changeset

* fix: warnings when building website

* fix blog entry

.changeset/brown-lions-talk.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/ui-theme': patch
+'@verdaccio/ui-components': patch
+---
+
+chore(deps): update webpack-dev-server to v5

.changeset/calm-mangos-compare.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/store': patch
+---
+
+fix(store): internal error when checking manifest

.changeset/config.json

@@ -13,6 +13,7 @@
     ]
   ],
   "ignoredPackages": [
+    "@verdaccio/local-publish",
     "docusaurus-plugin-downloads",
     "docusaurus-plugin-contributors",
     "@verdaccio/test-cli-commons",

.changeset/curly-mirrors-smile.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/middleware': patch
+---
+
+chore(middleware): improve loop detection

.changeset/forty-hounds-matter.md

@@ -0,0 +1,7 @@
+---
+'verdaccio': patch
+'@verdaccio/store': patch
+'@verdaccio/utils': patch
+---
+
+fix: internal error for unpublished tarball

.changeset/funny-fireants-tan.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/proxy': patch
+'@verdaccio/website': patch
+---
+
+fix(proxy): validate protocol of proxy settings

.changeset/giant-years-appear.md

@@ -0,0 +1,7 @@
+---
+'verdaccio-auth-memory': minor
+'@verdaccio/core': minor
+'@verdaccio/auth': minor
+---
+
+fix: auth callback types

.changeset/itchy-glasses-end.md

@@ -0,0 +1,7 @@
+---
+'@verdaccio/ui-theme': minor
+'@verdaccio/ui-components': minor
+'@verdaccio/ui-i18n': minor
+---
+
+feat: new i18n package for ui

.changeset/pink-jeans-lick.md

@@ -0,0 +1,42 @@
+---
+'generator-verdaccio-plugin': patch
+'@verdaccio/logger-prettify': patch
+'@verdaccio/logger-commons': patch
+'@verdaccio/local-storage': patch
+'@verdaccio/local-publish': patch
+'@verdaccio/local-scripts': patch
+'@verdaccio/file-locking': patch
+'verdaccio-htpasswd': patch
+'@verdaccio/ui-theme': patch
+'verdaccio-memory': patch
+'@verdaccio/search-indexer': patch
+'@verdaccio/server': patch
+'@verdaccio/server-fastify': patch
+'@verdaccio/logger': patch
+'@verdaccio/test-helper': patch
+'@verdaccio/ui-components': patch
+'@verdaccio/tarball': patch
+'@verdaccio/eslint-config': patch
+'@verdaccio/types': patch
+'@verdaccio/middleware': patch
+'@verdaccio/cli-standalone': patch
+'@verdaccio/core': patch
+'@verdaccio/ui-i18n': patch
+'@verdaccio/signature': patch
+'verdaccio': patch
+'@verdaccio/url': patch
+'@verdaccio/node-api': patch
+'@verdaccio/loaders': patch
+'@verdaccio/config': patch
+'@verdaccio/search': patch
+'@verdaccio/hooks': patch
+'@verdaccio/proxy': patch
+'@verdaccio/store': patch
+'@verdaccio/utils': patch
+'@verdaccio/auth': patch
+'@verdaccio/api': patch
+'@verdaccio/cli': patch
+'@verdaccio/web': patch
+---
+
+chore: package.json maintenance

.changeset/popular-trees-grin.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-components': patch
+---
+
+fix(ui-components): remove test warnings

.changeset/pre.json

@@ -14,6 +14,7 @@
     "@verdaccio/e2e-cli-yarn3": "1.0.1",
     "@verdaccio/e2e-cli-yarn4": "1.0.1",
     "@verdaccio/e2e-ui": "2.0.0",
+    "@verdaccio/ui-i18n": "8.0.0",
     "@verdaccio/api": "7.0.0",
     "@verdaccio/auth": "7.0.0",
     "@verdaccio/cli": "7.0.0",
@@ -48,7 +49,6 @@
     "@verdaccio/eslint-config": "3.0.0",
     "generator-verdaccio-plugin": "5.0.0",
     "@verdaccio/test-helper": "3.0.0",
-    "@verdaccio/local-publish": "0.0.2",
     "@verdaccio/local-scripts": "1.0.0",
     "customprefix-auth": "2.0.0",
     "@verdaccio/ui-components": "3.0.0",
@@ -59,7 +59,8 @@
     "@verdaccio/e2e-cli-npm-common": "1.0.0",
     "@verdaccio/e2e-cli-pnpm-common": "1.0.2-next-8.0",
     "@verdaccio/e2e-cli-pnpm10": "1.0.0",
-    "docusaurus-plugin-downloads": "2.0.0"
+    "docusaurus-plugin-downloads": "2.0.0",
+    "@verdaccio/local-publish": "0.0.2"
   },
   "changesets": [
     "angry-doors-tan",
@@ -68,15 +69,19 @@
     "breezy-geckos-search",
     "bright-bobcats-ring",
     "brown-planets-approve",
+    "calm-mangos-compare",
     "chatty-apricots-report",
     "clean-beds-wash",
     "clever-bees-happen",
     "cool-seals-watch",
+    "curly-mirrors-smile",
     "curvy-rockets-camp",
     "cyan-snakes-kiss",
     "early-eyes-float",
     "eleven-rocks-dream",
     "fifty-falcons-design",
+    "forty-hounds-matter",
+    "funny-fireants-tan",
     "gentle-stingrays-repeat",
     "gold-squids-watch",
     "green-eagles-boil",
@@ -84,11 +89,15 @@
     "healthy-zoos-lie",
     "hip-eggs-serve",
     "hot-crews-live",
+    "itchy-glasses-end",
     "long-eyes-drum",
     "long-singers-drive",
     "lucky-crabs-enjoy",
     "nine-countries-remember",
     "ninety-geese-do",
+    "popular-trees-grin",
+    "proud-houses-switch",
+    "quick-avocados-type",
     "quick-seas-deny",
     "real-seahorses-change",
     "rotten-melons-notice",
@@ -107,7 +116,11 @@
     "sweet-crabs-deliver",
     "thirty-comics-trade",
     "tricky-impalas-shake",
+    "tricky-knives-end",
+    "violet-baboons-beg",
+    "violet-bobcats-allow",
     "violet-boxes-float",
-    "weak-cherries-serve"
+    "weak-cherries-serve",
+    "wet-cats-behave"
   ]
 }

.changeset/proud-houses-switch.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/web': patch
+---
+
+fix(web): anonymous user handling

.changeset/quick-avocados-type.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-components': patch
+---
+
+fix(ui-components): typings for vitest/jest-dom

.changeset/tricky-knives-end.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/store': patch
+---
+
+fix(store): update deprecate state

.changeset/violet-baboons-beg.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/middleware': patch
+'@verdaccio/web': patch
+---
+
+chore: middleware package update

.changeset/violet-bobcats-allow.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/core': patch
+'@verdaccio/store': patch
+---
+
+chore: add package parameter to storage plugin interface

.changeset/wet-cats-behave.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-i18n': patch
+---
+
+fix: ignore duplicted files

.eslintignore

@@ -1,3 +1,4 @@
+assets/**/*
 **/fixtures/**
 **/mock/store/**
 **/partials/**

.gitattributes

@@ -13,7 +13,7 @@
 ##   Handle line endings automatically for files detected as
 ##   text and leave all files detected as binary untouched.
 ##   This will handle all files NOT defined below.
-*                 text=lf
+*                 text eol=lf
 
 # Source code
 *.bash            text eol=lf
@@ -197,3 +197,6 @@ Procfile          text eol=lf
 
 # Ignore files (like .npmignore or .gitignore)
 *.*ignore         text eol=lf
+
+# Test Snapshots
+*.snap            text eol=lf

.github/workflows/changesets-pr.yml

@@ -0,0 +1,36 @@
+name: Changesets Publish Test
+
+on:
+  pull_request:
+
+concurrency:
+  group: changeset-pr-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  version:
+    if: github.event.pull_request.head.repo.fork == false
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Install dependencies with a custom registry
+        uses: ./.github/actions/install-app
+      - name: crowdin download
+        env:
+          CROWDIN_VERDACCIO_API_KEY: ${{ secrets.CROWDIN_VERDACCIO_API_KEY }}
+          CONTEXT: production
+        run: pnpm crowdin:download
+      - name: build
+        run: pnpm build
+      - name: Docker test
+        run: |
+          docker run -d -it --rm --name verdaccio -p 4873:4873 verdaccio/verdaccio:6
+      - name: login
+        run: npx npm-cli-login -u test -p 1234 -e test@domain.test -r http://localhost:4873
+      - name: Prepare
+        # to allow local snapshot
+        run: rm .changeset/pre.json
+      - name: Create snapshot
+        run: pnpm local:snapshots
+      - name: Changeset version
+        run: pnpm local:publish

.github/workflows/changesets.yml

@@ -1,9 +1,7 @@
 name: Changesets
 
 on:
-  schedule:
-    - cron: '0 0 * * *'
-
+  workflow_dispatch:
   push:
     branches:
       - master
@@ -19,41 +17,16 @@ jobs:
     runs-on: ubuntu-latest
     if: github.ref == 'refs/heads/master' && github.repository == 'verdaccio/verdaccio'
     steps:
-      - name: checkout code repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          fetch-depth: 0
-
-      - name: setup node.js
-        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
-        with:
-          node-version-file: '.nvmrc'
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
-
-      - name: Install pnpm
-        run: |
-          npm install --global corepack@latest
-          corepack enable
-          corepack install
-
-      - name: setup pnpm config
-        run: pnpm config set store-dir $PNPM_CACHE_FOLDER
-      - name: setup pnpm config registry
-        run: pnpm config set registry https://registry.npmjs.org
-
-      - name: install dependencies
-        run: pnpm install
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Install dependencies with a custom registry
+        uses: ./.github/actions/install-app
       - name: crowdin download
-        env:          
+        env:
           CROWDIN_VERDACCIO_API_KEY: ${{ secrets.CROWDIN_VERDACCIO_API_KEY }}
           CONTEXT: production
-        run: pnpm crowdin:download       
+        run: pnpm crowdin:download
       - name: build
         run: pnpm build
-
       - name: create versions
         uses: changesets/action@master
         with:

