Update VERSIONS.md

* fix(ui): search chips in offline mode

* Update nine-onions-talk.md

* Update nine-onions-talk.md

.changeset/breezy-toys-judge.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/server': patch
+---
+
+fix(server): web-enabled test

.changeset/dirty-countries-play.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-components': patch
+---
+
+chore(ui): avoid ts error for Alerts

.changeset/early-trainers-grin.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/api': patch
+---
+
+chore(api): avoid double registration of JSON bodyParser

.changeset/few-ears-deny.md

@@ -0,0 +1,13 @@
+---
+'@verdaccio/local-storage': patch
+'@verdaccio/server-fastify': patch
+'@verdaccio/middleware': patch
+'@verdaccio/core': patch
+'@verdaccio/config': patch
+'@verdaccio/store': patch
+'@verdaccio/utils': patch
+'@verdaccio/api': patch
+'@verdaccio/web': patch
+---
+
+chore: cleanup utils

.changeset/fresh-owls-hunt.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/config': patch
+---
+
+chore: expose config utils

.changeset/great-candles-hang.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-theme': patch
+---
+
+chore(ui): minor app improvements

.changeset/hip-suns-jam.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/e2e-cli-npm10': patch
+---
+
+fix(e2e): name for npm10 test

.changeset/large-turkeys-change.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/auth': patch
+---
+
+feat: add legacyMergeConfigs as option

.changeset/nasty-experts-bow.md

@@ -0,0 +1,8 @@
+---
+'@verdaccio/server': patch
+'@verdaccio/types': patch
+'@verdaccio/middleware': patch
+'@verdaccio/ui-components': patch
+---
+
+chore(config): harmonize configuration options

.changeset/nine-onions-talk.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-components': patch
+---
+
+fix(ui): search chips when showUplinks is false

.changeset/odd-fishes-cry.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/middleware': patch
+---
+
+fix(middleware): scoped package for allow checks

.changeset/pink-pants-try.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/server': patch
+'@verdaccio/loaders': patch
+---
+
+fix(express): error loading middleware plugins

.changeset/pre.json

@@ -60,7 +60,8 @@
     "@verdaccio/e2e-cli-pnpm-common": "1.0.2-next-8.0",
     "@verdaccio/e2e-cli-pnpm10": "1.0.0",
     "docusaurus-plugin-downloads": "2.0.0",
-    "@verdaccio/local-publish": "0.0.2"
+    "@verdaccio/local-publish": "0.0.2",
+    "@verdaccio/e2e-cli-npm10": "1.0.1"
   },
   "changesets": [
     "angry-doors-tan",
@@ -79,11 +80,14 @@
     "curvy-rockets-camp",
     "cyan-snakes-kiss",
     "early-eyes-float",
+    "early-trainers-grin",
     "eight-countries-think",
     "eighty-apes-think",
     "eleven-rocks-dream",
+    "few-ears-deny",
     "fifty-falcons-design",
     "forty-hounds-matter",
+    "fresh-owls-hunt",
     "funny-fireants-tan",
     "gentle-stingrays-repeat",
     "gold-files-speak",
@@ -92,15 +96,19 @@
     "healthy-ducks-drive",
     "healthy-zoos-lie",
     "hip-eggs-serve",
+    "hip-suns-jam",
     "hot-crews-live",
     "itchy-glasses-end",
+    "large-turkeys-change",
     "long-eyes-drum",
     "long-singers-drive",
     "lucky-crabs-enjoy",
+    "nasty-experts-bow",
     "nice-garlics-tie",
     "nine-countries-remember",
     "ninety-geese-do",
     "ninety-hotels-dance",
+    "odd-fishes-cry",
     "old-clocks-destroy",
     "pink-jeans-lick",
     "popular-trees-grin",
@@ -127,6 +135,7 @@
     "stupid-camels-build",
     "sweet-crabs-deliver",
     "ten-jeans-approve",
+    "tender-buckets-smoke",
     "thirty-comics-trade",
     "tricky-impalas-shake",
     "tricky-knives-end",
@@ -135,6 +144,7 @@
     "violet-bobcats-allow",
     "violet-boxes-float",
     "weak-cherries-serve",
-    "wet-cats-behave"
+    "wet-cats-behave",
+    "yellow-flies-sniff"
   ]
 }

.changeset/silver-insects-train.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-components': patch
+---
+
+chore(ui): fix ts error due to excluded test folder

.changeset/swift-zebras-cheer.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/api': patch
+---
+
+fix(api): cidr whitelist for tokens

.changeset/tender-buckets-smoke.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-components': patch
+---
+
+chore: fix ui-component npmignore and readme

.changeset/thick-dolphins-rule.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/middleware': patch
+---
+
+fix(middleware): properly derive the html cache key

.changeset/yellow-flies-sniff.md

@@ -0,0 +1,10 @@
+---
+'@verdaccio/search-indexer': patch
+'@verdaccio/server': patch
+'@verdaccio/loaders': patch
+'@verdaccio/store': patch
+'@verdaccio/auth': patch
+'@verdaccio/web': patch
+---
+
+fix: add legacyMergeConfigs legacy plugins

.github/ISSUE_TEMPLATE/bug_report.md

@@ -17,24 +17,27 @@ assignees: ''
  - If you are willing to fix it, there is a checkbox at the bottom.
 -->
 
-**Your Environment**
-  <!-- bug below the version 5.x will be closed, see SECURITY.md for more details -->
- * **verdaccio version**: 5.x.x
- * **node version** [12.x.x, 14.x.x]:
- * **package manager**: [npm@7, pnpm@6, yarn@2]
- * **os**: [mac, windows@10, linux]
- * **platform**: [npm, docker, helm, other]
+**Your environment**
+
+<!-- bugs below the version 6.x will be closed, see SECURITY.md and VERSIONS.md for more details -->
+<!-- Please paste the results of running `verdaccio --version` --> 
+* **verdaccio version**: 6.x.x
+
+<!-- Please paste the results of running `verdaccio --info` --> 
+* **node version** [20.x.x, 22.x.x]:
+* **package manager**: [npm@10.x.x, pnpm@10.x.x, yarn@2.x.x]
+* **os**: [mac, windows@11, linux]
+* **platform**: [node, docker, helm, other]
+* **reverse proxy**: [yes, no]
 
 **Describe the bug**
 
 <!-- A clear and concise description of what the bug is. -->
 
-**To Reproduce**
+**Steps to reproduce**
 
 <!-- IMPORTANT:
- - How to reproduce the issue
- - Steps to reproduce the issue
-
+Add step-by-step instructions on how to reproduce the bug.
 Be aware, the lack of reproducible steps the issue might cause your ticket to be closed.
 -->
 
@@ -42,17 +45,14 @@ Be aware, the lack of reproducible steps the issue might cause your ticket to be
 
 <!-- A clear and concise description of what you expected to happen. -->
 
-**Screenshots, server logs, package manager log**
+**Screenshots, Verdaccio server log, package manager log**
 
-<!-- If applicable, add screenshots to help explain your problem.  -->
+<!-- If applicable, add screenshots to help explain your problem. -->
 
-**Configuration File (cat ~/.config/verdaccio/config.yaml)**
+**Configuration file**
 
-<!-- Please be careful do not leak any sensitive information, remove tokens -->
-
-**Environment information**
-
-<!-- Please paste the results of running `verdaccio --info` -->
+<!-- cat ~/.config/verdaccio/config.yaml -->
+<!-- Please be careful do not leak any sensitive information, remove usernames and tokens -->
 
 **Debugging output**
 
@@ -66,6 +66,5 @@ Be aware, the lack of reproducible steps the issue might cause your ticket to be
 - [ ] I'm willing to fix this bug 🥇 
 
 <!--
-
 IMPORTANT: please do not attach external files, all content should be visible from any device.
 -->

.github/actions/cache-packages/action.yml

@@ -6,7 +6,7 @@ runs:
   steps:
     - name: Cache Packages
       id: cache-packages
-      uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
       with:
         path: ./packages/
         key: pkg-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}

.github/actions/cache-store/action.yml

@@ -6,7 +6,7 @@ runs:
   steps:
     - name: Cache .pnpm-store
       id: cache-npm
-      uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
       with:
         path: ~/.pnpm-store
         key: pnpm-${{ hashFiles('**/pnpm-lock.yaml') }}-${{ github.event.pull_request.number }}-${{ runner.os }}

.github/actions/install-app-node/action.yml

@@ -22,7 +22,7 @@ runs:
   using: composite
   steps:
     - name: Use Node
-      uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
+      uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
       with:
         node-version: ${{ inputs.node-version }}
     - name: Install pnpm

.github/actions/install-app/action.yml

@@ -15,7 +15,7 @@ runs:
   using: composite
   steps:
     - name: Use Node
-      uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
+      uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
       with:
         node-version-file: '.nvmrc'
     - name: Install pnpm

.github/workflows/ci.yml

@@ -86,7 +86,7 @@ jobs:
     if: (github.event_name == 'push' && github.ref == 'refs/heads/master' && github.repository == 'verdaccio/verdaccio') || github.event_name == 'workflow_dispatch'
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
+      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
@@ -94,7 +94,7 @@ jobs:
           npm install --global corepack@latest
           corepack enable
           corepack install
-      - uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
+      - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}

.github/workflows/codeql-analysis.yml

@@ -37,7 +37,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
+        uses: github/codeql-action/init@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
         with:
           config: |
             paths-ignore:
@@ -50,7 +50,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
+        uses: github/codeql-action/autobuild@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -64,4 +64,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
+        uses: github/codeql-action/analyze@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16

.github/workflows/docker-proxy-apache-e2e.yml

@@ -26,7 +26,7 @@ jobs:
       run: docker compose -f "./e2e/docker/apache-verdaccio/docker-compose.yaml" up -d --build
 
     - name: Install node
-      uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
+      uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
       with:
         node-version-file: '.nvmrc'
     - name: npm setup

.github/workflows/docker-proxy-nginx-e2e.yml

@@ -24,7 +24,7 @@ jobs:
       run: docker compose -f "./e2e/docker/proxy-nginx/docker-compose.yaml" up -d --build
 
     - name: Install node
-      uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
+      uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
       with:
         node-version-file: '.nvmrc'
     - name: npm setup

.github/workflows/e2e-ui.yml

@@ -26,7 +26,7 @@ jobs:
           node-version: 20
       - name: Test UI
         run: pnpm test:e2e:ui
-      - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: videos
           path: /home/runner/work/verdaccio/verdaccio/e2e/ui/cypress/videos

.github/workflows/website.yml

@@ -39,7 +39,7 @@ jobs:
       - name: Build Translations percentage
         run: pnpm --filter @verdaccio/local-scripts build
       - name: Cache Docusaurus Build
-        uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
         with:
           path: website/node_modules/.cache/webpack
           key: cache/webpack-${{github.ref}}-${{ hashFiles('**/pnpm-lock.yaml') }}

