
   },
   "scripts": {
     "test": "jest"

e2e/cli/e2e-npm6/package.json

@@ -4,7 +4,7 @@
   "version": "1.0.1",
   "dependencies": {
     "@verdaccio/test-cli-commons": "workspace:1.1.0",
-    "npm": "9.9.2"
+    "npm": "9.9.3"
   },
   "scripts": {
     "test": "jest"

e2e/cli/e2e-npm7/package.json

@@ -4,7 +4,7 @@
   "version": "1.0.1",
   "dependencies": {
     "@verdaccio/test-cli-commons": "workspace:1.1.0",
-    "npm": "9.9.2"
+    "npm": "9.9.3"
   },
   "scripts": {
     "test": "jest"

e2e/cli/e2e-npm8/package.json

@@ -4,7 +4,7 @@
   "version": "1.0.1",
   "dependencies": {
     "@verdaccio/test-cli-commons": "workspace:1.1.0",
-    "npm": "9.9.2"
+    "npm": "9.9.3"
   },
   "scripts": {
     "test": "jest"

e2e/cli/e2e-npm9/package.json

@@ -4,7 +4,7 @@
   "version": "1.0.1",
   "dependencies": {
     "@verdaccio/test-cli-commons": "workspace:1.1.0",
-    "npm": "9.9.2"
+    "npm": "9.9.3"
   },
   "scripts": {
     "test": "jest"

e2e/cli/e2e-pnpm6/CHANGELOG.md

@@ -1,63 +0,0 @@
-# @verdaccio/e2e-cli-pnpm6
-
-## 1.0.1
-
-### Patch Changes
-
-- 351aeeaa8: fix(deps): @verdaccio/utils should be a prod dep of local-storage
-- Updated dependencies [351aeeaa8]
-- Updated dependencies [d167f92e1]
-- Updated dependencies [c383eb68c]
-  - @verdaccio/test-cli-commons@1.1.0
-
-## 1.0.1-6-next.7
-
-### Patch Changes
-
-- Updated dependencies [c383eb68]
-  - @verdaccio/test-cli-commons@1.1.0-6-next.7
-
-## 1.0.1-6-next.6
-
-### Patch Changes
-
-- Updated dependencies [d167f92e]
-  - @verdaccio/test-cli-commons@1.1.0-6-next.6
-
-## 1.0.1-6-next.5
-
-### Patch Changes
-
-- @verdaccio/test-cli-commons@1.0.1-6-next.5
-
-## 1.0.1-6-next.4
-
-### Patch Changes
-
-- @verdaccio/test-cli-commons@1.0.1-6-next.4
-
-## 1.0.1-6-next.3
-
-### Patch Changes
-
-- 351aeeaa: fix(deps): @verdaccio/utils should be a prod dep of local-storage
-- Updated dependencies [351aeeaa]
-  - @verdaccio/test-cli-commons@1.0.1-6-next.3
-
-## 1.0.1-6-next.2
-
-### Patch Changes
-
-- @verdaccio/test-cli-commons@1.0.1-6-next.2
-
-## 1.0.1-6-next.1
-
-### Patch Changes
-
-- @verdaccio/test-cli-commons@1.0.1-6-next.1
-
-## 1.0.1-6-next.0
-
-### Patch Changes
-
-- @verdaccio/test-cli-commons@1.0.1-6-next.0

e2e/cli/e2e-pnpm6/audit.spec.ts

@@ -1,45 +0,0 @@
-import { addRegistry, initialSetup, prepareGenericEmptyProject } from '@verdaccio/test-cli-commons';
-
-import { pnpm } from './utils';
-
-describe('audit a package', () => {
-  jest.setTimeout(10000);
-  let registry;
-
-  beforeAll(async () => {
-    const setup = await initialSetup();
-    registry = setup.registry;
-    await registry.init();
-  });
-
-  test.each([['verdaccio-memory', '@verdaccio/cli']])(
-    'should audit a package %s',
-    async (pkgName) => {
-      const { tempFolder } = await prepareGenericEmptyProject(
-        pkgName,
-        '1.0.0-patch',
-        registry.port,
-        registry.getToken(),
-        registry.getRegistryUrl(),
-        { jquery: '3.6.1' }
-      );
-      // install is required to create package lock file
-      await pnpm({ cwd: tempFolder }, 'install', ...addRegistry(registry.getRegistryUrl()));
-      const resp = await pnpm(
-        { cwd: tempFolder },
-        'audit',
-        '--json',
-        ...addRegistry(registry.getRegistryUrl())
-      );
-      const parsedBody = JSON.parse(resp.stdout as string);
-      expect(parsedBody.metadata).toBeDefined();
-      expect(parsedBody.actions).toBeDefined();
-      expect(parsedBody.advisories).toBeDefined();
-      expect(parsedBody.muted).toBeDefined();
-    }
-  );
-
-  afterAll(async () => {
-    registry.stop();
-  });
-});

e2e/cli/e2e-pnpm6/utils.ts

@@ -1,14 +0,0 @@
-import { SpawnOptions } from 'child_process';
-import { join } from 'path';
-
-import { exec } from '@verdaccio/test-cli-commons';
-
-function getCommand() {
-  return join(__dirname, './node_modules/.bin/pnpm');
-}
-
-function pnpm(options: SpawnOptions, ...args: string[]) {
-  return exec(options, getCommand(), args);
-}
-
-export { pnpm };

e2e/cli/e2e-pnpm7/.babelrc

@@ -1,3 +0,0 @@
-{
-  "extends": "../../../.babelrc"
-}

e2e/cli/e2e-pnpm7/.eslintrc

@@ -1,7 +0,0 @@
-{
-  "rules": {
-    "no-console": 0,
-    "@typescript-eslint/no-var-requires": 0,
-    "@typescript-eslint/explicit-member-accessibility": 0
-  }
-}

