chore: update versions (6-next) (#2625)

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

.babelrc

@@ -7,7 +7,7 @@
         "version": 3, "proposals": true
       },
       "targets": {
-        "node": 12
+        "node": 14
       }
     }
   ],

.changeset/eleven-spoons-matter.md

@@ -0,0 +1,39 @@
+---
+'@verdaccio/api': major
+'@verdaccio/auth': major
+'@verdaccio/cli': major
+'@verdaccio/config': major
+'@verdaccio/core': major
+'@verdaccio/file-locking': major
+'verdaccio-htpasswd': major
+'@verdaccio/readme': major
+'@verdaccio/fastify-migration': major
+'@verdaccio/streams': major
+'@verdaccio/tarball': major
+'@verdaccio/types': major
+'@verdaccio/url': major
+'@verdaccio/hooks': major
+'@verdaccio/loaders': major
+'@verdaccio/logger': major
+'@verdaccio/middleware': major
+'@verdaccio/mock': major
+'@verdaccio/node-api': major
+'@verdaccio/active-directory': major
+'verdaccio-audit': major
+'verdaccio-auth-memory': major
+'verdaccio-aws-s3-storage': major
+'verdaccio-google-cloud': major
+'verdaccio-memory': major
+'@verdaccio/ui-theme': major
+'@verdaccio/server': major
+'@verdaccio/cli-standalone': major
+'@verdaccio/store': major
+'@verdaccio/dev-types': major
+'@verdaccio/utils': major
+'verdaccio': major
+'@verdaccio/web': major
+---
+
+Remove Node 12 support
+
+- We need move to the new `undici` and does not support Node.js 12

.changeset/fuzzy-onions-draw.md

@@ -0,0 +1,10 @@
+---
+'@verdaccio/api': minor
+'@verdaccio/fastify-migration': minor
+'@verdaccio/hooks': minor
+'@verdaccio/logger-prettify': minor
+'@verdaccio/proxy': minor
+'@verdaccio/store': minor
+---
+
+abort search request support for proxy

.changeset/olive-candles-speak.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-theme': minor
+---
+
+feat: integrate rematch for ui state storage

.changeset/perfect-candles-clap.md

@@ -0,0 +1,35 @@
+---
+'@verdaccio/api': minor
+'@verdaccio/auth': minor
+'@verdaccio/cli': minor
+'@verdaccio/config': minor
+'@verdaccio/core': minor
+'verdaccio-htpasswd': minor
+'@verdaccio/local-storage': minor
+'@verdaccio/fastify-migration': minor
+'@verdaccio/tarball': minor
+'@verdaccio/types': minor
+'@verdaccio/url': minor
+'@verdaccio/hooks': minor
+'@verdaccio/loaders': minor
+'@verdaccio/logger': minor
+'@verdaccio/middleware': minor
+'@verdaccio/mock': minor
+'@verdaccio/node-api': minor
+'@verdaccio/active-directory': minor
+'verdaccio-auth-memory': minor
+'verdaccio-aws-s3-storage': minor
+'verdaccio-google-cloud': minor
+'verdaccio-memory': minor
+'@verdaccio/ui-theme': minor
+'@verdaccio/proxy': minor
+'@verdaccio/server': minor
+'@verdaccio/cli-standalone': minor
+'@verdaccio/store': minor
+'@verdaccio/utils': minor
+'verdaccio': minor
+'@verdaccio/web': minor
+'@verdaccio/e2e-ui': minor
+---
+
+refactor: remove @verdaccio/commons-api in favor @verdaccio/core and remove duplications

.changeset/pre.json

@@ -6,7 +6,6 @@
     "@verdaccio/auth": "6.0.0-alpha.0",
     "@verdaccio/cli": "6.0.0-alpha.0",
     "@verdaccio/config": "6.0.0-alpha.0",
-    "@verdaccio/commons-api": "11.0.0-alpha.0",
     "@verdaccio/file-locking": "11.0.0-alpha.0",
     "verdaccio-htpasswd": "11.0.0-alpha.0",
     "@verdaccio/local-storage": "11.0.0-alpha.0",
@@ -43,16 +42,19 @@
     "@verdaccio/eslint-config": "1.0.0",
     "@verdaccio/benchmark": "1.0.0",
     "@verdaccio/website": "5.1.3",
-    "@verdaccio/core": "6.0.0-next.0"
+    "@verdaccio/core": "6.0.0-next.0",
+    "@verdaccio/helper": "1.0.0"
   },
   "changesets": [
     "afraid-mice-obey",
     "big-lobsters-sin",
     "calm-pants-impress",
     "dry-planes-tap",
+    "eleven-spoons-matter",
     "few-cooks-destroy",
     "few-mangos-grow",
     "fifty-jars-rest",
+    "fuzzy-onions-draw",
     "gentle-parrots-lay",
     "gentle-trains-switch",
     "gold-vans-tease",
@@ -66,6 +68,8 @@
     "many-vans-care",
     "modern-spies-tell",
     "neat-toes-report",
+    "olive-candles-speak",
+    "perfect-candles-clap",
     "perfect-emus-clean",
     "perfect-kangaroos-agree",
     "plenty-news-remember",
@@ -74,9 +78,13 @@
     "pretty-hounds-tap",
     "proud-jeans-walk",
     "red-chefs-float",
+    "shaggy-carrots-unite",
+    "shaggy-parrots-smash",
     "shiny-chefs-heal",
     "smart-apricots-kneel",
+    "sour-buses-shout",
     "spicy-frogs-press",
+    "ten-parents-breathe",
     "tender-bags-call",
     "three-pots-sit",
     "two-dolls-check",

.changeset/shaggy-carrots-unite.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/logger': patch
+---
+
+do not show deprecation warning on default logger config

.changeset/shaggy-parrots-smash.md

@@ -0,0 +1,8 @@
+---
+'@verdaccio/cli': minor
+'@verdaccio/core': minor
+'@verdaccio/logger': minor
+'@verdaccio/node-api': minor
+---
+
+feat: use warning codes for deprecation warnings

.changeset/sour-buses-shout.md

@@ -0,0 +1,11 @@
+---
+'@verdaccio/fastify-migration': minor
+'@verdaccio/store': minor
+'@verdaccio/utils': minor
+'@verdaccio/web': minor
+'@verdaccio/website': minor
+---
+
+feat: migrate web sidebar endpoint to fastify
+
+reuse utils methods between packages

.changeset/ten-parents-breathe.md

@@ -0,0 +1,7 @@
+---
+'@verdaccio/auth': minor
+'@verdaccio/fastify-migration': minor
+'@verdaccio/web': minor
+---
+
+dist tags Implementation on Fastify

.github/ISSUE_TEMPLATE/config.yml

@@ -7,7 +7,7 @@ contact_links:
     url: https://github.com/verdaccio/verdaccio/security/policy
     about: I want to report a security vulnerability
   - name: Chat 🏘
-    url: http://chat.verdaccio.org
+    url: https://discord.gg/7qWJxBf
     about: For a quick question you should do it through our community chat
   - name: User Interface Report 👩🏼‍🎨👨🏼‍🎨
     url: https://github.com/verdaccio/ui/issues/new/choose

.github/workflows/benchmark.yml

@@ -58,7 +58,7 @@ jobs:
           - 3.13.1
           - 4.12.2
           - 5.1.3
-          - 6.0.0-6-next.22
+          - 6.0.0-6-next.24
     name: Benchmark autocannon
     runs-on: ubuntu-latest
     steps:
@@ -119,7 +119,7 @@ jobs:
           - 3.13.1
           - 4.12.2
           - 5.1.3
-          - 6.0.0-6-next.22
+          - 6.0.0-6-next.24
     name: Benchmark hyperfine
     runs-on: ubuntu-latest
     steps:

.github/workflows/changesets.yml

@@ -46,7 +46,12 @@ jobs:
         run: pnpm install
         env:
           NODE_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
-
+      - name: crowdin download
+        env:
+          CROWDIN_VERDACCIO_PROJECT_ID: ${{ secrets.CROWDIN_VERDACCIO_PROJECT_ID }}
+          CROWDIN_VERDACCIO_API_KEY: ${{ secrets.CROWDIN_VERDACCIO_API_KEY }}
+          CONTEXT: production
+        run: pnpm crowdin:download       
       - name: build
         run: pnpm build
 

.github/workflows/ci.yml

@@ -23,7 +23,7 @@ jobs:
         ports:
           - 4873:4873
     steps:
-    - uses: actions/checkout@v2.3.1
+    - uses: actions/checkout@v2.3.5
     - name: Use Node 14
       uses: actions/setup-node@v1
       with:
@@ -48,7 +48,7 @@ jobs:
     name: Lint
     needs: prepare
     steps:
-      - uses: actions/checkout@v2.3.1
+      - uses: actions/checkout@v2.3.5
       - name: Use Node 16
         uses: actions/setup-node@v1
         with:
@@ -68,7 +68,7 @@ jobs:
     name: Format
     needs: prepare
     steps:
-      - uses: actions/checkout@v2.3.1
+      - uses: actions/checkout@v2.3.5
       - name: Use Node 16
         uses: actions/setup-node@v1
         with:
@@ -83,12 +83,13 @@ jobs:
         run: pnpm recursive install --frozen-lockfile --ignore-scripts
       - name: Lint
         run: pnpm format:check
+
   build:
     runs-on: ubuntu-latest
     name: build
     needs: [format, lint]
     steps:
-      - uses: actions/checkout@v2.3.1
+      - uses: actions/checkout@v2.3.5
       - name: Use Node 16
         uses: actions/setup-node@v1
         with:
@@ -101,6 +102,15 @@ jobs:
           key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}     
       - name: Install
         run: pnpm recursive install --frozen-lockfile --ignore-scripts
+      - name: crowdin download
+        env:
+          CROWDIN_VERDACCIO_PROJECT_ID: ${{ secrets.CROWDIN_VERDACCIO_PROJECT_ID }}
+          CROWDIN_VERDACCIO_API_KEY: ${{ secrets.CROWDIN_VERDACCIO_API_KEY }}
+          CONTEXT: production
+        run: pnpm crowdin:download
+        ## this step is optional, translations are not mandatory for PR
+        ## secrets keys are not available on forks, the failure here is guaranteed
+        continue-on-error: true  
       - name: build
         run: pnpm build
       - name: tar packages
@@ -116,11 +126,12 @@ jobs:
       fail-fast: true
       matrix:
         os: [ubuntu-latest]
+        ## Node 16 breaks UI test, jest issue
         node_version: [14]
     name: ${{ matrix.os }} / Node ${{ matrix.node_version }}
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@v2.3.1
+      - uses: actions/checkout@v2.3.5
       - name: Use Node ${{ matrix.node_version }}
         uses: actions/setup-node@v1
         with:
@@ -145,7 +156,7 @@ jobs:
     runs-on: ubuntu-latest
     name: UI Test E2E Node 14
     steps:
-      - uses: actions/checkout@v2.3.1
+      - uses: actions/checkout@v2.3.5
       - uses: actions/setup-node@v1
         with:
           node-version: 14
@@ -165,14 +176,14 @@ jobs:
         run: pnpm recursive install --frozen-lockfile 
       - name: Test UI
         run: pnpm test:e2e:ui
-        env:
-          DEBUG: verdaccio:e2e*       
+        # env:
+        #  DEBUG: verdaccio:e2e*       
   ci-e2e-cli:
     needs: build
     runs-on: ubuntu-latest
     name: CLI Test E2E Node 14
     steps:
-      - uses: actions/checkout@v2.3.1
+      - uses: actions/checkout@v2.3.5
       - uses: actions/setup-node@v1
         with:
           node-version: 14
@@ -192,14 +203,14 @@ jobs:
         run: pnpm recursive install --frozen-lockfile
       - name: Test CLI
         run: pnpm test:e2e:cli
-        env:
-          DEBUG: verdaccio*          
+        # env:
+        #   DEBUG: verdaccio* 
   test-windows:
     needs: [format, lint]
     runs-on: windows-latest
     name: windows test node 14
     steps:
-      - uses: actions/checkout@v2.3.1
+      - uses: actions/checkout@v2.3.5
       - name: Use Node 14
         uses: actions/setup-node@v1
         with:
@@ -217,3 +228,35 @@ jobs:
         run: pnpm build
       - name: Test
         run: pnpm test
+  sync-translations:
+    needs: [ci-e2e-cli, ci-e2e-ui, test-windows, test]
+    runs-on: ubuntu-latest
+    name: synchronize translations
+    if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
+    steps:
+      - uses: actions/checkout@v2.3.5
+      - uses: actions/setup-node@v1
+        with:
+          node-version: 14
+      - uses: actions/download-artifact@v2
+        with:
+          name: verdaccio-artifact
+      - name: untar packages
+        run: tar -xzvf pkg.tar.gz -C ${{ github.workspace }}/packages    
+      - name: Install pnpm
+        run: npm i pnpm@6.10.3 -g
+      - uses: actions/cache@v2
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}                                          
+      - name: Install
+        ## we need scripts, pupetter downloads aditional content
+        run: pnpm recursive install --frozen-lockfile
+      - name: generate website translations
+        run: pnpm write-translations --filter ...@verdaccio/website       
+      - name: sync
+        env:
+          CROWDIN_VERDACCIO_PROJECT_ID: ${{ secrets.CROWDIN_VERDACCIO_PROJECT_ID }}
+          CROWDIN_VERDACCIO_API_KEY: ${{ secrets.CROWDIN_VERDACCIO_API_KEY }}
+          CONTEXT: production
+        run: pnpm crowdin:sync              

.github/workflows/codeql-analysis.yml

@@ -14,7 +14,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2.3.1
+        uses: actions/checkout@v2.3.5
         with:
           # We must fetch at least the immediate parents so that if this is
           # a pull request then we can checkout the head.

.github/workflows/website.yml

@@ -24,7 +24,7 @@ jobs:
     env:
       NODE_OPTIONS: --max_old_space_size=4096
     steps:
-      - uses: actions/checkout@v2.3.1
+      - uses: actions/checkout@v2.3.5
 
       - name: Use Node 14
         uses: actions/setup-node@v2

.gitignore

@@ -34,6 +34,9 @@ packages/standalone/dist/
 
 ## ui
 packages/plugins/ui-theme/static
+/packages/plugins/ui-theme/src/i18n/download_translations/
+!/packages/plugins/ui-theme/src/i18n/crowdin/ui.json
+
 
 # CI Pnpm cache
 .pnpm-store/
@@ -45,5 +48,5 @@ hyper-results*.json
 api-results*.json
 
 #docs 
-api/
+./api
 packages/core/core/docs

.husky/pre-commit

@@ -0,0 +1,5 @@
+#!/bin/sh
+. "$(dirname "$0")/_/husky.sh"
+
+#./node_modules/.bin/lint-staged
+npm run husky:pre-commit

.nvmrc

@@ -1 +1 @@
-14
+16

.prettierrc

@@ -1,11 +0,0 @@
-{
-  "endOfLine": "lf",
-  "useTabs": false,
-  "printWidth": 100,
-  "tabWidth": 2,
-  "singleQuote": true,
-  "bracketSpacing": true,
-  "jsxBracketSameLine": true,
-  "trailingComma": "es5",
-  "semi": true
-}

.vscode/settings.json

@@ -2,7 +2,7 @@
 {
   "files.exclude": {
     "**/.nyc_output": true,
-    "**/build": true,
+    "**/build": false,
     "**/coverage": true,
     ".idea": true,
     "storage_default_storage": true,

CONTRIBUTING.md

@@ -19,6 +19,7 @@ guidelines for you:
     - [What's is not considered a bug?](#whats-is-not-considered-a-bug)
     - [Issue Search](#issue-search)
     - [Chat](#chat)
+  - [Translations](#translations)
   - [Request Features](#request-features)
   - [Contributing Guidelines](#contributing-guidelines)
     - [Submitting a Pull Request](#submitting-a-pull-request)
@@ -128,9 +129,23 @@ More details in the debug section
 
 ### Running and debugging
 
+> Check the debugging guidelines [here](https://github.com/verdaccio/verdaccio/wiki/Debugging-Verdaccio)
+
 We use [`debug`](https://www.npmjs.com/package/debug) to add helpful debugging
 output to the code. Each package has it owns namespace.
 
+#### Useful Scripts
+
+To run the application from the source code, ensure the project has been built with `pnpm build`, once this is done, there are few commands that helps to run server:
+
+- `pnpm start`: Run the server and the UI with `concurrently`, the
+  server runs in the port `8000` and the UI on the port `4873`. This command
+  is useful if you want to contribute mostly on the UI.
+- `pnpm debug`: Run the server in debug mode `--inspect`, the UI is included but does not have hot reload. For automatic break use `pnpm debug:break`.
+- `pnpm debug:fastify`: To contribute on the [fastify migration](https://github.com/verdaccio/verdaccio/discussions/2155) this is a temporary command for such purpose.
+- `pnpm website`: Build the website, for more commands to run the _website_, run `cd website` and then `pnpm serve`, website will run on port `3000`.
+- `pnpm docker`: Build the docker image. Requires `docker` command available in your system.
+
 #### Debugging compiled code
 
 Currently you can only run pre-compiled packages in debug mode. To enable debug
@@ -190,10 +205,28 @@ affecting multiple people.
 