.github/workflows/x-e2e-angular-cli-workflow.yml

@@ -10,7 +10,7 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: 'Use Node.js'
-        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
           node-version-file: '.nvmrc'
       - name: 'install latest npm'
@@ -47,7 +47,7 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: 'Use Node.js'
-        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
           node-version-file: '.nvmrc'
       - name: 'install latest npm 9'
@@ -83,7 +83,7 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: 'Use Node.js'
-        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
           node-version-file: '.nvmrc'
       - name: 'install latest npm 10'

.github/workflows/x-e2e-audit-workflow.yml

@@ -10,7 +10,7 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: 'Use Node.js'
-        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
           node-version-file: '.nvmrc'
       - name: 'install latest npm 10'

.github/workflows/x-e2e-gatsbyjs-cli-workflow.yml

@@ -10,7 +10,7 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: 'Use Node.js'
-        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
           node-version-file: '.nvmrc'
       - name: 'install npm 9'
@@ -45,7 +45,7 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: 'Use Node.js'
-        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
           node-version-file: '.nvmrc'
       - name: 'install npm 10'

.github/workflows/x-e2e-jest-workflow.yml

@@ -10,7 +10,7 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: 'Use Node.js'
-        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
           node-version-file: '.nvmrc'
       - name: Install Dependencies
@@ -41,7 +41,7 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: 'Use Node.js'
-        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
           node-version-file: '.nvmrc'
       - name: Install Dependencies
@@ -75,7 +75,7 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: 'Use Node.js'
-        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
           node-version-file: '.nvmrc'
       - name: 'install latest npm'
@@ -108,7 +108,7 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: 'Use Node.js'
-        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
           node-version-file: '.nvmrc'
       - name: 'install latest npm 9'
@@ -141,7 +141,7 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: 'Use Node.js'
-        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
           node-version-file: '.nvmrc'
       - name: 'install latest npm 10'

.github/workflows/x-release-snapshot.yml

@@ -8,7 +8,7 @@ jobs:
     steps:
     - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
     - name: Use Node (latest)
-      uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
+      uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
       with:
         node-version-file: '.nvmrc'
     - name: Install

.github/workflows/x-release.yml

@@ -8,7 +8,7 @@ jobs:
     steps:
     - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
     - name: Use Node (latest)
-      uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
+      uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
       with:
         node-version-file: '.nvmrc'
     - name: Install

.github/workflows/x-smok-test-docker.yml

@@ -16,7 +16,7 @@ jobs:
   test:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
+      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
           node-version-file: '.nvmrc'
       - name: Docker test

.github/workflows/x-smok-test-module.yml

@@ -12,7 +12,7 @@ jobs:
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Use Node (latest)
-        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
           node-version-file: '.nvmrc'
       - name: Docker test

.github/workflows/yarn-ci-lint.yml

@@ -8,7 +8,7 @@ jobs:
     steps:
     - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
     - name: Use Node 
-      uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
+      uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
       with:
         node-version-file: '.nvmrc'
     - name: Install

.github/workflows/yarn-ci.yml

@@ -11,7 +11,7 @@ jobs:
     steps:
     - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
     - name: Use Node ${{ inputs.node_version }}
-      uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
+      uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
       with:
         node-version: ${{ inputs.node_version }}
     - name: Install

MIGRATE.md

@@ -0,0 +1,14 @@
+# Migration Guidelines
+
+## From 5.x to 6.x
+
+### Breaking Changes
+
+- Dropped support for Node.js 16: [#4835](https://github.com/verdaccio/verdaccio/pull/4835)
+
+## From Below 5.x
+
+Several blog articles are available to assist with migrating from older versions. However, please note that these versions are [deprecated](VERSIONS.md) and no longer receive any form of support.
+
+- [Migrating Verdaccio (2019)](https://verdaccio.org/blog/2019/02/24/migrating-verdaccio/)
+- [Verdaccio 5 Migration Guide (2021)](https://verdaccio.org/blog/2021/04/14/verdaccio-5-migration-guide)

VERSIONS.md

@@ -12,9 +12,7 @@ The following table describes the versions of this project:
 
 ## Migration Guide
 
-The migration from Verdaccio v5/v6 to v7 contains breaking changes. Refer to the priliminary [migration guide](https://github.com/verdaccio/verdaccio/blob/master/docs/migration-v5-to-v6.md) for more information.
-
-For migrations from older versions to v5/6 refer to the [v5 migration guide](https://verdaccio.org/blog/2021/04/14/verdaccio-5-migration-guide/).
+Read [the migration guidelines](MIGRATE.md)
 
 ### Deprecated Versions
 

docker-examples/v6/README.md

@@ -1,6 +1,6 @@
 # Verdaccio 6 Examples
 
-> We recommend to have installed [docker-compose >= 1.29.0](https://github.com/docker/compose/releases/tag/1.29.2)
+> We recommend to have installed the latest docker-compose
 
 ## Mapping Volumes
 
@@ -20,3 +20,5 @@ Using plugins without `docker-compose` mapping volumes, all withing the `Dockerf
 
 - [Docker + Local Build Auth Plugin (local development)](plugins/docker-build-install-plugin/README.md)
 - [Docker + Auth Plugin (from a registry)](plugins/docker-local-plugin/README.md)
+- [Docker + Localstack S3 + Verdaccio](amazon-s3-docker-example/README.md)
+- [Docker + GitHub OAuth + verdaccio-github-oauth-ui + Verdaccio](verdaccio-github-oauth-ui/README.md)

docker-examples/v6/amazon-s3-docker-example/README.md

@@ -0,0 +1,17 @@
+# Amazon S3 Bucket (Localstack) and Verdaccio 6.x
+
+This setup runs Verdaccio alongside Localstack, providing a simple test/mocking environment for
+developing cloud applications. In this case, we are simulating AWS S3 functionality.
+
+## Usage
+
+> You might need to create bucket manually here
+> aws --endpoint-url=http://localhost:4566 s3 mb s3://localstack.s3.plugin.test
+
+```
+docker-compose up --force-recreate --build --always-recreate-deps
+```
+
+## Articles
+
+- [Set up S3 bucket using Docker / Compose](https://discuss.localstack.cloud/t/set-up-s3-bucket-using-docker-compose/646.html)

docker-examples/v6/amazon-s3-docker-example/docker-compose.yaml

@@ -0,0 +1,29 @@
+version: '3.8'
+
+services:
+  localstack-s3:
+    container_name: '${LOCALSTACK_DOCKER_NAME-localstack-main}'
+    image: localstack/localstack:s3-latest
+    ports:
+      - '127.0.0.1:4566:4566'
+    volumes:
+      - './init-s3.py:/etc/localstack/init/ready.d/init-s3.py'
+  verdaccio:
+    container_name: verdaccio-s3-plugin
+    build: s3Plugin/
+    environment:
+      - DEBUG=verdaccio:*
+      - AWS_ACCESS_KEY_ID=foobar
+      - AWS_SECRET_ACCESS_KEY=foobar
+      - AWS_DEFAULT_REGION=eu-west-2
+      - AWS_S3_ENDPOINT=http://localstack-s3:4566
+      - AWS_S3_PATH_STYLE=true
+    ports:
+      - '4874:4873'
+    depends_on:
+      - localstack-s3
+    networks:
+      - default
+networks:
+  default:
+    name: verdaccio-network

docker-examples/v6/amazon-s3-docker-example/init-s3.py

@@ -0,0 +1,10 @@
+import boto3
+
+s3_client = boto3.client(
+    "s3",
+    endpoint_url=f"http://localhost:4566",
+    aws_access_key_id="test",
+    aws_secret_access_key="test"
+)
+
+s3_client.create_bucket(Bucket="localstack.s3.plugin.test")

docker-examples/v6/amazon-s3-docker-example/s3Plugin/Dockerfile

@@ -0,0 +1,9 @@
+FROM verdaccio/verdaccio:6.x-next
+LABEL Juan Picado <jotadeveloper@gmail.com>
+# Copy the configuration file into the container
+ADD config.yaml /verdaccio/conf/config.yaml
+USER root
+# This is the best way to install a plugin in Verdaccio
+RUN npm install --global verdaccio-aws-s3-storage
+USER $VERDACCIO_USER_UID
+

docker-examples/v6/amazon-s3-docker-example/s3Plugin/config.yaml

@@ -0,0 +1,27 @@
+storage: /verdaccio/storage
+
+store:
+  aws-s3-storage:
+    bucket: localstack.s3.plugin.test
+    keyPrefix: docker-test-prefix
+    region: eu-west-2
+    endpoint: http://localstack-s3:4566
+
+uplinks:
+  npmjs:
+    url: https://registry.npmjs.org/
+
+packages:
+  '@*/*':
+    access: $all
+    publish: $all
+    proxy: npmjs
+  '**':
+    access: $all
+    publish: $all
+    proxy: npmjs
+
+log: { type: stdout, format: pretty, level: trace }
+
+listen:
+  - 0.0.0.0:4873

docker-examples/v6/verdaccio-github-oauth-ui/README.md

@@ -0,0 +1,17 @@
+# GitHub OAuth Login with verdaccio-github-oauth-ui plugin and Verdaccio 6.x
+
+This setup runs Verdaccio alongside verdaccio-github-oauth-ui plugin.
+
+https://github.com/n4bb12/verdaccio-github-oauth-ui
+
+## Configuration
+
+Open `config.yaml` and modify the required properties follow the official documentation.
+
+https://github.com/n4bb12/verdaccio-github-oauth-ui/blob/main/docs/configuration.md
+
+## Usage
+
+```bash
+docker-compose up --force-recreate --build --always-recreate-deps
+```

docker-examples/v6/verdaccio-github-oauth-ui/docker-compose.yaml

@@ -0,0 +1,15 @@
+version: '3.8'
+
+services:
+  verdaccio:
+    container_name: verdaccio-oauth-plugin
+    build: plugin/
+    environment:
+      - DEBUG=verdaccio:*
+    ports:
+      - '4874:4873'
+    networks:
+      - default
+networks:
+  default:
+    name: verdaccio-network

docker-examples/v6/verdaccio-github-oauth-ui/plugin/Dockerfile

@@ -0,0 +1,9 @@
+FROM verdaccio/verdaccio:6.x-next
+LABEL Juan Picado <jotadeveloper@gmail.com>
+# Copy the configuration file into the container
+ADD config.yaml /verdaccio/conf/config.yaml
+USER root
+# This is the best way to install a plugin in Verdaccio
+RUN npm install --global verdaccio-github-oauth-ui
+USER $VERDACCIO_USER_UID
+