.github/workflows/ci.yml

@@ -68,7 +68,9 @@ jobs:
       fail-fast: true
       matrix:
         os: [ubuntu-latest]
-        node_version: [18, 20, 21, 22, 23]
+        ## updated according official maintained releases
+        ## https://nodejs.org/en/about/previous-releases
+        node_version: [18, 20, 22, 23]
     name: ${{ matrix.os }} / Node ${{ matrix.node_version }}
     runs-on: ${{ matrix.os }}
     steps:
@@ -94,7 +96,7 @@ jobs:
           npm install --global corepack@latest
           corepack enable
           corepack install
-      - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+      - uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}

.github/workflows/codeql-analysis.yml

@@ -37,7 +37,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
+        uses: github/codeql-action/init@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
         with:
           config: |
             paths-ignore:
@@ -50,7 +50,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
+        uses: github/codeql-action/autobuild@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -64,4 +64,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
+        uses: github/codeql-action/analyze@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10

.github/workflows/docker-publish.yml

@@ -25,7 +25,7 @@ jobs:
     if: github.repository == 'verdaccio/verdaccio'
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0
+      - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
       - uses: docker/setup-buildx-action@v1
         with:
           driver-opts: network=host

.github/workflows/e2e-ci.yml

@@ -45,7 +45,7 @@ jobs:
             npm9,
             npm10
           ]
-        node: [18, 23]
+        node: [22]
     name: ${{ matrix.pkg }}/ ubuntu-latest / ${{ matrix.node }}
     runs-on: ubuntu-latest
     steps:
@@ -59,7 +59,7 @@ jobs:
       - name: Restore cache pnpm store
         uses: ./.github/actions/cache-packages
       - name: Test CLI
-        run: NODE_ENV=production pnpm test --filter ...@verdaccio/e2e-cli-${{matrix.pkg}}
+        run: cd e2e/cli/e2e-${{matrix.pkg}} && NODE_ENV=production pnpm test
 
   e2e-cli-pnpm:
     needs: [prepare, build]
@@ -72,7 +72,7 @@ jobs:
             pnpm9,
             pnpm10,
           ]
-        node: [18, 23]
+        node: [22]
     name: ${{ matrix.pkg }}/ ubuntu-latest / ${{ matrix.node }}
     runs-on: ubuntu-latest
     steps:
@@ -86,7 +86,7 @@ jobs:
       - name: Restore cache pnpm store
         uses: ./.github/actions/cache-packages
       - name: Test CLI
-        run: NODE_ENV=production pnpm test --filter ...@verdaccio/e2e-cli-${{matrix.pkg}}
+        run:  cd e2e/cli/e2e-${{matrix.pkg}} && NODE_ENV=production pnpm test
   e2e-cli-yarn:
     needs: [prepare, build]
     strategy:
@@ -99,7 +99,7 @@ jobs:
             yarn3,
             yarn4
           ]
-        node: [18, 23]
+        node: [22]
     name: ${{ matrix.pkg }}/ ubuntu-latest / ${{ matrix.node }}
     runs-on: ubuntu-latest
     steps:
@@ -113,5 +113,5 @@ jobs:
       - name: Restore cache pnpm store
         uses: ./.github/actions/cache-packages
       - name: Test CLI
-        run: NODE_ENV=production pnpm test --filter ...@verdaccio/e2e-cli-${{matrix.pkg}}
+        run: cd e2e/cli/e2e-${{matrix.pkg}} && NODE_ENV=production pnpm test
 

.github/workflows/e2e-ui.yml

@@ -26,7 +26,7 @@ jobs:
           node-version: 20
       - name: Test UI
         run: pnpm test:e2e:ui
-      - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+      - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         with:
           name: videos
           path: /home/runner/work/verdaccio/verdaccio/e2e/ui/cypress/videos

.github/workflows/shared-docker-publish.yml

@@ -24,7 +24,7 @@ jobs:
     if: github.repository == 'verdaccio/verdaccio'
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0
+      - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
       - uses: docker/setup-buildx-action@v1
         with:
           driver-opts: network=host

.github/workflows/ui-components.yml

@@ -1,41 +1,36 @@
 name: UI Components
 
 on:
-#  pull_request:
+# Disabled temporary
+#  push:
+#    branches:
+#      - master
   workflow_dispatch:
-#  schedule:
-#    - cron: '0 0 * * *'
+
+concurrency:
+  group: ui-deploy-${{ github.ref }}
+  cancel-in-progress: true
 
 permissions:
-  contents: read  #  to fetch code (actions/checkout)
-
-env:
-  DEBUG: verdaccio*
+  contents: read
 
 jobs:
   deploy:
-    permissions:
-      contents: read  #  to fetch code (actions/checkout)
-      deployments: write
-      pull-requests: write  #  to comment on pull-requests
-
     runs-on: ubuntu-latest
     if: github.repository == 'verdaccio/verdaccio'
     env:
       NODE_OPTIONS: --max_old_space_size=4096
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
       - name: Install dependencies with a custom registry
         uses: ./.github/actions/install-app
-
-      - name: Install pnpm
-        run: |
-          npm install --global corepack@latest
-          corepack enable
-          corepack install
-      - name: Install
-        run: pnpm install
+      - name: crowdin download
+        env:
+          CROWDIN_VERDACCIO_API_KEY: ${{ secrets.CROWDIN_VERDACCIO_API_KEY }}
+          CONTEXT: production
+        run: pnpm crowdin:download
+      - name: Build modules
+        run: pnpm build
       - name: Build storybook
         run: pnpm ui:storybook:build
       - name: Copy public content

.github/workflows/website.yml

@@ -39,7 +39,7 @@ jobs:
       - name: Build Translations percentage
         run: pnpm --filter @verdaccio/local-scripts build
       - name: Cache Docusaurus Build
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
         with:
           path: website/node_modules/.cache/webpack
           key: cache/webpack-${{github.ref}}-${{ hashFiles('**/pnpm-lock.yaml') }}

.github/workflows/x-e2e-jest-workflow.yml

@@ -1,6 +1,6 @@
 on:
   workflow_call:
-  
+
 jobs:
   yarn:
     name: 'yarn:jest example'
@@ -132,7 +132,7 @@ jobs:
 
           yarn add left-pad --registry http://localhost:4873 --verbose
           echo "const leftPad = require('left-pad'); it('should resolve a module', () => { expect(typeof leftPad).toBe('function');});" | tee module.test.js
-          yarn jest module.test.js          
+          yarn jest module.test.js
   npm10:
     name: 'npm10:jest example'
     runs-on: ubuntu-latest
@@ -145,7 +145,7 @@ jobs:
         with:
           node-version-file: '.nvmrc'
       - name: 'install latest npm 10'
-        run: npm i -g npm@next-10  
+        run: npm i -g npm@next-10
       - name: Install Dependencies
         run: yarn install
       - name: 'Run verdaccio in the background'
@@ -165,7 +165,7 @@ jobs:
 
           yarn add left-pad --registry http://localhost:4873 --verbose
           echo "const leftPad = require('left-pad'); it('should resolve a module', () => { expect(typeof leftPad).toBe('function');});" | tee module.test.js
-          yarn jest module.test.js          
+          yarn jest module.test.js
   pnpm8:
     name: 'pnpm8:jest example'
     runs-on: ubuntu-latest
@@ -178,7 +178,7 @@ jobs:
         with:
           node-version-file: '.nvmrc'
       - name: 'install latest pnpm'
-        run: npm i -g pnpm@latest-8
+        run: npm i -g pnpm@10.5.2
       - name: Install Dependencies
         run: yarn install
       - name: 'Run verdaccio in the background'
@@ -211,7 +211,7 @@ jobs:
         with:
           node-version-file: '.nvmrc'
       - name: 'install latest pnpm'
-        run: npm i -g pnpm@latest-9
+        run: npm i -g pnpm@10.5.2
       - name: Install Dependencies
         run: yarn install
       - name: 'Run verdaccio in the background'

.gitignore

@@ -17,6 +17,10 @@ test-storage*
 # docker examples
 docker-examples/v5/reverse_proxy/nginx/relative_path/storage/*
 docker-examples/v5/**/storage/*
+docker-examples/v4/**/storage/*
+docker-examples/v6/**/storage/*
+docker-examples/v7/**/storage/*
+docker-examples/v8/**/storage/*
 
 # jest
 reports/
@@ -36,6 +40,7 @@ packages/standalone/dist/
 packages/plugins/ui-theme/static
 /packages/plugins/ui-theme/src/i18n/download_translations/
 !/packages/plugins/ui-theme/src/i18n/crowdin/ui.json
+/packages/core/**/download_translations/
 
 ## ui tests
 !/packages/ui-components/vitest/api/*.tgz

.prettierignore

@@ -1,4 +1,5 @@
 .cache/
+assets/**/*
 **/corrupted-package/package.json
 **/corrupted.json
 **/invalid.js