 ### Chat
 
-Questions can be asked via [Discord](http://chat.verdaccio.org/)
+Questions can be asked via [Discord](https://discord.gg/7qWJxBf)
 
 **Please use the `#help` channel.**
 
+## Translations
+
+All translations are provided by the `crowdin` platform:
+[https://translate.verdaccio.org/](https://translate.verdaccio.org/)
+
+If you want to contribute by adding translations, create an account (GitHub could be used as fast alternative), in the platform you can contribute to two areas, the website or improve User Interface translations.
+
+If a language is not listed, ask for it in the [Discord](https://discord.gg/7qWJxBf) channel #contribute channel.
+
+For adding a new **language** on the UI follow these steps:
+
+1. Ensure the **language** has been enabled, must be visible in the `crowdin` platform.
+2. Find in the explorer the file `en.US.json` in the path `packages/plugins/ui-theme/src/i18n/crowdin/ui.json` and complete the translations, **not need to find approval on this**.
+3. Into the project, add a new field into `packages/plugins/ui-theme/src/i18n/crowdin/ui.json` file, in the section `lng`, the new language, eg: `{ lng: {korean:"Korean"}}`. (This file is English based, once the PR has been merged, this string will be available in crowdin for translate to the targeted language).
+4. Add the language, [flag icon](https://www.npmjs.com/package/country-flag-icons), and the menu key fort he new language eg: `menuKey: 'lng.korean'` to the file `packages/plugins/ui-theme/src/i18n/enabledLanguages.ts`.
+5. For local testing, read `packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md`.
+6. Add a `changeset` file, see more info below.
+
 ## Request Features
 
 New feature requests are welcome. Analyse whether the idea fits within scope of

Dockerfile

@@ -1,4 +1,4 @@
-FROM --platform=${BUILDPLATFORM:-linux/amd64} node:14.17.6-alpine as builder
+FROM --platform=${BUILDPLATFORM:-linux/amd64} node:14.18.1-alpine as builder
 
 ENV NODE_ENV=development \
     VERDACCIO_BUILD_REGISTRY=https://registry.verdaccio.org
@@ -19,7 +19,7 @@ RUN npm -g i pnpm@6.10.3 && \
 # FIXME: need to remove devDependencies from the build
 # RUN pnpm install --prod --ignore-scripts
 
-FROM node:14.17.6-alpine
+FROM node:14.18.1-alpine
 LABEL maintainer="https://github.com/verdaccio/verdaccio"
 
 ENV VERDACCIO_APPDIR=/opt/verdaccio \

README.md

@@ -29,6 +29,8 @@ Google Cloud Storage** or create your own plugin.
 
