chore: update versions (next-8) (#4903)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.26.12 to 3.27.0.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](4d85deb854...662472033e)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.changeset/blue-paws-cheer.md

@@ -0,0 +1,7 @@
+---
+'@verdaccio/server': patch
+'@verdaccio/middleware': patch
+'@verdaccio/core': patch
+---
+
+chore: request header constants

.changeset/lucky-crabs-enjoy.md

@@ -0,0 +1,8 @@
+---
+'@verdaccio/api': patch
+'@verdaccio/core': patch
+'@verdaccio/middleware': patch
+'@verdaccio/proxy': patch
+---
+
+fix(middleware): error 404 when getting scoped tarballs

.changeset/pre.json

@@ -60,14 +60,19 @@
   "changesets": [
     "angry-doors-tan",
     "beige-lions-type",
+    "blue-paws-cheer",
     "chatty-apricots-report",
     "gentle-stingrays-repeat",
     "hip-eggs-serve",
     "long-eyes-drum",
+    "lucky-crabs-enjoy",
     "nine-countries-remember",
     "quick-seas-deny",
+    "rotten-melons-notice",
+    "rude-birds-design",
     "serious-apes-rule",
     "sweet-crabs-deliver",
-    "violet-boxes-float"
+    "violet-boxes-float",
+    "weak-cherries-serve"
   ]
 }

.changeset/rotten-melons-notice.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/middleware': patch
+---
+
+chore(middleware): fix syntax of test files

.changeset/rude-birds-design.md

@@ -0,0 +1,5 @@
+---
+'verdaccio': patch
+---
+
+chore: encode parts of URL

.changeset/weak-cherries-serve.md

@@ -0,0 +1,18 @@
+---
+'@verdaccio/logger-commons': patch
+'@verdaccio/file-locking': patch
+'@verdaccio/ui-theme': patch
+'@verdaccio/search-indexer': patch
+'@verdaccio/server': patch
+'@verdaccio/server-fastify': patch
+'@verdaccio/test-helper': patch
+'@verdaccio/middleware': patch
+'verdaccio': patch
+'@verdaccio/node-api': patch
+'@verdaccio/auth': patch
+'@verdaccio/api': patch
+'@verdaccio/cli': patch
+'@verdaccio/web': patch
+---
+
+chore: auth package requires logger as parameter

.github/workflows/changesets.yml

@@ -20,12 +20,12 @@ jobs:
     if: github.ref == 'refs/heads/master' && github.repository == 'verdaccio/verdaccio'
     steps:
       - name: checkout code repository
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
 
       - name: setup node.js
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version-file: '.nvmrc'
         env:

.github/workflows/ci.yml

@@ -24,15 +24,15 @@ jobs:
     name: setup verdaccio
     services:
       verdaccio:
-        image: verdaccio/verdaccio:5
+        image: verdaccio/verdaccio:6
         ports:
           - 4873:4873
         env:
           NODE_ENV: production
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Node
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
@@ -46,7 +46,7 @@ jobs:
       - name: Install
         run: pnpm install  --registry http://localhost:4873
       - name: Cache .pnpm-store
-        uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v4.0.2
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.0.2
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -57,16 +57,16 @@ jobs:
     name: Lint
     needs: prepare
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Node
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
         run: |
           corepack enable
           corepack install
-      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v4.0.2
+      - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.0.2
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -82,16 +82,16 @@ jobs:
     name: Format
     needs: prepare
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Use Node
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
         run: |
           corepack enable
           corepack install
-      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v4.0.2
+      - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.0.2
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -108,20 +108,20 @@ jobs:
       fail-fast: true
       matrix:
         os: [ubuntu-latest]
-        node_version: [18, 20, 21, 22]
+        node_version: [18, 20, 21, 22, 23]
     name: ${{ matrix.os }} / Node ${{ matrix.node_version }}
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Use Node ${{ matrix.node_version }}
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version: ${{ matrix.node_version }}
       - name: Install pnpm
         run: |
           corepack enable
           corepack prepare
-      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v4.0.2
+      - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.0.2
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -140,15 +140,15 @@ jobs:
     name: synchronize translations
     if: (github.event_name == 'push' && github.ref == 'refs/heads/master' && github.repository == 'verdaccio/verdaccio') || github.event_name == 'workflow_dispatch'
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
-      - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
         run: |
           corepack enable
           corepack install
-      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v4.0.2
+      - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.0.2
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}

.github/workflows/codeql-analysis.yml

@@ -29,7 +29,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           # We must fetch at least the immediate parents so that if this is
           # a pull request then we can checkout the head.
@@ -37,7 +37,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v2
+        uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v2
         with:
           config: |
             paths-ignore:
@@ -50,7 +50,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v2
+        uses: github/codeql-action/autobuild@662472033e021d55d94146f66f6058822b0b39fd # v2
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -64,4 +64,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v2
+        uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # v2

.github/workflows/docker-proxy-apache-e2e.yml

@@ -20,13 +20,13 @@ jobs:
       NODE_OPTIONS: --max_old_space_size=4096
     steps:
     - name: Checkout
-      uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       
     - name: Start containers
       run: docker compose -f "./e2e/docker/apache-verdaccio/docker-compose.yaml" up -d --build
 
     - name: Install node
-      uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+      uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
       with:
         node-version-file: '.nvmrc'
     - name: npm setup

.github/workflows/docker-proxy-nginx-e2e.yml

@@ -18,13 +18,13 @@ jobs:
       NODE_OPTIONS: --max_old_space_size=4096
     steps:
     - name: Checkout
-      uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       
     - name: Start containers
       run: docker compose -f "./e2e/docker/proxy-nginx/docker-compose.yaml" up -d --build
 
     - name: Install node
-      uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+      uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
       with:
         node-version-file: '.nvmrc'
     - name: npm setup

.github/workflows/docker-publish.yml

@@ -24,7 +24,7 @@ jobs:
     runs-on: ubuntu-latest
     if: github.repository == 'verdaccio/verdaccio'
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # tag=v1
       - uses: docker/setup-buildx-action@v1
         with:

.github/workflows/e2e-ci.yml

@@ -18,9 +18,9 @@ jobs:
         env:
           NODE_ENV: production
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Use Node
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
@@ -34,7 +34,7 @@ jobs:
       - name: Install
         run: pnpm install --reporter=silence --ignore-scripts --registry http://localhost:4873
       - name: Cache .pnpm-store
-        uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v4.0.2
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.0.2
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
@@ -44,16 +44,16 @@ jobs:
     needs: [prepare]
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Use Node 
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
         run: |
           corepack enable
           corepack prepare 
-      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v4.0.2
+      - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.0.2
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
@@ -65,7 +65,7 @@ jobs:
       - name: build
         run: pnpm build
       - name: Cache packages
-        uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v4.0.2
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.0.2
         id: cache-packages
         with:
           path: ./packages/
@@ -97,15 +97,15 @@ jobs:
     name: ${{ matrix.pkg }}/ ubuntu-latest / ${{ matrix.node }}
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
-      - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version: ${{ matrix.node }}
       - name: Install pnpm
         run: |
           corepack enable
           corepack prepare 
-      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v4.0.2
+      - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.0.2
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
@@ -114,7 +114,7 @@ jobs:
           pnpm config set store-dir ~/.pnpm-store
       - name: Install
         run: pnpm install --offline --reporter=silence --ignore-scripts --registry http://localhost:4873
-      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v4.0.2
+      - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.0.2
         with:
           path: ./packages/
           key: pkg-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
@@ -141,15 +141,15 @@ jobs:
     name: ${{ matrix.pkg }}/ ubuntu-latest / ${{ matrix.node }}
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
-      - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version: ${{ matrix.node }}
       - name: Install pnpm
         run: |
           corepack enable
           corepack prepare
-      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v4.0.2
+      - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.0.2
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
@@ -158,7 +158,7 @@ jobs:
           pnpm config set store-dir ~/.pnpm-store
       - name: Install
         run: pnpm install --loglevel debug --ignore-scripts --registry http://localhost:4873
-      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v4.0.2
+      - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.0.2
         with:
           path: ./packages/
           key: pkg-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
@@ -186,15 +186,15 @@ jobs:
     name: ${{ matrix.pkg }}/ ubuntu-latest / ${{ matrix.node }}
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
-      - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version: ${{ matrix.node }}
       - name: Install pnpm
         run: |
           corepack enable
           corepack prepare 
-      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v4.0.2
+      - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.0.2
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
@@ -203,7 +203,7 @@ jobs:
           pnpm config set store-dir ~/.pnpm-store
       - name: Install
         run: pnpm install --offline --reporter=silence --ignore-scripts --registry http://localhost:4873
-      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v4.0.2
+      - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.0.2
         with:
           path: ./packages/
           key: pkg-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}

.github/workflows/e2e-ui.yml

@@ -12,15 +12,15 @@ jobs:
     name: UI Test E2E
     services:
       verdaccio:
-        image: verdaccio/verdaccio:5
+        image: verdaccio/verdaccio:6
         ports:
           - 4873:4873
         env:
           NODE_ENV: production
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Use Node
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
@@ -33,7 +33,7 @@ jobs:
         run: pnpm build
       - name: Test UI
         run: pnpm test:e2e:ui
-      - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+      - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: videos
           path: /home/runner/work/verdaccio/verdaccio/e2e/ui/cypress/videos

.github/workflows/plugin-generator-e2e.yaml

@@ -18,16 +18,16 @@ jobs:
       matrix:
         node-version: [18,20, 21]
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version: ${{ matrix.node-version }}
       - name: Install pnpm
         run: |
           corepack enable
           corepack install
-      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v4.0.2
+      - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.0.2
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}

.github/workflows/shared-docker-publish.yml

@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-latest
     if: github.repository == 'verdaccio/verdaccio'
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # tag=v1
       - uses: docker/setup-buildx-action@v1
         with:

.github/workflows/static-data.yml

@@ -20,11 +20,11 @@ jobs:
     runs-on: ubuntu-latest
     if: github.repository == 'verdaccio/verdaccio'
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
           fetch-depth: 0
-      - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+      - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version: 18.x
       - name: install pnpm

.github/workflows/test-docker-build.yml

@@ -6,7 +6,7 @@ jobs:
     name: Test Docker Build
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
     - name: Build
       run: docker build .
       env:

.github/workflows/test-publish-package.yml

@@ -6,7 +6,7 @@ jobs:
     name: Test Verdaccio Publish
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
     - name: Publish
       uses: verdaccio/github-actions/publish@f2e0370cfa5d74d24c325017b701bfddc9cc2e5d # tag=v0.4.0
       with:

.github/workflows/ui-components.yml

@@ -23,15 +23,15 @@ jobs:
     env:
       NODE_OPTIONS: --max_old_space_size=4096
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Use Node
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version-file: '.nvmrc'
 
       - name: Cache pnpm modules
-        uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v4.0.2
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.0.2
         env:
           cache-name: cache-pnpm-modules
         with:

.github/workflows/website.yml

@@ -22,7 +22,7 @@ jobs:
     name: setup verdaccio
     services:
       verdaccio:
-        image: verdaccio/verdaccio:5
+        image: verdaccio/verdaccio:6
         ports:
           - 4873:4873
         env:
@@ -30,10 +30,10 @@ jobs:
     env:
       NODE_OPTIONS: --max_old_space_size=4096
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Node
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version-file: '.nvmrc'
       - name: Install pnpm
@@ -47,7 +47,7 @@ jobs:
       - name: Install
         run: pnpm install  --registry http://localhost:4873
       - name: Cache .pnpm-store
-        uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v4.0.2
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.0.2
         with:
           path: ~/.pnpm-store
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -58,7 +58,7 @@ jobs:
       - name: Build Translations percentage
         run: pnpm --filter @verdaccio/crowdin-translations build
       - name: Cache Docusaurus Build
-        uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v4.0.2
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.0.2
         with:
           path: website/node_modules/.cache/webpack
           key: cache/webpack-${{github.ref}}-${{ hashFiles('**/pnpm-lock.yaml') }}