Dockerfile

@@ -11,12 +11,13 @@ RUN apk --no-cache add openssl ca-certificates wget && \
 
 WORKDIR /opt/verdaccio-build
 COPY . .
-RUN npm -g i pnpm@8.9.0 && \
+RUN npm -g i corepack && \
+    corepack install && \
     pnpm config set registry $VERDACCIO_BUILD_REGISTRY && \
     pnpm install --frozen-lockfile --ignore-scripts && \
     rm -Rf test && \
     pnpm run build
-# FIXME: need to remove devDependencies from the build    
+# FIXME: need to remove devDependencies from the build
 # NODE_ENV=production pnpm install --frozen-lockfile --ignore-scripts
 # RUN pnpm install --prod --ignore-scripts
 

crowdin.yaml

@@ -6,6 +6,8 @@ api_token_env: CROWDIN_VERDACCIO_API_KEY
 preserve_hierarchy: true
 
 files:
+  - source: /packages/core/i18n/src/crowdin/*.json
+    translation: '/packages/core/i18n/src/download_translations/%locale%/%original_file_name%'
   - source: /packages/plugins/ui-theme/src/i18n/crowdin/*.json
     translation: '/packages/plugins/ui-theme/src/i18n/download_translations/%locale%/%original_file_name%'
   - source: /website/i18n/en/**/*
@@ -16,4 +18,3 @@ files:
   - source: /website/versioned_docs/**/*
     translation: /website/i18n/%locale%/docusaurus-plugin-content-docs/**/%original_file_name%
     ignore: [/website/versioned_docs/version-6.x/api/**/*]
-   

e2e/cli/cli-commons/package.json

@@ -4,8 +4,8 @@
   "version": "2.0.0-next-8.0",
   "main": "src/index.ts",
   "devDependencies": {
-    "@verdaccio/config": "workspace:8.0.0-next-8.10",
-    "@verdaccio/core": "workspace:8.0.0-next-8.10",
+    "@verdaccio/config": "workspace:8.0.0-next-8.12",
+    "@verdaccio/core": "workspace:8.0.0-next-8.12",
     "@verdaccio/types": "workspace:13.0.0-next-8.3",
     "debug": "4.4.0",
     "fs-extra": "11.2.0",
@@ -13,7 +13,7 @@
     "got": "11.8.6",
     "js-yaml": "4.1.0",
     "lodash": "4.17.21",
-    "verdaccio": "workspace:8.0.0-next-8.10"
+    "verdaccio": "workspace:8.0.0-next-8.12"
   },
   "scripts": {
     "test": "echo no test",

e2e/ui/package.json

@@ -3,9 +3,9 @@
   "name": "@verdaccio/e2e-ui",
   "version": "2.0.0",
   "devDependencies": {
-    "verdaccio": "workspace:8.0.0-next-8.10",
-    "@verdaccio/core": "workspace:8.0.0-next-8.10",
-    "@verdaccio/config": "workspace:8.0.0-next-8.10",
+    "verdaccio": "workspace:8.0.0-next-8.12",
+    "@verdaccio/core": "workspace:8.0.0-next-8.12",
+    "@verdaccio/config": "workspace:8.0.0-next-8.12",
     "@verdaccio/test-helper": "workspace:4.0.0-next-8.3",
     "debug": "4.4.0",
     "cypress": "^13.6.0",

package.json

@@ -16,7 +16,7 @@
   },
   "devDependencies": {
     "@babel/cli": "7.26.4",
-    "@babel/core": "7.26.7",
+    "@babel/core": "7.26.9",
     "@babel/eslint-parser": "7.25.9",
     "@babel/node": "7.26.0",
     "@babel/plugin-proposal-decorators": "7.25.9",
@@ -33,12 +33,12 @@
     "@babel/plugin-transform-numeric-separator": "7.25.9",
     "@babel/plugin-transform-object-rest-spread": "7.25.9",
     "@babel/plugin-transform-optional-chaining": "7.25.9",
-    "@babel/plugin-transform-runtime": "7.25.9",
-    "@babel/preset-env": "7.26.7",
+    "@babel/plugin-transform-runtime": "7.26.9",
+    "@babel/preset-env": "7.26.9",
     "@babel/preset-react": "7.26.3",
     "@babel/preset-typescript": "7.24.7",
     "@babel/register": "7.25.9",
-    "@babel/runtime": "7.26.7",
+    "@babel/runtime": "7.26.9",
     "@changesets/changelog-github": "0.5.0",
     "@changesets/cli": "2.27.12",
     "@changesets/get-dependents-graph": "2.1.2",
@@ -58,10 +58,10 @@
     "@types/express": "4.17.21",
     "@types/express-serve-static-core": "4.19.5",
     "@types/http-errors": "2.0.4",
+    "@types/jest": "29.5.14",
     "@types/jsonwebtoken": "9.0.6",
     "@types/lodash": "4.17.7",
     "@types/mime": "3.0.4",
-    "@types/jest": "29.5.14",
     "@types/minimatch": "5.1.2",
     "@types/node": "20.14.12",
     "@types/node-fetch": "2.6.11",
@@ -84,8 +84,8 @@
     "@types/yeoman-test": "4.0.6",
     "@typescript-eslint/eslint-plugin": "6.21.0",
     "@typescript-eslint/parser": "6.21.0",
-    "@verdaccio/local-scripts": "workspace:*",
     "@verdaccio/eslint-config": "workspace:*",
+    "@verdaccio/local-scripts": "workspace:*",
     "@verdaccio/types": "workspace:*",
     "@verdaccio/ui-theme": "workspace:*",
     "@vitest/coverage-v8": "3.0.4",
@@ -112,11 +112,11 @@
     "react-dom": "18.3.1",
     "rimraf": "5.0.10",
     "selfsigned": "2.4.1",
+    "semver": "^7.6.3",
     "supertest": "7.0.0",
     "ts-node": "10.9.2",
     "typescript": "5.3.3",
     "undici-types": "5.28.4",
-    "semver": "^7.6.3",
     "update-ts-references": "3.6.0",
     "verdaccio-audit": "workspace:*",
     "verdaccio-auth-memory": "workspace:*",
@@ -157,7 +157,7 @@
     "ts:ref": "update-ts-references --discardComments",
     "website": "pnpm --filter ...@verdaccio/website build",
     "ui:storybook:build": "pnpm --filter ...@verdaccio/ui-components build-storybook",
-    "ui:storybook": "pnpm --filter ...@verdaccio/ui-components storybook",
+    "ui:storybook": "pnpm --filter ...@verdaccio/ui-components start",
     "translations": "local-crowdin-api translations",
     "crowdin:upload": "crowdin upload sources --auto-update --config ./crowdin.yaml",
     "crowdin:download": "crowdin download --verbose --config ./crowdin.yaml",
@@ -176,5 +176,5 @@
     "*.{js,jsx,ts,tsx,json,yml,yaml,md}": "prettier --write",
     "*.{js,jsx,ts,tsx}": "eslint --cache --fix"
   },
-  "packageManager": "pnpm@8.14.0+sha256.9cebf61abd83f68177b29484da72da9751390eaad46dfc3072d266bfbb1ba7bf"
+  "packageManager": "pnpm@10.5.2"
 }

packages/api/CHANGELOG.md

@@ -1,5 +1,35 @@
 # @verdaccio/api
 
+## 8.1.0-next-8.12
+
+### Patch Changes
+
+- Updated dependencies [95ac124]
+  - @verdaccio/core@8.0.0-next-8.12
+  - @verdaccio/store@8.0.0-next-8.12
+  - @verdaccio/auth@8.0.0-next-8.12
+  - @verdaccio/config@8.0.0-next-8.12
+  - @verdaccio/middleware@8.0.0-next-8.12
+  - @verdaccio/utils@8.1.0-next-8.12
+  - @verdaccio/logger@8.0.0-next-8.12
+
+## 8.1.0-next-8.11
+
+### Patch Changes
+
+- Updated dependencies [83dbde5]
+- Updated dependencies [4110873]
+- Updated dependencies [85e0e13]
+- Updated dependencies [7e48ac6]
+- Updated dependencies [66bc284]
+  - @verdaccio/store@8.0.0-next-8.11
+  - @verdaccio/middleware@8.0.0-next-8.11
+  - @verdaccio/utils@8.1.0-next-8.11
+  - @verdaccio/auth@8.0.0-next-8.11
+  - @verdaccio/config@8.0.0-next-8.11
+  - @verdaccio/core@8.0.0-next-8.11
+  - @verdaccio/logger@8.0.0-next-8.11
+
 ## 8.1.0-next-8.10
 
 ### Patch Changes

packages/api/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@verdaccio/api",
-  "version": "8.1.0-next-8.10",
-  "description": "loaders logic",
+  "version": "8.1.0-next-8.12",
+  "description": "Verdaccio Registry API",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
   "author": {
@@ -10,7 +10,11 @@
   },
   "repository": {
     "type": "https",
-    "url": "https://github.com/verdaccio/verdaccio"
+    "url": "https://github.com/verdaccio/verdaccio",
+    "directory": "packages/api"
+  },
+  "bugs": {
+    "url": "https://github.com/verdaccio/verdaccio/issues"
   },
   "homepage": "https://verdaccio.org",
   "keywords": [
@@ -38,13 +42,13 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@verdaccio/auth": "workspace:8.0.0-next-8.10",
-    "@verdaccio/config": "workspace:8.0.0-next-8.10",
-    "@verdaccio/core": "workspace:8.0.0-next-8.10",
-    "@verdaccio/logger": "workspace:8.0.0-next-8.10",
-    "@verdaccio/middleware": "workspace:8.0.0-next-8.10",
-    "@verdaccio/store": "workspace:8.0.0-next-8.10",
-    "@verdaccio/utils": "workspace:8.1.0-next-8.10",
+    "@verdaccio/auth": "workspace:8.0.0-next-8.12",
+    "@verdaccio/config": "workspace:8.0.0-next-8.12",
+    "@verdaccio/core": "workspace:8.0.0-next-8.12",
+    "@verdaccio/logger": "workspace:8.0.0-next-8.12",
+    "@verdaccio/middleware": "workspace:8.0.0-next-8.12",
+    "@verdaccio/store": "workspace:8.0.0-next-8.12",
+    "@verdaccio/utils": "workspace:8.1.0-next-8.12",
     "abortcontroller-polyfill": "1.7.8",
     "body-parser": "1.20.3",
     "cookies": "0.9.1",

packages/auth/CHANGELOG.md

@@ -1,5 +1,29 @@
 # @verdaccio/auth
 
+## 8.0.0-next-8.12
+
+### Patch Changes
+
+- Updated dependencies [95ac124]
+  - @verdaccio/core@8.0.0-next-8.12
+  - @verdaccio/config@8.0.0-next-8.12
+  - @verdaccio/loaders@8.0.0-next-8.4
+  - verdaccio-htpasswd@13.0.0-next-8.12
+  - @verdaccio/utils@8.1.0-next-8.12
+  - @verdaccio/signature@8.0.0-next-8.4
+
+## 8.0.0-next-8.11
+
+### Patch Changes
+
+- Updated dependencies [85e0e13]
+  - @verdaccio/utils@8.1.0-next-8.11
+  - @verdaccio/config@8.0.0-next-8.11
+  - @verdaccio/loaders@8.0.0-next-8.4
+  - verdaccio-htpasswd@13.0.0-next-8.11
+  - @verdaccio/signature@8.0.0-next-8.3
+  - @verdaccio/core@8.0.0-next-8.11
+
 ## 8.0.0-next-8.10
 