e2e/cli/e2e-pnpm7/CHANGELOG.md

@@ -1,63 +0,0 @@
-# @verdaccio/e2e-cli-pnpm7
-
-## 1.0.1
-
-### Patch Changes
-
-- 351aeeaa8: fix(deps): @verdaccio/utils should be a prod dep of local-storage
-- Updated dependencies [351aeeaa8]
-- Updated dependencies [d167f92e1]
-- Updated dependencies [c383eb68c]
-  - @verdaccio/test-cli-commons@1.1.0
-
-## 1.0.1-6-next.7
-
-### Patch Changes
-
-- Updated dependencies [c383eb68]
-  - @verdaccio/test-cli-commons@1.1.0-6-next.7
-
-## 1.0.1-6-next.6
-
-### Patch Changes
-
-- Updated dependencies [d167f92e]
-  - @verdaccio/test-cli-commons@1.1.0-6-next.6
-
-## 1.0.1-6-next.5
-
-### Patch Changes
-
-- @verdaccio/test-cli-commons@1.0.1-6-next.5
-
-## 1.0.1-6-next.4
-
-### Patch Changes
-
-- @verdaccio/test-cli-commons@1.0.1-6-next.4
-
-## 1.0.1-6-next.3
-
-### Patch Changes
-
-- 351aeeaa: fix(deps): @verdaccio/utils should be a prod dep of local-storage
-- Updated dependencies [351aeeaa]
-  - @verdaccio/test-cli-commons@1.0.1-6-next.3
-
-## 1.0.1-6-next.2
-
-### Patch Changes
-
-- @verdaccio/test-cli-commons@1.0.1-6-next.2
-
-## 1.0.1-6-next.1
-
-### Patch Changes
-
-- @verdaccio/test-cli-commons@1.0.1-6-next.1
-
-## 1.0.1-6-next.0
-
-### Patch Changes
-
-- @verdaccio/test-cli-commons@1.0.1-6-next.0

e2e/cli/e2e-pnpm7/deprecate.spec.ts

@@ -1,115 +0,0 @@
-import {
-  addRegistry,
-  initialSetup,
-  pnpmUtils,
-  prepareGenericEmptyProject,
-} from '@verdaccio/test-cli-commons';
-
-import { pnpm } from './utils';
-
-describe('deprecate a package', () => {
-  jest.setTimeout(20000);
-  let registry;
-
-  async function deprecate(tempFolder, packageVersion, registry, message) {
-    await pnpm(
-      { cwd: tempFolder },
-      'deprecate',
-      packageVersion,
-      message,
-      '--json',
-      ...addRegistry(registry.getRegistryUrl())
-    );
-  }
-
-  beforeAll(async () => {
-    const setup = await initialSetup();
-    registry = setup.registry;
-    await registry.init();
-  });
-
-  test.each([['@verdaccio/deprecated-1']])(
-    'should deprecate a single package %s',
-    async (pkgName) => {
-      const message = 'some message';
-      const { tempFolder } = await prepareGenericEmptyProject(
-        pkgName,
-        '1.0.0',
-        registry.port,
-        registry.getToken(),
-        registry.getRegistryUrl()
-      );
-      await pnpmUtils.publish(pnpm, tempFolder, pkgName, registry);
-      // deprecate one version
-      await deprecate(tempFolder, `${pkgName}@1.0.0`, registry, message);
-      // verify is deprecated
-      const infoBody = await pnpmUtils.getInfoVersions(pnpm, `${pkgName}`, registry);
-      expect(infoBody.name).toEqual(pkgName);
-      expect(infoBody.deprecated).toEqual(message);
-    }
-  );
-
-  test.each([['@verdaccio/deprecated-2']])('should un-deprecate a package %s', async (pkgName) => {
-    const message = 'some message';
-    const { tempFolder } = await prepareGenericEmptyProject(
-      pkgName,
-      '1.0.0',
-      registry.port,
-      registry.getToken(),
-      registry.getRegistryUrl()
-    );
-    await pnpmUtils.publish(pnpm, tempFolder, pkgName, registry);
-    // deprecate one version
-    await deprecate(tempFolder, `${pkgName}@1.0.0`, registry, message);
-    // verify is deprecated
-    const infoBody = await pnpmUtils.getInfoVersions(pnpm, `${pkgName}`, registry);
-    expect(infoBody.deprecated).toEqual(message);
-    // empty string is same as undeprecate
-    await deprecate(tempFolder, `${pkgName}@1.0.0`, registry, '');
-    const infoBody2 = await pnpmUtils.getInfoVersions(pnpm, `${pkgName}`, registry);
-    expect(infoBody2.deprecated).toBeUndefined();
-  });
-
-  test.each([['@verdaccio/deprecated-3']])(
-    'should deprecate a multiple packages %s',
-    async (pkgName) => {
-      const message = 'some message';
-      const { tempFolder } = await prepareGenericEmptyProject(
-        pkgName,
-        '1.0.0',
-        registry.port,
-        registry.getToken(),
-        registry.getRegistryUrl()
-      );
-      // publish 1.0.0
-      await pnpmUtils.publish(pnpm, tempFolder, pkgName, registry);
-      // publish 1.1.0
-      await pnpmUtils.bumbUp(pnpm, tempFolder, registry);
-      await pnpmUtils.publish(pnpm, tempFolder, pkgName, registry);
-      // publish 1.2.0
-      await pnpmUtils.bumbUp(pnpm, tempFolder, registry);
-      await pnpmUtils.publish(pnpm, tempFolder, pkgName, registry);
-      // publish 1.3.0
-      await pnpmUtils.bumbUp(pnpm, tempFolder, registry);
-      await pnpmUtils.publish(pnpm, tempFolder, pkgName, registry);
-      // // deprecate all version
-      await deprecate(tempFolder, pkgName, registry, message);
-      // verify is deprecated
-      for (let v of ['1.0.0', '1.1.0', '1.2.0', '1.3.0']) {
-        const infoResp = await pnpmUtils.getInfoVersions(pnpm, `${pkgName}@${v}`, registry);
-        expect(infoResp.deprecated).toEqual(message);
-      }
-      // publish normal version
-      // publish 1.4.0
-      await pnpmUtils.bumbUp(pnpm, tempFolder, registry);
-      await pnpmUtils.publish(pnpm, tempFolder, pkgName, registry);
-      const infoResp = await pnpmUtils.getInfoVersions(pnpm, `${pkgName}@1.4.0`, registry);
-      // must be not deprecated
-      expect(infoResp.deprecated).toBeUndefined();
-    }
-  );
-
-  afterAll(async () => {
-    registry.stop();
-  });
-});