.github/workflows/x-e2e-angular-cli-workflow.yml

@@ -7,10 +7,10 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: 'Use Node.js'
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version-file: '.nvmrc'
       - name: 'install latest npm'
@@ -44,10 +44,10 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: 'Use Node.js'
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version-file: '.nvmrc'
       - name: 'install latest npm 9'
@@ -80,10 +80,10 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: 'Use Node.js'
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version-file: '.nvmrc'
       - name: 'install latest npm 10'

.github/workflows/x-e2e-audit-workflow.yml

@@ -7,10 +7,10 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: 'Use Node.js'
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version-file: '.nvmrc'
       - name: 'install latest npm 10'

.github/workflows/x-e2e-gatsbyjs-cli-workflow.yml

@@ -7,10 +7,10 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: 'Use Node.js'
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version-file: '.nvmrc'
       - name: 'install npm 9'
@@ -42,10 +42,10 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: 'Use Node.js'
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version-file: '.nvmrc'
       - name: 'install npm 10'

.github/workflows/x-e2e-jest-workflow.yml

@@ -7,10 +7,10 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: 'Use Node.js'
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version-file: '.nvmrc'
       - name: Install Dependencies
@@ -38,10 +38,10 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: 'Use Node.js'
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version-file: '.nvmrc'
       - name: Install Dependencies
@@ -72,10 +72,10 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: 'Use Node.js'
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version-file: '.nvmrc'
       - name: 'install latest npm'
@@ -105,10 +105,10 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: 'Use Node.js'
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version-file: '.nvmrc'
       - name: 'install latest npm 9'
@@ -138,10 +138,10 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: 'Use Node.js'
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version-file: '.nvmrc'
       - name: 'install latest npm 10'
@@ -171,10 +171,10 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: 'Use Node.js'
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version-file: '.nvmrc'
       - name: 'install latest pnpm'
@@ -204,10 +204,10 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: 'Use Node.js'
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version-file: '.nvmrc'
       - name: 'install latest pnpm'

.github/workflows/x-release-snapshot.yml

@@ -6,9 +6,9 @@ jobs:
     name: Release Snapshot
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
     - name: Use Node (latest)
-      uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+      uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
       with:
         node-version-file: '.nvmrc'
     - name: Install
@@ -25,4 +25,4 @@ jobs:
       run: sh scripts/publish-prerelease.sh
       env:
         REGISTRY_AUTH_TOKEN: ${{ secrets.VERDACCIO_REGISTRY_TOKEN_CANARY }}
-        REGISTRY_URL: registry.verdaccio.org
+        REGISTRY_URL: rg.verdaccio.org

.github/workflows/x-release.yml

@@ -6,9 +6,9 @@ jobs:
     name: Release
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
     - name: Use Node (latest)
-      uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+      uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
       with:
         node-version-file: '.nvmrc'
     - name: Install

.github/workflows/x-smok-test-docker.yml

@@ -16,7 +16,7 @@ jobs:
   test:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+      - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version-file: '.nvmrc'
       - name: Docker test

.github/workflows/x-smok-test-module.yml

@@ -10,9 +10,9 @@ jobs:
   test:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Use Node (latest)
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version-file: '.nvmrc'
       - name: Docker test

.github/workflows/yarn-ci-lint.yml

@@ -6,9 +6,9 @@ jobs:
     name: Node Lint
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
     - name: Use Node 
-      uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+      uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
       with:
         node-version-file: '.nvmrc'
     - name: Install

.github/workflows/yarn-ci.yml

@@ -9,9 +9,9 @@ jobs:
     name: Node ${{ inputs.node_version }}
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
     - name: Use Node ${{ inputs.node_version }}
-      uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+      uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
       with:
         node-version: ${{ inputs.node_version }}
     - name: Install

.npmrc

@@ -1,2 +1 @@
-always-auth = true
 fetch-retries="10"

e2e/cli/cli-commons/package.json

@@ -5,8 +5,8 @@
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
   "devDependencies": {
-    "@verdaccio/config": "workspace:8.0.0-next-8.3",
-    "@verdaccio/core": "workspace:8.0.0-next-8.3",
+    "@verdaccio/config": "workspace:8.0.0-next-8.4",
+    "@verdaccio/core": "workspace:8.0.0-next-8.4",
     "@verdaccio/types": "workspace:13.0.0-next-8.1",
     "debug": "4.3.7",
     "fs-extra": "11.2.0",
@@ -14,7 +14,7 @@
     "got": "11.8.6",
     "js-yaml": "4.1.0",
     "lodash": "4.17.21",
-    "verdaccio": "workspace:8.0.0-next-8.3"
+    "verdaccio": "workspace:8.0.0-next-8.4"
   },
   "scripts": {
     "test": "echo no test",

e2e/cli/e2e-yarn1/jest.config.js

@@ -1,3 +0,0 @@
-const config = require('../jest.config');
-
-module.exports = { ...config };

e2e/cli/e2e-yarn2/jest.config.js

@@ -1,3 +0,0 @@
-const config = require('../jest.config');
-
-module.exports = { ...config };

e2e/cli/jest.config.js

@@ -1,8 +0,0 @@
-const { defaults } = require('jest-config');
-const config = require('../../jest/config');
-
-module.exports = Object.assign({}, config, {
-  collectCoverage: false,
-  coverageReporters: ['text'],
-  moduleFileExtensions: [...defaults.moduleFileExtensions, 'ts'],
-});

e2e/ui/package.json

@@ -3,10 +3,10 @@
   "name": "@verdaccio/e2e-ui",
   "version": "2.0.0",
   "devDependencies": {
-    "verdaccio": "workspace:8.0.0-next-8.3",
-    "@verdaccio/core": "workspace:8.0.0-next-8.3",
-    "@verdaccio/config": "workspace:8.0.0-next-8.3",
-    "@verdaccio/test-helper": "workspace:4.0.0-next-8.0",
+    "verdaccio": "workspace:8.0.0-next-8.4",
+    "@verdaccio/core": "workspace:8.0.0-next-8.4",
+    "@verdaccio/config": "workspace:8.0.0-next-8.4",
+    "@verdaccio/test-helper": "workspace:4.0.0-next-8.1",
     "debug": "4.3.7",
     "cypress": "^13.6.0",
     "get-port": "5.1.1"

package.json

@@ -17,7 +17,7 @@
   "devDependencies": {
     "@babel/cli": "7.24.8",
     "@babel/core": "7.24.9",
-    "@babel/eslint-parser": "7.25.7",
+    "@babel/eslint-parser": "7.25.9",
     "@babel/node": "7.25.0",
     "@babel/plugin-proposal-decorators": "7.24.7",
     "@babel/plugin-proposal-function-sent": "7.24.7",

packages/api/CHANGELOG.md

@@ -1,5 +1,23 @@
 # @verdaccio/api
 
+## 8.1.0-next-8.4
+
+### Patch Changes
+
+- 58e0d95: fix(middleware): error 404 when getting scoped tarballs
+- e93d6a3: chore: auth package requires logger as parameter
+- Updated dependencies [48aa89f]
+- Updated dependencies [58e0d95]
+- Updated dependencies [1076a89]
+- Updated dependencies [e93d6a3]
+  - @verdaccio/middleware@8.0.0-next-8.4
+  - @verdaccio/core@8.0.0-next-8.4
+  - @verdaccio/auth@8.0.0-next-8.4
+  - @verdaccio/config@8.0.0-next-8.4
+  - @verdaccio/store@8.0.0-next-8.4
+  - @verdaccio/utils@8.1.0-next-8.4
+  - @verdaccio/logger@8.0.0-next-8.4
+
 ## 8.1.0-next-8.3
 
 ### Patch Changes

packages/api/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/api",
-  "version": "8.1.0-next-8.3",
+  "version": "8.1.0-next-8.4",
   "description": "loaders logic",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -38,24 +38,24 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@verdaccio/auth": "workspace:8.0.0-next-8.3",
-    "@verdaccio/config": "workspace:8.0.0-next-8.3",
-    "@verdaccio/core": "workspace:8.0.0-next-8.3",
-    "@verdaccio/logger": "workspace:8.0.0-next-8.3",
-    "@verdaccio/middleware": "workspace:8.0.0-next-8.3",
-    "@verdaccio/store": "workspace:8.0.0-next-8.3",
-    "@verdaccio/utils": "workspace:8.1.0-next-8.3",
+    "@verdaccio/auth": "workspace:8.0.0-next-8.4",
+    "@verdaccio/config": "workspace:8.0.0-next-8.4",
+    "@verdaccio/core": "workspace:8.0.0-next-8.4",
+    "@verdaccio/logger": "workspace:8.0.0-next-8.4",
+    "@verdaccio/middleware": "workspace:8.0.0-next-8.4",
+    "@verdaccio/store": "workspace:8.0.0-next-8.4",
+    "@verdaccio/utils": "workspace:8.1.0-next-8.4",
     "abortcontroller-polyfill": "1.7.5",
     "body-parser": "1.20.3",
-    "cookies": "0.9.0",
+    "cookies": "0.9.1",
     "debug": "4.3.7",
-    "express": "4.21.0",
+    "express": "4.21.1",
     "lodash": "4.17.21",
     "mime": "2.6.0",
     "semver": "7.6.3"
   },
   "devDependencies": {
-    "@verdaccio/test-helper": "workspace:4.0.0-next-8.0",
+    "@verdaccio/test-helper": "workspace:4.0.0-next-8.1",
     "@verdaccio/types": "workspace:13.0.0-next-8.1",
     "mockdate": "3.0.5",
     "nock": "13.5.1",

packages/api/src/dist-tags.ts

@@ -4,13 +4,13 @@ import mime from 'mime';
 
 import { Auth } from '@verdaccio/auth';
 import { constants, errorUtils } from '@verdaccio/core';
-import { logger } from '@verdaccio/logger';
 import { allow, media } from '@verdaccio/middleware';
 import { Storage } from '@verdaccio/store';
+import { Logger } from '@verdaccio/types';
 
 import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types/custom';
 
-export default function (route: Router, auth: Auth, storage: Storage): void {
+export default function (route: Router, auth: Auth, storage: Storage, logger: Logger): void {
   const can = allow(auth, {
     beforeAll: (a, b) => logger.trace(a, b),
     afterAll: (a, b) => logger.trace(a, b),

packages/api/src/index.ts

@@ -4,12 +4,13 @@ import { Auth } from '@verdaccio/auth';
 import {
   antiLoop,
   encodeScopePackage,
+  makeURLrelative,
   match,
   validateName,
   validatePackage,
 } from '@verdaccio/middleware';
 import { Storage } from '@verdaccio/store';
-import { Config } from '@verdaccio/types';
+import { Config, Logger } from '@verdaccio/types';
 
 import distTags from './dist-tags';
 import pkg from './package';
@@ -23,7 +24,7 @@ import v1Search from './v1/search';
 import token from './v1/token';
 import whoami from './whoami';
 
