chore: update versions (6-next) (#2625 )

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
dist-tags endpoint fastify (#2638 )
2021-11-05 17:29:26 +01:00 · 2021-11-05 16:59:13 +01:00 · 2021-11-05 16:29:48 +01:00 · 2021-11-04 09:38:57 +01:00 · 2021-11-03 20:56:36 +01:00 · 2021-11-03 18:25:53 +01:00
744 changed files with 17460 additions and 14399 deletions
--- a/.babelrc
+++ b/.babelrc
@@ -7,7 +7,7 @@
        "version": 3, "proposals": true
      },
      "targets": {
-        "node": 12
+        "node": 14
      }
    }
  ],
--- a/.changeset/dry-planes-tap.md
+++ b/.changeset/dry-planes-tap.md
@@ -0,0 +1,59 @@
+---
+'@verdaccio/api': major
+'@verdaccio/auth': major
+'@verdaccio/cli': major
+'@verdaccio/config': major
+'@verdaccio/commons-api': major
+'@verdaccio/core': major
+'@verdaccio/local-storage': major
+'@verdaccio/fastify-migration': major
+'@verdaccio/streams': major
+'@verdaccio/types': major
+'@verdaccio/hooks': major
+'verdaccio-audit': major
+'verdaccio-aws-s3-storage': major
+'verdaccio-google-cloud': major
+'verdaccio-memory': major
+'@verdaccio/ui-theme': major
+'@verdaccio/proxy': major
+'@verdaccio/server': major
+'@verdaccio/store': major
+'@verdaccio/eslint-config': major
+'@verdaccio/dev-types': major
+'@verdaccio/utils': major
+'verdaccio': major
+'@verdaccio/web': major
+---
+
+refactor: search v1 endpoint and local-database
+
+- refactor search `api v1` endpoint, improve performance
+- remove usage of `async` dependency https://github.com/verdaccio/verdaccio/issues/1225
+- refactor method storage class
+- create new module `core` to reduce the ammount of modules with utilities
+- use `undici` instead `node-fetch`
+- use `fastify` instead `express` for functional test
+
+### Breaking changes
+
+- plugin storage API changes
+- remove old search endpoint (return 404)
+- filter local private packages at plugin level
+
+The storage api changes for methods `get`, `add`, `remove` as promise base. The `search` methods also changes and recieves a `query` object that contains all query params from the client.
+
+```ts
+export interface IPluginStorage<T> extends IPlugin {
+  add(name: string): Promise<void>;
+  remove(name: string): Promise<void>;
+  get(): Promise<any>;
+  init(): Promise<void>;
+  getSecret(): Promise<string>;
+  setSecret(secret: string): Promise<any>;
+  getPackageStorage(packageInfo: string): IPackageStorage;
+  search(query: searchUtils.SearchQuery): Promise<searchUtils.SearchItem[]>;
+  saveToken(token: Token): Promise<any>;
+  deleteToken(user: string, tokenKey: string): Promise<any>;
+  readTokens(filter: TokenFilter): Promise<Token[]>;
+}
+```
--- a/.changeset/eleven-spoons-matter.md
+++ b/.changeset/eleven-spoons-matter.md
@@ -0,0 +1,39 @@
+---
+'@verdaccio/api': major
+'@verdaccio/auth': major
+'@verdaccio/cli': major
+'@verdaccio/config': major
+'@verdaccio/core': major
+'@verdaccio/file-locking': major
+'verdaccio-htpasswd': major
+'@verdaccio/readme': major
+'@verdaccio/fastify-migration': major
+'@verdaccio/streams': major
+'@verdaccio/tarball': major
+'@verdaccio/types': major
+'@verdaccio/url': major
+'@verdaccio/hooks': major
+'@verdaccio/loaders': major
+'@verdaccio/logger': major
+'@verdaccio/middleware': major
+'@verdaccio/mock': major
+'@verdaccio/node-api': major
+'@verdaccio/active-directory': major
+'verdaccio-audit': major
+'verdaccio-auth-memory': major
+'verdaccio-aws-s3-storage': major
+'verdaccio-google-cloud': major
+'verdaccio-memory': major
+'@verdaccio/ui-theme': major
+'@verdaccio/server': major
+'@verdaccio/cli-standalone': major
+'@verdaccio/store': major
+'@verdaccio/dev-types': major
+'@verdaccio/utils': major
+'verdaccio': major
+'@verdaccio/web': major
+---
+
+Remove Node 12 support
+
+- We need move to the new `undici` and does not support Node.js 12
--- a/.changeset/fuzzy-onions-draw.md
+++ b/.changeset/fuzzy-onions-draw.md
@@ -0,0 +1,10 @@
+---
+'@verdaccio/api': minor
+'@verdaccio/fastify-migration': minor
+'@verdaccio/hooks': minor
+'@verdaccio/logger-prettify': minor
+'@verdaccio/proxy': minor
+'@verdaccio/store': minor
+---
+
+abort search request support for proxy
--- a/.changeset/olive-candles-speak.md
+++ b/.changeset/olive-candles-speak.md
@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-theme': minor
+---
+
+feat: integrate rematch for ui state storage
--- a/.changeset/perfect-candles-clap.md
+++ b/.changeset/perfect-candles-clap.md
@@ -0,0 +1,35 @@
+---
+'@verdaccio/api': minor
+'@verdaccio/auth': minor
+'@verdaccio/cli': minor
+'@verdaccio/config': minor
+'@verdaccio/core': minor
+'verdaccio-htpasswd': minor
+'@verdaccio/local-storage': minor
+'@verdaccio/fastify-migration': minor
+'@verdaccio/tarball': minor
+'@verdaccio/types': minor
+'@verdaccio/url': minor
+'@verdaccio/hooks': minor
+'@verdaccio/loaders': minor
+'@verdaccio/logger': minor
+'@verdaccio/middleware': minor
+'@verdaccio/mock': minor
+'@verdaccio/node-api': minor
+'@verdaccio/active-directory': minor
+'verdaccio-auth-memory': minor
+'verdaccio-aws-s3-storage': minor
+'verdaccio-google-cloud': minor
+'verdaccio-memory': minor
+'@verdaccio/ui-theme': minor
+'@verdaccio/proxy': minor
+'@verdaccio/server': minor
+'@verdaccio/cli-standalone': minor
+'@verdaccio/store': minor
+'@verdaccio/utils': minor
+'verdaccio': minor
+'@verdaccio/web': minor
+'@verdaccio/e2e-ui': minor
+---
+
+refactor: remove @verdaccio/commons-api in favor @verdaccio/core and remove duplications
--- a/.changeset/pre.json
+++ b/.changeset/pre.json
@@ -6,7 +6,6 @@
    "@verdaccio/auth": "6.0.0-alpha.0",
    "@verdaccio/cli": "6.0.0-alpha.0",
    "@verdaccio/config": "6.0.0-alpha.0",
-    "@verdaccio/commons-api": "11.0.0-alpha.0",
    "@verdaccio/file-locking": "11.0.0-alpha.0",
    "verdaccio-htpasswd": "11.0.0-alpha.0",
    "@verdaccio/local-storage": "11.0.0-alpha.0",
@@ -42,15 +41,20 @@
    "@verdaccio/fastify-migration": "6.0.0-6-next.9",
    "@verdaccio/eslint-config": "1.0.0",
    "@verdaccio/benchmark": "1.0.0",
-    "@verdaccio/website": "5.1.3"
+    "@verdaccio/website": "5.1.3",
+    "@verdaccio/core": "6.0.0-next.0",
+    "@verdaccio/helper": "1.0.0"
  },
  "changesets": [
    "afraid-mice-obey",
    "big-lobsters-sin",
    "calm-pants-impress",
+    "dry-planes-tap",
+    "eleven-spoons-matter",
    "few-cooks-destroy",
    "few-mangos-grow",
    "fifty-jars-rest",
+    "fuzzy-onions-draw",
    "gentle-parrots-lay",
    "gentle-trains-switch",
    "gold-vans-tease",
@@ -64,6 +68,8 @@
    "many-vans-care",
    "modern-spies-tell",
    "neat-toes-report",
+    "olive-candles-speak",
+    "perfect-candles-clap",
    "perfect-emus-clean",
    "perfect-kangaroos-agree",
    "plenty-news-remember",
@@ -72,9 +78,13 @@
    "pretty-hounds-tap",
    "proud-jeans-walk",
    "red-chefs-float",
+    "shaggy-carrots-unite",
+    "shaggy-parrots-smash",
    "shiny-chefs-heal",
    "smart-apricots-kneel",
+    "sour-buses-shout",
    "spicy-frogs-press",
+    "ten-parents-breathe",
    "tender-bags-call",
    "three-pots-sit",
    "two-dolls-check",
--- a/.changeset/shaggy-carrots-unite.md
+++ b/.changeset/shaggy-carrots-unite.md
@@ -0,0 +1,5 @@
+---
+'@verdaccio/logger': patch
+---
+
+do not show deprecation warning on default logger config
--- a/.changeset/shaggy-parrots-smash.md
+++ b/.changeset/shaggy-parrots-smash.md
@@ -0,0 +1,8 @@
+---
+'@verdaccio/cli': minor
+'@verdaccio/core': minor
+'@verdaccio/logger': minor
+'@verdaccio/node-api': minor
+---
+
+feat: use warning codes for deprecation warnings
--- a/.changeset/sour-buses-shout.md
+++ b/.changeset/sour-buses-shout.md
@@ -0,0 +1,11 @@
+---
+'@verdaccio/fastify-migration': minor
+'@verdaccio/store': minor
+'@verdaccio/utils': minor
+'@verdaccio/web': minor
+'@verdaccio/website': minor
+---
+
+feat: migrate web sidebar endpoint to fastify
+
+reuse utils methods between packages
--- a/.changeset/ten-parents-breathe.md
+++ b/.changeset/ten-parents-breathe.md
@@ -0,0 +1,7 @@
+---
+'@verdaccio/auth': minor
+'@verdaccio/fastify-migration': minor
+'@verdaccio/web': minor
+---
+
+dist tags Implementation on Fastify
--- a/.eslintignore
+++ b/.eslintignore
@@ -9,3 +9,5 @@ static/
 website/
 wiki/
 dist/
+docs/
+test/functional/store/*
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -7,7 +7,7 @@ contact_links:
    url: https://github.com/verdaccio/verdaccio/security/policy
    about: I want to report a security vulnerability
  - name: Chat 🏘
-    url: http://chat.verdaccio.org
+    url: https://discord.gg/7qWJxBf
    about: For a quick question you should do it through our community chat
  - name: User Interface Report 👩🏼‍🎨👨🏼‍🎨
    url: https://github.com/verdaccio/ui/issues/new/choose
--- a/.github/workflows/benchmark.yml
+++ b/.github/workflows/benchmark.yml
@@ -2,6 +2,7 @@
 name: ci - benchmark

 on:
+  workflow_dispatch:
  schedule:
    # 3 times day
    # collecting enough data to draw some graphics
@@ -56,7 +57,8 @@ jobs:
          # - local
          - 3.13.1
          - 4.12.2
-          - 5.1.2
+          - 5.1.3
+          - 6.0.0-6-next.24
    name: Benchmark autocannon
    runs-on: ubuntu-latest
    steps:
@@ -116,7 +118,8 @@ jobs:
          # old versions to compare same test along previous releases
          - 3.13.1
          - 4.12.2
-          - 5.1.2
+          - 5.1.3
+          - 6.0.0-6-next.24
    name: Benchmark hyperfine
    runs-on: ubuntu-latest
    steps:
--- a/.github/workflows/changesets.yml
+++ b/.github/workflows/changesets.yml
@@ -46,7 +46,12 @@ jobs:
        run: pnpm install
        env:
          NODE_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
-
+      - name: crowdin download
+        env:
+          CROWDIN_VERDACCIO_PROJECT_ID: ${{ secrets.CROWDIN_VERDACCIO_PROJECT_ID }}
+          CROWDIN_VERDACCIO_API_KEY: ${{ secrets.CROWDIN_VERDACCIO_API_KEY }}
+          CONTEXT: production
+        run: pnpm crowdin:download       
      - name: build
        run: pnpm build

--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -23,7 +23,7 @@ jobs:
        ports:
          - 4873:4873
    steps:
-    - uses: actions/checkout@v2.3.1
+    - uses: actions/checkout@v2.3.5
    - name: Use Node 14
      uses: actions/setup-node@v1
      with:
@@ -48,7 +48,7 @@ jobs:
    name: Lint
    needs: prepare
    steps:
-      - uses: actions/checkout@v2.3.1
+      - uses: actions/checkout@v2.3.5
      - name: Use Node 16
        uses: actions/setup-node@v1
        with:
@@ -68,7 +68,7 @@ jobs:
    name: Format
    needs: prepare
    steps:
-      - uses: actions/checkout@v2.3.1
+      - uses: actions/checkout@v2.3.5
      - name: Use Node 16
        uses: actions/setup-node@v1
        with:
@@ -83,12 +83,13 @@ jobs:
        run: pnpm recursive install --frozen-lockfile --ignore-scripts
      - name: Lint
        run: pnpm format:check
+
  build:
    runs-on: ubuntu-latest
    name: build
    needs: [format, lint]
    steps:
-      - uses: actions/checkout@v2.3.1
+      - uses: actions/checkout@v2.3.5
      - name: Use Node 16
        uses: actions/setup-node@v1
        with:
@@ -101,6 +102,15 @@ jobs:
          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}     
      - name: Install
        run: pnpm recursive install --frozen-lockfile --ignore-scripts
+      - name: crowdin download
+        env:
+          CROWDIN_VERDACCIO_PROJECT_ID: ${{ secrets.CROWDIN_VERDACCIO_PROJECT_ID }}
+          CROWDIN_VERDACCIO_API_KEY: ${{ secrets.CROWDIN_VERDACCIO_API_KEY }}
+          CONTEXT: production
+        run: pnpm crowdin:download
+        ## this step is optional, translations are not mandatory for PR
+        ## secrets keys are not available on forks, the failure here is guaranteed
+        continue-on-error: true  
      - name: build
        run: pnpm build
      - name: tar packages
@@ -116,11 +126,12 @@ jobs:
      fail-fast: true
      matrix:
        os: [ubuntu-latest]
+        ## Node 16 breaks UI test, jest issue
        node_version: [14]
    name: ${{ matrix.os }} / Node ${{ matrix.node_version }}
    runs-on: ${{ matrix.os }}
    steps:
-      - uses: actions/checkout@v2.3.1
+      - uses: actions/checkout@v2.3.5
      - name: Use Node ${{ matrix.node_version }}
        uses: actions/setup-node@v1
        with:
@@ -145,7 +156,7 @@ jobs:
    runs-on: ubuntu-latest
    name: UI Test E2E Node 14
    steps:
-      - uses: actions/checkout@v2.3.1
+      - uses: actions/checkout@v2.3.5
      - uses: actions/setup-node@v1
        with:
          node-version: 14
@@ -165,14 +176,14 @@ jobs:
        run: pnpm recursive install --frozen-lockfile 
      - name: Test UI
        run: pnpm test:e2e:ui
-        env:
-          DEBUG: verdaccio:e2e*       
+        # env:
+        #  DEBUG: verdaccio:e2e*       
  ci-e2e-cli:
    needs: build
    runs-on: ubuntu-latest
    name: CLI Test E2E Node 14
    steps:
-      - uses: actions/checkout@v2.3.1
+      - uses: actions/checkout@v2.3.5
      - uses: actions/setup-node@v1
        with:
          node-version: 14
@@ -192,12 +203,14 @@ jobs:
        run: pnpm recursive install --frozen-lockfile
      - name: Test CLI
        run: pnpm test:e2e:cli
+        # env:
+        #   DEBUG: verdaccio* 
  test-windows:
    needs: [format, lint]
    runs-on: windows-latest
    name: windows test node 14
    steps:
-      - uses: actions/checkout@v2.3.1
+      - uses: actions/checkout@v2.3.5
      - name: Use Node 14
        uses: actions/setup-node@v1
        with:
@@ -215,3 +228,35 @@ jobs:
        run: pnpm build
      - name: Test
        run: pnpm test
+  sync-translations:
+    needs: [ci-e2e-cli, ci-e2e-ui, test-windows, test]
+    runs-on: ubuntu-latest
+    name: synchronize translations
+    if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
+    steps:
+      - uses: actions/checkout@v2.3.5
+      - uses: actions/setup-node@v1
+        with:
+          node-version: 14
+      - uses: actions/download-artifact@v2
+        with:
+          name: verdaccio-artifact
+      - name: untar packages
+        run: tar -xzvf pkg.tar.gz -C ${{ github.workspace }}/packages    
+      - name: Install pnpm
+        run: npm i pnpm@6.10.3 -g
+      - uses: actions/cache@v2
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}                                          
+      - name: Install
+        ## we need scripts, pupetter downloads aditional content
+        run: pnpm recursive install --frozen-lockfile
+      - name: generate website translations
+        run: pnpm write-translations --filter ...@verdaccio/website       
+      - name: sync
+        env:
+          CROWDIN_VERDACCIO_PROJECT_ID: ${{ secrets.CROWDIN_VERDACCIO_PROJECT_ID }}
+          CROWDIN_VERDACCIO_API_KEY: ${{ secrets.CROWDIN_VERDACCIO_API_KEY }}
+          CONTEXT: production
+        run: pnpm crowdin:sync              
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -14,7 +14,7 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@v2.3.1
+        uses: actions/checkout@v2.3.5
        with:
          # We must fetch at least the immediate parents so that if this is
          # a pull request then we can checkout the head.
--- a/.github/workflows/website.yml
+++ b/.github/workflows/website.yml
@@ -24,7 +24,7 @@ jobs:
    env:
      NODE_OPTIONS: --max_old_space_size=4096
    steps:
-      - uses: actions/checkout@v2.3.1
+      - uses: actions/checkout@v2.3.5

      - name: Use Node 14
        uses: actions/setup-node@v2
@@ -82,13 +82,13 @@ jobs:

      # Will deploy to Preview URL, only when a pull request is open with changes on the website
      - name: Build Deployment Preview
-        if: github.event_name == 'pull_request' && github.ref != 'refs/heads/master'
+        if: github.event_name == 'pull_request' && github.ref != 'refs/heads/master' && github.event.label.name == 'trigger-preview'
        env:
          CONTEXT: deploy-preview
        run: pnpm netlify:build:deployPreview --filter ...@verdaccio/website

      - name: 🤖 Deploy Preview Netlify
-        if: github.event_name == 'pull_request' && github.ref != 'refs/heads/master'
+        if: github.event_name == 'pull_request' && github.ref != 'refs/heads/master' && github.event.label.name == 'trigger-preview'
        uses: semoal/action-netlify-deploy@master
        id: netlify_preview
        with:
@@ -102,7 +102,7 @@ jobs:
          build-dir: './website/build'

      - name: Audit preview URL with Lighthouse
-        if: github.event_name == 'pull_request' && github.ref != 'refs/heads/master'
+        if: github.event_name == 'pull_request' && github.ref != 'refs/heads/master' && github.event.label.name == 'trigger-preview'
        id: lighthouse_audit
        uses: treosh/lighthouse-ci-action@v3
        with:
@@ -112,7 +112,7 @@ jobs:
          temporaryPublicStorage: true

      - name: Format lighthouse score
-        if: github.event_name == 'pull_request' && github.ref != 'refs/heads/master'
+        if: github.event_name == 'pull_request' && github.ref != 'refs/heads/master' && github.event.label.name == 'trigger-preview'
        id: format_lighthouse_score
        uses: actions/github-script@v3
        with:
@@ -137,7 +137,7 @@ jobs:
             core.setOutput("comment", comment);