 ## Install
 
+> Latest Node.js v14
+
 Install with npm:
 
 ```bash
@@ -75,7 +77,7 @@ booted in a couple of seconds, fast enough for any CI. Many open source projects
 
 ### **Testing the integrity of your React components by publishing in a private registry - React Finland 2021**.
 
-[![beerjscrb](https://cdn.verdaccio.dev/readme/react-finland-2021-jpicado.jpeg)](https://www.youtube.com/watch?v=5olfi5wbgF4)
+[![beerjscrb](https://cdn.verdaccio.dev/readme/react-finland-2021-jpicado.jpeg)](https://www.youtube.com/watch?v=bRKZbrlQqLY&t=16s&ab_channel=ReactFinland)
 
 You might want to check out as well our previous talks:
 
@@ -190,7 +192,20 @@ Verdaccio aims to support all features of a standard npm client that make sense
 
 If you want to report a security vulnerability, please follow the steps which we have defined for you in our [security policy](https://github.com/verdaccio/verdaccio/security/policy).
 
-## Core Team
+## Special Thanks
+
+Thanks to the following companies to help us to achieve our goals providing free open source licenses. Every company provides enough resources to move this project forward.
+
+| Company      | Logo                                                                                                                            | License                                                                           |
+| ------------ | ------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------- |
+| JetBrains    | [![jetbrain](assets/thanks/jetbrains/logo.png)](https://www.jetbrains.com/)                                                     | JetBrains provides licenses for products for active maintainers, renewable yearly |
+| Crowdin      | [![crowdin](assets/thanks/crowdin/logo.png)](https://crowdin.com/)                                                              | Crowdin provides platform for translations                                        |
+| BrowserStack | [![browserstack](https://cdn.verdaccio.dev/readme/browserstack_logo.png)](https://www.browserstack.com/)                        | BrowserStack provides plan to run End to End testing for the UI                   |
+| Netlify      | [![netlify](https://www.netlify.com/img/global/badges/netlify-color-accent.svg)](https://www.netlify.com/)                      | Netlify provides pro plan for website deployment                                  |
+| Algolia      | [![algolia](https://cdn.verdaccio.dev/sponsor/logo/algolia/logo.png)](https://algolia.com/)                                     | Algolia provides search services for the website                                  |
+| Docker       | [![docker](https://cdn.verdaccio.dev/sponsor/logo/docker/docker.png)](https://www.docker.com/community/open-source/application) | Docker offers unlimited pulls and unlimited egress to any and all users           |
+
+## Maintainers
 
 | [Juan Picado](https://github.com/juanpicado)                                   | [Ayush Sharma](https://github.com/ayusharma)                             | [Sergio Hg](https://github.com/sergiohgz)                                 |
 | ------------------------------------------------------------------------------ | ------------------------------------------------------------------------ | ------------------------------------------------------------------------- |
@@ -244,18 +259,6 @@ Thank you to all our backers! 🙏 [[Become a backer](https://opencollective.com
 
 [![backers](https://opencollective.com/verdaccio/backers.svg?width=890)](https://opencollective.com/verdaccio#backers)
 
-## Special Thanks
-
-Thanks to the following companies to help us to achieve our goals providing free open source licenses.
-
-[![jetbrain](assets/thanks/jetbrains/logo.png)](https://www.jetbrains.com/)
-[![crowdin](assets/thanks/crowdin/logo.png)](https://crowdin.com/)
-[![browserstack](https://cdn.verdaccio.dev/readme/browserstack_logo.png)](https://www.browserstack.com/)
-[![netlify](https://www.netlify.com/img/global/badges/netlify-color-accent.svg)](https://www.netlify.com/)
-[![algolia](https://cdn.verdaccio.dev/sponsor/logo/algolia/logo.png)](https://algolia.com/)
-
-Verdaccio also is part of to the [Docker Open Source Program](https://www.docker.com/blog/expanded-support-for-open-source-software-projects/).
-
 ## Contributors
 
 This project exists thanks to all the people who contribute. [[Contribute](CONTRIBUTING.md)].
@@ -270,7 +273,7 @@ If you have any issue you can try the following options, do no desist to ask or
 - [Donations](https://github.com/sponsors/verdaccio)
 - [Reporting an issue](https://github.com/verdaccio/verdaccio/issues/new/choose)
 - [Running discussions](https://github.com/verdaccio/verdaccio/issues?q=is%3Aissue+is%3Aopen+label%3Adiscuss)
-- [Chat](http://chat.verdaccio.org/)
+- [Chat](https://discord.gg/7qWJxBf)
 - [Logos](https://verdaccio.org/docs/en/logo)
 - [Docker Examples](https://github.com/verdaccio/verdaccio/tree/master/docker-examples)
 - [FAQ](https://github.com/verdaccio/verdaccio/discussions/categories/q-a)

crowdin.yaml

@@ -5,6 +5,10 @@ preserve_hierarchy: true
 
 files:
   [
+    {
+      source: 'packages/plugins/ui-theme/src/i18n/crowdin/**/*',
+      translation: '/packages/plugins/ui-theme/src/i18n/download_translations/%locale%/**/%original_file_name%',
+    },
     {
       source: '/website/i18n/en/**/*',
       translation: '/website/i18n/%locale%/**/%original_file_name%',
@@ -13,4 +17,4 @@ files:
       source: '/website/docs/**/*',
       translation: '/website/i18n/%locale%/docusaurus-plugin-content-docs/current/**/%original_file_name%',
     }
-  ]
+  ]

docs/env.variables.md

@@ -51,4 +51,4 @@ By default, the storage is taken from config file, but using this variable allow
 
 #### VERDACCIO_STORAGE_NAME
 
-The database name for `@verdaccio/local-storge` is by default `.verdaccio-db.json`, but this can be update by using this variable.
+The database name for `@verdaccio/local-storage` is by default `.verdaccio-db.json`, but this can be update by using this variable.

docs/migration-v5-to-v6.md

@@ -74,3 +74,7 @@ Introduce environment variables for legacy tokens.
 
 - `VERDACCIO_LEGACY_ALGORITHM`: Allows to define the specific algorithm for the token signature which by default is `aes-256-ctr`
 - `VERDACCIO_LEGACY_ENCRYPTION_KEY`: By default, the token stores in the database, but using this variable allows to get it from memory
+
+#### @verdaccio/commons-api migration
+
+The package has been removed in favor of `@verdaccio/core` with a similar API, check API documentation for further details.

docs/warnings.md

@@ -0,0 +1,29 @@
+# Warning Codes
+
+## VERWAR001
+
+Verdaccio doesn't need superuser privileges. Don't run it under root.
+
+## VERWAR002
+
+logger is not defined
+
+## VERWAR003
+
+'rotating-file type is not longer supported, consider use [logrotate] instead'
+
+## VERWAR004
+
+invalid address - xxxxxx, we expect a port (e.g. "4873"),
+
+## VERDEP001
+
+'config.logs is deprecated, rename configuration to "config.log" in singular'
+
+## VERDEP002
+
+'deprecate: multiple logger configuration is deprecated, please check the migration guide.'
+
+## VERDEP003
+
+'multiple addresses will be deprecated in the next major, only use one'

package.json

@@ -15,25 +15,25 @@
     "url": "https://opencollective.com/verdaccio"
   },
   "devDependencies": {
-    "@babel/cli": "7.15.4",
-    "@babel/core": "7.15.5",
-    "@babel/node": "7.15.4",
+    "@babel/cli": "7.15.7",
+    "@babel/core": "7.15.8",
+    "@babel/node": "7.15.8",
     "@babel/plugin-proposal-class-properties": "7.14.5",
-    "@babel/plugin-proposal-decorators": "7.15.4",
+    "@babel/plugin-proposal-decorators": "7.15.8",
     "@babel/plugin-proposal-export-namespace-from": "7.14.5",
     "@babel/plugin-proposal-function-sent": "7.14.5",
     "@babel/plugin-proposal-json-strings": "7.14.5",
     "@babel/plugin-proposal-nullish-coalescing-operator": "7.14.5",
     "@babel/plugin-proposal-numeric-separator": "7.14.5",
-    "@babel/plugin-proposal-object-rest-spread": "7.14.7",
+    "@babel/plugin-proposal-object-rest-spread": "7.15.6",
     "@babel/plugin-proposal-optional-chaining": "7.14.5",
     "@babel/plugin-proposal-throw-expressions": "7.14.5",
     "@babel/plugin-syntax-dynamic-import": "7.8.3",
     "@babel/plugin-syntax-import-meta": "7.10.4",
     "@babel/plugin-transform-async-to-generator": "7.14.5",
     "@babel/plugin-transform-classes": "7.15.4",
-    "@babel/plugin-transform-runtime": "7.15.0",
-    "@babel/preset-env": "7.15.4",
+    "@babel/plugin-transform-runtime": "7.15.8",
+    "@babel/preset-env": "7.15.8",
     "@babel/preset-react": "7.14.5",
     "@babel/preset-typescript": "7.15.0",
     "@babel/register": "7.15.3",
@@ -41,95 +41,79 @@
     "@changesets/changelog-github": "0.2.8",
     "@changesets/cli": "2.15.0",
     "@changesets/get-dependents-graph": "1.2.2",
-    "@crowdin/cli": "3.6.5",
+    "@crowdin/cli": "3.7.1",
+    "@trivago/prettier-plugin-sort-imports": "3.0.0",
     "@types/async": "3.2.7",
     "@types/autocannon": "4.1.1",
     "@types/autosuggest-highlight": "3.1.1",
-    "@types/express": "4.17.6",
+    "@types/express": "4.17.13",
     "@types/http-errors": "1.8.1",
-    "@types/jest": "27.0.1",
-    "@types/lodash": "4.14.172",
+    "@types/jest": "27.0.2",
+    "@types/lodash": "4.14.176",
     "@types/mime": "2.0.3",
     "@types/minimatch": "3.0.5",
     "@types/node": "14.6.0",
-    "@types/react": "17.0.19",
-    "@types/react-autosuggest": "10.1.5",
-    "@types/react-dom": "17.0.9",
-    "@types/react-helmet": "6.1.2",
-    "@types/react-router-dom": "5.1.8",
-    "@types/react-virtualized": "9.21.13",
     "@types/request": "2.48.7",
-    "@types/semver": "7.3.8",
+    "@types/semver": "7.3.9",
     "@types/supertest": "2.0.11",
     "@types/testing-library__jest-dom": "5.14.1",
-    "@types/validator": "13.6.3",
+    "@types/validator": "13.6.6",
     "@types/webpack": "5.28.0",
-    "@types/webpack-env": "1.16.2",
-    "@typescript-eslint/eslint-plugin": "4.30.0",
-    "@typescript-eslint/parser": "4.30.0",
+    "@types/webpack-env": "1.16.3",
+    "@typescript-eslint/eslint-plugin": "4.33.0",
+    "@typescript-eslint/parser": "4.33.0",
     "@verdaccio/benchmark": "workspace:*",
     "@verdaccio/eslint-config": "workspace:*",
     "@verdaccio/types": "workspace:*",
     "@verdaccio/ui-theme": "workspace:*",
-    "autocannon": "7.4.0",
+    "autocannon": "7.5.0",
     "babel-core": "7.0.0-bridge.0",
     "babel-eslint": "10.1.0",
-    "babel-jest": "27.1.0",
+    "babel-jest": "27.3.1",
     "babel-plugin-dynamic-import-node": "2.3.3",
     "babel-plugin-emotion": "10.2.2",
     "codecov": "3.8.3",
-    "concurrently": "6.2.1",
+    "concurrently": "6.3.0",
     "core-js": "3.17.2",
     "cross-env": "7.0.3",
     "debug": "4.3.2",
     "detect-secrets": "1.0.6",
     "eslint": "7.32.0",
-    "eslint-config-google": "0.14.0",
-    "eslint-config-prettier": "8.3.0",
-    "eslint-plugin-babel": "5.3.1",
-    "eslint-plugin-import": "2.24.2",
-    "eslint-plugin-jest": "24.4.0",
-    "eslint-plugin-jsx-a11y": "6.4.1",
-    "eslint-plugin-prettier": "4.0.0",
-    "eslint-plugin-react": "7.25.1",
-    "eslint-plugin-react-hooks": "4.2.0",
-    "eslint-plugin-simple-import-sort": "7.0.0",
-    "eslint-plugin-verdaccio": "10.0.0",
     "fs-extra": "10.0.0",
-    "husky": "4.3.5",
+    "husky": "7.0.4",
     "in-publish": "2.0.1",
-    "jest": "27.1.0",
-    "jest-environment-jsdom": "27.1.0",
+    "jest": "27.3.1",
+    "jest-environment-jsdom": "27.3.1",
     "jest-environment-jsdom-global": "3.0.0",
-    "jest-environment-node": "27.1.0",
-    "jest-fetch-mock": "3.0.3",
-    "jest-junit": "12.2.0",
+    "jest-environment-node": "27.3.1",
+    "jest-junit": "12.3.0",
     "kleur": "3.0.3",
     "lint-staged": "11.1.2",
     "nock": "12.0.3",
     "node-fetch": "3.0.0-beta.6-exportfix",
-    "nodemon": "2.0.12",
+    "nodemon": "2.0.14",
     "npm-run-all": "4.1.5",
     "prettier": "2.3.2",
     "rimraf": "3.0.2",
     "selfsigned": "1.10.11",
     "supertest": "6.1.6",
     "ts-node": "10.2.1",
-    "typescript": "4.4.2",
-    "update-ts-references": "2.4.0",
-    "verdaccio": "5.1.3",
+    "typescript": "4.4.4",
+    "update-ts-references": "2.4.1",
+    "verdaccio": "5.2.0",
     "verdaccio-audit": "workspace:*",
     "verdaccio-auth-memory": "workspace:*",
     "verdaccio-htpasswd": "workspace:*",
     "verdaccio-memory": "workspace:*"
   },
   "scripts": {
+    "husky:pre-commit": "lint-staged",
     "clean": "pnpm recursive run clean",
     "build": "pnpm recursive run build --filter=!@verdaccio/website",
     "docker": "docker build -t verdaccio/verdaccio:local . --no-cache",
     "format": "prettier --write \"**/*.{js,jsx,ts,tsx,json,yml,yaml,md}\"",
     "format:check": "prettier --check \"**/*.{js,jsx,ts,tsx,json,yml,yaml,md}\"",
-    "lint": "eslint  --max-warnings 60 \"**/*.{js,jsx,ts,tsx}\"",
+    "lint": "eslint  --max-warnings 46 \"**/*.{js,jsx,ts,tsx}\"",
     "test": "pnpm recursive test --filter ./packages",
     "test:e2e:cli": "pnpm test --filter ...@verdaccio/e2e-cli",
     "test:e2e:ui": "pnpm test --filter ...@verdaccio/e2e-ui",
@@ -139,11 +123,12 @@
     "benchmark:submit": "pnpm ts-node ./scripts/submit-metrics.ts",
     "start:watch": "concurrently --kill-others \"pnpm _build:watch\" \"pnpm _start:server\" \"pnpm _debug:reload\"",
     "_build:watch": "pnpm run --parallel watch --filter ./packages",
-    "_start:server": "node packages/verdaccio/debug/bootstrap.js --listen 8000",
+    "_start:server": "node --inspect packages/verdaccio/debug/bootstrap.js --listen 8000",
     "_start:web": "pnpm start --filter ...@verdaccio/ui-theme",
     "_debug:reload": "nodemon -d 3 packages/verdaccio/debug/bootstrap.js",
     "start:ts": "ts-node packages/verdaccio/src/start.ts -- --listen 8000",
     "debug": "node --trace-warnings --trace-uncaught --inspect packages/verdaccio/debug/bootstrap.js",
+    "debug:fastify": "node --trace-warnings --trace-uncaught --inspect packages/verdaccio/debug/bootstrap.js -- fastify-server",
     "debug:break": "node --trace-warnings --trace-uncaught --inspect-brk packages/verdaccio/debug/bootstrap.js",
     "changeset": "changeset",
     "changeset:check": "changeset status --since-master",
@@ -154,15 +139,11 @@
     "ts:ref": "update-ts-references --discardComments",
     "website": "pnpm build --filter ...@verdaccio/website",
     "crowdin:upload": "crowdin upload sources --auto-update --config ./crowdin.yaml",
-    "crowdin:download": "crowdin download --config ./crowdin.yaml",
-    "crowdin:sync": "pnpm crowdin:upload && pnpm crowdin:download --verbose"
+    "crowdin:download": "crowdin download --verbose --config ./crowdin.yaml",
+    "crowdin:sync": "pnpm crowdin:upload && pnpm crowdin:download --verbose",
+    "postinstall": "husky install"
   },
   "license": "MIT",
-  "husky": {
-    "hooks": {
-      "pre-commit": "lint-staged"
-    }
-  },
   "lint-staged": {
     "*.{js,jsx,ts,tsx,json,yml,yaml,md}": "prettier --write",
     "*.{js,jsx,ts,tsx}": "eslint --cache --fix"

packages/api/CHANGELOG.md

@@ -1,5 +1,73 @@
 # @verdaccio/api
 
+## 6.0.0-6-next.18
+
+### Patch Changes
+
+- Updated dependencies [f86c31ed]
+- Updated dependencies [20c9e43e]
+  - @verdaccio/store@6.0.0-6-next.16
+  - @verdaccio/utils@6.0.0-6-next.9
+  - @verdaccio/auth@6.0.0-6-next.15
+  - @verdaccio/config@6.0.0-6-next.11
+  - @verdaccio/tarball@11.0.0-6-next.10
+  - @verdaccio/middleware@6.0.0-6-next.15
+  - @verdaccio/hooks@6.0.0-6-next.9
+
+## 6.0.0-6-next.17
+
+### Patch Changes
+
+- Updated dependencies [6c1eb021]
+  - @verdaccio/core@6.0.0-6-next.3
+  - @verdaccio/logger@6.0.0-6-next.7
+  - @verdaccio/auth@6.0.0-6-next.14
+  - @verdaccio/config@6.0.0-6-next.10
+  - @verdaccio/tarball@11.0.0-6-next.9
+  - @verdaccio/hooks@6.0.0-6-next.9
+  - @verdaccio/middleware@6.0.0-6-next.14
+  - @verdaccio/store@6.0.0-6-next.15
+  - @verdaccio/utils@6.0.0-6-next.8
+
+## 6.0.0-6-next.16
+
+### Major Changes
+
+- 794af76c: Remove Node 12 support
+
+  - We need move to the new `undici` and does not support Node.js 12
+
+### Minor Changes
+
+- b702ea36: abort search request support for proxy
+- 154b2ecd: refactor: remove @verdaccio/commons-api in favor @verdaccio/core and remove duplications
+
+### Patch Changes
+
+- Updated dependencies [794af76c]
+- Updated dependencies [b702ea36]
+- Updated dependencies [154b2ecd]
+  - @verdaccio/auth@6.0.0-6-next.13
+  - @verdaccio/config@6.0.0-6-next.9
+  - @verdaccio/core@6.0.0-6-next.2
+  - @verdaccio/tarball@11.0.0-6-next.8
+  - @verdaccio/hooks@6.0.0-6-next.8
+  - @verdaccio/logger@6.0.0-6-next.6
+  - @verdaccio/middleware@6.0.0-6-next.13
+  - @verdaccio/store@6.0.0-6-next.14
+  - @verdaccio/utils@6.0.0-6-next.7
+
+## 6.0.0-6-next.15
+
+### Patch Changes
+
+- Updated dependencies [2c594910]
+  - @verdaccio/logger@6.0.0-6-next.5
+  - @verdaccio/auth@6.0.0-6-next.12
+  - @verdaccio/hooks@6.0.0-6-next.7
+  - @verdaccio/middleware@6.0.0-6-next.12
+  - @verdaccio/store@6.0.0-6-next.13
+
 ## 6.0.0-6-next.14
 
 ### Major Changes

packages/api/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/api",
-  "version": "6.0.0-6-next.14",
+  "version": "6.0.0-6-next.18",
   "description": "loaders logic",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -25,7 +25,7 @@
     "verdaccio"
   ],
   "engines": {
-    "node": ">=10",
+    "node": ">=14",
     "npm": ">=6"
   },
   "scripts": {
@@ -39,16 +39,16 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@verdaccio/auth": "workspace:6.0.0-6-next.11",
-    "@verdaccio/commons-api": "workspace:11.0.0-6-next.4",
-    "@verdaccio/config": "workspace:6.0.0-6-next.8",
-    "@verdaccio/core": "workspace:6.0.0-6-next.1",
-    "@verdaccio/hooks": "workspace:6.0.0-6-next.6",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.4",
-    "@verdaccio/middleware": "workspace:6.0.0-6-next.11",
-    "@verdaccio/store": "workspace:6.0.0-6-next.12",
-    "@verdaccio/tarball": "workspace:11.0.0-6-next.7",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.6",
+    "@verdaccio/auth": "workspace:6.0.0-6-next.15",
+    "@verdaccio/config": "workspace:6.0.0-6-next.11",
+    "@verdaccio/core": "workspace:6.0.0-6-next.3",
+    "@verdaccio/hooks": "workspace:6.0.0-6-next.9",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.7",
+    "@verdaccio/middleware": "workspace:6.0.0-6-next.15",
+    "@verdaccio/store": "workspace:6.0.0-6-next.16",
+    "@verdaccio/tarball": "workspace:11.0.0-6-next.10",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.9",
+    "abortcontroller-polyfill": "1.7.3",
     "cookies": "0.8.0",
     "debug": "4.3.2",
     "express": "4.17.1",
@@ -57,8 +57,10 @@
     "semver": "7.3.5"
   },
   "devDependencies": {
-    "@verdaccio/server": "workspace:6.0.0-6-next.19",
-    "@verdaccio/types": "workspace:11.0.0-6-next.8",
+    "@types/node": "16.11.6",
+    "@verdaccio/server": "workspace:6.0.0-6-next.23",
+    "@verdaccio/types": "workspace:11.0.0-6-next.9",
+    "@verdaccio/helper": "1.0.0",
     "body-parser": "1.19.0",
     "lodash": "4.17.21",
     "supertest": "6.1.6"

packages/api/src/dist-tags.ts

@@ -1,12 +1,13 @@
-import mime from 'mime';
-import _ from 'lodash';
 import { Router } from 'express';
+import _ from 'lodash';
+import mime from 'mime';
 
-import { media, allow } from '@verdaccio/middleware';
-import { API_MESSAGE, HTTP_STATUS, DIST_TAGS, VerdaccioError } from '@verdaccio/commons-api';
-import { Package } from '@verdaccio/types';
-import { Storage } from '@verdaccio/store';
 import { IAuth } from '@verdaccio/auth';
+import { VerdaccioError, constants } from '@verdaccio/core';
+import { allow, media } from '@verdaccio/middleware';
+import { Storage } from '@verdaccio/store';
+import { Package } from '@verdaccio/types';
+
 import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types/custom';
 
 export default function (route: Router, auth: IAuth, storage: Storage): void {
@@ -26,8 +27,8 @@ export default function (route: Router, auth: IAuth, storage: Storage): void {
       if (err) {
         return next(err);
       }
-      res.status(HTTP_STATUS.CREATED);
-      return next({ ok: API_MESSAGE.TAG_ADDED });
+      res.status(constants.HTTP_STATUS.CREATED);
+      return next({ ok: constants.API_MESSAGE.TAG_ADDED });
     });
   };
 
@@ -58,9 +59,9 @@ export default function (route: Router, auth: IAuth, storage: Storage): void {
         if (err) {
           return next(err);
         }
-        res.status(HTTP_STATUS.CREATED);
+        res.status(constants.HTTP_STATUS.CREATED);
         return next({
-          ok: API_MESSAGE.TAG_REMOVED,
+          ok: constants.API_MESSAGE.TAG_REMOVED,
         });
       });
     }
@@ -79,7 +80,7 @@ export default function (route: Router, auth: IAuth, storage: Storage): void {
             return next(err);
           }
 
-          next(info[DIST_TAGS]);
+          next(info[constants.DIST_TAGS]);
         },
       });
     }
@@ -96,9 +97,9 @@ export default function (route: Router, auth: IAuth, storage: Storage): void {
           if (err) {
             return next(err);
           }
-          res.status(HTTP_STATUS.CREATED);
+          res.status(constants.HTTP_STATUS.CREATED);
           return next({
-            ok: API_MESSAGE.TAG_UPDATED,
+            ok: constants.API_MESSAGE.TAG_UPDATED,
           });
         }
       );

packages/api/src/index.ts

@@ -1,27 +1,33 @@
+import bodyParser from 'body-parser';
 import express, { Router } from 'express';
+import semver from 'semver';
+
+import { IAuth } from '@verdaccio/auth';
 import {
+  antiLoop,
+  encodeScopePackage,
   match,
   validateName,
   validatePackage,
-  encodeScopePackage,
-  antiLoop,
 } from '@verdaccio/middleware';
-import { IAuth } from '@verdaccio/auth';
 import { Storage } from '@verdaccio/store';
 import { Config } from '@verdaccio/types';
-import bodyParser from 'body-parser';
 
-import whoami from './whoami';
-import ping from './ping';
-import user from './user';
 import distTags from './dist-tags';
+import pkg from './package';
+import ping from './ping';
 import publish from './publish';
 import search from './search';
-import pkg from './package';
 import stars from './stars';
+import user from './user';
 import profile from './v1/profile';
-import token from './v1/token';
 import v1Search from './v1/search';
+import token from './v1/token';
+import whoami from './whoami';
+
+if (semver.lte(process.version, 'v15.0.0')) {
+  global.AbortController = require('abortcontroller-polyfill/dist/cjs-ponyfill').AbortController;
+}
 
 export default function (config: Config, auth: IAuth, storage: Storage): Router {
   /* eslint new-cap:off */

packages/api/src/package.ts

@@ -1,15 +1,16 @@
-import _ from 'lodash';
-import { Router } from 'express';
 import buildDebug from 'debug';
+import { Router } from 'express';
+import _ from 'lodash';
 
-import { allow } from '@verdaccio/middleware';
-import { getVersion, ErrorCode } from '@verdaccio/utils';
-import { HEADERS, DIST_TAGS, API_ERROR } from '@verdaccio/commons-api';
-import { Config, Package } from '@verdaccio/types';
 import { IAuth } from '@verdaccio/auth';
+import { API_ERROR, DIST_TAGS, HEADERS, errorUtils } from '@verdaccio/core';
+import { allow } from '@verdaccio/middleware';
 import { Storage } from '@verdaccio/store';
 import { convertDistRemoteToLocalTarballUrls } from '@verdaccio/tarball';
-import { $RequestExtend, $ResponseExtend, $NextFunctionVer } from '../types/custom';
+import { Config, Package } from '@verdaccio/types';
+import { getVersion } from '@verdaccio/utils';
+
+import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types/custom';
 
 const debug = buildDebug('verdaccio:api:package');
 
@@ -40,7 +41,7 @@ export default function (route: Router, auth: IAuth, storage: Storage, config: C
   route.get(
     '/:package/:version?',
     can('access'),
-    function (req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer): void {
+    function (req: $RequestExtend, _res: $ResponseExtend, next: $NextFunctionVer): void {
       debug('init package by version');
       const name = req.params.package;
       const getPackageMetaCallback = function (err, metadata: Package): void {
@@ -49,7 +50,11 @@ export default function (route: Router, auth: IAuth, storage: Storage, config: C
           return next(err);
         }
         debug('convert dist remote to local with prefix %o', config?.url_prefix);
-        metadata = convertDistRemoteToLocalTarballUrls(metadata, req, config?.url_prefix);
+        metadata = convertDistRemoteToLocalTarballUrls(
+          metadata,
+          { protocol: req.protocol, headers: req.headers as any, host: req.host },
+          config?.url_prefix
+        );
 
         let queryVersion = req.params.version;
         debug('query by param version: %o', queryVersion);
@@ -80,7 +85,7 @@ export default function (route: Router, auth: IAuth, storage: Storage, config: C
         }
 
         debug('package version not found %o', queryVersion);
-        return next(ErrorCode.getNotFound(`${API_ERROR.VERSION_NOT_EXIST}: ${queryVersion}`));
+        return next(errorUtils.getNotFound(`${API_ERROR.VERSION_NOT_EXIST}: ${queryVersion}`));
       };
 
       debug('get package name %o', name);

packages/api/src/ping.ts

@@ -1,5 +1,6 @@
 import { Router } from 'express';
-import { $RequestExtend, $ResponseExtend, $NextFunctionVer } from '../types/custom';
+
+import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types/custom';
 
 export default function (route: Router): void {
   route.get(

packages/api/src/publish.ts

@@ -1,19 +1,26 @@
-import Path from 'path';
+import buildDebug from 'debug';