-export default function (config: Config, auth: Auth, storage: Storage): Router {
+export default function (config: Config, auth: Auth, storage: Storage, logger: Logger): Router {
   /* eslint new-cap:off */
   const app = express.Router();
   /* eslint new-cap:off */
@@ -45,19 +46,20 @@ export default function (config: Config, auth: Auth, storage: Storage): Router {
   app.use(auth.apiJWTmiddleware());
   app.use(express.json({ strict: false, limit: config.max_body_size || '10mb' }));
   app.use(antiLoop(config));
+  app.use(makeURLrelative);
   // encode / in a scoped package name to be matched as a single parameter in routes
   app.use(encodeScopePackage);
   // for "npm whoami"
   whoami(app);
   profile(app, auth, config);
-  search(app);
-  user(app, auth, config);
-  distTags(app, auth, storage);
-  publish(app, auth, storage);
+  search(app, logger);
+  user(app, auth, config, logger);
+  distTags(app, auth, storage, logger);
+  publish(app, auth, storage, logger);
   ping(app);
   stars(app, storage);
-  v1Search(app, auth, storage);
-  token(app, auth, storage, config);
-  pkg(app, auth, storage);
+  v1Search(app, auth, storage, logger);
+  token(app, auth, storage, config, logger);
+  pkg(app, auth, storage, logger);
   return app;
 }

packages/api/src/package.ts

@@ -3,15 +3,15 @@ import { Router } from 'express';
 
 import { Auth } from '@verdaccio/auth';
 import { HEADERS, HEADER_TYPE, stringUtils } from '@verdaccio/core';
-import { logger } from '@verdaccio/logger';
 import { allow } from '@verdaccio/middleware';
 import { Storage } from '@verdaccio/store';
+import { Logger } from '@verdaccio/types';
 
 import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types/custom';
 
 const debug = buildDebug('verdaccio:api:package');
 
-export default function (route: Router, auth: Auth, storage: Storage): void {
+export default function (route: Router, auth: Auth, storage: Storage, logger: Logger): void {
   const can = allow(auth, {
     beforeAll: (a, b) => logger.trace(a, b),
     afterAll: (a, b) => logger.trace(a, b),

packages/api/src/publish.ts

@@ -4,9 +4,9 @@ import mime from 'mime';
 
 import { Auth } from '@verdaccio/auth';
 import { API_MESSAGE, HTTP_STATUS } from '@verdaccio/core';
-import { logger } from '@verdaccio/logger';
 import { allow, expectJson, media } from '@verdaccio/middleware';
 import { Storage } from '@verdaccio/store';
+import { Logger } from '@verdaccio/types';
 
 import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types/custom';
 
@@ -109,7 +109,12 @@ const debug = buildDebug('verdaccio:api:publish');
 	   }
    *
    */
-export default function publish(router: Router, auth: Auth, storage: Storage): void {
+export default function publish(
+  router: Router,
+  auth: Auth,
+  storage: Storage,
+  logger: Logger
+): void {
   const can = allow(auth, {
     beforeAll: (a, b) => logger.trace(a, b),
     afterAll: (a, b) => logger.trace(a, b),
@@ -119,7 +124,7 @@ export default function publish(router: Router, auth: Auth, storage: Storage): v
     can('publish'),
     media(mime.getType('json')),
     expectJson,
-    publishPackage(storage)
+    publishPackage(storage, logger)
   );
 
   router.put(
@@ -127,7 +132,7 @@ export default function publish(router: Router, auth: Auth, storage: Storage): v
     can('unpublish'),
     media(mime.getType('json')),
     expectJson,
-    publishPackage(storage)
+    publishPackage(storage, logger)
   );
 
   /**
@@ -195,7 +200,7 @@ export default function publish(router: Router, auth: Auth, storage: Storage): v
   );
 }
 
-export function publishPackage(storage: Storage): any {
+export function publishPackage(storage: Storage, logger: Logger): any {
   return async function (
     req: $RequestExtend,
     res: $ResponseExtend,

packages/api/src/search.ts

@@ -1,7 +1,7 @@
 import { HTTP_STATUS } from '@verdaccio/core';
-import { logger } from '@verdaccio/logger';
+import { Logger } from '@verdaccio/types';
 
-export default function (route): void {
+export default function (route, logger: Logger): void {
   // TODO: next major version, remove this
   route.get('/-/all(/since)?', function (_req, res) {
     logger.warn('search endpoint has been removed, please use search v1');

packages/api/src/user.ts

@@ -12,8 +12,8 @@ import {
   errorUtils,
   validatioUtils,
 } from '@verdaccio/core';
-import { logger } from '@verdaccio/logger';
 import { rateLimit } from '@verdaccio/middleware';
+import { Logger } from '@verdaccio/types';
 import { Config, RemoteUser } from '@verdaccio/types';
 import { getAuthenticatedMessage, mask } from '@verdaccio/utils';
 
@@ -21,7 +21,7 @@ import { $NextFunctionVer, $RequestExtend } from '../types/custom';
 
 const debug = buildDebug('verdaccio:api:user');
 
-export default function (route: Router, auth: Auth, config: Config): void {
+export default function (route: Router, auth: Auth, config: Config, logger: Logger): void {
   route.get(
     '/-/user/:org_couchdb_user',
     rateLimit(config?.userRateLimit),

packages/api/src/v1/search.ts

@@ -3,9 +3,9 @@ import _ from 'lodash';
 
 import { Auth } from '@verdaccio/auth';
 import { HTTP_STATUS, searchUtils } from '@verdaccio/core';
-import { logger } from '@verdaccio/logger';
 import { Storage } from '@verdaccio/store';
 import { Manifest } from '@verdaccio/types';
+import { Logger } from '@verdaccio/types';
 
 const debug = buildDebug('verdaccio:api:search');
 
@@ -15,7 +15,7 @@ const debug = buildDebug('verdaccio:api:search');
  *  - {"objects":[],"total":0,"time":"Sun Jul 25 2021 14:09:11 GMT+0000 (Coordinated Universal Time)"}
  * req: 'GET /-/v1/search?text=react&size=20&frpom=0&quality=0.65&popularity=0.98&maintenance=0.5'
  */
-export default function (route, auth: Auth, storage: Storage): void {
+export default function (route, auth: Auth, storage: Storage, logger: Logger): void {
   function checkAccess(pkg: any, auth: any, remoteUser): Promise<Manifest | null> {
     return new Promise((resolve, reject) => {
       auth.allow_access({ packageName: pkg?.package?.name }, remoteUser, function (err, allowed) {

packages/api/src/v1/token.ts

@@ -4,10 +4,10 @@ import _ from 'lodash';
 import { getApiToken } from '@verdaccio/auth';
 import { Auth } from '@verdaccio/auth';
 import { HEADERS, HTTP_STATUS, SUPPORT_ERRORS, errorUtils } from '@verdaccio/core';
-import { logger } from '@verdaccio/logger';
 import { rateLimit } from '@verdaccio/middleware';
 import { Storage } from '@verdaccio/store';
 import { Config, RemoteUser, Token } from '@verdaccio/types';
+import { Logger } from '@verdaccio/types';
 import { mask, stringToMD5 } from '@verdaccio/utils';
 
 import { $NextFunctionVer, $RequestExtend } from '../../types/custom';
@@ -24,7 +24,13 @@ function normalizeToken(token: Token): NormalizeToken {
 }
 
 // https://github.com/npm/npm-profile/blob/latest/lib/index.js
-export default function (route: Router, auth: Auth, storage: Storage, config: Config): void {
+export default function (
+  route: Router,
+  auth: Auth,
+  storage: Storage,
+  config: Config,
+  logger: Logger
+): void {
   route.get(
     '/-/npm/v1/tokens',
     rateLimit(config?.userRateLimit),

packages/api/test/integration/distTag.spec.ts

@@ -2,9 +2,12 @@ import supertest from 'supertest';
 import { beforeEach, describe, expect, test } from 'vitest';
 
 import { API_MESSAGE, HEADERS, HEADER_TYPE, HTTP_STATUS } from '@verdaccio/core';
+import { setup } from '@verdaccio/logger';
 
 import { getDisTags, initializeServer, publishVersion } from './_helper';
 
+setup({});
+
 describe('package', () => {
   let app;
   beforeEach(async () => {

packages/auth/CHANGELOG.md

@@ -1,5 +1,19 @@
 # @verdaccio/auth
 
+## 8.0.0-next-8.4
+
+### Patch Changes
+
+- e93d6a3: chore: auth package requires logger as parameter
+- Updated dependencies [48aa89f]
+- Updated dependencies [58e0d95]
+  - @verdaccio/core@8.0.0-next-8.4
+  - @verdaccio/config@8.0.0-next-8.4
+  - @verdaccio/loaders@8.0.0-next-8.3
+  - verdaccio-htpasswd@13.0.0-next-8.4
+  - @verdaccio/utils@8.1.0-next-8.4
+  - @verdaccio/signature@8.0.0-next-8.1
+
 ## 8.0.0-next-8.3
 
 ### Patch Changes

packages/auth/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/auth",
-  "version": "8.0.0-next-8.3",
+  "version": "8.0.0-next-8.4",
   "description": "logger",
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
@@ -38,20 +38,20 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@verdaccio/config": "workspace:8.0.0-next-8.3",
-    "@verdaccio/core": "workspace:8.0.0-next-8.3",
+    "@verdaccio/config": "workspace:8.0.0-next-8.4",
+    "@verdaccio/core": "workspace:8.0.0-next-8.4",
     "@verdaccio/loaders": "workspace:8.0.0-next-8.3",
-    "@verdaccio/logger": "workspace:8.0.0-next-8.3",
     "@verdaccio/signature": "workspace:8.0.0-next-8.1",
-    "@verdaccio/utils": "workspace:8.1.0-next-8.3",
+    "@verdaccio/utils": "workspace:8.1.0-next-8.4",
     "debug": "4.3.7",
     "lodash": "4.17.21",
-    "verdaccio-htpasswd": "workspace:13.0.0-next-8.3"
+    "verdaccio-htpasswd": "workspace:13.0.0-next-8.4"
   },
   "devDependencies": {
-    "@verdaccio/middleware": "workspace:8.0.0-next-8.3",
+    "@verdaccio/middleware": "workspace:8.0.0-next-8.4",
     "@verdaccio/types": "workspace:13.0.0-next-8.1",
-    "express": "4.21.0",
+    "@verdaccio/logger": "workspace:8.0.0-next-8.4",
+    "express": "4.21.1",
     "supertest": "7.0.0"
   },
   "funding": {

packages/auth/src/auth.ts

@@ -15,7 +15,6 @@ import {
   warningUtils,
 } from '@verdaccio/core';
 import { asyncLoadPlugin } from '@verdaccio/loaders';
-import { logger } from '@verdaccio/logger';
 import {
   aesEncrypt,
   aesEncryptDeprecated,
@@ -28,6 +27,7 @@ import {
   Callback,
   Config,
   JWTSignOptions,
+  Logger,
   PackageAccess,
   RemoteUser,
   Security,
@@ -57,11 +57,13 @@ const debug = buildDebug('verdaccio:auth');
 class Auth implements IAuthMiddleware, TokenEncryption, pluginUtils.IBasicAuth {
   public config: Config;
   public secret: string;
+  public logger: Logger;
   public plugins: pluginUtils.Auth<Config>[];
 
-  public constructor(config: Config) {
+  public constructor(config: Config, logger: Logger) {
     this.config = config;
     this.secret = config.secret;
+    this.logger = logger;
     this.plugins = [];
     if (!this.secret) {
       throw new TypeError('secret it is required value on initialize the auth class');
@@ -84,7 +86,7 @@ class Auth implements IAuthMiddleware, TokenEncryption, pluginUtils.IBasicAuth {
     debug('load default auth plugin');
     const pluginOptions: pluginUtils.PluginOptions = {
       config: this.config,
-      logger,
+      logger: this.logger,
     };
     let authPlugin;
     try {
@@ -94,7 +96,7 @@ class Auth implements IAuthMiddleware, TokenEncryption, pluginUtils.IBasicAuth {
       );
     } catch (error: any) {
       debug('error on loading auth htpasswd plugin stack: %o', error);
-      logger.info({}, 'no auth plugin has been found');
+      this.logger.info({}, 'no auth plugin has been found');
       return [];
     }
 