e2e/cli/e2e-pnpm7/dist-tags.spec.ts

@@ -1,91 +0,0 @@
-import {
-  addRegistry,
-  initialSetup,
-  pnpmUtils,
-  prepareGenericEmptyProject,
-} from '@verdaccio/test-cli-commons';
-
-import { pnpm } from './utils';
-
-describe('publish a package', () => {
-  jest.setTimeout(20000);
-  let registry;
-
-  beforeAll(async () => {
-    const setup = await initialSetup();
-    registry = setup.registry;
-    await registry.init();
-  });
-
-  test.each([['@foo/foo', 'foo']])('should list dist-tags for %s', async (pkgName) => {
-    const { tempFolder } = await prepareGenericEmptyProject(
-      pkgName,
-      '1.0.0',
-      registry.port,
-      registry.getToken(),
-      registry.getRegistryUrl()
-    );
-    await pnpmUtils.publish(pnpm, tempFolder, pkgName, registry);
-    await pnpmUtils.bumbUp(pnpm, tempFolder, registry);
-    await pnpmUtils.publish(pnpm, tempFolder, pkgName, registry, ['--tag', 'beta']);
-    const resp2 = await pnpm(
-      { cwd: tempFolder },
-      'dist-tag',
-      'ls',
-      '--json',
-      ...addRegistry(registry.getRegistryUrl())
-    );
-    expect(resp2.stdout).toEqual('beta: 1.1.0latest: 1.0.0');
-  });
-
-  test.each([['@verdaccio/bar']])('should remove tag with dist-tags for %s', async (pkgName) => {
-    const { tempFolder } = await prepareGenericEmptyProject(
-      pkgName,
-      '1.0.0',
-      registry.port,
-      registry.getToken(),
-      registry.getRegistryUrl()
-    );
-    await pnpmUtils.publish(pnpm, tempFolder, pkgName, registry);
-    await pnpmUtils.bumbUp(pnpm, tempFolder, registry);
-    await pnpmUtils.publish(pnpm, tempFolder, pkgName, registry, ['--tag', 'beta']);
-    const resp2 = await pnpm(
-      { cwd: tempFolder },
-      'dist-tag',
-      'rm',
-      `${pkgName}@1.1.0`,
-      'beta',
-      ...addRegistry(registry.getRegistryUrl())
-    );
-    expect(resp2.stdout).toEqual('-beta: @verdaccio/bar@1.1.0');
-  });
-
-  test.each([['@verdaccio/five']])(
-    'should add tag to package and version with dist-tags for %s',
-    async (pkgName) => {
-      const { tempFolder } = await prepareGenericEmptyProject(
-        pkgName,
-        '1.0.0',
-        registry.port,
-        registry.getToken(),
-        registry.getRegistryUrl()
-      );
-      await pnpmUtils.publish(pnpm, tempFolder, pkgName, registry);
-      await pnpmUtils.bumbUp(pnpm, tempFolder, registry);
-      await pnpmUtils.publish(pnpm, tempFolder, pkgName, registry);
-      const resp2 = await pnpm(
-        { cwd: tempFolder },
-        'dist-tag',
-        'add',
-        `${pkgName}@1.1.0`,
-        'alfa',
-        ...addRegistry(registry.getRegistryUrl())
-      );
-      expect(resp2.stdout).toEqual(`+alfa: ${pkgName}@1.1.0`);
-    }
-  );
-
-  afterAll(async () => {
-    registry.stop();
-  });
-});

e2e/cli/e2e-pnpm7/info.spec.ts

@@ -1,31 +0,0 @@
-import { addRegistry, initialSetup } from '@verdaccio/test-cli-commons';
-
-import { pnpm } from './utils';
-
-describe('install a package', () => {
-  jest.setTimeout(10000);
-  let registry;
-
-  beforeAll(async () => {
-    const setup = await initialSetup();
-    registry = setup.registry;
-    await registry.init();
-  });
-
-  test('should run pnpm info json body', async () => {
-    const resp = await pnpm(
-      {},
-      'info',
-      'verdaccio',
-      '--json',
-      ...addRegistry(registry.getRegistryUrl())
-    );
-    const parsedBody = JSON.parse(resp.stdout as string);
-    expect(parsedBody.name).toEqual('verdaccio');
-    expect(parsedBody.dependencies).toBeDefined();
-  });
-
-  afterAll(async () => {
-    registry.stop();
-  });
-});

e2e/cli/e2e-pnpm7/install.spec.ts

@@ -1,36 +0,0 @@
-import { addRegistry, initialSetup, prepareGenericEmptyProject } from '@verdaccio/test-cli-commons';
-
-import { pnpm } from './utils';
-
-describe('install a project packages', () => {
-  jest.setTimeout(80000);
-  let registry;
-
-  beforeAll(async () => {
-    const setup = await initialSetup();
-    registry = setup.registry;
-    await registry.init();
-  });
-
-  test('should run npm install json body', async () => {
-    const { tempFolder } = await prepareGenericEmptyProject(
-      'something',
-      '1.0.0-patch',
-      registry.port,
-      registry.getToken(),
-      registry.getRegistryUrl(),
-      { react: '18.2.0' }
-    );
-    const resp = await pnpm(
-      { cwd: tempFolder },
-      'install',
-      '--reporter=default',
-      ...addRegistry(registry.getRegistryUrl())
-    );
-    expect(resp.stdout).toMatch(/react/);
-  });
-
-  afterAll(async () => {
-    registry.stop();
-  });
-});

e2e/cli/e2e-pnpm7/jest.config.js

@@ -1,3 +0,0 @@
-const config = require('../jest.config');
-
-module.exports = { ...config };

e2e/cli/e2e-pnpm7/package.json

@@ -1,12 +0,0 @@
-{
-  "private": true,
-  "name": "@verdaccio/e2e-cli-pnpm7",
-  "version": "1.0.1",
-  "dependencies": {
-    "@verdaccio/test-cli-commons": "workspace:1.1.0",
-    "pnpm": "^7.27.1"
-  },
-  "scripts": {
-    "test": "jest"
-  }
-}

