chore: update versions (next-7) (#4677)

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

.changeset/big-cameras-invent.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/store': patch
+---
+
+chore: fix types for some store tests

.changeset/chilly-rivers-chew.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/cli': patch
+---
+
+chore: add config location and loglevel to startup log

.changeset/dry-shoes-report.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/logger-commons': patch
+'@verdaccio/logger-prettify': patch
+---
+
+fix: log spacing depending on the FORMAT and COLORS options

.changeset/eight-icons-heal.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/tarball': patch
+'@verdaccio/store': patch
+---
+
+feat: add tarball details for published packages

.changeset/grumpy-pots-watch.md

@@ -0,0 +1,9 @@
+---
+'@verdaccio/types': patch
+'@verdaccio/config': patch
+'@verdaccio/core': patch
+'@verdaccio/store': patch
+'@verdaccio/api': patch
+---
+
+feat: add support for npm owner

.changeset/nervous-fireants-design.md

@@ -0,0 +1,5 @@
+---
+'generator-verdaccio-plugin': major
+---
+
+feat: migration to monorepo

.changeset/pre.json

@@ -57,18 +57,25 @@
     "@verdaccio/website": "5.20.2",
     "@verdaccio/local-publish": "0.0.1",
     "@verdaccio/search": "7.0.0-next.0",
-    "@verdaccio/e2e-cli-pnpm9": "1.0.1"
+    "@verdaccio/e2e-cli-pnpm9": "1.0.1",
+    "generator-verdaccio-plugin": "4.1.0"
   },
   "changesets": [
     "angry-trees-tie",
+    "big-cameras-invent",
     "breezy-mayflies-pull",
     "chilled-carrots-guess",
+    "chilly-rivers-chew",
+    "dry-shoes-report",
+    "eight-icons-heal",
     "eight-squids-judge",
     "eighty-lobsters-study",
     "good-cups-train",
+    "grumpy-pots-watch",
     "itchy-mangos-wink",
     "long-jars-collect",
     "long-moles-attend",
+    "nervous-fireants-design",
     "old-turkeys-heal",
     "olive-bananas-wink",
     "perfect-chairs-act",
@@ -77,6 +84,7 @@
     "poor-seals-turn",
     "quick-buses-scream",
     "real-socks-vanish",
+    "rich-shrimps-check",
     "sharp-wolves-carry",
     "shiny-worms-retire",
     "shy-carrots-compare",
@@ -85,7 +93,9 @@
     "slow-wasps-glow",
     "spicy-birds-flow",
     "strange-points-repair",
+    "stupid-dancers-relate",
     "thirty-toes-swim",
+    "twenty-queens-protect",
     "unlucky-cycles-sparkle",
     "weak-fans-explain",
     "wet-balloons-give",

.changeset/rich-shrimps-check.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/types': patch
+'@verdaccio/store': patch
+---
+
+fix: update fields for abbreviated manifest

.changeset/stupid-dancers-relate.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/url': patch
+---
+
+patch(core/url): Throw if VERDACCIO_FORWARDED_PROTO resolves to an array (#4613 by @Tobbe)

.changeset/twenty-queens-protect.md

@@ -0,0 +1,7 @@
+---
+'@verdaccio/ui-theme': patch
+'@verdaccio/ui-components': patch
+'@verdaccio/types': patch
+---
+
+fix: change bundleDependencies to array

.github/dependabot.yml

@@ -8,18 +8,11 @@ updates:
   # Maintain dependencies for GitHub Actions
   - package-ecosystem: 'github-actions'
     directory: '/'
-    schedule:
-      interval: 'weekly'
-
-  # Maintain dependencies for npm
-  - package-ecosystem: 'npm'
-    directory: '/'
-    schedule:
-      interval: 'daily'
-    allow:
-      - dependency-name: '@verdaccio/*'
-      - dependency-name: 'verdaccio-*'
+    open-pull-requests-limit: 1
+    prefix: "[github-actions] "
     assignees:
-      - 'verdacciobot'
+      - 'verdacciobot'    
+    schedule:
+      interval: 'monthly'
     labels:
       - 'bot: dependencies'

.github/workflows/codeql-analysis.yml

@@ -34,7 +34,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@ceaec5c11a131e0d282ff3b6f095917d234caace # v2
+        uses: github/codeql-action/init@f079b8493333aace61c81488f8bd40919487bd9f # v2
 
       # Override language selection by uncommenting this and choosing your languages
       # with:
@@ -42,7 +42,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@ceaec5c11a131e0d282ff3b6f095917d234caace # v2
+        uses: github/codeql-action/autobuild@f079b8493333aace61c81488f8bd40919487bd9f # v2
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -56,4 +56,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@ceaec5c11a131e0d282ff3b6f095917d234caace # v2
+        uses: github/codeql-action/analyze@f079b8493333aace61c81488f8bd40919487bd9f # v2

.gitignore

@@ -41,7 +41,7 @@ packages/plugins/ui-theme/static
 # CI Pnpm cache
 .pnpm-store/
 
-#docs 
+#docs
 website/docs/api/**/*.md
 website/docs/api/**/*.yml
 !website/docs/api/index.md
@@ -53,3 +53,6 @@ e2e/ui/cypress/screenshots/**/*
 
 # storybook
 packages/ui-components/storybook-static
+
+# plugin generator
+packages/tools/generator-verdaccio-plugin/generators/

README.md

@@ -251,7 +251,7 @@ Verdaccio aims to support all features of a standard npm client that make sense
 
 - Registering new users (`npm adduser {newuser}`) - **supported**
 - Change password (`npm profile set password`) - **supported**
-- Transferring ownership (`npm owner add {user} {pkg}`) - not supported, _PR-welcome_
+- Transferring ownership (`npm owner`) - **supported**
 - Token (`npm token`) - **supported**
 
 ### Miscellaneous

docs/migration-v5-to-v6.md

@@ -1,14 +1,14 @@
-# Migration guide from Verdaccio 5 to Verdaccio 6
+# Migration Guide from Verdaccio 5 to Verdaccio 6
 
 Notes regarding breaking changes for next major release.
 
-> This list might growth over the development.
+> This list might growth over the course of development.
 
-## Breaking changes
+## Breaking Changes
 
 ### New node-api interface [#2165](https://github.com/verdaccio/verdaccio/pull/2165)
 
-If you are using the node-api, the new structure is Promise based and less arguments.
+If you are using the `node-api`, the new structure is Promise based and less arguments.
 
 ```js
 import { runServer } from '@verdaccio/node-api';
@@ -22,7 +22,7 @@ app.listen(4000, (event) => {
 });
 ```
 
-### allow other password hashing algorithms [#1917](https://github.com/verdaccio/verdaccio/pull/1917)
+### Allow other password hashing algorithms [#1917](https://github.com/verdaccio/verdaccio/pull/1917)
 
 The current implementation of the `htpasswd` module supports multiple hash formats on verify, but only `crypt` on sign in.
 `crypt` is an insecure old format, so to improve the security of the new `verdaccio` release we introduce the support of multiple hash algorithms on sign in step.
@@ -53,21 +53,28 @@ htpasswd:
 
 - The `experiments` configuration is renamed to `flags`. The functionality is exactly the same.
 