@@ -106,7 +108,7 @@ class Auth implements IAuthMiddleware, TokenEncryption, pluginUtils.IBasicAuth {
       this.config.auth,
       {
         config: this.config,
-        logger,
+        logger: this.logger,
       },
       (plugin): boolean => {
         const { authenticate, allow_access, allow_publish } = plugin;
@@ -124,7 +126,7 @@ class Auth implements IAuthMiddleware, TokenEncryption, pluginUtils.IBasicAuth {
 
   private _applyDefaultPlugins(): void {
     // TODO: rename to applyFallbackPluginMethods
-    this.plugins.push(getDefaultPlugins(logger));
+    this.plugins.push(getDefaultPlugins(this.logger));
   }
 
   public changePassword(
@@ -147,7 +149,7 @@ class Auth implements IAuthMiddleware, TokenEncryption, pluginUtils.IBasicAuth {
         debug('updating password for %o', username);
         plugin.changePassword!(username, password, newPassword, (err, profile): void => {
           if (err) {
-            logger.error(
+            this.logger.error(
               { username, err },
               `An error has been produced
             updating the password for @{username}. Error: @{err.message}`

packages/auth/test/auth-utils-middleware.spec.ts

@@ -10,7 +10,7 @@ import {
 } from '@verdaccio/config';
 import { getDefaultConfig } from '@verdaccio/config';
 import { TOKEN_BEARER } from '@verdaccio/core';
-import { setup } from '@verdaccio/logger';
+import { logger, setup } from '@verdaccio/logger';
 import { signPayload } from '@verdaccio/signature';
 import { Config, RemoteUser, Security } from '@verdaccio/types';
 import { buildToken, buildUserBuffer } from '@verdaccio/utils';
@@ -52,7 +52,7 @@ describe('Auth utilities', () => {
     methodNotBeenCalled: string
   ): Promise<string> {
     const config: Config = getConfig(configFileName, secret);
-    const auth: Auth = new Auth(config);
+    const auth: Auth = new Auth(config, logger);
     await auth.init();
     // @ts-ignore
     const spy = vi.spyOn(auth, methodToSpy);
@@ -155,7 +155,7 @@ describe('Auth utilities', () => {
       test.concurrent('should return empty credential corrupted payload', async () => {
         const secret = 'b2df428b9929d3ace7c598bbf4e496b2';
         const config: Config = getConfig('security-legacy', secret);
-        const auth: Auth = new Auth(config);
+        const auth: Auth = new Auth(config, logger);
         await auth.init();
         // @ts-expect-error
         const token = auth.aesEncrypt(null);

packages/auth/test/auth-utils.spec.ts

@@ -11,7 +11,7 @@ import {
 } from '@verdaccio/config';
 import { getDefaultConfig } from '@verdaccio/config';
 import { API_ERROR, CHARACTER_ENCODING, VerdaccioError, errorUtils } from '@verdaccio/core';
-import { setup } from '@verdaccio/logger';
+import { logger, setup } from '@verdaccio/logger';
 import { aesDecrypt, verifyPayload } from '@verdaccio/signature';
 import { Config, RemoteUser } from '@verdaccio/types';
 import { getAuthenticatedMessage } from '@verdaccio/utils';
@@ -61,7 +61,7 @@ describe('Auth utilities', () => {
     methodNotBeenCalled: string
   ): Promise<string> {
     const config: Config = getConfig(configFileName, secret);
-    const auth: Auth = new Auth(config);
+    const auth: Auth = new Auth(config, logger);
     await auth.init();
     // @ts-ignore
     const spy = vi.spyOn(auth, methodToSpy);

packages/auth/test/auth.spec.ts

@@ -45,7 +45,7 @@ describe('AuthTest', () => {
       const config: Config = new AppConfig({ ...authProfileConf });
       config.checkSecretKey('12345');
 
-      const auth: Auth = new Auth(config);
+      const auth: Auth = new Auth(config, logger);
       await auth.init();
       expect(auth).toBeDefined();
     });
@@ -54,7 +54,7 @@ describe('AuthTest', () => {
       const config: Config = new AppConfig({ ...authProfileConf, auth: undefined });
       config.checkSecretKey('12345');
 
-      const auth: Auth = new Auth(config);
+      const auth: Auth = new Auth(config, logger);
       await auth.init();
       expect(auth).toBeDefined();
     });
@@ -68,7 +68,7 @@ describe('AuthTest', () => {
       });
       config.checkSecretKey('12345');
 
-      const auth: Auth = new Auth(config);
+      const auth: Auth = new Auth(config, logger);
       await auth.init();
       expect(auth).toBeDefined();
     });
@@ -79,7 +79,7 @@ describe('AuthTest', () => {
       test('should be a success login', async () => {
         const config: Config = new AppConfig({ ...authProfileConf });
         config.checkSecretKey('12345');
-        const auth: Auth = new Auth(config);
+        const auth: Auth = new Auth(config, logger);
         await auth.init();
         expect(auth).toBeDefined();
 
@@ -106,7 +106,7 @@ describe('AuthTest', () => {
       test('should be a fail on login', async () => {
         const config: Config = new AppConfig(authPluginFailureConf);
         config.checkSecretKey('12345');
-        const auth: Auth = new Auth(config);
+        const auth: Auth = new Auth(config, logger);
         await auth.init();
         expect(auth).toBeDefined();
 
@@ -125,7 +125,7 @@ describe('AuthTest', () => {
       test('should skip falsy values', async () => {
         const config: Config = new AppConfig({ ...authPluginPassThrougConf });
         config.checkSecretKey('12345');
-        const auth: Auth = new Auth(config);
+        const auth: Auth = new Auth(config, logger);
         await auth.init();
         expect(auth).toBeDefined();
 
@@ -145,7 +145,7 @@ describe('AuthTest', () => {
       test('should error truthy non-array', async () => {
         const config: Config = new AppConfig({ ...authPluginPassThrougConf });
         config.checkSecretKey('12345');
-        const auth: Auth = new Auth(config);
+        const auth: Auth = new Auth(config, logger);
         await auth.init();
         expect(auth).toBeDefined();
 
@@ -163,7 +163,7 @@ describe('AuthTest', () => {
       test('should skip empty array', async () => {
         const config: Config = new AppConfig({ ...authPluginPassThrougConf });
         config.checkSecretKey('12345');
-        const auth: Auth = new Auth(config);
+        const auth: Auth = new Auth(config, logger);
         await auth.init();
         expect(auth).toBeDefined();
 
@@ -180,7 +180,7 @@ describe('AuthTest', () => {
       test('should accept valid array', async () => {
         const config: Config = new AppConfig({ ...authPluginPassThrougConf });
         config.checkSecretKey('12345');
-        const auth: Auth = new Auth(config);
+        const auth: Auth = new Auth(config, logger);
         await auth.init();
         expect(auth).toBeDefined();
 
@@ -208,7 +208,7 @@ describe('AuthTest', () => {
           },
         });
         config.checkSecretKey('12345');
-        const auth: Auth = new Auth(config);
+        const auth: Auth = new Auth(config, logger);
         await auth.init();
 
         return new Promise((resolve) => {
@@ -229,7 +229,7 @@ describe('AuthTest', () => {
     test('should fail if the plugin does not provide implementation', async () => {
       const config: Config = new AppConfig({ ...authProfileConf });
       config.checkSecretKey('12345');
-      const auth: Auth = new Auth(config);
+      const auth: Auth = new Auth(config, logger);
       await auth.init();
       expect(auth).toBeDefined();
       const callback = vi.fn();
@@ -244,7 +244,7 @@ describe('AuthTest', () => {
     test('should handle plugin does provide implementation', async () => {
       const config: Config = new AppConfig({ ...authChangePasswordConf });
       config.checkSecretKey('12345');
-      const auth: Auth = new Auth(config);
+      const auth: Auth = new Auth(config, logger);
       await auth.init();
       expect(auth).toBeDefined();
       const callback = vi.fn();
@@ -262,7 +262,7 @@ describe('AuthTest', () => {
       test('should fails if groups do not match exactly', async () => {
         const config: Config = new AppConfig({ ...authProfileConf });
         config.checkSecretKey('12345');
-        const auth: Auth = new Auth(config);
+        const auth: Auth = new Auth(config, logger);
         await auth.init();
         expect(auth).toBeDefined();
 
@@ -284,7 +284,7 @@ describe('AuthTest', () => {
       test('should success if groups do not match exactly', async () => {
         const config: Config = new AppConfig({ ...authProfileConf });
         config.checkSecretKey('12345');
-        const auth: Auth = new Auth(config);
+        const auth: Auth = new Auth(config, logger);
         await auth.init();
         expect(auth).toBeDefined();
 
@@ -311,7 +311,7 @@ describe('AuthTest', () => {
       test('should fails if groups do not match exactly', async () => {
         const config: Config = new AppConfig({ ...authProfileConf });
         config.checkSecretKey('12345');
-        const auth: Auth = new Auth(config);
+        const auth: Auth = new Auth(config, logger);
         await auth.init();
         expect(auth).toBeDefined();
 
@@ -333,7 +333,7 @@ describe('AuthTest', () => {
       test('should success if groups do match exactly', async () => {
         const config: Config = new AppConfig({ ...authProfileConf });
         config.checkSecretKey('12345');
-        const auth: Auth = new Auth(config);
+        const auth: Auth = new Auth(config, logger);
         await auth.init();
         expect(auth).toBeDefined();
 
@@ -358,7 +358,7 @@ describe('AuthTest', () => {
         const config: Config = new AppConfig({ ...authProfileConf });
         config.checkSecretKey('12345');
 
-        const auth: Auth = new Auth(config);
+        const auth: Auth = new Auth(config, logger);
         await auth.init();
         expect(auth).toBeDefined();
 
@@ -392,7 +392,7 @@ describe('AuthTest', () => {
           },
         });
         config.checkSecretKey('12345');
-        const auth: Auth = new Auth(config);
+        const auth: Auth = new Auth(config, logger);
         await auth.init();
         expect(auth).toBeDefined();
 
@@ -415,7 +415,7 @@ describe('AuthTest', () => {
         const config: Config = new AppConfig({ ...authProfileConf });
 
         config.checkSecretKey('12345');
-        const auth: Auth = new Auth(config);
+        const auth: Auth = new Auth(config, logger);
         await auth.init();
         expect(auth).toBeDefined();
 
@@ -442,7 +442,7 @@ describe('AuthTest', () => {
       test('should fails with bad password if adduser is not implemented', async () => {
         const config: Config = new AppConfig({ ...authProfileConf });
         config.checkSecretKey('12345');
-        const auth: Auth = new Auth(config);
+        const auth: Auth = new Auth(config, logger);
         await auth.init();
         expect(auth).toBeDefined();
 
@@ -465,7 +465,7 @@ describe('AuthTest', () => {
           },
         });
         config.checkSecretKey('12345');
-        const auth: Auth = new Auth(config);
+        const auth: Auth = new Auth(config, logger);
         await auth.init();
         expect(auth).toBeDefined();
 
@@ -489,7 +489,7 @@ describe('AuthTest', () => {
           },
         });
         config.checkSecretKey('12345');
-        const auth: Auth = new Auth(config);
+        const auth: Auth = new Auth(config, logger);
         await auth.init();
         expect(auth).toBeDefined();
 