e2e/cli/e2e-pnpm7/ping.spec.ts

@@ -1,24 +0,0 @@
-import { addRegistry, initialSetup } from '@verdaccio/test-cli-commons';
-
-import { pnpm } from './utils';
-
-describe('ping registry', () => {
-  jest.setTimeout(10000);
-  let registry;
-
-  beforeAll(async () => {
-    const setup = await initialSetup();
-    registry = setup.registry;
-    await registry.init();
-  });
-
-  test('should ping registry', async () => {
-    const resp = await pnpm({}, 'ping', '--json', ...addRegistry(registry.getRegistryUrl()));
-    const parsedBody = JSON.parse(resp.stdout as string);
-    expect(parsedBody.registry).toEqual(registry.getRegistryUrl() + '/');
-  });
-
-  afterAll(async () => {
-    registry.stop();
-  });
-});

e2e/cli/e2e-pnpm7/publish.spec.ts

@@ -1,41 +0,0 @@
-import { addRegistry, initialSetup, prepareGenericEmptyProject } from '@verdaccio/test-cli-commons';
-
-import { pnpm } from './utils';
-
-describe('install a package', () => {
-  jest.setTimeout(10000);
-  let registry;
-
-  beforeAll(async () => {
-    const setup = await initialSetup();
-    registry = setup.registry;
-    await registry.init();
-  });
-
-  test.each([['verdaccio-memory', 'verdaccio', '@verdaccio/foo', '@verdaccio/some-foo']])(
-    'should publish a package %s',
-    async (pkgName) => {
-      const { tempFolder } = await prepareGenericEmptyProject(
-        pkgName,
-        '1.0.0-patch',
-        registry.port,
-        registry.getToken(),
-        registry.getRegistryUrl()
-      );
-      const resp = await pnpm(
-        { cwd: tempFolder },
-        'publish',
-        '--json',
-        ...addRegistry(registry.getRegistryUrl())
-      );
-      const parsedBody = JSON.parse(resp.stdout as string);
-      expect(parsedBody.name).toEqual(pkgName);
-      expect(parsedBody.files).toBeDefined();
-      expect(parsedBody.files).toBeDefined();
-    }
-  );
-
-  afterAll(async () => {
-    registry.stop();
-  });
-});

e2e/cli/e2e-pnpm7/search.spec.ts

@@ -1,33 +0,0 @@
-import { addRegistry, initialSetup } from '@verdaccio/test-cli-commons';
-
-import { pnpm } from './utils';
-
-describe('search a package', () => {
-  jest.setTimeout(10000);
-  let registry;
-
-  beforeAll(async () => {
-    const setup = await initialSetup();
-    registry = setup.registry;
-    await registry.init();
-  });
-
-  test('should search a package', async () => {
-    const resp = await pnpm(
-      {},
-      'search',
-      '@verdaccio/cli',
-      '--json',
-      ...addRegistry(registry.getRegistryUrl())
-    );
-    const parsedBody = JSON.parse(resp.stdout as string);
-    const pkgFind = parsedBody.find((item) => {
-      return item.name === '@verdaccio/cli';
-    });
-    expect(pkgFind.name).toEqual('@verdaccio/cli');
-  });
-
-  afterAll(async () => {
-    registry.stop();
-  });
-});

e2e/cli/e2e-pnpm7/star.spec.ts

@@ -1,89 +0,0 @@
-import {
-  addRegistry,
-  initialSetup,
-  pnpmUtils,
-  prepareGenericEmptyProject,
-} from '@verdaccio/test-cli-commons';
-
-import { pnpm } from './utils';
-
-describe('star a package', () => {
-  jest.setTimeout(20000);
-  let registry;
-
-  beforeAll(async () => {
-    const setup = await initialSetup();
-    registry = setup.registry;
-    await registry.init();
-  });
-
-  test.each([['@verdaccio/foo']])('should star a package %s', async (pkgName) => {
-    const { tempFolder } = await prepareGenericEmptyProject(
-      pkgName,
-      '1.0.0-patch',
-      registry.port,
-      registry.getToken(),
-      registry.getRegistryUrl()
-    );
-
-    await pnpmUtils.publish(pnpm, tempFolder, pkgName, registry);
-    const resp = await pnpm(
-      { cwd: tempFolder },
-      'star',
-      pkgName,
-      ...addRegistry(registry.getRegistryUrl())
-    );
-    expect(resp.stdout).toEqual(`★  ${pkgName}`);
-  });
-
-  test.each([['@verdaccio/bar']])('should unstar a package %s', async (pkgName) => {
-    const { tempFolder } = await prepareGenericEmptyProject(
-      pkgName,
-      '1.0.0-patch',
-      registry.port,
-      registry.getToken(),
-      registry.getRegistryUrl()
-    );
-
-    await pnpmUtils.publish(pnpm, tempFolder, pkgName, registry);
-    const resp = await pnpm(
-      { cwd: tempFolder },
-      'star',
-      pkgName,
-      ...addRegistry(registry.getRegistryUrl())
-    );
-    expect(resp.stdout).toEqual(`★  ${pkgName}`);
-
-    const resp1 = await pnpm(
-      { cwd: tempFolder },
-      'unstar',
-      pkgName,
-      ...addRegistry(registry.getRegistryUrl())
-    );
-    expect(resp1.stdout).toEqual(`☆  ${pkgName}`);
-  });
-
-  test('should list stars of a user %s', async () => {
-    const pkgName = '@verdaccio/stars';
-    const { tempFolder } = await prepareGenericEmptyProject(
-      pkgName,
-      '1.0.0-patch',
-      registry.port,
-      registry.getToken(),
-      registry.getRegistryUrl()
-    );
-    await pnpmUtils.publish(pnpm, tempFolder, pkgName, registry);
-    await pnpm({ cwd: tempFolder }, 'star', pkgName, ...addRegistry(registry.getRegistryUrl()));
-    const resp = await pnpm(
-      { cwd: tempFolder },
-      'stars',
-      ...addRegistry(registry.getRegistryUrl())
-    );
-    // side effects: this result is affected the the package published in the previous step
-    expect(resp.stdout).toEqual(`@verdaccio/foo@verdaccio/stars`);
-  });
-
-  afterAll(async () => {
-    registry.stop();
-  });
-});

e2e/cli/e2e-pnpm7/tsconfig.json

@@ -1,8 +0,0 @@
-{
-  "extends": "../../../tsconfig.reference.json",
-  "references": [
-    {
-      "path": "../cli-commons"
-    }
-  ]
-}