 ### Patch Changes

packages/auth/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@verdaccio/auth",
-  "version": "8.0.0-next-8.10",
-  "description": "logger",
+  "version": "8.0.0-next-8.12",
+  "description": "Verdaccio Authentication",
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
   "author": {
@@ -10,7 +10,11 @@
   },
   "repository": {
     "type": "https",
-    "url": "https://github.com/verdaccio/verdaccio"
+    "url": "https://github.com/verdaccio/verdaccio",
+    "directory": "packages/auth"
+  },
+  "bugs": {
+    "url": "https://github.com/verdaccio/verdaccio/issues"
   },
   "homepage": "https://verdaccio.org",
   "keywords": [
@@ -38,19 +42,19 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@verdaccio/config": "workspace:8.0.0-next-8.10",
-    "@verdaccio/core": "workspace:8.0.0-next-8.10",
+    "@verdaccio/config": "workspace:8.0.0-next-8.12",
+    "@verdaccio/core": "workspace:8.0.0-next-8.12",
     "@verdaccio/loaders": "workspace:8.0.0-next-8.4",
-    "@verdaccio/signature": "workspace:8.0.0-next-8.2",
-    "@verdaccio/utils": "workspace:8.1.0-next-8.10",
+    "@verdaccio/signature": "workspace:8.0.0-next-8.4",
+    "@verdaccio/utils": "workspace:8.1.0-next-8.12",
     "debug": "4.4.0",
     "lodash": "4.17.21",
-    "verdaccio-htpasswd": "workspace:13.0.0-next-8.10"
+    "verdaccio-htpasswd": "workspace:13.0.0-next-8.12"
   },
   "devDependencies": {
-    "@verdaccio/middleware": "workspace:8.0.0-next-8.10",
+    "@verdaccio/middleware": "workspace:8.0.0-next-8.12",
     "@verdaccio/types": "workspace:13.0.0-next-8.3",
-    "@verdaccio/logger": "workspace:8.0.0-next-8.10",
+    "@verdaccio/logger": "workspace:8.0.0-next-8.12",
     "express": "4.21.2",
     "supertest": "7.0.0"
   },

packages/auth/src/auth.ts

@@ -191,7 +191,7 @@ class Auth implements IAuthMiddleware, TokenEncryption, pluginUtils.IBasicAuth {
       plugin.authenticate(username, password, function (err: VerdaccioError | null, groups): void {
         if (err) {
           debug('authenticating for user %o failed. Error: %o', username, err?.message);
-          return cb(err);
+          return cb(err, undefined);
         }
 
         // Expect: SKIP if groups is falsey and not an array
@@ -201,7 +201,7 @@ class Auth implements IAuthMiddleware, TokenEncryption, pluginUtils.IBasicAuth {
         // Caveat: STRING (if valid) will pass successfully
         //         bug give unexpected results
         // Info: Cannot use `== false to check falsey values`
-        if (!!groups && groups.length !== 0) {
+        if (!!groups && groups?.length !== 0) {
           // TODO: create a better understanding of expectations
           if (_.isString(groups)) {
             throw new TypeError('plugin group error: invalid type for function');
@@ -212,7 +212,7 @@ class Auth implements IAuthMiddleware, TokenEncryption, pluginUtils.IBasicAuth {
           }
 
           debug('authentication for user %o was successfully. Groups: %o', username, groups);
-          return cb(err, createRemoteUser(username, groups));
+          return cb(err, createRemoteUser(username, groups as string[]));
         }
         next();
       });

packages/auth/src/utils.ts

@@ -161,7 +161,7 @@ export function getDefaultPlugins(logger: Logger): pluginUtils.Auth<Config> {
   return {
     authenticate(_user: string, _password: string, cb: pluginUtils.AuthCallback): void {
       debug('triggered default authenticate method');
-      cb(errorUtils.getForbidden(API_ERROR.BAD_USERNAME_PASSWORD));
+      cb(errorUtils.getForbidden(API_ERROR.BAD_USERNAME_PASSWORD), undefined);
     },
 
     adduser(_user: string, _password: string, cb: pluginUtils.AuthUserCallback): void {

packages/auth/test/auth.spec.ts

@@ -4,7 +4,14 @@ import supertest from 'supertest';
 import { describe, expect, test, vi } from 'vitest';
 
 import { Config as AppConfig, ROLES, createRemoteUser, getDefaultConfig } from '@verdaccio/config';
-import { HEADERS, HTTP_STATUS, SUPPORT_ERRORS, TOKEN_BEARER, errorUtils } from '@verdaccio/core';
+import {
+  API_ERROR,
+  HEADERS,
+  HTTP_STATUS,
+  SUPPORT_ERRORS,
+  TOKEN_BEARER,
+  errorUtils,
+} from '@verdaccio/core';
 import { logger, setup } from '@verdaccio/logger';
 import { errorReportingMiddleware, final, handleError } from '@verdaccio/middleware';
 import { Config } from '@verdaccio/types';
@@ -96,7 +103,7 @@ describe('AuthTest', () => {
         });
       });
 
-      test('should be a fail on login', async () => {
+      test('should be a fail on login due plugin failure', async () => {
         const config: Config = new AppConfig(authPluginFailureConf);
         config.checkSecretKey('12345');
         const auth: Auth = new Auth(config, logger);
@@ -107,7 +114,7 @@ describe('AuthTest', () => {
 
         auth.authenticate('foo', 'bar', callback);
         expect(callback).toHaveBeenCalledTimes(1);
-        expect(callback).toHaveBeenCalledWith(errorUtils.getInternalError());
+        expect(callback).toHaveBeenCalledWith(errorUtils.getInternalError(), undefined);
       });
     });
 
@@ -131,6 +138,7 @@ describe('AuthTest', () => {
           auth.authenticate(null, value, callback);
           const call = callback.mock.calls[index++];
           expect(call[0]).toBeDefined();
+          expect(call[0]).toEqual(errorUtils.getForbidden(API_ERROR.BAD_USERNAME_PASSWORD));
           expect(call[1]).toBeUndefined();
         }
       });

packages/cli/CHANGELOG.md

@@ -1,5 +1,24 @@
 # @verdaccio/cli
 
+## 8.0.0-next-8.12
+
+### Patch Changes
+
+- Updated dependencies [95ac124]
+  - @verdaccio/core@8.0.0-next-8.12
+  - @verdaccio/config@8.0.0-next-8.12
+  - @verdaccio/node-api@8.0.0-next-8.12
+  - @verdaccio/logger@8.0.0-next-8.12
+
+## 8.0.0-next-8.11
+
+### Patch Changes
+
+- @verdaccio/config@8.0.0-next-8.11
+- @verdaccio/node-api@8.0.0-next-8.11
+- @verdaccio/core@8.0.0-next-8.11
+- @verdaccio/logger@8.0.0-next-8.11
+
 ## 8.0.0-next-8.10
 
 ### Patch Changes

packages/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/cli",
-  "version": "8.0.0-next-8.10",
+  "version": "8.0.0-next-8.12",
   "author": {
     "name": "Juan Picado",
     "email": "juanpicado19@gmail.com"
@@ -11,7 +11,11 @@
   },
   "repository": {
     "type": "https",
-    "url": "https://github.com/verdaccio/verdaccio"
+    "url": "https://github.com/verdaccio/verdaccio",
+    "directory": "packages/cli"
+  },
+  "bugs": {
+    "url": "https://github.com/verdaccio/verdaccio/issues"
   },
   "homepage": "https://verdaccio.org",
   "keywords": [
@@ -28,7 +32,7 @@
   "engines": {
     "node": ">=18"
   },
-  "description": "verdaccio CLI",
+  "description": "Verdaccio CLI",
   "license": "MIT",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -43,10 +47,10 @@
     "start": "ts-node src/index.ts"
   },
   "dependencies": {
-    "@verdaccio/config": "workspace:8.0.0-next-8.10",
-    "@verdaccio/core": "workspace:8.0.0-next-8.10",
-    "@verdaccio/logger": "workspace:8.0.0-next-8.10",
-    "@verdaccio/node-api": "workspace:8.0.0-next-8.10",
+    "@verdaccio/config": "workspace:8.0.0-next-8.12",
+    "@verdaccio/core": "workspace:8.0.0-next-8.12",
+    "@verdaccio/logger": "workspace:8.0.0-next-8.12",
+    "@verdaccio/node-api": "workspace:8.0.0-next-8.12",
     "clipanion": "4.0.0-rc.4",
     "envinfo": "7.14.0",
     "kleur": "4.1.5",

packages/config/CHANGELOG.md

@@ -1,5 +1,21 @@
 # @verdaccio/config
 
+## 8.0.0-next-8.12
+
+### Patch Changes
+
+- Updated dependencies [95ac124]
+  - @verdaccio/core@8.0.0-next-8.12
+  - @verdaccio/utils@8.1.0-next-8.12
+
+## 8.0.0-next-8.11
+
+### Patch Changes
+
+- Updated dependencies [85e0e13]
+  - @verdaccio/utils@8.1.0-next-8.11
+  - @verdaccio/core@8.0.0-next-8.11
+
 ## 8.0.0-next-8.10
 