@@ -513,7 +513,7 @@ describe('AuthTest', () => {
         },
       });
       config.checkSecretKey('12345');
-      const auth: Auth = new Auth(config);
+      const auth: Auth = new Auth(config, logger);
       await auth.init();
       expect(auth).toBeDefined();
 
@@ -537,7 +537,7 @@ describe('AuthTest', () => {
         },
       });
       config.checkSecretKey('12345');
-      const auth: Auth = new Auth(config);
+      const auth: Auth = new Auth(config, logger);
       await auth.init();
       expect(auth).toBeDefined();
 
@@ -583,7 +583,7 @@ describe('AuthTest', () => {
           test('should handle invalid auth token', async () => {
             const config: Config = new AppConfig({ ...authProfileConf });
             config.checkSecretKey(secret);
-            const auth = new Auth(config);
+            const auth = new Auth(config, logger);
             await auth.init();
             const app = await getServer(auth);
             return supertest(app)
@@ -595,7 +595,7 @@ describe('AuthTest', () => {
           test('should handle missing auth header', async () => {
             const config: Config = new AppConfig({ ...authProfileConf });
             config.checkSecretKey(secret);
-            const auth = new Auth(config);
+            const auth = new Auth(config, logger);
             await auth.init();
             const app = await getServer(auth);
             return supertest(app).get(`/`).expect(HTTP_STATUS.OK);
@@ -610,7 +610,7 @@ describe('AuthTest', () => {
             // intended to force key generator (associated with mocks above)
             // 64 characters secret long
             config.checkSecretKey('35fabdd29b820d39125e76e6d85cc294');
-            const auth = new Auth(config);
+            const auth = new Auth(config, logger);
             await auth.init();
             const token = auth.aesEncrypt(payload) as string;
             const app = await getServer(auth);
@@ -626,7 +626,7 @@ describe('AuthTest', () => {
             const config: Config = new AppConfig({ ...authPluginFailureConf });
             // intended to force key generator (associated with mocks above)
             config.checkSecretKey(undefined);
-            const auth = new Auth(config);
+            const auth = new Auth(config, logger);
             await auth.init();
             const token = auth.aesEncrypt(payload) as string;
             const app = await getServer(auth);
@@ -646,7 +646,7 @@ describe('AuthTest', () => {
               ...{ security: { api: { jwt: { sign: { expiresIn: '29d' } } } } },
             });
             config.checkSecretKey(secret);
-            const auth = new Auth(config);
+            const auth = new Auth(config, logger);
             await auth.init();
             const app = await getServer(auth);
             const res = await supertest(app)
@@ -668,7 +668,7 @@ describe('AuthTest', () => {
               ...{ security: { api: { jwt: { sign: { expiresIn: '29d' } } } } },
             });
             config.checkSecretKey(secret);
-            const auth = new Auth(config);
+            const auth = new Auth(config, logger);
             await auth.init();
             const app = await getServer(auth);
             const res = await supertest(app).get(`/`).expect(HTTP_STATUS.OK);
@@ -691,7 +691,7 @@ describe('AuthTest', () => {
             );
             // intended to force key generator (associated with mocks above)
             config.checkSecretKey(undefined);
-            const auth = new Auth(config);
+            const auth = new Auth(config, logger);
             await auth.init();
             const token = (await auth.jwtEncrypt(
               createRemoteUser('jwt_user', [ROLES.ALL]),

packages/cli/CHANGELOG.md

@@ -1,5 +1,18 @@
 # @verdaccio/cli
 
+## 8.0.0-next-8.4
+
+### Patch Changes
+
+- e93d6a3: chore: auth package requires logger as parameter
+- Updated dependencies [48aa89f]
+- Updated dependencies [58e0d95]
+- Updated dependencies [e93d6a3]
+  - @verdaccio/core@8.0.0-next-8.4
+  - @verdaccio/node-api@8.0.0-next-8.4
+  - @verdaccio/config@8.0.0-next-8.4
+  - @verdaccio/logger@8.0.0-next-8.4
+
 ## 8.0.0-next-8.3
 
 ### Patch Changes

packages/cli/jest.config.js

@@ -1,10 +0,0 @@
-const config = require('../../jest/config');
-
-module.exports = Object.assign({}, config, {
-  coverageThreshold: {
-    global: {
-      // FIXME: increase to 90
-      lines: 4,
-    },
-  },
-});

packages/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/cli",
-  "version": "8.0.0-next-8.3",
+  "version": "8.0.0-next-8.4",
   "author": {
     "name": "Juan Picado",
     "email": "juanpicado19@gmail.com"
@@ -34,7 +34,7 @@
   "types": "build/index.d.ts",
   "scripts": {
     "clean": "rimraf ./build",
-    "test": "jest",
+    "test": "vitest run",
     "type-check": "tsc --noEmit -p tsconfig.build.json",
     "build:types": "tsc --emitDeclarationOnly -p tsconfig.build.json",
     "build:js": "babel src/ --out-dir build/ --copy-files --extensions \".ts,.tsx\" --source-maps",
@@ -43,11 +43,11 @@
     "start": "ts-node src/index.ts"
   },
   "dependencies": {
-    "@verdaccio/config": "workspace:8.0.0-next-8.3",
-    "@verdaccio/core": "workspace:8.0.0-next-8.3",
-    "@verdaccio/logger": "workspace:8.0.0-next-8.3",
-    "@verdaccio/node-api": "workspace:8.0.0-next-8.3",
-    "clipanion": "4.0.0-rc.3",
+    "@verdaccio/config": "workspace:8.0.0-next-8.4",
+    "@verdaccio/core": "workspace:8.0.0-next-8.4",
+    "@verdaccio/logger": "workspace:8.0.0-next-8.4",
+    "@verdaccio/node-api": "workspace:8.0.0-next-8.4",
+    "clipanion": "4.0.0-rc.4",
     "envinfo": "7.13.0",
     "kleur": "4.1.5",
     "semver": "7.6.3"

packages/cli/test/cli-test.spec.ts

@@ -1,3 +1,5 @@
+import { describe, test } from 'vitest';
+
 describe('cli test', () => {
   test.todo('write some test for this module');
 });

packages/cli/test/utils.spec.ts

@@ -1,16 +1,20 @@
+import { describe, expect, test } from 'vitest';
+
 import { isVersionValid } from '../src/utils';
 
-test('valid version node.js', () => {
-  expect(isVersionValid('v14.0.0')).toBeTruthy();
-  expect(isVersionValid('v15.0.0')).toBeTruthy();
-  expect(isVersionValid('v16.0.0')).toBeTruthy();
-  expect(isVersionValid('v17.0.0')).toBeTruthy();
-});
+describe('utils', () => {
+  test('valid version node.js', () => {
+    expect(isVersionValid('v14.0.0')).toBeTruthy();
+    expect(isVersionValid('v15.0.0')).toBeTruthy();
+    expect(isVersionValid('v16.0.0')).toBeTruthy();
+    expect(isVersionValid('v17.0.0')).toBeTruthy();
+  });
 
-test('is invalid version node.js', () => {
-  expect(isVersionValid('v13.0.0')).toBeFalsy();
-  expect(isVersionValid('v12.0.0')).toBeFalsy();
-  expect(isVersionValid('v8.0.0')).toBeFalsy();
-  expect(isVersionValid('v4.0.0')).toBeFalsy();
-  expect(isVersionValid('v0.0.10')).toBeFalsy();
+  test('is invalid version node.js', () => {
+    expect(isVersionValid('v13.0.0')).toBeFalsy();
+    expect(isVersionValid('v12.0.0')).toBeFalsy();
+    expect(isVersionValid('v8.0.0')).toBeFalsy();
+    expect(isVersionValid('v4.0.0')).toBeFalsy();
+    expect(isVersionValid('v0.0.10')).toBeFalsy();
+  });
 });

packages/cli/tsconfig.json

@@ -13,9 +13,6 @@
     {
       "path": "../core/core"
     },
-    {
-      "path": "../core/server"
-    },
     {
       "path": "../node-api"
     },

packages/config/CHANGELOG.md

@@ -1,5 +1,14 @@
 # @verdaccio/config
 
+## 8.0.0-next-8.4
+
+### Patch Changes
+
+- Updated dependencies [48aa89f]
+- Updated dependencies [58e0d95]
+  - @verdaccio/core@8.0.0-next-8.4
+  - @verdaccio/utils@8.1.0-next-8.4
+
 ## 8.0.0-next-8.3
 
 ### Patch Changes

packages/config/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/config",
-  "version": "8.0.0-next-8.3",
+  "version": "8.0.0-next-8.4",
   "description": "logger",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -38,8 +38,8 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:8.0.0-next-8.3",
-    "@verdaccio/utils": "workspace:8.1.0-next-8.3",
+    "@verdaccio/core": "workspace:8.0.0-next-8.4",
+    "@verdaccio/utils": "workspace:8.1.0-next-8.4",
     "debug": "4.3.7",
     "js-yaml": "4.1.0",
     "lodash": "4.17.21",

packages/core/core/CHANGELOG.md

@@ -1,5 +1,12 @@
 # @verdaccio/core
 
+## 8.0.0-next-8.4
+
+### Patch Changes
+
+- 48aa89f: chore: request header constants
+- 58e0d95: fix(middleware): error 404 when getting scoped tarballs
+
 ## 8.0.0-next-8.3
 
 ## 8.0.0-next-8.2

packages/core/core/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/core",
-  "version": "8.0.0-next-8.3",
+  "version": "8.0.0-next-8.4",
   "description": "core utilities",
   "keywords": [
     "private",

packages/core/core/src/constants.ts

@@ -46,6 +46,10 @@ export const HEADERS = {
   CSP: 'Content-Security-Policy',
   CTO: 'X-Content-Type-Options',
   XSS: 'X-XSS-Protection',
+  CLIENT: 'X-Client',
+  POWERED_BY: 'X-Powered-By',
+  RATELIMIT_LIMIT: 'X-RateLimit-Limit',
+  RATELIMIT_REMAINING: 'X-RateLimit-Remaining',
   NONE_MATCH: 'If-None-Match',
   ETAG: 'ETag',
   JSON_CHARSET: 'application/json; charset=utf-8',
@@ -54,6 +58,7 @@ export const HEADERS = {
   TEXT_CHARSET: 'text/plain; charset=utf-8',
   WWW_AUTH: 'WWW-Authenticate',
   GZIP: 'gzip',
+  HOST: 'host',
 };
 
 export const HTTP_STATUS = {

packages/core/core/src/error-utils.ts

@@ -3,7 +3,7 @@ import createError, { HttpError } from 'http-errors';
 import { HTTP_STATUS } from './constants';
 
 export const API_ERROR = {
-  PASSWORD_SHORT: `The provided password does not pass the validation`,
+  PASSWORD_SHORT: 'The provided password does not pass the validation',
   MUST_BE_LOGGED: 'You must be logged in to publish packages.',
   PLUGIN_ERROR: 'bug in the auth plugin system',
   CONFIG_BAD_FORMAT: 'config file must be an object',

packages/core/file-locking/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Change Log
 
+## 13.0.0-next-8.2
+
+### Patch Changes
+
+- e93d6a3: chore: auth package requires logger as parameter
+
 ## 13.0.0-next-8.1
 
