chore(release): 5.0.3

not need it on 5.x

.eslintignore

@@ -19,3 +19,4 @@ Dockerfile
 test/unit/partials/
 types/custom.d.ts
 docker-examples/
+LICENSE

.github/workflows/ci.yml

@@ -9,7 +9,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        node_version: [12, 14, 15]
+        node_version: [12, 14, 15, 16]
 
     runs-on: ubuntu-latest
 

.github/workflows/codeql-analysis.yml

@@ -1,52 +0,0 @@
-name: "Code scanning - action"
-
-on:
-  push:
-  pull_request:
-  schedule:
-    - cron: '0 2 * * 4'
-
-jobs:
-  CodeQL-Build:
-
-    # CodeQL runs on ubuntu-latest and windows-latest
-    runs-on: ubuntu-latest
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v2.3.3
-      with:
-        # We must fetch at least the immediate parents so that if this is
-        # a pull request then we can checkout the head.
-        fetch-depth: 2
-
-    # If this run was triggered by a pull request event, then checkout
-    # the head of the pull request instead of the merge commit.
-    - run: git checkout HEAD^2
-      if: ${{ github.event_name == 'pull_request' }}
-      
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
-      # Override language selection by uncommenting this and choosing your languages
-      # with:
-      #   languages: go, javascript, csharp, python, cpp, java
-
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
-
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
-
-    #- run: |
-    #   make bootstrap
-    #   make release
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1

.github/workflows/docker-publish.yml

@@ -13,8 +13,8 @@ on:
       - 'yarn.lock'
     branches:
       - '**'
-#    tags:
-#      - 'v*'
+    tags:
+     - 'v*'
 
 jobs:
   docker:
@@ -36,12 +36,11 @@ jobs:
         with:
           images: ${{ github.repository }}
           tag-custom: 5.x-next
-          tag-custom-only: ${{ github.ref == 'refs/heads/master' }}
-          # disabled while is on alpha
-          # tag-semver: |
-          #   {{version}}
-          #   {{major}}
-          #   {{major}}.{{minor}}
+          tag-custom-only: ${{ github.ref == 'refs/heads/5.x' }}
+          tag-semver: |
+            {{version}}
+            {{major}}
+            {{major}}.{{minor}}
       - name: Build & Push
         uses: docker/build-push-action@v2
         with:

.github/workflows/release.yml

@@ -4,7 +4,6 @@ on:
   push:
     tags:
       - '*'
-
 jobs:
   release:
     name: Release

CHANGELOG.md

@@ -2,6 +2,46 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+### [5.0.3](https://github.com/verdaccio/verdaccio/compare/v5.0.2...v5.0.3) (2021-04-27)
+
+
+### Bug Fixes
+
+* update @verdaccio/ui-theme ([#2207](https://github.com/verdaccio/verdaccio/issues/2207)) ([ced47d5](https://github.com/verdaccio/verdaccio/commit/ced47d56fcb577b88a2ee6914d9b738b157fd08d))
+
+### [5.0.2](https://github.com/verdaccio/verdaccio/compare/v5.0.1...v5.0.2) (2021-04-27)
+
+
+### Bug Fixes
+
+* incorrect sanity check for theme plugin ([#2205](https://github.com/verdaccio/verdaccio/issues/2205)) ([d8b62cf](https://github.com/verdaccio/verdaccio/commit/d8b62cff530b1be207278a319f1989d45f5815df))
+
+### [5.0.1](https://github.com/verdaccio/verdaccio/compare/v5.0.0...v5.0.1) (2021-04-10)
+
+
+### Bug Fixes
+
+* logo and favicon configuration ([#2180](https://github.com/verdaccio/verdaccio/issues/2180)) ([782dd1c](https://github.com/verdaccio/verdaccio/commit/782dd1ca93a1bd910b14c9e79910480fc6f86d36))
+
+## [5.0.0](https://github.com/verdaccio/verdaccio/compare/v5.0.0-alpha.7...v5.0.0) (2021-04-09)
+
+
+### Features
+
+* prepare release for v5 ([#2175](https://github.com/verdaccio/verdaccio/issues/2175)) ([82c5c4e](https://github.com/verdaccio/verdaccio/commit/82c5c4eb32bfcbf9aec7c96340b226b626526b45))
+
+## [5.0.0-alpha.7](https://github.com/verdaccio/verdaccio/compare/v5.0.0-alpha.6...v5.0.0-alpha.7) (2021-04-08)
+
+
+### Bug Fixes
+
+* ui readme missing css ([#2174](https://github.com/verdaccio/verdaccio/issues/2174)) ([f49ca06](https://github.com/verdaccio/verdaccio/commit/f49ca06c68919f920e10f4f5878c34d5886b2e02))
+* Upgrade Node from 14.16 to 14.16.1 for security fixes ([#2172](https://github.com/verdaccio/verdaccio/issues/2172)) ([6ab3163](https://github.com/verdaccio/verdaccio/commit/6ab31639fab97b1b3e6323c4da862a1cae3ae1c6)), closes [/github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V14.md#14](https://github.com/verdaccio//github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V14.md/issues/14)
+
+## [5.0.0-alpha.6](https://github.com/verdaccio/verdaccio/compare/v5.0.0-alpha.5...v5.0.0-alpha.6) (2021-04-06)
+
+## [5.0.0-alpha.5](https://github.com/verdaccio/verdaccio/compare/v5.0.0-alpha.4...v5.0.0-alpha.5) (2021-04-03)
+
 ## [5.0.0-alpha.4](https://github.com/verdaccio/verdaccio/compare/v5.0.0-alpha.3...v5.0.0-alpha.4) (2021-04-03)
 