+import { Router } from 'express';
 import _ from 'lodash';
 import mime from 'mime';
-import { Router } from 'express';
-import buildDebug from 'debug';
+import Path from 'path';
 
-import { API_MESSAGE, HEADERS, DIST_TAGS, API_ERROR, HTTP_STATUS } from '@verdaccio/commons-api';
-import { validateMetadata, isObject, ErrorCode, hasDiffOneKey } from '@verdaccio/utils';
-import { media, expectJson, allow } from '@verdaccio/middleware';
-import { notify } from '@verdaccio/hooks';
-import { Config, Callback, MergeTags, Version, Package, CallbackAction } from '@verdaccio/types';
-import { logger } from '@verdaccio/logger';
 import { IAuth } from '@verdaccio/auth';
+import {
+  API_ERROR,
+  API_MESSAGE,
+  DIST_TAGS,
+  HEADERS,
+  HTTP_STATUS,
+  errorUtils,
+} from '@verdaccio/core';
+import { notify } from '@verdaccio/hooks';
+import { logger } from '@verdaccio/logger';
+import { allow, expectJson, media } from '@verdaccio/middleware';
 import { Storage } from '@verdaccio/store';
-import { $RequestExtend, $ResponseExtend, $NextFunctionVer } from '../types/custom';
+import { Callback, CallbackAction, Config, MergeTags, Package, Version } from '@verdaccio/types';
+import { hasDiffOneKey, isObject, validateMetadata } from '@verdaccio/utils';
 
+import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types/custom';
 import star from './star';
 import { isPublishablePackage, isRelatedToDeprecation } from './utils';
 
@@ -224,7 +231,7 @@ export function publishPackage(storage: Storage, config: Config, auth: IAuth): a
         // if this happens in normal circumstances, report it as a bug
         debug('invalid body format');
         logger.info({ packageName }, `wrong package format on publish a package @{packageName}`);
-        return next(ErrorCode.getBadRequest(API_ERROR.UNSUPORTED_REGISTRY_CALL));
+        return next(errorUtils.getBadRequest(API_ERROR.UNSUPORTED_REGISTRY_CALL));
       }
 
       if (error && error.status !== HTTP_STATUS.CONFLICT) {
@@ -322,7 +329,7 @@ export function publishPackage(storage: Storage, config: Config, auth: IAuth): a
     } catch (error: any) {
       debug('error on publish, bad package format %o', packageName);
       logger.error({ packageName }, 'error on publish, bad package data for @{packageName}');
-      return next(ErrorCode.getBadData(API_ERROR.BAD_PACKAGE_DATA));
+      return next(errorUtils.getBadData(API_ERROR.BAD_PACKAGE_DATA));
     }
   };
 }

packages/api/src/search.ts

@@ -1,4 +1,4 @@
-import { HTTP_STATUS } from '@verdaccio/commons-api';
+import { HTTP_STATUS } from '@verdaccio/core';
 import { logger } from '@verdaccio/logger';
 
 export default function (route): void {

packages/api/src/star.ts

@@ -1,10 +1,11 @@
-import { USERS, HTTP_STATUS } from '@verdaccio/commons-api';
+import buildDebug from 'debug';
 import { Response } from 'express';
 import _ from 'lodash';
-import buildDebug from 'debug';
 
+import { HTTP_STATUS, USERS } from '@verdaccio/core';
 import { Storage } from '@verdaccio/store';
-import { $RequestExtend, $NextFunctionVer } from '../types/custom';
+
+import { $NextFunctionVer, $RequestExtend } from '../types/custom';
 
 const debug = buildDebug('verdaccio:api:publish:star');
 

packages/api/src/stars.ts

@@ -1,11 +1,11 @@
-import _ from 'lodash';
 import { Response, Router } from 'express';
+import _ from 'lodash';
 
-import { USERS, HTTP_STATUS } from '@verdaccio/commons-api';
+import { HTTP_STATUS, USERS } from '@verdaccio/core';
+import { Storage } from '@verdaccio/store';
 import { Package } from '@verdaccio/types';
 
-import { Storage } from '@verdaccio/store';
-import { $RequestExtend, $NextFunctionVer } from '../types/custom';
+import { $NextFunctionVer, $RequestExtend } from '../types/custom';
 
 type Packages = Package[];
 

packages/api/src/user.ts

@@ -1,16 +1,16 @@
-import _ from 'lodash';
-import { Response, Router } from 'express';
 import buildDebug from 'debug';
+import { Response, Router } from 'express';
+import _ from 'lodash';
 
-import { getAuthenticatedMessage, validatePassword, ErrorCode } from '@verdaccio/utils';
 import { getApiToken } from '@verdaccio/auth';
-import { logger } from '@verdaccio/logger';
-import { createRemoteUser } from '@verdaccio/config';
-
-import { Config, RemoteUser } from '@verdaccio/types';
 import { IAuth } from '@verdaccio/auth';
-import { API_ERROR, API_MESSAGE, HTTP_STATUS } from '@verdaccio/commons-api';
-import { $RequestExtend, $NextFunctionVer } from '../types/custom';
+import { createRemoteUser } from '@verdaccio/config';
+import { API_ERROR, API_MESSAGE, HTTP_STATUS, errorUtils } from '@verdaccio/core';
+import { logger } from '@verdaccio/logger';
+import { Config, RemoteUser } from '@verdaccio/types';
+import { getAuthenticatedMessage, validatePassword } from '@verdaccio/utils';
+
+import { $NextFunctionVer, $RequestExtend } from '../types/custom';
 
 const debug = buildDebug('verdaccio:api:user');
 
@@ -47,7 +47,7 @@ export default function (route: Router, auth: IAuth, config: Config): void {
                 'authenticating for user @{username} failed. Error: @{err.message}'
               );
               return next(
-                ErrorCode.getCode(HTTP_STATUS.UNAUTHORIZED, API_ERROR.BAD_USERNAME_PASSWORD)
+                errorUtils.getCode(HTTP_STATUS.UNAUTHORIZED, API_ERROR.BAD_USERNAME_PASSWORD)
               );
             }
 
@@ -55,7 +55,7 @@ export default function (route: Router, auth: IAuth, config: Config): void {
             const token = await getApiToken(auth, config, restoredRemoteUser, password);
             debug('login: new token');
             if (!token) {
-              return next(ErrorCode.getUnauthorized());
+              return next(errorUtils.getUnauthorized());
             }
 
             res.status(HTTP_STATUS.CREATED);
@@ -73,7 +73,7 @@ export default function (route: Router, auth: IAuth, config: Config): void {
         if (validatePassword(password) === false) {
           debug('adduser: invalid password');
           // eslint-disable-next-line new-cap
-          return next(ErrorCode.getCode(HTTP_STATUS.BAD_REQUEST, API_ERROR.PASSWORD_SHORT()));
+          return next(errorUtils.getCode(HTTP_STATUS.BAD_REQUEST, API_ERROR.PASSWORD_SHORT()));
         }
 
         auth.add_user(name, password, async function (err, user): Promise<void> {
@@ -84,7 +84,7 @@ export default function (route: Router, auth: IAuth, config: Config): void {
               // and npm accepts only an 409 error.
               // So, changing status code here.
               return next(
-                ErrorCode.getCode(err.status, err.message) || ErrorCode.getConflict(err.message)
+                errorUtils.getCode(err.status, err.message) || errorUtils.getConflict(err.message)
               );
             }
             return next(err);
@@ -94,7 +94,7 @@ export default function (route: Router, auth: IAuth, config: Config): void {
             name && password ? await getApiToken(auth, config, user, password) : undefined;
           debug('adduser: new token %o', token);
           if (!token) {
-            return next(ErrorCode.getUnauthorized());
+            return next(errorUtils.getUnauthorized());
           }
 
           req.remote_user = user;

packages/api/src/utils.ts

@@ -1,6 +1,7 @@
-import { Package } from '@verdaccio/types';
 import _ from 'lodash';
 
+import { Package } from '@verdaccio/types';
+
 /**
  * Check whether the package metadta has enough data to be published
  * @param pkg metadata

packages/api/src/v1/profile.ts

@@ -1,10 +1,11 @@
-import _ from 'lodash';
 import { Response, Router } from 'express';
+import _ from 'lodash';
 
-import { API_ERROR, APP_ERROR, HTTP_STATUS, SUPPORT_ERRORS } from '@verdaccio/commons-api';
-import { ErrorCode, validatePassword } from '@verdaccio/utils';
 import { IAuth } from '@verdaccio/auth';
-import { $RequestExtend, $NextFunctionVer } from '../../types/custom';
+import { API_ERROR, APP_ERROR, HTTP_STATUS, SUPPORT_ERRORS, errorUtils } from '@verdaccio/core';
+import { validatePassword } from '@verdaccio/utils';
+
+import { $NextFunctionVer, $RequestExtend } from '../../types/custom';
 
 export interface Profile {
   tfa: boolean;
@@ -61,7 +62,7 @@ export default function (route: Router, auth: IAuth): void {
       if (_.isNil(password) === false) {
         if (validatePassword(password.new) === false) {
           /* eslint new-cap:off */
-          return next(ErrorCode.getCode(HTTP_STATUS.UNAUTHORIZED, API_ERROR.PASSWORD_SHORT()));
+          return next(errorUtils.getCode(HTTP_STATUS.UNAUTHORIZED, API_ERROR.PASSWORD_SHORT()));
           /* eslint new-cap:off */
         }
 
@@ -72,22 +73,22 @@ export default function (route: Router, auth: IAuth): void {
           (err, isUpdated): $NextFunctionVer => {
             if (_.isNull(err) === false) {
               return next(
-                ErrorCode.getCode(err.status, err.message) || ErrorCode.getConflict(err.message)
+                errorUtils.getCode(err.status, err.message) || errorUtils.getConflict(err.message)
               );
             }
 
             if (isUpdated) {
               return next(buildProfile(req.remote_user.name));
             }
-            return next(ErrorCode.getInternalError(API_ERROR.INTERNAL_SERVER_ERROR));
+            return next(errorUtils.getInternalError(API_ERROR.INTERNAL_SERVER_ERROR));
           }
         );
       } else if (_.isNil(tfa) === false) {
         return next(
-          ErrorCode.getCode(HTTP_STATUS.SERVICE_UNAVAILABLE, SUPPORT_ERRORS.TFA_DISABLED)
+          errorUtils.getCode(HTTP_STATUS.SERVICE_UNAVAILABLE, SUPPORT_ERRORS.TFA_DISABLED)
         );
       } else {
-        return next(ErrorCode.getCode(HTTP_STATUS.INTERNAL_ERROR, APP_ERROR.PROFILE_ERROR));
+        return next(errorUtils.getCode(HTTP_STATUS.INTERNAL_ERROR, APP_ERROR.PROFILE_ERROR));
       }
     }
   );

packages/api/src/v1/search.ts

@@ -1,124 +1,14 @@
-import { Transform, pipeline, PassThrough } from 'stream';
-import _ from 'lodash';
 import buildDebug from 'debug';
-import { Package } from '@verdaccio/types';
-import { logger } from '@verdaccio/logger';
+import _ from 'lodash';
+
 import { IAuth } from '@verdaccio/auth';
-import { searchUtils } from '@verdaccio/core';
-import { HTTP_STATUS, getInternalError } from '@verdaccio/commons-api';
+import { HTTP_STATUS, searchUtils } from '@verdaccio/core';
+import { logger } from '@verdaccio/logger';
 import { Storage } from '@verdaccio/store';
+import { Package } from '@verdaccio/types';
 
 const debug = buildDebug('verdaccio:api:search');
 
-type SearchResults = {
-  objects: searchUtils.SearchItemPkg[];
-  total: number;
-  time: string;
-};
-
-// const personMatch = (person, search) => {
-//   if (typeof person === 'string') {
-//     return person.includes(search);
-//   }
-
-//   if (typeof person === 'object') {
-//     for (const field of Object.values(person)) {
-//       if (typeof field === 'string' && field.includes(search)) {
-//         return true;
-//       }
-//     }
-//   }
-
-//   return false;
-// };
-
-// const matcher = function (query) {
-//   const match = query.match(/author:(.*)/);
-//   if (match !== null) {
-//     return function (pkg) {
-//       return personMatch(pkg.author, match[1]);
-//     };
-//   }
-
-//   // TODO: maintainer, keywords, boost-exact
-//   // TODO implement some scoring system for freetext
-//   return (pkg) => {
-//     return ['name', 'displayName', 'description']
-//       .map((k) => {
-//         return pkg[k];
-//       })
-//       .filter((x) => {
-//         return x !== undefined;
-//       })
-//       .some((txt) => {
-//         return txt.includes(query);
-//       });
-//   };
-// };
-
-function removeDuplicates(results) {
-  const pkgNames: any[] = [];
-  return results.filter((pkg) => {
-    if (pkgNames.includes(pkg?.package?.name)) {
-      return false;
-    }
-    pkgNames.push(pkg?.package?.name);
-    return true;
-  });
-}
-
-function checkAccess(pkg: any, auth: any, remoteUser): Promise<Package | null> {
-  return new Promise((resolve, reject) => {
-    auth.allow_access({ packageName: pkg?.package?.name }, remoteUser, function (err, allowed) {
-      if (err) {
-        if (err.status && String(err.status).match(/^4\d\d$/)) {
-          // auth plugin returns 4xx user error,
-          // that's equivalent of !allowed basically
-          allowed = false;
-          return resolve(null);
-        } else {
-          reject(err);
-        }
-      } else {
-        return resolve(allowed ? pkg : null);
-      }
-    });
-  });
-}
-
-class TransFormResults extends Transform {
-  public constructor(options) {
-    super(options);
-  }
-
-  /**
-   * Transform either array of packages or a single package into a stream of packages.
-   * From uplinks the chunks are array but from local packages are objects.
-   * @param {string} chunk
-   * @param {string} encoding
-   * @param {function} done
-   * @returns {void}
-   * @override
-   */
-  public _transform(chunk, _encoding, callback) {
-    if (_.isArray(chunk)) {
-      (chunk as searchUtils.SearchItem[])
-        .filter((pkgItem) => {
-          debug(`streaming remote pkg name ${pkgItem?.package?.name}`);
-          return true;
-        })
-        .forEach((pkgItem) => {
-          this.push(pkgItem);
-        });
-      return callback();
-    } else {
-      debug(`streaming local pkg name ${chunk?.package?.name}`);
-      this.push(chunk);
-      return callback();
-    }
-  }
-}
-
 /**
  * Endpoint for npm search v1
  * Empty value
@@ -126,37 +16,47 @@ class TransFormResults extends Transform {
  * req: 'GET /-/v1/search?text=react&size=20&frpom=0&quality=0.65&popularity=0.98&maintenance=0.5'
  */
 export default function (route, auth: IAuth, storage: Storage): void {
+  function checkAccess(pkg: any, auth: any, remoteUser): Promise<Package | null> {
+    return new Promise((resolve, reject) => {
+      auth.allow_access({ packageName: pkg?.package?.name }, remoteUser, function (err, allowed) {
+        if (err) {
+          if (err.status && String(err.status).match(/^4\d\d$/)) {
+            // auth plugin returns 4xx user error,
+            // that's equivalent of !allowed basically
+            allowed = false;
+            return resolve(null);
+          } else {
+            reject(err);
+          }
+        } else {
+          return resolve(allowed ? pkg : null);
+        }
+      });
+    });
+  }
+
   route.get('/-/v1/search', async (req, res, next) => {
-    let [size, from] = ['size', 'from'].map((k) => req.query[k]);
+    const { query, url } = req;
+    let [size, from] = ['size', 'from'].map((k) => query[k]);
+    let data;
+    const abort = new AbortController();
+
+    req.on('aborted', () => {
+      abort.abort();
+    });
 
     size = parseInt(size, 10) || 20;
     from = parseInt(from, 10) || 0;
-    const data: any[] = [];
-    const transformResults = new TransFormResults({ objectMode: true });
 
-    const streamPassThrough = new PassThrough({ objectMode: true });
-    storage.searchManager?.search(streamPassThrough, {
-      query: req.query,
-      url: req.url,
-    });
-
-    const outPutStream = new PassThrough({ objectMode: true });
-    pipeline(streamPassThrough, transformResults, outPutStream, (err) => {
-      if (err) {
-        next(getInternalError(err ? err.message : 'unknown error'));
-      } else {
-        debug('Pipeline succeeded.');
-      }
-    });
-
-    outPutStream.on('data', (chunk) => {
-      data.push(chunk);
-    });
-
-    outPutStream.on('finish', async () => {
+    try {
+      data = await storage.searchManager?.search({
+        query,
+        url,
+        abort,
+      });
       debug('stream finish');
       const checkAccessPromises: searchUtils.SearchItemPkg[] = await Promise.all(
-        removeDuplicates(data).map((pkgItem) => {
+        data.map((pkgItem) => {
           return checkAccess(pkgItem, auth, req.remote_user);
         })
       );
@@ -166,13 +66,17 @@ export default function (route, auth: IAuth, storage: Storage): void {
         .slice(from, size);
       logger.debug(`search results ${final?.length}`);
 
-      const response: SearchResults = {
+      const response: searchUtils.SearchResults = {
         objects: final,
         total: final.length,
         time: new Date().toUTCString(),
       };
 
       res.status(HTTP_STATUS.OK).json(response);
-    });
+    } catch (error) {
+      logger.error({ error }, 'search endpoint has failed @{error.message}');
+      next(next);
+      return;
+    }
   });
 }

packages/api/src/v1/token.ts

@@ -1,14 +1,15 @@
-import _ from 'lodash';
-import { HTTP_STATUS, SUPPORT_ERRORS, getInternalError } from '@verdaccio/commons-api';
-import { ErrorCode, stringToMD5, mask } from '@verdaccio/utils';
-import { getApiToken } from '@verdaccio/auth';
-import { logger } from '@verdaccio/logger';
 import { Response, Router } from 'express';
+import _ from 'lodash';
 
-import { Config, RemoteUser, Token } from '@verdaccio/types';
+import { getApiToken } from '@verdaccio/auth';
 import { IAuth } from '@verdaccio/auth';
+import { HTTP_STATUS, SUPPORT_ERRORS, errorUtils } from '@verdaccio/core';
+import { logger } from '@verdaccio/logger';
 import { Storage } from '@verdaccio/store';
-import { $RequestExtend, $NextFunctionVer } from '../../types/custom';
+import { Config, RemoteUser, Token } from '@verdaccio/types';
+import { mask, stringToMD5 } from '@verdaccio/utils';
+
+import { $NextFunctionVer, $RequestExtend } from '../../types/custom';
 
 export type NormalizeToken = Token & {
   created: string;
@@ -43,10 +44,10 @@ export default function (route: Router, auth: IAuth, storage: Storage, config: C
           });
         } catch (error: any) {
           logger.error({ error: error.msg }, 'token list has failed: @{error}');
-          return next(ErrorCode.getCode(HTTP_STATUS.INTERNAL_ERROR, error.message));
+          return next(errorUtils.getCode(HTTP_STATUS.INTERNAL_ERROR, error.message));
         }
       }
-      return next(ErrorCode.getUnauthorized());
+      return next(errorUtils.getUnauthorized());
     }
   );
 
@@ -57,27 +58,27 @@ export default function (route: Router, auth: IAuth, storage: Storage, config: C
       const { name } = req.remote_user;
 
       if (!_.isBoolean(readonly) || !_.isArray(cidr_whitelist)) {
-        return next(ErrorCode.getCode(HTTP_STATUS.BAD_DATA, SUPPORT_ERRORS.PARAMETERS_NOT_VALID));
+        return next(errorUtils.getCode(HTTP_STATUS.BAD_DATA, SUPPORT_ERRORS.PARAMETERS_NOT_VALID));
       }
 
       auth.authenticate(name, password, async (err, user: RemoteUser) => {
         if (err) {
           const errorCode = err.message ? HTTP_STATUS.UNAUTHORIZED : HTTP_STATUS.INTERNAL_ERROR;
-          return next(ErrorCode.getCode(errorCode, err.message));
+          return next(errorUtils.getCode(errorCode, err.message));
         }
 
         req.remote_user = user;
 
         if (!_.isFunction(storage.saveToken)) {
           return next(
-            ErrorCode.getCode(HTTP_STATUS.NOT_IMPLEMENTED, SUPPORT_ERRORS.STORAGE_NOT_IMPLEMENT)
+            errorUtils.getCode(HTTP_STATUS.NOT_IMPLEMENTED, SUPPORT_ERRORS.STORAGE_NOT_IMPLEMENT)
           );
         }
 
         try {
           const token = await getApiToken(auth, config, user, password);
           if (!token) {
-            throw getInternalError();
+            throw errorUtils.getInternalError();
           }
 
           const key = stringToMD5(token);
@@ -113,7 +114,7 @@ export default function (route: Router, auth: IAuth, storage: Storage, config: C
           );
         } catch (error: any) {
           logger.error({ error: error.msg }, 'token creation has failed: @{error}');
-          return next(ErrorCode.getCode(HTTP_STATUS.INTERNAL_ERROR, error.message));
+          return next(errorUtils.getInternalError(error.message));
         }
       });
     }
@@ -135,10 +136,10 @@ export default function (route: Router, auth: IAuth, storage: Storage, config: C
           return next({});
         } catch (error: any) {
           logger.error({ error: error.msg }, 'token creation has failed: @{error}');
-          return next(ErrorCode.getCode(HTTP_STATUS.INTERNAL_ERROR, error.message));
+          return next(errorUtils.getCode(HTTP_STATUS.INTERNAL_ERROR, error.message));
         }
       }
-      return next(ErrorCode.getUnauthorized());
+      return next(errorUtils.getUnauthorized());
     }
   );
 }

packages/api/src/whoami.ts

@@ -1,7 +1,7 @@
-import { Response, Router } from 'express';
 import buildDebug from 'debug';
-import { $RequestExtend, $NextFunctionVer } from '../types/custom';
-// import { getUnauthorized } from '@verdaccio/commons-api';
+import { Response, Router } from 'express';
+
+import { $NextFunctionVer, $RequestExtend } from '../types/custom';
 
 const debug = buildDebug('verdaccio:api:user');
 

packages/api/test/integration/_helper.ts

@@ -1,13 +1,15 @@
-import path from 'path';
-import express, { Application } from 'express';
-import supertest from 'supertest';
 import bodyParser from 'body-parser';
+import express, { Application } from 'express';
+import path from 'path';
+import supertest from 'supertest';
 
-import { Config, parseConfigFile } from '@verdaccio/config';
-import { Storage } from '@verdaccio/store';
-import { final, handleError, errorReportingMiddleware } from '@verdaccio/middleware';
 import { Auth, IAuth } from '@verdaccio/auth';
-import { HEADERS, HEADER_TYPE, HTTP_STATUS, generatePackageMetadata } from '@verdaccio/commons-api';
+import { Config, parseConfigFile } from '@verdaccio/config';
+import { HEADERS, HEADER_TYPE, HTTP_STATUS } from '@verdaccio/core';
+import { generatePackageMetadata } from '@verdaccio/helper';
+import { errorReportingMiddleware, final, handleError } from '@verdaccio/middleware';
+import { Storage } from '@verdaccio/store';
+
 import apiEndpoints from '../../src';
 
 const getConf = (conf) => {

packages/api/test/integration/package.spec.ts

@@ -1,7 +1,8 @@
 import supertest from 'supertest';
 
-import { HEADER_TYPE, HEADERS, HTTP_STATUS } from '@verdaccio/commons-api';
-import { $ResponseExtend, $RequestExtend } from '../../types/custom';
+import { HEADERS, HEADER_TYPE, HTTP_STATUS } from '@verdaccio/core';
+
+import { $RequestExtend, $ResponseExtend } from '../../types/custom';
 import { initializeServer, publishTaggedVersion, publishVersion } from './_helper';
 
 const mockApiJWTmiddleware = jest.fn(

packages/api/test/integration/ping.spec.ts

@@ -1,6 +1,7 @@
 import supertest from 'supertest';
 
-import { HEADER_TYPE, HEADERS, HTTP_STATUS } from '@verdaccio/commons-api';
+import { HEADERS, HEADER_TYPE, HTTP_STATUS } from '@verdaccio/core';
+
 import { initializeServer } from './_helper';
 
 describe('ping', () => {

packages/api/test/integration/publish.spec.ts

@@ -1,13 +1,10 @@
-import { HTTP_STATUS } from '@verdaccio/commons-api';
 import supertest from 'supertest';
-import {
-  API_ERROR,
-  API_MESSAGE,
-  generatePackageMetadata,
-  HEADER_TYPE,
-  HEADERS,
-} from '@verdaccio/commons-api';
-import { $ResponseExtend, $RequestExtend } from '../../types/custom';
+
+import { HTTP_STATUS } from '@verdaccio/core';
+import { API_ERROR, API_MESSAGE, HEADERS, HEADER_TYPE } from '@verdaccio/core';
+import { generatePackageMetadata } from '@verdaccio/helper';
+
+import { $RequestExtend, $ResponseExtend } from '../../types/custom';
 import { initializeServer, publishVersion } from './_helper';
 
 const mockApiJWTmiddleware = jest.fn(

packages/api/test/integration/user.spec.ts

@@ -1,16 +1,14 @@
-import supertest from 'supertest';
 import _ from 'lodash';
+import supertest from 'supertest';
 
 import {
-  getBadRequest,
-  getConflict,
-  getUnauthorized,
+  API_ERROR,
+  API_MESSAGE,
   HEADERS,
   HEADER_TYPE,
-  API_MESSAGE,
   HTTP_STATUS,
-  API_ERROR,
-} from '@verdaccio/commons-api';
+  errorUtils,
+} from '@verdaccio/core';
 
 import { $RequestExtend, $ResponseExtend } from '../../types/custom';
 import { initializeServer } from './_helper';
@@ -28,7 +26,7 @@ const mockAuthenticate = jest.fn(() => (_name, _password, callback): void => {
 });
 
 const mockAddUser = jest.fn(() => (_name, _password, callback): void => {
-  return callback(getConflict(API_ERROR.USERNAME_ALREADY_REGISTERED));
+  return callback(errorUtils.getConflict(API_ERROR.USERNAME_ALREADY_REGISTERED));
 });
 
 jest.mock('@verdaccio/auth', () => ({
@@ -143,7 +141,7 @@ describe('user', () => {
         }
     );
     mockAddUser.mockImplementationOnce(() => (_name, _password, callback): void => {
-      return callback(getBadRequest(API_ERROR.USERNAME_PASSWORD_REQUIRED));
+      return callback(errorUtils.getBadRequest(API_ERROR.USERNAME_PASSWORD_REQUIRED));
     });
     const credentialsShort = _.cloneDeep(credentials);
     delete credentialsShort.name;
@@ -208,7 +206,7 @@ describe('user', () => {
         }
     );
     mockAuthenticate.mockImplementationOnce(() => (_name, _password, callback): void => {
-      return callback(getUnauthorized(API_ERROR.BAD_USERNAME_PASSWORD));
+      return callback(errorUtils.getUnauthorized(API_ERROR.BAD_USERNAME_PASSWORD));
     });
     const credentialsShort = _.cloneDeep(credentials);
     credentialsShort.password = 'failPassword';
@@ -240,7 +238,7 @@ describe('user', () => {
         }
     );
     mockAuthenticate.mockImplementationOnce(() => (_name, _password, callback): void => {
-      return callback(getUnauthorized(API_ERROR.BAD_USERNAME_PASSWORD));
+      return callback(errorUtils.getUnauthorized(API_ERROR.BAD_USERNAME_PASSWORD));
     });
     const credentialsShort = _.cloneDeep(credentials);