 ### Minor Changes

packages/core/file-locking/jest.config.js

@@ -1,3 +0,0 @@
-const config = require('../../../jest/config');
-
-module.exports = Object.assign({}, config, {});

packages/core/file-locking/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/file-locking",
-  "version": "13.0.0-next-8.1",
+  "version": "13.0.0-next-8.2",
   "description": "library that handle file locking",
   "keywords": [
     "private",
@@ -43,7 +43,7 @@
   },
   "scripts": {
     "clean": "rimraf ./build",
-    "test": "jest",
+    "test": "vitest run",
     "build:types": "tsc --emitDeclarationOnly -p tsconfig.build.json",
     "build:js": "babel src/ --out-dir build/ --copy-files --extensions \".ts,.tsx\" --source-maps",
     "watch": "pnpm build:js -- --watch",

packages/core/file-locking/tests/lock.legacy.spec.ts

@@ -1,5 +1,6 @@
 import fs from 'fs';
 import path from 'path';
+import { describe, expect, test } from 'vitest';
 
 import { lockFile, readFile, unlockFile } from '../src/index';
 
@@ -22,113 +23,131 @@ const removeTempFile = (filename: string): void => {
 
 describe('testing locking', () => {
   describe('lockFile', () => {
-    test('file should be found to be locked', (done) => {
-      lockFile(getFilePath('package.json'), (error: Error) => {
-        expect(error).toBeNull();
-        removeTempFile('package.json.lock');
-        done();
+    test('file should be found to be locked', () => {
+      return new Promise((done) => {
+        lockFile(getFilePath('package.json'), (error: Error) => {
+          expect(error).toBeNull();
+          removeTempFile('package.json.lock');
+          done(true);
+        });
       });
     });
 
-    test('file should fail to be found to be locked', (done) => {
-      lockFile(getFilePath('package.fail.json'), (error: Error) => {
-        expect(error.message).toMatch(
-          /ENOENT: no such file or directory, stat '(.*)package.fail.json'/
-        );
-        done();
+    test('file should fail to be found to be locked', () => {
+      return new Promise((done) => {
+        lockFile(getFilePath('package.fail.json'), (error: Error) => {
+          expect(error.message).toMatch(
+            /ENOENT: no such file or directory, stat '(.*)package.fail.json'/
+          );
+          done(true);
+        });
       });
     });
   });
 
   describe('unlockFile', () => {
-    test('file should to be found to be unLock', (done) => {
-      unlockFile(getFilePath('package.json.lock'), (error: Error) => {
-        expect(error).toBeNull();
-        done();
+    test('file should to be found to be unLock', () => {
+      return new Promise((done) => {
+        unlockFile(getFilePath('package.json.lock'), (error: Error) => {
+          expect(error).toBeNull();
+          done(true);
+        });
       });
     });
   });
 
   describe('readFile', () => {
-    test('read file with no options should to be found to be read it as string', (done) => {
-      readFile(getFilePath('package.json'), {}, (error: Error, data: string) => {
-        expect(error).toBeNull();
-        expect(data).toMatchInlineSnapshot(`
+    test('read file with no options should to be found to be read it as string', () => {
+      return new Promise((done) => {
+        readFile(getFilePath('package.json'), {}, (error: Error, data: string) => {
+          expect(error).toBeNull();
+          expect(data).toMatchInlineSnapshot(`
           "{
             "name": "assets",
             "version": "0.0.1"
           }
           "
         `);
-        done();
+          done(true);
+        });
       });
     });
 
-    test('read file with no options should to be found to be read it as object', (done) => {
+    test('read file with no options should to be found to be read it as object', () => {
       const options = {
         parse: true,
       };
-      readFile(getFilePath('package.json'), options, (error: Error, data: string) => {
-        expect(error).toBeNull();
-        expect(data).toMatchInlineSnapshot(`
+      return new Promise((done) => {
+        readFile(getFilePath('package.json'), options, (error: Error, data: string) => {
+          expect(error).toBeNull();
+          expect(data).toMatchInlineSnapshot(`
           {
             "name": "assets",
             "version": "0.0.1",
           }
         `);
-        done();
+          done(true);
+        });
       });
     });
 
-    test('read file with options (parse) should to be not found to be read it', (done) => {
+    test('read file with options (parse) should to be not found to be read it', () => {
       const options = {
         parse: true,
       };
-      readFile(getFilePath('package.fail.json'), options, (error: Error) => {
-        expect(error.message).toMatch(/ENOENT/);
-        done();
+      return new Promise((done) => {
+        readFile(getFilePath('package.fail.json'), options, (error: Error) => {
+          expect(error.message).toMatch(/ENOENT/);
+          done(true);
+        });
       });
     });
 
-    test('read file with options should be found to be read it and fails to be parsed', (done) => {
+    test('read file with options should be found to be read it and fails to be parsed', () => {
       const options = {
         parse: true,
       };
-      readFile(getFilePath('wrong.package.json'), options, (error: Error) => {
-        expect(error.message).toBeDefined();
-        done();
+      return new Promise((done) => {
+        readFile(getFilePath('wrong.package.json'), options, (error: Error) => {
+          expect(error.message).toBeDefined();
+          done(true);
+        });
       });
     });
 
-    test('read file with options (parse, lock) should be found to be read it as object', (done) => {
+    test('read file with options (parse, lock) should be found to be read it as object', () => {
       const options = {
         parse: true,
         lock: true,
       };
-      readFile(getFilePath('package2.json'), options, (error: Error, data: string) => {
-        expect(error).toBeNull();
-        expect(data).toMatchInlineSnapshot(`
+      return new Promise((done) => {
+        readFile(getFilePath('package2.json'), options, (error: Error, data: string) => {
+          expect(error).toBeNull();
+          expect(data).toMatchInlineSnapshot(`
           {
             "name": "assets",
             "version": "0.0.1",
           }
         `);
-        removeTempFile('package2.json.lock');
-        done();
+          removeTempFile('package2.json.lock');
+          done(true);
+        });
       });
     });
 
     test.skip(
       'read file with options (parse, lock) should be found to be read and ' + 'fails to be parsed',
-      (done) => {
+      () => {
         const options = {
           parse: true,
           lock: true,
         };
-        readFile(getFilePath('wrong.package.json'), options, (error: Error) => {
-          expect(error.message).toMatch(/Unexpected token } in JSON at position \d+/);
-          removeTempFile('wrong.package.json.lock');
-          done();
+        return new Promise((done) => {
+          readFile(getFilePath('wrong.package.json'), options, (error: Error) => {
+            expect(error.message).toMatch(/Unexpected token } in JSON at position \d+/);
+            removeTempFile('wrong.package.json.lock');
+            done(true);
+          });
         });
       }
     );

packages/core/file-locking/tests/lock.spec.ts

@@ -1,5 +1,6 @@
 import fs from 'fs';
 import path from 'path';
+import { describe, expect, test } from 'vitest';
 
 import { lockFileNext, readFileNext, unlockFileNext } from '../src/index';
 import { statDir, statFile } from '../src/utils';

packages/core/tarball/CHANGELOG.md

@@ -1,5 +1,15 @@
 # Change Log
 
+## 13.0.0-next-8.4
+
+### Patch Changes
+
+- Updated dependencies [48aa89f]
+- Updated dependencies [58e0d95]
+  - @verdaccio/core@8.0.0-next-8.4
+  - @verdaccio/url@13.0.0-next-8.4
+  - @verdaccio/utils@8.1.0-next-8.4
+
 ## 13.0.0-next-8.3
 
 ### Patch Changes

packages/core/tarball/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/tarball",
-  "version": "13.0.0-next-8.3",
+  "version": "13.0.0-next-8.4",
   "description": "tarball utilities resolver",
   "keywords": [
     "private",
@@ -33,9 +33,9 @@
     "access": "public"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:8.0.0-next-8.3",
-    "@verdaccio/url": "workspace:13.0.0-next-8.3",
-    "@verdaccio/utils": "workspace:8.1.0-next-8.3",
+    "@verdaccio/core": "workspace:8.0.0-next-8.4",
+    "@verdaccio/url": "workspace:13.0.0-next-8.4",
+    "@verdaccio/utils": "workspace:8.1.0-next-8.4",
     "debug": "4.3.7",
     "gunzip-maybe": "^1.4.2",
     "lodash": "4.17.21",

packages/core/url/CHANGELOG.md

@@ -1,5 +1,13 @@
 # Change Log
 
+## 13.0.0-next-8.4
+
+### Patch Changes
+
+- Updated dependencies [48aa89f]
+- Updated dependencies [58e0d95]
+  - @verdaccio/core@8.0.0-next-8.4
+
 ## 13.0.0-next-8.3
 
 ### Patch Changes

packages/core/url/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/url",
-  "version": "13.0.0-next-8.3",
+  "version": "13.0.0-next-8.4",
   "description": "url utilities resolver",
   "keywords": [
     "private",
@@ -33,7 +33,7 @@
     "access": "public"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:8.0.0-next-8.3",
+    "@verdaccio/core": "workspace:8.0.0-next-8.4",
     "debug": "4.3.7",
     "lodash": "4.17.21",
     "validator": "13.12.0"

packages/hooks/CHANGELOG.md

@@ -1,5 +1,14 @@
 # @verdaccio/hooks
 
+## 8.0.0-next-8.4
+
+### Patch Changes
+
+- Updated dependencies [48aa89f]
+- Updated dependencies [58e0d95]
+  - @verdaccio/core@8.0.0-next-8.4
+  - @verdaccio/logger@8.0.0-next-8.4
+
 ## 8.0.0-next-8.3
 
 ### Patch Changes

packages/hooks/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/hooks",
-  "version": "8.0.0-next-8.3",
+  "version": "8.0.0-next-8.4",
   "description": "loaders logic",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -29,16 +29,16 @@
     "node": ">=18"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:8.0.0-next-8.3",
-    "@verdaccio/logger": "workspace:8.0.0-next-8.3",
+    "@verdaccio/core": "workspace:8.0.0-next-8.4",
+    "@verdaccio/logger": "workspace:8.0.0-next-8.4",
     "core-js": "3.37.1",
     "debug": "4.3.7",
     "got-cjs": "12.5.4",
     "handlebars": "4.7.8"
   },
   "devDependencies": {
-    "@verdaccio/auth": "workspace:8.0.0-next-8.3",
-    "@verdaccio/config": "workspace:8.0.0-next-8.3",
+    "@verdaccio/auth": "workspace:8.0.0-next-8.4",
+    "@verdaccio/config": "workspace:8.0.0-next-8.4",
     "@verdaccio/types": "workspace:13.0.0-next-8.1",
     "nock": "13.5.1"
   },

packages/loaders/package.json

@@ -17,9 +17,9 @@
     "lodash": "4.17.21"
   },
   "devDependencies": {
-    "@verdaccio/logger": "workspace:8.0.0-next-8.3",
-    "@verdaccio/core": "workspace:8.0.0-next-8.3",
-    "@verdaccio/config": "workspace:8.0.0-next-8.3",
+    "@verdaccio/logger": "workspace:8.0.0-next-8.4",
+    "@verdaccio/core": "workspace:8.0.0-next-8.4",
+    "@verdaccio/config": "workspace:8.0.0-next-8.4",
     "@verdaccio/types": "workspace:13.0.0-next-8.1",
     "@verdaccio-scope/verdaccio-auth-foo": "0.0.2",
     "verdaccio-auth-memory": "workspace:*",

packages/logger/logger-commons/CHANGELOG.md

@@ -1,5 +1,14 @@
 # @verdaccio/logger-commons
 
+## 8.0.0-next-8.4
+
+### Patch Changes
+
+- e93d6a3: chore: auth package requires logger as parameter
+- Updated dependencies [48aa89f]
+- Updated dependencies [58e0d95]
+  - @verdaccio/core@8.0.0-next-8.4
+
 ## 8.0.0-next-8.3
 