 

Dockerfile

@@ -1,4 +1,4 @@
-FROM --platform=${BUILDPLATFORM:-linux/amd64} node:14.16.0-alpine as builder
+FROM --platform=${BUILDPLATFORM:-linux/amd64} node:14.16.1-alpine as builder
 
 ENV NODE_ENV=production \
     VERDACCIO_BUILD_REGISTRY=https://registry.verdaccio.org
@@ -23,7 +23,7 @@ RUN yarn config set npmRegistryServer $VERDACCIO_BUILD_REGISTRY && \
 
 
 
-FROM node:14.16.0-alpine
+FROM node:14.16.1-alpine
 LABEL maintainer="https://github.com/verdaccio/verdaccio"
 
 ENV VERDACCIO_APPDIR=/opt/verdaccio \

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2018 Verdaccio community
+Copyright (c) 2021 Verdaccio contributors
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -12,7 +12,6 @@ For those looking to extend their storage capabilities, Verdaccio
 **supports various community-made plugins to hook into services such as Amazon's s3,
 Google Cloud Storage** or create your own plugin.
 
-
 [![verdaccio (latest)](https://img.shields.io/npm/v/verdaccio/latest.svg)](https://www.npmjs.com/package/verdaccio)
 [![verdaccio (downloads)](https://img.shields.io/npm/dy/verdaccio.svg)](https://www.npmjs.com/package/verdaccio)
 [![docker pulls](https://img.shields.io/docker/pulls/verdaccio/verdaccio.svg?maxAge=43200)](https://verdaccio.org/docs/en/docker.html)
@@ -20,21 +19,18 @@ Google Cloud Storage** or create your own plugin.
 [![stackshare](https://img.shields.io/badge/Follow%20on-StackShare-blue.svg?logo=stackshare&style=flat)](https://stackshare.io/verdaccio)
 
 [![discord](https://img.shields.io/discord/388674437219745793.svg)](http://chat.verdaccio.org/)
-[![node](https://img.shields.io/node/v/verdaccio/latest.svg)](https://www.npmjs.com/package/verdaccio)
 [![MIT](https://img.shields.io/github/license/mashape/apistatus.svg)](https://github.com/verdaccio/verdaccio/blob/master/LICENSE)
 [![Crowdin](https://d322cqt584bo4o.cloudfront.net/verdaccio/localized.svg)](https://crowdin.com/project/verdaccio)
-[![TODOs](https://badgen.net/https/api.tickgit.com/badgen/github.com/verdaccio/verdaccio)](https://www.tickgit.com/browse?repo=github.com/verdaccio/verdaccio)
 