-```js
-flags: token: false;
-search: false;
+```yaml
+flags:
+  token: false;
+  search: false;
 ```
 
 - The `self_path` property from the config file is being removed in favor of `config_file` full path.
 - Refactor `config` module, better types and utilities
 
-### legacy token signature by removing crypto.createDecipher is deprecated [#1953](https://github.com/verdaccio/verdaccio/pull/1953)
+### Legacy token signature by removing crypto.createDecipher is deprecated [#1953](https://github.com/verdaccio/verdaccio/pull/1953)
 
 - Replace signature handler for legacy tokens by removing deprecated crypto.createDecipher by createCipheriv
 - **The new signature invalidates all previous tokens generated by Verdaccio 5 or previous versions**.
 - The secret key must have 32 characters long
   > Remediation, update `.verdaccio-db.json` secret field with a secret key with 32 characters.
 
+### Legacy token secret length
+
+If the migration to v6 include an update to node 22 or higher, be aware that token secrets with a length other than 32 are not
+supported anymore. A new secret will be generated. See [docs](https://verdaccio.org/docs/6.x/configuration#legacy-token-signature)
+for more details.
+
 #### New environment variables
 
 Introduce environment variables for legacy tokens.

e2e/cli/cli-commons/package.json

@@ -5,16 +5,16 @@
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
   "devDependencies": {
-    "@verdaccio/config": "workspace:7.0.0-next-7.15",
-    "@verdaccio/core": "workspace:7.0.0-next-7.15",
-    "@verdaccio/types": "workspace:12.0.0-next-7.3",
+    "@verdaccio/config": "workspace:7.0.0-next-7.17",
+    "@verdaccio/core": "workspace:7.0.0-next-7.17",
+    "@verdaccio/types": "workspace:12.0.0-next-7.4",
     "debug": "4.3.4",
     "fs-extra": "11.2.0",
     "get-port": "5.1.1",
     "got": "11.8.6",
     "js-yaml": "4.1.0",
     "lodash": "4.17.21",
-    "verdaccio": "workspace:7.0.0-next-7.15"
+    "verdaccio": "workspace:7.0.0-next-7.17"
   },
   "scripts": {
     "test": "jest",

e2e/ui/package.json

@@ -3,9 +3,9 @@
   "name": "@verdaccio/e2e-ui",
   "version": "2.0.0",
   "devDependencies": {
-    "verdaccio": "workspace:7.0.0-next-7.15",
-    "@verdaccio/core": "workspace:7.0.0-next-7.15",
-    "@verdaccio/config": "workspace:7.0.0-next-7.15",
+    "verdaccio": "workspace:7.0.0-next-7.17",
+    "@verdaccio/core": "workspace:7.0.0-next-7.17",
+    "@verdaccio/config": "workspace:7.0.0-next-7.17",
     "@verdaccio/test-helper": "workspace:3.0.0-next-7.2",
     "debug": "4.3.4",
     "cypress": "^13.6.0",

package.json

@@ -61,6 +61,9 @@
     "@types/http-errors": "2.0.4",
     "@types/jest": "29.5.11",
     "@types/jsonwebtoken": "9.0.5",
+    "@types/yeoman-environment": "2.10.11",
+    "@types/yeoman-generator": "5.2.14",
+    "@types/yeoman-test": "4.0.6",
     "@types/lodash": "4.14.202",
     "@types/mime": "3.0.4",
     "@types/minimatch": "5.1.2",
@@ -127,7 +130,7 @@
     "verdaccio-auth-memory": "workspace:*",
     "verdaccio-htpasswd": "workspace:*",
     "verdaccio-memory": "workspace:*",
-    "vitest": "0.34.6"
+    "vitest": "1.6.0"
   },
   "scripts": {
     "prepare": "husky install",

packages/api/CHANGELOG.md

@@ -1,5 +1,34 @@
 # @verdaccio/api
 
+## 7.0.0-next-7.17
+
+### Patch Changes
+
+- 6e764e3: feat: add support for npm owner
+- Updated dependencies [6e764e3]
+- Updated dependencies [de6ff5c]
+  - @verdaccio/config@7.0.0-next-7.17
+  - @verdaccio/core@7.0.0-next-7.17
+  - @verdaccio/store@7.0.0-next-7.17
+  - @verdaccio/auth@7.0.0-next-7.17
+  - @verdaccio/logger@7.0.0-next-7.17
+  - @verdaccio/middleware@7.0.0-next-7.17
+  - @verdaccio/utils@7.0.0-next-7.17
+
+## 7.0.0-next-7.16
+
+### Patch Changes
+
+- Updated dependencies [e5624e1]
+- Updated dependencies [5bfab62]
+  - @verdaccio/store@7.0.0-next-7.16
+  - @verdaccio/logger@7.0.0-next-7.16
+  - @verdaccio/middleware@7.0.0-next-7.16
+  - @verdaccio/auth@7.0.0-next-7.16
+  - @verdaccio/core@7.0.0-next-7.16
+  - @verdaccio/config@7.0.0-next-7.16
+  - @verdaccio/utils@7.0.0-next-7.16
+
 ## 7.0.0-next-7.15
 
 ### Patch Changes

packages/api/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/api",
-  "version": "7.0.0-next-7.15",
+  "version": "7.0.0-next-7.17",
   "description": "loaders logic",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -38,25 +38,25 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@verdaccio/auth": "workspace:7.0.0-next-7.15",
-    "@verdaccio/config": "workspace:7.0.0-next-7.15",
-    "@verdaccio/core": "workspace:7.0.0-next-7.15",
-    "@verdaccio/logger": "workspace:7.0.0-next-7.15",
-    "@verdaccio/middleware": "workspace:7.0.0-next-7.15",
-    "@verdaccio/store": "workspace:7.0.0-next-7.15",
-    "@verdaccio/utils": "workspace:7.0.0-next-7.15",
+    "@verdaccio/auth": "workspace:7.0.0-next-7.17",
+    "@verdaccio/config": "workspace:7.0.0-next-7.17",
+    "@verdaccio/core": "workspace:7.0.0-next-7.17",
+    "@verdaccio/logger": "workspace:7.0.0-next-7.17",
+    "@verdaccio/middleware": "workspace:7.0.0-next-7.17",
+    "@verdaccio/store": "workspace:7.0.0-next-7.17",
+    "@verdaccio/utils": "workspace:7.0.0-next-7.17",
     "abortcontroller-polyfill": "1.7.5",
     "body-parser": "1.20.2",
     "cookies": "0.9.0",
     "debug": "4.3.4",
-    "express": "4.18.3",
+    "express": "4.19.2",
     "lodash": "4.17.21",
     "mime": "2.6.0",
-    "semver": "7.6.0"
+    "semver": "7.6.2"
   },
   "devDependencies": {
     "@verdaccio/test-helper": "workspace:3.0.0-next-7.2",
-    "@verdaccio/types": "workspace:12.0.0-next-7.3",
+    "@verdaccio/types": "workspace:12.0.0-next-7.4",
     "mockdate": "3.0.5",
     "nock": "13.5.1",
     "supertest": "6.3.4"

packages/api/src/package.ts

@@ -28,6 +28,7 @@ export default function (route: Router, auth: Auth, storage: Storage): void {
       const name = req.params.package;
       let version = req.params.version;
       const write = req.query.write === 'true';
+      const username = req?.remote_user?.name;
       const abbreviated =
         stringUtils.getByQualityPriorityValue(req.get('Accept')) === Storage.ABBREVIATED_HEADER;
       const requestOptions = {
@@ -37,6 +38,7 @@ export default function (route: Router, auth: Auth, storage: Storage): void {
         host: req.host,
         remoteAddress: req.socket.remoteAddress,
         byPassCache: write,
+        username,
       };
 
       try {

packages/api/src/publish.ts

@@ -76,11 +76,11 @@ const debug = buildDebug('verdaccio:api:publish');
    * 
    * 3. Star a package
    *
-   * Permissions: start a package depends of the publish and unpublish permissions, there is no
-   * specific flag for star or un start.
+   * Permissions: staring a package depends of the publish and unpublish permissions, there is no
+   * specific flag for star or unstar.
    * The URL for star is similar to the unpublish (change package format)
    *
-   * npm has no endpoint for star a package, rather mutate the metadata and acts as, the difference
+   * npm has no endpoint for staring a package, rather mutate the metadata and acts as, the difference
    * is the users property which is part of the payload and the body only includes
    *
    * {
@@ -89,7 +89,24 @@ const debug = buildDebug('verdaccio:api:publish');
 		  "users": {
 		    [username]: boolean value (true, false)
 		  }
-	}
+	   }
+   *
+   * 4. Change owners of a package
+   *
+   * Similar to staring a package, changing owners (maintainers) of a package uses the publish
+   * endpoint. 
+   *
+   * The body includes a list of the new owners with the following format
+   *
+   * {
+		  "_id": pkgName,
+	  	"_rev": "4-b0cdaefc9bdb77c8",
+		  "maintainers": [
+        { "name": "first owner", "email": "me@verdaccio.org" },
+        { "name": "second owner", "email": "you@verdaccio.org" },
+        ...
+		  ]
+	   }
    *
    */
 export default function publish(router: Router, auth: Auth, storage: Storage): void {
@@ -127,10 +144,11 @@ export default function publish(router: Router, auth: Auth, storage: Storage): v
     async function (req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer) {
       const packageName = req.params.package;
       const rev = req.params.revision;
+      const username = req?.remote_user?.name;
 
       logger.debug({ packageName }, `unpublishing @{packageName}`);
       try {
-        await storage.removePackage(packageName, rev);
+        await storage.removePackage(packageName, rev, username);
         debug('package %s unpublished', packageName);
         res.status(HTTP_STATUS.CREATED);
         return next({ ok: API_MESSAGE.PKG_REMOVED });
@@ -155,13 +173,14 @@ export default function publish(router: Router, auth: Auth, storage: Storage): v
     ): Promise<void> {
       const packageName = req.params.package;
       const { filename, revision } = req.params;
+      const username = req?.remote_user?.name;
 
       logger.debug(
         { packageName, filename, revision },
         `removing a tarball for @{packageName}-@{tarballName}-@{revision}`
       );
       try {
-        await storage.removeTarball(packageName, filename, revision);
+        await storage.removeTarball(packageName, filename, revision, username);
         res.status(HTTP_STATUS.CREATED);
 
         logger.debug(
@@ -188,6 +207,12 @@ export function publishPackage(storage: Storage): any {
     const metadata = req.body;
     const username = req?.remote_user?.name;
 
+    debug('publishing package %o for user %o', packageName, username);
+    logger.debug(
+      { packageName, username },
+      'publishing package @{packageName} for user @{username}'
+    );
+
     try {
       const message = await storage.updateManifest(metadata, {
         name: packageName,

packages/api/src/user.ts

@@ -27,10 +27,22 @@ export default function (route: Router, auth: Auth, config: Config): void {
     rateLimit(config?.userRateLimit),
     function (req: $RequestExtend, res: Response, next: $NextFunctionVer): void {
       debug('verifying user');
+
+      if (typeof req.remote_user.name !== 'string' || req.remote_user.name === '') {
+        debug('user not logged in');
+        res.status(HTTP_STATUS.OK);
+        return next({ ok: false });
+      }
+
+      const username = req.params.org_couchdb_user.split(':')[1];