 ### Patch Changes

packages/config/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@verdaccio/config",
-  "version": "8.0.0-next-8.10",
-  "description": "logger",
+  "version": "8.0.0-next-8.12",
+  "description": "Verdaccio Configuration",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
   "author": {
@@ -10,7 +10,11 @@
   },
   "repository": {
     "type": "https",
-    "url": "https://github.com/verdaccio/verdaccio"
+    "url": "https://github.com/verdaccio/verdaccio",
+    "directory": "packages/config"
+  },
+  "bugs": {
+    "url": "https://github.com/verdaccio/verdaccio/issues"
   },
   "license": "MIT",
   "homepage": "https://verdaccio.org",
@@ -38,8 +42,8 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:8.0.0-next-8.10",
-    "@verdaccio/utils": "workspace:8.1.0-next-8.10",
+    "@verdaccio/core": "workspace:8.0.0-next-8.12",
+    "@verdaccio/utils": "workspace:8.1.0-next-8.12",
     "debug": "4.4.0",
     "js-yaml": "4.1.0",
     "lodash": "4.17.21",

packages/core/core/CHANGELOG.md

@@ -1,5 +1,13 @@
 # @verdaccio/core
 
+## 8.0.0-next-8.12
+
+### Patch Changes
+
+- 95ac124: chore: add package parameter to storage plugin interface
+
+## 8.0.0-next-8.11
+
 ## 8.0.0-next-8.10
 
 ## 8.0.0-next-8.9

packages/core/core/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@verdaccio/core",
-  "version": "8.0.0-next-8.10",
-  "description": "core utilities",
+  "version": "8.0.0-next-8.12",
+  "description": "Verdaccio Core Components",
   "keywords": [
     "private",
     "package",

packages/core/core/src/index.ts

@@ -28,6 +28,7 @@ export {
   PLUGIN_CATEGORY,
   HtpasswdHashAlgorithm,
 } from './constants';
+export * from './plugin-utils';
 const validationUtils = validatioUtils;
 export {
   fileUtils,

packages/core/core/src/plugin-utils.ts

@@ -51,7 +51,7 @@ export class Plugin<PluginConfig> {
 export interface StorageHandler {
   logger: Logger;
   deletePackage(fileName: string): Promise<void>;
-  removePackage(): Promise<void>;
+  removePackage(packageName: string): Promise<void>;
   //  next packages migration (this list is meant to replace the callback parent functions)
   updatePackage(
     packageName: string,
@@ -65,7 +65,7 @@ export interface StorageHandler {
   // verify if tarball exist in the storage
   hasTarball(fileName: string): Promise<boolean>;
   // verify if package exist in the storage
-  hasPackage(): Promise<boolean>;
+  hasPackage(packageName: string): Promise<boolean>;
 }
 