docker-examples/v6/verdaccio-github-oauth-ui/plugin/config.yaml

@@ -0,0 +1,34 @@
+storage: /verdaccio/storage
+
+middlewares:
+  github-oauth-ui:
+    enabled: true
+
+auth:
+  # READ HERE https://github.com/n4bb12/verdaccio-github-oauth-ui/blob/main/docs/configuration.md
+  github-oauth-ui:
+    client-id: take_this_from_github
+    client-secret: take_this_from_github
+    token: my_github_token
+
+uplinks:
+  npmjs:
+    url: https://registry.npmjs.org/
+
+packages:
+  '@*/*':
+    access: $all
+    publish: $all
+    proxy: npmjs
+  jquery:
+    # Limit access to users:
+    access: github/user/GITHUB_USER
+  '**':
+    access: $all
+    publish: $all
+    proxy: npmjs
+
+log: { type: stdout, format: pretty, level: trace }
+
+listen:
+  - 0.0.0.0:4873

e2e/cli/cli-commons/package.json

@@ -4,16 +4,16 @@
   "version": "2.0.0-next-8.0",
   "main": "src/index.ts",
   "devDependencies": {
-    "@verdaccio/config": "workspace:8.0.0-next-8.13",
-    "@verdaccio/core": "workspace:8.0.0-next-8.13",
-    "@verdaccio/types": "workspace:13.0.0-next-8.4",
+    "@verdaccio/config": "workspace:8.0.0-next-8.15",
+    "@verdaccio/core": "workspace:8.0.0-next-8.15",
+    "@verdaccio/types": "workspace:13.0.0-next-8.5",
     "debug": "4.4.0",
     "fs-extra": "11.2.0",
     "get-port": "5.1.1",
     "got": "11.8.6",
     "js-yaml": "4.1.0",
     "lodash": "4.17.21",
-    "verdaccio": "workspace:8.0.0-next-8.13"
+    "verdaccio": "workspace:8.0.0-next-8.15"
   },
   "scripts": {
     "test": "echo no test",

e2e/cli/e2e-npm10/CHANGELOG.md

@@ -1,5 +1,12 @@
 # @verdaccio/e2e-cli-npm9
 
+## 1.0.2-next-8.0
+
+### Patch Changes
+
+- d4fc827: fix(e2e): name for npm10 test
+  - @verdaccio/test-cli-commons@2.0.0-next-8.0
+
 ## 1.0.1
 
 ### Patch Changes

e2e/cli/e2e-npm10/package.json

@@ -1,7 +1,7 @@
 {
   "private": true,
-  "name": "@verdaccio/e2e-cli-npm9",
-  "version": "1.0.1",
+  "name": "@verdaccio/e2e-cli-npm10",
+  "version": "1.0.2-next-8.0",
   "dependencies": {
     "@verdaccio/test-cli-commons": "workspace:2.0.0-next-8.0",
     "@verdaccio/e2e-cli-npm-common": "workspace:*",

e2e/ui/package.json

@@ -3,9 +3,9 @@
   "name": "@verdaccio/e2e-ui",
   "version": "2.0.0",
   "devDependencies": {
-    "verdaccio": "workspace:8.0.0-next-8.13",
-    "@verdaccio/core": "workspace:8.0.0-next-8.13",
-    "@verdaccio/config": "workspace:8.0.0-next-8.13",
+    "verdaccio": "workspace:8.0.0-next-8.15",
+    "@verdaccio/core": "workspace:8.0.0-next-8.15",
+    "@verdaccio/config": "workspace:8.0.0-next-8.15",
     "@verdaccio/test-helper": "workspace:4.0.0-next-8.4",
     "debug": "4.4.0",
     "cypress": "^13.6.0",

package.json

@@ -39,9 +39,9 @@
     "@babel/preset-typescript": "7.24.7",
     "@babel/register": "7.25.9",
     "@babel/runtime": "7.26.9",
-    "@changesets/changelog-github": "0.5.0",
+    "@changesets/changelog-github": "0.5.1",
     "@changesets/cli": "2.27.12",
-    "@changesets/get-dependents-graph": "2.1.2",
+    "@changesets/get-dependents-graph": "2.1.3",
     "@crowdin/cli": "4.4.1",
     "@dianmora/contributors": "5.0.0",
     "@emotion/react": "11.10.6",

packages/api/CHANGELOG.md

@@ -1,5 +1,37 @@
 # @verdaccio/api
 
+## 8.1.0-next-8.15
+
+### Patch Changes
+
+- Updated dependencies [1f25d5f]
+  - @verdaccio/auth@8.0.0-next-8.15
+  - @verdaccio/core@8.0.0-next-8.15
+  - @verdaccio/config@8.0.0-next-8.15
+  - @verdaccio/middleware@8.0.0-next-8.15
+  - @verdaccio/store@8.0.0-next-8.15
+  - @verdaccio/utils@8.1.0-next-8.15
+  - @verdaccio/logger@8.0.0-next-8.15
+
+## 8.1.0-next-8.14
+
+### Patch Changes
+
+- 1e2f503: chore(api): avoid double registration of JSON bodyParser
+- b9fea38: chore: cleanup utils
+- Updated dependencies [b9fea38]
+- Updated dependencies [bb478f2]
+- Updated dependencies [2bcd3ca]
+- Updated dependencies [da1650c]
+- Updated dependencies [8f28186]
+  - @verdaccio/middleware@8.0.0-next-8.14
+  - @verdaccio/core@8.0.0-next-8.14
+  - @verdaccio/config@8.0.0-next-8.14
+  - @verdaccio/store@8.0.0-next-8.14
+  - @verdaccio/utils@8.1.0-next-8.14
+  - @verdaccio/auth@8.0.0-next-8.14
+  - @verdaccio/logger@8.0.0-next-8.14
+
 ## 8.1.0-next-8.13
 
 ### Patch Changes

packages/api/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/api",
-  "version": "8.1.0-next-8.13",
+  "version": "8.1.0-next-8.15",
   "description": "Verdaccio Registry API",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -42,13 +42,13 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@verdaccio/auth": "workspace:8.0.0-next-8.13",
-    "@verdaccio/config": "workspace:8.0.0-next-8.13",
-    "@verdaccio/core": "workspace:8.0.0-next-8.13",
-    "@verdaccio/logger": "workspace:8.0.0-next-8.13",
-    "@verdaccio/middleware": "workspace:8.0.0-next-8.13",
-    "@verdaccio/store": "workspace:8.0.0-next-8.13",
-    "@verdaccio/utils": "workspace:8.1.0-next-8.13",
+    "@verdaccio/auth": "workspace:8.0.0-next-8.15",
+    "@verdaccio/config": "workspace:8.0.0-next-8.15",
+    "@verdaccio/core": "workspace:8.0.0-next-8.15",
+    "@verdaccio/logger": "workspace:8.0.0-next-8.15",
+    "@verdaccio/middleware": "workspace:8.0.0-next-8.15",
+    "@verdaccio/store": "workspace:8.0.0-next-8.15",
+    "@verdaccio/utils": "workspace:8.1.0-next-8.15",
     "abortcontroller-polyfill": "1.7.8",
     "body-parser": "1.20.3",
     "cookies": "0.9.1",
@@ -60,7 +60,7 @@
   },
   "devDependencies": {
     "@verdaccio/test-helper": "workspace:4.0.0-next-8.4",
-    "@verdaccio/types": "workspace:13.0.0-next-8.4",
+    "@verdaccio/types": "workspace:13.0.0-next-8.5",
     "mockdate": "3.0.5",
     "supertest": "7.0.0"
   },

packages/api/src/index.ts

@@ -1,3 +1,4 @@
+import buildDebug from 'debug';
 import express, { Router } from 'express';
 
 import { Auth } from '@verdaccio/auth';
@@ -24,6 +25,8 @@ import v1Search from './v1/search';
 import token from './v1/token';
 import whoami from './whoami';
 
+const debug = buildDebug('verdaccio:api');
+
 export default function (config: Config, auth: Auth, storage: Storage, logger: Logger): Router {
   /* eslint new-cap:off */
   const app = express.Router();
@@ -44,7 +47,14 @@ export default function (config: Config, auth: Auth, storage: Storage, logger: L
   app.param('org_couchdb_user', match(/^org\.couchdb\.user:/));
 
   app.use(auth.apiJWTmiddleware());
-  app.use(express.json({ strict: false, limit: config.max_body_size || '10mb' }));
+
+  // middleware might have registered a json parser already
+  if (hasBodyParser(app)) {
+    debug('json parser already registered');
+  } else {
+    app.use(express.json({ strict: false, limit: config.max_body_size || '10mb' }));
+  }
+
   app.use(antiLoop(config));
   app.use(makeURLrelative);
   // encode / in a scoped package name to be matched as a single parameter in routes
@@ -63,3 +73,10 @@ export default function (config: Config, auth: Auth, storage: Storage, logger: L
   pkg(app, auth, storage, logger);
   return app;
 }
+
+function hasBodyParser(app: Router): boolean {
+  const stack = app.stack || [];
+  return stack.some((middleware) => {
+    return middleware.handle?.name === 'jsonParser' || middleware.name === 'jsonParser';
+  });
+}

packages/api/src/user.ts

@@ -10,7 +10,7 @@ import {
   HEADERS,
   HTTP_STATUS,
   errorUtils,
-  validatioUtils,
+  validationUtils,
 } from '@verdaccio/core';
 import { USER_API_ENDPOINTS, rateLimit } from '@verdaccio/middleware';
 import { Logger } from '@verdaccio/types';
@@ -77,7 +77,7 @@ export default function (route: Router, auth: Auth, config: Config, logger: Logg
       debug('login or adduser');
       const remoteName = req?.remote_user?.name;
 
-      if (!validatioUtils.validateUserName(req.params.org_couchdb_user, name)) {
+      if (!validationUtils.validateUserName(req.params.org_couchdb_user, name)) {
         return next(errorUtils.getBadRequest(API_ERROR.USERNAME_MISMATCH));
       }
 
@@ -119,7 +119,7 @@ export default function (route: Router, auth: Auth, config: Config, logger: Logg
       } else {
         debug('adduser: %o', name);
         if (
-          validatioUtils.validatePassword(
+          validationUtils.validatePassword(
             password,
             config?.serverSettings?.passwordValidationRegex
           ) === false

packages/api/src/v1/profile.ts

@@ -8,7 +8,7 @@ import {
   HTTP_STATUS,
   SUPPORT_ERRORS,
   errorUtils,
-  validatioUtils,
+  validationUtils,
 } from '@verdaccio/core';
 import { PROFILE_API_ENDPOINTS } from '@verdaccio/middleware';
 import { rateLimit } from '@verdaccio/middleware';
@@ -72,7 +72,7 @@ export default function (route: Router, auth: Auth, config: Config): void {
 
       if (_.isNil(password) === false) {
         if (
-          validatioUtils.validatePassword(
+          validationUtils.validatePassword(
             password.new,
             config?.serverSettings?.passwordValidationRegex
           ) === false

packages/api/src/v1/token.ts

@@ -14,12 +14,15 @@ import { mask, stringToMD5 } from '@verdaccio/utils';
 import { $NextFunctionVer, $RequestExtend } from '../../types/custom';
 
 export type NormalizeToken = Token & {
+  cidr_whitelist: string[];
   created: string;
 };
 