       const message = getAuthenticatedMessage(req.remote_user.name);
       debug('user authenticated message %o', message);
       res.status(HTTP_STATUS.OK);
       next({
+        // 'npm owner' requires user info
+        // TODO: we don't have the email
+        name: username,
+        email: '',
         ok: message,
       });
     }
@@ -61,6 +73,10 @@ export default function (route: Router, auth: Auth, config: Config): void {
       debug('login or adduser');
       const remoteName = req?.remote_user?.name;
 
+      if (!validatioUtils.validateUserName(req.params.org_couchdb_user, name)) {
+        return next(errorUtils.getBadRequest(API_ERROR.USERNAME_MISMATCH));
+      }
+
       if (typeof remoteName !== 'undefined' && typeof name === 'string' && remoteName === name) {
         debug('login: no remote user detected');
         auth.authenticate(
@@ -97,6 +113,7 @@ export default function (route: Router, auth: Auth, config: Config): void {
           }
         );
       } else {
+        debug('adduser: %o', name);
         if (
           validatioUtils.validatePassword(
             password,

packages/api/test/integration/_helper.ts

@@ -11,7 +11,7 @@ import {
   generatePackageMetadata,
   initializeServer as initializeServerHelper,
 } from '@verdaccio/test-helper';
-import { GenericBody, PackageUsers } from '@verdaccio/types';
+import { Author, GenericBody, PackageUsers } from '@verdaccio/types';
 import { buildToken, generateRandomHexString } from '@verdaccio/utils';
 
 import apiMiddleware from '../../src';
@@ -142,6 +142,37 @@ export function starPackage(
   return test;
 }
 
+export function changeOwners(
+  app,
+  options: {
+    maintainers: Author[];
+    name: string;
+    _rev: string;
+    _id?: string;
+  },
+  token?: string
+): supertest.Test {
+  const { _rev, _id, maintainers } = options;
+  const ownerManifest = {
+    _rev,
+    _id,
+    maintainers,
+  };
+
+  const test = supertest(app)
+    .put(`/${encodeURIComponent(options.name)}`)
+    .set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)
+    .send(JSON.stringify(ownerManifest))
+    .set('accept', HEADERS.GZIP)
+    .set(HEADER_TYPE.ACCEPT_ENCODING, HEADERS.JSON);
+
+  if (typeof token === 'string') {
+    test.set(HEADERS.AUTHORIZATION, buildToken(TOKEN_BEARER, token));
+  }
+
+  return test;
+}
+
 export function getDisTags(app, pkgName) {
   return supertest(app)
     .get(`/-/package/${encodeURIComponent(pkgName)}/dist-tags`)

packages/api/test/integration/config/owner.yaml

@@ -0,0 +1,24 @@
+storage: ./storage
+
+auth:
+  htpasswd:
+    file: ./htpasswd-owner
+
+web:
+  enable: true
+  title: verdaccio
+
+log: { type: stdout, format: pretty, level: info }
+
+# TODO: Add test case for $owner access
+packages:
+  '@*/*':
+    access: $all
+    publish: $authenticated
+    unpublish: $authenticated
+  '**':
+    access: $all
+    publish: $authenticated
+    unpublish: $authenticated
+
+_debug: true

packages/api/test/integration/owner.spec.ts

@@ -0,0 +1,118 @@
+/* eslint-disable jest/no-commented-out-tests */
+import nock from 'nock';
+
+import { HTTP_STATUS } from '@verdaccio/core';
+
+import {
+  changeOwners,
+  createUser,
+  getPackage,
+  initializeServer,
+  publishVersionWithToken,
+} from './_helper';
+
+describe('owner', () => {
+  test.each([['foo', '@scope%2Ffoo']])('should get owner of package', async (pkgName) => {
+    nock('https://registry.npmjs.org').get(`/${pkgName}`).reply(404);
+    const app = await initializeServer('owner.yaml');
+    const credentials = { name: 'test', password: 'test' };
+    const response = await createUser(app, credentials.name, credentials.password);
+    expect(response.body.ok).toMatch(`user '${credentials.name}' created`);
+    await publishVersionWithToken(app, pkgName, '1.0.0', response.body.token).expect(
+      HTTP_STATUS.CREATED
+    );
+
+    // expect publish to set owner to logged in user
+    const manifest = await getPackage(app, '', decodeURIComponent(pkgName));
+    const maintainers = manifest.body.maintainers;
+    expect(maintainers).toHaveLength(1);
+    // TODO: This should eventually include the email of the user
+    expect(maintainers).toEqual([{ name: credentials.name, email: '' }]);
+  });
+
+  test.each([['foo', '@scope%2Ffoo']])('should add/remove owner to package', async (pkgName) => {
+    nock('https://registry.npmjs.org').get(`/${pkgName}`).reply(404);
+    const app = await initializeServer('owner.yaml');
+    const credentials = { name: 'test', password: 'test' };
+    const firstOwner = { name: 'test', email: '' };
+    const response = await createUser(app, credentials.name, credentials.password);
+    expect(response.body.ok).toMatch(`user '${credentials.name}' created`);
+    await publishVersionWithToken(app, pkgName, '1.0.0', response.body.token).expect(
+      HTTP_STATUS.CREATED
+    );
+
+    // publish sets owner to logged in user
+    const manifest = await getPackage(app, '', decodeURIComponent(pkgName));
+    const maintainers = manifest.body.maintainers;
+    expect(maintainers).toHaveLength(1);
+    expect(maintainers).toEqual([firstOwner]);
+
+    // add another owner
+    const secondOwner = { name: 'tester', email: 'test@verdaccio.org' };
+    const newOwners = [...maintainers, secondOwner];
+    await changeOwners(
+      app,
+      {
+        _rev: manifest.body._rev,
+        _id: manifest.body._id,
+        name: pkgName,
+        maintainers: newOwners,
+      },
+      response.body.token
+    ).expect(HTTP_STATUS.CREATED);
+
+    const manifest2 = await getPackage(app, '', decodeURIComponent(pkgName));
+    const maintainers2 = manifest2.body.maintainers;
+    expect(maintainers2).toHaveLength(2);
+    expect(maintainers2).toEqual([firstOwner, secondOwner]);
+
+    // remove original owner
+    await changeOwners(
+      app,
+      {
+        _rev: manifest2.body._rev,
+        _id: manifest2.body._id,
+        name: pkgName,
+        maintainers: [secondOwner],
+      },
+      response.body.token
+    ).expect(HTTP_STATUS.CREATED);
+
+    const manifest3 = await getPackage(app, '', decodeURIComponent(pkgName));
+    const maintainers3 = manifest3.body.maintainers;
+    expect(maintainers3).toHaveLength(1);
+    expect(maintainers3).toEqual([secondOwner]);
+  });
+
+  test.each([['foo', '@scope%2Ffoo']])('should fail if user is not logged in', async (pkgName) => {
+    nock('https://registry.npmjs.org').get(`/${pkgName}`).reply(404);
+    const app = await initializeServer('owner.yaml');
+    const credentials = { name: 'test', password: 'test' };
+    const firstOwner = { name: 'test', email: '' };
+    const response = await createUser(app, credentials.name, credentials.password);
+    expect(response.body.ok).toMatch(`user '${credentials.name}' created`);
+    await publishVersionWithToken(app, pkgName, '1.0.0', response.body.token).expect(
+      HTTP_STATUS.CREATED
+    );
+
+    // publish sets owner to logged in user
+    const manifest = await getPackage(app, '', decodeURIComponent(pkgName));
+    const maintainers = manifest.body.maintainers;
+    expect(maintainers).toHaveLength(1);
+    expect(maintainers).toEqual([firstOwner]);
+
+    // try adding another owner
+    const secondOwner = { name: 'tester', email: 'test@verdaccio.org' };
+    const newOwners = [...maintainers, secondOwner];
+    await changeOwners(
+      app,
+      {
+        _rev: manifest.body._rev,
+        _id: manifest.body._id,
+        name: pkgName,
+        maintainers: newOwners,
+      },
+      '' // no token
+    ).expect(HTTP_STATUS.UNAUTHORIZED);
+  });
+});

packages/api/test/integration/search.spec.ts

@@ -43,6 +43,12 @@ describe('search', () => {
               links: {
                 npm: '',
               },
+              maintainers: [
+                {
+                  email: '',
+                  name: 'test',
+                },
+              ],
               name: pkg,
               publisher: {},
               scope: '',
@@ -97,6 +103,12 @@ describe('search', () => {
               links: {
                 npm: '',
               },
+              maintainers: [
+                {
+                  email: '',
+                  name: 'test',
+                },
+              ],
               name: pkg,
               publisher: {},
               scope: '@scope',

packages/api/test/integration/user.spec.ts

@@ -148,6 +148,25 @@ describe('token', () => {
           .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
           .expect(HTTP_STATUS.OK);
         expect(response2.body.ok).toBe(`you are authenticated as '${credentials.name}'`);
+        expect(response2.body.name).toBe(credentials.name);
+      }
+    );
+
+    test.each([['user.yaml'], ['user.jwt.yaml']])(
+      'should return name of requested user',
+      async (conf) => {
+        const app = await initializeServer(conf);
+        const username = 'yeti';
+        const credentials = { name: 'jota', password: 'secretPass' };
+        const response = await createUser(app, credentials.name, credentials.password);
+        expect(response.body.ok).toMatch(`user '${credentials.name}' created`);
+        const response3 = await supertest(app)
+          .get(`/-/user/org.couchdb.user:${username}`)
+          .set(HEADERS.AUTHORIZATION, buildToken(TOKEN_BEARER, response.body.token))
+          .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
+          .expect(HTTP_STATUS.OK);
+        expect(response3.body.ok).toBe(`you are authenticated as '${credentials.name}'`);
+        expect(response3.body.name).toBe(username);
       }
     );
 
@@ -165,5 +184,38 @@ describe('token', () => {
         .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
         .expect(HTTP_STATUS.OK);
     });
+
+    test.each([['user.yaml'], ['user.jwt.yaml']])(
+      'should return "false" if user is not logged in',
+      async (conf) => {
+        const app = await initializeServer(conf);
+        const credentials = { name: 'jota', password: '' };
+        const response = await supertest(app)
+          .get(`/-/user/org.couchdb.user:${credentials.name}`)
+          .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
+          .expect(HTTP_STATUS.OK);
+        expect(response.body.ok).toBe(false);
+      }
+    );
+
+    test.each([['user.yaml'], ['user.jwt.yaml']])(