 [![Twitter followers](https://img.shields.io/twitter/follow/verdaccio_npm.svg?style=social&label=Follow)](https://twitter.com/verdaccio_npm)
 [![Github](https://img.shields.io/github/stars/verdaccio/verdaccio.svg?style=social&label=Stars)](https://github.com/verdaccio/verdaccio/stargazers)
 
-
 ## Install
 
 Install with npm:
 
 ```bash
-npm install --global verdaccio@next
+npm install --global verdaccio
 ```
 
 > Node.js v12 is required for Verdaccio 5
@@ -45,7 +41,7 @@ Are you still using **Verdaccio 4**?. Check the [migration guide](https://verdac
 
 Verdaccio is run by **volunteers**; nobody is working full-time on it. If you find this project to be useful and would like to support its development, consider making a donation - **your logo might end up in this readme.** 😉
 
-**[Donate](https://opencollective.com/verdaccio)** 💵👍🏻 starting from *$1/month* or just one single contribution.
+**[Donate](https://github.com/sponsors/verdaccio)** 💵👍🏻 starting from _$1/month_ or just one single contribution.
 
 ## What does Verdaccio do for me?
 
@@ -55,14 +51,13 @@ If you want to use all benefits of npm package system in your company without se
 
 ### Cache npmjs.org registry
 
-   If you have more than one server you want to install packages on, you might want to use this to decrease latency
-   (presumably "slow" npmjs.org will be connected to only once per package/version) and provide limited failover (if npmjs.org is down, we might still find something useful in the cache) or avoid issues like *[How one developer just broke Node, Babel and thousands of projects in 11 lines of JavaScript](https://www.theregister.co.uk/2016/03/23/npm_left_pad_chaos/)*, *[Many packages suddenly disappeared](https://github.com/npm/registry-issue-archive/issues/255)* or *[Registry returns 404 for a package I have installed before](https://github.com/npm/registry-issue-archive/issues/329)*.
+If you have more than one server you want to install packages on, you might want to use this to decrease latency
+(presumably "slow" npmjs.org will be connected to only once per package/version) and provide limited failover (if npmjs.org is down, we might still find something useful in the cache) or avoid issues like _[How one developer just broke Node, Babel and thousands of projects in 11 lines of JavaScript](https://www.theregister.co.uk/2016/03/23/npm_left_pad_chaos/)_, _[Many packages suddenly disappeared](https://github.com/npm/registry-issue-archive/issues/255)_ or _[Registry returns 404 for a package I have installed before](https://github.com/npm/registry-issue-archive/issues/329)_.
 
 ### Link multiple registries
 
 If you use multiples registries in your organization and need to fetch packages from multiple sources in one single project you might take advance of the uplinks feature with Verdaccio, chaining multiple registries and fetching from one single endpoint.
 
-
 ### Override public packages
 
 If you want to use a modified version of some 3rd-party package (for example, you found a bug, but maintainer didn't accept pull request yet), you can publish your version locally under the same name. See in detail [here](https://verdaccio.org/docs/en/best#override-public-packages).
@@ -74,20 +69,15 @@ booted in a couple of seconds, fast enough for any CI. Many open source projects
 
 ## Talks
 
-### **Node.js Dependency Confusion Attacks & Vulnerabilities in Go Binaries**.
+[![verdaccio Node.js Dependency Confusion Attacks](https://cdn.verdaccio.dev/readme/devseccon.png)](https://www.youtube.com/watch?v=qTRADSp3Hpo)
 
-[RSVP](https://www.meetup.com/es-ES/devseccon-germany/events/276990087) to join the talk.
+You might want to check out as well our previous talks:
 