 ### Patch Changes

packages/logger/logger-commons/jest.config.js

@@ -1,10 +0,0 @@
-const config = require('../../../jest/config');
-
-module.exports = Object.assign({}, config, {
-  coverageThreshold: {
-    global: {
-      // FIXME: increase to 90
-      lines: 39,
-    },
-  },
-});

packages/logger/logger-commons/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/logger-commons",
-  "version": "8.0.0-next-8.3",
+  "version": "8.0.0-next-8.4",
   "description": "logger",
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
@@ -38,7 +38,7 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/core": "workspace:8.0.0-next-8.3",
+    "@verdaccio/core": "workspace:8.0.0-next-8.4",
     "@verdaccio/logger-prettify": "workspace:8.0.0-next-8.1",
     "debug": "4.3.7",
     "colorette": "2.0.20"

packages/logger/logger/CHANGELOG.md

@@ -1,5 +1,12 @@
 # @verdaccio/logger
 
+## 8.0.0-next-8.4
+
+### Patch Changes
+
+- Updated dependencies [e93d6a3]
+  - @verdaccio/logger-commons@8.0.0-next-8.4
+
 ## 8.0.0-next-8.3
 
 ### Patch Changes

packages/logger/logger/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/logger",
-  "version": "8.0.0-next-8.3",
+  "version": "8.0.0-next-8.4",
   "description": "logger",
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
@@ -38,7 +38,7 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/logger-commons": "workspace:8.0.0-next-8.3",
+    "@verdaccio/logger-commons": "workspace:8.0.0-next-8.4",
     "pino": "9.4.0"
   },
   "devDependencies": {

packages/middleware/CHANGELOG.md

@@ -1,5 +1,20 @@
 # @verdaccio/middleware
 
+## 8.0.0-next-8.4
+
+### Patch Changes
+
+- 48aa89f: chore: request header constants
+- 58e0d95: fix(middleware): error 404 when getting scoped tarballs
+- 1076a89: chore(middleware): fix syntax of test files
+- e93d6a3: chore: auth package requires logger as parameter
+- Updated dependencies [48aa89f]
+- Updated dependencies [58e0d95]
+  - @verdaccio/core@8.0.0-next-8.4
+  - @verdaccio/config@8.0.0-next-8.4
+  - @verdaccio/url@13.0.0-next-8.4
+  - @verdaccio/utils@8.1.0-next-8.4
+
 ## 8.0.0-next-8.3
 
 ### Patch Changes

packages/middleware/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/middleware",
-  "version": "8.0.0-next-8.3",
+  "version": "8.0.0-next-8.4",
   "description": "express middleware utils",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -35,16 +35,15 @@
     "build:js": "babel src/ --out-dir build/ --copy-files --extensions \".ts,.tsx\" --source-maps",
     "watch": "pnpm build:js -- --watch",
     "test": "vitest run",
-    "test:snap": "jest --updateSnapshot",
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/config": "workspace:8.0.0-next-8.3",
-    "@verdaccio/core": "workspace:8.0.0-next-8.3",
-    "@verdaccio/url": "workspace:13.0.0-next-8.3",
-    "@verdaccio/utils": "workspace:8.1.0-next-8.3",
+    "@verdaccio/config": "workspace:8.0.0-next-8.4",
+    "@verdaccio/core": "workspace:8.0.0-next-8.4",
+    "@verdaccio/url": "workspace:13.0.0-next-8.4",
+    "@verdaccio/utils": "workspace:8.1.0-next-8.4",
     "debug": "4.3.7",
-    "express": "4.21.0",
+    "express": "4.21.1",
     "express-rate-limit": "5.5.1",
     "lodash": "4.17.21",
     "lru-cache": "7.18.3",
@@ -55,7 +54,7 @@
     "url": "https://opencollective.com/verdaccio"
   },
   "devDependencies": {
-    "@verdaccio/logger": "workspace:8.0.0-next-8.3",
+    "@verdaccio/logger": "workspace:8.0.0-next-8.4",
     "body-parser": "1.20.3",
     "supertest": "7.0.0",
     "jsdom": "25.0.1"

packages/middleware/src/index.ts

@@ -2,6 +2,7 @@ export { match } from './middlewares/match';
 export { setSecurityWebHeaders } from './middlewares/security-headers';
 export { validateName, validatePackage } from './middlewares/validation';
 export { media } from './middlewares/media';
+export { makeURLrelative } from './middlewares/make-url-relative';
 export { encodeScopePackage } from './middlewares/encode-pkg';
 export { expectJson } from './middlewares/json';
 export { antiLoop } from './middlewares/antiLoop';

packages/middleware/src/middlewares/encode-pkg.ts

@@ -1,5 +1,7 @@
 import buildDebug from 'debug';
 
+import { errorUtils } from '@verdaccio/core';
+
 import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types';
 
 const debug = buildDebug('verdaccio:middleware:encode');
@@ -16,15 +18,22 @@ export function encodeScopePackage(
   next: $NextFunctionVer
 ): void {
   const original = req.url;
+
+  // Expect relative URLs i.e. should call makeURLrelative before this middleware
+  if (!req.url.startsWith('/')) {
+    return next(errorUtils.getBadRequest(`Invalid URL: ${req.url} (must be relative)`));
+  }
+
   // If the @ sign is encoded, we need to decode it first
   // e.g.: /%40org/pkg/1.2.3 -> /@org/pkg/1.2.3
-  if (req.url.indexOf('%40') !== -1) {
-    req.url = req.url.replace(/^\/%40/, '/@');
+  // For scoped packages, encode the slash to make it a single path segment/parameter
+  // e.g.: /@org/pkg/1.2.3 -> /@org%2Fpkg/1.2.3, /@org%2Fpkg/1.2.3 -> /@org%2Fpkg/1.2.3
+  req.url = req.url.replace(/^\/%40/, '/@').replace(/^(\/@[^\/%]+)\/(?!$)/, '$1%2F');
+
+  if (original !== req.url) {
+    debug('encodeScopePackage: %o -> %o', original, req.url);
+  } else {
+    debug('encodeScopePackage: %o (unchanged)', original);
   }
-  if (req.url.indexOf('@') !== -1) {
-    // e.g.: /@org/pkg/1.2.3 -> /@org%2Fpkg/1.2.3, /@org%2Fpkg/1.2.3 -> /@org%2Fpkg/1.2.3
-    req.url = req.url.replace(/^(\/@[^\/%]+)\/(?!$)/, '$1%2F');
-  }
-  debug('encodeScopePackage: %o -> %o', original, req.url);
   next();
 }

packages/middleware/src/middlewares/log.ts

@@ -1,5 +1,7 @@
 import _ from 'lodash';
 
+import { HEADERS } from '@verdaccio/core';
+
 import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types';
 
 // FIXME: deprecated, moved to @verdaccio/dev-commons
@@ -52,7 +54,7 @@ export const log = (logger) => {
     };
 
     const log = function (): void {
-      const forwardedFor = req.get('x-forwarded-for');
+      const forwardedFor = req.get(HEADERS.FORWARDED_FOR);
       const remoteAddress = req.connection.remoteAddress;
       const remoteIP = forwardedFor ? `${forwardedFor} via ${remoteAddress}` : remoteAddress;
       let message;

packages/middleware/src/middlewares/make-url-relative.ts

@@ -0,0 +1,46 @@
+import buildDebug from 'debug';
+import { URL } from 'node:url';
+
+import { errorUtils } from '@verdaccio/core';
+
+import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types';
+
+const debug = buildDebug('verdaccio:middleware:make-url-relative');
+
+/**
+ * Removes the host from the URL and turns it into a relative URL.
+ * @param req
+ * @param res
+ * @param next
+ */
+export function makeURLrelative(
+  req: $RequestExtend,
+  res: $ResponseExtend,
+  next: $NextFunctionVer
+): void {
+  const original = req.url;
+
+  // npm requests can contain the full URL, including the hostname, for example:
+  // tarball downloads. Removing the hostname makes the URL relative and allows
+  // the application to handle requests in a more consistent way.
+
+  let url;
+  try {
+    // In productive use, the URL is absolute (and base will be ignored)
+    // In tests, the URL might brelative (and base will be used)
+    // https://nodejs.org/docs/latest/api/url.html#new-urlinput-base
+    url = new URL(req.url, `${req.protocol}://${req.headers.host}/`);
+  } catch (error) {
+    return next(errorUtils.getBadRequest(`Invalid URL: ${req.url} (${error})`));
+  }
+
+  // Rebuild the URL without hostname
+  req.url = url.pathname + url.search + url.hash;
+
+  if (original !== req.url) {
+    debug('makeURLrelative: %o -> %o', original, req.url);
+  } else {
+    debug('makeURLrelative: %o (unchanged)', original);
+  }
+  next();
+}

packages/middleware/src/middlewares/user-agent.ts

@@ -1,10 +1,11 @@
 import { getUserAgent } from '@verdaccio/config';
+import { HEADERS } from '@verdaccio/core';
 
 import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types';
 
 export function userAgent(config) {
   return function (_req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer): void {
-    res.setHeader('x-powered-by', getUserAgent(config?.user_agent));
+    res.setHeader(HEADERS.POWERED_BY, getUserAgent(config?.user_agent));
     next();
   };
 }

packages/middleware/test/encode.spec.ts

@@ -1,16 +1,15 @@
 import request from 'supertest';
-import { expect, test } from 'vitest';
+import { describe, expect, test } from 'vitest';
 
 import { HTTP_STATUS } from '@verdaccio/core';
 
 import { encodeScopePackage } from '../src';
 import { getApp } from './helper';
 
-test('encode is json', async () => {
+test('encode is json with relative path', async () => {
   const app = getApp([]);
   // @ts-ignore
   app.use(encodeScopePackage);
-  // @ts-ignore
   app.get('/:id', (req, res) => {
     const { id } = req.params;
     res.status(HTTP_STATUS.OK).json({ id });
@@ -21,84 +20,112 @@ test('encode is json', async () => {
   expect(res.status).toEqual(HTTP_STATUS.OK);
 });
 
-test('packages with version/scope', async () => {
+describe('packages requests', () => {
   const app = getApp([]);
   // @ts-ignore
   app.use(encodeScopePackage);
-  // @ts-ignore
   app.get('/:package/:version?', (req, res) => {
     const { package: pkg, version } = req.params;
     res.status(HTTP_STATUS.OK).json({ package: pkg, version });
   });
 
-  const res = await request(app).get('/foo');
-  expect(res.body).toEqual({ package: 'foo' });
-  expect(res.status).toEqual(HTTP_STATUS.OK);
+  test('just package', async () => {
+    const res = await request(app).get('/foo');
+    expect(res.body).toEqual({ package: 'foo' });
+    expect(res.status).toEqual(HTTP_STATUS.OK);
+  });
 
-  const res2 = await request(app).get('/foo/1.0.0');
-  expect(res2.body).toEqual({ package: 'foo', version: '1.0.0' });
-  expect(res2.status).toEqual(HTTP_STATUS.OK);
+  test('package with version', async () => {
+    const res = await request(app).get('/foo/1.0.0');
+    expect(res.body).toEqual({ package: 'foo', version: '1.0.0' });
+    expect(res.status).toEqual(HTTP_STATUS.OK);
+  });
 
-  const res3 = await request(app).get('/@scope/foo');
-  expect(res3.body).toEqual({ package: '@scope/foo' });
-  expect(res3.status).toEqual(HTTP_STATUS.OK);
+  test('scoped package', async () => {
+    const res = await request(app).get('/@scope/foo');
+    expect(res.body).toEqual({ package: '@scope/foo' });
+    expect(res.status).toEqual(HTTP_STATUS.OK);
+  });
 