+      'should fail if URL does not match user in request body',
+      async (conf) => {
+        const app = await initializeServer(conf);
+        const credentials = { name: 'jota', password: 'secretPass' };
+        const response = await createUser(app, credentials.name, credentials.password);
+        expect(response.body.ok).toMatch(`user '${credentials.name}' created`);
+        const response2 = await supertest(app)
+          .put('/-/user/org.couchdb.user:yeti') // different user
+          .set(HEADERS.AUTHORIZATION, buildToken(TOKEN_BEARER, response.body.token))
+          .send({
+            name: credentials.name,
+            password: credentials.password,
+          })
+          .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
+          .expect(HTTP_STATUS.BAD_REQUEST);
+        expect(response2.body.error).toBe(API_ERROR.USERNAME_MISMATCH);
+      }
+    );
   });
 });

packages/auth/CHANGELOG.md

@@ -1,5 +1,30 @@
 # @verdaccio/auth
 
+## 7.0.0-next-7.17
+
+### Patch Changes
+
+- Updated dependencies [6e764e3]
+  - @verdaccio/config@7.0.0-next-7.17
+  - @verdaccio/core@7.0.0-next-7.17
+  - @verdaccio/loaders@7.0.0-next-7.17
+  - @verdaccio/logger@7.0.0-next-7.17
+  - verdaccio-htpasswd@12.0.0-next-7.17
+  - @verdaccio/signature@7.0.0-next-7.5
+  - @verdaccio/utils@7.0.0-next-7.17
+
+## 7.0.0-next-7.16
+
+### Patch Changes
+
+- @verdaccio/logger@7.0.0-next-7.16
+- @verdaccio/loaders@7.0.0-next-7.16
+- verdaccio-htpasswd@12.0.0-next-7.16
+- @verdaccio/core@7.0.0-next-7.16
+- @verdaccio/config@7.0.0-next-7.16
+- @verdaccio/utils@7.0.0-next-7.16
+- @verdaccio/signature@7.0.0-next-7.5
+
 ## 7.0.0-next-7.15
 
 ### Minor Changes

packages/auth/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/auth",
-  "version": "7.0.0-next-7.15",
+  "version": "7.0.0-next-7.17",
   "description": "logger",
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
@@ -38,21 +38,21 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@verdaccio/core": "workspace:7.0.0-next-7.15",
-    "@verdaccio/config": "workspace:7.0.0-next-7.15",
-    "@verdaccio/loaders": "workspace:7.0.0-next-7.15",
-    "@verdaccio/logger": "workspace:7.0.0-next-7.15",
+    "@verdaccio/core": "workspace:7.0.0-next-7.17",
+    "@verdaccio/config": "workspace:7.0.0-next-7.17",
+    "@verdaccio/loaders": "workspace:7.0.0-next-7.17",
+    "@verdaccio/logger": "workspace:7.0.0-next-7.17",
     "@verdaccio/signature": "workspace:7.0.0-next-7.5",
-    "@verdaccio/utils": "workspace:7.0.0-next-7.15",
+    "@verdaccio/utils": "workspace:7.0.0-next-7.17",
     "debug": "4.3.4",
     "lodash": "4.17.21",
-    "verdaccio-htpasswd": "workspace:12.0.0-next-7.15"
+    "verdaccio-htpasswd": "workspace:12.0.0-next-7.17"
   },
   "devDependencies": {
-    "express": "4.18.3",
+    "express": "4.19.2",
     "supertest": "6.3.4",
-    "@verdaccio/middleware": "workspace:7.0.0-next-7.15",
-    "@verdaccio/types": "workspace:12.0.0-next-7.3"
+    "@verdaccio/middleware": "workspace:7.0.0-next-7.17",
+    "@verdaccio/types": "workspace:12.0.0-next-7.4"
   },
   "funding": {
     "type": "opencollective",

packages/cli/CHANGELOG.md

@@ -1,5 +1,25 @@
 # @verdaccio/cli
 
+## 7.0.0-next-7.17
+
+### Patch Changes
+
+- 199aea3: chore: add config location and loglevel to startup log
+- Updated dependencies [6e764e3]
+  - @verdaccio/config@7.0.0-next-7.17
+  - @verdaccio/core@7.0.0-next-7.17
+  - @verdaccio/logger@7.0.0-next-7.17
+  - @verdaccio/node-api@7.0.0-next-7.17
+
+## 7.0.0-next-7.16
+
+### Patch Changes
+
+- @verdaccio/logger@7.0.0-next-7.16
+- @verdaccio/node-api@7.0.0-next-7.16
+- @verdaccio/core@7.0.0-next-7.16
+- @verdaccio/config@7.0.0-next-7.16
+
 ## 7.0.0-next-7.15
 
 ### Patch Changes

packages/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/cli",
-  "version": "7.0.0-next-7.15",
+  "version": "7.0.0-next-7.17",
   "author": {
     "name": "Juan Picado",
     "email": "juanpicado19@gmail.com"
@@ -43,14 +43,14 @@
     "start": "ts-node src/index.ts"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:7.0.0-next-7.15",
-    "@verdaccio/config": "workspace:7.0.0-next-7.15",
-    "@verdaccio/logger": "workspace:7.0.0-next-7.15",
-    "@verdaccio/node-api": "workspace:7.0.0-next-7.15",
+    "@verdaccio/core": "workspace:7.0.0-next-7.17",
+    "@verdaccio/config": "workspace:7.0.0-next-7.17",
+    "@verdaccio/logger": "workspace:7.0.0-next-7.17",
+    "@verdaccio/node-api": "workspace:7.0.0-next-7.17",
     "clipanion": "3.2.1",
     "envinfo": "7.11.0",
     "kleur": "4.1.5",
-    "semver": "7.6.0"
+    "semver": "7.6.2"
   },
   "devDependencies": {
     "ts-node": "10.9.2"

packages/cli/src/commands/init.ts

@@ -58,6 +58,8 @@ export class InitCommand extends Command {
       const configPathLocation = findConfigFile(this.config as string);
       const configParsed = parseConfigFile(configPathLocation);
       this.initLogger(configParsed);
+      logger.info({ file: configPathLocation }, 'using config file: @{file}');
+      logger.info('log level: %s', configParsed.log?.level || 'default');
       const { web } = configParsed;
 
       process.title = web?.title || DEFAULT_PROCESS_NAME;

packages/config/CHANGELOG.md

@@ -1,5 +1,21 @@
 # @verdaccio/config
 
+## 7.0.0-next-7.17
+
+### Patch Changes
+
+- 6e764e3: feat: add support for npm owner
+- Updated dependencies [6e764e3]
+  - @verdaccio/core@7.0.0-next-7.17
+  - @verdaccio/utils@7.0.0-next-7.17
+
+## 7.0.0-next-7.16
+
+### Patch Changes
+
+- @verdaccio/core@7.0.0-next-7.16
+- @verdaccio/utils@7.0.0-next-7.16
+
 ## 7.0.0-next-7.15
 
 ### Minor Changes

packages/config/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/config",
-  "version": "7.0.0-next-7.15",
+  "version": "7.0.0-next-7.17",
   "description": "logger",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -38,8 +38,8 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:7.0.0-next-7.15",
-    "@verdaccio/utils": "workspace:7.0.0-next-7.15",
+    "@verdaccio/core": "workspace:7.0.0-next-7.17",
+    "@verdaccio/utils": "workspace:7.0.0-next-7.17",
     "debug": "4.3.4",
     "js-yaml": "4.1.0",
     "lodash": "4.17.21",

packages/config/src/conf/default.yaml

@@ -113,6 +113,7 @@ server:
 # https://verdaccio.org/docs/configuration#offline-publish
 # publish:
 #   allow_offline: false
+#   check_owner: false
 
 # https://verdaccio.org/docs/configuration#url-prefix
 # url_prefix: /verdaccio/

packages/config/src/conf/docker.yaml

@@ -119,6 +119,7 @@ server:
 # https://verdaccio.org/docs/configuration#offline-publish
 # publish:
 #   allow_offline: false
+#   check_owner: false
 
 # https://verdaccio.org/docs/configuration#url-prefix
 # url_prefix: /verdaccio/

packages/core/core/CHANGELOG.md

@@ -1,5 +1,13 @@
 # @verdaccio/core
 
+## 7.0.0-next-7.17
+
+### Patch Changes
+
+- 6e764e3: feat: add support for npm owner
+
+## 7.0.0-next-7.16
+
 ## 7.0.0-next-7.15
 
 ### Minor Changes

packages/core/core/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/core",
-  "version": "7.0.0-next-7.15",
+  "version": "7.0.0-next-7.17",
   "description": "core utilities",
   "keywords": [
     "private",
@@ -35,7 +35,7 @@
   "dependencies": {
     "http-errors": "2.0.0",
     "http-status-codes": "2.3.0",
-    "semver": "7.6.0",
+    "semver": "7.6.2",
     "ajv": "8.12.0",
     "process-warning": "1.0.0",
     "core-js": "3.35.0"
@@ -44,7 +44,7 @@
     "lodash": "4.17.21",
     "typedoc": "0.23.25",
     "typedoc-plugin-missing-exports": "latest",
-    "@verdaccio/types": "workspace:12.0.0-next-7.3"
+    "@verdaccio/types": "workspace:12.0.0-next-7.4"
   },
   "scripts": {
     "clean": "rimraf ./build",

packages/core/core/src/constants.ts

@@ -6,6 +6,7 @@ export const TIME_EXPIRATION_1H = '1h';
 export const DIST_TAGS = 'dist-tags';
 export const LATEST = 'latest';
 export const USERS = 'users';
+export const MAINTAINERS = 'maintainers';
 export const DEFAULT_USER = 'Anonymous';
 
 export const HEADER_TYPE = {

packages/core/core/src/error-utils.ts

@@ -39,6 +39,7 @@ export const API_ERROR = {
   BAD_PACKAGE_DATA: 'bad incoming package data',
   USERNAME_PASSWORD_REQUIRED: 'username and password is required',
   USERNAME_ALREADY_REGISTERED: 'username is already registered',
+  USERNAME_MISMATCH: 'username does not match logged in user',
 };
 
 export const SUPPORT_ERRORS = {

packages/core/core/src/index.ts

@@ -23,6 +23,7 @@ export {
   DEFAULT_PASSWORD_VALIDATION,
   DEFAULT_USER,
   USERS,
+  MAINTAINERS,
   HtpasswdHashAlgorithm,
 } from './constants';
 const validationUtils = validatioUtils;

packages/core/core/src/validation-utils.ts

@@ -2,7 +2,7 @@ import assert from 'assert';
 
 import { Manifest } from '@verdaccio/types';
 
-import { DEFAULT_PASSWORD_VALIDATION, DIST_TAGS } from './constants';
+import { DEFAULT_PASSWORD_VALIDATION, DIST_TAGS, MAINTAINERS } from './constants';
 
 export { validatePublishSingleVersion } from './schemes/publish-manifest';
 
@@ -67,7 +67,6 @@ export function validatePackage(name: string): boolean {
  * @param {*} manifest
  * @param {*} name
  * @return {Object} the object with additional properties as dist-tags ad versions
- * FUTURE: rename to normalizeMetadata
  */
 export function normalizeMetadata(manifest: Manifest, name: string): Manifest {
   assert.strictEqual(manifest.name, name);
@@ -77,7 +76,11 @@ export function normalizeMetadata(manifest: Manifest, name: string): Manifest {
     _manifest[DIST_TAGS] = {};
   }
 
-  // This may not be nee dit
+  if (!Array.isArray(manifest[MAINTAINERS])) {
+    _manifest[MAINTAINERS] = [];
+  }
+
+  // This may not be needed
   if (!isObject(manifest['versions'])) {
     _manifest['versions'] = {};
   }
@@ -114,3 +117,11 @@ export function validatePassword(
     ? password.match(validation) !== null
     : false;
 }
+
+export function validateUserName(userName: any, expectedName: string): boolean {
+  return (
+    typeof userName === 'string' &&
+    userName.split(':')[0] === 'org.couchdb.user' &&
+    userName.split(':')[1] === expectedName
+  );
+}

packages/core/core/test/validation-utilts.spec.ts

@@ -6,6 +6,7 @@ import {
   validateName,
   validatePackage,
   validatePassword,
+  validateUserName,
 } from '../src/validation-utils';
 
 describe('validatePackage', () => {
@@ -224,3 +225,17 @@ describe('validatePassword', () => {