-[![verdaccio openjsworld](https://cdn.verdaccio.dev/readme/devseccon.png)](https://www.meetup.com/es-ES/devseccon-germany/events/276990087/)
-
-
-You might want to check out as well our previous talks: 
-
-* [**OpenJS World 2020** about *Cover your Projects with a Multi purpose Lightweight Node.js Registry - **Juan Picado***](https://www.youtube.com/watch?v=oVCjDWeehAQ)
-* [ViennaJS Meetup - Introduction to Verdaccio by **Priscila Olivera** and **Juan Picado**](https://www.youtube.com/watch?v=hDIFKzmoCa)
-* [Open Source? trivago - Verdaccio (**Ayush** and **Juan Picado**) January 2020](https://www.youtube.com/watch?v=A5CWxJC9xzc)
-* [GitNation Open Source Stage - How we have built a Node.js Registry with React - **Juan Picado** December 2019](https://www.youtube.com/watch?v=gpjC8Qp9B9A)
-* [Verdaccio - A lightweight Private Proxy Registry built in Node.js | **Juan Picado** at The Destro Dev Show](https://www.youtube.com/watch?reload=9&v=P_hxy7W-IL4&ab_channel=TheDestroDevShow)
+- [**OpenJS World 2020** about \*Cover your Projects with a Multi purpose Lightweight Node.js Registry - **Juan Picado\***](https://www.youtube.com/watch?v=oVCjDWeehAQ)
+- [ViennaJS Meetup - Introduction to Verdaccio by **Priscila Olivera** and **Juan Picado**](https://www.youtube.com/watch?v=hDIFKzmoCa)
+- [Open Source? trivago - Verdaccio (**Ayush** and **Juan Picado**) January 2020](https://www.youtube.com/watch?v=A5CWxJC9xzc)
+- [GitNation Open Source Stage - How we have built a Node.js Registry with React - **Juan Picado** December 2019](https://www.youtube.com/watch?v=gpjC8Qp9B9A)
+- [Verdaccio - A lightweight Private Proxy Registry built in Node.js | **Juan Picado** at The Destro Dev Show](https://www.youtube.com/watch?reload=9&v=P_hxy7W-IL4&ab_channel=TheDestroDevShow)
 
 ## Get Started
 
@@ -104,6 +94,7 @@ $ npm set registry http://localhost:4873/
 ```
 
 For one-off commands or to avoid setting the registry globally:
+
 ```bash
 NPM_CONFIG_REGISTRY=http://localhost:4873 npm i
 ```
@@ -134,13 +125,11 @@ npm publish --registry http://localhost:4873
 
 This will prompt you for user credentials which will be saved on the `verdaccio` server.
 
-
 ## Docker
 
 Below are the most commonly needed information,
 every aspect of Docker and verdaccio is [documented separately](https://www.verdaccio.org/docs/en/docker.html)
 