e2e/cli/e2e-pnpm8/package.json

@@ -4,7 +4,7 @@
   "version": "1.0.1",
   "dependencies": {
     "@verdaccio/test-cli-commons": "workspace:1.1.0",
-    "pnpm": "^8.0.0-alpha.0"
+    "pnpm": "8.15.5"
   },
   "scripts": {
     "test": "jest"

e2e/cli/e2e-pnpm9/package.json

@@ -1,10 +1,10 @@
 {
   "private": true,
-  "name": "@verdaccio/e2e-cli-pnpm6",
+  "name": "@verdaccio/e2e-cli-pnpm9",
   "version": "1.0.1",
   "dependencies": {
     "@verdaccio/test-cli-commons": "workspace:1.1.0",
-    "pnpm": "^6.35.1"
+    "pnpm": "9.0.0-alpha.10"
   },
   "scripts": {
     "test": "jest"

e2e/cli/e2e-yarn1/package.json

@@ -4,7 +4,7 @@
   "version": "1.0.1",
   "dependencies": {
     "@verdaccio/test-cli-commons": "workspace:1.1.0",
-    "yarn": "1.22.21"
+    "yarn": "1.22.22"
   },
   "scripts": {
     "test": "jest"

e2e/cli/e2e-yarn2/audit.spec.ts

@@ -18,7 +18,7 @@ describe('audit a package yarn 2', () => {
       {
         packageName: '@scope/name',
         version: '1.0.0',
-        dependencies: { jquery: '3.0.0' },
+        dependencies: { aaa: 'latest' },
         devDependencies: {},
       }
     );
@@ -27,6 +27,9 @@ describe('audit a package yarn 2', () => {
 
   test('should run yarn npm audit info json body', async () => {
     await yarn(projectFolder, 'install');
+    // this might fails if the dependency used above has vulnerabilities
+    // always try to use ar real dependency that does not have such issues
+    // yarn berry uses exit 1 if has error https://github.com/yarnpkg/berry/pull/4358
     const resp = await yarn(projectFolder, 'npm', 'audit', '--json');
     const parsedBody = JSON.parse(resp.stdout as string);
     expect(parsedBody.advisories).toBeDefined();

e2e/cli/e2e-yarn3/audit.spec.ts

@@ -12,13 +12,13 @@ describe('audit a package yarn 3', () => {
     registry = setup.registry;
     await registry.init();
     const { tempFolder } = await yarnModernUtils.prepareYarnModernProject(
-      'yarn-2',
+      'yarn-3',
       registry.getRegistryUrl(),
       getYarnCommand(),
       {
         packageName: '@scope/name',
         version: '1.0.0',
-        dependencies: { jquery: '3.0.0' },
+        dependencies: { aaa: 'latest' },
         devDependencies: {},
       }
     );
@@ -27,6 +27,9 @@ describe('audit a package yarn 3', () => {
 
   test('should run yarn npm audit info json body', async () => {
     await yarn(projectFolder, 'install');
+    // this might fails if the dependency used above has vulnerabilities
+    // always try to use ar real dependency that does not have such issues
+    // yarn berry uses exit 1 if has error https://github.com/yarnpkg/berry/pull/4358
     const resp = await yarn(projectFolder, 'npm', 'audit', '--json');
     const parsedBody = JSON.parse(resp.stdout as string);
     expect(parsedBody.advisories).toBeDefined();

e2e/cli/e2e-yarn3/package.json

@@ -4,7 +4,7 @@
   "version": "1.0.1",
   "dependencies": {
     "@verdaccio/test-cli-commons": "workspace:1.1.0",
-    "@yarnpkg/cli-dist": "3.4.1"
+    "@yarnpkg/cli-dist": "3.8.1"
   },
   "scripts": {
     "test": "jest"

e2e/cli/e2e-yarn4/package.json

@@ -3,7 +3,7 @@
   "name": "@verdaccio/e2e-cli-yarn4",
   "version": "1.0.1",
   "dependencies": {
-    "@yarnpkg/cli-dist": "4.0.0-rc.39",
+    "@yarnpkg/cli-dist": "4.1.1",
     "@verdaccio/test-cli-commons": "workspace:1.1.0"
   },
   "scripts": {

e2e/ui/README.md

@@ -8,6 +8,12 @@
   - Check sidebar
   - Check protected packages works
 
+## Running test locally
+
+- Ensure no other verdaccio server is running, cypress will spawn it's own registry instance
+- To run all test: `pnpm test`
+- To run single test: `pnpm test -- --spec 'cypress/e2e/home.cy.ts'`
+
 ## Contribute
 
 More tests could be added to verify UI works as expected.

e2e/ui/cypress.config.ts

@@ -13,6 +13,10 @@ export default defineConfig({
     runMode: 5,
     openMode: 0,
   },
+  // Enable this to see debug screenshots on test failure
+  // screenshotOnRunFailure: true,
+  // Enable this to see debug video on test failure
+  // video: true,
   e2e: {
     setupNodeEvents(on) {
       on('before:run', async () => {

e2e/ui/cypress/e2e/home.cy.ts

@@ -32,4 +32,49 @@ describe('home spec', () => {
     cy.visit(`${ctx.url}/-/web/detail/@verdaccio/not-found`);
     cy.getByTestId('404').contains(`Sorry, we couldn't find it.`);
   });
+
+  it('should open dialog settings tabs are present', () => {
+    cy.visit(ctx.url);
+    cy.getByTestId('header--tooltip-settings').click();
+
+    cy.contains('Package Managers');
+    cy.contains('Translations');
+  });
+
+  it('should close dialog settings tabs are present', () => {
+    cy.visit(ctx.url);
+    cy.getByTestId('header--tooltip-settings').click();
+    cy.get('#registryInfo--dialog-close').click();
+    // check for content at the dialog should not be there
+    cy.get('#panel1a-header').should('not.exist');
+  });
+
+  it('should expand npm dialog registry details', () => {
+    cy.visit(ctx.url);
+    cy.getByTestId('header--tooltip-settings').click();
+    cy.get('#panel1a-header').click();
+    cy.contains(/npm set registry/);
+    cy.contains(/npm adduser --registry/);
+    cy.contains(/npm profile set password/);
+  });
+
+  it('should expand pnpm dialog registry details', () => {
+    cy.visit(ctx.url);
+    cy.getByTestId('header--tooltip-settings').click();
+    cy.get('#panel3a-header').click();
+    cy.contains(/pnpm set registry/);
+    cy.contains(/pnpm adduser --registry/);
+    cy.contains(/pnpm profile set password/);
+  });
+
+  it('should expand yarn dialog registry details', () => {
+    cy.visit(ctx.url);
+    cy.getByTestId('header--tooltip-settings').click();
+    cy.get('#panel2a-header').click();
+    // some initial explanation
+    cy.contains(/Yarn classic configuration differs from Yarn/);
+    // smoke test matches, (this is deelpy tested in the unit test)
+    cy.contains(/.yarnrc.yml/);
+    cy.contains(/npmRegistryServer:/);
+  });
 });