+// npm expects "cidr_whitelist" for token list
 function normalizeToken(token: Token): NormalizeToken {
   return {
     ...token,
+    cidr_whitelist: token.cidr || [],
     created: new Date(token.created).toISOString(),
   };
 }

packages/auth/CHANGELOG.md

@@ -1,5 +1,32 @@
 # @verdaccio/auth
 
+## 8.0.0-next-8.15
+
+### Patch Changes
+
+- 1f25d5f: feat: add legacyMergeConfigs as option
+  - @verdaccio/core@8.0.0-next-8.15
+  - @verdaccio/config@8.0.0-next-8.15
+  - @verdaccio/loaders@8.0.0-next-8.6
+  - verdaccio-htpasswd@13.0.0-next-8.15
+  - @verdaccio/utils@8.1.0-next-8.15
+  - @verdaccio/signature@8.0.0-next-8.7
+
+## 8.0.0-next-8.14
+
+### Patch Changes
+
+- 8f28186: fix: add legacyMergeConfigs legacy plugins
+- Updated dependencies [b9fea38]
+- Updated dependencies [bb478f2]
+- Updated dependencies [8f28186]
+  - @verdaccio/core@8.0.0-next-8.14
+  - @verdaccio/config@8.0.0-next-8.14
+  - @verdaccio/utils@8.1.0-next-8.14
+  - @verdaccio/loaders@8.0.0-next-8.6
+  - verdaccio-htpasswd@13.0.0-next-8.14
+  - @verdaccio/signature@8.0.0-next-8.6
+
 ## 8.0.0-next-8.13
 
 ### Patch Changes

packages/auth/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/auth",
-  "version": "8.0.0-next-8.13",
+  "version": "8.0.0-next-8.15",
   "description": "Verdaccio Authentication",
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
@@ -42,19 +42,19 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@verdaccio/config": "workspace:8.0.0-next-8.13",
-    "@verdaccio/core": "workspace:8.0.0-next-8.13",
-    "@verdaccio/loaders": "workspace:8.0.0-next-8.5",
-    "@verdaccio/signature": "workspace:8.0.0-next-8.5",
-    "@verdaccio/utils": "workspace:8.1.0-next-8.13",
+    "@verdaccio/config": "workspace:8.0.0-next-8.15",
+    "@verdaccio/core": "workspace:8.0.0-next-8.15",
+    "@verdaccio/loaders": "workspace:8.0.0-next-8.6",
+    "@verdaccio/signature": "workspace:8.0.0-next-8.7",
+    "@verdaccio/utils": "workspace:8.1.0-next-8.15",
     "debug": "4.4.0",
     "lodash": "4.17.21",
-    "verdaccio-htpasswd": "workspace:13.0.0-next-8.13"
+    "verdaccio-htpasswd": "workspace:13.0.0-next-8.15"
   },
   "devDependencies": {
-    "@verdaccio/middleware": "workspace:8.0.0-next-8.13",
-    "@verdaccio/types": "workspace:13.0.0-next-8.4",
-    "@verdaccio/logger": "workspace:8.0.0-next-8.13",
+    "@verdaccio/middleware": "workspace:8.0.0-next-8.15",
+    "@verdaccio/types": "workspace:13.0.0-next-8.5",
+    "@verdaccio/logger": "workspace:8.0.0-next-8.15",
     "express": "4.21.2",
     "supertest": "7.0.0"
   },

packages/auth/src/auth.ts

@@ -59,12 +59,14 @@ class Auth implements IAuthMiddleware, TokenEncryption, pluginUtils.IBasicAuth {
   public secret: string;
   public logger: Logger;
   public plugins: pluginUtils.Auth<Config>[];
+  public options: { legacyMergeConfigs: boolean };
 
-  public constructor(config: Config, logger: Logger) {
+  public constructor(config: Config, logger: Logger, options = { legacyMergeConfigs: false }) {
     this.config = config;
     this.secret = config.secret;
     this.logger = logger;
     this.plugins = [];
+    this.options = options;
     if (!this.secret) {
       throw new TypeError('secret it is required value on initialize the auth class');
     }
@@ -123,6 +125,7 @@ class Auth implements IAuthMiddleware, TokenEncryption, pluginUtils.IBasicAuth {
           typeof allow_publish !== 'undefined'
         );
       },
+      this.options.legacyMergeConfigs,
       this.config?.serverSettings?.pluginPrefix,
       PLUGIN_CATEGORY.AUTHENTICATION
     );

packages/cli/CHANGELOG.md

@@ -1,5 +1,25 @@
 # @verdaccio/cli
 
+## 8.0.0-next-8.15
+
+### Patch Changes
+
+- @verdaccio/node-api@8.0.0-next-8.15
+- @verdaccio/core@8.0.0-next-8.15
+- @verdaccio/config@8.0.0-next-8.15
+- @verdaccio/logger@8.0.0-next-8.15
+
+## 8.0.0-next-8.14
+
+### Patch Changes
+
+- Updated dependencies [b9fea38]
+- Updated dependencies [bb478f2]
+  - @verdaccio/core@8.0.0-next-8.14
+  - @verdaccio/config@8.0.0-next-8.14
+  - @verdaccio/node-api@8.0.0-next-8.14
+  - @verdaccio/logger@8.0.0-next-8.14
+
 ## 8.0.0-next-8.13
 
 ### Patch Changes

packages/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/cli",
-  "version": "8.0.0-next-8.13",
+  "version": "8.0.0-next-8.15",
   "author": {
     "name": "Juan Picado",
     "email": "juanpicado19@gmail.com"
@@ -47,10 +47,10 @@
     "start": "ts-node src/index.ts"
   },
   "dependencies": {
-    "@verdaccio/config": "workspace:8.0.0-next-8.13",
-    "@verdaccio/core": "workspace:8.0.0-next-8.13",
-    "@verdaccio/logger": "workspace:8.0.0-next-8.13",
-    "@verdaccio/node-api": "workspace:8.0.0-next-8.13",
+    "@verdaccio/config": "workspace:8.0.0-next-8.15",
+    "@verdaccio/core": "workspace:8.0.0-next-8.15",
+    "@verdaccio/logger": "workspace:8.0.0-next-8.15",
+    "@verdaccio/node-api": "workspace:8.0.0-next-8.15",
     "clipanion": "4.0.0-rc.4",
     "envinfo": "7.14.0",
     "kleur": "4.1.5",

packages/config/CHANGELOG.md

@@ -1,5 +1,22 @@
 # @verdaccio/config
 
+## 8.0.0-next-8.15
+
+### Patch Changes
+
+- @verdaccio/core@8.0.0-next-8.15
+- @verdaccio/utils@8.1.0-next-8.15
+
+## 8.0.0-next-8.14
+
+### Patch Changes
+
+- b9fea38: chore: cleanup utils
+- bb478f2: chore: expose config utils
+- Updated dependencies [b9fea38]
+  - @verdaccio/core@8.0.0-next-8.14
+  - @verdaccio/utils@8.1.0-next-8.14
+
 ## 8.0.0-next-8.13
 
 ### Patch Changes

packages/config/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/config",
-  "version": "8.0.0-next-8.13",
+  "version": "8.0.0-next-8.15",
   "description": "Verdaccio Configuration",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -42,8 +42,8 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:8.0.0-next-8.13",
-    "@verdaccio/utils": "workspace:8.1.0-next-8.13",
+    "@verdaccio/core": "workspace:8.0.0-next-8.15",
+    "@verdaccio/utils": "workspace:8.1.0-next-8.15",
     "debug": "4.4.0",
     "js-yaml": "4.1.0",
     "lodash": "4.17.21",

packages/config/src/conf/default.yaml

@@ -4,34 +4,38 @@
 # improve security.
 #
 # Look here for more config file examples:
-# https://github.com/verdaccio/verdaccio/tree/5.x/packages/config/src/conf/default.yaml
+# https://github.com/verdaccio/verdaccio/blob/master/docker-examples/README.md
 #
 # Read about the best practices
 # https://verdaccio.org/docs/best
 
-# path to a directory with all packages
+# Path to a directory with all packages
 storage: ./storage
-# path to a directory with plugins to include, the plugins folder has the higher priority for loading plugins
-# disable this folder to avoid warnings if is not used
+
+# Path to a directory with plugins to include, the plugins folder has the higher priority for loading plugins
+# Disable this folder to avoid warnings if is not used
 # plugins: ./plugins
 
+# Web UI settings
 # https://verdaccio.org/docs/webui
 web:
   title: Verdaccio
-  # custom colors for header background and font
+  # Disable complete web UI
+  # enabled: false
+  # Custom colors for header background and font
   # primaryColor: "#4b5e40"
-  # custom logos and favicon
+  # Custom logos and favicon
   # logo: ./path/to/logo.png
   # logoDark: ./path/to/logoDark.png
   # favicon: ./path/to/favicon.ico
-  # comment out to disable gravatar support
+  # Disable gravatar support
   # gravatar: false
-  # by default packages are ordercer ascendant (asc|desc)
-  # sort_packages: asc
-  # convert your UI to the dark side
+  # By default, packages are ordered ascending
+  # sort_packages: asc | desc
+  # Convert your UI to the dark side
   # darkMode: true
   # html_cache: true
-  # by default all features are displayed
+  # By default, all features are displayed
   # login: true
   # showInfo: true
   # showSettings: true
@@ -42,20 +46,25 @@ web:
   # showRaw: true
   # showDownloadTarball: true
   # showUplinks: true
-  #  HTML tags injected after manifest <scripts/>
+  #
+  # HTML tags injected before ends </head>
+  # metaScripts:
+  #   - '<script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>'
+  #   - '<script type="text/javascript" src="https://browser.sentry-cdn.com/5.15.5/bundle.min.js"></script>'
+  #   - '<meta name="robots" content="noindex">'
+  #
+  # HTML tags injected as first child in <body>
+  # scriptsBodyBefore:
+  #   - '<div id="myId">html before webpack scripts</div>'
+  #
+  # HTML tags injected as last child in </body>
   # scriptsBodyAfter:
-  #    - '<script type="text/javascript" src="https://my.company.com/customJS.min.js"></script>'
-  #  HTML tags injected before ends </head>
-  #  metaScripts:
-  #    - '<script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>'
-  #    - '<script type="text/javascript" src="https://browser.sentry-cdn.com/5.15.5/bundle.min.js"></script>'
-  #    - '<meta name="robots" content="noindex" />'
-  #  HTML tags injected first child at <body/>
-  #  bodyBefore:
-  #    - '<div id="myId">html before webpack scripts</div>'
-  #  Public path for template manifest scripts (only manifest)
-  #  publicPath: http://somedomain.org/
+  #   - '<script type="text/javascript" src="https://my.company.com/customJS.min.js"></script>'
+  #
+  # Public path for template manifest scripts (only manifest)
+  # publicPath: http://somedomain.org/
 