-
 ```
 docker pull verdaccio/verdaccio
 ```
@@ -179,9 +168,9 @@ Verdaccio aims to support all features of a standard npm client that make sense
 ### User management
 
 - Registering new users (npm adduser {newuser}) - **supported**
-- Change password (npm profile set password)  - **supported**
-- Transferring ownership (npm owner add {user} {pkg}) - not supported, *PR-welcome*
-- Token (npm token) - (more info [#1427](https://github.com/verdaccio/verdaccio/pull/1427)) - **supported**
+- Change password (npm profile set password) - **supported**
+- Transferring ownership (npm owner add {user} {pkg}) - not supported, _PR-welcome_
+- Token (npm token) - **supported**
 
 ### Miscellany
 
@@ -199,38 +188,34 @@ If you want to report a security vulnerability, please follow the steps which we
 
 ## Core Team
 
-The core team is responsible for driving this project ahead, team is ordered by antiquity and areas of responsibility.
+| [Juan Picado](https://github.com/juanpicado)                                   | [Ayush Sharma](https://github.com/ayusharma)                             | [Sergio Hg](https://github.com/sergiohgz)                                 |
+| ------------------------------------------------------------------------------ | ------------------------------------------------------------------------ | ------------------------------------------------------------------------- |
+| ![jotadeveloper](https://avatars3.githubusercontent.com/u/558752?s=120&v=4)    | ![ayusharma](https://avatars2.githubusercontent.com/u/6918450?s=120&v=4) | ![sergiohgz](https://avatars2.githubusercontent.com/u/14012309?s=120&v=4) |
+| [@jotadeveloper](https://twitter.com/jotadeveloper)                            | [@ayusharma\_](https://twitter.com/ayusharma_)                           | [@sergiohgz](https://twitter.com/sergiohgz)                               |
+| [Priscila Oliveria](https://github.com/priscilawebdev)                         | [Daniel Ruf](https://github.com/DanielRuf)                               |
+| ![priscilawebdev](https://avatars2.githubusercontent.com/u/29228205?s=120&v=4) | ![DanielRuf](https://avatars3.githubusercontent.com/u/827205?s=120&v=4)  |
+| [@priscilawebdev](https://twitter.com/priscilawebdev)                          | [@DanielRufde](https://twitter.com/DanielRufde)                          |
 
-|  [Juan Picado](https://github.com/juanpicado) |  [Ayush Sharma](https://github.com/ayusharma)  | [Sergio Hg](https://github.com/sergiohgz)  |
-|---|---|---|
-| ![jotadeveloper](https://avatars3.githubusercontent.com/u/558752?s=120&v=4)  | ![ayusharma](https://avatars2.githubusercontent.com/u/6918450?s=120&v=4)     | ![sergiohgz](https://avatars2.githubusercontent.com/u/14012309?s=120&v=4) |
-| [@jotadeveloper](https://twitter.com/jotadeveloper)  | [@ayusharma_](https://twitter.com/ayusharma_) | [@sergiohgz](https://twitter.com/sergiohgz)  |
-| All areas  |  All areas | Docker,Builds,Stack, Monorepo |
-| [Priscila Oliveria](https://github.com/priscilawebdev) | [Daniel Ruf](https://github.com/DanielRuf) |
-| ![priscilawebdev](https://avatars2.githubusercontent.com/u/29228205?s=120&v=4) | ![DanielRuf](https://avatars3.githubusercontent.com/u/827205?s=120&v=4) |
-| [@priscilawebdev](https://twitter.com/priscilawebdev) | [@DanielRufde](https://twitter.com/DanielRufde) |
-| UI, Stack  | All areas  |
-
-You can find and chat with then over Discord, click [here](http://chat.verdaccio.org) or follow them at *Twitter*.
+You can find and chat with then over Discord, click [here](http://chat.verdaccio.org) or follow them at _Twitter_.
 
 ## Who is using Verdaccio?
 
-* [create-react-app](https://github.com/facebook/create-react-app/blob/master/CONTRIBUTING.md#customizing-e2e-registry-configuration) *(+86.2k ⭐️)*
-* [Gatsby](https://github.com/gatsbyjs/gatsby) *(+49.2k ⭐️)*
-* [Babel.js](https://github.com/babel/babel) *(+38.5k ⭐️)*
-* [Vue CLI](https://github.com/vuejs/vue-cli) *(+27.4k ⭐️)*