e2e/ui/package.json

@@ -3,10 +3,10 @@
   "name": "@verdaccio/e2e-ui",
   "version": "2.0.0",
   "devDependencies": {
-    "verdaccio": "workspace:7.0.0-next.6",
-    "@verdaccio/core": "workspace:7.0.0-next.6",
-    "@verdaccio/config": "workspace:7.0.0-next.6",
-    "@verdaccio/test-helper": "workspace:3.0.0-next.1",
+    "verdaccio": "workspace:7.0.0-next-7.14",
+    "@verdaccio/core": "workspace:7.0.0-next-7.14",
+    "@verdaccio/config": "workspace:7.0.0-next-7.14",
+    "@verdaccio/test-helper": "workspace:3.0.0-next-7.2",
     "debug": "4.3.4",
     "cypress": "^13.6.0",
     "get-port": "5.1.1"

jest/config.js

@@ -4,7 +4,7 @@ module.exports = {
     '^.+\\.(js|ts)$': 'babel-jest',
   },
   verbose: false,
-  collectCoverage: true,
+  collectCoverage: false,
   coverageReporters: ['text', 'html'],
   collectCoverageFrom: ['src/**/*.ts', '!**/node_modules/**', '!**/partials/**', '!**/fixture/**'],
   coveragePathIgnorePatterns: ['node_modules', 'fixtures'],

netlify.toml

@@ -1,27 +1,7 @@
-[build]
-  command = "pnpm build"
-  publish = "build/"
-
-[build.environment]
-  NPM_FLAGS="--prefix=/dev/null"
-  NODE_VERSION = "14"
-
-[context.production]
-  command = "pnpm netlify:build:production"
-
-[context.deploy-preview]
-  command = "pnpm netlify:build:deployPreview"
-
-[context.branch-deploy]
-  command = "pnpm netlify:build:deployPreview"
-
-[[plugins]]
-package = "../.netlify/netlify-plugin-pnpm"
-
 [[headers]]
 for = "/*"
 [headers.values]
-X-Frame-Options = "DENY"
+X-Frame-Options = "SAMEORIGIN"
 X-XSS-Protection = "1; mode=block"
 X-Content-Type-Options = "nosniff"
 Referrer-Policy = "no-referrer"

package.json

@@ -15,12 +15,12 @@
     "url": "https://opencollective.com/verdaccio"
   },
   "devDependencies": {
-    "@babel/cli": "7.23.4",
-    "@babel/core": "7.23.7",
+    "@babel/cli": "7.23.9",
+    "@babel/core": "7.23.9",
     "@babel/eslint-parser": "7.23.3",
-    "@babel/node": "7.22.19",
+    "@babel/node": "7.23.9",
     "@babel/plugin-proposal-class-properties": "7.18.6",
-    "@babel/plugin-proposal-decorators": "7.23.7",
+    "@babel/plugin-proposal-decorators": "7.23.9",
     "@babel/plugin-proposal-export-namespace-from": "7.18.9",
     "@babel/plugin-proposal-function-sent": "7.23.3",
     "@babel/plugin-proposal-json-strings": "7.18.6",
@@ -32,41 +32,43 @@
     "@babel/plugin-syntax-dynamic-import": "7.8.3",
     "@babel/plugin-syntax-import-meta": "7.10.4",
     "@babel/plugin-transform-async-to-generator": "7.23.3",
-    "@babel/plugin-transform-classes": "7.23.5",
-    "@babel/plugin-transform-runtime": "7.23.7",
-    "@babel/preset-env": "7.23.7",
+    "@babel/plugin-transform-classes": "7.23.8",
+    "@babel/plugin-transform-runtime": "7.23.9",
+    "@babel/preset-env": "7.23.9",
     "@babel/preset-react": "7.23.3",
     "@babel/preset-typescript": "7.23.3",
     "@babel/register": "7.23.7",
-    "@babel/runtime": "7.23.7",
+    "@babel/runtime": "7.23.9",
     "@changesets/changelog-github": "0.5.0",
     "@changesets/cli": "2.27.1",
     "@changesets/get-dependents-graph": "1.3.6",
-    "@crowdin/cli": "3.16.0",
+    "@crowdin/cli": "3.16.1",
     "@dianmora/contributors": "5.0.0",
     "@emotion/react": "11.10.6",
     "@emotion/styled": "11.10.6",
-    "@testing-library/dom": "9.3.3",
-    "@testing-library/jest-dom": "6.2.0",
-    "@testing-library/react": "14.1.2",
+    "@testing-library/dom": "9.3.4",
+    "@testing-library/jest-dom": "6.4.2",
+    "@testing-library/user-event": "14.5.2",
+    "aria-query": "5.1.3",
+    "@testing-library/react": "14.2.1",
     "@trivago/prettier-plugin-sort-imports": "4.3.0",
     "@types/body-parser": "1.19.5",
     "@types/connect": "3.4.38",
     "@types/cookiejar": "2.1.5",
     "@types/debug": "4.1.12",
     "@types/express": "4.17.21",
-    "@types/express-serve-static-core": "4.17.41",
+    "@types/express-serve-static-core": "4.17.42",
     "@types/http-errors": "2.0.4",
     "@types/jest": "29.5.11",
     "@types/jsonwebtoken": "9.0.5",
     "@types/lodash": "4.14.202",
     "@types/mime": "3.0.4",
     "@types/minimatch": "5.1.2",
-    "@types/node": "20.10.6",
-    "@types/node-fetch": "2.6.10",
+    "@types/node": "20.11.7",
+    "@types/node-fetch": "2.6.11",
     "@types/qs": "6.9.11",
     "@types/range-parser": "1.2.7",
-    "@types/react": "18.2.47",
+    "@types/react": "18.2.48",
     "@types/react-dom": "18.2.18",
     "@types/react-router-dom": "5.3.3",
     "@types/react-virtualized": "9.21.29",
@@ -77,11 +79,11 @@
     "@types/superagent": "4.1.24",
     "@types/supertest": "2.0.16",
     "@types/testing-library__jest-dom": "6.0.0",
-    "@types/validator": "13.11.7",
+    "@types/validator": "13.11.8",
     "@types/webpack": "5.28.5",
     "@types/webpack-env": "1.18.4",
-    "@typescript-eslint/eslint-plugin": "6.18.0",
-    "@typescript-eslint/parser": "6.18.0",
+    "@typescript-eslint/eslint-plugin": "6.19.1",
+    "@typescript-eslint/parser": "6.19.1",
     "@verdaccio/crowdin-translations": "workspace:*",
     "@verdaccio/eslint-config": "workspace:*",
     "@verdaccio/types": "workspace:*",
@@ -108,17 +110,17 @@
     "jest-junit": "16.0.0",
     "kleur": "4.1.5",
     "lint-staged": "11.2.6",
-    "nock": "13.4.0",
-    "nodemon": "3.0.2",
-    "npm-run-all": "4.1.5",
-    "prettier": "3.1.1",
+    "nock": "13.5.1",
+    "nodemon": "3.0.3",
+    "npm-run-all2": "5.0.2",
+    "prettier": "3.2.2",
     "react": "18.2.0",
     "react-dom": "18.2.0",
     "rimraf": "5.0.5",
     "selfsigned": "2.4.1",
-    "supertest": "6.3.3",
+    "supertest": "6.3.4",
     "ts-node": "10.9.2",
-    "typescript": "5.2.2",
+    "typescript": "5.3.3",
     "undici-types": "5.28.2",
     "update-ts-references": "3.2.1",
     "verdaccio-audit": "workspace:*",
@@ -135,7 +137,7 @@
     "docker": "docker build -t verdaccio/verdaccio:local . --no-cache",
     "format": "prettier --write \"**/*.{js,jsx,ts,tsx,json,yml,yaml,md}\"",
     "format:check": "prettier --check \"**/*.{js,jsx,ts,tsx,json,yml,yaml,md}\"",
-    "lint": "eslint --max-warnings 100 \"**/*.{js,jsx,ts,tsx}\"",
+    "lint": "eslint --max-warnings 70 \"**/*.{js,jsx,ts,tsx}\"",
     "test": "pnpm --filter \"./packages/**\" test",
     "test:e2e:cli": "pnpm --filter ...@verdaccio/e2e-cli-* test -- --coverage=false",
     "test:e2e:ui": "pnpm --filter ...@verdaccio/e2e-ui test",