+# Settings for authentication plugin
 # https://verdaccio.org/docs/configuration#authentication
 auth:
   htpasswd:
@@ -64,8 +73,8 @@ auth:
     # You can set this to -1 to disable registration.
     # max_users: 1000
 
+# A list of other known repositories we can talk to
 # https://verdaccio.org/docs/configuration#uplinks
-# a list of other known repositories we can talk to
 uplinks:
   npmjs:
     url: https://registry.npmjs.org/
@@ -97,7 +106,7 @@ packages:
     # if package is not available locally, proxy requests to 'npmjs' registry
     proxy: npmjs
 
-# To improve your security configuration and  avoid dependency confusion
+# To improve your security configuration and avoid dependency confusion
 # consider removing the proxy property for private packages
 # https://verdaccio.org/docs/best#remove-proxy-to-increase-security-at-private-packages
 
@@ -107,14 +116,14 @@ packages:
 # WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.
 server:
   keepAliveTimeout: 60
-  # The pluginPrefix replaces the default plugins prefix which is `verdaccio`, please don't include `-`. If `something` is provided
-  # the resolve package will be `something-xxxx`.
+  # The pluginPrefix replaces the default plugins prefix which is `verdaccio`. Please don't include `-`. If `something` is provided
+  # the resolved package will be `something-xxxx`.
   # pluginPrefix: something
   # A regex for the password validation /.{3}$/ (3 characters min)
   # An example to limit to 10 characters minimum
   # passwordValidationRegex: /.{10}$/
   # Allow `req.ip` to resolve properly when Verdaccio is behind a proxy or load-balancer
-  # See: https://expressjs.com/en/guide/behind-proxies.html
+  # https://expressjs.com/en/guide/behind-proxies.html
   # trustProxy: '127.0.0.1'
 
 # https://verdaccio.org/docs/configuration#offline-publish
@@ -123,18 +132,24 @@ server:
 #   check_owners: false
 #   keep_readmes: 'latest' | 'tagged' | 'all'
 
+# Define public URL of registry in combination with VERDACCIO_PUBLIC_URL environment variable
 # https://verdaccio.org/docs/configuration#url-prefix
 # url_prefix: /verdaccio/
-# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+#
+# Examples:
+# VERDACCIO_PUBLIC_URL='https://somedomain.org'
 # url_prefix: '/my_prefix'
 # // url -> https://somedomain.org/my_prefix/
-# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+#
+# VERDACCIO_PUBLIC_URL='https://somedomain.org'
 # url_prefix: '/'
 # // url -> https://somedomain.org/
-# VERDACCIO_PUBLIC_URL='https://somedomain.org/first_prefix';
+#
+# VERDACCIO_PUBLIC_URL='https://somedomain.org/first_prefix'
 # url_prefix: '/second_prefix'
-# // url -> https://somedomain.org/second_prefix/'
+# // url -> https://somedomain.org/second_prefix/
 
+# Security settings
 # https://verdaccio.org/docs/configuration#security
 # security:
 #   api:
@@ -160,12 +175,12 @@ server:
 
 # https://verdaccio.org/docs/configuration#listen-port
 # listen:
-# - localhost:4873            # default value
-# - http://localhost:4873     # same thing
-# - 0.0.0.0:4873              # listen on all addresses (INADDR_ANY)
-# - https://example.org:4873  # if you want to use https
-# - "[::1]:4873"                # ipv6
-# - unix:/tmp/verdaccio.sock    # unix socket
+#   - localhost:4873            # default value
+#   - http://localhost:4873     # same thing
+#   - 0.0.0.0:4873              # listen on all addresses (INADDR_ANY)
+#   - https://example.org:4873  # if you want to use https
+#   - "[::1]:4873"              # ipv6
+#   - unix:/tmp/verdaccio.sock  # unix socket
 
 # The HTTPS configuration is useful if you do not consider use a HTTP Proxy
 # https://verdaccio.org/docs/configuration#https
@@ -177,36 +192,46 @@ server:
 # https://verdaccio.org/docs/configuration#proxy
 # http_proxy: http://something.local/
 # https_proxy: https://something.local/
+# no_proxy: localhost,127.0.0.1,server.local
 
 # https://verdaccio.org/docs/configuration#notifications
 # notify:
-#   method: POST
-#   headers: [{ "Content-Type": "application/json" }]
-#   endpoint: https://usagge.hipchat.com/v2/room/3729485/notification?auth_token=mySecretToken
+#   method: 'POST'
+#   headers: '[{ "Content-Type": "application/json" }]'
+#   endpoint: 'https://usagge.hipchat.com/v2/room/3729485/notification?auth_token=mySecretToken'
 #   content: '{"color":"green","message":"New package published: * {{ name }}*","notify":true,"message_format":"text"}'
 
+# Settings for middleware plugins
+# https://verdaccio.org/docs/plugins#middleware-configuration
 middlewares:
   audit:
     enabled: true
     # timeout: 10000
 
+# Log settings
 # https://verdaccio.org/docs/logger
-# log settings
 log: { type: stdout, format: pretty, level: http }
-#experiments:
-#  # support for npm token command
+
+# Feature flags (experimental settings that can be changed or removed in the future)
+# https://verdaccio.org/docs/configuration#experiments
+# experiments:
+#  # Support for npm token command
 #  token: false
-#  # disable writing body size to logs, read more on ticket 1912
-#  bytesin_off: false
-#  # enable tarball URL redirect for hosting tarball with a different server, the tarball_url_redirect can be a template string
+#  # Enable tarball URL redirect for hosting tarball with a different server.
+#  # The tarball_url_redirect can be a template string
 #  tarball_url_redirect: 'https://mycdn.com/verdaccio/${packageName}/${filename}'
-#  # the tarball_url_redirect can be a function, takes packageName and filename and returns the url, when working with a js configuration file
+#  # The tarball_url_redirect can be a function, takes packageName and filename and returns the url,
+#  # when working with a js configuration file
 #  tarball_url_redirect(packageName, filename) {
 #    const signedUrl = // generate a signed url
 #    return signedUrl;
 #  }
+# Renamed from "experiments" to "flags" in next major release
+# flags:
+#  changePassword: true
+#  searchRemote: true
 
-# translate your registry, api i18n not available yet
+# Translate your registry, API and web UI
+# List of the available translations https://github.com/verdaccio/verdaccio/blob/master/packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md
 i18n:
-  # list of the available translations https://github.com/verdaccio/verdaccio/blob/master/packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md
   web: en-US

packages/config/src/conf/docker.yaml

@@ -1,75 +1,80 @@
 #
-# This is the default configuration file. As it allows all users to do anything,
-# please read carefully the documentation and best practices to improve security.
-#
-# Do not configure host and port under `listen` in this file
-# as it will be ignored when using docker.
-# see https://verdaccio.org/docs/en/docker#docker-and-custom-port-configuration
+# This is the default configuration file. It allows all users to do anything,
+# please read carefully the documentation and best practices to
+# improve security.
 #
 # Look here for more config file examples:
-# https://github.com/verdaccio/verdaccio/tree/5.x/packages/config/src/conf/docker.yaml
+# https://github.com/verdaccio/verdaccio/blob/master/docker-examples/README.md
 #
 # Read about the best practices
 # https://verdaccio.org/docs/best
 
-# path to a directory with all packages
+# Path to a directory with all packages
 storage: /verdaccio/storage/data
-# path to a directory with plugins to include, the plugins folder has the higher priority for loading plugins
-# disable this folder to avoid warnings if is not used
+
+# Path to a directory with plugins to include, the plugins folder has the higher priority for loading plugins
+# Disable this folder to avoid warnings if is not used
 plugins: /verdaccio/plugins
 
+# Web UI settings
 # https://verdaccio.org/docs/webui
 web:
   title: Verdaccio
-  # custom colors for header background and font
+  # Disable complete web UI
+  # enabled: false
+  # Custom colors for header background and font
   # primaryColor: "#4b5e40"
-  # custom logos and favicon
+  # Custom logos and favicon
   # logo: ./path/to/logo.png
   # logoDark: ./path/to/logoDark.png
   # favicon: ./path/to/favicon.ico
-  # Comment out to disable gravatar support
+  # Disable gravatar support
   # gravatar: false
-  # By default packages are ordered ascendant (asc|desc)
-  # sort_packages: asc
+  # By default, packages are ordered ascending
+  # sort_packages: asc | desc
   # Convert your UI to the dark side
   # darkMode: true
   # html_cache: true
-  # By default all features are displayed
+  # By default, all features are displayed
   # login: true
   # showInfo: true
   # showSettings: true
-  # In combination with darkMode you can force a specific theme
+  # In combination with darkMode you can force specific theme
   # showThemeSwitch: true
   # showFooter: true
   # showSearch: true
   # showRaw: true
   # showDownloadTarball: true
   # showUplinks: true
-  #  HTML tags injected after manifest <scripts/>
+  #
+  # HTML tags injected before ends </head>
+  # metaScripts:
+  #   - '<script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>'
+  #   - '<script type="text/javascript" src="https://browser.sentry-cdn.com/5.15.5/bundle.min.js"></script>'
+  #   - '<meta name="robots" content="noindex">'
+  #
+  # HTML tags injected as first child in <body>
+  # scriptsBodyBefore:
+  #   - '<div id="myId">html before webpack scripts</div>'
+  #
+  # HTML tags injected as last child in </body>
   # scriptsBodyAfter:
-  #    - '<script type="text/javascript" src="https://my.company.com/customJS.min.js"></script>'
-  #  HTML tags injected before end </head>
-  #  metaScripts:
-  #    - '<script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>'
-  #    - '<script type="text/javascript" src="https://browser.sentry-cdn.com/5.15.5/bundle.min.js"></script>'
-  #    - '<meta name="robots" content="noindex" />'
-  #  HTML tags injected as first child at <body/>
-  #  bodyBefore:
-  #    - '<div id="myId">html before webpack scripts</div>'
-  #  Public path for template manifest scripts (only manifest)
-  #  publicPath: http://somedomain.org/
+  #   - '<script type="text/javascript" src="https://my.company.com/customJS.min.js"></script>'
+  #
+  # Public path for template manifest scripts (only manifest)
+  # publicPath: http://somedomain.org/
 