-* [Angular CLI](https://github.com/angular/angular-cli) *(+24.3k ⭐️)*
-* [Uppy](https://github.com/transloadit/uppy) *(+23.8k ⭐️)*
-* [bit](https://github.com/teambit/bit) *(+13k ⭐️)*
-* [Aurelia Framework](https://github.com/aurelia/framework) *(+11.6k ⭐️)*
-* [pnpm](https://github.com/pnpm/pnpm) *(+10.1k ⭐️)*
-* [ethereum/web3.js](https://github.com/ethereum/web3.js) *(+9.8k ⭐️)*
-* [NX](https://github.com/nrwl/nx) *(+6.1k ⭐️)*
-* [webiny-js](https://github.com/webiny/webiny-js) *(+4.3k ⭐️)*
-* [Mozilla Neutrino](https://github.com/neutrinojs/neutrino) *(+3.7k ⭐️)*
-* [workshopper how to npm](https://github.com/workshopper/how-to-npm) *(+1k ⭐️)*
-* [Amazon SDK v3](https://github.com/aws/aws-sdk-js-v3)
-* [Amazon Encryption SDK for Javascript](https://github.com/aws/aws-encryption-sdk-javascript)
+- [create-react-app](https://github.com/facebook/create-react-app/blob/master/CONTRIBUTING.md#customizing-e2e-registry-configuration) _(+86.2k ⭐️)_
+- [Gatsby](https://github.com/gatsbyjs/gatsby) _(+49.2k ⭐️)_
+- [Babel.js](https://github.com/babel/babel) _(+38.5k ⭐️)_
+- [Vue CLI](https://github.com/vuejs/vue-cli) _(+27.4k ⭐️)_
+- [Angular CLI](https://github.com/angular/angular-cli) _(+24.3k ⭐️)_
+- [Uppy](https://github.com/transloadit/uppy) _(+23.8k ⭐️)_
+- [bit](https://github.com/teambit/bit) _(+13k ⭐️)_
+- [Aurelia Framework](https://github.com/aurelia/framework) _(+11.6k ⭐️)_
+- [pnpm](https://github.com/pnpm/pnpm) _(+10.1k ⭐️)_
+- [ethereum/web3.js](https://github.com/ethereum/web3.js) _(+9.8k ⭐️)_
+- [NX](https://github.com/nrwl/nx) _(+6.1k ⭐️)_
+- [webiny-js](https://github.com/webiny/webiny-js) _(+4.3k ⭐️)_
+- [Mozilla Neutrino](https://github.com/neutrinojs/neutrino) _(+3.7k ⭐️)_
+- [workshopper how to npm](https://github.com/workshopper/how-to-npm) _(+1k ⭐️)_
+- [Amazon SDK v3](https://github.com/aws/aws-sdk-js-v3)
+- [Amazon Encryption SDK for Javascript](https://github.com/aws/aws-encryption-sdk-javascript)
 
 🤓 Don't be shy, you also can be in [the list](https://github.com/verdaccio/website/blob/master/docs/who-is-using.md).
 
@@ -262,7 +247,8 @@ Thanks to the following companies to help us to achieve our goals providing free
 [![jetbrain](assets/thanks/jetbrains/logo.png)](https://www.jetbrains.com/)
 [![crowdin](assets/thanks/crowdin/logo.png)](https://crowdin.com/)
 [![browserstack](https://cdn.verdaccio.dev/readme/browserstack_logo.png)](https://www.browserstack.com/)
-[![balsamiq](assets/thanks/balsamiq/logo.jpg)](https://balsamiq.com/)
+
+Verdaccio also is part of to the [Docker Open Source Program](https://www.docker.com/blog/expanded-support-for-open-source-software-projects/).
 
 ## Contributors
 
@@ -274,19 +260,18 @@ This project exists thanks to all the people who contribute. [[Contribute](CONTR
 
 If you have any issue you can try the following options, do no desist to ask or check our issues database, perhaps someone has asked already what you are looking for.
 
-* [Blog](https://verdaccio.org/blog/)
-* [Donations](https://opencollective.com/verdaccio)
-* [Reporting an issue](https://github.com/verdaccio/verdaccio/blob/master/CONTRIBUTING.md#reporting-a-bug)
-* [Running discussions](https://github.com/verdaccio/verdaccio/issues?q=is%3Aissue+is%3Aopen+label%3Adiscuss)
-* [Chat](http://chat.verdaccio.org/)
-* [Logos](https://verdaccio.org/docs/en/logo)
-* [Docker Examples](https://github.com/verdaccio/docker-examples)
-* [FAQ](https://github.com/verdaccio/verdaccio/issues?utf8=%E2%9C%93&q=is%3Aissue%20label%3Aquestion%20)
-
+- [Blog](https://verdaccio.org/blog/)
+- [Donations](https://github.com/sponsors/verdaccio)
+- [Reporting an issue](https://github.com/verdaccio/verdaccio/issues/new/choose)
+- [Running discussions](https://github.com/verdaccio/verdaccio/issues?q=is%3Aissue+is%3Aopen+label%3Adiscuss)
+- [Chat](http://chat.verdaccio.org/)
+- [Logos](https://verdaccio.org/docs/en/logo)
+- [Docker Examples](https://github.com/verdaccio/verdaccio/tree/master/docker-examples)
+- [FAQ](https://github.com/verdaccio/verdaccio/discussions/categories/q-a)
 