 /**
@@ -98,7 +98,7 @@ export interface Storage<PluginConfig> extends Plugin<PluginConfig> {
  *
  *  ```ts
  *  import express, { Request, Response } from 'express';
- * 
+ *
  *  class Middleware extends Plugin {
  *    // instances of auth and storage are injected
  *    register_middlewares(app, auth, storage) {
@@ -119,7 +119,10 @@ export interface ExpressMiddleware<PluginConfig, Storage, Auth> extends Plugin<P
 
 // --- AUTH PLUGIN ---
 
-export type AuthCallback = (error: VerdaccioError | null, groups?: string[] | false) => void;
+export type AuthCallback = (
+  error: VerdaccioError | null,
+  user: string[] | false | undefined
+) => void;
 
 export type AuthAccessCallback = (error: VerdaccioError | null, access?: boolean) => void;
 export type AuthUserCallback = (error: VerdaccioError | null, access?: boolean | string) => void;
@@ -147,7 +150,7 @@ export interface Auth<T> extends Plugin<T> {
           return done(errorUtils.getUnauthorized(API_ERROR.BAD_USERNAME_PASSWORD));
         }
         // always return an array of users
-        return done(null, [user]);      
+        return done(null, [user]);
    *  }
    * ```
    */
@@ -161,7 +164,7 @@ export interface Auth<T> extends Plugin<T> {
           return done(errorUtils.getUnauthorized(API_ERROR.BAD_USERNAME_PASSWORD));
         }
         // return boolean
-        return done(null, true);      
+        return done(null, true);
    *  }
    * ```
    */

packages/core/file-locking/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@verdaccio/file-locking",
   "version": "13.0.0-next-8.2",
-  "description": "library that handle file locking",
+  "description": "Verdaccio File Locking Library",
   "keywords": [
     "private",
     "package",

packages/core/i18n/.babelrc

@@ -0,0 +1,14 @@
+{
+  "extends": "../../../.babelrc",
+  "presets": [
+    [
+      "@babel/env",
+      {
+        "targets": {
+          "node": 18
+        }
+      }
+    ],
+    "@babel/typescript"
+  ]
+}

packages/core/i18n/.eslintignore

@@ -0,0 +1,6 @@
+node_modules
+coverage/
+lib/
+.nyc_output
+tests-report/
+build/

packages/core/i18n/.eslintrc.json

@@ -0,0 +1,5 @@
+{
+  "rules": {
+    "@typescript-eslint/no-use-before-define": "off"
+  }
+}

packages/core/i18n/.npmignore

@@ -0,0 +1 @@
+src/*

packages/core/i18n/CHANGELOG.md

@@ -0,0 +1,7 @@
+# @verdaccio/ui-i18n
+
+## 8.0.0-next-8.11
+
+### Patch Changes
+
+- b6e9f46: fix: ignore duplicted files

packages/core/i18n/package.json

@@ -0,0 +1,47 @@
+{
+  "name": "@verdaccio/ui-i18n",
+  "version": "8.0.0-next-8.11",
+  "description": "Verdaccio UI Internationalization (i18n)",
+  "keywords": [
+    "private",
+    "package",
+    "repository",
+    "registry",
+    "enterprise",
+    "modules",
+    "proxy",
+    "server",
+    "verdaccio"
+  ],
+  "main": "./build/index.js",
+  "types": "./build/index.d.ts",
+  "author": "Juan Picado <juanpicado19@gmail.com>",
+  "license": "MIT",
+  "homepage": "https://verdaccio.org",
+  "engines": {
+    "node": ">=18"
+  },
+  "repository": {
+    "type": "https",
+    "url": "https://github.com/verdaccio/verdaccio",
+    "directory": "packages/core/i18n"
+  },
+  "bugs": {
+    "url": "https://github.com/verdaccio/verdaccio/issues"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "clean": "rimraf ./build",
+    "test": "echo \"Error: no test specified\"",
+    "type-check": "tsc --noEmit -p tsconfig.build.json",
+    "build:types": "tsc --emitDeclarationOnly -p tsconfig.build.json",
+    "build:js": "babel src/ --out-dir build/ --copy-files --extensions \".ts,.tsx\" --source-maps",
+    "build": "pnpm run build:js && pnpm run build:types"
+  },
+  "funding": {
+    "type": "opencollective",
+    "url": "https://opencollective.com/verdaccio"
+  }
+}

packages/core/i18n/src/index.ts

@@ -0,0 +1 @@
+export { loadTranslationFile as default } from './loadTranslationFile';

packages/core/i18n/tsconfig.build.json

@@ -0,0 +1,9 @@
+{
+  "extends": "../../../tsconfig.base.json",
+  "compilerOptions": {
+    "rootDir": "./src",
+    "outDir": "./build"
+  },
+  "include": ["src/**/*"],
+  "exclude": ["src/**/*.test.ts"]
+}

packages/core/i18n/tsconfig.json

@@ -0,0 +1,9 @@
+{
+  "extends": "../../../tsconfig.reference.json",
+  "compilerOptions": {
+    "rootDir": "./src",
+    "outDir": "./build"
+  },
+  "include": ["src/**/*"],
+  "exclude": ["src/**/*.test.ts"]
+}

packages/core/tarball/CHANGELOG.md

@@ -1,5 +1,23 @@
 # Change Log
 
+## 13.0.0-next-8.12
+
+### Patch Changes
+
+- Updated dependencies [95ac124]
+  - @verdaccio/core@8.0.0-next-8.12
+  - @verdaccio/url@13.0.0-next-8.12
+  - @verdaccio/utils@8.1.0-next-8.12
+
+## 13.0.0-next-8.11
+
+### Patch Changes
+
+- Updated dependencies [85e0e13]
+  - @verdaccio/utils@8.1.0-next-8.11
+  - @verdaccio/core@8.0.0-next-8.11
+  - @verdaccio/url@13.0.0-next-8.11
+
 ## 13.0.0-next-8.10
 
 ### Patch Changes

packages/core/tarball/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@verdaccio/tarball",
-  "version": "13.0.0-next-8.10",
-  "description": "tarball utilities resolver",
+  "version": "13.0.0-next-8.12",
+  "description": "Verdaccio Tarball Utilities",
   "keywords": [
     "private",
     "package",
@@ -33,9 +33,9 @@
     "access": "public"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:8.0.0-next-8.10",
-    "@verdaccio/url": "workspace:13.0.0-next-8.10",
-    "@verdaccio/utils": "workspace:8.1.0-next-8.10",
+    "@verdaccio/core": "workspace:8.0.0-next-8.12",
+    "@verdaccio/url": "workspace:13.0.0-next-8.12",
+    "@verdaccio/utils": "workspace:8.1.0-next-8.12",
     "debug": "4.4.0",
     "gunzip-maybe": "^1.4.2",
     "lodash": "4.17.21",

packages/core/types/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@verdaccio/types",
   "version": "13.0.0-next-8.3",
-  "description": "verdaccio types definitions",
+  "description": "Verdaccio Type Definitions",
   "keywords": [
     "private",
     "package",

packages/core/url/CHANGELOG.md

@@ -1,5 +1,18 @@
 # Change Log
 
+## 13.0.0-next-8.12
+
+### Patch Changes
+
+- Updated dependencies [95ac124]
+  - @verdaccio/core@8.0.0-next-8.12
+
+## 13.0.0-next-8.11
+
+### Patch Changes
+
+- @verdaccio/core@8.0.0-next-8.11
+
 ## 13.0.0-next-8.10
 
 ### Patch Changes

packages/core/url/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@verdaccio/url",
-  "version": "13.0.0-next-8.10",
-  "description": "url utilities resolver",
+  "version": "13.0.0-next-8.12",
+  "description": "Verdaccio URL Utilities",
   "keywords": [
     "private",
     "package",
@@ -24,7 +24,7 @@
   "repository": {
     "type": "https",
     "url": "https://github.com/verdaccio/verdaccio",
-    "directory": "packages/core/url-resolver"
+    "directory": "packages/core/url"
   },
   "bugs": {
     "url": "https://github.com/verdaccio/verdaccio/issues"
@@ -33,7 +33,7 @@
     "access": "public"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:8.0.0-next-8.10",
+    "@verdaccio/core": "workspace:8.0.0-next-8.12",
     "debug": "4.4.0",
     "lodash": "4.17.21",
     "validator": "13.12.0"

packages/hooks/CHANGELOG.md

@@ -1,5 +1,20 @@
 # @verdaccio/hooks
 
+## 8.0.0-next-8.12
+
+### Patch Changes
+
+- Updated dependencies [95ac124]
+  - @verdaccio/core@8.0.0-next-8.12
+  - @verdaccio/logger@8.0.0-next-8.12
+
+## 8.0.0-next-8.11
+
+### Patch Changes
+
+- @verdaccio/core@8.0.0-next-8.11
+- @verdaccio/logger@8.0.0-next-8.11
+
 ## 8.0.0-next-8.10
 
 ### Patch Changes

packages/hooks/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@verdaccio/hooks",
-  "version": "8.0.0-next-8.10",
-  "description": "loaders logic",
+  "version": "8.0.0-next-8.12",
+  "description": "Verdaccio Hooks",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
   "author": {
@@ -10,7 +10,11 @@
   },
   "repository": {
     "type": "https",
-    "url": "https://github.com/verdaccio/verdaccio"
+    "url": "https://github.com/verdaccio/verdaccio",
+    "directory": "packages/hooks"
+  },
+  "bugs": {
+    "url": "https://github.com/verdaccio/verdaccio/issues"
   },
   "license": "MIT",
   "homepage": "https://verdaccio.org",
@@ -29,16 +33,16 @@
     "node": ">=18"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:8.0.0-next-8.10",
-    "@verdaccio/logger": "workspace:8.0.0-next-8.10",
+    "@verdaccio/core": "workspace:8.0.0-next-8.12",
+    "@verdaccio/logger": "workspace:8.0.0-next-8.12",
     "core-js": "3.40.0",
     "debug": "4.4.0",
     "got-cjs": "12.5.4",
     "handlebars": "4.7.8"
   },
   "devDependencies": {
-    "@verdaccio/auth": "workspace:8.0.0-next-8.10",
-    "@verdaccio/config": "workspace:8.0.0-next-8.10",
+    "@verdaccio/auth": "workspace:8.0.0-next-8.12",
+    "@verdaccio/config": "workspace:8.0.0-next-8.12",
     "@verdaccio/types": "workspace:13.0.0-next-8.3"
   },
   "scripts": {

packages/loaders/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@verdaccio/loaders",
   "version": "8.0.0-next-8.4",
-  "description": "loaders logic",
+  "description": "Verdaccio Loader Logic",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
   "author": {
@@ -10,20 +10,24 @@
   },
   "repository": {
     "type": "https",
-    "url": "https://github.com/verdaccio/verdaccio"
+    "url": "https://github.com/verdaccio/verdaccio",
+    "directory": "packages/loaders"
+  },
+  "bugs": {
+    "url": "https://github.com/verdaccio/verdaccio/issues"
   },
   "dependencies": {
     "debug": "4.4.0",
     "lodash": "4.17.21"
   },
   "devDependencies": {
-    "@verdaccio/logger": "workspace:8.0.0-next-8.10",
-    "@verdaccio/core": "workspace:8.0.0-next-8.10",
-    "@verdaccio/config": "workspace:8.0.0-next-8.10",
+    "@verdaccio/logger": "workspace:8.0.0-next-8.12",
+    "@verdaccio/core": "workspace:8.0.0-next-8.12",
+    "@verdaccio/config": "workspace:8.0.0-next-8.12",
     "@verdaccio/types": "workspace:13.0.0-next-8.3",
     "@verdaccio-scope/verdaccio-auth-foo": "0.0.2",
     "verdaccio-auth-memory": "workspace:*",
-    "customprefix-auth": "2.0.0"
+    "customprefix-auth": "workspace:2.0.0"
   },
   "homepage": "https://verdaccio.org",
   "keywords": [

packages/logger/logger-commons/CHANGELOG.md

@@ -1,5 +1,18 @@
 # @verdaccio/logger-commons
 
+## 8.0.0-next-8.12
+
+### Patch Changes
+
+- Updated dependencies [95ac124]
+  - @verdaccio/core@8.0.0-next-8.12
+
+## 8.0.0-next-8.11
+
+### Patch Changes
+
+- @verdaccio/core@8.0.0-next-8.11
+
 ## 8.0.0-next-8.10
 
 ### Patch Changes

packages/logger/logger-commons/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@verdaccio/logger-commons",
-  "version": "8.0.0-next-8.10",
-  "description": "logger",
+  "version": "8.0.0-next-8.12",
+  "description": "Verdaccio Logger Commons",
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