+# Settings for authentication plugin
 # https://verdaccio.org/docs/configuration#authentication
-
 auth:
   htpasswd:
     file: /verdaccio/storage/htpasswd
-    # Maximum amount of users allowed to register, defaults to "+infinity".
+    # Maximum amount of users allowed to register, defaults to "+inf".
     # You can set this to -1 to disable registration.
     # max_users: 1000
 
-# https://verdaccio.org/docs/configuration#uplinks
 # A list of other known repositories we can talk to
+# https://verdaccio.org/docs/configuration#uplinks
 uplinks:
   npmjs:
     url: https://registry.npmjs.org/
@@ -86,14 +91,14 @@ packages:
     proxy: npmjs
 
   '**':
-    # Allow all users (including non-authenticated users) to read and
+    # allow all users (including non-authenticated users) to read and
     # publish all packages
     #
-    # You can specify usernames/groupnames (depending on your auth plugin)
+    # you can specify usernames/groupnames (depending on your auth plugin)
     # and three keywords: "$all", "$anonymous", "$authenticated"
     access: $all
 
-    # Allow all known users to publish/unpublish packages
+    # allow all known users to publish/unpublish packages
     # (anyone can register by default, remember?)
     publish: $authenticated
     unpublish: $authenticated
@@ -106,21 +111,19 @@ packages:
 # https://verdaccio.org/docs/best#remove-proxy-to-increase-security-at-private-packages
 
 # https://verdaccio.org/docs/configuration#server
-# You can specify the HTTP/1.1 server keep alive timeout in seconds for incoming connections.
-# A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a
-# keep-alive timeout.
-# WORKAROUND: Through given configuration you can work around the following issue:
-# https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.
+# You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections.
+# A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout.
+# WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.
 server:
   keepAliveTimeout: 60
-  # The pluginPrefix replaces the default plugins prefix which is `verdaccio`, please don't include `-`. If `something` is provided
-  # the resolve package will be `something-xxxx`.
+  # The pluginPrefix replaces the default plugins prefix which is `verdaccio`. Please don't include `-`. If `something` is provided
+  # the resolved package will be `something-xxxx`.
   # pluginPrefix: something
   # A regex for the password validation /.{3}$/ (3 characters min)
   # An example to limit to 10 characters minimum
   # passwordValidationRegex: /.{10}$/
   # Allow `req.ip` to resolve properly when Verdaccio is behind a proxy or load-balancer
-  # See: https://expressjs.com/en/guide/behind-proxies.html
+  # https://expressjs.com/en/guide/behind-proxies.html
   # trustProxy: '127.0.0.1'
 
 # https://verdaccio.org/docs/configuration#offline-publish
@@ -129,18 +132,24 @@ server:
 #   check_owners: false
 #   keep_readmes: 'latest' | 'tagged' | 'all'
 
+# Define public URL of registry in combination with VERDACCIO_PUBLIC_URL environment variable
 # https://verdaccio.org/docs/configuration#url-prefix
 # url_prefix: /verdaccio/
-# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+#
+# Examples:
+# VERDACCIO_PUBLIC_URL='https://somedomain.org'
 # url_prefix: '/my_prefix'
 # // url -> https://somedomain.org/my_prefix/
-# VERDACCIO_PUBLIC_URL='https://somedomain.org';
+#
+# VERDACCIO_PUBLIC_URL='https://somedomain.org'
 # url_prefix: '/'
 # // url -> https://somedomain.org/
-# VERDACCIO_PUBLIC_URL='https://somedomain.org/first_prefix';
+#
+# VERDACCIO_PUBLIC_URL='https://somedomain.org/first_prefix'
 # url_prefix: '/second_prefix'
-# // url -> https://somedomain.org/second_prefix/'
+# // url -> https://somedomain.org/second_prefix/
 
+# Security settings
 # https://verdaccio.org/docs/configuration#security
 # security:
 #   api:
@@ -166,14 +175,14 @@ server:
 
 # https://verdaccio.org/docs/configuration#listen-port
 # listen:
-# - localhost:4873            # default value
-# - http://localhost:4873     # same thing
-# - 0.0.0.0:4873              # listen on all addresses (INADDR_ANY)
-# - https://example.org:4873  # if you want to use https
-# - "[::1]:4873"                # ipv6
-# - unix:/tmp/verdaccio.sock    # unix socket
+#   - localhost:4873            # default value
+#   - http://localhost:4873     # same thing
+#   - 0.0.0.0:4873              # listen on all addresses (INADDR_ANY)
+#   - https://example.org:4873  # if you want to use https
+#   - "[::1]:4873"              # ipv6
+#   - unix:/tmp/verdaccio.sock  # unix socket
 
-# The HTTPS configuration is useful if you do not consider using an HTTP Proxy
+# The HTTPS configuration is useful if you do not consider use a HTTP Proxy
 # https://verdaccio.org/docs/configuration#https
 # https:
 #   key: ./path/verdaccio-key.pem
@@ -183,23 +192,29 @@ server:
 # https://verdaccio.org/docs/configuration#proxy
 # http_proxy: http://something.local/
 # https_proxy: https://something.local/
+# no_proxy: localhost,127.0.0.1,server.local
 
 # https://verdaccio.org/docs/configuration#notifications
 # notify:
-#   method: POST
-#   headers: [{ "Content-Type": "application/json" }]
-#   endpoint: https://usagge.hipchat.com/v2/room/3729485/notification?auth_token=mySecretToken
+#   method: 'POST'
+#   headers: '[{ "Content-Type": "application/json" }]'
+#   endpoint: 'https://usagge.hipchat.com/v2/room/3729485/notification?auth_token=mySecretToken'
 #   content: '{"color":"green","message":"New package published: * {{ name }}*","notify":true,"message_format":"text"}'
 
+# Settings for middleware plugins
+# https://verdaccio.org/docs/plugins#middleware-configuration
 middlewares:
   audit:
     enabled: true
     # timeout: 10000
 
+# Log settings
 # https://verdaccio.org/docs/logger
-# log settings
 log: { type: stdout, format: pretty, level: http }
-#experiments:
+
+# Feature flags (experimental settings that can be changed or removed in the future)
+# https://verdaccio.org/docs/configuration#experiments
+# experiments:
 #  # Support for npm token command
 #  token: false
 #  # Enable tarball URL redirect for hosting tarball with a different server.
@@ -211,8 +226,12 @@ log: { type: stdout, format: pretty, level: http }
 #    const signedUrl = // generate a signed url
 #    return signedUrl;
 #  }
+# Renamed from "experiments" to "flags" in next major release
+# flags:
+#  changePassword: true
+#  searchRemote: true
 
-# Translate your registry, api i18n not available yet
-# i18n:
-# list of the available translations https://github.com/verdaccio/verdaccio/blob/master/packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md
-#   web: en-US
+# Translate your registry, API and web UI
+# List of the available translations https://github.com/verdaccio/verdaccio/blob/master/packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md
+i18n:
+  web: en-US

packages/config/src/config.ts

@@ -2,7 +2,7 @@ import assert from 'assert';
 import buildDebug from 'debug';
 import _ from 'lodash';
 
-import { APP_ERROR, warningUtils } from '@verdaccio/core';
+import { APP_ERROR, validationUtils, warningUtils } from '@verdaccio/core';
 import { Codes } from '@verdaccio/core/build/warning-utils';
 import {
   Config as AppConfig,
@@ -15,7 +15,7 @@ import {
   Security,
   ServerSettingsConf,
 } from '@verdaccio/types';
-import { generateRandomHexString, getMatchedPackagesSpec, isObject } from '@verdaccio/utils';
+import { generateRandomHexString, getMatchedPackagesSpec } from '@verdaccio/utils';
 
 import { getUserAgent } from './agent';
 import { normalisePackageAccess } from './package-access';
@@ -124,7 +124,7 @@ class Config implements AppConfig {
     this.userRateLimit = { ...defaultUserRateLimiting, ...config?.userRateLimit };
 
     // some weird shell scripts are valid yaml files parsed as string
-    assert(_.isObject(config), APP_ERROR.CONFIG_NOT_VALID);
+    assert(validationUtils.isObject(config), APP_ERROR.CONFIG_NOT_VALID);
 
     // sanity check for strategic config properties
     strategicConfigProps.forEach(function (x): void {
@@ -132,7 +132,7 @@ class Config implements AppConfig {
         self[x] = {};
       }
 
-      assert(isObject(self[x]), `CONFIG: bad "${x}" value (object expected)`);
+      assert(validationUtils.isObject(self[x]), `CONFIG: bad "${x}" value (object expected)`);
     });
 
     this.uplinks = sanityCheckUplinksProps(uplinkSanityCheck(this.uplinks));

packages/config/src/index.ts

@@ -1,6 +1,7 @@
 export * from './config';
 export * from './config-path';
 export * from './token';
+export * from './config-utils';
 export * from './package-access';
 export { fromJStoYAML, parseConfigFile } from './parse';
 export * from './uplinks';

packages/core/core/CHANGELOG.md

@@ -1,5 +1,13 @@
 # @verdaccio/core
 
+## 8.0.0-next-8.15
+
+## 8.0.0-next-8.14
+
+### Patch Changes
+
+- b9fea38: chore: cleanup utils
+
 ## 8.0.0-next-8.13
 
 ### Patch Changes

packages/core/core/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/core",
-  "version": "8.0.0-next-8.13",
+  "version": "8.0.0-next-8.15",
   "description": "Verdaccio Core Components",
   "keywords": [
     "private",
@@ -41,7 +41,7 @@
     "semver": "7.7.1"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:13.0.0-next-8.4",
+    "@verdaccio/types": "workspace:13.0.0-next-8.5",
     "lodash": "4.17.21",
     "typedoc": "0.23.25",
     "typedoc-plugin-missing-exports": "latest"

packages/core/core/src/index.ts

@@ -7,7 +7,7 @@ import * as searchUtils from './search-utils';
 import * as streamUtils from './stream-utils';
 import * as stringUtils from './string-utils';
 import * as tarballUtils from './tarball-utils';
-import * as validatioUtils from './validation-utils';
+import * as validationUtils from './validation-utils';
 import * as warningUtils from './warning-utils';
 
 export { VerdaccioError, API_ERROR, SUPPORT_ERRORS, APP_ERROR } from './error-utils';
@@ -28,15 +28,12 @@ export {
   PLUGIN_CATEGORY,
   HtpasswdHashAlgorithm,
 } from './constants';
-const validationUtils = validatioUtils;
 export {
   fileUtils,
   pkgUtils,
   searchUtils,
   streamUtils,
   errorUtils,
-  // TODO: remove this typo
-  validatioUtils,
   validationUtils,
   stringUtils,
   constants,

packages/core/file-locking/package.json

@@ -39,7 +39,7 @@
     "lockfile": "1.0.4"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:13.0.0-next-8.4"
+    "@verdaccio/types": "workspace:13.0.0-next-8.5"
   },
   "scripts": {
     "clean": "rimraf ./build",

packages/core/tarball/CHANGELOG.md

@@ -1,5 +1,22 @@
 # Change Log
 
+## 13.0.0-next-8.15
+
+### Patch Changes
+
+- @verdaccio/core@8.0.0-next-8.15
+- @verdaccio/url@13.0.0-next-8.15
+- @verdaccio/utils@8.1.0-next-8.15
+
+## 13.0.0-next-8.14
+
+### Patch Changes
+
+- Updated dependencies [b9fea38]
+  - @verdaccio/core@8.0.0-next-8.14
+  - @verdaccio/utils@8.1.0-next-8.14
+  - @verdaccio/url@13.0.0-next-8.14
+
 ## 13.0.0-next-8.13
 