      - name: Add comment to PR
-        if: github.event_name == 'pull_request' && github.ref != 'refs/heads/master'
+        if: github.event_name == 'pull_request' && github.ref != 'refs/heads/master' && github.event.label.name == 'trigger-preview'
        id: comment_to_pr
        uses: marocchino/sticky-pull-request-comment@v1
        with:
--- a/.gitignore
+++ b/.gitignore
@@ -34,6 +34,9 @@ packages/standalone/dist/

 ## ui
 packages/plugins/ui-theme/static
+/packages/plugins/ui-theme/src/i18n/download_translations/
+!/packages/plugins/ui-theme/src/i18n/crowdin/ui.json
+

 # CI Pnpm cache
 .pnpm-store/
@@ -43,3 +46,7 @@ api-results.json
 hyper-results.json
 hyper-results*.json
 api-results*.json
+
+#docs 
+./api
+packages/core/core/docs
--- a/.husky/pre-commit
+++ b/.husky/pre-commit
@@ -0,0 +1,5 @@
+#!/bin/sh
+. "$(dirname "$0")/_/husky.sh"
+
+#./node_modules/.bin/lint-staged
+npm run husky:pre-commit
--- a/.npmrc
+++ b/.npmrc
@@ -1,5 +1,5 @@
 always-auth = true
 recursive-install = true
 registry = https://registry.verdaccio.org
-loglevel=warn
+loglevel=info
 fetch-retries="10"
--- a/.nvmrc
+++ b/.nvmrc
@@ -1 +1 @@
-14
+16
--- a/.prettierignore
+++ b/.prettierignore
@@ -17,6 +17,7 @@ node_modules/
 **/static/*.js
 **/build/*.js
 packages/core/local-storage/_storage/**
+packages/partials/storage_default_storage/
 packages/standalone/dist/bundle.js
 docker-examples/v5/reverse_proxy/nginx/relative_path/storage/*
 docker-examples/
@@ -24,3 +25,9 @@ build/
 .vscode/
 .github/
 .netlify/
+packages/**/docs/**
+packages/mock/mock-store/**
+api/**
+packages/core/local-storage/tests/__fixtures__/test-storage/
+packages/plugins/ui-theme/static/
+.verdaccio-db.json
--- a/.prettierrc
+++ b/.prettierrc
@@ -1,11 +0,0 @@
-{
-  "endOfLine": "lf",
-  "useTabs": false,
-  "printWidth": 100,
-  "tabWidth": 2,
-  "singleQuote": true,
-  "bracketSpacing": true,
-  "jsxBracketSameLine": true,
-  "trailingComma": "es5",
-  "semi": true
-}
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -4,6 +4,16 @@
  // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
  "version": "0.2.0",
  "configurations": [
+
+  {
+    "name": "Attach",
+    "port": 9229,
+    "request": "attach",
+    "skipFiles": [
+      "<node_internals>/**"
+    ],
+    "type": "pwa-node"
+  },
    {
      "name": "Verdaccio Debug",
      "port": 9229,
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -2,7 +2,7 @@
 {
  "files.exclude": {
    "**/.nyc_output": true,
-    "**/build": true,
+    "**/build": false,
    "**/coverage": true,
    ".idea": true,
    "storage_default_storage": true,
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -19,6 +19,7 @@ guidelines for you:
    - [What's is not considered a bug?](#whats-is-not-considered-a-bug)
    - [Issue Search](#issue-search)
    - [Chat](#chat)
+  - [Translations](#translations)
  - [Request Features](#request-features)
  - [Contributing Guidelines](#contributing-guidelines)
    - [Submitting a Pull Request](#submitting-a-pull-request)
@@ -128,9 +129,23 @@ More details in the debug section

 ### Running and debugging

+> Check the debugging guidelines [here](https://github.com/verdaccio/verdaccio/wiki/Debugging-Verdaccio)
+
 We use [`debug`](https://www.npmjs.com/package/debug) to add helpful debugging
 output to the code. Each package has it owns namespace.

+#### Useful Scripts
+
+To run the application from the source code, ensure the project has been built with `pnpm build`, once this is done, there are few commands that helps to run server:
+
+- `pnpm start`: Run the server and the UI with `concurrently`, the
+  server runs in the port `8000` and the UI on the port `4873`. This command
+  is useful if you want to contribute mostly on the UI.
+- `pnpm debug`: Run the server in debug mode `--inspect`, the UI is included but does not have hot reload. For automatic break use `pnpm debug:break`.
+- `pnpm debug:fastify`: To contribute on the [fastify migration](https://github.com/verdaccio/verdaccio/discussions/2155) this is a temporary command for such purpose.
+- `pnpm website`: Build the website, for more commands to run the _website_, run `cd website` and then `pnpm serve`, website will run on port `3000`.
+- `pnpm docker`: Build the docker image. Requires `docker` command available in your system.
+
 #### Debugging compiled code

 Currently you can only run pre-compiled packages in debug mode. To enable debug
@@ -190,10 +205,28 @@ affecting multiple people.

 ### Chat

-Questions can be asked via [Discord](http://chat.verdaccio.org/)
+Questions can be asked via [Discord](https://discord.gg/7qWJxBf)

 **Please use the `#help` channel.**

+## Translations
+
+All translations are provided by the `crowdin` platform:
+[https://translate.verdaccio.org/](https://translate.verdaccio.org/)
+
+If you want to contribute by adding translations, create an account (GitHub could be used as fast alternative), in the platform you can contribute to two areas, the website or improve User Interface translations.
+
+If a language is not listed, ask for it in the [Discord](https://discord.gg/7qWJxBf) channel #contribute channel.
+
+For adding a new **language** on the UI follow these steps:
+
+1. Ensure the **language** has been enabled, must be visible in the `crowdin` platform.
+2. Find in the explorer the file `en.US.json` in the path `packages/plugins/ui-theme/src/i18n/crowdin/ui.json` and complete the translations, **not need to find approval on this**.
+3. Into the project, add a new field into `packages/plugins/ui-theme/src/i18n/crowdin/ui.json` file, in the section `lng`, the new language, eg: `{ lng: {korean:"Korean"}}`. (This file is English based, once the PR has been merged, this string will be available in crowdin for translate to the targeted language).
+4. Add the language, [flag icon](https://www.npmjs.com/package/country-flag-icons), and the menu key fort he new language eg: `menuKey: 'lng.korean'` to the file `packages/plugins/ui-theme/src/i18n/enabledLanguages.ts`.
+5. For local testing, read `packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md`.
+6. Add a `changeset` file, see more info below.
+
 ## Request Features

 New feature requests are welcome. Analyse whether the idea fits within scope of
--- a/4
+++ b/4
@@ -1,4 +1,4 @@
-FROM --platform=${BUILDPLATFORM:-linux/amd64} node:14.17.6-alpine as builder
+FROM --platform=${BUILDPLATFORM:-linux/amd64} node:14.18.1-alpine as builder

 ENV NODE_ENV=development \
    VERDACCIO_BUILD_REGISTRY=https://registry.verdaccio.org
@@ -19,7 +19,7 @@ RUN npm -g i pnpm@6.10.3 && \
 # FIXME: need to remove devDependencies from the build
 # RUN pnpm install --prod --ignore-scripts

-FROM node:14.17.6-alpine
+FROM node:14.18.1-alpine
 LABEL maintainer="https://github.com/verdaccio/verdaccio"

 ENV VERDACCIO_APPDIR=/opt/verdaccio \
--- a/README.md
+++ b/README.md
@@ -29,13 +29,19 @@ Google Cloud Storage** or create your own plugin.

 ## Install

+> Latest Node.js v14
+
 Install with npm:

 ```bash
-npm install --global verdaccio@6-next --registry https://registry.verdaccio.org/
+npm install --global verdaccio@6-next
 ```

-> Published on a temporary registry while setup is ready to publish on npmjs
+or
+
+```bash
+docker pull verdaccio/verdaccio:nightly-master
+```

 ## Donations

@@ -71,7 +77,7 @@ booted in a couple of seconds, fast enough for any CI. Many open source projects

 ### **Testing the integrity of your React components by publishing in a private registry - React Finland 2021**.

-[![beerjscrb](https://cdn.verdaccio.dev/readme/react-finland-2021-jpicado.jpeg)](https://react-finland.fi/schedule/#testing-the-integrity-of-your-react-components-by-publishing-in-a-private-registry)
+[![beerjscrb](https://cdn.verdaccio.dev/readme/react-finland-2021-jpicado.jpeg)](https://www.youtube.com/watch?v=bRKZbrlQqLY&t=16s&ab_channel=ReactFinland)

 You might want to check out as well our previous talks:

@@ -186,7 +192,20 @@ Verdaccio aims to support all features of a standard npm client that make sense

 If you want to report a security vulnerability, please follow the steps which we have defined for you in our [security policy](https://github.com/verdaccio/verdaccio/security/policy).

-## Core Team
+## Special Thanks
+
+Thanks to the following companies to help us to achieve our goals providing free open source licenses. Every company provides enough resources to move this project forward.
+
+| Company      | Logo                                                                                                                            | License                                                                           |
+| ------------ | ------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------- |
+| JetBrains    | [![jetbrain](assets/thanks/jetbrains/logo.png)](https://www.jetbrains.com/)                                                     | JetBrains provides licenses for products for active maintainers, renewable yearly |
+| Crowdin      | [![crowdin](assets/thanks/crowdin/logo.png)](https://crowdin.com/)                                                              | Crowdin provides platform for translations                                        |
+| BrowserStack | [![browserstack](https://cdn.verdaccio.dev/readme/browserstack_logo.png)](https://www.browserstack.com/)                        | BrowserStack provides plan to run End to End testing for the UI                   |
+| Netlify      | [![netlify](https://www.netlify.com/img/global/badges/netlify-color-accent.svg)](https://www.netlify.com/)                      | Netlify provides pro plan for website deployment                                  |
+| Algolia      | [![algolia](https://cdn.verdaccio.dev/sponsor/logo/algolia/logo.png)](https://algolia.com/)                                     | Algolia provides search services for the website                                  |
+| Docker       | [![docker](https://cdn.verdaccio.dev/sponsor/logo/docker/docker.png)](https://www.docker.com/community/open-source/application) | Docker offers unlimited pulls and unlimited egress to any and all users           |
+
+## Maintainers

 | [Juan Picado](https://github.com/juanpicado)                                   | [Ayush Sharma](https://github.com/ayusharma)                             | [Sergio Hg](https://github.com/sergiohgz)                                 |
 | ------------------------------------------------------------------------------ | ------------------------------------------------------------------------ | ------------------------------------------------------------------------- |
@@ -240,18 +259,6 @@ Thank you to all our backers! 🙏 [[Become a backer](https://opencollective.com

 [![backers](https://opencollective.com/verdaccio/backers.svg?width=890)](https://opencollective.com/verdaccio#backers)

-## Special Thanks
-
-Thanks to the following companies to help us to achieve our goals providing free open source licenses.
-
-[![jetbrain](assets/thanks/jetbrains/logo.png)](https://www.jetbrains.com/)
-[![crowdin](assets/thanks/crowdin/logo.png)](https://crowdin.com/)
-[![browserstack](https://cdn.verdaccio.dev/readme/browserstack_logo.png)](https://www.browserstack.com/)
-[![netlify](https://www.netlify.com/img/global/badges/netlify-color-accent.svg)](https://www.netlify.com/)
-[![algolia](https://cdn.verdaccio.dev/sponsor/logo/algolia/logo.png)](https://algolia.com/)
-
-Verdaccio also is part of to the [Docker Open Source Program](https://www.docker.com/blog/expanded-support-for-open-source-software-projects/).
-
 ## Contributors

 This project exists thanks to all the people who contribute. [[Contribute](CONTRIBUTING.md)].
@@ -266,7 +273,7 @@ If you have any issue you can try the following options, do no desist to ask or
 - [Donations](https://github.com/sponsors/verdaccio)
 - [Reporting an issue](https://github.com/verdaccio/verdaccio/issues/new/choose)
 - [Running discussions](https://github.com/verdaccio/verdaccio/issues?q=is%3Aissue+is%3Aopen+label%3Adiscuss)
- [Chat](http://chat.verdaccio.org/)
+- [Chat](https://discord.gg/7qWJxBf)
 - [Logos](https://verdaccio.org/docs/en/logo)
 - [Docker Examples](https://github.com/verdaccio/verdaccio/tree/master/docker-examples)
 - [FAQ](https://github.com/verdaccio/verdaccio/discussions/categories/q-a)
--- a/crowdin.yaml
+++ b/crowdin.yaml
@@ -5,6 +5,10 @@ preserve_hierarchy: true

 files:
  [
+    {
+      source: 'packages/plugins/ui-theme/src/i18n/crowdin/**/*',
+      translation: '/packages/plugins/ui-theme/src/i18n/download_translations/%locale%/**/%original_file_name%',
+    },
    {
      source: '/website/i18n/en/**/*',
      translation: '/website/i18n/%locale%/**/%original_file_name%',
@@ -13,4 +17,4 @@ files:
      source: '/website/docs/**/*',
      translation: '/website/i18n/%locale%/docusaurus-plugin-content-docs/current/**/%original_file_name%',
    }
-  ]
+  ]
--- a/docker-examples/v4/reverse_proxy/nginx/relative_path/nginx_ssl/Dockerfile
+++ b/docker-examples/v4/reverse_proxy/nginx/relative_path/nginx_ssl/Dockerfile
@@ -1,4 +1,4 @@
-FROM nginx
+FROM nginx:1

 COPY cert.crt /etc/nginx/cert.crt
 COPY cert.key /etc/nginx/cert.key
--- a/docker-examples/v4/reverse_proxy/nginx/relative_path/storage/verdaccio/package.json
+++ b/docker-examples/v4/reverse_proxy/nginx/relative_path/storage/verdaccio/package.json
@@ -55919,7 +55919,6 @@
        "@babel/plugin-transform-async-to-generator": "7.2.0",
        "@babel/plugin-transform-classes": "7.2.2",
        "@babel/plugin-transform-runtime": "7.2.0",
-        "@babel/polyfill": "7.2.3",
        "@babel/preset-env": "7.2.3",
        "@babel/preset-flow": "7.0.0",
        "@babel/preset-react": "7.0.0",
--- a/docker-examples/v5/reverse_proxy/nginx_relative/nginx_ssl/Dockerfile
+++ b/docker-examples/v5/reverse_proxy/nginx_relative/nginx_ssl/Dockerfile
@@ -1,4 +1,4 @@
-FROM nginx
+FROM nginx:1

 COPY cert.crt /etc/nginx/cert.crt
 COPY cert.key /etc/nginx/cert.key
--- a/docs/env.variables.md
+++ b/docs/env.variables.md
@@ -48,3 +48,7 @@ $ VERDACCIO_FORWARDED_PROTO=CloudFront-Forwarded-Proto verdaccio --listen 5000
 #### VERDACCIO_STORAGE_PATH

 By default, the storage is taken from config file, but using this variable allows to set it from environment variable.
+
+#### VERDACCIO_STORAGE_NAME
+
+The database name for `@verdaccio/local-storage` is by default `.verdaccio-db.json`, but this can be update by using this variable.
--- a/docs/migration-v5-to-v6.md
+++ b/docs/migration-v5-to-v6.md
@@ -74,3 +74,7 @@ Introduce environment variables for legacy tokens.