 ### License
 
 Verdaccio is [MIT licensed](https://github.com/verdaccio/verdaccio/blob/master/LICENSE)
 
-The Verdaccio documentation and logos (excluding /thanks, e.g., .md, .png, .sketch)  files within the /assets folder) is
- [Creative Commons licensed](https://creativecommons.org/licenses/by/4.0/).
+The Verdaccio documentation and logos (excluding /thanks, e.g., .md, .png, .sketch) files within the /assets folder) is
+[Creative Commons licensed](https://creativecommons.org/licenses/by/4.0/).

conf/default.yaml

@@ -19,6 +19,8 @@ web:
   # sort_packages: asc
   # convert your UI to the dark side
   # darkMode: true
+  # logo: http://somedomain/somelogo.png
+  # favicon: http://somedomain/favicon.ico | /path/favicon.ico
 
 # translate your registry, api i18n not available yet
 # i18n:
@@ -66,7 +68,6 @@ packages:
 # WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.
 server:
   keepAliveTimeout: 60
-  # behindProxy: false
 
 middlewares:
   audit:

conf/docker.yaml

@@ -24,6 +24,8 @@ web:
   # by default packages are ordercer ascendant (asc|desc)
   # sort_packages: asc
   # darkMode: true
+  # logo: http://somedomain/somelogo.png
+  # favicon: http://somedomain/favicon.ico | /path/favicon.ico
 
 # translate your registry, api i18n not available yet
 # i18n:
@@ -71,8 +73,6 @@ packages:
 # WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.
 server:
   keepAliveTimeout: 60
-  # enable this if you run behind a proxy
-  # behindProxy: false
 
 middlewares:
   audit:

package.json

@@ -1,6 +1,6 @@
 {
   "name": "verdaccio",
-  "version": "5.0.0-alpha.4",
+  "version": "5.0.3",
   "description": "A lightweight private npm proxy registry",
   "author": {
     "name": "Verdaccio Maintainers",
@@ -22,7 +22,7 @@
     "@verdaccio/local-storage": "10.0.1",
     "@verdaccio/readme": "10.0.0",
     "@verdaccio/streams": "10.0.0",
-    "@verdaccio/ui-theme": "3.0.0",
+    "@verdaccio/ui-theme": "3.1.0",
     "JSONStream": "1.3.5",
     "async": "3.2.0",
     "body-parser": "1.19.0",

scripts/publish.sh

@@ -10,4 +10,4 @@ echo "Bumping version to new tag: ${lastTag}"
 echo "//$REGISTRY_URL/:_authToken=$REGISTRY_AUTH_TOKEN" > .npmrc
 
 # Publish to NPM
-npm publish --registry https://$REGISTRY_URL/ --tag next
+npm publish --registry https://$REGISTRY_URL/

src/api/index.ts

@@ -21,9 +21,6 @@ import { log, final, errorReportingMiddleware, serveFavicon } from './middleware
 const defineAPI = function (config: IConfig, storage: IStorageHandler): any {
   const auth: IAuth = new Auth(config);
   const app: Application = express();
-  if (config?.server?.behindProxy === true) {
-    // app.use('trust proxy');
-  }
 
   // run in production mode by default, just in case
   // it shouldn't make any difference anyway

src/api/middleware.ts

@@ -28,7 +28,7 @@ export function serveFavicon(config: Config) {
   return function (req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer) {
     try {
       // @ts-ignore
-      const logoConf: string = config?.web?.logo as string;
+      const logoConf: string = config?.web?.favicon as string;
       if (logoConf === '') {
         debug('favicon disabled');
         res.status(404);
@@ -42,6 +42,7 @@ export function serveFavicon(config: Config) {
         ) {
           debug('redirect to %o', logoConf);
           res.redirect(logoConf);
+          return;
         } else {
           const faviconPath = path.normalize(logoConf);
           debug('serving favicon from %o', faviconPath);
@@ -52,11 +53,10 @@ export function serveFavicon(config: Config) {
             } else {
               res.setHeader('Content-Type', 'image/x-icon');
               fs.createReadStream(faviconPath).pipe(res);
-              return;
+              debug('rendered custom ico');
             }
           });
         }
-        return next();
       } else {
         res.setHeader('Content-Type', 'image/x-icon');
         fs.createReadStream(path.join(__dirname, './web/html/favicon.ico')).pipe(res);