     credentialsShort.password = 'failPassword';

packages/api/test/integration/whoami.spec.ts

@@ -1,6 +1,6 @@
 import supertest from 'supertest';
 
-import { HEADERS, HTTP_STATUS } from '@verdaccio/commons-api';
+import { HEADERS, HTTP_STATUS } from '@verdaccio/core';
 
 import { $RequestExtend, $ResponseExtend } from '../../types/custom';
 import { initializeServer } from './_helper';

packages/api/test/unit/publish.spec.ts

@@ -1,11 +1,11 @@
-import { HTTP_STATUS, API_ERROR } from '@verdaccio/commons-api';
-import { ErrorCode } from '@verdaccio/utils';
+import { API_ERROR, HTTP_STATUS, errorUtils } from '@verdaccio/core';
+
 import {
   addVersion,
-  uploadPackageTarball,
+  publishPackage,
   removeTarball,
   unPublishPackage,
-  publishPackage,
+  uploadPackageTarball,
 } from '../../src/publish';
 
 const REVISION_MOCK = '15-e53a77096b0ee33e';
@@ -202,13 +202,13 @@ describe('Publish endpoints - un-publish package', () => {
     const storage = {
       removePackage(packageName) {
         expect(packageName).toEqual(req.params.package);
-        return Promise.reject(ErrorCode.getInternalError());
+        return Promise.reject(errorUtils.getInternalError());
       },
     };
 
     // @ts-ignore
     await unPublishPackage(storage)(req, res, next);
-    expect(next).toHaveBeenCalledWith(ErrorCode.getInternalError());
+    expect(next).toHaveBeenCalledWith(errorUtils.getInternalError());
   });
 });
 

packages/api/test/unit/validate.api.params.middleware.spec.ts

@@ -1,7 +1,7 @@
 /* eslint-disable curly */
 // ensure that all arguments are validated
-import path from 'path';
 import fs from 'fs';
+import path from 'path';
 
 /**
  * Validate.

packages/api/tsconfig.json

@@ -13,9 +13,6 @@
     {
       "path": "../config"
     },
-    {
-      "path": "../core/commons-api"
-    },
     {
       "path": "../core/core"
     },

packages/api/types/custom.d.ts

@@ -1,6 +1,7 @@
-import { Logger, RemoteUser } from '@verdaccio/types';
 import { NextFunction, Request, Response } from 'express';
 
+import { Logger, RemoteUser } from '@verdaccio/types';
+
 export type $RequestExtend = Request & { remote_user?: any; log: Logger };
 export type $ResponseExtend = Response & { cookies?: any };
 export type $NextFunctionVer = NextFunction & any;

packages/auth/CHANGELOG.md

@@ -1,5 +1,61 @@
 # @verdaccio/auth
 
+## 6.0.0-6-next.15
+
+### Minor Changes
+
+- 20c9e43e: dist tags Implementation on Fastify
+
+### Patch Changes
+
+- Updated dependencies [f86c31ed]
+  - @verdaccio/utils@6.0.0-6-next.9
+  - @verdaccio/config@6.0.0-6-next.11
+  - @verdaccio/loaders@6.0.0-6-next.7
+
+## 6.0.0-6-next.14
+
+### Patch Changes
+
+- Updated dependencies [6c1eb021]
+  - @verdaccio/core@6.0.0-6-next.3
+  - @verdaccio/logger@6.0.0-6-next.7
+  - @verdaccio/config@6.0.0-6-next.10
+  - @verdaccio/loaders@6.0.0-6-next.7
+  - verdaccio-htpasswd@11.0.0-6-next.10
+  - @verdaccio/utils@6.0.0-6-next.8
+
+## 6.0.0-6-next.13
+
+### Major Changes
+
+- 794af76c: Remove Node 12 support
+
+  - We need move to the new `undici` and does not support Node.js 12
+
+### Minor Changes
+
+- 154b2ecd: refactor: remove @verdaccio/commons-api in favor @verdaccio/core and remove duplications
+
+### Patch Changes
+
+- Updated dependencies [794af76c]
+- Updated dependencies [154b2ecd]
+  - @verdaccio/config@6.0.0-6-next.9
+  - @verdaccio/core@6.0.0-6-next.2
+  - verdaccio-htpasswd@11.0.0-6-next.9
+  - @verdaccio/loaders@6.0.0-6-next.6
+  - @verdaccio/logger@6.0.0-6-next.6
+  - @verdaccio/utils@6.0.0-6-next.7
+
+## 6.0.0-6-next.12
+
+### Patch Changes
+
+- Updated dependencies [2c594910]
+  - @verdaccio/logger@6.0.0-6-next.5
+  - @verdaccio/loaders@6.0.0-6-next.5
+
 ## 6.0.0-6-next.11
 
 ### Major Changes

packages/auth/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/auth",
-  "version": "6.0.0-6-next.11",
+  "version": "6.0.0-6-next.15",
   "description": "logger",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -25,7 +25,7 @@
     "verdaccio"
   ],
   "engines": {
-    "node": ">=10",
+    "node": ">=14",
     "npm": ">=6"
   },
   "scripts": {
@@ -39,20 +39,20 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@verdaccio/commons-api": "workspace:11.0.0-6-next.4",
-    "@verdaccio/config": "workspace:6.0.0-6-next.8",
-    "@verdaccio/loaders": "workspace:6.0.0-6-next.4",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.4",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.6",
+    "@verdaccio/core": "workspace:6.0.0-6-next.3",
+    "@verdaccio/config": "workspace:6.0.0-6-next.11",
+    "@verdaccio/loaders": "workspace:6.0.0-6-next.7",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.7",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.9",
     "debug": "4.3.2",
     "express": "4.17.1",
     "jsonwebtoken": "8.5.1",
     "lodash": "4.17.21",
-    "verdaccio-htpasswd": "workspace:11.0.0-6-next.8"
+    "verdaccio-htpasswd": "workspace:11.0.0-6-next.10"
   },
   "devDependencies": {
-    "@verdaccio/mock": "workspace:6.0.0-6-next.9",
-    "@verdaccio/types": "workspace:11.0.0-6-next.8"
+    "@verdaccio/mock": "workspace:6.0.0-6-next.12",
+    "@verdaccio/types": "workspace:11.0.0-6-next.9"
   },
   "funding": {
     "type": "opencollective",

packages/auth/src/auth.ts

@@ -1,50 +1,45 @@
-import _ from 'lodash';
-import { NextFunction, Request, Response } from 'express';
 import buildDebug from 'debug';
+import { NextFunction, Request, Response } from 'express';
+import _ from 'lodash';
+import { HTPasswd, HTPasswdConfig } from 'verdaccio-htpasswd';
 
+import { createAnonymousRemoteUser, createRemoteUser } from '@verdaccio/config';
 import {
   API_ERROR,
   SUPPORT_ERRORS,
   TOKEN_BASIC,
   TOKEN_BEARER,
   VerdaccioError,
-  getBadRequest,
-  getInternalError,
-  getForbidden,
-} from '@verdaccio/commons-api';
+  errorUtils,
+} from '@verdaccio/core';
 import { loadPlugin } from '@verdaccio/loaders';
-import { HTPasswd, HTPasswdConfig } from 'verdaccio-htpasswd';
-
 import {
-  Config,
-  Logger,
-  Callback,
-  IPluginAuth,
-  RemoteUser,
-  JWTSignOptions,
-  Security,
-  AuthPluginPackage,
   AllowAccess,
+  AuthPluginPackage,
+  Callback,
+  Config,
+  IPluginAuth,
+  JWTSignOptions,
+  Logger,
   PackageAccess,
   PluginOptions,
+  RemoteUser,
+  Security,
 } from '@verdaccio/types';
-
-import { getMatchedPackagesSpec, isNil, isFunction } from '@verdaccio/utils';
-import { createAnonymousRemoteUser, createRemoteUser } from '@verdaccio/config';
-
-import {
-  getMiddlewareCredentials,
-  getDefaultPlugins,
-  verifyJWTPayload,
-  parseAuthTokenHeader,
-  isAuthHeaderValid,
-  isAESLegacy,
-  convertPayloadToBase64,
-} from './utils';
+import { getMatchedPackagesSpec, isFunction, isNil } from '@verdaccio/utils';
 
 import { signPayload } from './jwt-token';
 import { aesEncrypt } from './legacy-token';
 import { parseBasicPayload } from './token';
+import {
+  convertPayloadToBase64,
+  getDefaultPlugins,
+  getMiddlewareCredentials,
+  isAESLegacy,
+  isAuthHeaderValid,
+  parseAuthTokenHeader,
+  verifyJWTPayload,
+} from './utils';
 
 /* eslint-disable @typescript-eslint/no-var-requires */
 const LoggerApi = require('@verdaccio/logger');
@@ -54,6 +49,7 @@ const debug = buildDebug('verdaccio:auth');
 export interface IBasicAuth<T> {
   config: T & Config;
   authenticate(user: string, password: string, cb: Callback): void;
+  invalidateToken?(token: string): Promise<void>;
   changePassword(user: string, password: string, newPassword: string, cb: Callback): void;
   allow_access(pkg: AuthPluginPackage, user: RemoteUser, callback: Callback): void;
   add_user(user: string, password: string, cb: Callback): any;
@@ -85,6 +81,7 @@ export interface IAuth extends IBasicAuth<Config>, IAuthMiddleware, TokenEncrypt
   // eslint-disable-next-line @typescript-eslint/no-explicit-any
   plugins: any[];
   allow_unpublish(pkg: AuthPluginPackage, user: RemoteUser, callback: Callback): void;
+  invalidateToken(token: string): Promise<void>;
 }
 
 class Auth implements IAuth {
@@ -97,6 +94,9 @@ class Auth implements IAuth {
     this.config = config;
     this.logger = LoggerApi.logger.child({ sub: 'auth' });
     this.secret = config.secret;
+    if (!this.secret) {
+      throw new TypeError('secret it is required value on initialize the auth class');
+    }
 
     this.plugins =
       _.isNil(config?.auth) === false ? this._loadPlugin(config) : this.loadDefaultPlugin(config);
@@ -153,7 +153,7 @@ class Auth implements IAuth {
     const validPlugins = _.filter(this.plugins, (plugin) => isFunction(plugin.changePassword));
 
     if (_.isEmpty(validPlugins)) {
-      return cb(getInternalError(SUPPORT_ERRORS.PLUGIN_MISSING_INTERFACE));
+      return cb(errorUtils.getInternalError(SUPPORT_ERRORS.PLUGIN_MISSING_INTERFACE));
     }
 
     for (const plugin of validPlugins) {
@@ -179,6 +179,12 @@ class Auth implements IAuth {
     }
   }
 
+  public async invalidateToken(token: string) {
+    // eslint-disable-next-line no-console
+    console.log('invalidate token pending to implement', token);
+    return Promise.resolve();
+  }
+
   public authenticate(username: string, password: string, cb: Callback): void {
     const plugins = this.plugins.slice(0);
     (function next(): void {
@@ -415,7 +421,9 @@ class Auth implements IAuth {
       }
 
       // in case auth header does not exist we return anonymous function
-      req.remote_user = createAnonymousRemoteUser();
+      const remoteUser = createAnonymousRemoteUser();
+      req.remote_user = remoteUser;
+      res.locals.remote_user = remoteUser;
 
       const { authorization } = req.headers;
       if (_.isNil(authorization)) {
@@ -425,7 +433,7 @@ class Auth implements IAuth {
 
       if (!isAuthHeaderValid(authorization)) {
         debug('api middleware authentication heather is invalid');
-        return next(getBadRequest(API_ERROR.BAD_AUTH_HEADER));
+        return next(errorUtils.getBadRequest(API_ERROR.BAD_AUTH_HEADER));
       }
       const { secret, security } = this.config;
 
@@ -476,7 +484,7 @@ class Auth implements IAuth {
       } else {
         // with JWT throw 401
         debug('jwt invalid token');
-        next(getForbidden(API_ERROR.BAD_USERNAME_PASSWORD));
+        next(errorUtils.getForbidden(API_ERROR.BAD_USERNAME_PASSWORD));
       }
     }
   }
@@ -510,7 +518,7 @@ class Auth implements IAuth {
     } else {
       // we force npm client to ask again with basic authentication
       debug('legacy invalid header');
-      return next(getBadRequest(API_ERROR.BAD_AUTH_HEADER));
+      return next(errorUtils.getBadRequest(API_ERROR.BAD_AUTH_HEADER));
     }
   }
 
@@ -544,7 +552,7 @@ class Auth implements IAuth {
       }
 
       if (!isAuthHeaderValid(authorization)) {
-        return next(getBadRequest(API_ERROR.BAD_AUTH_HEADER));
+        return next(errorUtils.getBadRequest(API_ERROR.BAD_AUTH_HEADER));
       }
 
       const token = (authorization || '').replace(`${TOKEN_BEARER} `, '');

packages/auth/src/jwt-token.ts

@@ -1,5 +1,5 @@
-import jwt from 'jsonwebtoken';
 import buildDebug from 'debug';
+import jwt from 'jsonwebtoken';
 
 import { JWTSignOptions, RemoteUser } from '@verdaccio/types';
 

packages/auth/src/legacy-token.ts

@@ -1,13 +1,14 @@
 import {
+  HexBase64BinaryEncoding,
+  Utf8AsciiBinaryEncoding,
   createCipheriv,
   createDecipheriv,
-  HexBase64BinaryEncoding,
   randomBytes,
-  Utf8AsciiBinaryEncoding,
 } from 'crypto';
-import { TOKEN_VALID_LENGTH } from '@verdaccio/config';
 import buildDebug from 'debug';
 
+import { TOKEN_VALID_LENGTH } from '@verdaccio/config';
+
 const debug = buildDebug('verdaccio:auth:token:legacy');
 
 export const defaultAlgorithm = process.env.VERDACCIO_LEGACY_ALGORITHM || 'aes-256-ctr';

packages/auth/src/utils.ts

@@ -1,29 +1,27 @@
-import _ from 'lodash';
 import buildDebug from 'debug';
+import _ from 'lodash';
+
+import { createAnonymousRemoteUser } from '@verdaccio/config';
 import {
+  API_ERROR,
+  HTTP_STATUS,
+  TOKEN_BASIC,
+  TOKEN_BEARER,
+  VerdaccioError,
+  errorUtils,
+} from '@verdaccio/core';
+import {
+  AuthPackageAllow,
   Callback,
   Config,
   IPluginAuth,
   RemoteUser,
   Security,
-  AuthPackageAllow,
 } from '@verdaccio/types';
-import {
-  HTTP_STATUS,
-  TOKEN_BASIC,
-  TOKEN_BEARER,
-  API_ERROR,
-  getForbidden,
-  getUnauthorized,
-  getConflict,
-  getCode,
-} from '@verdaccio/commons-api';
-import { VerdaccioError } from '@verdaccio/commons-api';
 
-import { createAnonymousRemoteUser } from '@verdaccio/config';
-import { TokenEncryption, AESPayload } from './auth';
-import { aesDecrypt } from './legacy-token';
+import { AESPayload, TokenEncryption } from './auth';
 import { verifyPayload } from './jwt-token';
+import { aesDecrypt } from './legacy-token';
 import { parseBasicPayload } from './token';
 
 const debug = buildDebug('verdaccio:auth:utils');
@@ -155,7 +153,7 @@ export function verifyJWTPayload(token: string, secret: string): RemoteUser {
       // we return an anonymous user to force log in.
       return createAnonymousRemoteUser();
     }
-    throw getCode(HTTP_STATUS.UNAUTHORIZED, error.message);
+    throw errorUtils.getCode(HTTP_STATUS.UNAUTHORIZED, error.message);
   }
 }
 
@@ -166,11 +164,11 @@ export function isAuthHeaderValid(authorization: string): boolean {
 export function getDefaultPlugins(logger: any): IPluginAuth<Config> {
   return {
     authenticate(user: string, password: string, cb: Callback): void {
-      cb(getForbidden(API_ERROR.BAD_USERNAME_PASSWORD));
+      cb(errorUtils.getForbidden(API_ERROR.BAD_USERNAME_PASSWORD));
     },
 
     adduser(user: string, password: string, cb: Callback): void {
-      return cb(getConflict(API_ERROR.BAD_USERNAME_PASSWORD));
+      return cb(errorUtils.getConflict(API_ERROR.BAD_USERNAME_PASSWORD));
     },
 
     // FIXME: allow_action and allow_publish should be in the @verdaccio/types
@@ -205,9 +203,13 @@ export function allow_action(action: ActionsAllowed, logger): AllowAction {
     }
 
     if (name) {
-      callback(getForbidden(`user ${name} is not allowed to ${action} package ${pkg.name}`));
+      callback(
+        errorUtils.getForbidden(`user ${name} is not allowed to ${action} package ${pkg.name}`)
+      );
     } else {
-      callback(getUnauthorized(`authorization required to ${action} package ${pkg.name}`));
+      callback(
+        errorUtils.getUnauthorized(`authorization required to ${action} package ${pkg.name}`)
+      );
     }
   };
 }

packages/auth/test/auth-utils.spec.ts

@@ -1,39 +1,42 @@
-import path from 'path';
 import _ from 'lodash';
+import path from 'path';
 
-import { CHARACTER_ENCODING, TOKEN_BEARER, API_ERROR } from '@verdaccio/commons-api';
-
-import { configExample } from '@verdaccio/mock';
 import {
   Config as AppConfig,
-  parseConfigFile,
   ROLES,
-  createRemoteUser,
   createAnonymousRemoteUser,
+  createRemoteUser,
+  parseConfigFile,
 } from '@verdaccio/config';
-
 import {
-  getAuthenticatedMessage,
-  buildToken,
+  API_ERROR,
+  CHARACTER_ENCODING,
+  TOKEN_BEARER,
+  VerdaccioError,
+  errorUtils,
+} from '@verdaccio/core';
+import { setup } from '@verdaccio/logger';
+import { configExample } from '@verdaccio/mock';
+import { Config, RemoteUser, Security } from '@verdaccio/types';
+import {
   AllowActionCallbackResponse,
+  buildToken,
   buildUserBuffer,
+  getAuthenticatedMessage,
 } from '@verdaccio/utils';
 
-import { Config, Security, RemoteUser } from '@verdaccio/types';
-import { VerdaccioError, getForbidden } from '@verdaccio/commons-api';
-import { setup } from '@verdaccio/logger';
 import {
-  IAuth,
-  Auth,
   ActionsAllowed,
+  Auth,
+  IAuth,
+  aesDecrypt,
   allow_action,
+  getApiToken,
   getDefaultPlugins,
   getMiddlewareCredentials,
-  getApiToken,
-  verifyJWTPayload,
-  aesDecrypt,
-  verifyPayload,
   signPayload,
+  verifyJWTPayload,
+  verifyPayload,
 } from '../src';
 
 setup([]);
@@ -110,7 +113,7 @@ describe('Auth utilities', () => {
     test('authentication should fail by default (default)', () => {
       const plugin = getDefaultPlugins({ trace: jest.fn() });
       plugin.authenticate('foo', 'bar', (error: any) => {
-        expect(error).toEqual(getForbidden(API_ERROR.BAD_USERNAME_PASSWORD));
+        expect(error).toEqual(errorUtils.getForbidden(API_ERROR.BAD_USERNAME_PASSWORD));
       });
     });
 
@@ -118,7 +121,7 @@ describe('Auth utilities', () => {
       const plugin = getDefaultPlugins({ trace: jest.fn() });
       // @ts-ignore
       plugin.adduser('foo', 'bar', (error: any) => {
-        expect(error).toEqual(getForbidden(API_ERROR.BAD_USERNAME_PASSWORD));
+        expect(error).toEqual(errorUtils.getForbidden(API_ERROR.BAD_USERNAME_PASSWORD));
       });
     });
   });

packages/auth/test/auth.spec.ts

@@ -1,19 +1,21 @@
 import _ from 'lodash';
-import { ROLES, Config as AppConfig } from '@verdaccio/config';
-import { setup } from '@verdaccio/logger';
+
 import { IAuth } from '@verdaccio/auth';
+import { Config as AppConfig, ROLES } from '@verdaccio/config';
+import { errorUtils } from '@verdaccio/core';
+import { setup } from '@verdaccio/logger';
 import { Config } from '@verdaccio/types';
-import { getInternalError } from '@verdaccio/commons-api';
 
 import { Auth } from '../src';
-
-import { authProfileConf, authPluginFailureConf, authPluginPassThrougConf } from './helper/plugin';
+import { authPluginFailureConf, authPluginPassThrougConf, authProfileConf } from './helper/plugin';
 
 setup([]);
 
 describe('AuthTest', () => {
   test('should be defined', () => {
     const config: Config = new AppConfig(_.cloneDeep(authProfileConf));
+    config.checkSecretKey('12345');
+
     const auth: IAuth = new Auth(config);
 
     expect(auth).toBeDefined();
@@ -23,6 +25,7 @@ describe('AuthTest', () => {
     describe('test authenticate states', () => {
       test('should be a success login', () => {
         const config: Config = new AppConfig(_.cloneDeep(authProfileConf));
+        config.checkSecretKey('12345');
         const auth: IAuth = new Auth(config);
 
         expect(auth).toBeDefined();
@@ -49,6 +52,7 @@ describe('AuthTest', () => {
 
       test('should be a fail on login', () => {
         const config: Config = new AppConfig(_.cloneDeep(authPluginFailureConf));
+        config.checkSecretKey('12345');
         const auth: IAuth = new Auth(config);
 
         expect(auth).toBeDefined();
@@ -57,7 +61,7 @@ describe('AuthTest', () => {
 
         auth.authenticate('foo', 'bar', callback);
         expect(callback).toHaveBeenCalledTimes(1);
-        expect(callback).toHaveBeenCalledWith(getInternalError());
+        expect(callback).toHaveBeenCalledWith(errorUtils.getInternalError());
       });
     });
 
@@ -67,6 +71,7 @@ describe('AuthTest', () => {
     describe('test authenticate out of control inputs from plugins', () => {
       test('should skip falsy values', () => {
         const config: Config = new AppConfig(_.cloneDeep(authPluginPassThrougConf));
+        config.checkSecretKey('12345');
         const auth: IAuth = new Auth(config);
 
         expect(auth).toBeDefined();
@@ -86,6 +91,7 @@ describe('AuthTest', () => {
 
       test('should error truthy non-array', () => {
         const config: Config = new AppConfig(_.cloneDeep(authPluginPassThrougConf));
+        config.checkSecretKey('12345');
         const auth: IAuth = new Auth(config);
 
         expect(auth).toBeDefined();
@@ -103,6 +109,7 @@ describe('AuthTest', () => {
 
       test('should skip empty array', () => {
         const config: Config = new AppConfig(_.cloneDeep(authPluginPassThrougConf));
+        config.checkSecretKey('12345');
         const auth: IAuth = new Auth(config);
 
         expect(auth).toBeDefined();
@@ -119,6 +126,7 @@ describe('AuthTest', () => {
 
       test('should accept valid array', () => {
         const config: Config = new AppConfig(_.cloneDeep(authPluginPassThrougConf));
+        config.checkSecretKey('12345');
         const auth: IAuth = new Auth(config);
 
         expect(auth).toBeDefined();

packages/auth/test/helper/plugin.ts

@@ -1,4 +1,5 @@
 import path from 'path';
+
 import { configExample as config } from '@verdaccio/mock';
 
 export const authProfileConf = config({

packages/auth/tsconfig.json

@@ -10,9 +10,6 @@
     {
       "path": "../config"
     },
-    {
-      "path": "../core/commons-api"
-    },
     {
       "path": "../core/htpasswd"
     },

packages/cli/CHANGELOG.md

@@ -1,5 +1,61 @@
 # @verdaccio/cli
 
+## 6.0.0-6-next.25
+
+### Patch Changes
+
+- Updated dependencies [f86c31ed]
+- Updated dependencies [20c9e43e]
+  - @verdaccio/fastify-migration@6.0.0-6-next.16
+  - @verdaccio/config@6.0.0-6-next.11
+  - @verdaccio/node-api@6.0.0-6-next.24
+
+## 6.0.0-6-next.24
+
+### Minor Changes
+
+- 6c1eb021: feat: use warning codes for deprecation warnings
+
+### Patch Changes
+
+- Updated dependencies [6c1eb021]
+  - @verdaccio/core@6.0.0-6-next.3
+  - @verdaccio/logger@6.0.0-6-next.7
+  - @verdaccio/node-api@6.0.0-6-next.23
+  - @verdaccio/config@6.0.0-6-next.10
+  - @verdaccio/fastify-migration@6.0.0-6-next.15
+
+## 6.0.0-6-next.23
+
+### Major Changes
+
+- 794af76c: Remove Node 12 support
+
+  - We need move to the new `undici` and does not support Node.js 12
+
+### Minor Changes
+
+- 154b2ecd: refactor: remove @verdaccio/commons-api in favor @verdaccio/core and remove duplications
+
+### Patch Changes
+
+- Updated dependencies [794af76c]
+- Updated dependencies [b702ea36]
+- Updated dependencies [154b2ecd]
+  - @verdaccio/config@6.0.0-6-next.9
+  - @verdaccio/fastify-migration@6.0.0-6-next.14
+  - @verdaccio/logger@6.0.0-6-next.6
+  - @verdaccio/node-api@6.0.0-6-next.22
+
+## 6.0.0-6-next.22
+
+### Patch Changes
+
+- Updated dependencies [2c594910]
+  - @verdaccio/logger@6.0.0-6-next.5
+  - @verdaccio/fastify-migration@6.0.0-6-next.13
+  - @verdaccio/node-api@6.0.0-6-next.21
+
 ## 6.0.0-6-next.21
 
 ### Major Changes

packages/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/cli",
-  "version": "6.0.0-6-next.21",
+  "version": "6.0.0-6-next.25",
   "author": {
     "name": "Juan Picado",
     "email": "juanpicado19@gmail.com"
@@ -26,7 +26,7 @@
     "verdaccio"
   ],
   "engines": {
-    "node": ">=12",
+    "node": ">=14",
     "npm": ">=6"
   },
   "description": "verdaccio CLI",
@@ -44,11 +44,12 @@
     "start": "ts-node src/index.ts"
   },
   "dependencies": {
-    "@verdaccio/config": "workspace:6.0.0-6-next.8",
-    "@verdaccio/logger": "workspace:6.0.0-6-next.4",
-    "@verdaccio/node-api": "workspace:6.0.0-6-next.20",
-    "@verdaccio/fastify-migration": "workspace:6.0.0-6-next.12",
-    "clipanion": "3.0.1",
+    "@verdaccio/core": "workspace:6.0.0-6-next.3",
+    "@verdaccio/config": "workspace:6.0.0-6-next.11",
+    "@verdaccio/logger": "workspace:6.0.0-6-next.7",
+    "@verdaccio/node-api": "workspace:6.0.0-6-next.24",
+    "@verdaccio/fastify-migration": "workspace:6.0.0-6-next.16",
+    "clipanion": "3.1.0",
     "envinfo": "7.8.1",
     "kleur": "3.0.3",
     "semver": "7.3.5"

packages/cli/src/cli.ts

@@ -1,13 +1,15 @@
 import { Cli } from 'clipanion';
 
+import { warningUtils } from '@verdaccio/core';
+
+import { FastifyServer } from './commands/FastifyServer';
 import { InfoCommand } from './commands/info';
 import { InitCommand } from './commands/init';
 import { VersionCommand } from './commands/version';
-import { NewServer } from './commands/newServer';
-import { isVersionValid, MIN_NODE_VERSION } from './utils';
+import { MIN_NODE_VERSION, isVersionValid } from './utils';
 
 if (process.getuid && process.getuid() === 0) {
-  process.emitWarning(`Verdaccio doesn't need superuser privileges. don't run it under root`);
+  warningUtils.emit(warningUtils.Codes.VERWAR001);
 }
 
 if (!isVersionValid(process.version)) {
@@ -28,7 +30,7 @@ const cli = new Cli({
 cli.register(InfoCommand);
 cli.register(InitCommand);
 cli.register(VersionCommand);
-cli.register(NewServer);
+cli.register(FastifyServer);
 cli.runExit(args, Cli.defaultContext);
 
 process.on('uncaughtException', function (err) {

packages/cli/src/commands/FastifyServer.ts

@@ -1,7 +1,9 @@
 import { Command, Option } from 'clipanion';
+
 import { findConfigFile, parseConfigFile } from '@verdaccio/config';
-import { setup, logger } from '@verdaccio/logger';
+import { warningUtils } from '@verdaccio/core';
 import server from '@verdaccio/fastify-migration';
+import { logger, setup } from '@verdaccio/logger';
 import { ConfigRuntime } from '@verdaccio/types';
 
 export const DEFAULT_PROCESS_NAME: string = 'verdaccio';
@@ -9,9 +11,12 @@ export const DEFAULT_PROCESS_NAME: string = 'verdaccio';
 /**
  * This command is intended to run the server with Fastify
  * as a migration step.
+ * More info: https://github.com/verdaccio/verdaccio/discussions/2155
+ * To try out.
+ * pnpm debug:fastify
  */
-export class NewServer extends Command {
-  public static paths = [['new']];
+export class FastifyServer extends Command {
+  public static paths = [['fastify-server']];
 
   private port = Option.String('-l,-p,--listen,--port', {
     description: 'host:port number to listen on (default: localhost:4873)',
@@ -24,7 +29,7 @@ export class NewServer extends Command {
   private initLogger(logConfig: ConfigRuntime) {
     try {
       if (logConfig.logs) {
-        process.emitWarning('config.logs is deprecated, rename configuration to "config.log"');
+        warningUtils.emit(warningUtils.Codes.VERDEP001);
       }
       // FUTURE: remove fallback when is ready
       setup(logConfig.log || logConfig.logs);
@@ -41,9 +46,11 @@ export class NewServer extends Command {
       this.initLogger(configParsed);
 
       process.title = web?.title || DEFAULT_PROCESS_NAME;
+      // FIXME: need a way to get version of the package.