 ### Patch Changes

packages/core/tarball/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/tarball",
-  "version": "13.0.0-next-8.13",
+  "version": "13.0.0-next-8.15",
   "description": "Verdaccio Tarball Utilities",
   "keywords": [
     "private",
@@ -33,16 +33,16 @@
     "access": "public"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:8.0.0-next-8.13",
-    "@verdaccio/url": "workspace:13.0.0-next-8.13",
-    "@verdaccio/utils": "workspace:8.1.0-next-8.13",
+    "@verdaccio/core": "workspace:8.0.0-next-8.15",
+    "@verdaccio/url": "workspace:13.0.0-next-8.15",
+    "@verdaccio/utils": "workspace:8.1.0-next-8.15",
     "debug": "4.4.0",
     "gunzip-maybe": "^1.4.2",
     "lodash": "4.17.21",
     "tar-stream": "^3.1.7"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:13.0.0-next-8.4",
+    "@verdaccio/types": "workspace:13.0.0-next-8.5",
     "node-mocks-http": "1.14.1"
   },
   "scripts": {

packages/core/types/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Change Log
 
+## 13.0.0-next-8.5
+
+### Patch Changes
+
+- 2bcd3ca: chore(config): harmonize configuration options
+
 ## 13.0.0-next-8.4
 
 ### Patch Changes

packages/core/types/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/types",
-  "version": "13.0.0-next-8.4",
+  "version": "13.0.0-next-8.5",
   "description": "Verdaccio Type Definitions",
   "keywords": [
     "private",

packages/core/types/src/configuration.ts

@@ -77,7 +77,7 @@ export type FlagsConfig = {
   changePassword?: boolean;
 };
 
-export type PackageManagers = 'pnpm' | 'yarn' | 'npm';
+export type PackageManagers = 'pnpm' | 'yarn' | 'npm' | string;
 
 // FUTURE: WebConf and TemplateUIOptions should be merged .
 export type CommonWebConf = {
@@ -101,7 +101,7 @@ export type CommonWebConf = {
   showDownloadTarball?: boolean;
   showUplinks?: boolean;
   hideDeprecatedVersions?: boolean;
-  primaryColor: string;
+  primaryColor?: string;
   showRaw?: boolean;
 };
 
@@ -116,7 +116,7 @@ export type TemplateUIOptions = {
   basename?: string;
   base: string;
   version?: string;
-  flags: FlagsConfig;
+  flags?: FlagsConfig;
 } & CommonWebConf;
 
 /**
@@ -126,10 +126,14 @@ export type WebConf = {
   // @deprecated use primaryColor
   primary_color?: string;
   primaryColor?: string;
+  // @deprecated use enabled
   enable?: boolean;
+  enabled?: boolean;
   scriptsHead?: string[];
   scriptsBodyAfter?: string[];
+  // @deprecated use scriptsBodyBefore
   scriptsbodyBefore?: string[];
+  scriptsBodyBefore?: string[];
   metaScripts?: string[];
   bodyBefore?: string[];
   bodyAfter?: string[];

packages/core/url/CHANGELOG.md

@@ -1,5 +1,18 @@
 # Change Log
 
+## 13.0.0-next-8.15
+
+### Patch Changes
+
+- @verdaccio/core@8.0.0-next-8.15
+
+## 13.0.0-next-8.14
+
+### Patch Changes
+
+- Updated dependencies [b9fea38]
+  - @verdaccio/core@8.0.0-next-8.14
+
 ## 13.0.0-next-8.13
 
 ### Patch Changes

packages/core/url/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/url",
-  "version": "13.0.0-next-8.13",
+  "version": "13.0.0-next-8.15",
   "description": "Verdaccio URL Utilities",
   "keywords": [
     "private",
@@ -33,13 +33,13 @@
     "access": "public"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:8.0.0-next-8.13",
+    "@verdaccio/core": "workspace:8.0.0-next-8.15",
     "debug": "4.4.0",
     "lodash": "4.17.21",
     "validator": "13.12.0"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:13.0.0-next-8.4",
+    "@verdaccio/types": "workspace:13.0.0-next-8.5",
     "node-mocks-http": "1.14.1"
   },
   "scripts": {

packages/hooks/CHANGELOG.md

@@ -1,5 +1,20 @@
 # @verdaccio/hooks
 
+## 8.0.0-next-8.15
+
+### Patch Changes
+
+- @verdaccio/core@8.0.0-next-8.15
+- @verdaccio/logger@8.0.0-next-8.15
+
+## 8.0.0-next-8.14
+
+### Patch Changes
+
+- Updated dependencies [b9fea38]
+  - @verdaccio/core@8.0.0-next-8.14
+  - @verdaccio/logger@8.0.0-next-8.14
+
 ## 8.0.0-next-8.13
 
 ### Patch Changes

packages/hooks/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/hooks",
-  "version": "8.0.0-next-8.13",
+  "version": "8.0.0-next-8.15",
   "description": "Verdaccio Hooks",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -33,17 +33,17 @@
     "node": ">=18"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:8.0.0-next-8.13",
-    "@verdaccio/logger": "workspace:8.0.0-next-8.13",
+    "@verdaccio/core": "workspace:8.0.0-next-8.15",
+    "@verdaccio/logger": "workspace:8.0.0-next-8.15",
     "core-js": "3.40.0",
     "debug": "4.4.0",
     "got-cjs": "12.5.4",
     "handlebars": "4.7.8"
   },
   "devDependencies": {
-    "@verdaccio/auth": "workspace:8.0.0-next-8.13",
-    "@verdaccio/config": "workspace:8.0.0-next-8.13",
-    "@verdaccio/types": "workspace:13.0.0-next-8.4"
+    "@verdaccio/auth": "workspace:8.0.0-next-8.15",
+    "@verdaccio/config": "workspace:8.0.0-next-8.15",
+    "@verdaccio/types": "workspace:13.0.0-next-8.5"
   },
   "scripts": {
     "clean": "rimraf ./build",

packages/loaders/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @verdaccio/loaders
 
+## 8.0.0-next-8.6
+
+### Patch Changes
+
+- 8f28186: fix: add legacyMergeConfigs legacy plugins
+
 ## 8.0.0-next-8.5
 
 ### Patch Changes

packages/loaders/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/loaders",
-  "version": "8.0.0-next-8.5",
+  "version": "8.0.0-next-8.6",
   "description": "Verdaccio Loader Logic",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -21,10 +21,10 @@
     "lodash": "4.17.21"
   },
   "devDependencies": {
-    "@verdaccio/logger": "workspace:8.0.0-next-8.13",
-    "@verdaccio/core": "workspace:8.0.0-next-8.13",
-    "@verdaccio/config": "workspace:8.0.0-next-8.13",
-    "@verdaccio/types": "workspace:13.0.0-next-8.4",
+    "@verdaccio/logger": "workspace:8.0.0-next-8.15",
+    "@verdaccio/core": "workspace:8.0.0-next-8.15",
+    "@verdaccio/config": "workspace:8.0.0-next-8.15",
+    "@verdaccio/types": "workspace:13.0.0-next-8.5",
     "@verdaccio-scope/verdaccio-auth-foo": "0.0.2",
     "verdaccio-auth-memory": "workspace:*",
     "customprefix-auth": "workspace:2.0.0"

packages/loaders/src/plugin-async-loader.ts

@@ -1,5 +1,6 @@
 import buildDebug from 'debug';
 import fs from 'fs';
+import _ from 'lodash';
 import { dirname, isAbsolute, join, resolve } from 'path';
 
 import { pluginUtils } from '@verdaccio/core';
@@ -10,11 +11,17 @@ const debug = buildDebug('verdaccio:plugin:loader:async');
 
 const { lstat } = fs.promises ? fs.promises : require('fs/promises');
 
+const PLUGIN_PREFIX = 'verdaccio';
+
 async function isDirectory(pathFolder: string) {
   const stat = await lstat(pathFolder);
   return stat.isDirectory();
 }
 
+function mergeConfig(appConfig: unknown, pluginConfig: unknown) {
+  return _.merge({}, appConfig, pluginConfig);
+}
+
 // type Plugins<T> =
 //   | pluginUtils.Auth<T>
 //   | pluginUtils.Storage<T>
@@ -47,7 +54,8 @@ export async function asyncLoadPlugin<T extends pluginUtils.Plugin<T>>(
   pluginConfigs: any = {},
   pluginOptions: pluginUtils.PluginOptions,
   sanityCheck: (plugin: PluginType<T>) => boolean,
-  prefix: string = 'verdaccio',
+  legacyMergeConfigs: boolean = false,
+  prefix: string = PLUGIN_PREFIX,
   pluginCategory: string = ''
 ): Promise<PluginType<T>[]> {
   const logger = pluginOptions?.logger;
@@ -82,7 +90,12 @@ export async function asyncLoadPlugin<T extends pluginUtils.Plugin<T>>(
           logger.error(a, b);
         });
         if (plugin && isValid(plugin)) {
-          plugin = executePlugin(plugin, pluginConfigs[pluginId], pluginOptions);
+          plugin = executePlugin(
+            plugin,
+            pluginConfigs[pluginId],
+            pluginOptions,
+            legacyMergeConfigs
+          );
           if (!sanityCheck(plugin)) {
             logger.error(
               { content: externalFilePlugin },
@@ -115,7 +128,7 @@ export async function asyncLoadPlugin<T extends pluginUtils.Plugin<T>>(
         logger.error(a, b);
       });
       if (plugin && isValid(plugin)) {
-        plugin = executePlugin(plugin, pluginConfigs[pluginId], pluginOptions);
+        plugin = executePlugin(plugin, pluginConfigs[pluginId], pluginOptions, legacyMergeConfigs);
         if (!sanityCheck(plugin)) {
           logger.error({ content: pluginName }, "@{content} doesn't look like a valid plugin");
           continue;
@@ -143,8 +156,15 @@ export async function asyncLoadPlugin<T extends pluginUtils.Plugin<T>>(
 export function executePlugin<T>(
   plugin: PluginType<T>,
   pluginConfig: unknown,
-  pluginOptions: pluginUtils.PluginOptions
+  pluginOptions: pluginUtils.PluginOptions,
+  legacyMergeConfigs: boolean = false
 ): PluginType<T> {
+  // this is a legacy support for plugins that are not using the new API
+  if (legacyMergeConfigs) {
+    debug('>>> plugin merge config enabled');
+    let originalConfig = pluginOptions.config;
+    pluginConfig = mergeConfig(originalConfig, pluginConfig);
+  }
   if (isES6(plugin)) {
     debug('plugin is ES6');
     // @ts-expect-error no relevant for the code

packages/loaders/test/partials/test-plugin-storage/verdaccio-plugin/index.js

@@ -1,7 +1,13 @@
-function ValidVerdaccioPlugin() {
-  return {
-    authenticate: function () {},
-  };
+class ValidVerdaccioPlugin {
+  config;
+  options;
+  constructor(config, options) {
+    console.log('ValidVerdaccioPlugin constructor', config);
+    this.config = config;
+    this.options = options;
+  }
+
+  authenticate() {}
 }
 