packages/api/CHANGELOG.md

@@ -1,5 +1,109 @@
 # @verdaccio/api
 
+## 7.0.0-next-7.14
+
+### Patch Changes
+
+- Updated dependencies [b0946b2]
+- Updated dependencies [f967a69]
+- Updated dependencies [4dc62a8]
+- Updated dependencies [253cc13]
+  - @verdaccio/middleware@7.0.0-next-7.14
+  - @verdaccio/store@7.0.0-next-7.14
+  - @verdaccio/auth@7.0.0-next-7.14
+  - @verdaccio/core@7.0.0-next-7.14
+  - @verdaccio/config@7.0.0-next-7.14
+  - @verdaccio/utils@7.0.0-next-7.14
+  - @verdaccio/logger@7.0.0-next-7.14
+
+## 7.0.0-next-7.13
+
+### Patch Changes
+
+- Updated dependencies [a99a4bb]
+  - @verdaccio/config@7.0.0-next-7.13
+  - @verdaccio/auth@7.0.0-next-7.13
+  - @verdaccio/middleware@7.0.0-next-7.13
+  - @verdaccio/store@7.0.0-next-7.13
+  - @verdaccio/logger@7.0.0-next-7.13
+  - @verdaccio/core@7.0.0-next-7.13
+  - @verdaccio/utils@7.0.0-next-7.13
+
+## 7.0.0-next-7.12
+
+### Patch Changes
+
+- @verdaccio/store@7.0.0-next-7.12
+- @verdaccio/core@7.0.0-next-7.12
+- @verdaccio/config@7.0.0-next-7.12
+- @verdaccio/auth@7.0.0-next-7.12
+- @verdaccio/middleware@7.0.0-next-7.12
+- @verdaccio/utils@7.0.0-next-7.12
+- @verdaccio/logger@7.0.0-next-7.12
+
+## 7.0.0-next-7.11
+
+### Patch Changes
+
+- Updated dependencies [c9962fe]
+  - @verdaccio/config@7.0.0-next-7.11
+  - @verdaccio/auth@7.0.0-next-7.11
+  - @verdaccio/middleware@7.0.0-next-7.11
+  - @verdaccio/store@7.0.0-next-7.11
+  - @verdaccio/core@7.0.0-next-7.11
+  - @verdaccio/utils@7.0.0-next-7.11
+  - @verdaccio/logger@7.0.0-next-7.11
+
+## 7.0.0-next-7.10
+
+### Patch Changes
+
+- @verdaccio/core@7.0.0-next-7.10
+- @verdaccio/config@7.0.0-next-7.10
+- @verdaccio/auth@7.0.0-next-7.10
+- @verdaccio/middleware@7.0.0-next-7.10
+- @verdaccio/store@7.0.0-next-7.10
+- @verdaccio/utils@7.0.0-next-7.10
+- @verdaccio/logger@7.0.0-next-7.10
+
+## 7.0.0-next-7.9
+
+### Patch Changes
+
+- Updated dependencies [c807f0c]
+  - @verdaccio/store@7.0.0-next-7.9
+  - @verdaccio/core@7.0.0-next-7.9
+  - @verdaccio/config@7.0.0-next-7.9
+  - @verdaccio/auth@7.0.0-next-7.9
+  - @verdaccio/middleware@7.0.0-next-7.9
+  - @verdaccio/utils@7.0.0-next-7.9
+  - @verdaccio/logger@7.0.0-next-7.9
+
+## 7.0.0-next-7.8
+
+### Patch Changes
+
+- 74cd588: fix: bug on change password npm profile
+  - @verdaccio/core@7.0.0-next-7.8
+  - @verdaccio/config@7.0.0-next-7.8
+  - @verdaccio/auth@7.0.0-next-7.8
+  - @verdaccio/middleware@7.0.0-next-7.8
+  - @verdaccio/store@7.0.0-next-7.8
+  - @verdaccio/utils@7.0.0-next-7.8
+  - @verdaccio/logger@7.0.0-next-7.8
+
+## 7.0.0-next-7.7
+
+### Patch Changes
+
+- @verdaccio/core@7.0.0-next-7.7
+- @verdaccio/config@7.0.0-next-7.7
+- @verdaccio/auth@7.0.0-next-7.7
+- @verdaccio/middleware@7.0.0-next-7.7
+- @verdaccio/store@7.0.0-next-7.7
+- @verdaccio/utils@7.0.0-next-7.7
+- @verdaccio/logger@7.0.0-next-7.7
+
 ## 7.0.0-next.6
 