       // const { version, name } = require('../../package.json');
       const ser = await server({ logger, config: configParsed });
-      await ser.listen(4873);
+      // FIXME: harcoded, this would need to come from the configuration and the --listen flag.
+      await ser.listen(process.env.PORT || 4873);
     } catch (err: any) {
       console.error(err);
       process.exit(1);

packages/cli/src/commands/info.ts

@@ -1,5 +1,5 @@
-import envinfo from 'envinfo';
 import { Command } from 'clipanion';
+import envinfo from 'envinfo';
 
 export class InfoCommand extends Command {
   public static paths = [[`--info`], [`-i`]];

packages/cli/src/commands/init.ts

@@ -1,6 +1,8 @@
 import { Command, Option } from 'clipanion';
+
 import { findConfigFile, parseConfigFile } from '@verdaccio/config';
-import { setup, logger } from '@verdaccio/logger';
+import { warningUtils } from '@verdaccio/core';
+import { logger, setup } from '@verdaccio/logger';
 import { initServer } from '@verdaccio/node-api';
 import { ConfigRuntime } from '@verdaccio/types';
 
@@ -46,9 +48,7 @@ export class InitCommand extends Command {
   private initLogger(logConfig: ConfigRuntime) {
     try {
       if (logConfig.logs) {
-        process.emitWarning(
-          'config.logs is deprecated, rename configuration to "config.log" in singular'
-        );
+        warningUtils.emit(warningUtils.Codes.VERDEP001);
       }
       // FUTURE: remove fallback when is ready
       setup(logConfig.log || logConfig.logs);

packages/cli/src/utils.ts

@@ -1,7 +1,8 @@
 import semver from 'semver';
 
-export const MIN_NODE_VERSION = '14';
+export const MIN_NODE_VERSION = '14.0.0';
 
-export function isVersionValid(version) {
+export function isVersionValid(processVersion) {
+  const version = processVersion.substr(1);
   return semver.satisfies(version, `>=${MIN_NODE_VERSION}`);
 }

packages/cli/test/utils.spec.ts

@@ -1,9 +1,16 @@
 import { isVersionValid } from '../src/utils';
 
 test('valid version node.js', () => {
-  expect(isVersionValid('14.0.0')).toBeTruthy();
+  expect(isVersionValid('v14.0.0')).toBeTruthy();
+  expect(isVersionValid('v15.0.0')).toBeTruthy();
+  expect(isVersionValid('v16.0.0')).toBeTruthy();
+  expect(isVersionValid('v17.0.0')).toBeTruthy();
 });
 
 test('is invalid version node.js', () => {
-  expect(isVersionValid('13.0.0')).toBeFalsy();
+  expect(isVersionValid('v13.0.0')).toBeFalsy();
+  expect(isVersionValid('v12.0.0')).toBeFalsy();
+  expect(isVersionValid('v8.0.0')).toBeFalsy();
+  expect(isVersionValid('v4.0.0')).toBeFalsy();
+  expect(isVersionValid('v0.0.10')).toBeFalsy();
 });

packages/cli/tsconfig.json

@@ -13,6 +13,9 @@
     {
       "path": "../core/cli-ui"
     },
+    {
+      "path": "../core/core"
+    },
     {
       "path": "../core/server"
     },

packages/config/CHANGELOG.md

@@ -1,5 +1,39 @@
 # @verdaccio/config
 
+## 6.0.0-6-next.11
+
+### Patch Changes
+
+- Updated dependencies [f86c31ed]
+  - @verdaccio/utils@6.0.0-6-next.9
+
+## 6.0.0-6-next.10
+
+### Patch Changes
+
+- Updated dependencies [6c1eb021]
+  - @verdaccio/core@6.0.0-6-next.3
+  - @verdaccio/utils@6.0.0-6-next.8
+
+## 6.0.0-6-next.9
+
+### Major Changes
+
+- 794af76c: Remove Node 12 support
+
+  - We need move to the new `undici` and does not support Node.js 12
+
+### Minor Changes
+
+- 154b2ecd: refactor: remove @verdaccio/commons-api in favor @verdaccio/core and remove duplications
+
+### Patch Changes
+
+- Updated dependencies [794af76c]
+- Updated dependencies [154b2ecd]
+  - @verdaccio/core@6.0.0-6-next.2
+  - @verdaccio/utils@6.0.0-6-next.7
+
 ## 6.0.0-6-next.8
 
 ### Major Changes

packages/config/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/config",
-  "version": "6.0.0-6-next.8",
+  "version": "6.0.0-6-next.11",
   "description": "logger",
   "main": "./build/index.js",
   "types": "build/index.d.ts",
@@ -26,7 +26,7 @@
     "verdaccio"
   ],
   "engines": {
-    "node": ">=10",
+    "node": ">=14",
     "npm": ">=6"
   },
   "scripts": {
@@ -39,13 +39,13 @@
     "build": "pnpm run build:js && pnpm run build:types"
   },
   "dependencies": {
-    "@verdaccio/commons-api": "workspace:11.0.0-6-next.4",
-    "@verdaccio/utils": "workspace:6.0.0-6-next.6",
+    "@verdaccio/core": "workspace:6.0.0-6-next.3",
+    "@verdaccio/utils": "workspace:6.0.0-6-next.9",
     "debug": "4.3.2",
     "js-yaml": "3.14.1",
     "lodash": "4.17.21",
     "minimatch": "3.0.4",
-    "yup": "0.32.9"
+    "yup": "0.32.11"
   },
   "devDependencies": {
     "@types/minimatch": "3.0.5",

packages/config/src/config-path.ts

@@ -1,10 +1,11 @@
-import fs from 'fs';
-import path from 'path';
-import _ from 'lodash';
 import buildDebug from 'debug';
+import fs from 'fs';
+import _ from 'lodash';
+import path from 'path';
 
-import { CHARACTER_ENCODING } from '@verdaccio/commons-api';
-import { folderExists, fileExists } from './config-utils';
+import { CHARACTER_ENCODING } from '@verdaccio/core';
+
+import { fileExists, folderExists } from './config-utils';
 
 const CONFIG_FILE = 'config.yaml';
 const XDG = 'xdg';

packages/config/src/config.ts

@@ -1,25 +1,25 @@
 import assert from 'assert';
-import _ from 'lodash';
 import buildDebug from 'debug';
+import _ from 'lodash';
 
-import { getMatchedPackagesSpec, generateRandomHexString, isObject } from '@verdaccio/utils';
-import { APP_ERROR } from '@verdaccio/commons-api';
+import { APP_ERROR } from '@verdaccio/core';
 import {
-  PackageList,
   Config as AppConfig,
-  ConfigRuntime,
-  Security,
-  PackageAccess,
-  ServerSettingsConf,
   AuthConf,
+  ConfigRuntime,
+  PackageAccess,
+  PackageList,
+  Security,
+  ServerSettingsConf,
 } from '@verdaccio/types';
+import { generateRandomHexString, getMatchedPackagesSpec, isObject } from '@verdaccio/utils';
 
-import { generateRandomSecretKey } from './token';
-import { normalisePackageAccess } from './package-access';
-import { sanityCheckUplinksProps, uplinkSanityCheck } from './uplinks';
-import { defaultSecurity } from './security';
 import { getUserAgent } from './agent';
+import { normalisePackageAccess } from './package-access';
+import { defaultSecurity } from './security';
 import serverSettings from './serverSettings';
+import { generateRandomSecretKey } from './token';
+import { sanityCheckUplinksProps, uplinkSanityCheck } from './uplinks';
 
 const strategicConfigProps = ['uplinks', 'packages'];
 const allowedEnvConfig = ['http_proxy', 'https_proxy', 'no_proxy'];

packages/config/src/package-access.ts

@@ -1,7 +1,9 @@
 import assert from 'assert';
 import _ from 'lodash';
+
+import { errorUtils } from '@verdaccio/core';
 import { PackageAccess } from '@verdaccio/types';
-import { ErrorCode } from '@verdaccio/utils';
+
 export interface LegacyPackageList {
   [key: string]: PackageAccess;
 }
@@ -35,7 +37,7 @@ export function normalizeUserList(groupsList: any): any {
   } else if (Array.isArray(groupsList)) {
     result.push(groupsList);
   } else {
-    throw ErrorCode.getInternalError(
+    throw errorUtils.getInternalError(
       'CONFIG: bad package acl (array or string expected): ' + JSON.stringify(groupsList)
     );
   }

packages/config/src/parse.ts

@@ -1,6 +1,7 @@
 import fs from 'fs';
 import YAML from 'js-yaml';
-import { APP_ERROR } from '@verdaccio/commons-api';
+
+import { APP_ERROR } from '@verdaccio/core';
 import { ConfigRuntime, ConfigYaml } from '@verdaccio/types';
 
 /**

packages/config/src/uplinks.ts

@@ -1,8 +1,9 @@
 import assert from 'assert';
-import { getMatchedPackagesSpec } from '@verdaccio/utils';
-import { PackageList, UpLinksConfList } from '@verdaccio/types';
 import _ from 'lodash';
 
+import { PackageList, UpLinksConfList } from '@verdaccio/types';
+import { getMatchedPackagesSpec } from '@verdaccio/utils';
+
 export const DEFAULT_REGISTRY = 'https://registry.npmjs.org';
 export const DEFAULT_UPLINK = 'npmjs';
 

packages/config/test/config.path.spec.ts

@@ -1,4 +1,5 @@
 import os from 'os';
+
 import { findConfigFile } from '../src/config-path';
 
 const mockmkDir = jest.fn();

packages/config/test/config.spec.ts

@@ -1,14 +1,14 @@
-import path from 'path';
 import _ from 'lodash';
+import path from 'path';
 
 import {
   Config,
   DEFAULT_REGISTRY,
   DEFAULT_UPLINK,
-  defaultSecurity,
-  parseConfigFile,
   ROLES,
   WEB_TITLE,
+  defaultSecurity,
+  parseConfigFile,
 } from '../src';
 import { parseConfigurationFile } from './utils';
 

packages/config/test/package-access.spec.ts

@@ -1,7 +1,7 @@
 import _ from 'lodash';
 
-import { normalisePackageAccess, PACKAGE_ACCESS } from '../src/package-access';
 import { parseConfigFile } from '../src';
+import { PACKAGE_ACCESS, normalisePackageAccess } from '../src/package-access';
 import { parseConfigurationFile } from './utils';
 
 describe('Package access utilities', () => {

packages/config/test/token.spec.ts

@@ -1,4 +1,4 @@
-import { generateRandomSecretKey, TOKEN_VALID_LENGTH } from '../src/token';
+import { TOKEN_VALID_LENGTH, generateRandomSecretKey } from '../src/token';
 
 test('token test valid length', () => {
   const token = generateRandomSecretKey();

packages/config/test/uplinks.spec.ts

@@ -1,5 +1,5 @@
-import { hasProxyTo, sanityCheckUplinksProps, uplinkSanityCheck } from '../src/uplinks';
 import { normalisePackageAccess, parseConfigFile } from '../src';
+import { hasProxyTo, sanityCheckUplinksProps, uplinkSanityCheck } from '../src/uplinks';
 import { parseConfigurationFile } from './utils';
 
 describe('Uplinks Utilities', () => {

packages/config/test/utils.spec.ts

@@ -1,5 +1,5 @@
+import { ROLES, createAnonymousRemoteUser, createRemoteUser } from '../src';
 import { spliceURL } from '../src/string';
-import { createAnonymousRemoteUser, createRemoteUser, ROLES } from '../src';
 
 describe('spliceURL', () => {
   test('should splice two strings and generate a url', () => {

packages/config/tsconfig.json

@@ -7,9 +7,6 @@
   "include": ["src/**/*.ts"],
   "exclude": ["src/**/*.test.ts"],
   "references": [
-    {
-      "path": "../core/commons-api"
-    },
     {
       "path": "../utils"
     }

packages/core/commons-api/README.md

@@ -1,15 +0,0 @@
-# @verdaccio/commons-api
-
-commons api utilities for verdaccio
-
-[![verdaccio (latest)](https://img.shields.io/npm/v/@verdaccio/commons-api/latest.svg)](https://www.npmjs.com/package/@verdaccio/commons-api)
-[![docker pulls](https://img.shields.io/docker/pulls/verdaccio/verdaccio.svg?maxAge=43200)](https://verdaccio.org/docs/en/docker.html)
-[![backers](https://opencollective.com/verdaccio/tiers/backer/badge.svg?label=Backer&color=brightgreen)](https://opencollective.com/verdaccio)
-[![stackshare](https://img.shields.io/badge/Follow%20on-StackShare-blue.svg?logo=stackshare&style=flat)](https://stackshare.io/verdaccio)
-[![discord](https://img.shields.io/discord/388674437219745793.svg)](http://chat.verdaccio.org/)
-[![node](https://img.shields.io/node/v/@verdaccio/commons-api/latest.svg)](https://www.npmjs.com/package/@verdaccio/commons-api)
-![MIT](https://img.shields.io/github/license/mashape/apistatus.svg)
-[![Crowdin](https://d322cqt584bo4o.cloudfront.net/verdaccio/localized.svg)](https://crowdin.com/project/verdaccio)
-
-[![Twitter followers](https://img.shields.io/twitter/follow/verdaccio_npm.svg?style=social&label=Follow)](https://twitter.com/verdaccio_npm)
-[![Github](https://img.shields.io/github/stars/verdaccio/verdaccio.svg?style=social&label=Stars)](https://github.com/verdaccio/verdaccio/stargazers)

packages/core/commons-api/package.json

@@ -1,55 +0,0 @@
-{
-  "name": "@verdaccio/commons-api",
-  "version": "11.0.0-6-next.4",
-  "description": "Commons API utilities for Verdaccio",
-  "keywords": [
-    "private",
-    "package",
-    "repository",
-    "registry",
-    "enterprise",
-    "modules",
-    "proxy",
-    "server",
-    "verdaccio"
-  ],
-  "author": "Juan Picado <juanpicado19@gmail.com>",
-  "license": "MIT",
-  "homepage": "https://verdaccio.org",
-  "repository": {
-    "type": "https",
-    "url": "https://github.com/verdaccio/verdaccio",
-    "directory": "packages/core/commons-api"
-  },
-  "bugs": {
-    "url": "https://github.com/verdaccio/verdaccio/issues"
-  },
-  "publishConfig": {
-    "access": "public"
-  },
-  "main": "build/index.js",
-  "types": "build/index.d.ts",
-  "files": [
-    "build"
-  ],
-  "engines": {
-    "node": ">=10",
-    "npm": ">=6"
-  },
-  "dependencies": {
-    "http-errors": "1.8.0",
-    "http-status-codes": "2.1.4"
-  },
-  "scripts": {
-    "clean": "rimraf ./build",
-    "test": "cross-env NODE_ENV=test BABEL_ENV=test jest",
-    "build:types": "tsc --emitDeclarationOnly -p tsconfig.build.json",
-    "build:js": "babel src/ --out-dir build/ --copy-files --extensions \".ts,.tsx\" --source-maps",
-    "watch": "pnpm build:js -- --watch",
-    "build": "pnpm run build:js && pnpm run build:types"
-  },
-  "funding": {
-    "type": "opencollective",
-    "url": "https://opencollective.com/verdaccio"
-  }
-}

packages/core/commons-api/src/index.ts

@@ -1,200 +0,0 @@
-import createError, { HttpError } from 'http-errors';
-import httpCodes from 'http-status-codes';
-
-export const DEFAULT_MIN_LIMIT_PASSWORD = 3;
-
-export const HEADER_TYPE = {
-  CONTENT_ENCODING: 'content-encoding',
-  CONTENT_TYPE: 'content-type',
-  CONTENT_LENGTH: 'content-length',
-  ACCEPT_ENCODING: 'accept-encoding',
-};
-
-export const HTTP_STATUS = {
-  OK: httpCodes.OK,
-  CREATED: httpCodes.CREATED,
-  MULTIPLE_CHOICES: httpCodes.MULTIPLE_CHOICES,
-  NOT_MODIFIED: httpCodes.NOT_MODIFIED,
-  BAD_REQUEST: httpCodes.BAD_REQUEST,
-  UNAUTHORIZED: httpCodes.UNAUTHORIZED,
-  FORBIDDEN: httpCodes.FORBIDDEN,
-  NOT_FOUND: httpCodes.NOT_FOUND,
-  CONFLICT: httpCodes.CONFLICT,
-  NOT_IMPLEMENTED: httpCodes.NOT_IMPLEMENTED,
-  UNSUPPORTED_MEDIA: httpCodes.UNSUPPORTED_MEDIA_TYPE,
-  BAD_DATA: httpCodes.UNPROCESSABLE_ENTITY,
-  INTERNAL_ERROR: httpCodes.INTERNAL_SERVER_ERROR,
-  SERVICE_UNAVAILABLE: httpCodes.SERVICE_UNAVAILABLE,
-  LOOP_DETECTED: 508,
-};
-
-export const CHARACTER_ENCODING = {
-  UTF8: 'utf8',
-};
-
-export const ERROR_CODE = {
-  token_required: 'token is required',
-};
-
-export const TOKEN_BASIC = 'Basic';
-export const TOKEN_BEARER = 'Bearer';
-
-export const HEADERS = {
-  ACCEPT: 'Accept',
-  ACCEPT_ENCODING: 'Accept-Encoding',
-  USER_AGENT: 'User-Agent',
-  JSON: 'application/json',
-  CONTENT_TYPE: 'Content-type',
-  CONTENT_LENGTH: 'content-length',
-  TEXT_PLAIN: 'text/plain',
-  TEXT_PLAIN_UTF8: 'text/plain; charset=utf-8',
-  TEXT_HTML_UTF8: 'text/html; charset=utf-8',
-  TEXT_HTML: 'text/html',
-  AUTHORIZATION: 'authorization',
-  // only set with proxy that setup HTTPS
-  // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto
-  FORWARDED_PROTO: 'X-Forwarded-Proto',
-  FORWARDED_FOR: 'X-Forwarded-For',
-  FRAMES_OPTIONS: 'X-Frame-Options',
-  CSP: 'Content-Security-Policy',
-  CTO: 'X-Content-Type-Options',
-  XSS: 'X-XSS-Protection',
-  ETAG: 'ETag',
-  JSON_CHARSET: 'application/json; charset=utf-8',
-  OCTET_STREAM: 'application/octet-stream; charset=utf-8',
-  TEXT_CHARSET: 'text/plain; charset=utf-8',
-  WWW_AUTH: 'WWW-Authenticate',
-  GZIP: 'gzip',
-};
-
-export const API_MESSAGE = {
-  PKG_CREATED: 'created new package',
-  PKG_CHANGED: 'package changed',
-  PKG_REMOVED: 'package removed',
-  PKG_PUBLISHED: 'package published',
-  TARBALL_UPLOADED: 'tarball uploaded successfully',
-  TARBALL_REMOVED: 'tarball removed',
-  TAG_UPDATED: 'tags updated',
-  TAG_REMOVED: 'tag removed',
-  TAG_ADDED: 'package tagged',
-  LOGGED_OUT: 'Logged out',
-};
-
-// @deprecated
-export const SUPPORT_ERRORS = {
-  PLUGIN_MISSING_INTERFACE: 'the plugin does not provide implementation of the requested feature',
-  TFA_DISABLED: 'the two-factor authentication is not yet supported',
-  STORAGE_NOT_IMPLEMENT: 'the storage does not support token saving',
-  PARAMETERS_NOT_VALID: 'the parameters are not valid',
-};
-
-// @deprecated
-export const API_ERROR = {
-  PASSWORD_SHORT: (passLength = DEFAULT_MIN_LIMIT_PASSWORD): string =>
-    `The provided password is too short. Please pick a password longer than ` +
-    `${passLength} characters.`,
-  MUST_BE_LOGGED: 'You must be logged in to publish packages.',
-  PLUGIN_ERROR: 'bug in the auth plugin system',
-  CONFIG_BAD_FORMAT: 'config file must be an object',
-  BAD_USERNAME_PASSWORD: 'bad username/password, access denied',
-  NO_PACKAGE: 'no such package available',
-  PACKAGE_CANNOT_BE_ADDED: 'this package cannot be added',
-  BAD_DATA: 'bad data',
-  NOT_ALLOWED: 'not allowed to access package',
-  NOT_ALLOWED_PUBLISH: 'not allowed to publish package',
-  INTERNAL_SERVER_ERROR: 'internal server error',
-  UNKNOWN_ERROR: 'unknown error',
-  NOT_PACKAGE_UPLINK: 'package does not exist on uplink',
-  UPLINK_OFFLINE_PUBLISH: 'one of the uplinks is down, refuse to publish',
-  UPLINK_OFFLINE: 'uplink is offline',
-  CONTENT_MISMATCH: 'content length mismatch',
-  NOT_FILE_UPLINK: "file doesn't exist on uplink",
-  MAX_USERS_REACHED: 'maximum amount of users reached',
-  VERSION_NOT_EXIST: "this version doesn't exist",
-  UNSUPORTED_REGISTRY_CALL: 'unsupported registry call',
-  FILE_NOT_FOUND: 'File not found',
-  REGISTRATION_DISABLED: 'user registration disabled',
-  UNAUTHORIZED_ACCESS: 'unauthorized access',
-  BAD_STATUS_CODE: 'bad status code',
-  PACKAGE_EXIST: 'this package is already present',
-  BAD_AUTH_HEADER: 'bad authorization header',
-  WEB_DISABLED: 'Web interface is disabled in the config file',
-  DEPRECATED_BASIC_HEADER: 'basic authentication is deprecated, please use JWT instead',
-  BAD_FORMAT_USER_GROUP: 'user groups is different than an array',
-  RESOURCE_UNAVAILABLE: 'resource unavailable',
-  BAD_PACKAGE_DATA: 'bad incoming package data',
-  USERNAME_PASSWORD_REQUIRED: 'username and password is required',
-  USERNAME_ALREADY_REGISTERED: 'username is already registered',
-};
-
-// @deprecated
-export const APP_ERROR = {
-  CONFIG_NOT_VALID: 'CONFIG: it does not look like a valid config file',
-  PROFILE_ERROR: 'profile unexpected error',
-  PASSWORD_VALIDATION: 'not valid password',
-};
-
-// @deprecated
-export type VerdaccioError = HttpError & { code: number };
-
-function getError(code: number, message: string): VerdaccioError {
-  const httpError = createError(code, message);
-
-  httpError.code = code;
-
-  return httpError as VerdaccioError;
-}
-
-export function getConflict(message: string = API_ERROR.PACKAGE_EXIST): VerdaccioError {
-  return getError(HTTP_STATUS.CONFLICT, message);
-}
-
-export function getBadData(customMessage?: string): VerdaccioError {
-  return getError(HTTP_STATUS.BAD_DATA, customMessage || API_ERROR.BAD_DATA);
-}
-
-export function getBadRequest(customMessage: string): VerdaccioError {
-  return getError(HTTP_STATUS.BAD_REQUEST, customMessage);
-}
-
-export function getInternalError(customMessage?: string): VerdaccioError {
-  return customMessage
-    ? getError(HTTP_STATUS.INTERNAL_ERROR, customMessage)
-    : getError(HTTP_STATUS.INTERNAL_ERROR, API_ERROR.UNKNOWN_ERROR);
-}
-
-export function getUnauthorized(message = 'no credentials provided'): VerdaccioError {
-  return getError(HTTP_STATUS.UNAUTHORIZED, message);
-}
-
-export function getForbidden(message = "can't use this filename"): VerdaccioError {
-  return getError(HTTP_STATUS.FORBIDDEN, message);
-}
-
-export function getServiceUnavailable(
-  message: string = API_ERROR.RESOURCE_UNAVAILABLE
-): VerdaccioError {
-  return getError(HTTP_STATUS.SERVICE_UNAVAILABLE, message);
-}
-
-export function getNotFound(customMessage?: string): VerdaccioError {
-  return getError(HTTP_STATUS.NOT_FOUND, customMessage || API_ERROR.NO_PACKAGE);
-}
-
-export function getCode(statusCode: number, customMessage: string): VerdaccioError {
-  return getError(statusCode, customMessage);
-}
-
-export const TIME_EXPIRATION_24H = '24h';
-export const TIME_EXPIRATION_7D = '7d';
-export const DIST_TAGS = 'dist-tags';
-export const LATEST = 'latest';
-export const USERS = 'users';
-export const DEFAULT_USER = 'Anonymous';
-
-export const LOG_STATUS_MESSAGE =
-  "@{status}, user: @{user}(@{remoteIP}), req: '@{request.method} @{request.url}'";
-export const LOG_VERDACCIO_ERROR = `${LOG_STATUS_MESSAGE}, error: @{!error}`;
-export const LOG_VERDACCIO_BYTES = `${LOG_STATUS_MESSAGE}, bytes: @{bytes.in}/@{bytes.out}`;
-
-export * from './helpers/pkg';

packages/core/commons-api/test/errors.spec.ts

@@ -1,108 +0,0 @@
-import _ from 'lodash';
-
-import {
-  getNotFound,
-  VerdaccioError,
-  HTTP_STATUS,
-  getConflict,
-  getBadData,
-  getInternalError,
-  API_ERROR,
-  getUnauthorized,
-  getForbidden,
-  getServiceUnavailable,
-  getCode,
-} from '../src/index';
-
-describe('testing errors', () => {
-  test('should qualify as an native error', () => {
-    expect(_.isError(getNotFound())).toBeTruthy();
-    expect(_.isError(getConflict())).toBeTruthy();
-    expect(_.isError(getBadData())).toBeTruthy();
-    expect(_.isError(getInternalError())).toBeTruthy();
-    expect(_.isError(getUnauthorized())).toBeTruthy();
-    expect(_.isError(getForbidden())).toBeTruthy();
-    expect(_.isError(getServiceUnavailable())).toBeTruthy();
-    expect(_.isError(getCode(400, 'fooError'))).toBeTruthy();
-  });
-
-  test('should test not found', () => {
-    const err: VerdaccioError = getNotFound('foo');
-
-    expect(err.code).toBeDefined();
-    expect(err.code).toEqual(HTTP_STATUS.NOT_FOUND);
-    expect(err.statusCode).toEqual(HTTP_STATUS.NOT_FOUND);
-    expect(err.message).toEqual('foo');
-  });
-
-  test('should test conflict', () => {
-    const err: VerdaccioError = getConflict('foo');
-
-    expect(err.code).toBeDefined();
-    expect(err.code).toEqual(HTTP_STATUS.CONFLICT);
-    expect(err.message).toEqual('foo');
-  });
-
-  test('should test bad data', () => {
-    const err: VerdaccioError = getBadData('foo');
-
-    expect(err.code).toBeDefined();
-    expect(err.code).toEqual(HTTP_STATUS.BAD_DATA);
-    expect(err.message).toEqual('foo');
-  });
-
-  test('should test internal error custom message', () => {
-    const err: VerdaccioError = getInternalError('foo');
-
-    expect(err.code).toBeDefined();
-    expect(err.code).toEqual(HTTP_STATUS.INTERNAL_ERROR);
-    expect(err.message).toEqual('foo');
-  });
-
-  test('should test internal error', () => {
-    const err: VerdaccioError = getInternalError();
-
-    expect(err.code).toBeDefined();
-    expect(err.code).toEqual(HTTP_STATUS.INTERNAL_ERROR);
-    expect(err.message).toEqual(API_ERROR.UNKNOWN_ERROR);
-  });
-
-  test('should test Unauthorized message', () => {
-    const err: VerdaccioError = getUnauthorized('foo');
-
-    expect(err.code).toBeDefined();
-    expect(err.code).toEqual(HTTP_STATUS.UNAUTHORIZED);
-    expect(err.message).toEqual('foo');
-  });
-
-  test('should test forbidden message', () => {
-    const err: VerdaccioError = getForbidden('foo');
-
-    expect(err.code).toBeDefined();
-    expect(err.code).toEqual(HTTP_STATUS.FORBIDDEN);
-    expect(err.message).toEqual('foo');
-  });
-
-  test('should test service unavailable message', () => {
-    const err: VerdaccioError = getServiceUnavailable('foo');
-
-    expect(err.code).toBeDefined();
-    expect(err.code).toEqual(HTTP_STATUS.SERVICE_UNAVAILABLE);
-    expect(err.message).toEqual('foo');
-  });
-
-  test('should test custom code error message', () => {
-    const err: VerdaccioError = getCode(HTTP_STATUS.NOT_FOUND, 'foo');
-
-    expect(err.code).toBeDefined();
-    expect(err.code).toEqual(HTTP_STATUS.NOT_FOUND);
-    expect(err.message).toEqual('foo');
-  });
-
-  test('should test custom code ok message', () => {
-    const err: VerdaccioError = getCode(HTTP_STATUS.OK, 'foo');
-
-    expect(err.code).toBeDefined();
-    expect(err.code).toEqual(HTTP_STATUS.OK);
-  });
-});

packages/core/commons-api/types/lockfile.d.ts

@@ -1,20 +0,0 @@
-declare module 'lockfile' {
-  type Callback = (err?: Error) => void;
-
-  interface LockOptions {
-    wait?: number;
-    pollPeriod?: number;
-    stale?: number;
-    retries?: number;
-    retryWait?: number;
-  }
-
-  interface LockFileExport {
-    lock(fileName: string, opts: LockOptions, cb: Callback): void;
-    unlock(fileName: string, cb: Callback): void;
-  }
-
-  const lockFileExport: LockFileExport;
-
-  export default lockFileExport;
-}

packages/core/core/CHANGELOG.md

@@ -1,25 +1,44 @@
 # @verdaccio/core
 
+## 6.0.0-6-next.3
+
+### Minor Changes
+
+- 6c1eb021: feat: use warning codes for deprecation warnings
+
+## 6.0.0-6-next.2
+
+### Major Changes
+
+- 794af76c: Remove Node 12 support
+
+  - We need move to the new `undici` and does not support Node.js 12
+
+### Minor Changes
+
+- 154b2ecd: refactor: remove @verdaccio/commons-api in favor @verdaccio/core and remove duplications
+
 ## 6.0.0-6-next.1
+
 ### Major Changes
 
 - 459b6fa7: refactor: search v1 endpoint and local-database
-  
+
   - refactor search `api v1` endpoint, improve performance
   - remove usage of `async` dependency https://github.com/verdaccio/verdaccio/issues/1225
   - refactor method storage class
   - create new module `core` to reduce the ammount of modules with utilities
   - use `undici` instead `node-fetch`
   - use `fastify` instead `express` for functional test
-  
+
   ### Breaking changes
-  
+
   - plugin storage API changes
   - remove old search endpoint (return 404)
   - filter local private packages at plugin level
-  
+
   The storage api changes for methods `get`, `add`, `remove` as promise base. The `search` methods also changes and recieves a `query` object that contains all query params from the client.
-  
+
   ```ts
   export interface IPluginStorage<T> extends IPlugin {
     add(name: string): Promise<void>;