src/api/web/html/renderHTML.ts

@@ -36,7 +36,6 @@ export default function renderHTML(config, manifest, manifestFiles, req, res) {
   const darkMode = config?.web?.darkMode ?? false;
   const title = config?.web?.title ?? WEB_TITLE;
   const scope = config?.web?.scope ?? '';
-  // FIXME: logo URI is incomplete
   let logoURI = config?.web?.logo ?? '';
   const version = pkgJSON.version;
   const primaryColor = validatePrimaryColor(config?.web?.primary_color) ?? '#4b5e40';
@@ -56,7 +55,7 @@ export default function renderHTML(config, manifest, manifestFiles, req, res) {
     base,
     primaryColor,
     version,
-    logoURI,
+    logo: logoURI,
     title,
     scope,
     language,

src/api/web/index.ts

@@ -19,7 +19,7 @@ export function loadTheme(config) {
         config.theme,
         {},
         function (plugin) {
-          return _.isString(plugin);
+          return plugin.staticPath && plugin.manifest && plugin.manifestFiles;
         },
         'verdaccio-theme'
       )

src/lib/auth.ts

@@ -203,7 +203,7 @@ class Auth implements IAuth {
       } else {
         plugin.allow_unpublish!(user, pkg, (err, ok: boolean): void => {
           if (err) {
-            this.logger.error({ packageName }, 'forbidden publish for @{packageName}, it will fallback on unpublish permissions');
+            this.logger.error({ packageName, user: user?.name }, '@{user} forbidden publish for @{packageName}, it will fallback on unpublish permissions');
             return callback(err);
           }
 
@@ -215,7 +215,7 @@ class Auth implements IAuth {
           }
 
           if (ok) {
-            this.logger.info({ packageName }, 'allowed unpublish for @{packageName}');
+            this.logger.info({ packageName, user: user?.name }, '@{user} allowed unpublish for @{packageName}');
             return callback(null, ok);
           }
         });
@@ -242,12 +242,12 @@ class Auth implements IAuth {
       // @ts-ignore
       plugin.allow_publish(user, pkg, (err: VerdaccioError, ok: boolean): void => {
         if (_.isNil(err) === false && _.isError(err)) {
-          self.logger.error({ packageName }, 'forbidden publish for @{packageName}');
+          self.logger.error({ packageName, user: user?.name }, '@{user} is forbidden publish for @{packageName}');
           return callback(err);
         }
 
         if (ok) {
-          self.logger.info({ packageName }, 'allowed publish for @{packageName}');
+          self.logger.info({ packageName, user: user?.name }, '@{user} is allowed publish for @{packageName}');
           return callback(null, ok);
         }
         debug('allow publish skip validation for %o', packageName);

src/lib/cli/utils.ts

@@ -35,6 +35,7 @@ export function getListListenAddresses(argListen: string, configListen: any): an
     addresses = [argListen];
   } else if (Array.isArray(configListen)) {
     addresses = configListen;
+    process.emitWarning('multiple addresses will be deprecated in the next major, only use one');
   } else if (configListen) {
     addresses = [configListen];
   } else {

yarn.lock

@@ -3326,10 +3326,10 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@verdaccio/ui-theme@npm:3.0.0":
-  version: 3.0.0
-  resolution: "@verdaccio/ui-theme@npm:3.0.0"
-  checksum: a78252728755bec9f561048f5f70eb22967c4dea824736d1cbe0d3baf0cbf02e264234ce7e3d1c0f427d6010107a0b68193e6c9020459f07d123a7cf90ebeb75
+"@verdaccio/ui-theme@npm:3.1.0":
+  version: 3.1.0
+  resolution: "@verdaccio/ui-theme@npm:3.1.0"
+  checksum: f6371875fa14cf149c91589deed9ab1527c74eec9619fa8dd5ae8eafedeff61714ab89236f3cf4be531b23e900a281ea1b5483c608431d02aa871c230958e447
   languageName: node
   linkType: hard
 
@@ -14255,7 +14255,7 @@ typescript@4.1.3:
     "@verdaccio/readme": 10.0.0
     "@verdaccio/streams": 10.0.0
     "@verdaccio/types": ^9.7.2
-    "@verdaccio/ui-theme": 3.0.0
+    "@verdaccio/ui-theme": 3.1.0
     JSONStream: 1.3.5
     all-contributors-cli: 6.20.0
     async: 3.2.0