     expect(validatePassword('1235678910')).toBeTruthy();
   });
 });
+
+describe('validateUserName', () => {
+  test('should validate username according to expected name', () => {
+    expect(validateUserName('org.couchdb.user:test', 'test')).toBeTruthy();
+  });
+
+  test('should fail to validate username if different from expected name', () => {
+    expect(validateUserName('org.couchdb.user:foouser', 'test')).toBeFalsy();
+  });
+
+  test('should fail to validate username if not given', () => {
+    expect(validateUserName(undefined, 'test')).toBeFalsy();
+  });
+});

packages/core/file-locking/package.json

@@ -39,7 +39,7 @@
     "lockfile": "1.0.4"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:12.0.0-next-7.3"
+    "@verdaccio/types": "workspace:12.0.0-next-7.4"
   },
   "scripts": {
     "clean": "rimraf ./build",

packages/core/tarball/CHANGELOG.md

@@ -1,5 +1,24 @@
 # Change Log
 
+## 12.0.0-next-7.17
+
+### Patch Changes
+
+- Updated dependencies [6e764e3]
+  - @verdaccio/core@7.0.0-next-7.17
+  - @verdaccio/url@12.0.0-next-7.17
+  - @verdaccio/utils@7.0.0-next-7.17
+
+## 12.0.0-next-7.16
+
+### Patch Changes
+
+- 5bfab62: feat: add tarball details for published packages
+- Updated dependencies [38b1e82]
+  - @verdaccio/url@12.0.0-next-7.16
+  - @verdaccio/core@7.0.0-next-7.16
+  - @verdaccio/utils@7.0.0-next-7.16
+
 ## 12.0.0-next-7.15
 
 ### Patch Changes

packages/core/tarball/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/tarball",
-  "version": "12.0.0-next-7.15",
+  "version": "12.0.0-next-7.17",
   "description": "tarball utilities resolver",
   "keywords": [
     "private",
@@ -33,14 +33,16 @@
     "access": "public"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:7.0.0-next-7.15",
-    "@verdaccio/url": "workspace:12.0.0-next-7.15",
-    "@verdaccio/utils": "workspace:7.0.0-next-7.15",
+    "@verdaccio/core": "workspace:7.0.0-next-7.17",
+    "@verdaccio/url": "workspace:12.0.0-next-7.17",
+    "@verdaccio/utils": "workspace:7.0.0-next-7.17",
     "debug": "4.3.4",
-    "lodash": "4.17.21"
+    "gunzip-maybe": "^1.4.2",
+    "lodash": "4.17.21",
+    "tar-stream": "^3.1.7"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:12.0.0-next-7.3",
+    "@verdaccio/types": "workspace:12.0.0-next-7.4",
     "node-mocks-http": "1.14.1"
   },
   "scripts": {

packages/core/tarball/src/getTarballDetails.ts

@@ -0,0 +1,34 @@
+import gunzipMaybe from 'gunzip-maybe';
+import { Readable } from 'stream';
+import * as tarStream from 'tar-stream';
+
+export type TarballDetails = {
+  fileCount: number;
+  unpackedSize: number; // in bytes
+};
+
+export async function getTarballDetails(buffer: Buffer): Promise<TarballDetails> {
+  let fileCount = 0;
+  let unpackedSize = 0;
+  const readable = Readable.from(buffer);
+  const unpack = tarStream.extract();
+
+  return new Promise((resolve, reject) => {
+    readable
+      .pipe(gunzipMaybe())
+      .pipe(unpack)
+      .on('entry', (header, stream, next) => {
+        fileCount++;
+        unpackedSize += Number(header.size);
+        stream.resume(); // important to ensure that "entry" events keep firing
+        next();
+      })
+      .on('finish', () => {
+        resolve({
+          fileCount,
+          unpackedSize,
+        });
+      })
+      .on('error', reject);
+  });
+}

packages/core/tarball/src/index.ts

@@ -5,5 +5,6 @@ export {
   convertDistVersionToLocalTarballsUrl,
 } from './convertDistRemoteToLocalTarballUrls';
 export { extractTarballFromUrl, getLocalRegistryTarballUri } from './getLocalRegistryTarballUri';
+export { getTarballDetails, TarballDetails } from './getTarballDetails';
 
 export { RequestOptions };

packages/core/tarball/tests/getTarballDetails.spec.ts

@@ -0,0 +1,33 @@
+import fs from 'fs';
+import path from 'path';
+
+import { getTarballDetails } from '../src/getTarballDetails.ts';
+
+const getFilePath = (filename: string): string => {
+  return path.resolve(__dirname, `assets/${filename}`);
+};
+
+const getFileBuffer = async (filename: string): Promise<Buffer> => {
+  return fs.promises.readFile(getFilePath(filename));
+};
+
+describe('getTarballDetails', () => {
+  test('should return stats of tarball (gzipped)', async () => {
+    const buffer = await getFileBuffer('tarball.tgz');
+    const details = await getTarballDetails(buffer);
+    expect(details.fileCount).toBe(2);
+    expect(details.unpackedSize).toBe(1280);
+  });
+
+  test('should return stats of tarball (uncompressed)', async () => {
+    const buffer = await getFileBuffer('tarball.tar');
+    const details = await getTarballDetails(buffer);
+    expect(details.fileCount).toBe(2);
+    expect(details.unpackedSize).toBe(1280);
+  });
+
+  test('should throw an error if the buffer is corrupt', async () => {
+    const corruptBuffer = Buffer.from('this is not a tarball');
+    await expect(getTarballDetails(corruptBuffer)).rejects.toThrow();
+  });
+});

packages/core/types/CHANGELOG.md

@@ -1,5 +1,13 @@
 # Change Log
 
+## 12.0.0-next-7.4
+
+### Patch Changes
+
+- 6e764e3: feat: add support for npm owner
+- de6ff5c: fix: update fields for abbreviated manifest
+- 117eb1c: fix: change bundleDependencies to array
+
 ## 12.0.0-next-7.3
 
 ### Minor Changes

packages/core/types/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/types",
-  "version": "12.0.0-next-7.3",
+  "version": "12.0.0-next-7.4",
   "description": "verdaccio types definitions",
   "keywords": [
     "private",

packages/core/types/src/configuration.ts

@@ -196,6 +196,7 @@ export interface Security {
 
 export interface PublishOptions {
   allow_offline: boolean;
+  check_owners: boolean;
 }
 
 export interface ListenAddress {

packages/core/types/src/manifest.ts

@@ -123,7 +123,8 @@ export interface Version {
   devDependencies?: Dependencies;
   optionalDependencies?: Dependencies;
   peerDependenciesMeta?: PeerDependenciesMeta;
-  bundleDependencies?: Dependencies;
+  bundleDependencies?: string[];
+  acceptDependencies?: Dependencies;
   keywords?: string | string[];
   nodeVersion?: string;
   _id: string;
@@ -178,7 +179,9 @@ export interface FullRemoteManifest {
   'dist-tags': GenericBody;
   time: GenericBody;
   versions: Versions;
+  /** store owners of this package */
   maintainers?: Author[];
+  contributors?: Author[];
   /** store the latest readme **/
   readme?: string;
   /** store star assigned to this packages by users */
@@ -223,7 +226,6 @@ export type AbbreviatedVersion = Pick<
   Version,
   | 'name'
   | 'version'
-  | 'description'
   | 'dependencies'
   | 'devDependencies'
   | 'bin'
@@ -231,6 +233,15 @@ export type AbbreviatedVersion = Pick<
   | 'engines'
   | 'funding'
   | 'peerDependencies'
+  | 'cpu'
+  | 'deprecated'
+  | 'directories'
+  | 'hasInstallScript'
+  | 'optionalDependencies'
+  | 'os'
+  | 'peerDependenciesMeta'
+  | 'acceptDependencies'
+  | '_hasShrinkwrap'
 >;
 
 export interface AbbreviatedVersions {

packages/core/url/CHANGELOG.md

@@ -1,5 +1,19 @@
 # Change Log
 
+## 12.0.0-next-7.17
+
+### Patch Changes
+
+- Updated dependencies [6e764e3]
+  - @verdaccio/core@7.0.0-next-7.17
+
+## 12.0.0-next-7.16
+
+### Patch Changes
+
+- 38b1e82: patch(core/url): Throw if VERDACCIO_FORWARDED_PROTO resolves to an array (#4613 by @Tobbe)
+  - @verdaccio/core@7.0.0-next-7.16
+
 ## 12.0.0-next-7.15
 
 ### Patch Changes

packages/core/url/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/url",
-  "version": "12.0.0-next-7.15",
+  "version": "12.0.0-next-7.17",
   "description": "url utilities resolver",
   "keywords": [
     "private",
@@ -33,13 +33,13 @@
     "access": "public"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:7.0.0-next-7.15",
+    "@verdaccio/core": "workspace:7.0.0-next-7.17",
     "debug": "4.3.4",
     "lodash": "4.17.21",
     "validator": "13.11.0"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:12.0.0-next-7.3",
+    "@verdaccio/types": "workspace:12.0.0-next-7.4",
     "node-mocks-http": "1.14.1"
   },
   "scripts": {

packages/core/url/src/index.ts

@@ -121,10 +121,17 @@ export function getPublicUrl(url_prefix: string = '', requestOptions: RequestOpt
       throw new Error('invalid host');
     }
 
+    // 'X-Forwarded-Proto' is the default header
     const protoHeader: string =
       process.env.VERDACCIO_FORWARDED_PROTO?.toLocaleLowerCase() ??
       HEADERS.FORWARDED_PROTO.toLowerCase();
-    const forwardedProtocolHeaderValue = requestOptions.headers[protoHeader] as string | undefined;
+    const forwardedProtocolHeaderValue = requestOptions.headers[protoHeader];
+
+    if (Array.isArray(forwardedProtocolHeaderValue)) {
+      // This really should never happen - only set-cookie is allowed to have
+      // multiple values.
+      throw new Error('invalid forwarded protocol header value. Reading header ' + protoHeader);
+    }
 
     const protocol = getWebProtocol(forwardedProtocolHeaderValue, requestOptions.protocol);
     const combinedUrl = combineBaseUrl(protocol, host, url_prefix);

packages/core/url/tests/getPublicUrl.spec.ts

@@ -316,6 +316,31 @@ describe('env variable', () => {
     delete process.env.VERDACCIO_FORWARDED_PROTO;
   });
 
+  test('with the VERDACCIO_FORWARDED_PROTO environment variable set to "set-cookie"', () => {
+    process.env.VERDACCIO_FORWARDED_PROTO = 'set-cookie';
+    const req = httpMocks.createRequest({
+      method: 'GET',
+      headers: {
+        host: 'some.com',
+        cookie: 'name=value; name2=value2;',
+        'set-cookie': [
+          'cookieName1=value; expires=Tue, 19 Jan 2038 03:14:07 GMT;',
+          'cookieName2=value; expires=Tue, 19 Jan 2038 03:14:07 GMT;',
+        ],
+      },
+      url: '/',
+    });
+
+    expect(() =>
+      getPublicUrl('/test/', {
+        host: req.hostname,
+        headers: req.headers as any,
+        protocol: req.protocol,
+      })
+    ).toThrow('invalid forwarded protocol header value. Reading header set-cookie');
+    delete process.env.VERDACCIO_FORWARDED_PROTO;
+  });
+
   test('with a invalid X-Forwarded-Proto https and host injection with invalid host', () => {
     process.env.VERDACCIO_PUBLIC_URL = 'http://injection.test.com"><svg onload="alert(1)">';
     const req = httpMocks.createRequest({

packages/hooks/CHANGELOG.md

@@ -1,5 +1,20 @@
 # @verdaccio/hooks
 
+## 7.0.0-next-7.17
+
+### Patch Changes
+
+- Updated dependencies [6e764e3]