 - `VERDACCIO_LEGACY_ALGORITHM`: Allows to define the specific algorithm for the token signature which by default is `aes-256-ctr`
 - `VERDACCIO_LEGACY_ENCRYPTION_KEY`: By default, the token stores in the database, but using this variable allows to get it from memory
+
+#### @verdaccio/commons-api migration
+
+The package has been removed in favor of `@verdaccio/core` with a similar API, check API documentation for further details.
--- a/docs/warnings.md
+++ b/docs/warnings.md
@@ -0,0 +1,29 @@
+# Warning Codes
+
+## VERWAR001
+
+Verdaccio doesn't need superuser privileges. Don't run it under root.
+
+## VERWAR002
+
+logger is not defined
+
+## VERWAR003
+
+'rotating-file type is not longer supported, consider use [logrotate] instead'
+
+## VERWAR004
+
+invalid address - xxxxxx, we expect a port (e.g. "4873"),
+
+## VERDEP001
+
+'config.logs is deprecated, rename configuration to "config.log" in singular'
+
+## VERDEP002
+
+'deprecate: multiple logger configuration is deprecated, please check the migration guide.'
+
+## VERDEP003
+
+'multiple addresses will be deprecated in the next major, only use one'
--- a/package.json
+++ b/package.json
@@ -15,124 +15,105 @@
    "url": "https://opencollective.com/verdaccio"
  },
  "devDependencies": {
-    "@babel/cli": "7.14.8",
-    "@babel/core": "7.15.0",
-    "@babel/node": "7.14.9",
+    "@babel/cli": "7.15.7",
+    "@babel/core": "7.15.8",
+    "@babel/node": "7.15.8",
    "@babel/plugin-proposal-class-properties": "7.14.5",
-    "@babel/plugin-proposal-decorators": "7.14.5",
+    "@babel/plugin-proposal-decorators": "7.15.8",
    "@babel/plugin-proposal-export-namespace-from": "7.14.5",
    "@babel/plugin-proposal-function-sent": "7.14.5",
    "@babel/plugin-proposal-json-strings": "7.14.5",
    "@babel/plugin-proposal-nullish-coalescing-operator": "7.14.5",
    "@babel/plugin-proposal-numeric-separator": "7.14.5",
-    "@babel/plugin-proposal-object-rest-spread": "7.14.7",
+    "@babel/plugin-proposal-object-rest-spread": "7.15.6",
    "@babel/plugin-proposal-optional-chaining": "7.14.5",
    "@babel/plugin-proposal-throw-expressions": "7.14.5",
    "@babel/plugin-syntax-dynamic-import": "7.8.3",
    "@babel/plugin-syntax-import-meta": "7.10.4",
    "@babel/plugin-transform-async-to-generator": "7.14.5",
-    "@babel/plugin-transform-classes": "7.14.9",
-    "@babel/plugin-transform-runtime": "7.15.0",
-    "@babel/polyfill": "7.12.1",
-    "@babel/preset-env": "7.15.0",
+    "@babel/plugin-transform-classes": "7.15.4",
+    "@babel/plugin-transform-runtime": "7.15.8",
+    "@babel/preset-env": "7.15.8",
    "@babel/preset-react": "7.14.5",
    "@babel/preset-typescript": "7.15.0",
    "@babel/register": "7.15.3",
-    "@babel/runtime": "7.15.3",
-    "@changesets/changelog-github": "^0.2.8",
+    "@babel/runtime": "7.15.4",
+    "@changesets/changelog-github": "0.2.8",
    "@changesets/cli": "2.15.0",
-    "@changesets/get-dependents-graph": "^1.2.0",
-    "@commitlint/cli": "8.3.5",
-    "@commitlint/config-conventional": "8.2.0",
-    "@crowdin/cli": "3.6.5",
+    "@changesets/get-dependents-graph": "1.2.2",
+    "@crowdin/cli": "3.7.1",
+    "@trivago/prettier-plugin-sort-imports": "3.0.0",
    "@types/async": "3.2.7",
    "@types/autocannon": "4.1.1",
    "@types/autosuggest-highlight": "3.1.1",
-    "@types/express": "4.17.8",
+    "@types/express": "4.17.13",
    "@types/http-errors": "1.8.1",
-    "@types/jest": "27.0.1",
-    "@types/lodash": "4.14.172",
-    "@types/lowdb": "1.0.11",
+    "@types/jest": "27.0.2",
+    "@types/lodash": "4.14.176",
    "@types/mime": "2.0.3",
    "@types/minimatch": "3.0.5",
    "@types/node": "14.6.0",
-    "@types/react": "17.0.19",
-    "@types/react-autosuggest": "10.1.5",
-    "@types/react-dom": "17.0.9",
-    "@types/react-helmet": "6.1.2",
-    "@types/react-router-dom": "5.1.8",
-    "@types/react-virtualized": "9.21.13",
    "@types/request": "2.48.7",
-    "@types/semver": "7.3.8",
+    "@types/semver": "7.3.9",
    "@types/supertest": "2.0.11",
    "@types/testing-library__jest-dom": "5.14.1",
-    "@types/validator": "13.6.3",
+    "@types/validator": "13.6.6",
    "@types/webpack": "5.28.0",
-    "@types/webpack-env": "1.16.2",
-    "@typescript-eslint/eslint-plugin": "4.30.0",
-    "@typescript-eslint/parser": "4.30.0",
+    "@types/webpack-env": "1.16.3",
+    "@typescript-eslint/eslint-plugin": "4.33.0",
+    "@typescript-eslint/parser": "4.33.0",
    "@verdaccio/benchmark": "workspace:*",
    "@verdaccio/eslint-config": "workspace:*",
    "@verdaccio/types": "workspace:*",
    "@verdaccio/ui-theme": "workspace:*",
-    "autocannon": "7.4.0",
+    "autocannon": "7.5.0",
    "babel-core": "7.0.0-bridge.0",
    "babel-eslint": "10.1.0",
-    "babel-jest": "27.1.0",
+    "babel-jest": "27.3.1",
    "babel-plugin-dynamic-import-node": "2.3.3",
-    "babel-plugin-emotion": "10.0.33",
+    "babel-plugin-emotion": "10.2.2",
    "codecov": "3.8.3",
-    "concurrently": "6.2.1",
+    "concurrently": "6.3.0",
+    "core-js": "3.17.2",
    "cross-env": "7.0.3",
    "debug": "4.3.2",
    "detect-secrets": "1.0.6",
    "eslint": "7.32.0",
-    "eslint-config-google": "0.14.0",
-    "eslint-config-prettier": "8.3.0",
-    "eslint-plugin-babel": "5.3.1",
-    "eslint-plugin-import": "2.24.2",
-    "eslint-plugin-jest": "24.4.0",
-    "eslint-plugin-jsx-a11y": "6.4.1",
-    "eslint-plugin-prettier": "4.0.0",
-    "eslint-plugin-react": "7.25.1",
-    "eslint-plugin-react-hooks": "4.2.0",
-    "eslint-plugin-simple-import-sort": "7.0.0",
-    "eslint-plugin-verdaccio": "10.0.0",
    "fs-extra": "10.0.0",
-    "husky": "4.3.5",
+    "husky": "7.0.4",
    "in-publish": "2.0.1",
-    "jest": "27.1.0",
-    "jest-environment-jsdom": "27.1.0",
+    "jest": "27.3.1",
+    "jest-environment-jsdom": "27.3.1",
    "jest-environment-jsdom-global": "3.0.0",
-    "jest-environment-node": "27.1.0",
-    "jest-fetch-mock": "3.0.3",
-    "jest-junit": "12.2.0",
+    "jest-environment-node": "27.3.1",
+    "jest-junit": "12.3.0",
    "kleur": "3.0.3",
    "lint-staged": "11.1.2",
    "nock": "12.0.3",
    "node-fetch": "3.0.0-beta.6-exportfix",
-    "nodemon": "2.0.12",
+    "nodemon": "2.0.14",
    "npm-run-all": "4.1.5",
    "prettier": "2.3.2",
    "rimraf": "3.0.2",
    "selfsigned": "1.10.11",
    "supertest": "6.1.6",
    "ts-node": "10.2.1",
-    "typescript": "4.4.2",
-    "update-ts-references": "2.4.0",
-    "verdaccio": "5.1.3",
+    "typescript": "4.4.4",
+    "update-ts-references": "2.4.1",
+    "verdaccio": "5.2.0",
    "verdaccio-audit": "workspace:*",
    "verdaccio-auth-memory": "workspace:*",
    "verdaccio-htpasswd": "workspace:*",
    "verdaccio-memory": "workspace:*"
  },
  "scripts": {
+    "husky:pre-commit": "lint-staged",
    "clean": "pnpm recursive run clean",
    "build": "pnpm recursive run build --filter=!@verdaccio/website",
    "docker": "docker build -t verdaccio/verdaccio:local . --no-cache",
    "format": "prettier --write \"**/*.{js,jsx,ts,tsx,json,yml,yaml,md}\"",
    "format:check": "prettier --check \"**/*.{js,jsx,ts,tsx,json,yml,yaml,md}\"",
-    "lint": "eslint  --max-warnings 49 \"**/*.{js,jsx,ts,tsx}\"",
+    "lint": "eslint  --max-warnings 46 \"**/*.{js,jsx,ts,tsx}\"",
    "test": "pnpm recursive test --filter ./packages",
    "test:e2e:cli": "pnpm test --filter ...@verdaccio/e2e-cli",
    "test:e2e:ui": "pnpm test --filter ...@verdaccio/e2e-ui",
@@ -142,12 +123,13 @@
    "benchmark:submit": "pnpm ts-node ./scripts/submit-metrics.ts",
    "start:watch": "concurrently --kill-others \"pnpm _build:watch\" \"pnpm _start:server\" \"pnpm _debug:reload\"",
    "_build:watch": "pnpm run --parallel watch --filter ./packages",
-    "_start:server": "node packages/verdaccio/debug/bootstrap.js --listen 8000",
+    "_start:server": "node --inspect packages/verdaccio/debug/bootstrap.js --listen 8000",
    "_start:web": "pnpm start --filter ...@verdaccio/ui-theme",
    "_debug:reload": "nodemon -d 3 packages/verdaccio/debug/bootstrap.js",
    "start:ts": "ts-node packages/verdaccio/src/start.ts -- --listen 8000",
-    "debug": "node --inspect packages/verdaccio/debug/bootstrap.js",
-    "debug:break": "node --inspect-brk packages/verdaccio/debug/bootstrap.js",
+    "debug": "node --trace-warnings --trace-uncaught --inspect packages/verdaccio/debug/bootstrap.js",
+    "debug:fastify": "node --trace-warnings --trace-uncaught --inspect packages/verdaccio/debug/bootstrap.js -- fastify-server",
+    "debug:break": "node --trace-warnings --trace-uncaught --inspect-brk packages/verdaccio/debug/bootstrap.js",
    "changeset": "changeset",
    "changeset:check": "changeset status --since-master",
    "ci:version": "run-s ci:version:changeset ci:version:install",
@@ -157,20 +139,11 @@
    "ts:ref": "update-ts-references --discardComments",
    "website": "pnpm build --filter ...@verdaccio/website",
    "crowdin:upload": "crowdin upload sources --auto-update --config ./crowdin.yaml",
-    "crowdin:download": "crowdin download --config ./crowdin.yaml",
-    "crowdin:sync": "pnpm crowdin:upload && pnpm crowdin:download --verbose"
+    "crowdin:download": "crowdin download --verbose --config ./crowdin.yaml",
+    "crowdin:sync": "pnpm crowdin:upload && pnpm crowdin:download --verbose",
+    "postinstall": "husky install"
  },
  "license": "MIT",
-  "commitlint": {
-    "extends": [
-      "@commitlint/config-conventional"
-    ]
-  },
-  "husky": {
-    "hooks": {
-      "pre-commit": "lint-staged"
-    }
-  },
  "lint-staged": {
    "*.{js,jsx,ts,tsx,json,yml,yaml,md}": "prettier --write",
    "*.{js,jsx,ts,tsx}": "eslint --cache --fix"
--- a/packages/api/CHANGELOG.md
+++ b/packages/api/CHANGELOG.md
@@ -1,5 +1,124 @@
 # @verdaccio/api

+## 6.0.0-6-next.18
+
+### Patch Changes
+
+- Updated dependencies [f86c31ed]
+- Updated dependencies [20c9e43e]
+  - @verdaccio/store@6.0.0-6-next.16
+  - @verdaccio/utils@6.0.0-6-next.9
+  - @verdaccio/auth@6.0.0-6-next.15
+  - @verdaccio/config@6.0.0-6-next.11
+  - @verdaccio/tarball@11.0.0-6-next.10
+  - @verdaccio/middleware@6.0.0-6-next.15
+  - @verdaccio/hooks@6.0.0-6-next.9
+
+## 6.0.0-6-next.17
+
+### Patch Changes
+
+- Updated dependencies [6c1eb021]
+  - @verdaccio/core@6.0.0-6-next.3
+  - @verdaccio/logger@6.0.0-6-next.7
+  - @verdaccio/auth@6.0.0-6-next.14
+  - @verdaccio/config@6.0.0-6-next.10
+  - @verdaccio/tarball@11.0.0-6-next.9
+  - @verdaccio/hooks@6.0.0-6-next.9
+  - @verdaccio/middleware@6.0.0-6-next.14
+  - @verdaccio/store@6.0.0-6-next.15
+  - @verdaccio/utils@6.0.0-6-next.8
+
+## 6.0.0-6-next.16
+
+### Major Changes
+
+- 794af76c: Remove Node 12 support
+
+  - We need move to the new `undici` and does not support Node.js 12
+
+### Minor Changes
+
+- b702ea36: abort search request support for proxy
+- 154b2ecd: refactor: remove @verdaccio/commons-api in favor @verdaccio/core and remove duplications
+
+### Patch Changes
+
+- Updated dependencies [794af76c]
+- Updated dependencies [b702ea36]
+- Updated dependencies [154b2ecd]
+  - @verdaccio/auth@6.0.0-6-next.13
+  - @verdaccio/config@6.0.0-6-next.9
+  - @verdaccio/core@6.0.0-6-next.2
+  - @verdaccio/tarball@11.0.0-6-next.8
+  - @verdaccio/hooks@6.0.0-6-next.8
+  - @verdaccio/logger@6.0.0-6-next.6
+  - @verdaccio/middleware@6.0.0-6-next.13
+  - @verdaccio/store@6.0.0-6-next.14
+  - @verdaccio/utils@6.0.0-6-next.7
+
+## 6.0.0-6-next.15
+
+### Patch Changes
+
+- Updated dependencies [2c594910]
+  - @verdaccio/logger@6.0.0-6-next.5
+  - @verdaccio/auth@6.0.0-6-next.12
+  - @verdaccio/hooks@6.0.0-6-next.7
+  - @verdaccio/middleware@6.0.0-6-next.12
+  - @verdaccio/store@6.0.0-6-next.13
+
+## 6.0.0-6-next.14
+
+### Major Changes
+
+- 459b6fa7: refactor: search v1 endpoint and local-database
+
+  - refactor search `api v1` endpoint, improve performance
+  - remove usage of `async` dependency https://github.com/verdaccio/verdaccio/issues/1225
+  - refactor method storage class
+  - create new module `core` to reduce the ammount of modules with utilities
+  - use `undici` instead `node-fetch`
+  - use `fastify` instead `express` for functional test
+
+  ### Breaking changes
+
+  - plugin storage API changes
+  - remove old search endpoint (return 404)
+  - filter local private packages at plugin level
+
+  The storage api changes for methods `get`, `add`, `remove` as promise base. The `search` methods also changes and recieves a `query` object that contains all query params from the client.
+
+  ```ts
+  export interface IPluginStorage<T> extends IPlugin {
+    add(name: string): Promise<void>;
+    remove(name: string): Promise<void>;
+    get(): Promise<any>;
+    init(): Promise<void>;
+    getSecret(): Promise<string>;
+    setSecret(secret: string): Promise<any>;
+    getPackageStorage(packageInfo: string): IPackageStorage;
+    search(query: searchUtils.SearchQuery): Promise<searchUtils.SearchItem[]>;
+    saveToken(token: Token): Promise<any>;
+    deleteToken(user: string, tokenKey: string): Promise<any>;
+    readTokens(filter: TokenFilter): Promise<Token[]>;
+  }
+  ```
+
+### Patch Changes
+
+- Updated dependencies [459b6fa7]
+  - @verdaccio/auth@6.0.0-6-next.11
+  - @verdaccio/config@6.0.0-6-next.8
+  - @verdaccio/commons-api@11.0.0-6-next.4
+  - @verdaccio/core@6.0.0-6-next.1
+  - @verdaccio/hooks@6.0.0-6-next.6
+  - @verdaccio/store@6.0.0-6-next.12
+  - @verdaccio/utils@6.0.0-6-next.6
+  - @verdaccio/middleware@6.0.0-6-next.11
+  - @verdaccio/tarball@11.0.0-6-next.7
+  - @verdaccio/logger@6.0.0-6-next.4
+
 ## 6.0.0-6-next.13

 ### Patch Changes
--- a/packages/api/package.json
+++ b/packages/api/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@verdaccio/api",
-  "version": "6.0.0-6-next.13",
+  "version": "6.0.0-6-next.18",
  "description": "loaders logic",
  "main": "./build/index.js",
  "types": "build/index.d.ts",
@@ -25,7 +25,7 @@
    "verdaccio"
  ],
  "engines": {
-    "node": ">=10",
+    "node": ">=14",
    "npm": ">=6"
  },
  "scripts": {
@@ -39,15 +39,16 @@
  },
  "license": "MIT",
  "dependencies": {
-    "@verdaccio/auth": "workspace:6.0.0-6-next.10",
-    "@verdaccio/commons-api": "workspace:11.0.0-alpha.3",
-    "@verdaccio/config": "workspace:6.0.0-6-next.7",
-    "@verdaccio/hooks": "workspace:6.0.0-6-next.5",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.4",
-    "@verdaccio/middleware": "workspace:6.0.0-6-next.10",
-    "@verdaccio/store": "workspace:6.0.0-6-next.11",
-    "@verdaccio/tarball": "workspace:11.0.0-6-next.6",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.5",
+    "@verdaccio/auth": "workspace:6.0.0-6-next.15",
+    "@verdaccio/config": "workspace:6.0.0-6-next.11",
+    "@verdaccio/core": "workspace:6.0.0-6-next.3",
+    "@verdaccio/hooks": "workspace:6.0.0-6-next.9",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.7",
+    "@verdaccio/middleware": "workspace:6.0.0-6-next.15",
+    "@verdaccio/store": "workspace:6.0.0-6-next.16",
+    "@verdaccio/tarball": "workspace:11.0.0-6-next.10",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.9",
+    "abortcontroller-polyfill": "1.7.3",
    "cookies": "0.8.0",
    "debug": "4.3.2",
    "express": "4.17.1",
@@ -56,8 +57,10 @@
    "semver": "7.3.5"
  },
  "devDependencies": {
-    "@verdaccio/server": "workspace:6.0.0-6-next.18",
-    "@verdaccio/types": "workspace:11.0.0-6-next.7",
+    "@types/node": "16.11.6",
+    "@verdaccio/server": "workspace:6.0.0-6-next.23",
+    "@verdaccio/types": "workspace:11.0.0-6-next.9",
+    "@verdaccio/helper": "1.0.0",
    "body-parser": "1.19.0",
    "lodash": "4.17.21",
    "supertest": "6.1.6"
--- a/packages/api/src/dist-tags.ts
+++ b/packages/api/src/dist-tags.ts
@@ -1,15 +1,16 @@
-import mime from 'mime';
-import _ from 'lodash';
 import { Router } from 'express';
+import _ from 'lodash';
+import mime from 'mime';

-import { media, allow } from '@verdaccio/middleware';
-import { API_MESSAGE, HTTP_STATUS, DIST_TAGS, VerdaccioError } from '@verdaccio/commons-api';
-import { Package } from '@verdaccio/types';
-import { IStorageHandler } from '@verdaccio/store';
 import { IAuth } from '@verdaccio/auth';
+import { VerdaccioError, constants } from '@verdaccio/core';
+import { allow, media } from '@verdaccio/middleware';
+import { Storage } from '@verdaccio/store';
+import { Package } from '@verdaccio/types';
+
 import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types/custom';

-export default function (route: Router, auth: IAuth, storage: IStorageHandler): void {
+export default function (route: Router, auth: IAuth, storage: Storage): void {
  const can = allow(auth);
  const tag_package_version = function (
    req: $RequestExtend,
@@ -26,8 +27,8 @@ export default function (route: Router, auth: IAuth, storage: IStorageHandler):
      if (err) {
        return next(err);
      }
-      res.status(HTTP_STATUS.CREATED);
-      return next({ ok: API_MESSAGE.TAG_ADDED });
+      res.status(constants.HTTP_STATUS.CREATED);
+      return next({ ok: constants.API_MESSAGE.TAG_ADDED });
    });
  };

@@ -58,9 +59,9 @@ export default function (route: Router, auth: IAuth, storage: IStorageHandler):
        if (err) {
          return next(err);
        }
-        res.status(HTTP_STATUS.CREATED);
+        res.status(constants.HTTP_STATUS.CREATED);
        return next({
-          ok: API_MESSAGE.TAG_REMOVED,
+          ok: constants.API_MESSAGE.TAG_REMOVED,
        });
      });
    }
@@ -79,7 +80,7 @@ export default function (route: Router, auth: IAuth, storage: IStorageHandler):
            return next(err);
          }

-          next(info[DIST_TAGS]);
+          next(info[constants.DIST_TAGS]);
        },
      });
    }
@@ -96,9 +97,9 @@ export default function (route: Router, auth: IAuth, storage: IStorageHandler):
          if (err) {
            return next(err);
          }
-          res.status(HTTP_STATUS.CREATED);
+          res.status(constants.HTTP_STATUS.CREATED);
          return next({
-            ok: API_MESSAGE.TAG_UPDATED,
+            ok: constants.API_MESSAGE.TAG_UPDATED,
          });
        }
      );
--- a/packages/api/src/index.ts
+++ b/packages/api/src/index.ts
@@ -1,29 +1,35 @@
+import bodyParser from 'body-parser';
 import express, { Router } from 'express';
+import semver from 'semver';
+
+import { IAuth } from '@verdaccio/auth';
 import {
+  antiLoop,
+  encodeScopePackage,
  match,
  validateName,
  validatePackage,
-  encodeScopePackage,
-  antiLoop,
 } from '@verdaccio/middleware';
-import { IAuth } from '@verdaccio/auth';
-import { IStorageHandler } from '@verdaccio/store';
+import { Storage } from '@verdaccio/store';
 import { Config } from '@verdaccio/types';
-import bodyParser from 'body-parser';

-import whoami from './whoami';
-import ping from './ping';
-import user from './user';
 import distTags from './dist-tags';
+import pkg from './package';
+import ping from './ping';
 import publish from './publish';
 import search from './search';
-import pkg from './package';
 import stars from './stars';
+import user from './user';
 import profile from './v1/profile';
-import token from './v1/token';
 import v1Search from './v1/search';
+import token from './v1/token';
+import whoami from './whoami';