 ### Patch Changes

packages/api/jest.config.js

@@ -1,10 +1,3 @@
 const config = require('../../jest/config');
 
-module.exports = Object.assign({}, config, {
-  coverageThreshold: {
-    global: {
-      // FIXME: increase to 90
-      lines: 60,
-    },
-  },
-});
+module.exports = Object.assign({}, config, {});

packages/api/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/api",
-  "version": "7.0.0-next.6",
+  "version": "7.0.0-next-7.14",
   "description": "loaders logic",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -38,28 +38,28 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@verdaccio/auth": "workspace:7.0.0-next.6",
-    "@verdaccio/config": "workspace:7.0.0-next.6",
-    "@verdaccio/core": "workspace:7.0.0-next.6",
-    "@verdaccio/logger": "workspace:7.0.0-next.6",
-    "@verdaccio/middleware": "workspace:7.0.0-next.6",
-    "@verdaccio/store": "workspace:7.0.0-next.6",
-    "@verdaccio/utils": "workspace:7.0.0-next.6",
+    "@verdaccio/auth": "workspace:7.0.0-next-7.14",
+    "@verdaccio/config": "workspace:7.0.0-next-7.14",
+    "@verdaccio/core": "workspace:7.0.0-next-7.14",
+    "@verdaccio/logger": "workspace:7.0.0-next-7.14",
+    "@verdaccio/middleware": "workspace:7.0.0-next-7.14",
+    "@verdaccio/store": "workspace:7.0.0-next-7.14",
+    "@verdaccio/utils": "workspace:7.0.0-next-7.14",
     "abortcontroller-polyfill": "1.7.5",
     "body-parser": "1.20.2",
     "cookies": "0.9.0",
     "debug": "4.3.4",
-    "express": "4.18.2",
+    "express": "4.18.3",
     "lodash": "4.17.21",
     "mime": "2.6.0",
-    "semver": "7.5.4"
+    "semver": "7.6.0"
   },
   "devDependencies": {
-    "@verdaccio/test-helper": "workspace:3.0.0-next.1",
+    "@verdaccio/test-helper": "workspace:3.0.0-next-7.2",
     "@verdaccio/types": "workspace:12.0.0-next.2",
     "mockdate": "3.0.5",
-    "nock": "13.4.0",
-    "supertest": "6.3.3"
+    "nock": "13.5.1",
+    "supertest": "6.3.4"
   },
   "funding": {
     "type": "opencollective",

packages/api/src/package.ts

@@ -67,7 +67,7 @@ export default function (route: Router, auth: Auth, storage: Storage): void {
       const { package: pkgName, filename } = req.params;
       const abort = new AbortController();
       try {
-        const stream = (await storage.getTarballNext(pkgName, filename, {
+        const stream = (await storage.getTarball(pkgName, filename, {
           signal: abort.signal,
           // TODO: review why this param
           // enableRemote: true,

packages/api/src/v1/profile.ts

@@ -81,15 +81,17 @@ export default function (route: Router, auth: Auth, config: Config): void {
           /* eslint new-cap:off */
         }
 
+        if (_.isEmpty(password.old)) {
+          return next(errorUtils.getBadRequest('old password is required'));
+        }
+
         auth.changePassword(
           name,
           password.old,
           password.new,
           (err, isUpdated): $NextFunctionVer => {
             if (_.isNull(err) === false) {
-              return next(
-                errorUtils.getCode(err.status, err.message) || errorUtils.getConflict(err.message)
-              );
+              return next(errorUtils.getForbidden(err.message));
             }
 
             if (isUpdated) {

packages/api/src/v1/search.ts

@@ -50,12 +50,13 @@ export default function (route, auth: Auth, storage: Storage): void {
     from = parseInt(from, 10) || 0;
 
     try {
+      debug('storage search initiated');
       data = await storage.search({
         query,
         url,
         abort,
       });
-      debug('stream finish');
+      debug('storage items tota: %o', data.length);
       const checkAccessPromises: searchUtils.SearchItemPkg[] = await Promise.all(
         data.map((pkgItem) => {
           return checkAccess(pkgItem, auth, req.remote_user);

packages/api/test/integration/config/profile.yaml

@@ -0,0 +1,27 @@
+auth:
+  htpasswd:
+    file: ./htpasswd-profile
+web:
+  enable: true
+  title: verdaccio
+
+uplinks:
+
+log: { type: stdout, format: pretty, level: trace }
+
+packages:
+  '@*/*':
+    access: $all
+    publish: $all
+    unpublish: $all
+    proxy: npmjs
+  'verdaccio':
+    access: $all
+    publish: $all
+  '**':
+    access: $all
+    publish: $all
+    unpublish: $all
+    proxy: npmjs
+
+_debug: true

packages/api/test/integration/config/user.jwt.yaml

@@ -10,7 +10,7 @@ auth:
 
 uplinks:
   ver:
-    url: https://registry.verdaccio.org
+    url: https://registry.npmjs.org
 
 security:
   api: