chore: update versions (6-next) (#3591)

* refactor middleware dependencies

* improve wrap

* chore: fix local

* chore: fix test

* changeset

.changeset/big-years-repair.md

@@ -0,0 +1,8 @@
+---
+'@verdaccio/api': minor
+'@verdaccio/middleware': minor
+'@verdaccio/utils': minor
+'@verdaccio/web': minor
+---
+
+feat: expose middleware utils

.changeset/chatty-pillows-perform.md

@@ -0,0 +1,18 @@
+---
+'@verdaccio/api': minor
+'@verdaccio/config': minor
+'@verdaccio/core': minor
+'@verdaccio/file-locking': minor
+'@verdaccio/tarball': minor
+'@verdaccio/types': minor
+'@verdaccio/url': minor
+'@verdaccio/hooks': minor
+'@verdaccio/loaders': minor
+'@verdaccio/logger': minor
+'@verdaccio/logger-prettify': minor
+'@verdaccio/local-storage': minor
+'@verdaccio/utils': minor
+'verdaccio': minor
+---
+
+feat: improve support for fs promises older nodejs

.changeset/eight-bottles-own.md

@@ -0,0 +1,8 @@
+---
+'@verdaccio/middleware': patch
+'@verdaccio/server': patch
+'@verdaccio/test-helper': patch
+'@verdaccio/local-publish': patch
+---
+
+fix: extract logger from middleware

.changeset/fluffy-papayas-lay.md

@@ -0,0 +1,10 @@
+---
+'@verdaccio/config': patch
+'@verdaccio/core': patch
+'@verdaccio/tarball': patch
+'@verdaccio/url': patch
+'@verdaccio/store': patch
+'@verdaccio/utils': patch
+---
+
+fix: build targets for 5x modules

.changeset/orange-cows-pull.md

@@ -0,0 +1,27 @@
+---
+'@verdaccio/types': major
+'@verdaccio/ui-theme': major
+'@verdaccio/ui-components': major
+---
+
+feat(web): components for custom user interfaces
+
+Provides a package that includes all components from the user interface, instead being embedded at the `@verdaccio/ui-theme` package.
+
+```
+npm i -D @verdaccio/ui-components
+```
+
+The package contains
+
+- Components
+- Providers
+- Redux Storage
+- Layouts (precomposed layouts ready to use)
+- Custom Material Theme
+
+The `@verdaccio/ui-theme` will consume this package and will use only those are need it.
+
+> Prerequisites are using Redux, Material-UI and Translations with `i18next`.
+
+Users could have their own Material UI theme and build custom layouts, adding new features without the need to modify the default project.

.changeset/pre.json

@@ -33,8 +33,9 @@
     "@verdaccio/cli-standalone": "6.0.0-alpha.3",
     "@verdaccio/tarball": "11.0.0-alpha.3",
     "@verdaccio/url": "11.0.0-alpha.3",
+    "@verdaccio/ui-components": "2.0.0-alpha.0",
     "@verdaccio/server-fastify": "6.0.0-6-next.9",
-    "@verdaccio/eslint-config": "1.0.0",
+    "@verdaccio/eslint-config": "2.0.0-alpha.0",
     "@verdaccio/core": "6.0.0-next.0",
     "@verdaccio/test-helper": "1.0.0",
     "docusaurus-plugin-contributors": "1.0.0",
@@ -59,17 +60,20 @@
     "afraid-mice-obey",
     "angry-nails-appear",
     "big-lobsters-sin",
+    "big-years-repair",
     "brave-seahorses-press",
     "bright-poems-obey",
     "brown-cycles-laugh",
     "brown-pandas-wink",
     "calm-pants-impress",
+    "chatty-pillows-perform",
     "chilled-ways-fetch",
     "chilly-glasses-occur",
     "clever-pugs-warn",
     "dry-planes-tap",
     "dull-monkeys-search",
     "early-jokes-nail",
+    "eight-bottles-own",
     "eleven-brooms-hunt",
     "eleven-spoons-matter",
     "fair-lemons-beam",
@@ -78,6 +82,7 @@
     "few-cooks-destroy",
     "few-mangos-grow",
     "fifty-jars-rest",
+    "fluffy-papayas-lay",
     "four-ways-try",
     "fuzzy-drinks-taste",
     "fuzzy-onions-draw",
@@ -105,6 +110,7 @@
     "neat-toes-report",
     "neat-toys-float",
     "olive-candles-speak",
+    "orange-cows-pull",
     "orange-flowers-cover",
     "perfect-candles-clap",
     "perfect-emus-clean",

.eslintignore

@@ -14,3 +14,7 @@ test/functional/store/*
 docker-examples/**/lib/**/*.js
 test/cli/e2e-yarn4/bin/yarn-4.0.0-rc.14.cjs
 yarn.js
+# storybook
+packages/ui-components/storybook-static
+dist.js
+bundle.js

.github/workflows/changesets.yml

@@ -20,12 +20,12 @@ jobs:
     if: github.ref == 'refs/heads/master' && github.repository == 'verdaccio/verdaccio'
     steps:
       - name: checkout code repository
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
         with:
           fetch-depth: 0
 
       - name: setup node.js
-        uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3
+        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
           node-version: 14
           registry-url: 'https://registry.npmjs.org'

.github/workflows/ci-windows.yml

@@ -18,9 +18,9 @@ jobs:
         env:
           NODE_ENV: production          
     steps:
-    - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
+    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
     - name: Node
-      uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3
+      uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
       with:
         node-version-file: '.nvmrc'
     - name: Install pnpm
@@ -32,7 +32,7 @@ jobs:
     - name: Install
       run: pnpm recursive install --frozen-lockfile --registry http://localhost:4873
     - name: Cache .pnpm-store
-      uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
+      uses: actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12 # v3
       with:
         path: ~/.pnpm-store
         key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -43,14 +43,14 @@ jobs:
     name: Lint
     needs: prepare
     steps:
-      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
+      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
       - name: Node
-        uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3
+        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
         run: npm i pnpm@6.32.15 -g
-      - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
+      - uses: actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12 # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -63,14 +63,14 @@ jobs:
     name: Format
     needs: prepare
     steps:
-      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
+      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
       - name: Use Node
-        uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3
+        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
         run: npm i pnpm@6.32.15 -g
-      - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
+      - uses: actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12 # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -88,14 +88,14 @@ jobs:
     name: ${{ matrix.os }} / Node ${{ matrix.node_version }}
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
+      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
       - name: Use Node ${{ matrix.node_version }}
-        uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3
+        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
           node-version: ${{ matrix.node_version }}
       - name: Install pnpm
         run: npm i pnpm@6.32.15 -g
-      - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
+      - uses: actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12 # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -110,13 +110,13 @@ jobs:
     runs-on: windows-latest
     name: UI Test E2E
     steps:
-      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
-      - uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3
+      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
         run: npm i pnpm@6.32.15 -g
-      - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
+      - uses: actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12 # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}

.github/workflows/ci.yml

@@ -27,9 +27,9 @@ jobs:
         env:
           NODE_ENV: production          
     steps:
-    - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
+    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
     - name: Node
-      uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3
+      uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
       with:
         node-version-file: '.nvmrc'
     - name: Install pnpm
@@ -43,7 +43,7 @@ jobs:
     - name: Install
       run: pnpm recursive install --frozen-lockfile --registry http://localhost:4873
     - name: Cache .pnpm-store
-      uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
+      uses: actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12 # v3
       with:
         path: ~/.pnpm-store
         key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -54,16 +54,16 @@ jobs:
     name: Lint
     needs: prepare
     steps:
-      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
+      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
       - name: Node
-        uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3
+        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
         run: |
           corepack enable
           corepack prepare --activate pnpm@6.32.15
-      - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
+      - uses: actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12 # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -76,16 +76,16 @@ jobs:
     name: Format
     needs: prepare
     steps:
-      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
+      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
       - name: Use Node
-        uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3
+        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
         run: |
           corepack enable
           corepack prepare --activate pnpm@6.32.15
-      - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
+      - uses: actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12 # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -103,16 +103,16 @@ jobs:
     name: ${{ matrix.os }} / Node ${{ matrix.node_version }}
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
+      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
       - name: Use Node ${{ matrix.node_version }}
-        uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3
+        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
           node-version: ${{ matrix.node_version }}
       - name: Install pnpm
         run: |
           corepack enable
           corepack prepare --activate pnpm@6.32.15
-      - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
+      - uses: actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12 # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -128,15 +128,15 @@ jobs:
     name: synchronize translations
     if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
     steps:
-      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
-      - uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3
+      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
         run: |
           corepack enable
           corepack prepare --activate pnpm@6.32.15
-      - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
+      - uses: actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12 # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}

.github/workflows/codeql-analysis.yml

@@ -21,7 +21,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
         with:
           # We must fetch at least the immediate parents so that if this is
           # a pull request then we can checkout the head.
@@ -34,7 +34,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # tag=v2
+        uses: github/codeql-action/init@3ebbd71c74ef574dbc558c82f70e52732c8b44fe # tag=v2
 
       # Override language selection by uncommenting this and choosing your languages
       # with:
@@ -42,7 +42,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # tag=v2
+        uses: github/codeql-action/autobuild@3ebbd71c74ef574dbc558c82f70e52732c8b44fe # tag=v2
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -56,4 +56,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # tag=v2
+        uses: github/codeql-action/analyze@3ebbd71c74ef574dbc558c82f70e52732c8b44fe # tag=v2

.github/workflows/docker-publish.yml

@@ -23,7 +23,7 @@ jobs:
   docker:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
+      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
       - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # tag=v1
       - uses: docker/setup-buildx-action@v1
         with:

.github/workflows/e2e-ci.yml

@@ -15,9 +15,9 @@ jobs:
         env:
           NODE_ENV: production
     steps:
-    - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
+    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
     - name: Use Node
-      uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3
+      uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
       with:
         node-version-file: '.nvmrc'
     - name: Install pnpm
@@ -29,7 +29,7 @@ jobs:
     - name: Install
       run: pnpm recursive install --frozen-lockfile --reporter=silence --ignore-scripts --registry http://localhost:4873
     - name: Cache .pnpm-store
-      uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
+      uses: actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12 # v3
       with:
         path: ~/.pnpm-store
         key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
@@ -39,14 +39,14 @@ jobs:
     needs: [prepare]
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
+      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
       - name: Use Node 16
-        uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3
+        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
         run: npm i pnpm@6.32.15 -g
-      - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
+      - uses: actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12 # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
@@ -55,7 +55,7 @@ jobs:
       - name: build
         run: pnpm build
       - name: Cache packages
-        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
+        uses: actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12 # v3
         id: cache-packages
         with:
           path: ./packages/
@@ -75,23 +75,24 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        pkg: [npm6, npm7, npm8, npm9, pnpm6, pnpm7, yarn1, yarn2,  yarn3, yarn4]
-    name:  ${{ matrix.pkg }} / ${{ matrix.os }}
+        pkg: [npm6, npm7, npm8, npm9, pnpm6, pnpm7, yarn1, yarn2, yarn3, yarn4]
+        node: [16, 18, 19]
+    name: ${{ matrix.pkg }}/ ubuntu-latest / ${{ matrix.node }}
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
-      - uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3
+      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
-          node-version-file: '.nvmrc'
+          node-version: ${{ matrix.node }}
       - name: Install pnpm
         run: npm i pnpm@6.32.15 -g
-      - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
+      - uses: actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12 # v3
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
       - name: Install
         run: pnpm recursive install --offline --frozen-lockfile --reporter=silence --ignore-scripts --registry http://localhost:4873
-      - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
+      - uses: actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12 # v3
         with:
           path: ./packages/
           key: pkg-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}

.github/workflows/e2e-ui.yml

@@ -15,9 +15,9 @@ jobs:
         env:
           NODE_ENV: production
     steps:
-      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
+      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
       - name: Use Node
-        uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3
+        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
@@ -30,7 +30,7 @@ jobs:
         run: pnpm build
       - name: Test UI
         run: pnpm test:e2e:ui
-      - uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3
+      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3
         with:
           name: videos
           path: /home/runner/work/verdaccio/verdaccio/e2e/ui/cypress/videos

.github/workflows/static-data.yml

@@ -19,11 +19,11 @@ jobs:
     name: Run script
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
+      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
         with:
           persist-credentials: false
           fetch-depth: 0
-      - uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
           node-version: 18.x
       - name: install pnpm

.github/workflows/ui-components.yml

@@ -0,0 +1,78 @@
+name: UI Components
+
+on: 
+  workflow_dispatch:
+  pull_request:
+    paths:
+    - .github/workflows/ui-components.yml
+    - 'packages/ui-components/**'
+    - 'package.json'
+    - 'pnpm-workspace.yaml'
+    - 'pnpm-lock.yaml'
+
+permissions:
+  contents: read  #  to fetch code (actions/checkout)
+
+env:
+  DEBUG: verdaccio*
+
+jobs:
+  deploy:
+    permissions:
+      contents: read  #  to fetch code (actions/checkout)
+      deployments: write
+      pull-requests: write  #  to comment on pull-requests
+
+    runs-on: ubuntu-latest
+    env:
+      NODE_OPTIONS: --max_old_space_size=4096
+    steps:
+      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
+
+      - name: Use Node
+        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
+        with:
+          node-version-file: '.nvmrc'
+
+      - name: Cache pnpm modules
+        uses: actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12 # v3
+        env:
+          cache-name: cache-pnpm-modules
+        with:
+          path: ~/.pnpm-store
+          key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ matrix.node-version }}-${{ hashFiles('**/pnpm-lock.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-build-${{ env.cache-name }}-${{ matrix.node-version }}-
+
+      - name: Install pnpm
+        run: |
+          corepack enable
+            corepack prepare --activate pnpm@6.32.15
+      - name: Install
+        run: pnpm recursive install --frozen-lockfile  
+      - name: Build storybook
+        run: pnpm ui:storybook:build
+      - name: Copy public content
+        # the msw.js worker is need it at the storybook-static folder in production
+        run: cp -R packages/ui-components/public/* packages/ui-components/storybook-static
+      - name: 🔥 Deploy Production UI Netlify
+        if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
+        uses: verdaccio/action-netlify-deploy@v2.0.0
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          netlify-auth-token: ${{ secrets.NETLIFY_AUTH_TOKEN }}
+          netlify-site-id: ${{ secrets.NETLIFY_UI_SITE_ID }}
+          build-dir: './packages/ui-components/storybook-static'          
+      - name: 🤖 Deploy Preview UI Components Netlify
+        if: github.repository == 'verdaccio/verdaccio'
+        uses: verdaccio/action-netlify-deploy@v2.0.0
+        id: netlify_preview_ui
+        with:
+          draft: true
+          comment-on-pull-request: true
+          github-deployment-is-production: false
+          github-deployment-is-transient: true
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          netlify-auth-token: ${{ secrets.NETLIFY_AUTH_TOKEN }}
+          netlify-site-id: ${{ secrets.NETLIFY_UI_SITE_ID }}
+          build-dir: './packages/ui-components/storybook-static'

.github/workflows/website.yml

@@ -23,15 +23,15 @@ jobs:
     env:
       NODE_OPTIONS: --max_old_space_size=4096
     steps:
-      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
+      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3
 
       - name: Use Node 16
-        uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3
+        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # tag=v3
         with:
           node-version: 16
 
       - name: Cache pnpm modules
-        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
+        uses: actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12 # v3
         env:
           cache-name: cache-pnpm-modules
         with:
@@ -51,7 +51,7 @@ jobs:
       - name: Build Translations percentage
         run: pnpm build --filter "@verdaccio/crowdin-translations"
       - name: Cache Docusaurus Build
-        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
+        uses: actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12 # v3
         with:
           path: website/node_modules/.cache/webpack
           key: cache/webpack-${{github.ref}}-${{ hashFiles('**/pnpm-lock.yaml') }}
@@ -109,7 +109,7 @@ jobs:
 
       - name: Format lighthouse score
         id: format_lighthouse_score
-        uses: actions/github-script@d556feaca394842dc55e4734bf3bb9f685482fa0 # tag=v6
+        uses: actions/github-script@98814c53be79b1d30f795b907e553d8679345975 # tag=v6
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           script: |

.gitignore

@@ -41,13 +41,6 @@ packages/plugins/ui-theme/static
 # CI Pnpm cache
 .pnpm-store/
 
-# benchmark
-api-results.json
-hyper-results.json
-hyper-results*.json
-api-results*.json
-.clinic/
-
 #docs 
 website/docs/api/**/*.md
 website/docs/api/**/*.yml
@@ -57,3 +50,6 @@ packages/**/docs
 # cypress
 e2e/ui/cypress/videos/**/*
 e2e/ui/cypress/screenshots/**/*
+
+# storybook
+packages/ui-components/storybook-static

.prettierignore

@@ -35,3 +35,5 @@ packages/plugins/ui-theme/static/
 .verdaccio-db.json
 test/cli/e2e-yarn4/bin/yarn-4.0.0-rc.14.cjs
 yarn.js
+website/docs/api/*
+packages/ui-components/storybook-static/*

e2e/cli/cli-commons/package.json

@@ -5,14 +5,14 @@
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
   "devDependencies": {
-    "verdaccio": "workspace:6.0.0-6-next.52",
-    "@verdaccio/core": "workspace:6.0.0-6-next.52",
-    "@verdaccio/config": "workspace:6.0.0-6-next.52",
-    "@verdaccio/types": "workspace:11.0.0-6-next.17",
-    "yaml": "2.1.3",
+    "verdaccio": "workspace:6.0.0-6-next.57",
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
+    "@verdaccio/config": "workspace:6.0.0-6-next.57",
+    "@verdaccio/types": "workspace:11.0.0-6-next.19",
+    "yaml": "2.2.0",
     "debug": "4.3.4",
     "fs-extra": "10.1.0",
-    "got": "11.8.5",
+    "got": "11.8.6",
     "lodash": "4.17.21"
   },
   "scripts": {

e2e/cli/e2e-npm6/package.json

@@ -4,7 +4,7 @@
   "version": "1.0.1-6-next.5",
   "dependencies": {
     "@verdaccio/test-cli-commons": "workspace:1.0.1-6-next.5",
-    "npm": "6.14.17"
+    "npm": "6.14.18"
   },
   "scripts": {
     "test": "jest"

e2e/cli/e2e-npm9/package.json

@@ -4,7 +4,7 @@
   "version": "1.0.1-6-next.5",
   "dependencies": {
     "@verdaccio/test-cli-commons": "workspace:1.0.1-6-next.5",
-    "npm": "9.1.2"
+    "npm": "9.2.0"
   },
   "scripts": {
     "test": "jest"

e2e/cli/e2e-yarn2/audit.spec.ts

@@ -30,10 +30,6 @@ describe('audit a package yarn 2', () => {
     const resp = await yarn(projectFolder, 'npm', 'audit', '--json');
     const parsedBody = JSON.parse(resp.stdout as string);
     expect(parsedBody.advisories).toBeDefined();
-    expect(parsedBody.advisories['1069969']).toBeDefined();
-    expect(parsedBody.advisories['1069969'].recommendation).toEqual(
-      'Upgrade to version 3.4.0 or later'
-    );
   });
 
   afterAll(async () => {

e2e/cli/e2e-yarn3/audit.spec.ts

@@ -30,10 +30,6 @@ describe('audit a package yarn 3', () => {
     const resp = await yarn(projectFolder, 'npm', 'audit', '--json');
     const parsedBody = JSON.parse(resp.stdout as string);
     expect(parsedBody.advisories).toBeDefined();
-    expect(parsedBody.advisories['1069969']).toBeDefined();
-    expect(parsedBody.advisories['1069969'].recommendation).toEqual(
-      'Upgrade to version 3.4.0 or later'
-    );
   });
 
   afterAll(async () => {

e2e/cli/e2e-yarn3/package.json

@@ -4,7 +4,7 @@
   "version": "1.0.1-6-next.5",
   "dependencies": {
     "@verdaccio/test-cli-commons": "workspace:1.0.1-6-next.5",
-    "@yarnpkg/cli-dist": "3.3.0"
+    "@yarnpkg/cli-dist": "3.3.1"
   },
   "scripts": {
     "test": "jest"

e2e/ui/package.json

@@ -3,12 +3,12 @@
   "name": "@verdaccio/e2e-ui",
   "version": "2.0.0-6-next.3",
   "devDependencies": {
-    "verdaccio": "workspace:6.0.0-6-next.52",
-    "@verdaccio/core": "workspace:6.0.0-6-next.52",
-    "@verdaccio/config": "workspace:6.0.0-6-next.52",
-    "@verdaccio/test-helper": "workspace:2.0.0-6-next.6",
+    "verdaccio": "workspace:6.0.0-6-next.57",
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
+    "@verdaccio/config": "workspace:6.0.0-6-next.57",
+    "@verdaccio/test-helper": "workspace:2.0.0-6-next.7",
     "debug": "4.3.4",
-    "cypress": "11.1.0"
+    "cypress": "11.2.0"
   },
   "scripts": {
     "cypress:open": "cypress open",

package.json

@@ -15,51 +15,51 @@
     "url": "https://opencollective.com/verdaccio"
   },
   "devDependencies": {
-    "@babel/cli": "7.19.3",
-    "@babel/core": "7.20.2",
-    "@babel/node": "7.20.2",
+    "@babel/cli": "7.20.7",
+    "@babel/core": "7.20.7",
+    "@babel/node": "7.20.7",
     "@babel/plugin-proposal-class-properties": "7.18.6",
-    "@babel/plugin-proposal-decorators": "7.20.2",
+    "@babel/plugin-proposal-decorators": "7.20.7",
     "@babel/plugin-proposal-export-namespace-from": "7.18.9",
     "@babel/plugin-proposal-function-sent": "7.18.6",
     "@babel/plugin-proposal-json-strings": "7.18.6",
     "@babel/plugin-proposal-nullish-coalescing-operator": "7.18.6",
     "@babel/plugin-proposal-numeric-separator": "7.18.6",
-    "@babel/plugin-proposal-object-rest-spread": "7.20.2",
-    "@babel/plugin-proposal-optional-chaining": "7.18.9",
+    "@babel/plugin-proposal-object-rest-spread": "7.20.7",
+    "@babel/plugin-proposal-optional-chaining": "7.20.7",
     "@babel/plugin-proposal-throw-expressions": "7.18.6",
     "@babel/plugin-syntax-dynamic-import": "7.8.3",
     "@babel/plugin-syntax-import-meta": "7.10.4",
-    "@babel/plugin-transform-async-to-generator": "7.18.6",
-    "@babel/plugin-transform-classes": "7.20.2",
+    "@babel/plugin-transform-async-to-generator": "7.20.7",
+    "@babel/plugin-transform-classes": "7.20.7",
     "@babel/plugin-transform-runtime": "7.19.6",
     "@babel/preset-env": "7.20.2",
     "@babel/preset-react": "7.18.6",
     "@babel/preset-typescript": "7.18.6",
     "@babel/register": "7.18.9",
-    "@babel/runtime": "7.20.1",
+    "@babel/runtime": "7.20.7",
     "@dianmora/contributors": "5.0.0",
-    "@changesets/changelog-github": "0.4.7",
+    "@changesets/changelog-github": "0.4.8",
     "@changesets/cli": "2.24.4",
-    "@changesets/get-dependents-graph": "1.3.4",
+    "@changesets/get-dependents-graph": "1.3.5",
     "@crowdin/cli": "3.9.1",
     "@emotion/react": "11.10.5",
     "@emotion/styled": "11.10.5",
-    "@mui/material": "5.11.1",
+    "@testing-library/dom": "8.19.1",
+    "@testing-library/jest-dom": "5.16.5",
+    "@testing-library/react": "12.1.4",
     "react": "18.2.0",
     "react-dom": "18.2.0",
-    "@mui/icons-material": "5.11.0",
-    "@mui/styles": "5.11.1",
-    "@mui/system": "5.11.1",
     "@trivago/prettier-plugin-sort-imports": "3.4.0",
-    "@types/async": "3.2.15",
-    "@types/express": "4.17.14",
+    "@types/async": "3.2.16",
+    "@types/express": "4.17.15",
     "@types/http-errors": "1.8.2",
     "@types/jest": "27.5.2",
-    "@types/lodash": "4.14.189",
+    "@types/lodash": "4.14.191",
     "@types/mime": "2.0.3",
     "@types/minimatch": "3.0.5",
-    "@types/node": "16.18.3",
+    "@types/redux": "3.6.0",
+    "@types/node": "16.18.10",
     "@types/jsonwebtoken": "8.5.9",
     "@types/request": "2.48.8",
     "@types/semver": "7.3.13",
@@ -69,12 +69,12 @@
     "@types/validator": "13.7.10",
     "@types/webpack": "5.28.0",
     "@types/webpack-env": "1.18.0",
-    "@types/react": "18.0.25",
+    "@types/react": "18.0.26",
     "@types/react-dom": "18.0.9",
     "@types/react-router-dom": "5.3.3",
     "@types/react-virtualized": "9.21.21",
-    "@typescript-eslint/eslint-plugin": "5.41.0",
-    "@typescript-eslint/parser": "5.41.0",
+    "@typescript-eslint/eslint-plugin": "5.49.0",
+    "@typescript-eslint/parser": "5.49.0",
     "@verdaccio/crowdin-translations": "workspace:*",
     "@verdaccio/eslint-config": "workspace:*",
     "@verdaccio/types": "workspace:*",
@@ -85,12 +85,12 @@
     "babel-plugin-dynamic-import-node": "2.3.3",
     "babel-plugin-emotion": "10.2.2",
     "concurrently": "6.5.1",
-    "core-js": "3.26.1",
+    "core-js": "3.27.0",
     "cross-env": "7.0.3",
     "debug": "4.3.4",
     "detect-secrets": "1.0.6",
     "jest-diff": "29.3.1",
-    "eslint": "8.26.0",
+    "eslint": "8.33.0",
     "fs-extra": "10.1.0",
     "husky": "7.0.4",
     "in-publish": "2.0.1",
@@ -101,16 +101,16 @@
     "jest-junit": "12.3.0",
     "kleur": "3.0.3",
     "lint-staged": "11.2.6",
-    "got": "11.8.5",
+    "got": "11.8.6",
     "nock": "13.2.9",
     "nodemon": "2.0.20",
     "npm-run-all": "4.1.5",
-    "prettier": "2.7.1",
+    "prettier": "2.8.3",
     "rimraf": "3.0.2",
     "selfsigned": "1.10.14",
-    "supertest": "6.3.1",
+    "supertest": "6.3.3",
     "ts-node": "10.9.1",
-    "typescript": "4.9.3",
+    "typescript": "4.9.4",
     "update-ts-references": "2.4.1",
     "verdaccio-audit": "workspace:*",
     "verdaccio-auth-memory": "workspace:*",
@@ -149,13 +149,16 @@
     "ci:publish": "changeset publish",
     "ts:ref": "update-ts-references --discardComments",
     "website": "pnpm build --filter ...@verdaccio/website",
+    "ui:storybook:build": "pnpm build-storybook --filter ...@verdaccio/ui-components",
+    "ui:storybook": "pnpm storybook --filter ...@verdaccio/ui-components",
     "translations": "local-crowdin-api translations",
     "crowdin:upload": "crowdin upload sources --auto-update --config ./crowdin.yaml",
     "crowdin:download": "crowdin download --verbose --config ./crowdin.yaml",
     "crowdin:sync": "pnpm crowdin:upload && pnpm crowdin:download --verbose",
     "postinstall": "husky install",
     "local:registry": "pnpm start --filter ...@verdaccio/local-publish",
-    "local:publish": "cross-env npm_config_registry=http://localhost:4873 pnpm ci:publish",
+    "local:snapshots": "changeset version --snapshot",
+    "local:publish": "cross-env npm_config_registry=http://localhost:4873 pnpm ci:publish -- --no-git-tag",
     "local:publish:release": "concurrently \"pnpm local:registry\" \"pnpm local:publish\""
   },
   "pnpm": {

packages/api/CHANGELOG.md

@@ -1,5 +1,77 @@
 # @verdaccio/api
 
+## 6.0.0-6-next.40
+
+### Patch Changes
+
+- Updated dependencies [9943e2b1]
+  - @verdaccio/middleware@6.0.0-6-next.36
+  - @verdaccio/store@6.0.0-6-next.37
+  - @verdaccio/core@6.0.0-6-next.57
+  - @verdaccio/config@6.0.0-6-next.57
+  - @verdaccio/auth@6.0.0-6-next.36
+  - @verdaccio/logger@6.0.0-6-next.25
+  - @verdaccio/utils@6.0.0-6-next.25
+
+## 6.0.0-6-next.39
+
+### Minor Changes
+
+- a1986e09: feat: expose middleware utils
+
+### Patch Changes
+
+- Updated dependencies [a1986e09]
+  - @verdaccio/middleware@6.0.0-6-next.35
+  - @verdaccio/utils@6.0.0-6-next.24
+  - @verdaccio/auth@6.0.0-6-next.35
+  - @verdaccio/config@6.0.0-6-next.56
+  - @verdaccio/store@6.0.0-6-next.36
+  - @verdaccio/core@6.0.0-6-next.56
+  - @verdaccio/logger@6.0.0-6-next.24
+
+## 6.0.0-6-next.38
+
+### Patch Changes
+
+- Updated dependencies [9718e033]
+  - @verdaccio/config@6.0.0-6-next.55
+  - @verdaccio/core@6.0.0-6-next.55
+  - @verdaccio/store@6.0.0-6-next.35
+  - @verdaccio/utils@6.0.0-6-next.23
+  - @verdaccio/auth@6.0.0-6-next.34
+  - @verdaccio/logger@6.0.0-6-next.23
+  - @verdaccio/middleware@6.0.0-6-next.34
+
+## 6.0.0-6-next.37
+
+### Minor Changes
+
+- ef88da3b: feat: improve support for fs promises older nodejs
+
+### Patch Changes
+
+- Updated dependencies [ef88da3b]
+  - @verdaccio/config@6.0.0-6-next.54
+  - @verdaccio/core@6.0.0-6-next.54
+  - @verdaccio/logger@6.0.0-6-next.22
+  - @verdaccio/utils@6.0.0-6-next.22
+  - @verdaccio/auth@6.0.0-6-next.33
+  - @verdaccio/store@6.0.0-6-next.34
+  - @verdaccio/middleware@6.0.0-6-next.33
+
+## 6.0.0-6-next.36
+
+### Patch Changes
+
+- @verdaccio/auth@6.0.0-6-next.32
+- @verdaccio/core@6.0.0-6-next.53
+- @verdaccio/logger@6.0.0-6-next.21
+- @verdaccio/store@6.0.0-6-next.33
+- @verdaccio/config@6.0.0-6-next.53
+- @verdaccio/middleware@6.0.0-6-next.32
+- @verdaccio/utils@6.0.0-6-next.21
+
 ## 6.0.0-6-next.35
 
 ### Patch Changes

packages/api/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/api",
-  "version": "6.0.0-6-next.35",
+  "version": "6.0.0-6-next.40",
   "description": "loaders logic",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -39,13 +39,13 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@verdaccio/auth": "workspace:6.0.0-6-next.31",
-    "@verdaccio/config": "workspace:6.0.0-6-next.52",
-    "@verdaccio/core": "workspace:6.0.0-6-next.52",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.20",
-    "@verdaccio/middleware": "workspace:6.0.0-6-next.31",
-    "@verdaccio/store": "workspace:6.0.0-6-next.32",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.20",
+    "@verdaccio/auth": "workspace:6.0.0-6-next.36",
+    "@verdaccio/config": "workspace:6.0.0-6-next.57",
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.25",
+    "@verdaccio/middleware": "workspace:6.0.0-6-next.36",
+    "@verdaccio/store": "workspace:6.0.0-6-next.37",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.25",
     "abortcontroller-polyfill": "1.7.5",
     "cookies": "0.8.0",
     "debug": "4.3.4",
@@ -56,11 +56,11 @@
     "semver": "7.3.8"
   },
   "devDependencies": {
-    "@types/node": "16.18.3",
-    "@verdaccio/server": "workspace:6.0.0-6-next.41",
-    "@verdaccio/types": "workspace:11.0.0-6-next.17",
-    "@verdaccio/test-helper": "workspace:2.0.0-6-next.6",
-    "supertest": "6.3.1",
+    "@types/node": "16.18.10",
+    "@verdaccio/server": "workspace:6.0.0-6-next.46",
+    "@verdaccio/types": "workspace:11.0.0-6-next.19",
+    "@verdaccio/test-helper": "workspace:2.0.0-6-next.7",
+    "supertest": "6.3.3",
     "nock": "13.2.9",
     "mockdate": "3.0.5"
   },

packages/api/src/index.ts

@@ -42,7 +42,6 @@ export default function (config: Config, auth: Auth, storage: Storage): Router {
   // TODO: For some reason? what reason?
   app.param('_rev', match(/^-rev$/));
   app.param('org_couchdb_user', match(/^org\.couchdb\.user:/));
-  app.param('anything', match(/.*/));
   app.use(auth.apiJWTmiddleware());
   app.use(bodyParser.json({ strict: false, limit: config.max_body_size || '10mb' }));
   // @ts-ignore

packages/api/src/package.ts

@@ -58,13 +58,13 @@ export default function (route: Router, auth: Auth, storage: Storage): void {
   );
 
   route.get(
-    '/:pkg/-/:filename',
+    '/:package/-/:filename',
     can('access'),
     async function (req: $RequestExtend, res: $ResponseExtend, next): Promise<void> {
-      const { pkg, filename } = req.params;
+      const { package: pkgName, filename } = req.params;
       const abort = new AbortController();
       try {
-        const stream = (await storage.getTarballNext(pkg, filename, {
+        const stream = (await storage.getTarballNext(pkgName, filename, {
           signal: abort.signal,
           // TODO: review why this param
           // enableRemote: true,

packages/api/test/integration/_helper.ts

@@ -16,7 +16,7 @@ import { buildToken, generateRandomHexString } from '@verdaccio/utils';
 
 import apiMiddleware from '../../src';
 
-setup();
+setup({});
 
 export const getConf = (conf) => {
   const configPath = path.join(__dirname, 'config', conf);

packages/auth/CHANGELOG.md

@@ -1,5 +1,63 @@
 # @verdaccio/auth
 
+## 6.0.0-6-next.36
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.57
+- @verdaccio/config@6.0.0-6-next.57
+- @verdaccio/loaders@6.0.0-6-next.26
+- @verdaccio/logger@6.0.0-6-next.25
+- verdaccio-htpasswd@11.0.0-6-next.27
+- @verdaccio/utils@6.0.0-6-next.25
+
+## 6.0.0-6-next.35
+
+### Patch Changes
+
+- Updated dependencies [a1986e09]
+  - @verdaccio/utils@6.0.0-6-next.24
+  - @verdaccio/config@6.0.0-6-next.56
+  - @verdaccio/loaders@6.0.0-6-next.25
+  - verdaccio-htpasswd@11.0.0-6-next.26
+  - @verdaccio/core@6.0.0-6-next.56
+  - @verdaccio/logger@6.0.0-6-next.24
+
+## 6.0.0-6-next.34
+
+### Patch Changes
+
+- Updated dependencies [9718e033]
+  - @verdaccio/config@6.0.0-6-next.55
+  - @verdaccio/core@6.0.0-6-next.55
+  - @verdaccio/utils@6.0.0-6-next.23
+  - @verdaccio/loaders@6.0.0-6-next.24
+  - verdaccio-htpasswd@11.0.0-6-next.25
+  - @verdaccio/logger@6.0.0-6-next.23
+
+## 6.0.0-6-next.33
+
+### Patch Changes
+
+- Updated dependencies [ef88da3b]
+  - @verdaccio/config@6.0.0-6-next.54
+  - @verdaccio/core@6.0.0-6-next.54
+  - @verdaccio/loaders@6.0.0-6-next.23
+  - @verdaccio/logger@6.0.0-6-next.22
+  - @verdaccio/utils@6.0.0-6-next.22
+  - verdaccio-htpasswd@11.0.0-6-next.24
+
+## 6.0.0-6-next.32
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.53
+- @verdaccio/loaders@6.0.0-6-next.22
+- @verdaccio/logger@6.0.0-6-next.21
+- verdaccio-htpasswd@11.0.0-6-next.23
+- @verdaccio/config@6.0.0-6-next.53
+- @verdaccio/utils@6.0.0-6-next.21
+
 ## 6.0.0-6-next.31
 
 ### Patch Changes

packages/auth/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/auth",
-  "version": "6.0.0-6-next.31",
+  "version": "6.0.0-6-next.36",
   "description": "logger",
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
@@ -39,19 +39,19 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.52",
-    "@verdaccio/config": "workspace:6.0.0-6-next.52",
-    "@verdaccio/loaders": "workspace:6.0.0-6-next.21",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.20",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.20",
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
+    "@verdaccio/config": "workspace:6.0.0-6-next.57",
+    "@verdaccio/loaders": "workspace:6.0.0-6-next.26",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.25",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.25",
     "debug": "4.3.4",
     "express": "4.18.2",
-    "jsonwebtoken": "8.5.1",
+    "jsonwebtoken": "9.0.0",
     "lodash": "4.17.21",
-    "verdaccio-htpasswd": "workspace:11.0.0-6-next.22"
+    "verdaccio-htpasswd": "workspace:11.0.0-6-next.27"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:11.0.0-6-next.17"
+    "@verdaccio/types": "workspace:11.0.0-6-next.19"
   },
   "funding": {
     "type": "opencollective",

packages/cli/CHANGELOG.md

@@ -1,5 +1,52 @@
 # @verdaccio/cli
 
+## 6.0.0-6-next.57
+
+### Patch Changes
+
+- @verdaccio/node-api@6.0.0-6-next.57
+- @verdaccio/core@6.0.0-6-next.57
+- @verdaccio/config@6.0.0-6-next.57
+- @verdaccio/logger@6.0.0-6-next.25
+
+## 6.0.0-6-next.56
+
+### Patch Changes
+
+- @verdaccio/config@6.0.0-6-next.56
+- @verdaccio/node-api@6.0.0-6-next.56
+- @verdaccio/core@6.0.0-6-next.56
+- @verdaccio/logger@6.0.0-6-next.24
+
+## 6.0.0-6-next.55
+
+### Patch Changes
+
+- Updated dependencies [9718e033]
+  - @verdaccio/config@6.0.0-6-next.55
+  - @verdaccio/core@6.0.0-6-next.55
+  - @verdaccio/node-api@6.0.0-6-next.55
+  - @verdaccio/logger@6.0.0-6-next.23
+
+## 6.0.0-6-next.54
+
+### Patch Changes
+
+- Updated dependencies [ef88da3b]
+  - @verdaccio/config@6.0.0-6-next.54
+  - @verdaccio/core@6.0.0-6-next.54
+  - @verdaccio/logger@6.0.0-6-next.22
+  - @verdaccio/node-api@6.0.0-6-next.54
+
+## 6.0.0-6-next.53
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.53
+- @verdaccio/logger@6.0.0-6-next.21
+- @verdaccio/node-api@6.0.0-6-next.53
+- @verdaccio/config@6.0.0-6-next.53
+
 ## 6.0.0-6-next.52
 
 ### Patch Changes

packages/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/cli",
-  "version": "6.0.0-6-next.52",
+  "version": "6.0.0-6-next.57",
   "author": {
     "name": "Juan Picado",
     "email": "juanpicado19@gmail.com"
@@ -44,10 +44,10 @@
     "start": "ts-node src/index.ts"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.52",
-    "@verdaccio/config": "workspace:6.0.0-6-next.52",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.20",
-    "@verdaccio/node-api": "workspace:6.0.0-6-next.52",
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
+    "@verdaccio/config": "workspace:6.0.0-6-next.57",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.25",
+    "@verdaccio/node-api": "workspace:6.0.0-6-next.57",
     "clipanion": "3.1.0",
     "envinfo": "7.8.1",
     "kleur": "3.0.3",

packages/config/.babelrc

@@ -1,3 +1,14 @@
 {
-  "extends": "../../.babelrc"
+  "extends": "../../.babelrc",
+  "presets": [
+    [
+      "@babel/env",
+      {
+        "targets": {
+          "node": 12
+        }
+      }
+    ],
+    "@babel/typescript"
+  ]
 }

packages/config/CHANGELOG.md

@@ -1,5 +1,48 @@
 # @verdaccio/config
 
+## 6.0.0-6-next.57
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.57
+- @verdaccio/utils@6.0.0-6-next.25
+
+## 6.0.0-6-next.56
+
+### Patch Changes
+
+- Updated dependencies [a1986e09]
+  - @verdaccio/utils@6.0.0-6-next.24
+  - @verdaccio/core@6.0.0-6-next.56
+
+## 6.0.0-6-next.55
+
+### Patch Changes
+
+- 9718e033: fix: build targets for 5x modules
+- Updated dependencies [9718e033]
+  - @verdaccio/core@6.0.0-6-next.55
+  - @verdaccio/utils@6.0.0-6-next.23
+
+## 6.0.0-6-next.54
+
+### Minor Changes
+
+- ef88da3b: feat: improve support for fs promises older nodejs
+
+### Patch Changes
+
+- Updated dependencies [ef88da3b]
+  - @verdaccio/core@6.0.0-6-next.54
+  - @verdaccio/utils@6.0.0-6-next.22
+
+## 6.0.0-6-next.53
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.53
+- @verdaccio/utils@6.0.0-6-next.21
+
 ## 6.0.0-6-next.52
 
 ### Patch Changes

packages/config/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/config",
-  "version": "6.0.0-6-next.52",
+  "version": "6.0.0-6-next.57",
   "description": "logger",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -26,8 +26,7 @@
     "verdaccio"
   ],
   "engines": {
-    "node": ">=14",
-    "npm": ">=6"
+    "node": ">=12"
   },
   "scripts": {
     "clean": "rimraf ./build",
@@ -39,10 +38,10 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.52",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.20",
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.25",
     "debug": "4.3.4",
-    "yaml": "2.1.3",
+    "yaml": "2.2.0",
     "lodash": "4.17.21",
     "minimatch": "3.1.2",
     "yup": "0.32.11"

packages/config/test/config-parsing.spec.ts

@@ -1,4 +1,4 @@
-import { writeFile } from 'fs/promises';
+import fs from 'fs';
 import path from 'path';
 
 import { fileUtils } from '@verdaccio/core';
@@ -6,6 +6,8 @@ import { fileUtils } from '@verdaccio/core';
 import { fromJStoYAML, parseConfigFile } from '../src';
 import { parseConfigurationFile } from './utils';
 
+const { writeFile } = fs.promises ? fs.promises : require('fs/promises');
+
 describe('parse', () => {
   describe('parseConfigFile', () => {
     describe('JSON format', () => {

packages/core/core/.babelrc

@@ -1,3 +1,14 @@
 {
-  "extends": "../../../.babelrc"
+  "extends": "../../../.babelrc",
+  "presets": [
+    [
+      "@babel/env",
+      {
+        "targets": {
+          "node": 12
+        }
+      }
+    ],
+    "@babel/typescript"
+  ]
 }

packages/core/core/CHANGELOG.md

@@ -1,5 +1,23 @@
 # @verdaccio/core
 
+## 6.0.0-6-next.57
+
+## 6.0.0-6-next.56
+
+## 6.0.0-6-next.55
+
+### Patch Changes
+
+- 9718e033: fix: build targets for 5x modules
+
+## 6.0.0-6-next.54
+
+### Minor Changes
+
+- ef88da3b: feat: improve support for fs promises older nodejs
+
+## 6.0.0-6-next.53
+
 ## 6.0.0-6-next.52
 
 ## 6.0.0-6-next.51

packages/core/core/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/core",
-  "version": "6.0.0-6-next.52",
+  "version": "6.0.0-6-next.57",
   "description": "core utilities",
   "keywords": [
     "private",
@@ -19,8 +19,7 @@
   "license": "MIT",
   "homepage": "https://verdaccio.org",
   "engines": {
-    "node": ">=14",
-    "npm": ">=6"
+    "node": ">=12"
   },
   "repository": {
     "type": "https",
@@ -39,13 +38,13 @@
     "semver": "7.3.8",
     "ajv": "8.11.2",
     "process-warning": "1.0.0",
-    "core-js": "3.26.1"
+    "core-js": "3.27.0"
   },
   "devDependencies": {
     "lodash": "4.17.21",
-    "typedoc": "0.23.21",
+    "typedoc": "0.23.23",
     "typedoc-plugin-missing-exports": "latest",
-    "@verdaccio/types": "workspace:11.0.0-6-next.17"
+    "@verdaccio/types": "workspace:11.0.0-6-next.19"
   },
   "scripts": {
     "clean": "rimraf ./build",

packages/core/core/src/file-utils.ts

@@ -1,4 +1,4 @@
-import { mkdir, mkdtemp } from 'fs/promises';
+import fs from 'fs';
 import os from 'os';
 import path from 'path';
 
@@ -6,6 +6,8 @@ export const Files = {
   DatabaseName: '.verdaccio-db.json',
 };
 
+const { mkdir, mkdtemp } = fs.promises ? fs.promises : require('fs/promises');
+
 /**
  * Create a temporary folder.
  * @param prefix The prefix of the folder name.

packages/core/file-locking/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Change Log
 
+## 11.0.0-6-next.7
+
+### Minor Changes
+
+- ef88da3b: feat: improve support for fs promises older nodejs
+
 ## 11.0.0-6-next.6
 
 ### Patch Changes

packages/core/file-locking/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/file-locking",
-  "version": "11.0.0-6-next.6",
+  "version": "11.0.0-6-next.7",
   "description": "library that handle file locking",
   "keywords": [
     "private",
@@ -17,8 +17,7 @@
   "license": "MIT",
   "homepage": "https://verdaccio.org",
   "engines": {
-    "node": ">=14",
-    "npm": ">=6"
+    "node": ">=12"
   },
   "repository": {
     "type": "https",
@@ -40,7 +39,7 @@
     "lockfile": "1.0.4"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:11.0.0-6-next.17"
+    "@verdaccio/types": "workspace:11.0.0-6-next.19"
   },
   "scripts": {
     "clean": "rimraf ./build",

packages/core/file-locking/src/utils.ts

@@ -1,10 +1,12 @@
-import fs from 'fs/promises';
+import fs from 'fs';
 import locker from 'lockfile';
 import path from 'path';
 import { promisify } from 'util';
 
-export const readFile = fs.readFile;
-const statPromise = fs.stat;
+const fsP = fs.promises ? fs.promises : require('fs/promises');
+
+export const readFile = fsP.readFile;
+const statPromise = fsP.stat;
 // https://github.com/npm/lockfile/issues/33
 const lfLock = promisify(locker.lock);
 const lfUnlock = promisify(locker.unlock);

packages/core/tarball/.babelrc

@@ -1,3 +1,14 @@
 {
-  "extends": "../../../.babelrc"
+  "extends": "../../../.babelrc",
+  "presets": [
+    [
+      "@babel/env",
+      {
+        "targets": {
+          "node": 12
+        }
+      }
+    ],
+    "@babel/typescript"
+  ]
 }

packages/core/tarball/CHANGELOG.md

@@ -1,5 +1,53 @@
 # Change Log
 
+## 11.0.0-6-next.26
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.57
+- @verdaccio/url@11.0.0-6-next.23
+- @verdaccio/utils@6.0.0-6-next.25
+
+## 11.0.0-6-next.25
+
+### Patch Changes
+
+- Updated dependencies [a1986e09]
+  - @verdaccio/utils@6.0.0-6-next.24
+  - @verdaccio/core@6.0.0-6-next.56
+  - @verdaccio/url@11.0.0-6-next.22
+
+## 11.0.0-6-next.24
+
+### Patch Changes
+
+- 9718e033: fix: build targets for 5x modules
+- Updated dependencies [9718e033]
+  - @verdaccio/core@6.0.0-6-next.55
+  - @verdaccio/url@11.0.0-6-next.21
+  - @verdaccio/utils@6.0.0-6-next.23
+
+## 11.0.0-6-next.23
+
+### Minor Changes
+
+- ef88da3b: feat: improve support for fs promises older nodejs
+
+### Patch Changes
+
+- Updated dependencies [ef88da3b]
+  - @verdaccio/core@6.0.0-6-next.54
+  - @verdaccio/url@11.0.0-6-next.20
+  - @verdaccio/utils@6.0.0-6-next.22
+
+## 11.0.0-6-next.22
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.53
+- @verdaccio/url@11.0.0-6-next.19
+- @verdaccio/utils@6.0.0-6-next.21
+
 ## 11.0.0-6-next.21
 
 ### Patch Changes

packages/core/tarball/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/tarball",
-  "version": "11.0.0-6-next.21",
+  "version": "11.0.0-6-next.26",
   "description": "tarball utilities resolver",
   "keywords": [
     "private",
@@ -19,8 +19,7 @@
   "license": "MIT",
   "homepage": "https://verdaccio.org",
   "engines": {
-    "node": ">=14",
-    "npm": ">=6"
+    "node": ">=12"
   },
   "repository": {
     "type": "https",
@@ -35,13 +34,13 @@
   },
   "dependencies": {
     "debug": "4.3.4",
-    "@verdaccio/core": "workspace:6.0.0-6-next.52",
-    "@verdaccio/url": "workspace:11.0.0-6-next.18",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.20",
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
+    "@verdaccio/url": "workspace:11.0.0-6-next.23",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.25",
     "lodash": "4.17.21"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:11.0.0-6-next.17",
+    "@verdaccio/types": "workspace:11.0.0-6-next.19",
     "node-mocks-http": "1.12.1"
   },
   "scripts": {

packages/core/types/CHANGELOG.md

@@ -1,5 +1,37 @@
 # Change Log
 
+## 11.0.0-6-next.19
+
+### Minor Changes
+
+- ef88da3b: feat: improve support for fs promises older nodejs
+
+## 11.0.0-6-next.18
+
+### Major Changes
+
+- 99978797: feat(web): components for custom user interfaces
+
+  Provides a package that includes all components from the user interface, instead being embedded at the `@verdaccio/ui-theme` package.
+
+  ```
+  npm i -D @verdaccio/ui-components
+  ```
+
+  The package contains
+
+  - Components
+  - Providers
+  - Redux Storage
+  - Layouts (precomposed layouts ready to use)
+  - Custom Material Theme
+
+  The `@verdaccio/ui-theme` will consume this package and will use only those are need it.
+
+  > Prerequisites are using Redux, Material-UI and Translations with `i18next`.
+
+  Users could have their own Material UI theme and build custom layouts, adding new features without the need to modify the default project.
+
 ## 11.0.0-6-next.17
 
 ### Major Changes

packages/core/types/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/types",
-  "version": "11.0.0-6-next.17",
+  "version": "11.0.0-6-next.19",
   "description": "verdaccio types definitions",
   "keywords": [
     "private",
@@ -17,8 +17,7 @@
   "license": "MIT",
   "homepage": "https://verdaccio.org",
   "engines": {
-    "node": ">=14",
-    "npm": ">=6"
+    "node": ">=12"
   },
   "repository": {
     "type": "https",
@@ -41,8 +40,8 @@
     "build": "tsc --emitDeclarationOnly -p tsconfig.build.json"
   },
   "devDependencies": {
-    "@types/node": "16.18.3",
-    "typedoc": "0.23.21"
+    "@types/node": "16.18.10",
+    "typedoc": "0.23.23"
   },
   "typedoc": {
     "entryPoint": "./src/types.ts",

packages/core/types/src/configuration.ts

@@ -126,7 +126,7 @@ export type TemplateUIOptions = {
   showDownloadTarball?: boolean;
   showRaw?: boolean;
   base: string;
-  primaryColor?: string;
+  primaryColor: string;
   version?: string;
   logoURI?: string;
   flags: FlagsConfig;

packages/core/url/.babelrc

@@ -1,3 +1,14 @@
 {
-  "extends": "../../../.babelrc"
+  "extends": "../../../.babelrc",
+  "presets": [
+    [
+      "@babel/env",
+      {
+        "targets": {
+          "node": 12
+        }
+      }
+    ],
+    "@babel/typescript"
+  ]
 }

packages/core/url/CHANGELOG.md

@@ -1,5 +1,42 @@
 # Change Log
 
+## 11.0.0-6-next.23
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.57
+
+## 11.0.0-6-next.22
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.56
+
+## 11.0.0-6-next.21
+
+### Patch Changes
+
+- 9718e033: fix: build targets for 5x modules
+- Updated dependencies [9718e033]
+  - @verdaccio/core@6.0.0-6-next.55
+
+## 11.0.0-6-next.20
+
+### Minor Changes
+
+- ef88da3b: feat: improve support for fs promises older nodejs
+
+### Patch Changes
+
+- Updated dependencies [ef88da3b]
+  - @verdaccio/core@6.0.0-6-next.54
+
+## 11.0.0-6-next.19
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.53
+
 ## 11.0.0-6-next.18
 
 ### Patch Changes

packages/core/url/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/url",
-  "version": "11.0.0-6-next.18",
+  "version": "11.0.0-6-next.23",
   "description": "url utilities resolver",
   "keywords": [
     "private",
@@ -19,8 +19,7 @@
   "license": "MIT",
   "homepage": "https://verdaccio.org",
   "engines": {
-    "node": ">=14",
-    "npm": ">=6"
+    "node": ">=12"
   },
   "repository": {
     "type": "https",
@@ -34,13 +33,13 @@
     "access": "public"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.52",
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
     "debug": "4.3.4",
     "lodash": "4.17.21",
     "validator": "13.7.0"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:11.0.0-6-next.17",
+    "@verdaccio/types": "workspace:11.0.0-6-next.19",
     "node-mocks-http": "1.12.1"
   },
   "scripts": {

packages/hooks/CHANGELOG.md

@@ -1,5 +1,46 @@
 # @verdaccio/hooks
 
+## 6.0.0-6-next.27
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.57
+- @verdaccio/logger@6.0.0-6-next.25
+
+## 6.0.0-6-next.26
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.56
+- @verdaccio/logger@6.0.0-6-next.24
+
+## 6.0.0-6-next.25
+
+### Patch Changes
+
+- Updated dependencies [9718e033]
+  - @verdaccio/core@6.0.0-6-next.55
+  - @verdaccio/logger@6.0.0-6-next.23
+
+## 6.0.0-6-next.24
+
+### Minor Changes
+
+- ef88da3b: feat: improve support for fs promises older nodejs
+
+### Patch Changes
+
+- Updated dependencies [ef88da3b]
+  - @verdaccio/core@6.0.0-6-next.54
+  - @verdaccio/logger@6.0.0-6-next.22
+
+## 6.0.0-6-next.23
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.53
+- @verdaccio/logger@6.0.0-6-next.21
+
 ## 6.0.0-6-next.22
 
 ### Patch Changes

packages/hooks/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/hooks",
-  "version": "6.0.0-6-next.22",
+  "version": "6.0.0-6-next.27",
   "description": "loaders logic",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -26,22 +26,21 @@
     "verdaccio"
   ],
   "engines": {
-    "node": ">=14",
-    "npm": ">=6"
+    "node": ">=16"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.52",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.20",
-    "core-js": "3.26.1",
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.25",
+    "core-js": "3.27.0",
     "debug": "4.3.4",
     "handlebars": "4.7.7",
     "undici": "4.16.0"
   },
   "devDependencies": {
-    "@types/node": "16.18.3",
-    "@verdaccio/auth": "workspace:6.0.0-6-next.31",
-    "@verdaccio/config": "workspace:6.0.0-6-next.52",
-    "@verdaccio/types": "workspace:11.0.0-6-next.17"
+    "@types/node": "16.18.10",
+    "@verdaccio/auth": "workspace:6.0.0-6-next.36",
+    "@verdaccio/config": "workspace:6.0.0-6-next.57",
+    "@verdaccio/types": "workspace:11.0.0-6-next.19"
   },
   "scripts": {
     "clean": "rimraf ./build",

packages/loaders/CHANGELOG.md

@@ -1,5 +1,40 @@
 # @verdaccio/loaders
 
+## 6.0.0-6-next.26
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.25
+
+## 6.0.0-6-next.25
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.24
+
+## 6.0.0-6-next.24
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.23
+
+## 6.0.0-6-next.23
+
+### Minor Changes
+
+- ef88da3b: feat: improve support for fs promises older nodejs
+
+### Patch Changes
+
+- Updated dependencies [ef88da3b]
+  - @verdaccio/logger@6.0.0-6-next.22
+
+## 6.0.0-6-next.22
+
+### Patch Changes
+
+- @verdaccio/logger@6.0.0-6-next.21
+
 ## 6.0.0-6-next.21
 
 ### Patch Changes

packages/loaders/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/loaders",
-  "version": "6.0.0-6-next.21",
+  "version": "6.0.0-6-next.26",
   "description": "loaders logic",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -13,14 +13,14 @@
     "url": "https://github.com/verdaccio/verdaccio"
   },
   "dependencies": {
-    "@verdaccio/logger": "workspace:6.0.0-6-next.20",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.25",
     "debug": "4.3.4",
     "lodash": "4.17.21"
   },
   "devDependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.52",
-    "@verdaccio/config": "workspace:6.0.0-6-next.52",
-    "@verdaccio/types": "workspace:11.0.0-6-next.17",
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
+    "@verdaccio/config": "workspace:6.0.0-6-next.57",
+    "@verdaccio/types": "workspace:11.0.0-6-next.19",
     "@verdaccio-scope/verdaccio-auth-foo": "0.0.2",
     "verdaccio-auth-memory": "workspace:*",
     "customprefix-auth": "1.0.0-6-next.0"
@@ -38,8 +38,7 @@
     "verdaccio"
   ],
   "engines": {
-    "node": ">=14",
-    "npm": ">=6"
+    "node": ">=12"
   },
   "license": "MIT",
   "scripts": {

packages/loaders/src/plugin-async-loader.ts

@@ -1,5 +1,5 @@
 import buildDebug from 'debug';
-import { lstat } from 'fs/promises';
+import fs from 'fs';
 import { dirname, isAbsolute, join, resolve } from 'path';
 
 import { pluginUtils } from '@verdaccio/core';
@@ -10,6 +10,8 @@ import { PluginType, isES6, isValid, tryLoad } from './utils';
 
 const debug = buildDebug('verdaccio:plugin:loader:async');
 
+const { lstat } = fs.promises ? fs.promises : require('fs/promises');
+
 async function isDirectory(pathFolder: string) {
   const stat = await lstat(pathFolder);
   return stat.isDirectory();

packages/logger-prettify/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @verdaccio/logger-prettify
 
+## 6.0.0-6-next.8
+
+### Minor Changes
+
+- ef88da3b: feat: improve support for fs promises older nodejs
+
 ## 6.0.0-6-next.7
 
 ### Major Changes

packages/logger-prettify/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/logger-prettify",
-  "version": "6.0.0-6-next.7",
+  "version": "6.0.0-6-next.8",
   "description": "logger",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -26,8 +26,7 @@
     "verdaccio"
   ],
   "engines": {
-    "node": ">=14",
-    "npm": ">=6"
+    "node": ">=12"
   },
   "scripts": {
     "clean": "rimraf ./build",
@@ -39,14 +38,14 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "dayjs": "1.11.6",
+    "dayjs": "1.11.7",
     "pino-abstract-transport": "1.0.0",
     "colorette": "2.0.19",
     "lodash": "4.17.21",
-    "sonic-boom": "3.2.0"
+    "sonic-boom": "3.2.1"
   },
   "devDependencies": {
-    "pino": "8.7.0"
+    "pino": "8.8.0"
   },
   "funding": {
     "type": "opencollective",

packages/logger/CHANGELOG.md

@@ -1,5 +1,42 @@
 # @verdaccio/logger
 
+## 6.0.0-6-next.25
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.57
+
+## 6.0.0-6-next.24
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.56
+
+## 6.0.0-6-next.23
+
+### Patch Changes
+
+- Updated dependencies [9718e033]
+  - @verdaccio/core@6.0.0-6-next.55
+
+## 6.0.0-6-next.22
+
+### Minor Changes
+
+- ef88da3b: feat: improve support for fs promises older nodejs
+
+### Patch Changes
+
+- Updated dependencies [ef88da3b]
+  - @verdaccio/core@6.0.0-6-next.54
+  - @verdaccio/logger-prettify@6.0.0-6-next.8
+
+## 6.0.0-6-next.21
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.53
+
 ## 6.0.0-6-next.20
 
 ### Patch Changes

packages/logger/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/logger",
-  "version": "6.0.0-6-next.20",
+  "version": "6.0.0-6-next.25",
   "description": "logger",
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
@@ -26,8 +26,7 @@
     "verdaccio"
   ],
   "engines": {
-    "node": ">=14",
-    "npm": ">=6"
+    "node": ">=12"
   },
   "scripts": {
     "clean": "rimraf ./build",
@@ -39,14 +38,14 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.52",
-    "@verdaccio/logger-prettify": "workspace:6.0.0-6-next.7",
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
+    "@verdaccio/logger-prettify": "workspace:6.0.0-6-next.8",
     "debug": "4.3.4",
     "colorette": "2.0.19",
-    "pino": "8.7.0"
+    "pino": "8.8.0"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:11.0.0-6-next.17"
+    "@verdaccio/types": "workspace:11.0.0-6-next.19"
   },
   "funding": {
     "type": "opencollective",

packages/middleware/.babelrc

@@ -1,3 +1,14 @@
 {
-  "extends": "../../.babelrc"
+  "extends": "../../.babelrc",
+  "presets": [
+    [
+      "@babel/env",
+      {
+        "targets": {
+          "node": 12
+        }
+      }
+    ],
+    "@babel/typescript"
+  ]
 }

packages/middleware/CHANGELOG.md

@@ -1,5 +1,55 @@
 # @verdaccio/middleware
 
+## 6.0.0-6-next.36
+
+### Patch Changes
+
+- 9943e2b1: fix: extract logger from middleware
+  - @verdaccio/core@6.0.0-6-next.57
+  - @verdaccio/utils@6.0.0-6-next.25
+
+## 6.0.0-6-next.35
+
+### Minor Changes
+
+- a1986e09: feat: expose middleware utils
+
+### Patch Changes
+
+- Updated dependencies [a1986e09]
+  - @verdaccio/utils@6.0.0-6-next.24
+  - @verdaccio/core@6.0.0-6-next.56
+  - @verdaccio/logger@6.0.0-6-next.24
+
+## 6.0.0-6-next.34
+
+### Patch Changes
+
+- Updated dependencies [9718e033]
+  - @verdaccio/core@6.0.0-6-next.55
+  - @verdaccio/utils@6.0.0-6-next.23
+  - @verdaccio/auth@6.0.0-6-next.34
+  - @verdaccio/logger@6.0.0-6-next.23
+
+## 6.0.0-6-next.33
+
+### Patch Changes
+
+- Updated dependencies [ef88da3b]
+  - @verdaccio/core@6.0.0-6-next.54
+  - @verdaccio/logger@6.0.0-6-next.22
+  - @verdaccio/utils@6.0.0-6-next.22
+  - @verdaccio/auth@6.0.0-6-next.33
+
+## 6.0.0-6-next.32
+
+### Patch Changes
+
+- @verdaccio/auth@6.0.0-6-next.32
+- @verdaccio/core@6.0.0-6-next.53
+- @verdaccio/logger@6.0.0-6-next.21
+- @verdaccio/utils@6.0.0-6-next.21
+
 ## 6.0.0-6-next.31
 
 ### Patch Changes

packages/middleware/jest.config.js

@@ -1,3 +1,12 @@
 const config = require('../../jest/config');
 
-module.exports = Object.assign({}, config, {});
+module.exports = Object.assign({}, config, {
+  coverageThreshold: {
+    global: {
+      lines: 67,
+      functions: 75,
+      branches: 56,
+      statements: 67,
+    },
+  },
+});

packages/middleware/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/middleware",
-  "version": "6.0.0-6-next.31",
+  "version": "6.0.0-6-next.36",
   "description": "loaders logic",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -26,8 +26,7 @@
     "verdaccio"
   ],
   "engines": {
-    "node": ">=14",
-    "npm": ">=6"
+    "node": ">=12"
   },
   "scripts": {
     "clean": "rimraf ./build",
@@ -35,19 +34,23 @@
     "build:types": "tsc --emitDeclarationOnly -p tsconfig.build.json",
     "build:js": "babel src/ --out-dir build/ --copy-files --extensions \".ts,.tsx\" --source-maps",
     "watch": "pnpm build:js -- --watch",
+    "test": "jest",
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.25",
     "debug": "4.3.4",
-    "body-parser": "1.20.1",
-    "@verdaccio/auth": "workspace:6.0.0-6-next.31",
-    "@verdaccio/core": "workspace:6.0.0-6-next.52",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.20",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.20",
-    "lodash": "4.17.21"
+    "lodash": "4.17.21",
+    "mime": "2.6.0"
   },
   "funding": {
     "type": "opencollective",
     "url": "https://opencollective.com/verdaccio"
+  },
+  "devDependencies": {
+    "@verdaccio/logger": "workspace:6.0.0-6-next.25",
+    "body-parser": "1.20.1",
+    "supertest": "6.3.3"
   }
 }

packages/middleware/src/index.ts

@@ -1 +1,17 @@
-export * from './middleware';
+export { match } from './middlewares/match';
+export { setSecurityWebHeaders } from './middlewares/security-headers';
+export { validateName, validatePackage } from './middlewares/validation';
+export { media } from './middlewares/media';
+export { encodeScopePackage } from './middlewares/encode-pkg';
+export { expectJson } from './middlewares/json';
+export { antiLoop } from './middlewares/antiLoop';
+export { final } from './middlewares/final';
+export { allow } from './middlewares/allow';
+export { errorReportingMiddleware, handleError } from './middlewares/error';
+export {
+  log,
+  LOG_STATUS_MESSAGE,
+  LOG_VERDACCIO_BYTES,
+  LOG_VERDACCIO_ERROR,
+} from './middlewares/log';
+export * from './types';

packages/middleware/src/middleware.ts

@@ -1,413 +0,0 @@
-import buildDebug from 'debug';
-import { NextFunction, Request, Response } from 'express';
-import { HttpError } from 'http-errors';
-import _ from 'lodash';
-
-import { Auth } from '@verdaccio/auth';
-import {
-  API_ERROR,
-  HEADERS,
-  HEADER_TYPE,
-  HTTP_STATUS,
-  TOKEN_BASIC,
-  TOKEN_BEARER,
-  VerdaccioError,
-  errorUtils,
-} from '@verdaccio/core';
-import { logger } from '@verdaccio/logger';
-import { Config, Logger, Package, RemoteUser } from '@verdaccio/types';
-import {
-  isObject,
-  stringToMD5,
-  validateName as utilValidateName,
-  validatePackage as utilValidatePackage,
-} from '@verdaccio/utils';
-
-import { getVersionFromTarball } from './middleware-utils';
-
-export type $RequestExtend = Request & { remote_user?: RemoteUser; log: Logger };
-export type $ResponseExtend = Response & { cookies?: any };
-export type $NextFunctionVer = NextFunction & any;
-
-const debug = buildDebug('verdaccio:middleware');
-
-export function match(regexp: RegExp): any {
-  return function (
-    req: $RequestExtend,
-    res: $ResponseExtend,
-    next: $NextFunctionVer,
-    value: string
-  ): void {
-    if (regexp.exec(value)) {
-      next();
-    } else {
-      next('route');
-    }
-  };
-}
-
-// TODO: remove, was relocated to web package
-// @ts-deprecated
-export function setSecurityWebHeaders(
-  req: $RequestExtend,
-  res: $ResponseExtend,
-  next: $NextFunctionVer
-): void {
-  // disable loading in frames (clickjacking, etc.)
-  res.header(HEADERS.FRAMES_OPTIONS, 'deny');
-  // avoid stablish connections outside of domain
-  res.header(HEADERS.CSP, "connect-src 'self'");
-  // https://stackoverflow.com/questions/18337630/what-is-x-content-type-options-nosniff
-  res.header(HEADERS.CTO, 'nosniff');
-  // https://stackoverflow.com/questions/9090577/what-is-the-http-header-x-xss-protection
-  res.header(HEADERS.XSS, '1; mode=block');
-  next();
-}
-
-export function validateName(
-  req: $RequestExtend,
-  res: $ResponseExtend,
-  next: $NextFunctionVer,
-  value: string,
-  name: string
-): void {
-  if (value === '-') {
-    // special case in couchdb usually
-    next('route');
-  } else if (utilValidateName(value)) {
-    next();
-  } else {
-    next(errorUtils.getForbidden('invalid ' + name));
-  }
-}
-
-export function validatePackage(
-  req: $RequestExtend,
-  res: $ResponseExtend,
-  next: $NextFunctionVer,
-  value: string,
-  name: string
-): void {
-  if (value === '-') {
-    // special case in couchdb usually
-    next('route');
-  } else if (utilValidatePackage(value)) {
-    next();
-  } else {
-    next(errorUtils.getForbidden('invalid ' + name));
-  }
-}
-
-export function media(expect: string | null): any {
-  return function (req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer): void {
-    if (req.headers[HEADER_TYPE.CONTENT_TYPE] !== expect) {
-      next(
-        errorUtils.getCode(
-          HTTP_STATUS.UNSUPPORTED_MEDIA,
-          'wrong content-type, expect: ' + expect + ', got: ' + req.get[HEADER_TYPE.CONTENT_TYPE]
-        )
-      );
-    } else {
-      next();
-    }
-  };
-}
-
-export function encodeScopePackage(
-  req: $RequestExtend,
-  res: $ResponseExtend,
-  next: $NextFunctionVer
-): void {
-  if (req.url.indexOf('@') !== -1) {
-    // e.g.: /@org/pkg/1.2.3 -> /@org%2Fpkg/1.2.3, /@org%2Fpkg/1.2.3 -> /@org%2Fpkg/1.2.3
-    req.url = req.url.replace(/^(\/@[^\/%]+)\/(?!$)/, '$1%2F');
-  }
-  next();
-}
-
-export function expectJson(
-  req: $RequestExtend,
-  res: $ResponseExtend,
-  next: $NextFunctionVer
-): void {
-  if (!isObject(req.body)) {
-    return next(errorUtils.getBadRequest("can't parse incoming json"));
-  }
-  next();
-}
-
-export function antiLoop(config: Config): Function {
-  return function (req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer): void {
-    if (req?.headers?.via != null) {
-      const arr = req.headers.via.split(',');
-
-      for (let i = 0; i < arr.length; i++) {
-        const m = arr[i].match(/\s*(\S+)\s+(\S+)/);
-        if (m && m[2] === config.server_id) {
-          return next(errorUtils.getCode(HTTP_STATUS.LOOP_DETECTED, 'loop detected'));
-        }
-      }
-    }
-    next();
-  };
-}
-
-export function allow(auth: Auth): Function {
-  return function (action: string): Function {
-    return function (req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer): void {
-      req.pause();
-      const packageName = req.params.scope
-        ? `@${req.params.scope}/${req.params.package}`
-        : req.params.package;
-      const packageVersion = req.params.filename
-        ? getVersionFromTarball(req.params.filename)
-        : undefined;
-      const remote = req.remote_user;
-      logger.trace(
-        { action, user: remote?.name },
-        `[middleware/allow][@{action}] allow for @{user}`
-      );
-      auth['allow_' + action](
-        { packageName, packageVersion },
-        remote,
-        function (error, allowed): void {
-          req.resume();
-          if (error) {
-            next(error);
-          } else if (allowed) {
-            next();
-          } else {
-            // last plugin (that's our built-in one) returns either
-            // cb(err) or cb(null, true), so this should never happen
-            throw errorUtils.getInternalError(API_ERROR.PLUGIN_ERROR);
-          }
-        }
-      );
-    };
-  };
-}
-
-export interface MiddlewareError {
-  error: string;
-}
-
-export type FinalBody = Package | MiddlewareError | string;
-
-export function final(
-  body: FinalBody,
-  req: $RequestExtend,
-  res: $ResponseExtend,
-  // if we remove `next` breaks test
-  // eslint-disable-next-line @typescript-eslint/no-unused-vars
-  next: $NextFunctionVer
-): void {
-  if (res.statusCode === HTTP_STATUS.UNAUTHORIZED && !res.getHeader(HEADERS.WWW_AUTH)) {
-    // they say it's required for 401, so...
-    res.header(HEADERS.WWW_AUTH, `${TOKEN_BASIC}, ${TOKEN_BEARER}`);
-  }
-
-  try {
-    if (_.isString(body) || _.isObject(body)) {
-      if (!res.getHeader(HEADERS.CONTENT_TYPE)) {
-        res.header(HEADERS.CONTENT_TYPE, HEADERS.JSON);
-      }
-
-      if (typeof body === 'object' && _.isNil(body) === false) {
-        if (typeof (body as MiddlewareError).error === 'string') {
-          res.locals._verdaccio_error = (body as MiddlewareError).error;
-          // res._verdaccio_error = (body as MiddlewareError).error;
-        }
-        body = JSON.stringify(body, undefined, '  ') + '\n';
-      }
-
-      // don't send etags with errors
-      if (
-        !res.statusCode ||
-        (res.statusCode >= HTTP_STATUS.OK && res.statusCode < HTTP_STATUS.MULTIPLE_CHOICES)
-      ) {
-        res.header(HEADERS.ETAG, '"' + stringToMD5(body as string) + '"');
-      }
-    } else {
-      // send(null), send(204), etc.
-    }
-  } catch (err: any) {
-    // if verdaccio sends headers first, and then calls res.send()
-    // as an error handler, we can't report error properly,
-    // and should just close socket
-    if (err.message.match(/set headers after they are sent/)) {
-      if (_.isNil(res.socket) === false) {
-        res.socket?.destroy();
-      }
-      return;
-    }
-    throw err;
-  }
-
-  res.send(body);
-}
-
-// FIXME: deprecated, moved to @verdaccio/dev-commons
-export const LOG_STATUS_MESSAGE =
-  "@{status}, user: @{user}(@{remoteIP}), req: '@{request.method} @{request.url}'";
-export const LOG_VERDACCIO_ERROR = `${LOG_STATUS_MESSAGE}, error: @{!error}`;
-export const LOG_VERDACCIO_BYTES = `${LOG_STATUS_MESSAGE}, bytes: @{bytes.in}/@{bytes.out}`;
-
-export function log(req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer): void {
-  // logger
-  req.log = logger.child({ sub: 'in' });
-
-  const _auth = req.headers.authorization;
-  if (_.isNil(_auth) === false) {
-    req.headers.authorization = '<Classified>';
-  }
-
-  const _cookie = req.get('cookie');
-  if (_.isNil(_cookie) === false) {
-    req.headers.cookie = '<Classified>';
-  }
-
-  req.url = req.originalUrl;
-  req.log.info({ req: req, ip: req.ip }, "@{ip} requested '@{req.method} @{req.url}'");
-  req.originalUrl = req.url;
-
-  if (_.isNil(_auth) === false) {
-    req.headers.authorization = _auth;
-  }
-
-  if (_.isNil(_cookie) === false) {
-    req.headers.cookie = _cookie;
-  }
-
-  let bytesin = 0;
-  req.on('data', function (chunk): void {
-    bytesin += chunk.length;
-  });
-
-  let bytesout = 0;
-  const _write = res.write;
-  // FIXME: res.write should return boolean
-  // @ts-ignore
-  res.write = function (buf): boolean {
-    bytesout += buf.length;
-    /* eslint prefer-rest-params: "off" */
-    // @ts-ignore
-    _write.apply(res, arguments);
-  };
-
-  const log = function (): void {
-    const forwardedFor = req.get('x-forwarded-for');
-    const remoteAddress = req.connection.remoteAddress;
-    const remoteIP = forwardedFor ? `${forwardedFor} via ${remoteAddress}` : remoteAddress;
-    let message;
-    if (res.locals._verdaccio_error) {
-      message = LOG_VERDACCIO_ERROR;
-    } else {
-      message = LOG_VERDACCIO_BYTES;
-    }
-
-    req.url = req.originalUrl;
-    req.log.http(
-      {
-        request: {
-          method: req.method,
-          url: req.url,
-        },
-        user: (req.remote_user && req.remote_user.name) || null,
-        remoteIP,
-        status: res.statusCode,
-        error: res.locals._verdaccio_error,
-        bytes: {
-          in: bytesin,
-          out: bytesout,
-        },
-      },
-      message
-    );
-    req.originalUrl = req.url;
-  };
-
-  req.on('close', function (): void {
-    log();
-  });
-
-  const _end = res.end;
-  // @ts-ignore
-  res.end = function (buf): void {
-    if (buf) {
-      bytesout += buf.length;
-    }
-    /* eslint prefer-rest-params: "off" */
-    // @ts-ignore
-    _end.apply(res, arguments);
-    log();
-  };
-  next();
-}
-
-export function handleError(
-  err: HttpError,
-  req: $RequestExtend,
-  res: $ResponseExtend,
-  next: $NextFunctionVer
-) {
-  debug('error handler init');
-  if (_.isError(err)) {
-    debug('is native error');
-    if (err.code === 'ECONNABORT' && res.statusCode === HTTP_STATUS.NOT_MODIFIED) {
-      return next();
-    }
-    if (_.isFunction(res.locals.report_error) === false) {
-      debug('is locals error report ref');
-      // in case of very early error this middleware may not be loaded before error is generated
-      // fixing that
-      errorReportingMiddleware(req, res, _.noop);
-    }
-    debug('set locals error report ref');
-    res.locals.report_error(err);
-  } else {
-    // Fall to Middleware.final
-    debug('no error to report, jump next layer');
-    return next(err);
-  }
-}
-
-// Middleware
-export function errorReportingMiddleware(
-  req: $RequestExtend,
-  res: $ResponseExtend,
-  next: $NextFunctionVer
-): void {
-  debug('error report middleware');
-  res.locals.report_error =
-    res.locals.report_error ||
-    function (err: VerdaccioError): void {
-      if (err.status && err.status >= HTTP_STATUS.BAD_REQUEST && err.status < 600) {
-        debug('is error > 409 %o', err?.status);
-        if (_.isNil(res.headersSent) === false) {
-          debug('send status %o', err?.status);
-          res.status(err.status);
-          debug('next layer %o', err?.message);
-          next({ error: err.message || API_ERROR.UNKNOWN_ERROR });
-        }
-      } else {
-        debug('is error < 409 %o', err?.status);
-        logger.error({ err: err }, 'unexpected error: @{!err.message}\n@{err.stack}');
-        if (!res.status || !res.send) {
-          // TODO: decide which debug keep
-          logger.error('this is an error in express.js, please report this');
-          debug('this is an error in express.js, please report this, destroy response %o', err);
-          res.destroy();
-        } else if (!res.headersSent) {
-          debug('report internal error %o', err);
-          res.status(HTTP_STATUS.INTERNAL_ERROR);
-          next({ error: API_ERROR.INTERNAL_SERVER_ERROR });
-        } else {
-          // socket should be already closed
-          debug('this should not happen, otherwise report %o', err);
-        }
-      }
-    };
-
-  debug('error report middleware next()');
-  next();
-}

packages/middleware/src/middlewares/allow.ts

@@ -0,0 +1,40 @@
+import { API_ERROR, errorUtils } from '@verdaccio/core';
+import { logger } from '@verdaccio/logger';
+import { getVersionFromTarball } from '@verdaccio/utils';
+
+import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types';
+
+export function allow<T>(auth: T): Function {
+  return function (action: string): Function {
+    return function (req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer): void {
+      req.pause();
+      const packageName = req.params.scope
+        ? `@${req.params.scope}/${req.params.package}`
+        : req.params.package;
+      const packageVersion = req.params.filename
+        ? getVersionFromTarball(req.params.filename)
+        : undefined;
+      const remote = req.remote_user;
+      logger.trace(
+        { action, user: remote?.name },
+        `[middleware/allow][@{action}] allow for @{user}`
+      );
+      auth['allow_' + action](
+        { packageName, packageVersion },
+        remote,
+        function (error, allowed): void {
+          req.resume();
+          if (error) {
+            next(error);
+          } else if (allowed) {
+            next();
+          } else {
+            // last plugin (that's our built-in one) returns either
+            // cb(err) or cb(null, true), so this should never happen
+            throw errorUtils.getInternalError(API_ERROR.PLUGIN_ERROR);
+          }
+        }
+      );
+    };
+  };
+}

packages/middleware/src/middlewares/antiLoop.ts

@@ -0,0 +1,30 @@
+import { HTTP_STATUS, errorUtils } from '@verdaccio/core';
+import { Config } from '@verdaccio/types';
+
+import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types';
+
+/**
+ * A middleware that avoid a registry points itself as proxy and avoid create infinite loops.
+ * @param config
+ * @returns
+ */
+export function antiLoop(config: Config): Function {
+  return function (req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer): void {
+    if (req?.headers?.via != null) {
+      const arr = req.get('via')?.split(',');
+      if (Array.isArray(arr)) {
+        for (let i = 0; i < arr.length; i++) {
+          // the "via" header must contains an specific headers, this has to be on sync
+          // with the proxy request
+          // match eg: Server 1 or Server 2
+          // TODO: improve this RegEX
+          const m = arr[i].trim().match(/\s*(\S+)\s+(\S+)/);
+          if (m && m[2] === config.server_id) {
+            return next(errorUtils.getCode(HTTP_STATUS.LOOP_DETECTED, 'loop detected'));
+          }
+        }
+      }
+    }
+    next();
+  };
+}

packages/middleware/src/middlewares/encode-pkg.ts

@@ -0,0 +1,19 @@
+import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types';
+
+/**
+ * Encode / in a scoped package name to be matched as a single parameter in routes
+ * @param req
+ * @param res
+ * @param next
+ */
+export function encodeScopePackage(
+  req: $RequestExtend,
+  res: $ResponseExtend,
+  next: $NextFunctionVer
+): void {
+  if (req.url.indexOf('@') !== -1) {
+    // e.g.: /@org/pkg/1.2.3 -> /@org%2Fpkg/1.2.3, /@org%2Fpkg/1.2.3 -> /@org%2Fpkg/1.2.3
+    req.url = req.url.replace(/^(\/@[^\/%]+)\/(?!$)/, '$1%2F');
+  }
+  next();
+}

packages/middleware/src/middlewares/error.ts

@@ -0,0 +1,79 @@
+import buildDebug from 'debug';
+import { HttpError } from 'http-errors';
+import _ from 'lodash';
+
+import { API_ERROR, HTTP_STATUS, VerdaccioError } from '@verdaccio/core';
+
+import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types';
+
+const debug = buildDebug('verdaccio:middleware:error');
+
+export const handleError = (logger) =>
+  function handleError(
+    err: HttpError,
+    req: $RequestExtend,
+    res: $ResponseExtend,
+    next: $NextFunctionVer
+  ) {
+    debug('error handler init');
+    if (_.isError(err)) {
+      debug('is native error');
+      if (err.code === 'ECONNABORT' && res.statusCode === HTTP_STATUS.NOT_MODIFIED) {
+        return next();
+      }
+      if (_.isFunction(res.locals.report_error) === false) {
+        debug('is locals error report ref');
+        // in case of very early error this middleware may not be loaded before error is generated
+        // fixing that
+        errorReportingMiddleware(logger)(req, res, _.noop);
+      }
+      debug('set locals error report ref');
+      res.locals.report_error(err);
+    } else {
+      // Fall to Middleware.final
+      debug('no error to report, jump next layer');
+      return next(err);
+    }
+  };
+
+// Middleware
+export const errorReportingMiddleware = (logger) =>
+  function errorReportingMiddleware(
+    req: $RequestExtend,
+    res: $ResponseExtend,
+    next: $NextFunctionVer
+  ): void {
+    debug('error report middleware');
+    res.locals.report_error =
+      res.locals.report_error ||
+      function (err: VerdaccioError): void {
+        if (err.status && err.status >= HTTP_STATUS.BAD_REQUEST && err.status < 600) {
+          debug('is error > 409 %o', err?.status);
+          if (_.isNil(res.headersSent) === false) {
+            debug('send status %o', err?.status);
+            res.status(err.status);
+            debug('next layer %o', err?.message);
+            next({ error: err.message || API_ERROR.UNKNOWN_ERROR });
+          }
+        } else {
+          debug('is error < 409 %o', err?.status);
+          logger.error({ err: err }, 'unexpected error: @{!err.message}\n@{err.stack}');
+          if (!res.status || !res.send) {
+            // TODO: decide which debug keep
+            logger.error('this is an error in express.js, please report this');
+            debug('this is an error in express.js, please report this, destroy response %o', err);
+            res.destroy();
+          } else if (!res.headersSent) {
+            debug('report internal error %o', err);
+            res.status(HTTP_STATUS.INTERNAL_ERROR);
+            next({ error: API_ERROR.INTERNAL_SERVER_ERROR });
+          } else {
+            // socket should be already closed
+            debug('this should not happen, otherwise report %o', err);
+          }
+        }
+      };
+
+    debug('error report middleware next()');
+    next();
+  };

packages/middleware/src/middlewares/final.ts

@@ -0,0 +1,60 @@
+import _ from 'lodash';
+
+import { HEADERS, HTTP_STATUS, TOKEN_BASIC, TOKEN_BEARER } from '@verdaccio/core';
+import { Manifest } from '@verdaccio/types';
+import { stringToMD5 } from '@verdaccio/utils';
+
+import { $NextFunctionVer, $RequestExtend, $ResponseExtend, MiddlewareError } from '../types';
+
+export type FinalBody = Manifest | MiddlewareError | string;
+
+export function final(
+  body: FinalBody,
+  req: $RequestExtend,
+  res: $ResponseExtend,
+  // if we remove `next` breaks test
+  // eslint-disable-next-line @typescript-eslint/no-unused-vars
+  next: $NextFunctionVer
+): void {
+  if (res.statusCode === HTTP_STATUS.UNAUTHORIZED && !res.getHeader(HEADERS.WWW_AUTH)) {
+    res.header(HEADERS.WWW_AUTH, `${TOKEN_BASIC}, ${TOKEN_BEARER}`);
+  }
+
+  try {
+    if (_.isString(body) || _.isObject(body)) {
+      if (!res.get(HEADERS.CONTENT_TYPE)) {
+        res.header(HEADERS.CONTENT_TYPE, HEADERS.JSON);
+      }
+
+      if (typeof body === 'object' && _.isNil(body) === false) {
+        if (typeof (body as MiddlewareError).error === 'string') {
+          res.locals._verdaccio_error = (body as MiddlewareError).error;
+        }
+        body = JSON.stringify(body, undefined, '  ') + '\n';
+      }
+
+      // don't send etags with errors
+      if (
+        !res.statusCode ||
+        (res.statusCode >= HTTP_STATUS.OK && res.statusCode < HTTP_STATUS.MULTIPLE_CHOICES)
+      ) {
+        res.header(HEADERS.ETAG, '"' + stringToMD5(body as string) + '"');
+      }
+    } else {
+      // send(null), send(204), etc.
+    }
+  } catch (err: any) {
+    // if verdaccio sends headers first, and then calls res.send()
+    // as an error handler, we can't report error properly,
+    // and should just close socket
+    if (err.message.match(/set headers after they are sent/)) {
+      if (_.isNil(res.socket) === false) {
+        res.socket?.destroy();
+      }
+      return;
+    }
+    throw err;
+  }
+
+  res.send(body);
+}

packages/middleware/src/middlewares/json.ts

@@ -0,0 +1,15 @@
+import { errorUtils } from '@verdaccio/core';
+import { isObject } from '@verdaccio/utils';
+
+import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types';
+
+export function expectJson(
+  req: $RequestExtend,
+  res: $ResponseExtend,
+  next: $NextFunctionVer
+): void {
+  if (!isObject(req.body)) {
+    return next(errorUtils.getBadRequest("can't parse incoming json"));
+  }
+  next();
+}

packages/middleware/src/middlewares/log.ts

@@ -0,0 +1,103 @@
+import _ from 'lodash';
+
+import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types';
+
+// FIXME: deprecated, moved to @verdaccio/dev-commons
+export const LOG_STATUS_MESSAGE =
+  "@{status}, user: @{user}(@{remoteIP}), req: '@{request.method} @{request.url}'";
+export const LOG_VERDACCIO_ERROR = `${LOG_STATUS_MESSAGE}, error: @{!error}`;
+export const LOG_VERDACCIO_BYTES = `${LOG_STATUS_MESSAGE}, bytes: @{bytes.in}/@{bytes.out}`;
+
+export const log = (logger) => {
+  return function log(req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer): void {
+    // logger
+    req.log = logger.child({ sub: 'in' });
+
+    const _auth = req.headers.authorization;
+    if (_.isNil(_auth) === false) {
+      req.headers.authorization = '<Classified>';
+    }
+
+    const _cookie = req.get('cookie');
+    if (_.isNil(_cookie) === false) {
+      req.headers.cookie = '<Classified>';
+    }
+
+    req.url = req.originalUrl;
+    req.log.info({ req: req, ip: req.ip }, "@{ip} requested '@{req.method} @{req.url}'");
+    req.originalUrl = req.url;
+
+    if (_.isNil(_auth) === false) {
+      req.headers.authorization = _auth;
+    }
+
+    if (_.isNil(_cookie) === false) {
+      req.headers.cookie = _cookie;
+    }
+
+    let bytesin = 0;
+    req.on('data', function (chunk): void {
+      bytesin += chunk.length;
+    });
+
+    let bytesout = 0;
+    const _write = res.write;
+    // FIXME: res.write should return boolean
+    // @ts-ignore
+    res.write = function (buf): boolean {
+      bytesout += buf.length;
+      /* eslint prefer-rest-params: "off" */
+      // @ts-ignore
+      _write.apply(res, arguments);
+    };
+
+    const log = function (): void {
+      const forwardedFor = req.get('x-forwarded-for');
+      const remoteAddress = req.connection.remoteAddress;
+      const remoteIP = forwardedFor ? `${forwardedFor} via ${remoteAddress}` : remoteAddress;
+      let message;
+      if (res.locals._verdaccio_error) {
+        message = LOG_VERDACCIO_ERROR;
+      } else {
+        message = LOG_VERDACCIO_BYTES;
+      }
+
+      req.url = req.originalUrl;
+      req.log.http(
+        {
+          request: {
+            method: req.method,
+            url: req.url,
+          },
+          user: req.remote_user?.name || null,
+          remoteIP,
+          status: res.statusCode,
+          error: res.locals._verdaccio_error,
+          bytes: {
+            in: bytesin,
+            out: bytesout,
+          },
+        },
+        message
+      );
+      req.originalUrl = req.url;
+    };
+
+    req.on('close', function (): void {
+      log();
+    });
+
+    const _end = res.end;
+    // @ts-ignore
+    res.end = function (buf): void {
+      if (buf) {
+        bytesout += buf.length;
+      }
+      /* eslint prefer-rest-params: "off" */
+      // @ts-ignore
+      _end.apply(res, arguments);
+      log();
+    };
+    next();
+  };
+};

packages/middleware/src/middlewares/match.ts

@@ -0,0 +1,16 @@
+import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types';
+
+export function match(regexp: RegExp): any {
+  return function (
+    req: $RequestExtend,
+    res: $ResponseExtend,
+    next: $NextFunctionVer,
+    value: string
+  ): void {
+    if (regexp.exec(value)) {
+      next();
+    } else {
+      next('route');
+    }
+  };
+}

packages/middleware/src/middlewares/media.ts

@@ -0,0 +1,18 @@
+import { HEADER_TYPE, HTTP_STATUS, errorUtils } from '@verdaccio/core';
+
+import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types';
+
+export function media(expect: string | null): any {
+  return function (req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer): void {
+    if (req.headers[HEADER_TYPE.CONTENT_TYPE] !== expect) {
+      next(
+        errorUtils.getCode(
+          HTTP_STATUS.UNSUPPORTED_MEDIA,
+          'wrong content-type, expect: ' + expect + ', got: ' + req.get[HEADER_TYPE.CONTENT_TYPE]
+        )
+      );
+    } else {
+      next();
+    }
+  };
+}

packages/middleware/src/middlewares/security-headers.ts

@@ -0,0 +1,21 @@
+import { HEADERS } from '@verdaccio/core';
+
+import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types';
+
+// TODO: remove, was relocated to web package
+// @ts-deprecated
+export function setSecurityWebHeaders(
+  req: $RequestExtend,
+  res: $ResponseExtend,
+  next: $NextFunctionVer
+): void {
+  // disable loading in frames (clickjacking, etc.)
+  res.header(HEADERS.FRAMES_OPTIONS, 'deny');
+  // avoid stablish connections outside of domain
+  res.header(HEADERS.CSP, "connect-src 'self'");
+  // https://stackoverflow.com/questions/18337630/what-is-x-content-type-options-nosniff
+  res.header(HEADERS.CTO, 'nosniff');
+  // https://stackoverflow.com/questions/9090577/what-is-the-http-header-x-xss-protection
+  res.header(HEADERS.XSS, '1; mode=block');
+  next();
+}

packages/middleware/src/middlewares/validation.ts

@@ -0,0 +1,41 @@
+import { errorUtils } from '@verdaccio/core';
+import {
+  validateName as utilValidateName,
+  validatePackage as utilValidatePackage,
+} from '@verdaccio/utils';
+
+import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types';
+
+export function validateName(
+  req: $RequestExtend,
+  res: $ResponseExtend,
+  next: $NextFunctionVer,
+  value: string,
+  name: string
+): void {
+  if (value === '-') {
+    // special case in couchdb usually
+    next('route');
+  } else if (utilValidateName(value)) {
+    next();
+  } else {
+    next(errorUtils.getForbidden('invalid ' + name));
+  }
+}
+
+export function validatePackage(
+  req: $RequestExtend,
+  res: $ResponseExtend,
+  next: $NextFunctionVer,
+  value: string,
+  name: string
+): void {
+  if (value === '-') {
+    // special case in couchdb usually
+    next('route');
+  } else if (utilValidatePackage(value)) {
+    next();
+  } else {
+    next(errorUtils.getForbidden('invalid ' + name));
+  }
+}

packages/middleware/src/types.ts

@@ -0,0 +1,11 @@
+import { NextFunction, Request, Response } from 'express';
+
+import { Logger, RemoteUser } from '@verdaccio/types';
+
+export type $RequestExtend = Request & { remote_user?: RemoteUser; log: Logger };
+export type $ResponseExtend = Response & { cookies?: any };
+export type $NextFunctionVer = NextFunction & any;
+
+export interface MiddlewareError {
+  error: string;
+}

packages/middleware/test/allow.spec.ts

@@ -0,0 +1,82 @@
+import request from 'supertest';
+
+import { HTTP_STATUS } from '@verdaccio/core';
+import { setup } from '@verdaccio/logger';
+
+import { allow } from '../src';
+import { getApp } from './helper';
+
+setup({});
+
+test('should allow request', async () => {
+  const can = allow({
+    allow_publish: (params, remove, cb) => {
+      return cb(null, true);
+    },
+  });
+  const app = getApp([]);
+  // @ts-ignore
+  app.get('/:package', can('publish'), (req, res) => {
+    res.status(HTTP_STATUS.OK).json({});
+  });
+
+  return request(app).get('/react').expect(HTTP_STATUS.OK);
+});
+
+test('should allow scope request', async () => {
+  const can = allow({
+    allow_publish: (params, remove, cb) => {
+      return cb(null, true);
+    },
+  });
+  const app = getApp([]);
+  // @ts-ignore
+  app.get('/:package/:scope', can('publish'), (req, res) => {
+    res.status(HTTP_STATUS.OK).json({});
+  });
+
+  return request(app).get('/@verdaccio/core').expect(HTTP_STATUS.OK);
+});
+
+test('should allow filename request', async () => {
+  const can = allow({
+    allow_publish: (params, remove, cb) => {
+      return cb(null, true);
+    },
+  });
+  const app = getApp([]);
+  // @ts-ignore
+  app.get('/:filename', can('publish'), (req, res) => {
+    res.status(HTTP_STATUS.OK).json({});
+  });
+
+  return request(app).get('/aaa-0.0.1.tgz').expect(HTTP_STATUS.OK);
+});
+
+test('should not allow request', async () => {
+  const can = allow({
+    allow_publish: (params, remove, cb) => {
+      return cb(null, false);
+    },
+  });
+  const app = getApp([]);
+  // @ts-ignore
+  app.get('/sec', can('publish'), (req, res) => {
+    res.status(HTTP_STATUS.OK).json({});
+  });
+
+  return request(app).get('/sec').expect(HTTP_STATUS.INTERNAL_ERROR);
+});
+
+test('should handle error request', async () => {
+  const can = allow({
+    allow_publish: (params, remove, cb) => {
+      return cb(Error('foo error'));
+    },
+  });
+  const app = getApp([]);
+  // @ts-ignore
+  app.get('/err', can('publish'));
+
+  return request(app).get('/err').expect(HTTP_STATUS.INTERNAL_ERROR);
+});

packages/middleware/test/encode.spec.ts

@@ -0,0 +1,21 @@
+import request from 'supertest';
+
+import { HTTP_STATUS } from '@verdaccio/core';
+
+import { encodeScopePackage } from '../src';
+import { getApp } from './helper';
+
+test('encode is json', async () => {
+  const app = getApp([]);
+  // @ts-ignore
+  app.use(encodeScopePackage);
+  // @ts-ignore
+  app.get('/:id', (req, res) => {
+    const { id } = req.params;
+    res.status(HTTP_STATUS.OK).json({ id });
+  });
+
+  const res = await request(app).get('/@scope/foo');
+  expect(res.body).toEqual({ id: '@scope/foo' });
+  expect(res.status).toEqual(HTTP_STATUS.OK);
+});

packages/middleware/test/final.spec.ts

@@ -0,0 +1,60 @@
+import bodyParser from 'body-parser';
+import express from 'express';
+import request from 'supertest';
+
+import { HEADERS, HTTP_STATUS } from '@verdaccio/core';
+
+import { final } from '../src';
+
+test('handle error as object', async () => {
+  const app = express();
+  app.use(bodyParser.json({ strict: false, limit: '10mb' }));
+  app.get('/401', (req, res, next) => {
+    res.status(HTTP_STATUS.UNAUTHORIZED);
+    next({ error: 'some error' });
+  });
+  // @ts-ignore
+  app.use(final);
+
+  const res = await request(app).get('/401');
+  expect(res.get(HEADERS.WWW_AUTH)).toEqual('Basic, Bearer');
+  expect(res.get(HEADERS.CONTENT_TYPE)).toEqual(HEADERS.JSON_CHARSET);
+  expect(res.get(HEADERS.ETAG)).toEqual('W/"1c-CP1UoQiM59AjHpEk0334sfSp1kc"');
+  expect(res.body).toEqual({ error: 'some error' });
+});
+
+test('handle error as string', async () => {
+  const app = express();
+  app.use(bodyParser.json({ strict: false, limit: '10mb' }));
+  app.get('/200', (req, res, next) => {
+    res.status(HTTP_STATUS.OK);
+    // error as json string
+    next(JSON.stringify({ error: 'some error' }));
+  });
+  // @ts-ignore
+  app.use(final);
+
+  const res = await request(app).get('/200');
+  expect(res.get(HEADERS.WWW_AUTH)).not.toBeDefined();
+  expect(res.get(HEADERS.CONTENT_TYPE)).toEqual(HEADERS.JSON_CHARSET);
+  expect(res.get(HEADERS.ETAG)).toEqual('"3f3a7b9afa23269e16685af6e707d109"');
+  expect(res.body).toEqual({ error: 'some error' });
+});
+
+test('handle error as unknown string no parsable', async () => {
+  const app = express();
+  app.use(bodyParser.json({ strict: false, limit: '10mb' }));
+  app.get('/200', (req, res) => {
+    res.status(HTTP_STATUS.OK);
+    // error as json string
+    throw Error('uknonwn');
+  });
+  // @ts-ignore
+  app.use(final);
+
+  const res = await request(app).get('/200');
+  expect(res.get(HEADERS.WWW_AUTH)).not.toBeDefined();
+  expect(res.get(HEADERS.CONTENT_TYPE)).toEqual(HEADERS.JSON_CHARSET);
+  expect(res.get(HEADERS.ETAG)).toEqual('"8a80554c91d9fca8acb82f023de02f11"');
+  expect(res.body).toEqual({});
+});

packages/middleware/test/helper.ts

@@ -0,0 +1,14 @@
+import express from 'express';
+
+export const getApp = (middlewares = []) => {
+  const app = express();
+  middlewares.map((middleware) => {
+    app.use(middleware);
+  });
+
+  // app.get('/', function (req, res) {
+  //   res.status(200).json({ name: 'pkg' });
+  // });
+
+  return app;
+};

packages/middleware/test/json.spec.ts

@@ -0,0 +1,32 @@
+import bodyParser from 'body-parser';
+import request from 'supertest';
+
+import { HEADERS, HTTP_STATUS } from '@verdaccio/core';
+
+import { expectJson } from '../src';
+import { getApp } from './helper';
+
+test('body is json', async () => {
+  const app = getApp([]);
+  app.use(bodyParser.json({ strict: false, limit: '10mb' }));
+  // @ts-ignore
+  app.put('/json', expectJson, (req, res) => {
+    res.status(HTTP_STATUS.OK).json({});
+  });
+
+  return request(app)
+    .put('/json')
+    .send({ name: 'john' })
+    .set(HEADERS.CONTENT_TYPE, 'application/json')
+    .expect(HTTP_STATUS.OK);
+});
+
+test('body is not json', async () => {
+  const app = getApp([]);
+  // @ts-ignore
+  app.put('/json', expectJson, (req, res) => {
+    res.status(HTTP_STATUS.OK).json({});
+  });
+
+  return request(app).put('/json').send('test=4').expect(HTTP_STATUS.BAD_REQUEST);
+});

packages/middleware/test/log.spec.ts

@@ -0,0 +1,28 @@
+import path from 'path';
+import request from 'supertest';
+
+import { HTTP_STATUS } from '@verdaccio/core';
+import { logger, setup } from '@verdaccio/logger';
+
+import { log } from '../src';
+import { getApp } from './helper';
+
+setup({
+  type: 'file',
+  path: path.join(__dirname, './verdaccio.log'),
+  level: 'trace',
+  format: 'json',
+});
+
+test('should log request', async () => {
+  const app = getApp([]);
+  // @ts-ignore
+  app.use(log(logger));
+  // @ts-ignore
+  app.get('/:package', (req, res) => {
+    res.status(HTTP_STATUS.OK).json({});
+  });
+
+  // TODO: pending output
+  return request(app).get('/react').expect(HTTP_STATUS.OK);
+});

packages/middleware/test/loop.spec.ts

@@ -0,0 +1,31 @@
+import request from 'supertest';
+
+import { HTTP_STATUS } from '@verdaccio/core';
+
+import { antiLoop } from '../src';
+import { getApp } from './helper';
+
+test('should not be a loop', async () => {
+  const app = getApp([]);
+  // @ts-ignore
+  app.use(antiLoop({ server_id: '1' }));
+  app.get('/sec', (req, res) => {
+    res.status(HTTP_STATUS.OK).json({});
+  });
+
+  return request(app).get('/sec').set('via', 'Server 2').expect(HTTP_STATUS.OK);
+});
+
+test('should be a loop', async () => {
+  const app = getApp([]);
+  // @ts-ignore
+  app.use(antiLoop({ server_id: '1' }));
+  app.get('/sec', (req, res) => {
+    res.status(HTTP_STATUS.OK).json({});
+  });
+
+  return request(app)
+    .get('/sec')
+    .set('via', 'Server 1, Server 2')
+    .expect(HTTP_STATUS.LOOP_DETECTED);
+});

packages/middleware/test/media.spec.ts

@@ -0,0 +1,33 @@
+import mime from 'mime';
+import request from 'supertest';
+
+import { HEADERS, HTTP_STATUS } from '@verdaccio/core';
+
+import { media } from '../src';
+import { getApp } from './helper';
+
+test('media is json', async () => {
+  const app = getApp([]);
+  app.get('/json', media(mime.getType('json')), (req, res) => {
+    res.status(200).json();
+  });
+
+  return request(app)
+    .get('/json')
+    .set(HEADERS.CONTENT_TYPE, 'application/json')
+    .expect('Content-Type', /json/)
+    .expect(200);
+});
+
+test('media is not json', async () => {
+  const app = getApp([]);
+  app.get('/json', media(mime.getType('json')), (req, res) => {
+    res.status(HTTP_STATUS.OK).json({});
+  });
+
+  return request(app)
+    .get('/json')
+    .set(HEADERS.CONTENT_TYPE, 'text/html; charset=utf-8')
+    .expect('Content-Type', /html/)
+    .expect(HTTP_STATUS.UNSUPPORTED_MEDIA);
+});

packages/middleware/test/params.spec.ts

@@ -0,0 +1,83 @@
+import request from 'supertest';
+
+import { HTTP_STATUS } from '@verdaccio/core';
+
+import { match, validateName, validatePackage } from '../src';
+import { getApp } from './helper';
+
+describe('validate params', () => {
+  test('should validate package name', async () => {
+    const app = getApp([]);
+    // @ts-ignore
+    app.param('package', validatePackage);
+    app.get('/pkg/:package', (req, res) => {
+      res.status(HTTP_STATUS.OK).json({});
+    });
+
+    return request(app).get('/pkg/react').expect(HTTP_STATUS.OK);
+  });
+
+  test('should fails validate package name', async () => {
+    const app = getApp([]);
+    // @ts-ignore
+    app.param('package', validatePackage);
+    app.get('/pkg/:package', (req, res) => {
+      res.status(HTTP_STATUS.OK).json({});
+    });
+
+    return request(app).get('/pkg/node_modules').expect(HTTP_STATUS.FORBIDDEN);
+  });
+
+  test('should fails file name package name', async () => {
+    const app = getApp([]);
+    // @ts-ignore
+    app.param('filename', validateName);
+    app.get('/file/:filename', (req, res) => {
+      res.status(HTTP_STATUS.OK).json({});
+    });
+
+    return request(app).get('/file/__proto__').expect(HTTP_STATUS.FORBIDDEN);
+  });
+
+  test('should validate file name package name', async () => {
+    const app = getApp([]);
+    // @ts-ignore
+    app.param('filename', validateName);
+    app.get('/file/:filename', (req, res) => {
+      res.status(HTTP_STATUS.OK).json({});
+    });
+
+    return request(app).get('/file/react.tar.gz').expect(HTTP_STATUS.OK);
+  });
+});
+
+describe('match', () => {
+  test('should not match middleware', async () => {
+    const app = getApp([]);
+    app.param('_rev', match(/^-rev$/));
+    app.param('org_couchdb_user', match(/^org\.couchdb\.user:/));
+    app.get('/-/user/:org_couchdb_user', (req, res) => {
+      res.status(HTTP_STATUS.OK).json({});
+    });
+
+    app.use((res: any) => {
+      res.status(HTTP_STATUS.INTERNAL_ERROR);
+    });
+
+    return request(app).get('/-/user/test').expect(HTTP_STATUS.INTERNAL_ERROR);
+  });
+
+  test('should match middleware', async () => {
+    const app = getApp([]);
+    app.param('_rev', match(/^-rev$/));
+    app.get('/-/user/:_rev?', (req, res) => {
+      res.status(HTTP_STATUS.OK).json({});
+    });
+
+    app.use((res: any) => {
+      res.status(HTTP_STATUS.INTERNAL_ERROR);
+    });
+
+    return request(app).get('/-/user/-rev').expect(HTTP_STATUS.OK);
+  });
+});

packages/middleware/test/security.spec.ts

@@ -0,0 +1,54 @@
+import request from 'supertest';
+
+import { HEADERS, HTTP_STATUS } from '@verdaccio/core';
+
+import { setSecurityWebHeaders } from '../src';
+import { getApp } from './helper';
+
+test('should get frame options', async () => {
+  const app = getApp([]);
+  // @ts-ignore
+  app.use(setSecurityWebHeaders);
+  app.get('/sec', (req, res) => {
+    res.status(HTTP_STATUS.OK).json({});
+  });
+
+  const res = await request(app).get('/sec').expect(HTTP_STATUS.OK);
+  expect(res.get(HEADERS.FRAMES_OPTIONS)).toEqual('deny');
+});
+
+test('should get csp options', async () => {
+  const app = getApp([]);
+  // @ts-ignore
+  app.use(setSecurityWebHeaders);
+  app.get('/sec', (req, res) => {
+    res.status(HTTP_STATUS.OK).json({});
+  });
+
+  const res = await request(app).get('/sec').expect(HTTP_STATUS.OK);
+  expect(res.get(HEADERS.CSP)).toEqual("connect-src 'self'");
+});
+
+test('should get cto', async () => {
+  const app = getApp([]);
+  // @ts-ignore
+  app.use(setSecurityWebHeaders);
+  app.get('/sec', (req, res) => {
+    res.status(HTTP_STATUS.OK).json({});
+  });
+
+  const res = await request(app).get('/sec').expect(HTTP_STATUS.OK);
+  expect(res.get(HEADERS.CTO)).toEqual('nosniff');
+});
+
+test('should get xss', async () => {
+  const app = getApp([]);
+  // @ts-ignore
+  app.use(setSecurityWebHeaders);
+  app.get('/sec', (req, res) => {
+    res.status(HTTP_STATUS.OK).json({});
+  });
+
+  const res = await request(app).get('/sec').expect(HTTP_STATUS.OK);
+  expect(res.get(HEADERS.XSS)).toEqual('1; mode=block');
+});

packages/node-api/CHANGELOG.md

@@ -1,5 +1,58 @@
 # @verdaccio/node-api
 
+## 6.0.0-6-next.57
+
+### Patch Changes
+
+- Updated dependencies [9943e2b1]
+  - @verdaccio/server@6.0.0-6-next.46
+  - @verdaccio/core@6.0.0-6-next.57
+  - @verdaccio/config@6.0.0-6-next.57
+  - @verdaccio/logger@6.0.0-6-next.25
+  - @verdaccio/server-fastify@6.0.0-6-next.38
+
+## 6.0.0-6-next.56
+
+### Patch Changes
+
+- @verdaccio/server@6.0.0-6-next.45
+- @verdaccio/config@6.0.0-6-next.56
+- @verdaccio/server-fastify@6.0.0-6-next.37
+- @verdaccio/core@6.0.0-6-next.56
+- @verdaccio/logger@6.0.0-6-next.24
+
+## 6.0.0-6-next.55
+
+### Patch Changes
+
+- Updated dependencies [9718e033]
+  - @verdaccio/config@6.0.0-6-next.55
+  - @verdaccio/core@6.0.0-6-next.55
+  - @verdaccio/server@6.0.0-6-next.44
+  - @verdaccio/server-fastify@6.0.0-6-next.36
+  - @verdaccio/logger@6.0.0-6-next.23
+
+## 6.0.0-6-next.54
+
+### Patch Changes
+
+- Updated dependencies [ef88da3b]
+  - @verdaccio/config@6.0.0-6-next.54
+  - @verdaccio/core@6.0.0-6-next.54
+  - @verdaccio/logger@6.0.0-6-next.22
+  - @verdaccio/server@6.0.0-6-next.43
+  - @verdaccio/server-fastify@6.0.0-6-next.35
+
+## 6.0.0-6-next.53
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.53
+- @verdaccio/logger@6.0.0-6-next.21
+- @verdaccio/server-fastify@6.0.0-6-next.34
+- @verdaccio/config@6.0.0-6-next.53
+- @verdaccio/server@6.0.0-6-next.42
+
 ## 6.0.0-6-next.52
 
 ### Patch Changes

packages/node-api/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/node-api",
-  "version": "6.0.0-6-next.52",
+  "version": "6.0.0-6-next.57",
   "description": "node API",
   "main": "build/index.js",
   "types": "build/index.d.ts",
@@ -39,21 +39,21 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.52",
-    "@verdaccio/config": "workspace:6.0.0-6-next.52",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.20",
-    "@verdaccio/server": "workspace:6.0.0-6-next.41",
-    "@verdaccio/server-fastify": "workspace:6.0.0-6-next.33",
-    "core-js": "3.26.1",
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
+    "@verdaccio/config": "workspace:6.0.0-6-next.57",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.25",
+    "@verdaccio/server": "workspace:6.0.0-6-next.46",
+    "@verdaccio/server-fastify": "workspace:6.0.0-6-next.38",
+    "core-js": "3.27.0",
     "debug": "4.3.4",
     "lodash": "4.17.21"
   },
   "devDependencies": {
-    "@types/node": "16.18.3",
-    "@verdaccio/types": "workspace:11.0.0-6-next.17",
+    "@types/node": "16.18.10",
+    "@verdaccio/types": "workspace:11.0.0-6-next.19",
     "jest-mock-process": "1.5.1",
     "selfsigned": "1.10.14",
-    "supertest": "6.3.1"
+    "supertest": "6.3.3"
   },
   "publishConfig": {
     "access": "public"

packages/plugins/audit/CHANGELOG.md

@@ -1,5 +1,47 @@
 # Change Log
 
+## 11.0.0-6-next.20
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.57
+- @verdaccio/config@6.0.0-6-next.57
+- @verdaccio/logger@6.0.0-6-next.25
+
+## 11.0.0-6-next.19
+
+### Patch Changes
+
+- @verdaccio/config@6.0.0-6-next.56
+- @verdaccio/core@6.0.0-6-next.56
+- @verdaccio/logger@6.0.0-6-next.24
+
+## 11.0.0-6-next.18
+
+### Patch Changes
+
+- Updated dependencies [9718e033]
+  - @verdaccio/config@6.0.0-6-next.55
+  - @verdaccio/core@6.0.0-6-next.55
+  - @verdaccio/logger@6.0.0-6-next.23
+
+## 11.0.0-6-next.17
+
+### Patch Changes
+
+- Updated dependencies [ef88da3b]
+  - @verdaccio/config@6.0.0-6-next.54
+  - @verdaccio/core@6.0.0-6-next.54
+  - @verdaccio/logger@6.0.0-6-next.22
+
+## 11.0.0-6-next.16
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.53
+- @verdaccio/logger@6.0.0-6-next.21
+- @verdaccio/config@6.0.0-6-next.53
+
 ## 11.0.0-6-next.15
 
 ### Patch Changes

packages/plugins/audit/package.json

@@ -1,6 +1,6 @@
 {
   "name": "verdaccio-audit",
-  "version": "11.0.0-6-next.15",
+  "version": "11.0.0-6-next.20",
   "description": "Verdaccio Middleware plugin to bypass npmjs audit",
   "keywords": [
     "private",
@@ -31,19 +31,19 @@
     "npm": ">=6"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:6.0.0-6-next.52",
-    "@verdaccio/config": "workspace:6.0.0-6-next.52",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.20",
+    "@verdaccio/core": "workspace:6.0.0-6-next.57",
+    "@verdaccio/config": "workspace:6.0.0-6-next.57",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.25",
     "express": "4.18.2",
     "body-parser": "1.20.1",
     "https-proxy-agent": "5.0.1",
     "node-fetch": "cjs"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:11.0.0-6-next.17",
-    "@verdaccio/auth": "workspace:6.0.0-6-next.31",
+    "@verdaccio/types": "workspace:11.0.0-6-next.19",
+    "@verdaccio/auth": "workspace:6.0.0-6-next.36",
     "nock": "13.2.9",
-    "supertest": "6.3.1"
+    "supertest": "6.3.3"
   },
   "scripts": {
     "clean": "rimraf ./build",

packages/plugins/auth-memory/CHANGELOG.md

@@ -1,5 +1,37 @@
 # Change Log
 
+## 11.0.0-6-next.22
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.57
+
+## 11.0.0-6-next.21
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.56
+
+## 11.0.0-6-next.20
+
+### Patch Changes
+
+- Updated dependencies [9718e033]
+  - @verdaccio/core@6.0.0-6-next.55
+
+## 11.0.0-6-next.19
+
+### Patch Changes
+
+- Updated dependencies [ef88da3b]
+  - @verdaccio/core@6.0.0-6-next.54
+
+## 11.0.0-6-next.18
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.53
+
 ## 11.0.0-6-next.17
 
 ### Patch Changes

packages/plugins/auth-memory/package.json

@@ -1,6 +1,6 @@
 {
   "name": "verdaccio-auth-memory",
-  "version": "11.0.0-6-next.17",
+  "version": "11.0.0-6-next.22",
   "description": "Auth plugin for Verdaccio that keeps users in memory",
   "keywords": [
     "private",
@@ -32,11 +32,11 @@
   },
   "dependencies": {
     "debug": "4.3.4",
-    "@verdaccio/core": "workspace:6.0.0-6-next.52"
+    "@verdaccio/core": "workspace:6.0.0-6-next.57"
   },
   "devDependencies": {
-    "@verdaccio/config": "workspace:6.0.0-6-next.52",
-    "@verdaccio/types": "workspace:11.0.0-6-next.17"
+    "@verdaccio/config": "workspace:6.0.0-6-next.57",
+    "@verdaccio/types": "workspace:11.0.0-6-next.19"
   },
   "scripts": {
     "clean": "rimraf ./build",

packages/plugins/htpasswd/CHANGELOG.md

@@ -1,5 +1,39 @@
 # Change Log
 
+## 11.0.0-6-next.27
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.57
+
+## 11.0.0-6-next.26
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.56
+
+## 11.0.0-6-next.25
+
+### Patch Changes
+
+- Updated dependencies [9718e033]
+  - @verdaccio/core@6.0.0-6-next.55
+
+## 11.0.0-6-next.24
+
+### Patch Changes
+
+- Updated dependencies [ef88da3b]
+  - @verdaccio/core@6.0.0-6-next.54
+  - @verdaccio/file-locking@11.0.0-6-next.7
+
+## 11.0.0-6-next.23
+
+### Patch Changes
+
+- @verdaccio/core@6.0.0-6-next.53
+- @verdaccio/file-locking@11.0.0-6-next.6
+
 ## 11.0.0-6-next.22
 
 ### Patch Changes