packages/core/core/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verdaccio/core",
-  "version": "6.0.0-6-next.1",
+  "version": "6.0.0-6-next.3",
   "description": "core utilities",
   "keywords": [
     "private",
@@ -19,7 +19,7 @@
   "license": "MIT",
   "homepage": "https://verdaccio.org",
   "engines": {
-    "node": ">=12",
+    "node": ">=14",
     "npm": ">=6"
   },
   "repository": {
@@ -36,11 +36,11 @@
   "dependencies": {
     "http-errors": "1.8.0",
     "http-status-codes": "2.1.4",
-    "semver": "7.3.5"
+    "semver": "7.3.5",
+    "fastify-warning": "0.2.0"
   },
   "devDependencies": {
-    "@verdaccio/types": "workspace:11.0.0-6-next.8",
-    "typedoc": "next"
+    "@verdaccio/types": "workspace:11.0.0-6-next.9"
   },
   "scripts": {
     "clean": "rimraf ./build",
@@ -49,8 +49,7 @@
     "build:types": "tsc --emitDeclarationOnly -p tsconfig.build.json",
     "build:js": "babel src/ --out-dir build/ --copy-files --extensions \".ts,.tsx\" --source-maps",
     "watch": "pnpm build:js -- --watch",
-    "build": "pnpm run build:js && pnpm run build:types",
-    "doc": "typedoc src/index.ts --tsconfig tsconfig.build.json"
+    "build": "pnpm run build:js && pnpm run build:types"
   },
   "funding": {
     "type": "opencollective",