   "author": {
@@ -10,7 +10,11 @@
   },
   "repository": {
     "type": "https",
-    "url": "https://github.com/verdaccio/verdaccio"
+    "url": "https://github.com/verdaccio/verdaccio",
+    "directory": "packages/logger/logger-commons"
+  },
+  "bugs": {
+    "url": "https://github.com/verdaccio/verdaccio/issues"
   },
   "license": "MIT",
   "homepage": "https://verdaccio.org",
@@ -38,7 +42,7 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:8.0.0-next-8.10",
+    "@verdaccio/core": "workspace:8.0.0-next-8.12",
     "@verdaccio/logger-prettify": "workspace:8.0.0-next-8.1",
     "debug": "4.4.0",
     "colorette": "2.0.20"

packages/logger/logger-prettify/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@verdaccio/logger-prettify",
   "version": "8.0.0-next-8.1",
-  "description": "logger",
+  "description": "Verdaccio Logger Prettify",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
   "author": {
@@ -10,7 +10,11 @@
   },
   "repository": {
     "type": "https",
-    "url": "https://github.com/verdaccio/verdaccio"
+    "url": "https://github.com/verdaccio/verdaccio",
+    "directory": "packages/logger/logger-prettify"
+  },
+  "bugs": {
+    "url": "https://github.com/verdaccio/verdaccio/issues"
   },
   "license": "MIT",
   "homepage": "https://verdaccio.org",

packages/logger/logger/CHANGELOG.md

@@ -1,5 +1,17 @@
 # @verdaccio/logger
 
+## 8.0.0-next-8.12
+
+### Patch Changes
+
+- @verdaccio/logger-commons@8.0.0-next-8.12
+
+## 8.0.0-next-8.11
+
+### Patch Changes
+
+- @verdaccio/logger-commons@8.0.0-next-8.11
+
 ## 8.0.0-next-8.10
 
 ### Patch Changes

packages/logger/logger/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@verdaccio/logger",
-  "version": "8.0.0-next-8.10",
-  "description": "logger",
+  "version": "8.0.0-next-8.12",
+  "description": "Verdaccio Logger",
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
   "author": {
@@ -10,7 +10,11 @@
   },
   "repository": {
     "type": "https",
-    "url": "https://github.com/verdaccio/verdaccio"
+    "url": "https://github.com/verdaccio/verdaccio",
+    "directory": "packages/logger/logger"
+  },
+  "bugs": {
+    "url": "https://github.com/verdaccio/verdaccio/issues"
   },
   "license": "MIT",
   "homepage": "https://verdaccio.org",
@@ -38,7 +42,7 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/logger-commons": "workspace:8.0.0-next-8.10",
+    "@verdaccio/logger-commons": "workspace:8.0.0-next-8.12",
     "pino": "9.6.0"
   },
   "devDependencies": {

packages/middleware/CHANGELOG.md

@@ -1,5 +1,27 @@
 # @verdaccio/middleware
 
+## 8.0.0-next-8.12
+
+### Patch Changes
+
+- Updated dependencies [95ac124]
+  - @verdaccio/core@8.0.0-next-8.12
+  - @verdaccio/config@8.0.0-next-8.12
+  - @verdaccio/url@13.0.0-next-8.12
+  - @verdaccio/utils@8.1.0-next-8.12
+
+## 8.0.0-next-8.11
+
+### Patch Changes
+
+- 4110873: chore(middleware): improve loop detection
+- 66bc284: chore: middleware package update
+- Updated dependencies [85e0e13]
+  - @verdaccio/utils@8.1.0-next-8.11
+  - @verdaccio/config@8.0.0-next-8.11
+  - @verdaccio/core@8.0.0-next-8.11
+  - @verdaccio/url@13.0.0-next-8.11
+
 ## 8.0.0-next-8.10
 
 ### Patch Changes

packages/middleware/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@verdaccio/middleware",
-  "version": "8.0.0-next-8.10",
-  "description": "express middleware utils",
+  "version": "8.0.0-next-8.12",
+  "description": "Verdaccio Express Middleware",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
   "author": {
@@ -10,7 +10,11 @@
   },
   "repository": {
     "type": "https",
-    "url": "https://github.com/verdaccio/verdaccio"
+    "url": "https://github.com/verdaccio/verdaccio",
+    "directory": "packages/middleware"
+  },
+  "bugs": {
+    "url": "https://github.com/verdaccio/verdaccio/issues"
   },
   "license": "MIT",
   "homepage": "https://verdaccio.org",
@@ -38,10 +42,10 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/config": "workspace:8.0.0-next-8.10",
-    "@verdaccio/core": "workspace:8.0.0-next-8.10",
-    "@verdaccio/url": "workspace:13.0.0-next-8.10",
-    "@verdaccio/utils": "workspace:8.1.0-next-8.10",
+    "@verdaccio/config": "workspace:8.0.0-next-8.12",
+    "@verdaccio/core": "workspace:8.0.0-next-8.12",
+    "@verdaccio/url": "workspace:13.0.0-next-8.12",
+    "@verdaccio/utils": "workspace:8.1.0-next-8.12",
     "debug": "4.4.0",
     "express": "4.21.2",
     "express-rate-limit": "5.5.1",
@@ -54,7 +58,7 @@
     "url": "https://opencollective.com/verdaccio"
   },
   "devDependencies": {
-    "@verdaccio/logger": "workspace:8.0.0-next-8.10",
+    "@verdaccio/logger": "workspace:8.0.0-next-8.12",
     "body-parser": "1.20.3",
     "supertest": "7.0.0",
     "jsdom": "25.0.1"

packages/middleware/src/middlewares/antiLoop.ts

@@ -14,13 +14,24 @@ export function antiLoop(config: Config) {
       const arr = req.get('via')?.split(',');
       if (Array.isArray(arr)) {
         for (let i = 0; i < arr.length; i++) {
-          // the "via" header must contains an specific headers, this has to be on sync
+          // the "via" header must contain a specific value, this has to be in sync
           // with the proxy request
           // match eg: Server 1 or Server 2
-          // TODO: improve this RegEX
-          const m = arr[i].trim().match(/\s*(\S+)\s+(\S+)/);
-          if (m && m[2] === config.server_id) {
-            return next(errorUtils.getCode(HTTP_STATUS.LOOP_DETECTED, 'loop detected'));
+
+          // RFC 7230: Via = 1*( "," OWS Via-value )
+          //           Via-value = received-protocol RWS received-by [ RWS comment ]
+          //           received-protocol = [ protocol-name "/" ] protocol-version
+          //           received-by = ( uri-host [ ":" port ] ) / pseudonym
+
+          // Split the trimmed header value into parts
+          const parts = arr[i].trim().split(/\s+/);
+          // Check if we have at least protocol/version and received-by parts
+          if (parts.length >= 2) {
+            // Get the received-by value (server id), removing any comment
+            const serverId = parts[1].split('(')[0].trim();
+            if (serverId === config.server_id) {
+              return next(errorUtils.getCode(HTTP_STATUS.LOOP_DETECTED, 'loop detected'));
+            }
           }
         }
       }

packages/middleware/src/middlewares/web/render-web.ts

@@ -8,6 +8,7 @@ import { isURLhasValidProtocol } from '@verdaccio/url';
 
 import { setSecurityWebHeaders } from './security';
 import renderHTML from './utils/renderHTML';
+import { WebUrlsNamespace } from './web-urls';
 
 const debug = buildDebug('verdaccio:web:render');
 
@@ -35,7 +36,7 @@ export function renderWebMiddleware(config, tokenMiddleware, pluginOptions) {
   router.use(setSecurityWebHeaders);
 
   // any match within the static is routed to the file system
-  router.get('/-/static/*', function (req, res, next) {
+  router.get(WebUrlsNamespace.static + '*', function (req, res, next) {
     const filename = req.params[0];
     let file = `${staticPath}/${filename}`;
     if (filename === 'favicon.ico' && config?.web?.favicon) {
@@ -64,7 +65,7 @@ export function renderWebMiddleware(config, tokenMiddleware, pluginOptions) {
         ) {
           // Note: `path.join` will break on Windows, because it transforms `/` to `\`
           // Use POSIX version `path.posix.join` instead.
-          logo = path.posix.join('/-/static/', path.basename(logo));
+          logo = path.posix.join(WebUrlsNamespace.static, path.basename(logo));
           router.get(logo, function (_req, res, next) {
             // @ts-ignore
             debug('serve custom logo  web:%s - local:%s', logo, absoluteLocalFile);
@@ -92,12 +93,12 @@ export function renderWebMiddleware(config, tokenMiddleware, pluginOptions) {
     config.web.logoDark = logoDark;
   }
 
-  router.get('/-/web/:section/*', function (req, res) {
+  router.get(WebUrlsNamespace.web + ':section/*', function (req, res) {
     renderHTML(config, manifest, manifestFiles, req, res);
     debug('render html section');
   });
 
-  router.get('/', function (req, res) {
+  router.get(WebUrlsNamespace.root, function (req, res) {
     renderHTML(config, manifest, manifestFiles, req, res);
     debug('render root');
   });

packages/middleware/src/middlewares/web/web-middleware.ts

@@ -2,14 +2,15 @@ import express from 'express';
 
 import { renderWebMiddleware } from './render-web';
 import { webAPIMiddleware } from './web-api';
+import { WebUrlsNamespace } from './web-urls';
 
 export default (config, middlewares, pluginOptions): any => {
   // eslint-disable-next-line new-cap
   const router = express.Router();
   const { tokenMiddleware, webEndpointsApi } = middlewares;
   // render web
-  router.use('/', renderWebMiddleware(config, tokenMiddleware, pluginOptions));
-  // web endpoints, search, packages, etc
-  router.use('/-/verdaccio/', webAPIMiddleware(tokenMiddleware, webEndpointsApi));
+  router.use(WebUrlsNamespace.root, renderWebMiddleware(config, tokenMiddleware, pluginOptions));
+  // web endpoints: search, packages, readme, sidebar, etc
+  router.use(WebUrlsNamespace.endpoints, webAPIMiddleware(tokenMiddleware, webEndpointsApi));
   return router;
 };

packages/middleware/src/middlewares/web/web-urls.ts

@@ -16,7 +16,10 @@ export enum WebUrls {
  * Enum for web urls namespace, used on the web middleware
  */
 export enum WebUrlsNamespace {
-  root = '/-/verdaccio/',
+  root = '/',
+  static = '/-/static/',
+  endpoints = '/-/verdaccio/',
+  web = '/-/web/',
   data = '/data/',
   sec = '/sec/',
 }

packages/middleware/test/antiLoop.spec.ts

@@ -0,0 +1,90 @@
+import request from 'supertest';
+import { test } from 'vitest';
+
+import { HTTP_STATUS } from '@verdaccio/core';
+
+import { antiLoop } from '../src';
+import { getApp } from './helper';
+
+test('should not be a loop', async () => {
+  const app = getApp([]);
+  // @ts-ignore
+  app.use(antiLoop({ server_id: '1' }));
+  app.get('/sec', (req, res) => {
+    res.status(HTTP_STATUS.OK).json({});
+  });
+
+  return request(app).get('/sec').set('via', 'Server 2').expect(HTTP_STATUS.OK);
+});
+
+test('should be a loop', async () => {
+  const app = getApp([]);
+  // @ts-ignore
+  app.use(antiLoop({ server_id: '1' }));
+  app.get('/sec', (req, res) => {
+    res.status(HTTP_STATUS.OK).json({});
+  });
+
+  return request(app)
+    .get('/sec')
+    .set('via', 'Server 1, Server 2')
+    .expect(HTTP_STATUS.LOOP_DETECTED);
+});
+
+test('should detect loop with protocol name in via header', async () => {
+  const app = getApp([]);
+  // @ts-ignore
+  app.use(antiLoop({ server_id: '1' }));
+  app.get('/sec', (req, res) => {