-export default function (config: Config, auth: IAuth, storage: IStorageHandler): Router {
+if (semver.lte(process.version, 'v15.0.0')) {
+  global.AbortController = require('abortcontroller-polyfill/dist/cjs-ponyfill').AbortController;
+}
+
+export default function (config: Config, auth: IAuth, storage: Storage): Router {
  /* eslint new-cap:off */
  const app = express.Router();
  /* eslint new-cap:off */
@@ -52,19 +58,15 @@ export default function (config: Config, auth: IAuth, storage: IStorageHandler):
  whoami(app);
  pkg(app, auth, storage, config);
  profile(app, auth);
-  search(app, auth, storage);
+  // @deprecated endpoint, 404 by default
+  search(app);
  user(app, auth, config);
  distTags(app, auth, storage);
  publish(app, auth, storage, config);
  ping(app);
  stars(app, storage);
-
-  if (config?.flags?.search === true) {
-    v1Search(app, auth, storage);
-  }
-
-  if (config?.flags?.token === true) {
-    token(app, auth, storage, config);
-  }
+  // @ts-ignore
+  v1Search(app, auth, storage);
+  token(app, auth, storage, config);
  return app;
 }
--- a/packages/api/src/package.ts
+++ b/packages/api/src/package.ts
@@ -1,15 +1,16 @@
-import _ from 'lodash';
-import { Router } from 'express';
 import buildDebug from 'debug';
+import { Router } from 'express';
+import _ from 'lodash';

-import { allow } from '@verdaccio/middleware';
-import { getVersion, ErrorCode } from '@verdaccio/utils';
-import { HEADERS, DIST_TAGS, API_ERROR } from '@verdaccio/commons-api';
-import { Config, Package } from '@verdaccio/types';
 import { IAuth } from '@verdaccio/auth';
-import { IStorageHandler } from '@verdaccio/store';
+import { API_ERROR, DIST_TAGS, HEADERS, errorUtils } from '@verdaccio/core';
+import { allow } from '@verdaccio/middleware';
+import { Storage } from '@verdaccio/store';
 import { convertDistRemoteToLocalTarballUrls } from '@verdaccio/tarball';
-import { $RequestExtend, $ResponseExtend, $NextFunctionVer } from '../types/custom';
+import { Config, Package } from '@verdaccio/types';
+import { getVersion } from '@verdaccio/utils';
+
+import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types/custom';

 const debug = buildDebug('verdaccio:api:package');

@@ -34,18 +35,13 @@ const downloadStream = (
  stream.pipe(res);
 };

-export default function (
-  route: Router,
-  auth: IAuth,
-  storage: IStorageHandler,
-  config: Config
-): void {
+export default function (route: Router, auth: IAuth, storage: Storage, config: Config): void {
  const can = allow(auth);
  // TODO: anonymous user?
  route.get(
    '/:package/:version?',
    can('access'),
-    function (req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer): void {
+    function (req: $RequestExtend, _res: $ResponseExtend, next: $NextFunctionVer): void {
      debug('init package by version');
      const name = req.params.package;
      const getPackageMetaCallback = function (err, metadata: Package): void {
@@ -54,7 +50,11 @@ export default function (
          return next(err);
        }
        debug('convert dist remote to local with prefix %o', config?.url_prefix);
-        metadata = convertDistRemoteToLocalTarballUrls(metadata, req, config?.url_prefix);
+        metadata = convertDistRemoteToLocalTarballUrls(
+          metadata,
+          { protocol: req.protocol, headers: req.headers as any, host: req.host },
+          config?.url_prefix
+        );

        let queryVersion = req.params.version;
        debug('query by param version: %o', queryVersion);
@@ -85,7 +85,7 @@ export default function (
        }

        debug('package version not found %o', queryVersion);
-        return next(ErrorCode.getNotFound(`${API_ERROR.VERSION_NOT_EXIST}: ${queryVersion}`));
+        return next(errorUtils.getNotFound(`${API_ERROR.VERSION_NOT_EXIST}: ${queryVersion}`));
      };

      debug('get package name %o', name);
--- a/packages/api/src/ping.ts
+++ b/packages/api/src/ping.ts
@@ -1,5 +1,6 @@
 import { Router } from 'express';
-import { $RequestExtend, $ResponseExtend, $NextFunctionVer } from '../types/custom';
+
+import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types/custom';

 export default function (route: Router): void {
  route.get(
--- a/packages/api/src/publish.ts
+++ b/packages/api/src/publish.ts
@@ -1,19 +1,26 @@
-import Path from 'path';
+import buildDebug from 'debug';
+import { Router } from 'express';
 import _ from 'lodash';
 import mime from 'mime';
-import { Router } from 'express';
-import buildDebug from 'debug';
+import Path from 'path';

-import { API_MESSAGE, HEADERS, DIST_TAGS, API_ERROR, HTTP_STATUS } from '@verdaccio/commons-api';
-import { validateMetadata, isObject, ErrorCode, hasDiffOneKey } from '@verdaccio/utils';
-import { media, expectJson, allow } from '@verdaccio/middleware';
-import { notify } from '@verdaccio/hooks';
-import { Config, Callback, MergeTags, Version, Package } from '@verdaccio/types';
-import { logger } from '@verdaccio/logger';
 import { IAuth } from '@verdaccio/auth';
-import { IStorageHandler } from '@verdaccio/store';
-import { $RequestExtend, $ResponseExtend, $NextFunctionVer } from '../types/custom';
+import {
+  API_ERROR,
+  API_MESSAGE,
+  DIST_TAGS,
+  HEADERS,
+  HTTP_STATUS,
+  errorUtils,
+} from '@verdaccio/core';
+import { notify } from '@verdaccio/hooks';
+import { logger } from '@verdaccio/logger';
+import { allow, expectJson, media } from '@verdaccio/middleware';
+import { Storage } from '@verdaccio/store';
+import { Callback, CallbackAction, Config, MergeTags, Package, Version } from '@verdaccio/types';
+import { hasDiffOneKey, isObject, validateMetadata } from '@verdaccio/utils';

+import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types/custom';
 import star from './star';
 import { isPublishablePackage, isRelatedToDeprecation } from './utils';

@@ -22,7 +29,7 @@ const debug = buildDebug('verdaccio:api:publish');
 export default function publish(
  router: Router,
  auth: IAuth,
-  storage: IStorageHandler,
+  storage: Storage,
  config: Config
 ): void {
  const can = allow(auth);
@@ -138,7 +145,7 @@ export default function publish(
 /**
 * Publish a package
 */
-export function publishPackage(storage: IStorageHandler, config: Config, auth: IAuth): any {
+export function publishPackage(storage: Storage, config: Config, auth: IAuth): any {
  const starApi = star(storage);
  return function (req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer): void {
    const packageName = req.params.package;
@@ -172,7 +179,7 @@ export function publishPackage(storage: IStorageHandler, config: Config, auth: I
    /**
     * Add new package version in storage
     */
-    const createVersion = function (version: string, metadata: Version, cb: Callback): void {
+    const createVersion = function (version: string, metadata: Version, cb: CallbackAction): void {
      debug('add a new package version %o to storage %o', version, metadata);
      storage.addVersion(packageName, version, metadata, null, cb);
    };
@@ -180,7 +187,7 @@ export function publishPackage(storage: IStorageHandler, config: Config, auth: I
    /**
     * Add new tags in storage
     */
-    const addTags = function (tags: MergeTags, cb: Callback): void {
+    const addTags = function (tags: MergeTags, cb: CallbackAction): void {
      debug('add new tag %o to storage', packageName);
      storage.mergeTags(packageName, tags, cb);
    };
@@ -224,7 +231,7 @@ export function publishPackage(storage: IStorageHandler, config: Config, auth: I
        // if this happens in normal circumstances, report it as a bug
        debug('invalid body format');
        logger.info({ packageName }, `wrong package format on publish a package @{packageName}`);
-        return next(ErrorCode.getBadRequest(API_ERROR.UNSUPORTED_REGISTRY_CALL));
+        return next(errorUtils.getBadRequest(API_ERROR.UNSUPORTED_REGISTRY_CALL));
      }

      if (error && error.status !== HTTP_STATUS.CONFLICT) {
@@ -322,7 +329,7 @@ export function publishPackage(storage: IStorageHandler, config: Config, auth: I
    } catch (error: any) {
      debug('error on publish, bad package format %o', packageName);
      logger.error({ packageName }, 'error on publish, bad package data for @{packageName}');
-      return next(ErrorCode.getBadData(API_ERROR.BAD_PACKAGE_DATA));
+      return next(errorUtils.getBadData(API_ERROR.BAD_PACKAGE_DATA));
    }
  };
 }
@@ -330,25 +337,27 @@ export function publishPackage(storage: IStorageHandler, config: Config, auth: I
 /**
 * un-publish a package
 */
-export function unPublishPackage(storage: IStorageHandler) {
-  return function (req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer): void {
+export function unPublishPackage(storage: Storage) {
+  return async function (req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer) {
    const packageName = req.params.package;

    logger.debug({ packageName }, `unpublishing @{packageName}`);
-    storage.removePackage(packageName, function (err) {
+    try {
+      await storage.removePackage(packageName);
+    } catch (err) {
      if (err) {
        return next(err);
      }
-      res.status(HTTP_STATUS.CREATED);
-      return next({ ok: API_MESSAGE.PKG_REMOVED });
-    });
+    }
+    res.status(HTTP_STATUS.CREATED);
+    return next({ ok: API_MESSAGE.PKG_REMOVED });
  };
 }

 /**
 * Delete tarball
 */
-export function removeTarball(storage: IStorageHandler) {
+export function removeTarball(storage: Storage) {
  return function (req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer): void {
    const packageName = req.params.package;
    const { filename, revision } = req.params;
@@ -374,7 +383,7 @@ export function removeTarball(storage: IStorageHandler) {
 /**
 * Adds a new version
 */
-export function addVersion(storage: IStorageHandler) {
+export function addVersion(storage: Storage) {
  return function (req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer): void {
    const { version, tag } = req.params;
    const packageName = req.params.package;
@@ -398,7 +407,7 @@ export function addVersion(storage: IStorageHandler) {
 /**
 * uploadPackageTarball
 */
-export function uploadPackageTarball(storage: IStorageHandler) {
+export function uploadPackageTarball(storage: Storage) {
  return function (req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer): void {
    const packageName = req.params.package;
    const stream = storage.addTarball(packageName, req.params.filename);
--- a/packages/api/src/search.ts
+++ b/packages/api/src/search.ts
@@ -1,102 +1,11 @@
-import { HEADERS } from '@verdaccio/commons-api';
+import { HTTP_STATUS } from '@verdaccio/core';
+import { logger } from '@verdaccio/logger';

-export default function (route, auth, storage): void {
-  // searching packages
-  route.get('/-/all(/since)?', function (req, res) {
-    let received_end = false;
-    let response_finished = false;
-    let processing_pkgs = 0;
-    let firstPackage = true;
-
-    res.status(200);
-    res.set(HEADERS.CONTENT_TYPE, HEADERS.JSON_CHARSET);
-
-    /*
-     * Offical NPM registry (registry.npmjs.org) no longer return whole database,
-     * They only return packages matched with keyword in `referer: search pkg-name`,
-     * And NPM client will request server in every search.
-     *
-     * The magic number 99999 was sent by NPM registry. Modify it may caused strange
-     * behaviour in the future.
-     *
-     * BTW: NPM will not return result if user-agent does not contain string 'npm',
-     * See: method 'request' in up-storage.js
-     *
-     * If there is no cache in local, NPM will request /-/all, then get response with
-     * _updated: 99999, 'Date' in response header was Mon, 10 Oct 1983 00:12:48 GMT,
-     * this will make NPM always query from server
-     *
-     * Data structure also different, whel request /-/all, response is an object, but
-     * when request /-/all/since, response is an array
-     */
-    const respShouldBeArray = req.path.endsWith('/since');
-    if (!respShouldBeArray) {
-      res.set('Date', 'Mon, 10 Oct 1983 00:12:48 GMT');
-    }
-    const check_finish = function (): void {
-      if (!received_end) {
-        return;
-      }
-      if (processing_pkgs) {
-        return;
-      }
-      if (response_finished) {
-        return;
-      }
-      response_finished = true;
-      if (respShouldBeArray) {
-        res.end(']\n');
-      } else {
-        res.end('}\n');
-      }
-    };
-
-    if (respShouldBeArray) {
-      res.write('[');
-    } else {
-      res.write('{"_updated":' + 99999);
-    }
-
-    const stream = storage.search(req.query.startkey || 0, { req: req });
-
-    stream.on('data', function each(pkg) {
-      processing_pkgs++;
-
-      auth.allow_access({ packageName: pkg.name }, req.remote_user, function (err, allowed) {
-        processing_pkgs--;
-
-        if (err) {
-          if (err.status && String(err.status).match(/^4\d\d$/)) {
-            // auth plugin returns 4xx user error,
-            // that's equivalent of !allowed basically
-            allowed = false;
-          } else {
-            stream.abort(err);
-          }
-        }
-
-        if (allowed) {
-          if (respShouldBeArray) {
-            res.write(`${firstPackage ? '' : ','}${JSON.stringify(pkg)}\n`);
-            if (firstPackage) {
-              firstPackage = false;
-            }
-          } else {
-            res.write(',\n' + JSON.stringify(pkg.name) + ':' + JSON.stringify(pkg));
-          }
-        }
-
-        check_finish();
-      });
-    });
-
-    stream.on('error', function () {
-      res.socket.destroy();
-    });
-
-    stream.on('end', function () {
-      received_end = true;
-      check_finish();
-    });
+export default function (route): void {
+  // TODO: next major version, remove this
+  route.get('/-/all(/since)?', function (_req, res) {
+    logger.warn('search endpoint has been removed, please use search v1');
+    res.status(HTTP_STATUS.NOT_FOUND);
+    res.json({ error: 'not found, endpoint was removed' });
  });
 }
--- a/packages/api/src/star.ts
+++ b/packages/api/src/star.ts
@@ -1,15 +1,16 @@
-import { USERS, HTTP_STATUS } from '@verdaccio/commons-api';
+import buildDebug from 'debug';
 import { Response } from 'express';
 import _ from 'lodash';
-import buildDebug from 'debug';

-import { IStorageHandler } from '@verdaccio/store';
-import { $RequestExtend, $NextFunctionVer } from '../types/custom';
+import { HTTP_STATUS, USERS } from '@verdaccio/core';
+import { Storage } from '@verdaccio/store';
+
+import { $NextFunctionVer, $RequestExtend } from '../types/custom';

 const debug = buildDebug('verdaccio:api:publish:star');

 export default function (
-  storage: IStorageHandler
+  storage: Storage
 ): (req: $RequestExtend, res: Response, next: $NextFunctionVer) => void {
  const validateInputs = (newUsers, localUsers, username, isStar): boolean => {
    const isExistlocalUsers = _.isNil(localUsers[username]) === false;
@@ -40,6 +41,7 @@ export default function (
    };

    debug('get package info package for %o', name);
+    // @ts-ignore
    storage.getPackage({
      name,
      req,
--- a/packages/api/src/stars.ts
+++ b/packages/api/src/stars.ts
@@ -1,15 +1,15 @@
-import _ from 'lodash';
 import { Response, Router } from 'express';
+import _ from 'lodash';

-import { USERS, HTTP_STATUS } from '@verdaccio/commons-api';
+import { HTTP_STATUS, USERS } from '@verdaccio/core';
+import { Storage } from '@verdaccio/store';
 import { Package } from '@verdaccio/types';

-import { IStorageHandler } from '@verdaccio/store';
-import { $RequestExtend, $NextFunctionVer } from '../types/custom';
+import { $NextFunctionVer, $RequestExtend } from '../types/custom';

 type Packages = Package[];

-export default function (route: Router, storage: IStorageHandler): void {
+export default function (route: Router, storage: Storage): void {
  route.get(
    '/-/_view/starredByUser',
    (req: $RequestExtend, res: Response, next: $NextFunctionVer): void => {
--- a/packages/api/src/user.ts
+++ b/packages/api/src/user.ts
@@ -1,16 +1,16 @@
-import _ from 'lodash';
-import { Response, Router } from 'express';
 import buildDebug from 'debug';
+import { Response, Router } from 'express';
+import _ from 'lodash';

-import { getAuthenticatedMessage, validatePassword, ErrorCode } from '@verdaccio/utils';
 import { getApiToken } from '@verdaccio/auth';
-import { logger } from '@verdaccio/logger';
-import { createRemoteUser } from '@verdaccio/config';
-
-import { Config, RemoteUser } from '@verdaccio/types';
 import { IAuth } from '@verdaccio/auth';
-import { API_ERROR, API_MESSAGE, HTTP_STATUS } from '@verdaccio/commons-api';
-import { $RequestExtend, $NextFunctionVer } from '../types/custom';
+import { createRemoteUser } from '@verdaccio/config';
+import { API_ERROR, API_MESSAGE, HTTP_STATUS, errorUtils } from '@verdaccio/core';
+import { logger } from '@verdaccio/logger';
+import { Config, RemoteUser } from '@verdaccio/types';
+import { getAuthenticatedMessage, validatePassword } from '@verdaccio/utils';
+
+import { $NextFunctionVer, $RequestExtend } from '../types/custom';

 const debug = buildDebug('verdaccio:api:user');

@@ -47,7 +47,7 @@ export default function (route: Router, auth: IAuth, config: Config): void {
                'authenticating for user @{username} failed. Error: @{err.message}'
              );
              return next(
-                ErrorCode.getCode(HTTP_STATUS.UNAUTHORIZED, API_ERROR.BAD_USERNAME_PASSWORD)
+                errorUtils.getCode(HTTP_STATUS.UNAUTHORIZED, API_ERROR.BAD_USERNAME_PASSWORD)
              );
            }

@@ -55,7 +55,7 @@ export default function (route: Router, auth: IAuth, config: Config): void {
            const token = await getApiToken(auth, config, restoredRemoteUser, password);
            debug('login: new token');
            if (!token) {
-              return next(ErrorCode.getUnauthorized());
+              return next(errorUtils.getUnauthorized());
            }

            res.status(HTTP_STATUS.CREATED);
@@ -73,7 +73,7 @@ export default function (route: Router, auth: IAuth, config: Config): void {
        if (validatePassword(password) === false) {
          debug('adduser: invalid password');
          // eslint-disable-next-line new-cap
-          return next(ErrorCode.getCode(HTTP_STATUS.BAD_REQUEST, API_ERROR.PASSWORD_SHORT()));
+          return next(errorUtils.getCode(HTTP_STATUS.BAD_REQUEST, API_ERROR.PASSWORD_SHORT()));
        }

        auth.add_user(name, password, async function (err, user): Promise<void> {
@@ -84,7 +84,7 @@ export default function (route: Router, auth: IAuth, config: Config): void {
              // and npm accepts only an 409 error.
              // So, changing status code here.
              return next(
-                ErrorCode.getCode(err.status, err.message) || ErrorCode.getConflict(err.message)
+                errorUtils.getCode(err.status, err.message) || errorUtils.getConflict(err.message)
              );
            }
            return next(err);
@@ -94,7 +94,7 @@ export default function (route: Router, auth: IAuth, config: Config): void {
            name && password ? await getApiToken(auth, config, user, password) : undefined;
          debug('adduser: new token %o', token);
          if (!token) {
-            return next(ErrorCode.getUnauthorized());
+            return next(errorUtils.getUnauthorized());
          }

          req.remote_user = user;
--- a/packages/api/src/utils.ts
+++ b/packages/api/src/utils.ts
@@ -1,6 +1,7 @@
-import { Package } from '@verdaccio/types';
 import _ from 'lodash';

+import { Package } from '@verdaccio/types';
+
 /**
 * Check whether the package metadta has enough data to be published
 * @param pkg metadata
--- a/packages/api/src/v1/profile.ts
+++ b/packages/api/src/v1/profile.ts
@@ -1,10 +1,11 @@
-import _ from 'lodash';
 import { Response, Router } from 'express';
+import _ from 'lodash';

-import { API_ERROR, APP_ERROR, HTTP_STATUS, SUPPORT_ERRORS } from '@verdaccio/commons-api';
-import { ErrorCode, validatePassword } from '@verdaccio/utils';
 import { IAuth } from '@verdaccio/auth';
-import { $RequestExtend, $NextFunctionVer } from '../../types/custom';
+import { API_ERROR, APP_ERROR, HTTP_STATUS, SUPPORT_ERRORS, errorUtils } from '@verdaccio/core';
+import { validatePassword } from '@verdaccio/utils';
+
+import { $NextFunctionVer, $RequestExtend } from '../../types/custom';

 export interface Profile {
  tfa: boolean;
@@ -61,7 +62,7 @@ export default function (route: Router, auth: IAuth): void {
      if (_.isNil(password) === false) {
        if (validatePassword(password.new) === false) {
          /* eslint new-cap:off */
-          return next(ErrorCode.getCode(HTTP_STATUS.UNAUTHORIZED, API_ERROR.PASSWORD_SHORT()));
+          return next(errorUtils.getCode(HTTP_STATUS.UNAUTHORIZED, API_ERROR.PASSWORD_SHORT()));
          /* eslint new-cap:off */
        }

@@ -72,22 +73,22 @@ export default function (route: Router, auth: IAuth): void {
          (err, isUpdated): $NextFunctionVer => {
            if (_.isNull(err) === false) {
              return next(
-                ErrorCode.getCode(err.status, err.message) || ErrorCode.getConflict(err.message)
+                errorUtils.getCode(err.status, err.message) || errorUtils.getConflict(err.message)
              );
            }

            if (isUpdated) {
              return next(buildProfile(req.remote_user.name));
            }
-            return next(ErrorCode.getInternalError(API_ERROR.INTERNAL_SERVER_ERROR));
+            return next(errorUtils.getInternalError(API_ERROR.INTERNAL_SERVER_ERROR));
          }
        );
      } else if (_.isNil(tfa) === false) {
        return next(
-          ErrorCode.getCode(HTTP_STATUS.SERVICE_UNAVAILABLE, SUPPORT_ERRORS.TFA_DISABLED)
+          errorUtils.getCode(HTTP_STATUS.SERVICE_UNAVAILABLE, SUPPORT_ERRORS.TFA_DISABLED)
        );
      } else {
-        return next(ErrorCode.getCode(HTTP_STATUS.INTERNAL_ERROR, APP_ERROR.PROFILE_ERROR));
+        return next(errorUtils.getCode(HTTP_STATUS.INTERNAL_ERROR, APP_ERROR.PROFILE_ERROR));
      }
    }
  );
--- a/packages/api/src/v1/search.ts
+++ b/packages/api/src/v1/search.ts
@@ -1,106 +1,82 @@
-import semver from 'semver';
+import buildDebug from 'debug';
+import _ from 'lodash';
+
+import { IAuth } from '@verdaccio/auth';
+import { HTTP_STATUS, searchUtils } from '@verdaccio/core';
+import { logger } from '@verdaccio/logger';
+import { Storage } from '@verdaccio/store';
 import { Package } from '@verdaccio/types';

-function compileTextSearch(textSearch: string): (pkg: Package) => boolean {
-  const personMatch = (person, search) => {
-    if (typeof person === 'string') {
-      return person.includes(search);
-    }
+const debug = buildDebug('verdaccio:api:search');

-    if (typeof person === 'object') {
-      for (const field of Object.values(person)) {
-        if (typeof field === 'string' && field.includes(search)) {
-          return true;
+/**
+ * Endpoint for npm search v1
+ * Empty value
+ *  - {"objects":[],"total":0,"time":"Sun Jul 25 2021 14:09:11 GMT+0000 (Coordinated Universal Time)"}
+ * req: 'GET /-/v1/search?text=react&size=20&frpom=0&quality=0.65&popularity=0.98&maintenance=0.5'
+ */
+export default function (route, auth: IAuth, storage: Storage): void {
+  function checkAccess(pkg: any, auth: any, remoteUser): Promise<Package | null> {
+    return new Promise((resolve, reject) => {
+      auth.allow_access({ packageName: pkg?.package?.name }, remoteUser, function (err, allowed) {
+        if (err) {
+          if (err.status && String(err.status).match(/^4\d\d$/)) {
+            // auth plugin returns 4xx user error,
+            // that's equivalent of !allowed basically
+            allowed = false;
+            return resolve(null);
+          } else {
+            reject(err);
+          }
+        } else {
+          return resolve(allowed ? pkg : null);
        }
-      }
-    }
-
-    return false;
-  };
-  const matcher = function (q) {
-    const match = q.match(/author:(.*)/);
-    if (match !== null) {
-      return (pkg) => personMatch(pkg.author, match[1]);
-    }
-
-    // TODO: maintainer, keywords, not/is unstable insecure, boost-exact
-    // TODO implement some scoring system for freetext
-    return (pkg) => {
-      return ['name', 'displayName', 'description']
-        .map((k) => pkg[k])
-        .filter((x) => x !== undefined)
-        .some((txt) => txt.includes(q));
-    };
-  };
-
-  const textMatchers = (textSearch || '').split(' ').map(matcher);
-  return (pkg) => textMatchers.every((m) => m(pkg));
-}
-
-export default function (route, auth, storage): void {
-  route.get('/-/v1/search', (req, res) => {
-    // TODO: implement proper result scoring weighted by quality, popularity and
-    // maintenance query parameters
-    let [text, size, from] = [
-      'text',
-      'size',
-      'from' /* , 'quality', 'popularity', 'maintenance' */,
-    ].map((k) => req.query[k]);
-
-    size = parseInt(size) || 20;
-    from = parseInt(from) || 0;
-
-    const isInteresting = compileTextSearch(text);
-
-    const resultStream = storage.search(0, { req: { query: { local: true } } });
-    const resultBuf = [] as any;
-    let completed = false;
-
-    const sendResponse = (): void => {
-      completed = true;
-      resultStream.destroy();
-
-      const final = resultBuf.slice(from, size).map((pkg) => {
-        return {
-          package: pkg,
-          flags: {
-            unstable: Object.keys(pkg.versions).some((v) => semver.satisfies(v, '^1.0.0'))
-              ? undefined
-              : true,
-          },
-          score: {
-            final: 1,
-            detail: {
-              quality: 1,
-              popularity: 1,
-              maintenance: 0,
-            },
-          },
-          searchScore: 100000,
-        };
      });
-      const response = {
+    });
+  }
+
+  route.get('/-/v1/search', async (req, res, next) => {
+    const { query, url } = req;
+    let [size, from] = ['size', 'from'].map((k) => query[k]);
+    let data;
+    const abort = new AbortController();
+
+    req.on('aborted', () => {
+      abort.abort();
+    });
+
+    size = parseInt(size, 10) || 20;
+    from = parseInt(from, 10) || 0;
+
+    try {
+      data = await storage.searchManager?.search({
+        query,
+        url,
+        abort,
+      });
+      debug('stream finish');
+      const checkAccessPromises: searchUtils.SearchItemPkg[] = await Promise.all(
+        data.map((pkgItem) => {
+          return checkAccess(pkgItem, auth, req.remote_user);
+        })
+      );
+
+      const final: searchUtils.SearchItemPkg[] = checkAccessPromises
+        .filter((i) => !_.isNull(i))
+        .slice(from, size);
+      logger.debug(`search results ${final?.length}`);
+
+      const response: searchUtils.SearchResults = {
        objects: final,
        total: final.length,
        time: new Date().toUTCString(),
      };

-      res.status(200).json(response);
-    };
-
-    resultStream.on('data', (pkg) => {
-      if (!isInteresting(pkg)) {
-        return;
-      }
-      resultBuf.push(pkg);
-      if (!completed && resultBuf.length >= size + from) {
-        sendResponse();
-      }
-    });
-    resultStream.on('end', () => {
-      if (!completed) {
-        sendResponse();
-      }
-    });
+      res.status(HTTP_STATUS.OK).json(response);
+    } catch (error) {
+      logger.error({ error }, 'search endpoint has failed @{error.message}');
+      next(next);
+      return;
+    }
  });
 }
--- a/packages/api/src/v1/token.ts
+++ b/packages/api/src/v1/token.ts
@@ -1,14 +1,15 @@
-import _ from 'lodash';
-import { HTTP_STATUS, SUPPORT_ERRORS, getInternalError } from '@verdaccio/commons-api';
-import { ErrorCode, stringToMD5, mask } from '@verdaccio/utils';
-import { getApiToken } from '@verdaccio/auth';
-import { logger } from '@verdaccio/logger';
 import { Response, Router } from 'express';
+import _ from 'lodash';

-import { Config, RemoteUser, Token } from '@verdaccio/types';
+import { getApiToken } from '@verdaccio/auth';
 import { IAuth } from '@verdaccio/auth';
-import { IStorageHandler } from '@verdaccio/store';
-import { $RequestExtend, $NextFunctionVer } from '../../types/custom';
+import { HTTP_STATUS, SUPPORT_ERRORS, errorUtils } from '@verdaccio/core';
+import { logger } from '@verdaccio/logger';
+import { Storage } from '@verdaccio/store';
+import { Config, RemoteUser, Token } from '@verdaccio/types';
+import { mask, stringToMD5 } from '@verdaccio/utils';
+
+import { $NextFunctionVer, $RequestExtend } from '../../types/custom';

 export type NormalizeToken = Token & {
  created: string;
@@ -22,12 +23,7 @@ function normalizeToken(token: Token): NormalizeToken {
 }

 // https://github.com/npm/npm-profile/blob/latest/lib/index.js
-export default function (
-  route: Router,
-  auth: IAuth,
-  storage: IStorageHandler,
-  config: Config
-): void {
+export default function (route: Router, auth: IAuth, storage: Storage, config: Config): void {
  route.get(
    '/-/npm/v1/tokens',
    async function (req: $RequestExtend, res: Response, next: $NextFunctionVer) {
@@ -48,10 +44,10 @@ export default function (
          });
        } catch (error: any) {
          logger.error({ error: error.msg }, 'token list has failed: @{error}');
-          return next(ErrorCode.getCode(HTTP_STATUS.INTERNAL_ERROR, error.message));
+          return next(errorUtils.getCode(HTTP_STATUS.INTERNAL_ERROR, error.message));
        }
      }
-      return next(ErrorCode.getUnauthorized());
+      return next(errorUtils.getUnauthorized());
    }
  );

@@ -62,27 +58,27 @@ export default function (
      const { name } = req.remote_user;

      if (!_.isBoolean(readonly) || !_.isArray(cidr_whitelist)) {
-        return next(ErrorCode.getCode(HTTP_STATUS.BAD_DATA, SUPPORT_ERRORS.PARAMETERS_NOT_VALID));
+        return next(errorUtils.getCode(HTTP_STATUS.BAD_DATA, SUPPORT_ERRORS.PARAMETERS_NOT_VALID));
      }

      auth.authenticate(name, password, async (err, user: RemoteUser) => {
        if (err) {
          const errorCode = err.message ? HTTP_STATUS.UNAUTHORIZED : HTTP_STATUS.INTERNAL_ERROR;
-          return next(ErrorCode.getCode(errorCode, err.message));
+          return next(errorUtils.getCode(errorCode, err.message));
        }

        req.remote_user = user;

        if (!_.isFunction(storage.saveToken)) {
          return next(
-            ErrorCode.getCode(HTTP_STATUS.NOT_IMPLEMENTED, SUPPORT_ERRORS.STORAGE_NOT_IMPLEMENT)
+            errorUtils.getCode(HTTP_STATUS.NOT_IMPLEMENTED, SUPPORT_ERRORS.STORAGE_NOT_IMPLEMENT)
          );
        }

        try {
          const token = await getApiToken(auth, config, user, password);
          if (!token) {
-            throw getInternalError();
+            throw errorUtils.getInternalError();
          }

          const key = stringToMD5(token);
@@ -118,7 +114,7 @@ export default function (
          );
        } catch (error: any) {
          logger.error({ error: error.msg }, 'token creation has failed: @{error}');
-          return next(ErrorCode.getCode(HTTP_STATUS.INTERNAL_ERROR, error.message));
+          return next(errorUtils.getInternalError(error.message));
        }
      });
    }
@@ -140,10 +136,10 @@ export default function (
          return next({});
        } catch (error: any) {
          logger.error({ error: error.msg }, 'token creation has failed: @{error}');
-          return next(ErrorCode.getCode(HTTP_STATUS.INTERNAL_ERROR, error.message));
+          return next(errorUtils.getCode(HTTP_STATUS.INTERNAL_ERROR, error.message));
        }
      }
-      return next(ErrorCode.getUnauthorized());
+      return next(errorUtils.getUnauthorized());
    }
  );
 }
--- a/packages/api/src/whoami.ts
+++ b/packages/api/src/whoami.ts
@@ -1,7 +1,7 @@
-import { Response, Router } from 'express';
 import buildDebug from 'debug';
-import { $RequestExtend, $NextFunctionVer } from '../types/custom';
-// import { getUnauthorized } from '@verdaccio/commons-api';
+import { Response, Router } from 'express';
+
+import { $NextFunctionVer, $RequestExtend } from '../types/custom';

 const debug = buildDebug('verdaccio:api:user');

--- a/packages/api/test/integration/_helper.ts
+++ b/packages/api/test/integration/_helper.ts
@@ -1,13 +1,15 @@
-import path from 'path';
-import express, { Application } from 'express';
-import supertest from 'supertest';
 import bodyParser from 'body-parser';
+import express, { Application } from 'express';
+import path from 'path';
+import supertest from 'supertest';

-import { Config, parseConfigFile } from '@verdaccio/config';
-import { Storage } from '@verdaccio/store';
-import { final, handleError, errorReportingMiddleware } from '@verdaccio/middleware';
 import { Auth, IAuth } from '@verdaccio/auth';
-import { HEADERS, HEADER_TYPE, HTTP_STATUS, generatePackageMetadata } from '@verdaccio/commons-api';
+import { Config, parseConfigFile } from '@verdaccio/config';
+import { HEADERS, HEADER_TYPE, HTTP_STATUS } from '@verdaccio/core';
+import { generatePackageMetadata } from '@verdaccio/helper';
+import { errorReportingMiddleware, final, handleError } from '@verdaccio/middleware';
+import { Storage } from '@verdaccio/store';
+
 import apiEndpoints from '../../src';

 const getConf = (conf) => {
@@ -42,7 +44,7 @@ export async function initializeServer(configName): Promise<Application> {
  return app;
 }

-export function publishVersion(app, configFile, pkgName, version): supertest.Test {
+export function publishVersion(app, _configFile, pkgName, version): supertest.Test {
  const pkgMetadata = generatePackageMetadata(pkgName, version);

  return supertest(app)
--- a/packages/api/test/integration/package.spec.ts
+++ b/packages/api/test/integration/package.spec.ts
@@ -1,7 +1,8 @@
 import supertest from 'supertest';

-import { HEADER_TYPE, HEADERS, HTTP_STATUS } from '@verdaccio/commons-api';
-import { $ResponseExtend, $RequestExtend } from '../../types/custom';
+import { HEADERS, HEADER_TYPE, HTTP_STATUS } from '@verdaccio/core';
+
+import { $RequestExtend, $ResponseExtend } from '../../types/custom';
 import { initializeServer, publishTaggedVersion, publishVersion } from './_helper';

 const mockApiJWTmiddleware = jest.fn(
@@ -64,7 +65,7 @@ describe('package', () => {
    });
  });

-  // TODO: investigate the 404
+  // FIXME: investigate the 404
  test.skip('should return a package by dist-tag', async (done) => {
    // await publishVersion(app, 'package.yaml', 'foo3', '1.0.0');
    await publishVersion(app, 'package.yaml', 'foo-tagged', '1.0.0');
@@ -80,7 +81,7 @@ describe('package', () => {
      });
  });

-  test.skip('should return 404', async () => {
+  test('should return 404', async () => {
    return supertest(app)
      .get('/404-not-found')
      .set('Accept', HEADERS.JSON)
--- a/packages/api/test/integration/ping.spec.ts
+++ b/packages/api/test/integration/ping.spec.ts
@@ -1,6 +1,7 @@
 import supertest from 'supertest';

-import { HEADER_TYPE, HEADERS, HTTP_STATUS } from '@verdaccio/commons-api';
+import { HEADERS, HEADER_TYPE, HTTP_STATUS } from '@verdaccio/core';
+
 import { initializeServer } from './_helper';

 describe('ping', () => {
--- a/packages/api/test/integration/publish.spec.ts
+++ b/packages/api/test/integration/publish.spec.ts
@@ -1,13 +1,10 @@
-import { HTTP_STATUS } from '@verdaccio/commons-api';
 import supertest from 'supertest';
-import {
-  API_ERROR,
-  API_MESSAGE,
-  generatePackageMetadata,
-  HEADER_TYPE,
-  HEADERS,
-} from '@verdaccio/commons-api';
-import { $ResponseExtend, $RequestExtend } from '../../types/custom';
+
+import { HTTP_STATUS } from '@verdaccio/core';
+import { API_ERROR, API_MESSAGE, HEADERS, HEADER_TYPE } from '@verdaccio/core';
+import { generatePackageMetadata } from '@verdaccio/helper';
+
+import { $RequestExtend, $ResponseExtend } from '../../types/custom';
 import { initializeServer, publishVersion } from './_helper';

 const mockApiJWTmiddleware = jest.fn(
--- a/packages/api/test/integration/user.spec.ts
+++ b/packages/api/test/integration/user.spec.ts
@@ -1,16 +1,14 @@
-import supertest from 'supertest';
 import _ from 'lodash';
+import supertest from 'supertest';

 import {
-  getBadRequest,
-  getConflict,
-  getUnauthorized,
+  API_ERROR,
+  API_MESSAGE,
  HEADERS,
  HEADER_TYPE,
-  API_MESSAGE,
  HTTP_STATUS,
-  API_ERROR,
-} from '@verdaccio/commons-api';
+  errorUtils,
+} from '@verdaccio/core';

 import { $RequestExtend, $ResponseExtend } from '../../types/custom';
 import { initializeServer } from './_helper';
@@ -28,7 +26,7 @@ const mockAuthenticate = jest.fn(() => (_name, _password, callback): void => {
 });

 const mockAddUser = jest.fn(() => (_name, _password, callback): void => {
-  return callback(getConflict(API_ERROR.USERNAME_ALREADY_REGISTERED));
+  return callback(errorUtils.getConflict(API_ERROR.USERNAME_ALREADY_REGISTERED));
 });

 jest.mock('@verdaccio/auth', () => ({
@@ -143,7 +141,7 @@ describe('user', () => {
        }
    );
    mockAddUser.mockImplementationOnce(() => (_name, _password, callback): void => {
-      return callback(getBadRequest(API_ERROR.USERNAME_PASSWORD_REQUIRED));
+      return callback(errorUtils.getBadRequest(API_ERROR.USERNAME_PASSWORD_REQUIRED));
    });
    const credentialsShort = _.cloneDeep(credentials);
    delete credentialsShort.name;
@@ -208,7 +206,7 @@ describe('user', () => {
        }
    );
    mockAuthenticate.mockImplementationOnce(() => (_name, _password, callback): void => {
-      return callback(getUnauthorized(API_ERROR.BAD_USERNAME_PASSWORD));
+      return callback(errorUtils.getUnauthorized(API_ERROR.BAD_USERNAME_PASSWORD));
    });
    const credentialsShort = _.cloneDeep(credentials);
    credentialsShort.password = 'failPassword';
@@ -240,7 +238,7 @@ describe('user', () => {
        }
    );
    mockAuthenticate.mockImplementationOnce(() => (_name, _password, callback): void => {
-      return callback(getUnauthorized(API_ERROR.BAD_USERNAME_PASSWORD));
+      return callback(errorUtils.getUnauthorized(API_ERROR.BAD_USERNAME_PASSWORD));
    });
    const credentialsShort = _.cloneDeep(credentials);
    credentialsShort.password = 'failPassword';
--- a/packages/api/test/integration/whoami.spec.ts
+++ b/packages/api/test/integration/whoami.spec.ts
@@ -1,6 +1,6 @@
 import supertest from 'supertest';