packages/core/core/src/constants.ts

@@ -1,3 +1,5 @@
+import httpCodes from 'http-status-codes';
+
 export const DEFAULT_MIN_LIMIT_PASSWORD = 3;
 export const TIME_EXPIRATION_24H = '24h';
 export const TIME_EXPIRATION_7D = '7d';
@@ -47,3 +49,43 @@ export const HEADERS = {
   WWW_AUTH: 'WWW-Authenticate',
   GZIP: 'gzip',
 };
+
+export const HTTP_STATUS = {
+  OK: httpCodes.OK,
+  CREATED: httpCodes.CREATED,
+  MULTIPLE_CHOICES: httpCodes.MULTIPLE_CHOICES,
+  NOT_MODIFIED: httpCodes.NOT_MODIFIED,
+  BAD_REQUEST: httpCodes.BAD_REQUEST,
+  UNAUTHORIZED: httpCodes.UNAUTHORIZED,
+  FORBIDDEN: httpCodes.FORBIDDEN,
+  NOT_FOUND: httpCodes.NOT_FOUND,
+  CONFLICT: httpCodes.CONFLICT,
+  NOT_IMPLEMENTED: httpCodes.NOT_IMPLEMENTED,
+  UNSUPPORTED_MEDIA: httpCodes.UNSUPPORTED_MEDIA_TYPE,
+  BAD_DATA: httpCodes.UNPROCESSABLE_ENTITY,
+  INTERNAL_ERROR: httpCodes.INTERNAL_SERVER_ERROR,
+  SERVICE_UNAVAILABLE: httpCodes.SERVICE_UNAVAILABLE,
+  LOOP_DETECTED: 508,
+};
+
+export const ERROR_CODE = {
+  token_required: 'token is required',
+};
+
+export const API_MESSAGE = {
+  PKG_CREATED: 'created new package',
+  PKG_CHANGED: 'package changed',
+  PKG_REMOVED: 'package removed',
+  PKG_PUBLISHED: 'package published',
+  TARBALL_UPLOADED: 'tarball uploaded successfully',
+  TARBALL_REMOVED: 'tarball removed',
+  TAG_UPDATED: 'tags updated',
+  TAG_REMOVED: 'tag removed',
+  TAG_ADDED: 'package tagged',
+  LOGGED_OUT: 'Logged out',
+};
+
+export const LOG_STATUS_MESSAGE =
+  "@{status}, user: @{user}(@{remoteIP}), req: '@{request.method} @{request.url}'";
+export const LOG_VERDACCIO_ERROR = `${LOG_STATUS_MESSAGE}, error: @{!error}`;
+export const LOG_VERDACCIO_BYTES = `${LOG_STATUS_MESSAGE}, bytes: @{bytes.in}/@{bytes.out}`;

packages/core/core/src/error-utils.ts

@@ -1,48 +1,6 @@
 import createError, { HttpError } from 'http-errors';
-import httpCodes from 'http-status-codes';
-import { DEFAULT_MIN_LIMIT_PASSWORD } from './constants';
 
-export const HTTP_STATUS = {
-  OK: httpCodes.OK,
-  CREATED: httpCodes.CREATED,
-  MULTIPLE_CHOICES: httpCodes.MULTIPLE_CHOICES,
-  NOT_MODIFIED: httpCodes.NOT_MODIFIED,
-  BAD_REQUEST: httpCodes.BAD_REQUEST,
-  UNAUTHORIZED: httpCodes.UNAUTHORIZED,
-  FORBIDDEN: httpCodes.FORBIDDEN,
-  NOT_FOUND: httpCodes.NOT_FOUND,
-  CONFLICT: httpCodes.CONFLICT,
-  NOT_IMPLEMENTED: httpCodes.NOT_IMPLEMENTED,
-  UNSUPPORTED_MEDIA: httpCodes.UNSUPPORTED_MEDIA_TYPE,
-  BAD_DATA: httpCodes.UNPROCESSABLE_ENTITY,
-  INTERNAL_ERROR: httpCodes.INTERNAL_SERVER_ERROR,
-  SERVICE_UNAVAILABLE: httpCodes.SERVICE_UNAVAILABLE,
-  LOOP_DETECTED: 508,
-};
-
-export const ERROR_CODE = {
-  token_required: 'token is required',
-};
-
-export const API_MESSAGE = {
-  PKG_CREATED: 'created new package',
-  PKG_CHANGED: 'package changed',
-  PKG_REMOVED: 'package removed',
-  PKG_PUBLISHED: 'package published',
-  TARBALL_UPLOADED: 'tarball uploaded successfully',
-  TARBALL_REMOVED: 'tarball removed',
-  TAG_UPDATED: 'tags updated',
-  TAG_REMOVED: 'tag removed',
-  TAG_ADDED: 'package tagged',
-  LOGGED_OUT: 'Logged out',
-};
-
-export const SUPPORT_ERRORS = {
-  PLUGIN_MISSING_INTERFACE: 'the plugin does not provide implementation of the requested feature',
-  TFA_DISABLED: 'the two-factor authentication is not yet supported',
-  STORAGE_NOT_IMPLEMENT: 'the storage does not support token saving',
-  PARAMETERS_NOT_VALID: 'the parameters are not valid',
-};
+import { DEFAULT_MIN_LIMIT_PASSWORD, HTTP_STATUS } from './constants';
 
 export const API_ERROR = {
   PASSWORD_SHORT: (passLength = DEFAULT_MIN_LIMIT_PASSWORD): string =>
@@ -82,6 +40,13 @@ export const API_ERROR = {
   USERNAME_ALREADY_REGISTERED: 'username is already registered',
 };
 
+export const SUPPORT_ERRORS = {
+  PLUGIN_MISSING_INTERFACE: 'the plugin does not provide implementation of the requested feature',
+  TFA_DISABLED: 'the two-factor authentication is not yet supported',
+  STORAGE_NOT_IMPLEMENT: 'the storage does not support token saving',
+  PARAMETERS_NOT_VALID: 'the parameters are not valid',
+};
+
 export const APP_ERROR = {
   CONFIG_NOT_VALID: 'CONFIG: it does not look like a valid config file',
   PROFILE_ERROR: 'profile unexpected error',
@@ -137,8 +102,3 @@ export function getNotFound(customMessage?: string): VerdaccioError {
 export function getCode(statusCode: number, customMessage: string): VerdaccioError {
   return getError(statusCode, customMessage);
 }
-
-export const LOG_STATUS_MESSAGE =
-  "@{status}, user: @{user}(@{remoteIP}), req: '@{request.method} @{request.url}'";
-export const LOG_VERDACCIO_ERROR = `${LOG_STATUS_MESSAGE}, error: @{!error}`;
-export const LOG_VERDACCIO_BYTES = `${LOG_STATUS_MESSAGE}, bytes: @{bytes.in}/@{bytes.out}`;

packages/core/core/src/index.ts

@@ -1,11 +1,28 @@
-import * as searchUtils from './search-utils';
-import * as streamUtils from './stream-utils';
-import * as errorUtils from './error-utils';
-import * as validatioUtils from './validation-utils';
 import * as constants from './constants';
-import * as pluginUtils from './plugin-utils';
+import * as errorUtils from './error-utils';
 import * as fileUtils from './file-utils';
 import * as pkgUtils from './pkg-utils';
+import * as pluginUtils from './plugin-utils';
+import * as searchUtils from './search-utils';
+import * as streamUtils from './stream-utils';
+import * as validatioUtils from './validation-utils';
+import * as warningUtils from './warning-utils';
+
+export { VerdaccioError, API_ERROR, SUPPORT_ERRORS, APP_ERROR } from './error-utils';
+export {
+  TOKEN_BASIC,
+  TOKEN_BEARER,
+  HTTP_STATUS,
+  API_MESSAGE,
+  HEADERS,
+  DIST_TAGS,
+  CHARACTER_ENCODING,
+  HEADER_TYPE,
+  LATEST,
+  DEFAULT_MIN_LIMIT_PASSWORD,
+  DEFAULT_USER,
+  USERS,
+} from './constants';
 
 export {
   fileUtils,
@@ -16,4 +33,5 @@ export {
   validatioUtils,
   constants,
   pluginUtils,
+  warningUtils,
 };

packages/core/core/src/pkg-utils.ts

@@ -1,5 +1,7 @@
-import { Package } from '@verdaccio/types';
 import semver from 'semver';
+
+import { Package } from '@verdaccio/types';
+
 import { DIST_TAGS } from './constants';
 
 /**