+    res.status(HTTP_STATUS.OK).json({});
+  });
+
+  return request(app).get('/sec').set('via', 'HTTP/1.1 1').expect(HTTP_STATUS.LOOP_DETECTED);
+});
+
+test('should detect loop with comment in via header', async () => {
+  const app = getApp([]);
+  // @ts-ignore
+  app.use(antiLoop({ server_id: '1' }));
+  app.get('/sec', (req, res) => {
+    res.status(HTTP_STATUS.OK).json({});
+  });
+
+  return request(app).get('/sec').set('via', '1.1 1 (Verdaccio)').expect(HTTP_STATUS.LOOP_DETECTED);
+});
+
+test('should detect loop in multiple via entries', async () => {
+  const app = getApp([]);
+  // @ts-ignore
+  app.use(antiLoop({ server_id: '1' }));
+  app.get('/sec', (req, res) => {
+    res.status(HTTP_STATUS.OK).json({});
+  });
+
+  return request(app)
+    .get('/sec')
+    .set('via', '1.1 server-a, 1.1 1, 1.1 server-b')
+    .expect(HTTP_STATUS.LOOP_DETECTED);
+});
+
+test('should handle malformed via header gracefully', async () => {
+  const app = getApp([]);
+  // @ts-ignore
+  app.use(antiLoop({ server_id: '1' }));
+  app.get('/sec', (req, res) => {
+    res.status(HTTP_STATUS.OK).json({});
+  });
+
+  return request(app).get('/sec').set('via', 'malformed-header').expect(HTTP_STATUS.OK);
+});
+
+test('should handle via header with unexpected format', async () => {
+  const app = getApp([]);
+  // @ts-ignore
+  app.use(antiLoop({ server_id: '1' }));
+  app.get('/sec', (req, res) => {
+    res.status(HTTP_STATUS.OK).json({});
+  });
+
+  return request(app).get('/sec').set('via', 'unexpected format').expect(HTTP_STATUS.OK);
+});

packages/middleware/test/loop.spec.ts

@@ -1,32 +0,0 @@
-import request from 'supertest';
-import { test } from 'vitest';
-
-import { HTTP_STATUS } from '@verdaccio/core';
-
-import { antiLoop } from '../src';
-import { getApp } from './helper';
-
-test('should not be a loop', async () => {
-  const app = getApp([]);
-  // @ts-ignore
-  app.use(antiLoop({ server_id: '1' }));
-  app.get('/sec', (req, res) => {
-    res.status(HTTP_STATUS.OK).json({});
-  });
-
-  return request(app).get('/sec').set('via', 'Server 2').expect(HTTP_STATUS.OK);
-});
-
-test('should be a loop', async () => {
-  const app = getApp([]);
-  // @ts-ignore
-  app.use(antiLoop({ server_id: '1' }));
-  app.get('/sec', (req, res) => {
-    res.status(HTTP_STATUS.OK).json({});
-  });
-
-  return request(app)
-    .get('/sec')
-    .set('via', 'Server 1, Server 2')
-    .expect(HTTP_STATUS.LOOP_DETECTED);
-});

packages/node-api/CHANGELOG.md

@@ -1,5 +1,26 @@
 # @verdaccio/node-api
 
+## 8.0.0-next-8.12
+
+### Patch Changes
+
+- Updated dependencies [95ac124]
+  - @verdaccio/core@8.0.0-next-8.12
+  - @verdaccio/config@8.0.0-next-8.12
+  - @verdaccio/server@8.0.0-next-8.12
+  - @verdaccio/server-fastify@8.0.0-next-8.12
+  - @verdaccio/logger@8.0.0-next-8.12
+
+## 8.0.0-next-8.11
+
+### Patch Changes
+
+- @verdaccio/server@8.0.0-next-8.11
+- @verdaccio/server-fastify@8.0.0-next-8.11
+- @verdaccio/config@8.0.0-next-8.11
+- @verdaccio/core@8.0.0-next-8.11
+- @verdaccio/logger@8.0.0-next-8.11
+
 ## 8.0.0-next-8.10
 
 ### Patch Changes

packages/node-api/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@verdaccio/node-api",
-  "version": "8.0.0-next-8.10",
-  "description": "node API",
+  "version": "8.0.0-next-8.12",
+  "description": "Verdaccio Node API",
   "main": "build/index.js",
   "types": "build/index.d.ts",
   "author": {
@@ -10,7 +10,11 @@
   },
   "repository": {
     "type": "https",
-    "url": "https://github.com/verdaccio/verdaccio"
+    "url": "https://github.com/verdaccio/verdaccio",
+    "directory": "packages/node-api"
+  },
+  "bugs": {
+    "url": "https://github.com/verdaccio/verdaccio/issues"
   },
   "homepage": "https://verdaccio.org",
   "keywords": [
@@ -38,11 +42,11 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@verdaccio/config": "workspace:8.0.0-next-8.10",
-    "@verdaccio/core": "workspace:8.0.0-next-8.10",
-    "@verdaccio/logger": "workspace:8.0.0-next-8.10",
-    "@verdaccio/server": "workspace:8.0.0-next-8.10",
-    "@verdaccio/server-fastify": "workspace:8.0.0-next-8.10",
+    "@verdaccio/config": "workspace:8.0.0-next-8.12",
+    "@verdaccio/core": "workspace:8.0.0-next-8.12",
+    "@verdaccio/logger": "workspace:8.0.0-next-8.12",
+    "@verdaccio/server": "workspace:8.0.0-next-8.12",
+    "@verdaccio/server-fastify": "workspace:8.0.0-next-8.12",
     "core-js": "3.40.0",
     "debug": "4.4.0",
     "lodash": "4.17.21"

packages/plugins/active-directory/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@verdaccio/active-directory",
   "version": "11.0.0-6-next.8",
-  "description": "Active Directory authentication plugin for Verdaccio",
+  "description": "Active Directory Authentication Plugin for Verdaccio",
   "keywords": [
     "private",
     "package",

packages/plugins/audit/CHANGELOG.md

@@ -1,5 +1,20 @@
 # Change Log
 
+## 13.0.0-next-8.12
+
+### Patch Changes
+
+- Updated dependencies [95ac124]
+  - @verdaccio/core@8.0.0-next-8.12
+  - @verdaccio/config@8.0.0-next-8.12
+
+## 13.0.0-next-8.11
+
+### Patch Changes
+
+- @verdaccio/config@8.0.0-next-8.11
+- @verdaccio/core@8.0.0-next-8.11
+
 ## 13.0.0-next-8.10
 
 ### Patch Changes

packages/plugins/audit/package.json

@@ -1,6 +1,6 @@
 {
   "name": "verdaccio-audit",
-  "version": "13.0.0-next-8.10",
+  "version": "13.0.0-next-8.12",
   "description": "Verdaccio Middleware plugin to bypass npmjs audit",
   "keywords": [
     "private",
@@ -30,15 +30,15 @@
     "node": ">=18"
   },
   "dependencies": {
-    "@verdaccio/config": "workspace:8.0.0-next-8.10",
-    "@verdaccio/core": "workspace:8.0.0-next-8.10",
+    "@verdaccio/config": "workspace:8.0.0-next-8.12",
+    "@verdaccio/core": "workspace:8.0.0-next-8.12",
     "express": "4.21.2",
     "https-proxy-agent": "5.0.1",
     "node-fetch": "cjs"
   },
   "devDependencies": {
-    "@verdaccio/auth": "workspace:8.0.0-next-8.10",
-    "@verdaccio/logger": "workspace:8.0.0-next-8.10",
+    "@verdaccio/auth": "workspace:8.0.0-next-8.12",
+    "@verdaccio/logger": "workspace:8.0.0-next-8.12",
     "@verdaccio/types": "workspace:13.0.0-next-8.3",
     "supertest": "7.0.0"
   },

packages/plugins/auth-memory/CHANGELOG.md

@@ -1,5 +1,18 @@
 # Change Log
 
+## 13.0.0-next-8.12
+
+### Patch Changes
+
+- Updated dependencies [95ac124]
+  - @verdaccio/core@8.0.0-next-8.12
+
+## 13.0.0-next-8.11
+
+### Patch Changes
+
+- @verdaccio/core@8.0.0-next-8.11
+
 ## 13.0.0-next-8.10
 
 ### Patch Changes

packages/plugins/auth-memory/package.json

@@ -1,6 +1,6 @@
 {
   "name": "verdaccio-auth-memory",
-  "version": "13.0.0-next-8.10",
+  "version": "13.0.0-next-8.12",
   "description": "Auth plugin for Verdaccio that keeps users in memory",
   "keywords": [
     "private",
@@ -30,12 +30,12 @@
     "node": ">=18"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:8.0.0-next-8.10",
+    "@verdaccio/core": "workspace:8.0.0-next-8.12",
     "debug": "4.4.0"
   },
   "devDependencies": {
     "@types/debug": "^4.1.12",
-    "@verdaccio/config": "workspace:8.0.0-next-8.10",
+    "@verdaccio/config": "workspace:8.0.0-next-8.12",
     "@verdaccio/types": "workspace:13.0.0-next-8.3"
   },
   "scripts": {

packages/plugins/auth-memory/src/Memory.ts

@@ -32,14 +32,14 @@ export default class Memory
 
     if (!userCredentials) {
       debug('user %o does not exist', user);
-      return cb(null, false);
+      return cb(errorUtils.getUnauthorized(API_ERROR.BAD_USERNAME_PASSWORD), undefined);
     }
 
     if (password !== userCredentials.password) {
       const err = errorUtils.getUnauthorized(API_ERROR.BAD_USERNAME_PASSWORD);
       debug('password invalid for: %o', user);
 
-      return cb(err);
+      return cb(err, undefined);
     }
 
     // authentication succeeded!

packages/plugins/auth-memory/test/index.spec.ts

@@ -1,7 +1,7 @@
 import { beforeEach, describe, expect, test, vi } from 'vitest';
 
 import { Config, getDefaultConfig } from '@verdaccio/config';
-import { pluginUtils } from '@verdaccio/core';
+import { API_ERROR, errorUtils, pluginUtils } from '@verdaccio/core';
 
 import Memory from '../src/index';
 import { Users, VerdaccioMemoryConfig } from '../src/types';
@@ -307,8 +307,8 @@ describe('Memory', function () {
     test('fails if user does not exist', function () {
       return new Promise((done) => {
         auth.authenticate('john', 'secret', function (err, groups) {
-          expect(err).toBeNull();
-          expect(groups).toBeFalsy();
+          expect(err).toEqual(errorUtils.getUnauthorized(API_ERROR.BAD_USERNAME_PASSWORD));
+          expect(groups).toBeUndefined();
           done(true);
         });
       });

packages/plugins/htpasswd/CHANGELOG.md

@@ -1,5 +1,18 @@
 # Change Log
 
+## 13.0.0-next-8.12
+
+### Patch Changes
+
+- Updated dependencies [95ac124]
+  - @verdaccio/core@8.0.0-next-8.12
+
+## 13.0.0-next-8.11
+
+### Patch Changes
+
+- @verdaccio/core@8.0.0-next-8.11
+
 ## 13.0.0-next-8.10
 
 ### Patch Changes

packages/plugins/htpasswd/package.json

@@ -1,7 +1,7 @@
 {
   "name": "verdaccio-htpasswd",
-  "version": "13.0.0-next-8.10",
-  "description": "htpasswd auth plugin for Verdaccio",
+  "version": "13.0.0-next-8.12",
+  "description": "Htpasswd Authentication Plugin for Verdaccio",
   "keywords": [
     "private",
     "package",
@@ -19,7 +19,7 @@
   "repository": {
     "type": "https",
     "url": "https://github.com/verdaccio/verdaccio",
-    "directory": "packages/core/htpasswd"
+    "directory": "packages/plugins/htpasswd"
   },
   "bugs": {
     "url": "https://github.com/verdaccio/verdaccio/issues"
@@ -33,7 +33,7 @@
     "node": ">=18"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:8.0.0-next-8.10",
+    "@verdaccio/core": "workspace:8.0.0-next-8.12",
     "@verdaccio/file-locking": "workspace:13.0.0-next-8.2",
     "apache-md5": "1.1.8",
     "bcryptjs": "2.4.3",
@@ -45,8 +45,8 @@
   "devDependencies": {
     "@types/bcryptjs": "2.4.6",
     "@verdaccio/types": "workspace:13.0.0-next-8.3",
-    "@verdaccio/config": "workspace:8.0.0-next-8.10",
-    "@verdaccio/logger": "workspace:8.0.0-next-8.10",
+    "@verdaccio/config": "workspace:8.0.0-next-8.12",
+    "@verdaccio/logger": "workspace:8.0.0-next-8.12",
     "mockdate": "3.0.5"
   },
   "scripts": {

packages/plugins/local-storage/CHANGELOG.md

@@ -1,5 +1,21 @@
 # Change Log
 
+## 13.0.0-next-8.12
+
+### Patch Changes
+
+- Updated dependencies [95ac124]
+  - @verdaccio/core@8.0.0-next-8.12
+  - @verdaccio/utils@8.1.0-next-8.12
+
+## 13.0.0-next-8.11
+
+### Patch Changes
+
+- Updated dependencies [85e0e13]
+  - @verdaccio/utils@8.1.0-next-8.11
+  - @verdaccio/core@8.0.0-next-8.11
+
 ## 13.0.0-next-8.10
 
 ### Patch Changes