-import { HEADERS, HTTP_STATUS } from '@verdaccio/commons-api';
+import { HEADERS, HTTP_STATUS } from '@verdaccio/core';

 import { $RequestExtend, $ResponseExtend } from '../../types/custom';
 import { initializeServer } from './_helper';
--- a/packages/api/test/unit/publish.spec.ts
+++ b/packages/api/test/unit/publish.spec.ts
@@ -1,10 +1,11 @@
-import { HTTP_STATUS, API_ERROR } from '@verdaccio/commons-api';
+import { API_ERROR, HTTP_STATUS, errorUtils } from '@verdaccio/core';
+
 import {
  addVersion,
-  uploadPackageTarball,
+  publishPackage,
  removeTarball,
  unPublishPackage,
-  publishPackage,
+  uploadPackageTarball,
 } from '../../src/publish';

 const REVISION_MOCK = '15-e53a77096b0ee33e';
@@ -183,35 +184,31 @@ describe('Publish endpoints - un-publish package', () => {
    next = jest.fn();
  });

-  test('should un-publish package successfully', (done) => {
+  test('should un-publish package successfully', async () => {
    const storage = {
-      removePackage(packageName, cb) {
+      removePackage(packageName) {
        expect(packageName).toEqual(req.params.package);
-        cb();
-        done();
+        return Promise.resolve();
      },
    };

    // @ts-ignore
-    unPublishPackage(storage)(req, res, next);
+    await unPublishPackage(storage)(req, res, next);
    expect(res.status).toHaveBeenCalledWith(HTTP_STATUS.CREATED);
    expect(next).toHaveBeenCalledWith({ ok: 'package removed' });
  });

-  test('un-publish failed', (done) => {
-    const error = {
-      message: 'un-publish failed',
-    };
+  test('un-publish failed', async () => {
    const storage = {
-      removePackage(packageName, cb) {
-        cb(error);
-        done();
+      removePackage(packageName) {
+        expect(packageName).toEqual(req.params.package);
+        return Promise.reject(errorUtils.getInternalError());
      },
    };

    // @ts-ignore
-    unPublishPackage(storage)(req, res, next);
-    expect(next).toHaveBeenCalledWith(error);
+    await unPublishPackage(storage)(req, res, next);
+    expect(next).toHaveBeenCalledWith(errorUtils.getInternalError());
  });
 });

--- a/packages/api/test/unit/validate.api.params.middleware.spec.ts
+++ b/packages/api/test/unit/validate.api.params.middleware.spec.ts
@@ -1,7 +1,7 @@
 /* eslint-disable curly */
 // ensure that all arguments are validated
-import path from 'path';
 import fs from 'fs';
+import path from 'path';

 /**
 * Validate.
--- a/packages/api/tsconfig.json
+++ b/packages/api/tsconfig.json
@@ -14,7 +14,7 @@
      "path": "../config"
    },
    {
-      "path": "../core/commons-api"
+      "path": "../core/core"
    },
    {
      "path": "../core/tarball"
--- a/packages/api/types/custom.d.ts
+++ b/packages/api/types/custom.d.ts
@@ -1,6 +1,7 @@
-import { Logger, RemoteUser } from '@verdaccio/types';
 import { NextFunction, Request, Response } from 'express';

+import { Logger, RemoteUser } from '@verdaccio/types';
+
 export type $RequestExtend = Request & { remote_user?: any; log: Logger };
 export type $ResponseExtend = Response & { cookies?: any };
 export type $NextFunctionVer = NextFunction & any;
--- a/packages/auth/CHANGELOG.md
+++ b/packages/auth/CHANGELOG.md
@@ -1,5 +1,108 @@
 # @verdaccio/auth

+## 6.0.0-6-next.15
+
+### Minor Changes
+
+- 20c9e43e: dist tags Implementation on Fastify
+
+### Patch Changes
+
+- Updated dependencies [f86c31ed]
+  - @verdaccio/utils@6.0.0-6-next.9
+  - @verdaccio/config@6.0.0-6-next.11
+  - @verdaccio/loaders@6.0.0-6-next.7
+
+## 6.0.0-6-next.14
+
+### Patch Changes
+
+- Updated dependencies [6c1eb021]
+  - @verdaccio/core@6.0.0-6-next.3
+  - @verdaccio/logger@6.0.0-6-next.7
+  - @verdaccio/config@6.0.0-6-next.10
+  - @verdaccio/loaders@6.0.0-6-next.7
+  - verdaccio-htpasswd@11.0.0-6-next.10
+  - @verdaccio/utils@6.0.0-6-next.8
+
+## 6.0.0-6-next.13
+
+### Major Changes
+
+- 794af76c: Remove Node 12 support
+
+  - We need move to the new `undici` and does not support Node.js 12
+
+### Minor Changes
+
+- 154b2ecd: refactor: remove @verdaccio/commons-api in favor @verdaccio/core and remove duplications
+
+### Patch Changes
+
+- Updated dependencies [794af76c]
+- Updated dependencies [154b2ecd]
+  - @verdaccio/config@6.0.0-6-next.9
+  - @verdaccio/core@6.0.0-6-next.2
+  - verdaccio-htpasswd@11.0.0-6-next.9
+  - @verdaccio/loaders@6.0.0-6-next.6
+  - @verdaccio/logger@6.0.0-6-next.6
+  - @verdaccio/utils@6.0.0-6-next.7
+
+## 6.0.0-6-next.12
+
+### Patch Changes
+
+- Updated dependencies [2c594910]
+  - @verdaccio/logger@6.0.0-6-next.5
+  - @verdaccio/loaders@6.0.0-6-next.5
+
+## 6.0.0-6-next.11
+
+### Major Changes
+
+- 459b6fa7: refactor: search v1 endpoint and local-database
+
+  - refactor search `api v1` endpoint, improve performance
+  - remove usage of `async` dependency https://github.com/verdaccio/verdaccio/issues/1225
+  - refactor method storage class
+  - create new module `core` to reduce the ammount of modules with utilities
+  - use `undici` instead `node-fetch`
+  - use `fastify` instead `express` for functional test
+
+  ### Breaking changes
+
+  - plugin storage API changes
+  - remove old search endpoint (return 404)
+  - filter local private packages at plugin level
+
+  The storage api changes for methods `get`, `add`, `remove` as promise base. The `search` methods also changes and recieves a `query` object that contains all query params from the client.
+
+  ```ts
+  export interface IPluginStorage<T> extends IPlugin {
+    add(name: string): Promise<void>;
+    remove(name: string): Promise<void>;
+    get(): Promise<any>;
+    init(): Promise<void>;
+    getSecret(): Promise<string>;
+    setSecret(secret: string): Promise<any>;
+    getPackageStorage(packageInfo: string): IPackageStorage;
+    search(query: searchUtils.SearchQuery): Promise<searchUtils.SearchItem[]>;
+    saveToken(token: Token): Promise<any>;
+    deleteToken(user: string, tokenKey: string): Promise<any>;
+    readTokens(filter: TokenFilter): Promise<Token[]>;
+  }
+  ```
+
+### Patch Changes
+
+- Updated dependencies [459b6fa7]
+  - @verdaccio/config@6.0.0-6-next.8
+  - @verdaccio/commons-api@11.0.0-6-next.4
+  - @verdaccio/utils@6.0.0-6-next.6
+  - @verdaccio/loaders@6.0.0-6-next.4
+  - verdaccio-htpasswd@11.0.0-6-next.8
+  - @verdaccio/logger@6.0.0-6-next.4
+
 ## 6.0.0-6-next.10

 ### Patch Changes
--- a/packages/auth/package.json
+++ b/packages/auth/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@verdaccio/auth",
-  "version": "6.0.0-6-next.10",
+  "version": "6.0.0-6-next.15",
  "description": "logger",
  "main": "./build/index.js",
  "types": "build/index.d.ts",
@@ -25,7 +25,7 @@
    "verdaccio"
  ],
  "engines": {
-    "node": ">=10",
+    "node": ">=14",
    "npm": ">=6"
  },
  "scripts": {
@@ -39,20 +39,20 @@
  },
  "license": "MIT",
  "dependencies": {
-    "@verdaccio/commons-api": "workspace:11.0.0-alpha.3",
-    "@verdaccio/config": "workspace:6.0.0-6-next.7",
-    "@verdaccio/loaders": "workspace:6.0.0-6-next.4",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.4",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.5",
+    "@verdaccio/core": "workspace:6.0.0-6-next.3",
+    "@verdaccio/config": "workspace:6.0.0-6-next.11",
+    "@verdaccio/loaders": "workspace:6.0.0-6-next.7",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.7",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.9",
    "debug": "4.3.2",
    "express": "4.17.1",
    "jsonwebtoken": "8.5.1",
    "lodash": "4.17.21",
-    "verdaccio-htpasswd": "workspace:11.0.0-6-next.7"
+    "verdaccio-htpasswd": "workspace:11.0.0-6-next.10"
  },
  "devDependencies": {
-    "@verdaccio/mock": "workspace:6.0.0-6-next.8",
-    "@verdaccio/types": "workspace:11.0.0-6-next.7"
+    "@verdaccio/mock": "workspace:6.0.0-6-next.12",
+    "@verdaccio/types": "workspace:11.0.0-6-next.9"
  },
  "funding": {
    "type": "opencollective",
--- a/packages/auth/src/auth.ts
+++ b/packages/auth/src/auth.ts
@@ -1,54 +1,45 @@
-import _ from 'lodash';
-import { NextFunction, Request, Response } from 'express';
 import buildDebug from 'debug';
+import { NextFunction, Request, Response } from 'express';
+import _ from 'lodash';
+import { HTPasswd, HTPasswdConfig } from 'verdaccio-htpasswd';

+import { createAnonymousRemoteUser, createRemoteUser } from '@verdaccio/config';
 import {
  API_ERROR,
  SUPPORT_ERRORS,
  TOKEN_BASIC,
  TOKEN_BEARER,
  VerdaccioError,
-  getBadRequest,
-  getInternalError,
-  getForbidden,
-} from '@verdaccio/commons-api';
+  errorUtils,
+} from '@verdaccio/core';
 import { loadPlugin } from '@verdaccio/loaders';
-import { HTPasswd, HTPasswdConfig } from 'verdaccio-htpasswd';
-
 import {
-  Config,
-  Logger,
-  Callback,
-  IPluginAuth,
-  RemoteUser,
-  JWTSignOptions,
-  Security,
-  AuthPluginPackage,
  AllowAccess,
+  AuthPluginPackage,
+  Callback,
+  Config,
+  IPluginAuth,
+  JWTSignOptions,
+  Logger,
  PackageAccess,
  PluginOptions,
+  RemoteUser,
+  Security,
 } from '@verdaccio/types';
-
-import { isNil, isFunction } from '@verdaccio/utils';
-import {
-  getMatchedPackagesSpec,
-  createAnonymousRemoteUser,
-  createRemoteUser,
-} from '@verdaccio/config';
-
-import {
-  getMiddlewareCredentials,
-  getDefaultPlugins,
-  verifyJWTPayload,
-  parseAuthTokenHeader,
-  isAuthHeaderValid,
-  isAESLegacy,
-  convertPayloadToBase64,
-} from './utils';
+import { getMatchedPackagesSpec, isFunction, isNil } from '@verdaccio/utils';

 import { signPayload } from './jwt-token';
 import { aesEncrypt } from './legacy-token';
 import { parseBasicPayload } from './token';
+import {
+  convertPayloadToBase64,
+  getDefaultPlugins,
+  getMiddlewareCredentials,
+  isAESLegacy,
+  isAuthHeaderValid,
+  parseAuthTokenHeader,
+  verifyJWTPayload,
+} from './utils';

 /* eslint-disable @typescript-eslint/no-var-requires */
 const LoggerApi = require('@verdaccio/logger');
@@ -58,6 +49,7 @@ const debug = buildDebug('verdaccio:auth');
 export interface IBasicAuth<T> {
  config: T & Config;
  authenticate(user: string, password: string, cb: Callback): void;
+  invalidateToken?(token: string): Promise<void>;
  changePassword(user: string, password: string, newPassword: string, cb: Callback): void;
  allow_access(pkg: AuthPluginPackage, user: RemoteUser, callback: Callback): void;
  add_user(user: string, password: string, cb: Callback): any;
@@ -89,6 +81,7 @@ export interface IAuth extends IBasicAuth<Config>, IAuthMiddleware, TokenEncrypt
  // eslint-disable-next-line @typescript-eslint/no-explicit-any
  plugins: any[];
  allow_unpublish(pkg: AuthPluginPackage, user: RemoteUser, callback: Callback): void;
+  invalidateToken(token: string): Promise<void>;
 }

 class Auth implements IAuth {
@@ -101,6 +94,9 @@ class Auth implements IAuth {
    this.config = config;
    this.logger = LoggerApi.logger.child({ sub: 'auth' });
    this.secret = config.secret;
+    if (!this.secret) {
+      throw new TypeError('secret it is required value on initialize the auth class');
+    }

    this.plugins =
      _.isNil(config?.auth) === false ? this._loadPlugin(config) : this.loadDefaultPlugin(config);
@@ -157,7 +153,7 @@ class Auth implements IAuth {
    const validPlugins = _.filter(this.plugins, (plugin) => isFunction(plugin.changePassword));

    if (_.isEmpty(validPlugins)) {
-      return cb(getInternalError(SUPPORT_ERRORS.PLUGIN_MISSING_INTERFACE));
+      return cb(errorUtils.getInternalError(SUPPORT_ERRORS.PLUGIN_MISSING_INTERFACE));
    }

    for (const plugin of validPlugins) {
@@ -183,6 +179,12 @@ class Auth implements IAuth {
    }
  }

+  public async invalidateToken(token: string) {
+    // eslint-disable-next-line no-console
+    console.log('invalidate token pending to implement', token);
+    return Promise.resolve();
+  }
+
  public authenticate(username: string, password: string, cb: Callback): void {
    const plugins = this.plugins.slice(0);
    (function next(): void {
@@ -414,22 +416,24 @@ class Auth implements IAuth {
      };

      if (this._isRemoteUserValid(req.remote_user)) {
-        debug('jwt has remote user');
+        debug('jwt has a valid authentication header');
        return next();
      }

      // in case auth header does not exist we return anonymous function
-      req.remote_user = createAnonymousRemoteUser();
+      const remoteUser = createAnonymousRemoteUser();
+      req.remote_user = remoteUser;
+      res.locals.remote_user = remoteUser;

      const { authorization } = req.headers;
      if (_.isNil(authorization)) {
-        debug('jwt invalid auth header');
+        debug('jwt, authentication header is missing');
        return next();
      }

      if (!isAuthHeaderValid(authorization)) {
-        debug('api middleware auth heather is not valid');
-        return next(getBadRequest(API_ERROR.BAD_AUTH_HEADER));
+        debug('api middleware authentication heather is invalid');
+        return next(errorUtils.getBadRequest(API_ERROR.BAD_AUTH_HEADER));
      }
      const { secret, security } = this.config;

@@ -480,7 +484,7 @@ class Auth implements IAuth {
      } else {
        // with JWT throw 401
        debug('jwt invalid token');
-        next(getForbidden(API_ERROR.BAD_USERNAME_PASSWORD));
+        next(errorUtils.getForbidden(API_ERROR.BAD_USERNAME_PASSWORD));
      }
    }
  }
@@ -514,7 +518,7 @@ class Auth implements IAuth {
    } else {
      // we force npm client to ask again with basic authentication
      debug('legacy invalid header');
-      return next(getBadRequest(API_ERROR.BAD_AUTH_HEADER));
+      return next(errorUtils.getBadRequest(API_ERROR.BAD_AUTH_HEADER));
    }
  }

@@ -548,7 +552,7 @@ class Auth implements IAuth {
      }

      if (!isAuthHeaderValid(authorization)) {
-        return next(getBadRequest(API_ERROR.BAD_AUTH_HEADER));
+        return next(errorUtils.getBadRequest(API_ERROR.BAD_AUTH_HEADER));
      }

      const token = (authorization || '').replace(`${TOKEN_BEARER} `, '');
--- a/packages/auth/src/jwt-token.ts
+++ b/packages/auth/src/jwt-token.ts
@@ -1,5 +1,5 @@
-import jwt from 'jsonwebtoken';
 import buildDebug from 'debug';
+import jwt from 'jsonwebtoken';

 import { JWTSignOptions, RemoteUser } from '@verdaccio/types';

--- a/packages/auth/src/legacy-token.ts
+++ b/packages/auth/src/legacy-token.ts
@@ -1,13 +1,14 @@
 import {
+  HexBase64BinaryEncoding,
+  Utf8AsciiBinaryEncoding,
  createCipheriv,
  createDecipheriv,
-  HexBase64BinaryEncoding,
  randomBytes,
-  Utf8AsciiBinaryEncoding,
 } from 'crypto';
-import { TOKEN_VALID_LENGTH } from '@verdaccio/config';
 import buildDebug from 'debug';

+import { TOKEN_VALID_LENGTH } from '@verdaccio/config';
+
 const debug = buildDebug('verdaccio:auth:token:legacy');

 export const defaultAlgorithm = process.env.VERDACCIO_LEGACY_ALGORITHM || 'aes-256-ctr';
--- a/packages/auth/src/utils.ts
+++ b/packages/auth/src/utils.ts
@@ -1,29 +1,27 @@
-import _ from 'lodash';
 import buildDebug from 'debug';
+import _ from 'lodash';
+
+import { createAnonymousRemoteUser } from '@verdaccio/config';
 import {
+  API_ERROR,
+  HTTP_STATUS,
+  TOKEN_BASIC,
+  TOKEN_BEARER,
+  VerdaccioError,
+  errorUtils,
+} from '@verdaccio/core';
+import {
+  AuthPackageAllow,
  Callback,
  Config,
  IPluginAuth,
  RemoteUser,
  Security,
-  AuthPackageAllow,
 } from '@verdaccio/types';
-import {
-  HTTP_STATUS,
-  TOKEN_BASIC,
-  TOKEN_BEARER,
-  API_ERROR,
-  getForbidden,
-  getUnauthorized,
-  getConflict,
-  getCode,
-} from '@verdaccio/commons-api';
-import { VerdaccioError } from '@verdaccio/commons-api';

-import { createAnonymousRemoteUser } from '@verdaccio/config';
-import { TokenEncryption, AESPayload } from './auth';
-import { aesDecrypt } from './legacy-token';
+import { AESPayload, TokenEncryption } from './auth';
 import { verifyPayload } from './jwt-token';
+import { aesDecrypt } from './legacy-token';
 import { parseBasicPayload } from './token';

 const debug = buildDebug('verdaccio:auth:utils');
@@ -155,7 +153,7 @@ export function verifyJWTPayload(token: string, secret: string): RemoteUser {
      // we return an anonymous user to force log in.
      return createAnonymousRemoteUser();
    }
-    throw getCode(HTTP_STATUS.UNAUTHORIZED, error.message);
+    throw errorUtils.getCode(HTTP_STATUS.UNAUTHORIZED, error.message);
  }
 }

@@ -166,11 +164,11 @@ export function isAuthHeaderValid(authorization: string): boolean {
 export function getDefaultPlugins(logger: any): IPluginAuth<Config> {
  return {
    authenticate(user: string, password: string, cb: Callback): void {
-      cb(getForbidden(API_ERROR.BAD_USERNAME_PASSWORD));
+      cb(errorUtils.getForbidden(API_ERROR.BAD_USERNAME_PASSWORD));
    },

    adduser(user: string, password: string, cb: Callback): void {
-      return cb(getConflict(API_ERROR.BAD_USERNAME_PASSWORD));
+      return cb(errorUtils.getConflict(API_ERROR.BAD_USERNAME_PASSWORD));
    },

    // FIXME: allow_action and allow_publish should be in the @verdaccio/types
@@ -205,9 +203,13 @@ export function allow_action(action: ActionsAllowed, logger): AllowAction {
    }

    if (name) {
-      callback(getForbidden(`user ${name} is not allowed to ${action} package ${pkg.name}`));
+      callback(
+        errorUtils.getForbidden(`user ${name} is not allowed to ${action} package ${pkg.name}`)
+      );
    } else {
-      callback(getUnauthorized(`authorization required to ${action} package ${pkg.name}`));
+      callback(
+        errorUtils.getUnauthorized(`authorization required to ${action} package ${pkg.name}`)
+      );
    }
  };
 }
--- a/packages/auth/test/auth-utils.spec.ts
+++ b/packages/auth/test/auth-utils.spec.ts
@@ -1,39 +1,42 @@
-import path from 'path';
 import _ from 'lodash';
+import path from 'path';

-import { CHARACTER_ENCODING, TOKEN_BEARER, API_ERROR } from '@verdaccio/commons-api';
-
-import { configExample } from '@verdaccio/mock';
 import {
  Config as AppConfig,
-  parseConfigFile,
  ROLES,
-  createRemoteUser,
  createAnonymousRemoteUser,
+  createRemoteUser,
+  parseConfigFile,
 } from '@verdaccio/config';
-
 import {
-  getAuthenticatedMessage,
-  buildToken,
+  API_ERROR,
+  CHARACTER_ENCODING,
+  TOKEN_BEARER,
+  VerdaccioError,
+  errorUtils,
+} from '@verdaccio/core';
+import { setup } from '@verdaccio/logger';
+import { configExample } from '@verdaccio/mock';
+import { Config, RemoteUser, Security } from '@verdaccio/types';
+import {
  AllowActionCallbackResponse,
+  buildToken,
  buildUserBuffer,
+  getAuthenticatedMessage,
 } from '@verdaccio/utils';

-import { Config, Security, RemoteUser } from '@verdaccio/types';
-import { VerdaccioError, getForbidden } from '@verdaccio/commons-api';
-import { setup } from '@verdaccio/logger';
 import {
-  IAuth,
-  Auth,
  ActionsAllowed,
+  Auth,
+  IAuth,
+  aesDecrypt,
  allow_action,
+  getApiToken,
  getDefaultPlugins,
  getMiddlewareCredentials,
-  getApiToken,
-  verifyJWTPayload,
-  aesDecrypt,
-  verifyPayload,
  signPayload,
+  verifyJWTPayload,
+  verifyPayload,
 } from '../src';

 setup([]);
@@ -110,7 +113,7 @@ describe('Auth utilities', () => {
    test('authentication should fail by default (default)', () => {
      const plugin = getDefaultPlugins({ trace: jest.fn() });
      plugin.authenticate('foo', 'bar', (error: any) => {
-        expect(error).toEqual(getForbidden(API_ERROR.BAD_USERNAME_PASSWORD));
+        expect(error).toEqual(errorUtils.getForbidden(API_ERROR.BAD_USERNAME_PASSWORD));
      });
    });

@@ -118,7 +121,7 @@ describe('Auth utilities', () => {
      const plugin = getDefaultPlugins({ trace: jest.fn() });
      // @ts-ignore
      plugin.adduser('foo', 'bar', (error: any) => {
-        expect(error).toEqual(getForbidden(API_ERROR.BAD_USERNAME_PASSWORD));
+        expect(error).toEqual(errorUtils.getForbidden(API_ERROR.BAD_USERNAME_PASSWORD));
      });
    });
  });
--- a/packages/auth/test/auth.spec.ts
+++ b/packages/auth/test/auth.spec.ts
@@ -1,19 +1,21 @@
 import _ from 'lodash';
-import { ROLES, Config as AppConfig } from '@verdaccio/config';
-import { setup } from '@verdaccio/logger';
+
 import { IAuth } from '@verdaccio/auth';
+import { Config as AppConfig, ROLES } from '@verdaccio/config';
+import { errorUtils } from '@verdaccio/core';
+import { setup } from '@verdaccio/logger';
 import { Config } from '@verdaccio/types';
-import { getInternalError } from '@verdaccio/commons-api';

 import { Auth } from '../src';
-
-import { authProfileConf, authPluginFailureConf, authPluginPassThrougConf } from './helper/plugin';
+import { authPluginFailureConf, authPluginPassThrougConf, authProfileConf } from './helper/plugin';

 setup([]);

 describe('AuthTest', () => {
  test('should be defined', () => {
    const config: Config = new AppConfig(_.cloneDeep(authProfileConf));
+    config.checkSecretKey('12345');
+
    const auth: IAuth = new Auth(config);

    expect(auth).toBeDefined();
@@ -23,6 +25,7 @@ describe('AuthTest', () => {
    describe('test authenticate states', () => {
      test('should be a success login', () => {
        const config: Config = new AppConfig(_.cloneDeep(authProfileConf));
+        config.checkSecretKey('12345');
        const auth: IAuth = new Auth(config);

        expect(auth).toBeDefined();
@@ -49,6 +52,7 @@ describe('AuthTest', () => {

      test('should be a fail on login', () => {
        const config: Config = new AppConfig(_.cloneDeep(authPluginFailureConf));
+        config.checkSecretKey('12345');
        const auth: IAuth = new Auth(config);

        expect(auth).toBeDefined();
@@ -57,7 +61,7 @@ describe('AuthTest', () => {

        auth.authenticate('foo', 'bar', callback);
        expect(callback).toHaveBeenCalledTimes(1);
-        expect(callback).toHaveBeenCalledWith(getInternalError());
+        expect(callback).toHaveBeenCalledWith(errorUtils.getInternalError());
      });
    });

@@ -67,6 +71,7 @@ describe('AuthTest', () => {
    describe('test authenticate out of control inputs from plugins', () => {
      test('should skip falsy values', () => {
        const config: Config = new AppConfig(_.cloneDeep(authPluginPassThrougConf));
+        config.checkSecretKey('12345');
        const auth: IAuth = new Auth(config);

        expect(auth).toBeDefined();
@@ -86,6 +91,7 @@ describe('AuthTest', () => {

      test('should error truthy non-array', () => {
        const config: Config = new AppConfig(_.cloneDeep(authPluginPassThrougConf));
+        config.checkSecretKey('12345');
        const auth: IAuth = new Auth(config);

        expect(auth).toBeDefined();
@@ -103,6 +109,7 @@ describe('AuthTest', () => {

      test('should skip empty array', () => {
        const config: Config = new AppConfig(_.cloneDeep(authPluginPassThrougConf));
+        config.checkSecretKey('12345');
        const auth: IAuth = new Auth(config);

        expect(auth).toBeDefined();
@@ -119,6 +126,7 @@ describe('AuthTest', () => {

      test('should accept valid array', () => {
        const config: Config = new AppConfig(_.cloneDeep(authPluginPassThrougConf));
+        config.checkSecretKey('12345');
        const auth: IAuth = new Auth(config);

        expect(auth).toBeDefined();
--- a/packages/auth/test/helper/plugin.ts
+++ b/packages/auth/test/helper/plugin.ts
@@ -1,4 +1,5 @@
 import path from 'path';
+
 import { configExample as config } from '@verdaccio/mock';

 export const authProfileConf = config({
--- a/packages/auth/tsconfig.json
+++ b/packages/auth/tsconfig.json
@@ -10,9 +10,6 @@
    {
      "path": "../config"
    },
-    {
-      "path": "../core/commons-api"
-    },
    {
      "path": "../core/htpasswd"
    },
--- a/packages/cli/CHANGELOG.md
+++ b/packages/cli/CHANGELOG.md
@@ -1,5 +1,106 @@
 # @verdaccio/cli

+## 6.0.0-6-next.25
+
+### Patch Changes
+
+- Updated dependencies [f86c31ed]
+- Updated dependencies [20c9e43e]
+  - @verdaccio/fastify-migration@6.0.0-6-next.16
+  - @verdaccio/config@6.0.0-6-next.11
+  - @verdaccio/node-api@6.0.0-6-next.24
+
+## 6.0.0-6-next.24
+
+### Minor Changes
+
+- 6c1eb021: feat: use warning codes for deprecation warnings
+
+### Patch Changes
+
+- Updated dependencies [6c1eb021]
+  - @verdaccio/core@6.0.0-6-next.3
+  - @verdaccio/logger@6.0.0-6-next.7
+  - @verdaccio/node-api@6.0.0-6-next.23
+  - @verdaccio/config@6.0.0-6-next.10
+  - @verdaccio/fastify-migration@6.0.0-6-next.15
+
+## 6.0.0-6-next.23
+
+### Major Changes
+
+- 794af76c: Remove Node 12 support
+
+  - We need move to the new `undici` and does not support Node.js 12
+
+### Minor Changes
+
+- 154b2ecd: refactor: remove @verdaccio/commons-api in favor @verdaccio/core and remove duplications
+
+### Patch Changes
+
+- Updated dependencies [794af76c]
+- Updated dependencies [b702ea36]
+- Updated dependencies [154b2ecd]
+  - @verdaccio/config@6.0.0-6-next.9
+  - @verdaccio/fastify-migration@6.0.0-6-next.14
+  - @verdaccio/logger@6.0.0-6-next.6
+  - @verdaccio/node-api@6.0.0-6-next.22
+
+## 6.0.0-6-next.22
+
+### Patch Changes
+
+- Updated dependencies [2c594910]
+  - @verdaccio/logger@6.0.0-6-next.5
+  - @verdaccio/fastify-migration@6.0.0-6-next.13
+  - @verdaccio/node-api@6.0.0-6-next.21
+
+## 6.0.0-6-next.21
+
+### Major Changes
+
+- 459b6fa7: refactor: search v1 endpoint and local-database
+
+  - refactor search `api v1` endpoint, improve performance
+  - remove usage of `async` dependency https://github.com/verdaccio/verdaccio/issues/1225
+  - refactor method storage class
+  - create new module `core` to reduce the ammount of modules with utilities
+  - use `undici` instead `node-fetch`
+  - use `fastify` instead `express` for functional test
+
+  ### Breaking changes
+
+  - plugin storage API changes
+  - remove old search endpoint (return 404)
+  - filter local private packages at plugin level
+
+  The storage api changes for methods `get`, `add`, `remove` as promise base. The `search` methods also changes and recieves a `query` object that contains all query params from the client.
+
+  ```ts
+  export interface IPluginStorage<T> extends IPlugin {
+    add(name: string): Promise<void>;
+    remove(name: string): Promise<void>;
+    get(): Promise<any>;
+    init(): Promise<void>;
+    getSecret(): Promise<string>;
+    setSecret(secret: string): Promise<any>;
+    getPackageStorage(packageInfo: string): IPackageStorage;
+    search(query: searchUtils.SearchQuery): Promise<searchUtils.SearchItem[]>;
+    saveToken(token: Token): Promise<any>;
+    deleteToken(user: string, tokenKey: string): Promise<any>;
+    readTokens(filter: TokenFilter): Promise<Token[]>;
+  }
+  ```
+
+### Patch Changes
+
+- Updated dependencies [459b6fa7]
+  - @verdaccio/config@6.0.0-6-next.8
+  - @verdaccio/fastify-migration@6.0.0-6-next.12
+  - @verdaccio/node-api@6.0.0-6-next.20
+  - @verdaccio/logger@6.0.0-6-next.4
+
 ## 6.0.0-6-next.20

 ### Patch Changes
--- a/packages/cli/package.json
+++ b/packages/cli/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@verdaccio/cli",
-  "version": "6.0.0-6-next.20",
+  "version": "6.0.0-6-next.25",
  "author": {
    "name": "Juan Picado",
    "email": "juanpicado19@gmail.com"
@@ -26,7 +26,7 @@
    "verdaccio"
  ],
  "engines": {
-    "node": ">=12",
+    "node": ">=14",
    "npm": ">=6"
  },
  "description": "verdaccio CLI",
@@ -44,11 +44,12 @@
    "start": "ts-node src/index.ts"
  },
  "dependencies": {
-    "@verdaccio/config": "workspace:6.0.0-6-next.7",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.4",
-    "@verdaccio/node-api": "workspace:6.0.0-6-next.19",
-    "@verdaccio/fastify-migration": "workspace:6.0.0-6-next.11",
-    "clipanion": "3.0.1",
+    "@verdaccio/core": "workspace:6.0.0-6-next.3",
+    "@verdaccio/config": "workspace:6.0.0-6-next.11",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.7",
+    "@verdaccio/node-api": "workspace:6.0.0-6-next.24",
+    "@verdaccio/fastify-migration": "workspace:6.0.0-6-next.16",
+    "clipanion": "3.1.0",
    "envinfo": "7.8.1",
    "kleur": "3.0.3",
    "semver": "7.3.5"
--- a/packages/cli/src/cli.ts
+++ b/packages/cli/src/cli.ts
@@ -1,13 +1,15 @@
 import { Cli } from 'clipanion';

+import { warningUtils } from '@verdaccio/core';
+
+import { FastifyServer } from './commands/FastifyServer';
 import { InfoCommand } from './commands/info';
 import { InitCommand } from './commands/init';
 import { VersionCommand } from './commands/version';
-import { NewServer } from './commands/newServer';
-import { isVersionValid, MIN_NODE_VERSION } from './utils';
+import { MIN_NODE_VERSION, isVersionValid } from './utils';

 if (process.getuid && process.getuid() === 0) {
-  process.emitWarning(`Verdaccio doesn't need superuser privileges. don't run it under root`);
+  warningUtils.emit(warningUtils.Codes.VERWAR001);
 }

 if (!isVersionValid(process.version)) {
@@ -28,7 +30,7 @@ const cli = new Cli({
 cli.register(InfoCommand);
 cli.register(InitCommand);
 cli.register(VersionCommand);
-cli.register(NewServer);
+cli.register(FastifyServer);
 cli.runExit(args, Cli.defaultContext);

 process.on('uncaughtException', function (err) {
--- a/packages/cli/src/commands/FastifyServer.ts
+++ b/packages/cli/src/commands/FastifyServer.ts
@@ -1,7 +1,9 @@
 import { Command, Option } from 'clipanion';
+
 import { findConfigFile, parseConfigFile } from '@verdaccio/config';
-import { setup, logger } from '@verdaccio/logger';
+import { warningUtils } from '@verdaccio/core';
 import server from '@verdaccio/fastify-migration';
+import { logger, setup } from '@verdaccio/logger';
 import { ConfigRuntime } from '@verdaccio/types';

 export const DEFAULT_PROCESS_NAME: string = 'verdaccio';
@@ -9,9 +11,12 @@ export const DEFAULT_PROCESS_NAME: string = 'verdaccio';
 /**
 * This command is intended to run the server with Fastify
 * as a migration step.
+ * More info: https://github.com/verdaccio/verdaccio/discussions/2155
+ * To try out.
+ * pnpm debug:fastify
 */
-export class NewServer extends Command {
-  public static paths = [['new']];
+export class FastifyServer extends Command {
+  public static paths = [['fastify-server']];

  private port = Option.String('-l,-p,--listen,--port', {
    description: 'host:port number to listen on (default: localhost:4873)',
@@ -24,7 +29,7 @@ export class NewServer extends Command {
  private initLogger(logConfig: ConfigRuntime) {
    try {
      if (logConfig.logs) {
-        process.emitWarning('config.logs is deprecated, rename configuration to "config.log"');
+        warningUtils.emit(warningUtils.Codes.VERDEP001);
      }
      // FUTURE: remove fallback when is ready
      setup(logConfig.log || logConfig.logs);
@@ -41,9 +46,11 @@ export class NewServer extends Command {
      this.initLogger(configParsed);

      process.title = web?.title || DEFAULT_PROCESS_NAME;
+      // FIXME: need a way to get version of the package.
      // const { version, name } = require('../../package.json');
      const ser = await server({ logger, config: configParsed });
-      await ser.listen(4873);
+      // FIXME: harcoded, this would need to come from the configuration and the --listen flag.
+      await ser.listen(process.env.PORT || 4873);
    } catch (err: any) {
      console.error(err);
      process.exit(1);
--- a/packages/cli/src/commands/info.ts
+++ b/packages/cli/src/commands/info.ts
@@ -1,5 +1,5 @@
-import envinfo from 'envinfo';
 import { Command } from 'clipanion';
+import envinfo from 'envinfo';

 export class InfoCommand extends Command {
  public static paths = [[`--info`], [`-i`]];
--- a/packages/cli/src/commands/init.ts
+++ b/packages/cli/src/commands/init.ts
@@ -1,6 +1,8 @@
 import { Command, Option } from 'clipanion';
+
 import { findConfigFile, parseConfigFile } from '@verdaccio/config';
-import { setup, logger } from '@verdaccio/logger';
+import { warningUtils } from '@verdaccio/core';
+import { logger, setup } from '@verdaccio/logger';
 import { initServer } from '@verdaccio/node-api';
 import { ConfigRuntime } from '@verdaccio/types';

@@ -46,7 +48,7 @@ export class InitCommand extends Command {
  private initLogger(logConfig: ConfigRuntime) {
    try {
      if (logConfig.logs) {
-        process.emitWarning('config.logs is deprecated, rename configuration to "config.log"');
+        warningUtils.emit(warningUtils.Codes.VERDEP001);
      }
      // FUTURE: remove fallback when is ready
      setup(logConfig.log || logConfig.logs);
--- a/packages/cli/src/utils.ts
+++ b/packages/cli/src/utils.ts
@@ -1,7 +1,8 @@
 import semver from 'semver';

-export const MIN_NODE_VERSION = '14';
+export const MIN_NODE_VERSION = '14.0.0';