+  - @verdaccio/core@7.0.0-next-7.17
+  - @verdaccio/logger@7.0.0-next-7.17
+
+## 7.0.0-next-7.16
+
+### Patch Changes
+
+- @verdaccio/logger@7.0.0-next-7.16
+- @verdaccio/core@7.0.0-next-7.16
+
 ## 7.0.0-next-7.15
 
 ### Patch Changes

packages/hooks/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/hooks",
-  "version": "7.0.0-next-7.15",
+  "version": "7.0.0-next-7.17",
   "description": "loaders logic",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -29,17 +29,17 @@
     "node": ">=18"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:7.0.0-next-7.15",
-    "@verdaccio/logger": "workspace:7.0.0-next-7.15",
+    "@verdaccio/core": "workspace:7.0.0-next-7.17",
+    "@verdaccio/logger": "workspace:7.0.0-next-7.17",
     "core-js": "3.35.0",
     "debug": "4.3.4",
     "got-cjs": "12.5.4",
     "handlebars": "4.7.8"
   },
   "devDependencies": {
-    "@verdaccio/auth": "workspace:7.0.0-next-7.15",
-    "@verdaccio/config": "workspace:7.0.0-next-7.15",
-    "@verdaccio/types": "workspace:12.0.0-next-7.3",
+    "@verdaccio/auth": "workspace:7.0.0-next-7.17",
+    "@verdaccio/config": "workspace:7.0.0-next-7.17",
+    "@verdaccio/types": "workspace:12.0.0-next-7.4",
     "nock": "13.5.1"
   },
   "scripts": {

packages/loaders/CHANGELOG.md

@@ -1,5 +1,17 @@
 # @verdaccio/loaders
 
+## 7.0.0-next-7.17
+
+### Patch Changes
+
+- @verdaccio/logger@7.0.0-next-7.17
+
+## 7.0.0-next-7.16
+
+### Patch Changes
+
+- @verdaccio/logger@7.0.0-next-7.16
+
 ## 7.0.0-next-7.15
 
 ### Patch Changes

packages/loaders/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/loaders",
-  "version": "7.0.0-next-7.15",
+  "version": "7.0.0-next-7.17",
   "description": "loaders logic",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -13,14 +13,14 @@
     "url": "https://github.com/verdaccio/verdaccio"
   },
   "dependencies": {
-    "@verdaccio/logger": "workspace:7.0.0-next-7.15",
+    "@verdaccio/logger": "workspace:7.0.0-next-7.17",
     "debug": "4.3.4",
     "lodash": "4.17.21"
   },
   "devDependencies": {
-    "@verdaccio/core": "workspace:7.0.0-next-7.15",
-    "@verdaccio/config": "workspace:7.0.0-next-7.15",
-    "@verdaccio/types": "workspace:12.0.0-next-7.3",
+    "@verdaccio/core": "workspace:7.0.0-next-7.17",
+    "@verdaccio/config": "workspace:7.0.0-next-7.17",
+    "@verdaccio/types": "workspace:12.0.0-next-7.4",
     "@verdaccio-scope/verdaccio-auth-foo": "0.0.2",
     "verdaccio-auth-memory": "workspace:*",
     "customprefix-auth": "2.0.0-next.0"

packages/logger/logger-7/CHANGELOG.md

@@ -1,5 +1,18 @@
 # @verdaccio/logger-7
 
+## 7.0.0-next-7.17
+
+### Patch Changes
+
+- @verdaccio/logger-commons@7.0.0-next-7.17
+
+## 7.0.0-next-7.16
+
+### Patch Changes
+
+- Updated dependencies [cf1b46c]
+  - @verdaccio/logger-commons@7.0.0-next-7.16
+
 ## 7.0.0-next-7.15
 
 ### Patch Changes

packages/logger/logger-7/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/logger-7",
-  "version": "7.0.0-next-7.15",
+  "version": "7.0.0-next-7.17",
   "description": "logger for verdaccio 5.x version",
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
@@ -38,11 +38,11 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/logger-commons": "workspace:7.0.0-next-7.15",
+    "@verdaccio/logger-commons": "workspace:7.0.0-next-7.17",
     "pino": "7.11.0"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:12.0.0-next-7.3"
+    "@verdaccio/types": "workspace:12.0.0-next-7.4"
   },
   "funding": {
     "type": "opencollective",

packages/logger/logger-commons/CHANGELOG.md

@@ -1,5 +1,21 @@
 # @verdaccio/logger-commons
 
+## 7.0.0-next-7.17
+
+### Patch Changes
+
+- Updated dependencies [6e764e3]
+  - @verdaccio/core@7.0.0-next-7.17
+
+## 7.0.0-next-7.16
+
+### Patch Changes
+
+- cf1b46c: fix: log spacing depending on the FORMAT and COLORS options
+- Updated dependencies [cf1b46c]
+  - @verdaccio/logger-prettify@7.0.0-next-7.3
+  - @verdaccio/core@7.0.0-next-7.16
+
 ## 7.0.0-next-7.15
 
 ### Patch Changes

packages/logger/logger-commons/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/logger-commons",
-  "version": "7.0.0-next-7.15",
+  "version": "7.0.0-next-7.17",
   "description": "logger",
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
@@ -38,14 +38,14 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:7.0.0-next-7.15",
-    "@verdaccio/logger-prettify": "workspace:7.0.0-next-7.2",
+    "@verdaccio/core": "workspace:7.0.0-next-7.17",
+    "@verdaccio/logger-prettify": "workspace:7.0.0-next-7.3",
     "debug": "4.3.4",
     "colorette": "2.0.20"
   },
   "devDependencies": {
     "pino": "7.11.0",
-    "@verdaccio/types": "workspace:12.0.0-next-7.3"
+    "@verdaccio/types": "workspace:12.0.0-next-7.4"
   },
   "funding": {
     "type": "opencollective",

packages/logger/logger-commons/test/logger.spec.ts

@@ -36,7 +36,7 @@ describe('logger test', () => {
       logger.trace(`this should not be logged`);
       logger.error(`this should logged`);
       const content = await readLogFile(file);
-      expect(content).toBe('info --- testing test \nerror--- this should logged \n');
+      expect(content).toBe('info --- testing test\nerror--- this should logged\n');
     });
 
     test('should include all logging level', async () => {
@@ -51,7 +51,7 @@ describe('logger test', () => {
       logger.error(`this should logged`);
       const content = await readLogFile(file);
       expect(content).toBe(
-        'info --- testing test \ndebug--- this should not be logged \ntrace--- this should not be logged \nerror--- this should logged \n'
+        'info --- testing test\ndebug--- this should not be logged\ntrace--- this should not be logged\nerror--- this should logged\n'
       );
     });
   });
@@ -101,7 +101,7 @@ describe('logger test', () => {
         `publishing or updating a new version for @{packageName}`
       );
       const content = await readLogFile(file);
-      expect(content).toEqual('info --- publishing or updating a new version for test \n');
+      expect(content).toEqual('info --- publishing or updating a new version for test\n');
     });
 
     test('should log into a file with pretty-timestamped', async () => {
@@ -122,7 +122,7 @@ describe('logger test', () => {
       );
       const content = await readLogFile(file);
       // TODO: we might want mock time for testing
-      expect(content).toMatch('info --- publishing or updating a new version for test \n');
+      expect(content).toMatch('info --- publishing or updating a new version for test\n');
     });
   });
 });

packages/logger/logger-prettify/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @verdaccio/logger-prettify
 
+## 7.0.0-next-7.3
+
+### Patch Changes
+
+- cf1b46c: fix: log spacing depending on the FORMAT and COLORS options
+
 ## 7.0.0-next-7.2
 
 ### Patch Changes

packages/logger/logger-prettify/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/logger-prettify",
-  "version": "7.0.0-next-7.2",
+  "version": "7.0.0-next-7.3",
   "description": "logger",
   "main": "./build/index.js",
   "types": "build/index.d.ts",

packages/logger/logger-prettify/src/formatter.ts

@@ -3,7 +3,7 @@ import { inspect } from 'util';
 
 import { LevelCode, calculateLevel, levelsColors, subSystemLevels } from './levels';
 import { PrettyOptionsExtended } from './types';
-import { formatLoggingDate, isObject, padLeft, padRight } from './utils';
+import { formatLoggingDate, isObject, padRight } from './utils';
 
 let LEVEL_VALUE_MAX = 0;
 for (const l in levelsColors) {
@@ -68,11 +68,11 @@ function getMessage(debugLevel, msg, sub, templateObjects, hasColors: boolean) {
       `${subSystemType} ${finalMessage}`
     )}`;
 
-    return padLeft(logString);
+    return logString;
   }
   const logString = `${padRight(debugLevel, LEVEL_VALUE_MAX)}${subSystemType} ${finalMessage}`;
 
-  return padRight(logString);
+  return logString;
 }
 
 export function printMessage(

packages/logger/logger-prettify/src/utils.ts

@@ -8,10 +8,6 @@ export function isObject(obj: unknown): boolean {
   return _.isObject(obj) && _.isNull(obj) === false && _.isArray(obj) === false;
 }
 
-export function padLeft(message: string) {
-  return message.padStart(message.length + CUSTOM_PAD_LENGTH, ' ');
-}
-
 export function padRight(message: string, max = message.length + CUSTOM_PAD_LENGTH) {
   return message.padEnd(max, ' ');
 }
@@ -19,5 +15,5 @@ export function padRight(message: string, max = message.length + CUSTOM_PAD_LENG
 export function formatLoggingDate(time: number, message: string): string {
   const timeFormatted = dayjs(time).format(FORMAT_DATE);
 
-  return `[${timeFormatted}]${message}`;
+  return `[${timeFormatted}] ${message}`;
 }

packages/logger/logger-prettify/test/__snapshots__/formatter.spec.ts.snap

@@ -1,21 +1,21 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP
 
-exports[`formatter printMessage should display a bytes request 1`] = `"fatal<-- 200, user: null(127.0.0.1), req: 'GET /verdaccio', bytes: 0/150186 "`;
+exports[`formatter printMessage should display a bytes request 1`] = `"fatal<-- 200, user: null(127.0.0.1), req: 'GET /verdaccio', bytes: 0/150186"`;
 
-exports[`formatter printMessage should display a resource request 1`] = `"info <-- 127.0.0.1 requested 'GET /verdaccio' "`;
+exports[`formatter printMessage should display a resource request 1`] = `"info <-- 127.0.0.1 requested 'GET /verdaccio'"`;
 
-exports[`formatter printMessage should display a streaming request 1`] = `"fatal--> 304, req: 'GET https://registry.npmjs.org/verdaccio' (streaming) "`;
+exports[`formatter printMessage should display a streaming request 1`] = `"fatal--> 304, req: 'GET https://registry.npmjs.org/verdaccio' (streaming)"`;
 
-exports[`formatter printMessage should display an error request 1`] = `"fatal--> ERR, req: 'GET https://registry.fake.org/aaa', error: getaddrinfo ENOTFOUND registry.fake.org "`;
+exports[`formatter printMessage should display an error request 1`] = `"fatal--> ERR, req: 'GET https://registry.fake.org/aaa', error: getaddrinfo ENOTFOUND registry.fake.org"`;
 
-exports[`formatter printMessage should display an fatal request 1`] = `"fatal--> ERR, req: 'GET https://registry.fake.org/aaa', error: fatal error "`;
+exports[`formatter printMessage should display an fatal request 1`] = `"fatal--> ERR, req: 'GET https://registry.fake.org/aaa', error: fatal error"`;
 
-exports[`formatter printMessage should display config file 1`] = `"warn --- config file  - /Users/user/.config/verdaccio/config/config.yaml "`;
+exports[`formatter printMessage should display config file 1`] = `"warn --- config file  - /Users/user/.config/verdaccio/config/config.yaml"`;
 
-exports[`formatter printMessage should display custom log message 1`] = `"fatal--- custom - foo - undefined "`;
+exports[`formatter printMessage should display custom log message 1`] = `"fatal--- custom - foo - undefined"`;
 
-exports[`formatter printMessage should display trace level 1`] = `"trace--- [trace]  - foo "`;
+exports[`formatter printMessage should display trace level 1`] = `"trace--- [trace]  - foo"`;
 
-exports[`formatter printMessage should display trace level with pretty stamp 1`] = `"[formatted-date]trace--- [trace]  - foo "`;
+exports[`formatter printMessage should display trace level with pretty stamp 1`] = `"[formatted-date] trace--- [trace]  - foo"`;
 
-exports[`formatter printMessage should display version and http address 1`] = `"warn --- http address - http://localhost:4873/ - verdaccio/5.0.0 "`;
+exports[`formatter printMessage should display version and http address 1`] = `"warn --- http address - http://localhost:4873/ - verdaccio/5.0.0"`;

packages/logger/logger-prettify/test/index.spec.ts

@@ -17,7 +17,7 @@ describe('prettyFactory', () => {
         objectMode: true,
         write(chunk, enc, cb) {
           const formatted = pretty(JSON.parse(chunk));
-          expect(formatted).toBe('info --- test message ');
+          expect(formatted).toBe('info --- test message');
           cb();
           done();
         },

packages/logger/logger-prettify/test/utils.test.ts

@@ -1,8 +1,8 @@
-import { formatLoggingDate, padLeft, padRight } from '../src/utils';
+import { formatLoggingDate, padRight } from '../src/utils';
 
 describe('formatLoggingDate', () => {
   test('basic', () => {
-    expect(formatLoggingDate(1585411248203, ' message')).toEqual('[2020-03-28 16:00:48] message');
+    expect(formatLoggingDate(1585411248203, 'message')).toEqual('[2020-03-28 16:00:48] message');
   });
 });
 
@@ -14,7 +14,4 @@ describe('pad', () => {
   test('pad right 2', () => {
     expect(padRight('message right')).toEqual('message right ');
   });
-  test('pad left', () => {
-    expect(padLeft('message left')).toEqual(' message left');
-  });
 });

packages/logger/logger/CHANGELOG.md

@@ -1,5 +1,18 @@
 # @verdaccio/logger
 
+## 7.0.0-next-7.17
+
+### Patch Changes
+
+- @verdaccio/logger-commons@7.0.0-next-7.17
+
+## 7.0.0-next-7.16
+
+### Patch Changes
+
+- Updated dependencies [cf1b46c]
+  - @verdaccio/logger-commons@7.0.0-next-7.16
+
 ## 7.0.0-next-7.15
 
 ### Patch Changes

packages/logger/logger/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/logger",
-  "version": "7.0.0-next-7.15",
+  "version": "7.0.0-next-7.17",
   "description": "logger",
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
@@ -38,11 +38,11 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/logger-commons": "workspace:7.0.0-next-7.15",
+    "@verdaccio/logger-commons": "workspace:7.0.0-next-7.17",
     "pino": "8.17.2"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:12.0.0-next-7.3"
+    "@verdaccio/types": "workspace:12.0.0-next-7.4"
   },
   "funding": {
     "type": "opencollective",

packages/middleware/CHANGELOG.md

@@ -1,5 +1,25 @@
 # @verdaccio/middleware
 
+## 7.0.0-next-7.17
+
+### Patch Changes
+
+- Updated dependencies [6e764e3]
+  - @verdaccio/config@7.0.0-next-7.17
+  - @verdaccio/core@7.0.0-next-7.17
+  - @verdaccio/url@12.0.0-next-7.17
+  - @verdaccio/utils@7.0.0-next-7.17
+
+## 7.0.0-next-7.16
+
+### Patch Changes
+
+- Updated dependencies [38b1e82]
+  - @verdaccio/url@12.0.0-next-7.16
+  - @verdaccio/core@7.0.0-next-7.16
+  - @verdaccio/config@7.0.0-next-7.16
+  - @verdaccio/utils@7.0.0-next-7.16
+
 ## 7.0.0-next-7.15
 
 ### Patch Changes

packages/middleware/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/middleware",
-  "version": "7.0.0-next-7.15",
+  "version": "7.0.0-next-7.17",
   "description": "express middleware utils",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -38,13 +38,13 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:7.0.0-next-7.15",
-    "@verdaccio/utils": "workspace:7.0.0-next-7.15",
-    "@verdaccio/config": "workspace:7.0.0-next-7.15",
-    "@verdaccio/url": "workspace:12.0.0-next-7.15",
+    "@verdaccio/core": "workspace:7.0.0-next-7.17",
+    "@verdaccio/utils": "workspace:7.0.0-next-7.17",
+    "@verdaccio/config": "workspace:7.0.0-next-7.17",
+    "@verdaccio/url": "workspace:12.0.0-next-7.17",
     "debug": "4.3.4",
     "lru-cache": "7.18.3",
-    "express": "4.18.3",
+    "express": "4.19.2",
     "lodash": "4.17.21",
     "mime": "2.6.0",
     "express-rate-limit": "5.5.1"
@@ -54,7 +54,7 @@
     "url": "https://opencollective.com/verdaccio"
   },
   "devDependencies": {
-    "@verdaccio/logger": "workspace:7.0.0-next-7.15",
+    "@verdaccio/logger": "workspace:7.0.0-next-7.17",
     "body-parser": "1.20.2",
     "supertest": "6.3.4"
   }

packages/node-api/CHANGELOG.md

@@ -1,5 +1,26 @@
 # @verdaccio/node-api
 
+## 7.0.0-next-7.17
+
+### Patch Changes
+
+- Updated dependencies [6e764e3]
+  - @verdaccio/config@7.0.0-next-7.17
+  - @verdaccio/core@7.0.0-next-7.17
+  - @verdaccio/logger@7.0.0-next-7.17
+  - @verdaccio/server-fastify@7.0.0-next-7.17
+  - @verdaccio/server@7.0.0-next-7.17
+
+## 7.0.0-next-7.16
+
+### Patch Changes
+
+- @verdaccio/server@7.0.0-next-7.16
+- @verdaccio/server-fastify@7.0.0-next-7.16
+- @verdaccio/logger@7.0.0-next-7.16
+- @verdaccio/core@7.0.0-next-7.16
+- @verdaccio/config@7.0.0-next-7.16
+
 ## 7.0.0-next-7.15
 
 ### Minor Changes

packages/node-api/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/node-api",
-  "version": "7.0.0-next-7.15",
+  "version": "7.0.0-next-7.17",
   "description": "node API",
   "main": "build/index.js",
   "types": "build/index.d.ts",
@@ -38,17 +38,17 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@verdaccio/config": "workspace:7.0.0-next-7.15",
-    "@verdaccio/core": "workspace:7.0.0-next-7.15",
-    "@verdaccio/logger": "workspace:7.0.0-next-7.15",
-    "@verdaccio/server": "workspace:7.0.0-next-7.15",
-    "@verdaccio/server-fastify": "workspace:7.0.0-next-7.15",
+    "@verdaccio/config": "workspace:7.0.0-next-7.17",
+    "@verdaccio/core": "workspace:7.0.0-next-7.17",
+    "@verdaccio/logger": "workspace:7.0.0-next-7.17",
+    "@verdaccio/server": "workspace:7.0.0-next-7.17",
+    "@verdaccio/server-fastify": "workspace:7.0.0-next-7.17",
     "core-js": "3.35.0",
     "debug": "4.3.4",
     "lodash": "4.17.21"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:12.0.0-next-7.3",
+    "@verdaccio/types": "workspace:12.0.0-next-7.4",
     "jest": "29.7.0",
     "selfsigned": "2.4.1",
     "supertest": "6.3.4"

packages/plugins/audit/CHANGELOG.md

@@ -1,5 +1,20 @@
 # Change Log
 
+## 12.0.0-next-7.17
+
+### Patch Changes
+
+- Updated dependencies [6e764e3]
+  - @verdaccio/config@7.0.0-next-7.17
+  - @verdaccio/core@7.0.0-next-7.17
+
+## 12.0.0-next-7.16
+
+### Patch Changes
+
+- @verdaccio/core@7.0.0-next-7.16
+- @verdaccio/config@7.0.0-next-7.16
+
 ## 12.0.0-next-7.15
 
 ### Patch Changes

packages/plugins/audit/package.json

@@ -1,6 +1,6 @@
 {
   "name": "verdaccio-audit",
-  "version": "12.0.0-next-7.15",
+  "version": "12.0.0-next-7.17",
   "description": "Verdaccio Middleware plugin to bypass npmjs audit",
   "keywords": [
     "private",
@@ -30,16 +30,16 @@
     "node": ">=12"
   },
   "dependencies": {
-    "@verdaccio/config": "workspace:7.0.0-next-7.15",
-    "@verdaccio/core": "workspace:7.0.0-next-7.15",
-    "express": "4.18.3",
+    "@verdaccio/config": "workspace:7.0.0-next-7.17",
+    "@verdaccio/core": "workspace:7.0.0-next-7.17",
+    "express": "4.19.2",
     "https-proxy-agent": "5.0.1",
     "node-fetch": "cjs"
   },
   "devDependencies": {
-    "@verdaccio/auth": "workspace:7.0.0-next-7.15",
-    "@verdaccio/logger": "workspace:7.0.0-next-7.15",
-    "@verdaccio/types": "workspace:12.0.0-next-7.3",
+    "@verdaccio/auth": "workspace:7.0.0-next-7.17",
+    "@verdaccio/logger": "workspace:7.0.0-next-7.17",
+    "@verdaccio/types": "workspace:12.0.0-next-7.4",
     "nock": "13.5.1",
     "supertest": "6.3.4"
   },

packages/plugins/auth-memory/CHANGELOG.md

@@ -1,5 +1,18 @@
 # Change Log
 
+## 12.0.0-next-7.17
+
+### Patch Changes
+
+- Updated dependencies [6e764e3]
+  - @verdaccio/core@7.0.0-next-7.17
+
+## 12.0.0-next-7.16
+
+### Patch Changes
+
+- @verdaccio/core@7.0.0-next-7.16
+
 ## 12.0.0-next-7.15
 
 ### Patch Changes

packages/plugins/auth-memory/package.json

@@ -1,6 +1,6 @@
 {
   "name": "verdaccio-auth-memory",
-  "version": "12.0.0-next-7.15",
+  "version": "12.0.0-next-7.17",
   "description": "Auth plugin for Verdaccio that keeps users in memory",
   "keywords": [
     "private",
@@ -30,13 +30,13 @@
     "node": ">=18"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:7.0.0-next-7.15",
+    "@verdaccio/core": "workspace:7.0.0-next-7.17",
     "debug": "4.3.4"
   },
   "devDependencies": {
     "@types/debug": "^4.1.12",
-    "@verdaccio/config": "workspace:7.0.0-next-7.15",
-    "@verdaccio/types": "workspace:12.0.0-next-7.3"
+    "@verdaccio/config": "workspace:7.0.0-next-7.17",
+    "@verdaccio/types": "workspace:12.0.0-next-7.4"
   },
   "scripts": {
     "clean": "rimraf ./build",

packages/plugins/htpasswd/CHANGELOG.md

@@ -1,5 +1,19 @@
 # Change Log
 
+## 12.0.0-next-7.17
+
+### Patch Changes
+
+- Updated dependencies [6e764e3]
+  - @verdaccio/core@7.0.0-next-7.17
+  - @verdaccio/file-locking@12.0.0-next.1
+
+## 12.0.0-next-7.16
+
+### Patch Changes
+
+- @verdaccio/core@7.0.0-next-7.16
+
 ## 12.0.0-next-7.15
 
 ### Patch Changes

packages/plugins/htpasswd/package.json

@@ -1,6 +1,6 @@
 {
   "name": "verdaccio-htpasswd",
-  "version": "12.0.0-next-7.15",
+  "version": "12.0.0-next-7.17",
   "description": "htpasswd auth plugin for Verdaccio",
   "keywords": [
     "private",
@@ -33,7 +33,7 @@
     "node": ">=12"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:7.0.0-next-7.15",
+    "@verdaccio/core": "workspace:7.0.0-next-7.17",
     "@verdaccio/file-locking": "workspace:12.0.0-next.1",
     "apache-md5": "1.1.8",
     "bcryptjs": "2.4.3",
@@ -44,9 +44,9 @@
   },
   "devDependencies": {
     "@types/bcryptjs": "2.4.6",
-    "@verdaccio/types": "workspace:12.0.0-next-7.3",
-    "@verdaccio/config": "workspace:7.0.0-next-7.15",
-    "@verdaccio/logger": "workspace:7.0.0-next-7.15",
+    "@verdaccio/types": "workspace:12.0.0-next-7.4",
+    "@verdaccio/config": "workspace:7.0.0-next-7.17",
+    "@verdaccio/logger": "workspace:7.0.0-next-7.17",
     "mockdate": "3.0.5"
   },
   "scripts": {

packages/plugins/local-storage/CHANGELOG.md

@@ -1,5 +1,21 @@
 # Change Log
 
+## 12.0.0-next-7.17
+
+### Patch Changes
+
+- Updated dependencies [6e764e3]
+  - @verdaccio/core@7.0.0-next-7.17
+  - @verdaccio/file-locking@12.0.0-next.1
+  - @verdaccio/utils@7.0.0-next-7.17
+
+## 12.0.0-next-7.16
+
+### Patch Changes
+
+- @verdaccio/core@7.0.0-next-7.16
+- @verdaccio/utils@7.0.0-next-7.16
+
 ## 12.0.0-next-7.15
 
 ### Patch Changes

packages/plugins/local-storage/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/local-storage",
-  "version": "12.0.0-next-7.15",
+  "version": "12.0.0-next-7.17",
   "description": "Local storage implementation",
   "keywords": [
     "private",
@@ -36,9 +36,9 @@
     "node": ">=18"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:7.0.0-next-7.15",
+    "@verdaccio/core": "workspace:7.0.0-next-7.17",
     "@verdaccio/file-locking": "workspace:12.0.0-next.1",
-    "@verdaccio/utils": "workspace:7.0.0-next-7.15",
+    "@verdaccio/utils": "workspace:7.0.0-next-7.17",
     "core-js": "3.35.0",
     "debug": "4.3.4",
     "globby": "11.1.0",
@@ -50,11 +50,11 @@
   },
   "devDependencies": {
     "@types/minimatch": "5.1.2",
-    "@verdaccio/config": "workspace:7.0.0-next-7.15",
-    "@verdaccio/logger": "workspace:7.0.0-next-7.15",
+    "@verdaccio/config": "workspace:7.0.0-next-7.17",
+    "@verdaccio/logger": "workspace:7.0.0-next-7.17",
     "@verdaccio/test-helper": "workspace:3.0.0-next-7.2",
-    "@verdaccio/types": "workspace:12.0.0-next-7.3",
-    "minimatch": "9.0.3"
+    "@verdaccio/types": "workspace:12.0.0-next-7.4",
+    "minimatch": "9.0.4"
   },
   "scripts": {
     "clean": "rimraf ./build",

packages/plugins/memory/CHANGELOG.md

@@ -1,5 +1,18 @@
 # Change Log
 
+## 12.0.0-next-7.17
+
+### Patch Changes
+
+- Updated dependencies [6e764e3]
+  - @verdaccio/core@7.0.0-next-7.17
+
+## 12.0.0-next-7.16
+
+### Patch Changes
+
+- @verdaccio/core@7.0.0-next-7.16
+
 ## 12.0.0-next-7.15
 
 ### Patch Changes

packages/plugins/memory/package.json

@@ -1,6 +1,6 @@
 {
   "name": "verdaccio-memory",
-  "version": "12.0.0-next-7.15",
+  "version": "12.0.0-next-7.17",
   "description": "Storage implementation in memory",
   "keywords": [
     "private",
@@ -30,15 +30,15 @@
     "node": ">=18"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:7.0.0-next-7.15",
+    "@verdaccio/core": "workspace:7.0.0-next-7.17",
     "memory-fs": "0.5.0",
     "debug": "4.3.4",
     "memfs": "3.5.3"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:12.0.0-next-7.3",
-    "@verdaccio/config": "workspace:7.0.0-next-7.15",
-    "@verdaccio/logger": "workspace:7.0.0-next-7.15"
+    "@verdaccio/types": "workspace:12.0.0-next-7.4",
+    "@verdaccio/config": "workspace:7.0.0-next-7.17",
+    "@verdaccio/logger": "workspace:7.0.0-next-7.17"
   },
   "scripts": {
     "clean": "rimraf ./build",

packages/plugins/ui-theme/CHANGELOG.md

@@ -1,5 +1,13 @@
 # @verdaccio/ui-theme
 
+## 7.0.0-next-7.17
+
+### Patch Changes
+
+- 117eb1c: fix: change bundleDependencies to array
+
+## 7.0.0-next-7.16
+
 ## 7.0.0-next-7.15
 
 ## 7.0.0-next-7.14

packages/plugins/ui-theme/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/ui-theme",
-  "version": "7.0.0-next-7.15",
+  "version": "7.0.0-next-7.17",
   "description": "Verdaccio User Interface",
   "author": {
     "name": "Verdaccio Contributors",
@@ -27,9 +27,9 @@
     "@testing-library/dom": "9.3.4",
     "@testing-library/jest-dom": "6.3.0",
     "@testing-library/react": "14.1.2",
-    "@verdaccio/node-api": "workspace:7.0.0-next-7.15",
+    "@verdaccio/node-api": "workspace:7.0.0-next-7.17",
     "@verdaccio/types": "workspace:*",
-    "@verdaccio/ui-components": "workspace:3.0.0-next-7.6",
+    "@verdaccio/ui-components": "workspace:3.0.0-next-7.7",
     "babel-loader": "8.3.0",
     "babel-plugin-dynamic-import-node": "2.3.3",
     "country-flag-icons": "1.5.9",

packages/plugins/ui-theme/src/components/Contributors/generated_contributors_list.json

@@ -191,6 +191,10 @@
     "username": "NotWearingPants",
     "id": 26556598
   },
+  {
+    "username": "gweesin",
+    "id": 42909374
+  },
   {
     "username": "BartDubois",
     "id": 1180931
@@ -252,40 +256,44 @@
     "id": 216737
   },
   {
-    "username": "osher",
-    "id": 803101
-  },
-  {
-    "username": "wiggisser",
-    "id": 3647678
-  },
-  {
-    "username": "kuoruan",
-    "id": 8685618
+    "username": "rmkanda",
+    "id": 38713281
   },
   {
     "username": "rluvaton",
     "id": 16746759
   },
   {
-    "username": "rmkanda",
-    "id": 38713281
+    "username": "Tobbe",
+    "id": 30793
   },
   {
-    "username": "kfatehi",
-    "id": 175305
+    "username": "kuoruan",
+    "id": 8685618
   },
   {
-    "username": "gkalpak",
-    "id": 8604205
+    "username": "wiggisser",
+    "id": 3647678
+  },
+  {
+    "username": "osher",
+    "id": 803101
+  },
+  {
+    "username": "brenordr",
+    "id": 19731692
   },
   {
     "username": "karfau",
     "id": 135657
   },
   {
-    "username": "brenordr",
-    "id": 19731692
+    "username": "gkalpak",
+    "id": 8604205
+  },
+  {
+    "username": "kfatehi",
+    "id": 175305
   },
   {
     "username": "frimuchkov",
@@ -435,14 +443,14 @@
     "username": "marnel",
     "id": 3189424
   },
-  {
-    "username": "kba",
-    "id": 273367
-  },
   {
     "username": "MasterOdin",
     "id": 1845314
   },
+  {
+    "username": "kba",
+    "id": 273367
+  },
   {
     "username": "aledbf",
     "id": 161571
@@ -563,10 +571,6 @@
     "username": "todpunk",
     "id": 1166358
   },
-  {
-    "username": "fhp",
-    "id": 374671
-  },
   {
     "username": "simon-lorenz",
     "id": 34041551
@@ -595,6 +599,10 @@
     "username": "rostislav-simonik",
     "id": 25525736
   },
+  {
+    "username": "fhp",
+    "id": 374671
+  },
   {
     "username": "stephanebachelier",
     "id": 172615
@@ -632,8 +640,8 @@
     "id": 8954107
   },
   {
-    "username": "Tobbe",
-    "id": 30793
+    "username": "morrain",
+    "id": 9381634
   },
   {
     "username": "oltodo",
@@ -1104,12 +1112,12 @@
     "id": 8955528
   },
   {
-    "username": "morlay",
-    "id": 1667873
+    "username": "somethingSTRANGE",
+    "id": 6905832
   },
   {
-    "username": "morrain",
-    "id": 9381634
+    "username": "morlay",
+    "id": 1667873
   },
   {
     "username": "einfallstoll",
@@ -1139,10 +1147,6 @@
     "username": "gecruz",
     "id": 29457476
   },
-  {
-    "username": "gweesin",
-    "id": 42909374
-  },
   {
     "username": "iztsv",
     "id": 3539802
@@ -1171,6 +1175,10 @@
     "username": "vStone",
     "id": 356719
   },
+  {
+    "username": "jlguenego",
+    "id": 2842446
+  },
   {
     "username": "zaventh",
     "id": 669283
@@ -1283,6 +1291,10 @@
     "username": "MrCube42",
     "id": 1512210
   },
+  {
+    "username": "kongdewen",
+    "id": 10659566
+  },
   {
     "username": "donbowman",
     "id": 5131923

packages/plugins/ui-theme/src/i18n/crowdin/ui.json

@@ -71,7 +71,8 @@
   },
   "dependencies": {
     "has-no-dependencies": "{{package}} has no dependencies.",
-    "dependency-block": "{{package}}@{{version}}"
+    "dependency-block": "{{package}}: {{version}}",
+    "dependency-block-bundle": "{{package}}"
   },
   "form": {
     "username": "Username",

packages/proxy/CHANGELOG.md

@@ -1,5 +1,22 @@
 # @verdaccio/proxy
 
+## 7.0.0-next-7.17
+
+### Patch Changes
+
+- Updated dependencies [6e764e3]
+  - @verdaccio/config@7.0.0-next-7.17
+  - @verdaccio/core@7.0.0-next-7.17
+  - @verdaccio/utils@7.0.0-next-7.17
+
+## 7.0.0-next-7.16
+
+### Patch Changes
+
+- @verdaccio/core@7.0.0-next-7.16
+- @verdaccio/config@7.0.0-next-7.16
+- @verdaccio/utils@7.0.0-next-7.16
+
 ## 7.0.0-next-7.15
 
 ### Patch Changes

packages/proxy/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/proxy",
-  "version": "7.0.0-next-7.15",
+  "version": "7.0.0-next-7.17",
   "description": "verdaccio proxy fetcher",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -38,9 +38,9 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/config": "workspace:7.0.0-next-7.15",
-    "@verdaccio/core": "workspace:7.0.0-next-7.15",
-    "@verdaccio/utils": "workspace:7.0.0-next-7.15",
+    "@verdaccio/config": "workspace:7.0.0-next-7.17",
+    "@verdaccio/core": "workspace:7.0.0-next-7.17",
+    "@verdaccio/utils": "workspace:7.0.0-next-7.17",
     "JSONStream": "1.3.5",
     "debug": "4.3.4",
     "got-cjs": "12.5.4",
@@ -48,13 +48,13 @@
     "lodash": "4.17.21"
   },
   "devDependencies": {
-    "@verdaccio/logger": "workspace:7.0.0-next-7.15",
-    "@verdaccio/types": "workspace:12.0.0-next-7.3",
+    "@verdaccio/logger": "workspace:7.0.0-next-7.17",
+    "@verdaccio/types": "workspace:12.0.0-next-7.4",
     "get-stream": "^6.0.1",
     "nock": "13.5.1",
     "node-mocks-http": "1.14.1",
     "p-cancelable": "2.1.1",
-    "semver": "7.6.0"
+    "semver": "7.6.2"
   },
   "funding": {
     "type": "opencollective",

packages/search-indexer/package.json

@@ -37,7 +37,7 @@
     "build": "esbuild src/index.ts --bundle --outfile=build/dist.js --platform=node --target=node12  && pnpm run build:types"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:12.0.0-next-7.3",
+    "@verdaccio/types": "workspace:12.0.0-next-7.4",
     "@orama/orama": "1.2.4",
     "debug": "4.3.4",
     "esbuild": "0.14.10"

packages/search/CHANGELOG.md

@@ -1,5 +1,24 @@
 # @verdaccio/search
 
+## 7.0.0-next-7.6
+
+### Patch Changes
+
+- Updated dependencies [6e764e3]
+  - @verdaccio/config@7.0.0-next-7.17
+  - @verdaccio/core@7.0.0-next-7.17
+  - @verdaccio/logger@7.0.0-next-7.17
+  - @verdaccio/proxy@7.0.0-next-7.17
+
+## 7.0.0-next-7.5
+
+### Patch Changes
+
+- @verdaccio/logger@7.0.0-next-7.16
+- @verdaccio/proxy@7.0.0-next-7.16
+- @verdaccio/core@7.0.0-next-7.16
+- @verdaccio/config@7.0.0-next-7.16
+
 ## 7.0.0-next-7.4
 
 ### Patch Changes