-module.exports = ValidVerdaccioPlugin;
+module.exports = (...rest) => new ValidVerdaccioPlugin(...rest);

packages/loaders/test/plugin_loader_async.spec.ts

@@ -5,7 +5,7 @@ import { Config, parseConfigFile } from '@verdaccio/config';
 import { pluginUtils } from '@verdaccio/core';
 import { logger, setup } from '@verdaccio/logger';
 
-import { asyncLoadPlugin } from '../src/plugin-async-loader';
+import { asyncLoadPlugin } from '../src/index';
 
 function getConfig(file: string) {
   const conPath = path.join(__dirname, './partials/config', file);
@@ -71,6 +71,7 @@ describe('plugin loader', () => {
         expect(plugins).toHaveLength(0);
       });
     });
+
     describe('relative path', () => {
       test('should resolve plugin based on relative path', async () => {
         const config = getConfig('relative-plugins.yaml');
@@ -93,6 +94,7 @@ describe('plugin loader', () => {
       });
 
       // config.config_path is not considered for loading plugins due legacy support
+      // @ts-ignore
       test('should fails if config path is missing (only config_path)', async () => {
         const config = getConfig('relative-plugins.yaml');
         // @ts-expect-error
@@ -142,6 +144,7 @@ describe('plugin loader', () => {
         config.auth,
         { config, logger },
         authSanitize,
+        false,
         'customprefix'
       );
 
@@ -172,4 +175,27 @@ describe('plugin loader', () => {
       expect(plugins).toHaveLength(1);
     });
   });
+
+  describe('legacy merge configs', () => {
+    // whenever 6.x and 7.x version are out of support, we can remove this test
+    test('should merge configuration with plugin configuration', async () => {
+      const config = getConfig('relative-plugins.yaml');
+      // force file instead a folder.
+      const plugins = await asyncLoadPlugin(config.auth, { config, logger }, authSanitize, true);
+
+      expect(plugins).toHaveLength(1);
+      const plugin = plugins[0];
+      // just check if the plugin has the main config
+      expect(plugin.config).toHaveProperty('self_path');
+      expect(plugin.config).toHaveProperty('storage');
+      // assume all config props are merged
+      // check if the plugin has the auth config
+      expect(plugin.config).toHaveProperty('auth');
+      expect(plugin.config.auth).toEqual({
+        plugin: {
+          enabled: true,
+        },
+      });
+    });
+  });
 });

packages/logger/logger-commons/CHANGELOG.md

@@ -1,5 +1,18 @@
 # @verdaccio/logger-commons
 
+## 8.0.0-next-8.15
+
+### Patch Changes
+
+- @verdaccio/core@8.0.0-next-8.15
+
+## 8.0.0-next-8.14
+
+### Patch Changes
+
+- Updated dependencies [b9fea38]
+  - @verdaccio/core@8.0.0-next-8.14
+
 ## 8.0.0-next-8.13
 
 ### Patch Changes

packages/logger/logger-commons/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/logger-commons",
-  "version": "8.0.0-next-8.13",
+  "version": "8.0.0-next-8.15",
   "description": "Verdaccio Logger Commons",
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
@@ -42,14 +42,14 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:8.0.0-next-8.13",
+    "@verdaccio/core": "workspace:8.0.0-next-8.15",
     "@verdaccio/logger-prettify": "workspace:8.0.0-next-8.2",
     "debug": "4.4.0",
     "colorette": "2.0.20"
   },
   "devDependencies": {
     "pino": "9.6.0",
-    "@verdaccio/types": "workspace:13.0.0-next-8.4"
+    "@verdaccio/types": "workspace:13.0.0-next-8.5"
   },
   "funding": {
     "type": "opencollective",

packages/logger/logger/CHANGELOG.md

@@ -1,5 +1,17 @@
 # @verdaccio/logger
 
+## 8.0.0-next-8.15
+
+### Patch Changes
+
+- @verdaccio/logger-commons@8.0.0-next-8.15
+
+## 8.0.0-next-8.14
+
+### Patch Changes
+
+- @verdaccio/logger-commons@8.0.0-next-8.14
+
 ## 8.0.0-next-8.13
 
 ### Patch Changes

packages/logger/logger/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/logger",
-  "version": "8.0.0-next-8.13",
+  "version": "8.0.0-next-8.15",
   "description": "Verdaccio Logger",
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
@@ -42,11 +42,11 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/logger-commons": "workspace:8.0.0-next-8.13",
+    "@verdaccio/logger-commons": "workspace:8.0.0-next-8.15",
     "pino": "9.6.0"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:13.0.0-next-8.4"
+    "@verdaccio/types": "workspace:13.0.0-next-8.5"
   },
   "funding": {
     "type": "opencollective",

packages/middleware/CHANGELOG.md

@@ -1,5 +1,28 @@
 # @verdaccio/middleware
 
+## 8.0.0-next-8.15
+
+### Patch Changes
+
+- @verdaccio/core@8.0.0-next-8.15
+- @verdaccio/config@8.0.0-next-8.15
+- @verdaccio/url@13.0.0-next-8.15
+- @verdaccio/utils@8.1.0-next-8.15
+
+## 8.0.0-next-8.14
+
+### Patch Changes
+
+- b9fea38: chore: cleanup utils
+- 2bcd3ca: chore(config): harmonize configuration options
+- da1650c: fix(middleware): scoped package for allow checks
+- Updated dependencies [b9fea38]
+- Updated dependencies [bb478f2]
+  - @verdaccio/core@8.0.0-next-8.14
+  - @verdaccio/config@8.0.0-next-8.14
+  - @verdaccio/utils@8.1.0-next-8.14
+  - @verdaccio/url@13.0.0-next-8.14
+
 ## 8.0.0-next-8.13
 
 ### Patch Changes

packages/middleware/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/middleware",
-  "version": "8.0.0-next-8.13",
+  "version": "8.0.0-next-8.15",
   "description": "Verdaccio Express Middleware",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -42,10 +42,10 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/config": "workspace:8.0.0-next-8.13",
-    "@verdaccio/core": "workspace:8.0.0-next-8.13",
-    "@verdaccio/url": "workspace:13.0.0-next-8.13",
-    "@verdaccio/utils": "workspace:8.1.0-next-8.13",
+    "@verdaccio/config": "workspace:8.0.0-next-8.15",
+    "@verdaccio/core": "workspace:8.0.0-next-8.15",
+    "@verdaccio/url": "workspace:13.0.0-next-8.15",
+    "@verdaccio/utils": "workspace:8.1.0-next-8.15",
     "debug": "4.4.0",
     "express": "4.21.2",
     "express-rate-limit": "5.5.1",
@@ -58,7 +58,7 @@
     "url": "https://opencollective.com/verdaccio"
   },
   "devDependencies": {
-    "@verdaccio/logger": "workspace:8.0.0-next-8.13",
+    "@verdaccio/logger": "workspace:8.0.0-next-8.15",
     "body-parser": "1.20.3",
     "supertest": "7.0.0",
     "jsdom": "25.0.1"

packages/middleware/src/middlewares/allow.ts

@@ -20,7 +20,7 @@ export function allow<T>(
     return function (req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer): void {
       req.pause();
       const packageName = req.params.scope
-        ? `@${req.params.scope}/${req.params.package}`
+        ? `${req.params.scope}/${req.params.package}`
         : req.params.package;
       const packageVersion = req.params.filename
         ? tarballUtils.getVersionFromTarball(req.params.filename)

packages/middleware/src/middlewares/json.ts

@@ -1,5 +1,4 @@
-import { errorUtils } from '@verdaccio/core';
-import { isObject } from '@verdaccio/utils';
+import { errorUtils, validationUtils } from '@verdaccio/core';
 
 import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types';
 
@@ -8,7 +7,7 @@ export function expectJson(
   res: $ResponseExtend,
   next: $NextFunctionVer
 ): void {
-  if (!isObject(req.body)) {
+  if (!validationUtils.isObject(req.body)) {
     return next(errorUtils.getBadRequest("can't parse incoming json"));
   }
   next();

packages/middleware/src/middlewares/web/utils/renderHTML.ts

@@ -80,7 +80,7 @@ export default function renderHTML(
   const {
     scriptsBodyAfter,
     metaScripts,
-    scriptsbodyBefore,
+    scriptsbodyBefore, // deprecated
     showInfo,
     showSettings,
     showThemeSwitch,
@@ -98,6 +98,11 @@ export default function renderHTML(
     },
     config?.web
   );
+  // Fallback
+  let scriptsBodyBefore = config?.web?.scriptsBodyBefore;
+  if (scriptsbodyBefore && !scriptsBodyBefore) {
+    scriptsBodyBefore = scriptsbodyBefore;
+  }
   const options: TemplateUIOptions = {
     showInfo,
     showSettings,
@@ -127,8 +132,10 @@ export default function renderHTML(
 
   let webPage;
 
+  let cacheKey = `template:${JSON.stringify(options)}`;
+
   try {
-    webPage = cache.get('template');
+    webPage = cache.get(cacheKey);
     if (!webPage) {
       webPage = renderTemplate(
         {
@@ -136,13 +143,13 @@ export default function renderHTML(
           options,
           scriptsBodyAfter,
           metaScripts,
-          scriptsbodyBefore,
+          scriptsBodyBefore,
         },
         manifest
       );
 
       if (needHtmlCache) {
-        cache.set('template', webPage);
+        cache.set(cacheKey, webPage);
         debug('set template cache');
       }
     } else {