-export function isVersionValid(version) {
+export function isVersionValid(processVersion) {
+  const version = processVersion.substr(1);
  return semver.satisfies(version, `>=${MIN_NODE_VERSION}`);
 }
--- a/packages/cli/test/utils.spec.ts
+++ b/packages/cli/test/utils.spec.ts
@@ -1,9 +1,16 @@
 import { isVersionValid } from '../src/utils';

 test('valid version node.js', () => {
-  expect(isVersionValid('14.0.0')).toBeTruthy();
+  expect(isVersionValid('v14.0.0')).toBeTruthy();
+  expect(isVersionValid('v15.0.0')).toBeTruthy();
+  expect(isVersionValid('v16.0.0')).toBeTruthy();
+  expect(isVersionValid('v17.0.0')).toBeTruthy();
 });

 test('is invalid version node.js', () => {
-  expect(isVersionValid('13.0.0')).toBeFalsy();
+  expect(isVersionValid('v13.0.0')).toBeFalsy();
+  expect(isVersionValid('v12.0.0')).toBeFalsy();
+  expect(isVersionValid('v8.0.0')).toBeFalsy();
+  expect(isVersionValid('v4.0.0')).toBeFalsy();
+  expect(isVersionValid('v0.0.10')).toBeFalsy();
 });
--- a/packages/cli/tsconfig.json
+++ b/packages/cli/tsconfig.json
@@ -13,6 +13,9 @@
    {
      "path": "../core/cli-ui"
    },
+    {
+      "path": "../core/core"
+    },
    {
      "path": "../core/server"
    },
--- a/packages/config/CHANGELOG.md
+++ b/packages/config/CHANGELOG.md
@@ -1,5 +1,82 @@
 # @verdaccio/config

+## 6.0.0-6-next.11
+
+### Patch Changes
+
+- Updated dependencies [f86c31ed]
+  - @verdaccio/utils@6.0.0-6-next.9
+
+## 6.0.0-6-next.10
+
+### Patch Changes
+
+- Updated dependencies [6c1eb021]
+  - @verdaccio/core@6.0.0-6-next.3
+  - @verdaccio/utils@6.0.0-6-next.8
+
+## 6.0.0-6-next.9
+
+### Major Changes
+
+- 794af76c: Remove Node 12 support
+
+  - We need move to the new `undici` and does not support Node.js 12
+
+### Minor Changes
+
+- 154b2ecd: refactor: remove @verdaccio/commons-api in favor @verdaccio/core and remove duplications
+
+### Patch Changes
+
+- Updated dependencies [794af76c]
+- Updated dependencies [154b2ecd]
+  - @verdaccio/core@6.0.0-6-next.2
+  - @verdaccio/utils@6.0.0-6-next.7
+
+## 6.0.0-6-next.8
+
+### Major Changes
+
+- 459b6fa7: refactor: search v1 endpoint and local-database
+
+  - refactor search `api v1` endpoint, improve performance
+  - remove usage of `async` dependency https://github.com/verdaccio/verdaccio/issues/1225
+  - refactor method storage class
+  - create new module `core` to reduce the ammount of modules with utilities
+  - use `undici` instead `node-fetch`
+  - use `fastify` instead `express` for functional test
+
+  ### Breaking changes
+
+  - plugin storage API changes
+  - remove old search endpoint (return 404)
+  - filter local private packages at plugin level
+
+  The storage api changes for methods `get`, `add`, `remove` as promise base. The `search` methods also changes and recieves a `query` object that contains all query params from the client.
+
+  ```ts
+  export interface IPluginStorage<T> extends IPlugin {
+    add(name: string): Promise<void>;
+    remove(name: string): Promise<void>;
+    get(): Promise<any>;
+    init(): Promise<void>;
+    getSecret(): Promise<string>;
+    setSecret(secret: string): Promise<any>;
+    getPackageStorage(packageInfo: string): IPackageStorage;
+    search(query: searchUtils.SearchQuery): Promise<searchUtils.SearchItem[]>;
+    saveToken(token: Token): Promise<any>;
+    deleteToken(user: string, tokenKey: string): Promise<any>;
+    readTokens(filter: TokenFilter): Promise<Token[]>;
+  }
+  ```
+
+### Patch Changes
+
+- Updated dependencies [459b6fa7]
+  - @verdaccio/commons-api@11.0.0-6-next.4
+  - @verdaccio/utils@6.0.0-6-next.6
+
 ## 6.0.0-6-next.7

 ### Patch Changes
--- a/packages/config/package.json
+++ b/packages/config/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@verdaccio/config",
-  "version": "6.0.0-6-next.7",
+  "version": "6.0.0-6-next.11",
  "description": "logger",
  "main": "./build/index.js",
  "types": "build/index.d.ts",
@@ -26,7 +26,7 @@
    "verdaccio"
  ],
  "engines": {
-    "node": ">=10",
+    "node": ">=14",
    "npm": ">=6"
  },
  "scripts": {
@@ -39,13 +39,13 @@
    "build": "pnpm run build:js && pnpm run build:types"
  },
  "dependencies": {
-    "@verdaccio/commons-api": "workspace:11.0.0-alpha.3",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.5",
+    "@verdaccio/core": "workspace:6.0.0-6-next.3",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.9",
    "debug": "4.3.2",
    "js-yaml": "3.14.1",
    "lodash": "4.17.21",
    "minimatch": "3.0.4",
-    "yup": "0.32.9"
+    "yup": "0.32.11"
  },
  "devDependencies": {
    "@types/minimatch": "3.0.5",
--- a/packages/config/src/conf/default.yaml
+++ b/packages/config/src/conf/default.yaml
@@ -100,11 +100,6 @@ logs:
  # { type: file, path: verdaccio.log, level: http}
  # FIXME: this should be documented
  # More info about log rotation https://github.com/pinojs/pino/blob/master/docs/help.md#log-rotation
-flags:
-  # support for npm token command
-  token: false
-  # support for the new v1 search endpoint, functional by incomplete read more on ticket 1732
-  search: false

 # This affect the web and api (not developed yet)
 i18n:
--- a/packages/config/src/config-path.ts
+++ b/packages/config/src/config-path.ts
@@ -1,10 +1,11 @@
-import fs from 'fs';
-import path from 'path';
-import _ from 'lodash';
 import buildDebug from 'debug';
+import fs from 'fs';
+import _ from 'lodash';
+import path from 'path';

-import { CHARACTER_ENCODING } from '@verdaccio/commons-api';
-import { folderExists, fileExists } from './config-utils';
+import { CHARACTER_ENCODING } from '@verdaccio/core';
+
+import { fileExists, folderExists } from './config-utils';

 const CONFIG_FILE = 'config.yaml';
 const XDG = 'xdg';
--- a/packages/config/src/config.ts
+++ b/packages/config/src/config.ts
@@ -1,31 +1,28 @@
 import assert from 'assert';
-import _ from 'lodash';
 import buildDebug from 'debug';
+import _ from 'lodash';

-import { generateRandomHexString, isObject } from '@verdaccio/utils';
-import { APP_ERROR } from '@verdaccio/commons-api';
+import { APP_ERROR } from '@verdaccio/core';
 import {
-  PackageList,
  Config as AppConfig,
-  ConfigRuntime,
-  Security,
-  PackageAccess,
-  ServerSettingsConf,
  AuthConf,
+  ConfigRuntime,
+  PackageAccess,
+  PackageList,
+  Security,
+  ServerSettingsConf,
 } from '@verdaccio/types';
+import { generateRandomHexString, getMatchedPackagesSpec, isObject } from '@verdaccio/utils';

-import { generateRandomSecretKey } from './token';
-import { getMatchedPackagesSpec, normalisePackageAccess } from './package-access';
-import { sanityCheckUplinksProps, uplinkSanityCheck } from './uplinks';
-import { defaultSecurity } from './security';
 import { getUserAgent } from './agent';
+import { normalisePackageAccess } from './package-access';
+import { defaultSecurity } from './security';
 import serverSettings from './serverSettings';
+import { generateRandomSecretKey } from './token';
+import { sanityCheckUplinksProps, uplinkSanityCheck } from './uplinks';

 const strategicConfigProps = ['uplinks', 'packages'];
 const allowedEnvConfig = ['http_proxy', 'https_proxy', 'no_proxy'];
-
-export type MatchedPackage = PackageAccess | void;
-
 const debug = buildDebug('verdaccio:config');

 export const WEB_TITLE = 'Verdaccio';
@@ -99,7 +96,8 @@ class Config implements AppConfig {
  /**
   * Check for package spec
   */
-  public getMatchedPackagesSpec(pkgName: string): MatchedPackage {
+  public getMatchedPackagesSpec(pkgName: string): PackageAccess | void {
+    // TODO: remove this method and replace by library utils
    return getMatchedPackagesSpec(pkgName, this.packages);
  }

--- a/packages/config/src/package-access.ts
+++ b/packages/config/src/package-access.ts
@@ -1,10 +1,8 @@
 import assert from 'assert';
 import _ from 'lodash';
-import minimatch from 'minimatch';

-import { PackageList, PackageAccess } from '@verdaccio/types';
-import { ErrorCode } from '@verdaccio/utils';
-import { MatchedPackage } from './config';
+import { errorUtils } from '@verdaccio/core';
+import { PackageAccess } from '@verdaccio/types';

 export interface LegacyPackageList {
  [key: string]: PackageAccess;
@@ -39,7 +37,7 @@ export function normalizeUserList(groupsList: any): any {
  } else if (Array.isArray(groupsList)) {
    result.push(groupsList);
  } else {
-    throw ErrorCode.getInternalError(
+    throw errorUtils.getInternalError(
      'CONFIG: bad package acl (array or string expected): ' + JSON.stringify(groupsList)
    );
  }
@@ -47,15 +45,6 @@ export function normalizeUserList(groupsList: any): any {
  return _.flatten(result);
 }

-export function getMatchedPackagesSpec(pkgName: string, packages: PackageList): MatchedPackage {
-  for (const i in packages) {
-    if (minimatch.makeRe(i).exec(pkgName)) {
-      return packages[i];
-    }
-  }
-  return;
-}
-
 export function normalisePackageAccess(packages: LegacyPackageList): LegacyPackageList {
  const normalizedPkgs: LegacyPackageList = { ...packages };
  if (_.isNil(normalizedPkgs['**'])) {
--- a/packages/config/src/parse.ts
+++ b/packages/config/src/parse.ts
@@ -1,19 +1,28 @@
 import fs from 'fs';
 import YAML from 'js-yaml';
-import { APP_ERROR } from '@verdaccio/commons-api';
+
+import { APP_ERROR } from '@verdaccio/core';
 import { ConfigRuntime, ConfigYaml } from '@verdaccio/types';

+/**
+ * Parse a config file from yaml to JSON.
+ * @param configPath the absolute path of the configuration file
+ */
 export function parseConfigFile(configPath: string): ConfigRuntime {
  try {
    if (/\.ya?ml$/i.test(configPath)) {
      const yamlConfig = YAML.safeLoad(fs.readFileSync(configPath, 'utf8')) as ConfigYaml;
      return Object.assign({}, yamlConfig, {
+        configPath,
+        // @deprecated use configPath instead
        config_path: configPath,
      });
    }

    const jsonConfig = require(configPath) as ConfigYaml;
    return Object.assign({}, jsonConfig, {
+      configPath,
+      // @deprecated use configPath instead
      config_path: configPath,
    });
  } catch (e: any) {
@@ -21,6 +30,6 @@ export function parseConfigFile(configPath: string): ConfigRuntime {
      e.message = APP_ERROR.CONFIG_NOT_VALID;
    }

-    throw new Error(e);
+    throw e;
  }
 }
--- a/packages/config/src/uplinks.ts
+++ b/packages/config/src/uplinks.ts
@@ -1,9 +1,8 @@
 import assert from 'assert';
-import { PackageList, UpLinksConfList } from '@verdaccio/types';
 import _ from 'lodash';

-import { getMatchedPackagesSpec } from './package-access';
-import { MatchedPackage } from './config';
+import { PackageList, UpLinksConfList } from '@verdaccio/types';
+import { getMatchedPackagesSpec } from '@verdaccio/utils';

 export const DEFAULT_REGISTRY = 'https://registry.npmjs.org';
 export const DEFAULT_UPLINK = 'npmjs';
@@ -49,11 +48,8 @@ export function sanityCheckUplinksProps(configUpLinks: UpLinksConfList): UpLinks
  return uplinks;
 }

-/**
- * Check whether an uplink can proxy
- */
 export function hasProxyTo(pkg: string, upLink: string, packages: PackageList): boolean {
-  const matchedPkg: MatchedPackage = getMatchedPackagesSpec(pkg, packages);
+  const matchedPkg = getMatchedPackagesSpec(pkg, packages);
  const proxyList = typeof matchedPkg !== 'undefined' ? matchedPkg.proxy : [];
  if (proxyList) {
    return proxyList.some((curr) => upLink === curr);
--- a/packages/config/test/config-parsing.spec.ts
+++ b/packages/config/test/config-parsing.spec.ts
@@ -12,13 +12,13 @@ describe('Package access utilities', () => {
    test('parse invalid.json', () => {
      expect(function () {
        parseConfigFile(parseConfigurationFile('invalid.json'));
-      }).toThrow(/Error/);
+      }).toThrow(/CONFIG: it does not look like a valid config file/);
    });

    test('parse not-exists.json', () => {
      expect(function () {
        parseConfigFile(parseConfigurationFile('not-exists.json'));
-      }).toThrow(/Error/);
+      }).toThrow(/Cannot find module/);
    });
  });

@@ -32,13 +32,13 @@ describe('Package access utilities', () => {
    test('parse invalid.js', () => {
      expect(function () {
        parseConfigFile(parseConfigurationFile('invalid.js'));
-      }).toThrow(/Error/);
+      }).toThrow(/CONFIG: it does not look like a valid config file/);
    });

    test('parse not-exists.js', () => {
      expect(function () {
        parseConfigFile(parseConfigurationFile('not-exists.js'));
-      }).toThrow(/Error/);
+      }).toThrow(/Cannot find module/);
    });
  });
 });
--- a/packages/config/test/config.path.spec.ts
+++ b/packages/config/test/config.path.spec.ts
@@ -1,4 +1,5 @@
 import os from 'os';
+
 import { findConfigFile } from '../src/config-path';

 const mockmkDir = jest.fn();
@@ -96,9 +97,9 @@ describe('config-path', () => {
        delete process.env.XDG_CONFIG_HOME;
        delete process.env.HOME;
        process.env.APPDATA = '/app/data/';
-        expect(findConfigFile()).toEqual('D:\\app\\data\\verdaccio\\config.yaml');
-        expect(mockwriteFile).toHaveBeenCalledWith('D:\\app\\data\\verdaccio\\config.yaml');
-        expect(mockmkDir).toHaveBeenCalledWith('D:\\app\\data\\verdaccio');
+        expect(findConfigFile()).toMatch('\\app\\data\\verdaccio\\config.yaml');
+        expect(mockwriteFile).toHaveBeenCalled();
+        expect(mockmkDir).toHaveBeenCalled();
      });
    }
  });
--- a/packages/config/test/config.spec.ts
+++ b/packages/config/test/config.spec.ts
@@ -1,14 +1,14 @@
-import path from 'path';
 import _ from 'lodash';
+import path from 'path';

 import {
  Config,
  DEFAULT_REGISTRY,
  DEFAULT_UPLINK,
-  defaultSecurity,
-  parseConfigFile,
  ROLES,
  WEB_TITLE,
+  defaultSecurity,
+  parseConfigFile,
 } from '../src';
 import { parseConfigurationFile } from './utils';

--- a/packages/config/test/package-access.spec.ts
+++ b/packages/config/test/package-access.spec.ts
@@ -1,11 +1,7 @@
 import _ from 'lodash';

-import {
-  getMatchedPackagesSpec,
-  normalisePackageAccess,
-  PACKAGE_ACCESS,
-} from '../src/package-access';
 import { parseConfigFile } from '../src';
+import { PACKAGE_ACCESS, normalisePackageAccess } from '../src/package-access';
 import { parseConfigurationFile } from './utils';

 describe('Package access utilities', () => {
@@ -127,30 +123,4 @@ describe('Package access utilities', () => {
      expect(_.isArray(all.publish)).toBeTruthy();
    });
  });
-
-  describe('getMatchedPackagesSpec', () => {
-    test('should test basic config', () => {
-      const { packages } = parseConfigFile(parseConfigurationFile('pkgs-custom'));
-      // @ts-expect-error
-      expect(getMatchedPackagesSpec('react', packages).proxy).toMatch('facebook');
-      // @ts-expect-error
-      expect(getMatchedPackagesSpec('angular', packages).proxy).toMatch('google');
-      // @ts-expect-error
-      expect(getMatchedPackagesSpec('vue', packages).proxy).toMatch('npmjs');
-      // @ts-expect-error
-      expect(getMatchedPackagesSpec('@scope/vue', packages).proxy).toMatch('npmjs');
-    });
-
-    test('should test no ** wildcard on config', () => {
-      const { packages } = parseConfigFile(parseConfigurationFile('pkgs-nosuper-wildcard-custom'));
-      // @ts-expect-error
-      expect(getMatchedPackagesSpec('react', packages).proxy).toMatch('facebook');
-      // @ts-expect-error
-      expect(getMatchedPackagesSpec('angular', packages).proxy).toMatch('google');
-      // @ts-expect-error
-      expect(getMatchedPackagesSpec('@fake/angular', packages).proxy).toMatch('npmjs');
-      expect(getMatchedPackagesSpec('vue', packages)).toBeUndefined();
-      expect(getMatchedPackagesSpec('@scope/vue', packages)).toBeUndefined();
-    });
-  });
 });
--- a/packages/config/test/partials/config/yaml/pkgs-nosuper-wildcard-custom.yaml
+++ b/packages/config/test/partials/config/yaml/pkgs-nosuper-wildcard-custom.yaml
@@ -1,13 +0,0 @@
-packages:
-  'react':
-    access: admin
-    publish: admin
-    proxy: facebook
-  'angular':
-    access: admin
-    publish: admin
-    proxy: google
-  '@fake/*':
-    access: $all
-    publish: $authenticated
-    proxy: npmjs
--- a/packages/config/test/token.spec.ts
+++ b/packages/config/test/token.spec.ts
@@ -1,4 +1,4 @@
-import { generateRandomSecretKey, TOKEN_VALID_LENGTH } from '../src/token';
+import { TOKEN_VALID_LENGTH, generateRandomSecretKey } from '../src/token';

 test('token test valid length', () => {
  const token = generateRandomSecretKey();
--- a/packages/config/test/uplinks.spec.ts
+++ b/packages/config/test/uplinks.spec.ts
@@ -1,5 +1,5 @@
-import { hasProxyTo, sanityCheckUplinksProps, uplinkSanityCheck } from '../src/uplinks';
 import { normalisePackageAccess, parseConfigFile } from '../src';
+import { hasProxyTo, sanityCheckUplinksProps, uplinkSanityCheck } from '../src/uplinks';
 import { parseConfigurationFile } from './utils';

 describe('Uplinks Utilities', () => {
--- a/packages/config/test/utils.spec.ts
+++ b/packages/config/test/utils.spec.ts
@@ -1,5 +1,5 @@
+import { ROLES, createAnonymousRemoteUser, createRemoteUser } from '../src';
 import { spliceURL } from '../src/string';
-import { createAnonymousRemoteUser, createRemoteUser, ROLES } from '../src';

 describe('spliceURL', () => {
  test('should splice two strings and generate a url', () => {
--- a/packages/config/tsconfig.json
+++ b/packages/config/tsconfig.json
@@ -7,9 +7,6 @@
  "include": ["src/**/*.ts"],
  "exclude": ["src/**/*.test.ts"],
  "references": [
-    {
-      "path": "../core/commons-api"
-    },
    {
      "path": "../utils"
    }
--- a/Show More
+++ b/Show More