-  const res4 = await request(app).get('/@scope/foo/1.0.0');
-  expect(res4.body).toEqual({ package: '@scope/foo', version: '1.0.0' });
-  expect(res4.status).toEqual(HTTP_STATUS.OK);
+  test('scoped package with version', async () => {
+    const res = await request(app).get('/@scope/foo/1.0.0');
+    expect(res.body).toEqual({ package: '@scope/foo', version: '1.0.0' });
+    expect(res.status).toEqual(HTTP_STATUS.OK);
+  });
 
-  const res5 = await request(app).get('/@scope%2ffoo');
-  expect(res5.body).toEqual({ package: '@scope/foo' });
-  expect(res5.status).toEqual(HTTP_STATUS.OK);
+  test('scoped package with encoded path', async () => {
+    const res = await request(app).get('/@scope%2ffoo');
+    expect(res.body).toEqual({ package: '@scope/foo' });
+    expect(res.status).toEqual(HTTP_STATUS.OK);
+  });
 
-  const res6 = await request(app).get('/@scope%2ffoo/1.0.0');
-  expect(res6.body).toEqual({ package: '@scope/foo', version: '1.0.0' });
-  expect(res6.status).toEqual(HTTP_STATUS.OK);
+  test('scoped package and version with encoded path', async () => {
+    const res = await request(app).get('/@scope%2ffoo/1.0.0');
+    expect(res.body).toEqual({ package: '@scope/foo', version: '1.0.0' });
+    expect(res.status).toEqual(HTTP_STATUS.OK);
+  });
 
-  const res7 = await request(app).get('/%40scope%2ffoo');
-  expect(res7.body).toEqual({ package: '@scope/foo' });
-  expect(res7.status).toEqual(HTTP_STATUS.OK);
+  test('scoped package with encoded @ and path ', async () => {
+    const res = await request(app).get('/%40scope%2ffoo');
+    expect(res.body).toEqual({ package: '@scope/foo' });
+    expect(res.status).toEqual(HTTP_STATUS.OK);
+  });
 
-  const res8 = await request(app).get('/%40scope%2ffoo/1.0.0');
-  expect(res8.body).toEqual({ package: '@scope/foo', version: '1.0.0' });
-  expect(res8.status).toEqual(HTTP_STATUS.OK);
+  test('scoped package and version with encoded @ and path', async () => {
+    const res = await request(app).get('/%40scope%2ffoo/1.0.0');
+    expect(res.body).toEqual({ package: '@scope/foo', version: '1.0.0' });
+    expect(res.status).toEqual(HTTP_STATUS.OK);
+  });
 
-  const res9 = await request(app).get('/%40scope/foo');
-  expect(res9.body).toEqual({ package: '@scope/foo' });
-  expect(res9.status).toEqual(HTTP_STATUS.OK);
+  test('scoped package with encoded @', async () => {
+    const res = await request(app).get('/%40scope/foo');
+    expect(res.body).toEqual({ package: '@scope/foo' });
+    expect(res.status).toEqual(HTTP_STATUS.OK);
+  });
 
-  const res10 = await request(app).get('/%40scope/foo/1.0.0');
-  expect(res10.body).toEqual({ package: '@scope/foo', version: '1.0.0' });
-  expect(res10.status).toEqual(HTTP_STATUS.OK);
+  test('scoped package and version with encoded @', async () => {
+    const res = await request(app).get('/%40scope/foo/1.0.0');
+    expect(res.body).toEqual({ package: '@scope/foo', version: '1.0.0' });
+    expect(res.status).toEqual(HTTP_STATUS.OK);
+  });
 });
 
-test('tarballs with and without scope', async () => {
+describe('tarball requests', () => {
   const app = getApp([]);
   // @ts-ignore
   app.use(encodeScopePackage);
-  // @ts-ignore
   app.get('/:package/-/:filename', (req, res) => {
     const { package: pkg, filename } = req.params;
     res.status(HTTP_STATUS.OK).json({ package: pkg, filename });
   });
 
-  const res = await request(app).get('/foo/-/foo-1.2.3.tgz');
-  expect(res.body).toEqual({ package: 'foo', filename: 'foo-1.2.3.tgz' });
-  expect(res.status).toEqual(HTTP_STATUS.OK);
+  test('just package', async () => {
+    const res = await request(app).get('/foo/-/foo-1.2.3.tgz');
+    expect(res.body).toEqual({ package: 'foo', filename: 'foo-1.2.3.tgz' });
+    expect(res.status).toEqual(HTTP_STATUS.OK);
+  });
 
-  const res2 = await request(app).get('/@scope/foo/-/foo-1.2.3.tgz');
-  expect(res2.body).toEqual({ package: '@scope/foo', filename: 'foo-1.2.3.tgz' });
-  expect(res2.status).toEqual(HTTP_STATUS.OK);
+  test('scoped package', async () => {
+    const res = await request(app).get('/@scope/foo/-/foo-1.2.3.tgz');
+    expect(res.body).toEqual({ package: '@scope/foo', filename: 'foo-1.2.3.tgz' });
+    expect(res.status).toEqual(HTTP_STATUS.OK);
+  });
 
-  const res3 = await request(app).get('/@scope%2ffoo/-/foo-1.2.3.tgz');
-  expect(res3.body).toEqual({ package: '@scope/foo', filename: 'foo-1.2.3.tgz' });
-  expect(res3.status).toEqual(HTTP_STATUS.OK);
+  test('scoped package with encoded path', async () => {
+    const res = await request(app).get('/@scope%2ffoo/-/foo-1.2.3.tgz');
+    expect(res.body).toEqual({ package: '@scope/foo', filename: 'foo-1.2.3.tgz' });
+    expect(res.status).toEqual(HTTP_STATUS.OK);
+  });
 
-  const res4 = await request(app).get('/%40scope%2ffoo/-/foo-1.2.3.tgz');
-  expect(res4.body).toEqual({ package: '@scope/foo', filename: 'foo-1.2.3.tgz' });
-  expect(res4.status).toEqual(HTTP_STATUS.OK);
+  test('scoped package with encoded @ and path', async () => {
+    const res = await request(app).get('/%40scope%2ffoo/-/foo-1.2.3.tgz');
+    expect(res.body).toEqual({ package: '@scope/foo', filename: 'foo-1.2.3.tgz' });
+    expect(res.status).toEqual(HTTP_STATUS.OK);
+  });
 
-  const res5 = await request(app).get('/%40scope/foo/-/foo-1.2.3.tgz');
-  expect(res5.body).toEqual({ package: '@scope/foo', filename: 'foo-1.2.3.tgz' });
-  expect(res5.status).toEqual(HTTP_STATUS.OK);
+  test('scoped package with encoded @', async () => {
+    const res = await request(app).get('/%40scope/foo/-/foo-1.2.3.tgz');
+    expect(res.body).toEqual({ package: '@scope/foo', filename: 'foo-1.2.3.tgz' });
+    expect(res.status).toEqual(HTTP_STATUS.OK);
+  });
 });

packages/middleware/test/make-url-relative.spec.ts

@@ -0,0 +1,42 @@
+import request from 'supertest';
+import { expect, test } from 'vitest';
+
+import { HEADERS, HTTP_STATUS } from '@verdaccio/core';
+
+import { makeURLrelative } from '../src';
+import { getApp } from './helper';
+
+const testHosts = [
+  'localhost:4873', // with port
+  'myregistry.com', // no port
+  '42.42.42.42', // ip
+  '[2001:db8:85a3:8d3:1319:8a2e:370:7348]:443', // ip6
+];
+
+test.each([testHosts])('remove host from url', async (host) => {
+  const app = getApp([]);
+  // @ts-ignore
+  app.use(makeURLrelative);
+  app.get('/:id', (req, res) => {
+    const { id } = req.params;
+    res.status(HTTP_STATUS.OK).json({ id, url: req.url });
+  });
+
+  const res = await request(app).get('/foo').set(HEADERS.HOST, host);
+  expect(res.body).toEqual({ id: 'foo', url: '/foo' });
+  expect(res.status).toEqual(HTTP_STATUS.OK);
+});
+
+test('invalid url', async () => {
+  const app = getApp([]);
+  // @ts-ignore
+  app.use(makeURLrelative);
+  app.get('/:id', (req, res) => {
+    const { id } = req.params;
+    res.status(HTTP_STATUS.OK).json({ id });
+  });
+
+  const res = await request(app).get('/foo').set(HEADERS.HOST, 'invalid::host');
+  expect(res.status).toEqual(HTTP_STATUS.BAD_REQUEST);
+  expect(res.text).toContain('Invalid URL');
+});

packages/middleware/test/static/runtime.js

@@ -0,0 +1,3 @@
+{
+  runtime: '';
+}

packages/middleware/test/static/vendor.js

@@ -1,3 +0,0 @@
-{
-  'vendors': '';
-}

packages/middleware/test/static/vendors.js

@@ -0,0 +1,3 @@
+{
+  vendors: '';
+}

packages/node-api/CHANGELOG.md

@@ -1,5 +1,19 @@
 # @verdaccio/node-api
 
+## 8.0.0-next-8.4
+
+### Patch Changes
+
+- e93d6a3: chore: auth package requires logger as parameter
+- Updated dependencies [48aa89f]
+- Updated dependencies [58e0d95]
+- Updated dependencies [e93d6a3]
+  - @verdaccio/server@8.0.0-next-8.4
+  - @verdaccio/core@8.0.0-next-8.4
+  - @verdaccio/server-fastify@8.0.0-next-8.4
+  - @verdaccio/config@8.0.0-next-8.4
+  - @verdaccio/logger@8.0.0-next-8.4
+
 ## 8.0.0-next-8.3
 
 ### Patch Changes

packages/node-api/jest.config.js

@@ -1,10 +0,0 @@
-const config = require('../../jest/config');
-
-module.exports = Object.assign({}, config, {
-  coverageThreshold: {
-    global: {
-      // FIXME: increase to 90
-      lines: 40,
-    },
-  },
-});

packages/node-api/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/node-api",
-  "version": "8.0.0-next-8.3",
+  "version": "8.0.0-next-8.4",
   "description": "node API",
   "main": "build/index.js",
   "types": "build/index.d.ts",
@@ -34,15 +34,15 @@
     "build:js": "babel src/ --out-dir build/ --copy-files --extensions \".ts,.tsx\" --source-maps",
     "watch": "pnpm build:js -- --watch",
     "build": "pnpm run build:js && pnpm run build:types",
-    "test": "jest"
+    "test": "vitest run"
   },
   "license": "MIT",
   "dependencies": {
-    "@verdaccio/config": "workspace:8.0.0-next-8.3",
-    "@verdaccio/core": "workspace:8.0.0-next-8.3",
-    "@verdaccio/logger": "workspace:8.0.0-next-8.3",
-    "@verdaccio/server": "workspace:8.0.0-next-8.3",
-    "@verdaccio/server-fastify": "workspace:8.0.0-next-8.3",
+    "@verdaccio/config": "workspace:8.0.0-next-8.4",
+    "@verdaccio/core": "workspace:8.0.0-next-8.4",
+    "@verdaccio/logger": "workspace:8.0.0-next-8.4",
+    "@verdaccio/server": "workspace:8.0.0-next-8.4",
+    "@verdaccio/server-fastify": "workspace:8.0.0-next-8.4",
     "core-js": "3.37.1",
     "debug": "4.3.7",
     "lodash": "4.17.21"

packages/node-api/test/node-api.utils.spec.ts

@@ -1,4 +1,5 @@
 import _ from 'lodash';
+import { describe, expect, test } from 'vitest';
 
 import {
   DEFAULT_DOMAIN,